last executing test programs:

1m9.690670504s ago: executing program 1 (id=1331):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000140)=0x7fc, 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe0881)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "0000000000000208", "5171bb74cd3660dab9e200", "d8a024e5", "20000926000200"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x18, &(0x7f0000000040)=0xa, 0x4)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80042, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x4, @empty, 0x6}, 0x1c, &(0x7f0000000c40)=[{&(0x7f0000000300)="d5", 0x1}], 0x1}}], 0x1, 0x20080058)
close_range(r0, 0xffffffffffffffff, 0x0)

1m8.32676996s ago: executing program 1 (id=1334):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x840000000002, 0x3, 0xfa)
recvfrom$unix(r0, &(0x7f0000000200)=""/56, 0x38, 0x101, &(0x7f0000000640)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
getsockname$inet(r2, 0x0, 0x0)
r3 = syz_clone(0x100000, &(0x7f0000000540)="b3d66f4626570b0938c2e767ca34d748a512ef2543992086de9e25dca7032fbf0ba23557105e7338822cb8e7eed4339c066f7962441bb8b1d52a6060ca580b6c417d998669bfc15f79bcd6e60357a041d07c267dee039535454738a9cb1e9fc705e89b1dc95259dc251f968d2b4be9ec75e4525f56358496ef92674ac5d161ee88c7d6471c01", 0x86, &(0x7f0000000040), &(0x7f0000000140), &(0x7f0000000440)="009869217f114782731b48efaac6014324f765bc1df8fc2a36003188ea49b37d944c1ee71aa515604e02752895595c5a7e2bbd0687e42741fad41ff795f3dfb493e5ef3d3705fd91becc2edb127774a4af93c9f4db74319786078d490fbcf1c8b7b713b575e03fbee06fb3c8709c7ae7ad05b2")
sched_setattr(r3, &(0x7f0000000100)={0x38, 0x0, 0x10000045, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x22)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000300)={0x6, 0x2, 0x4})
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8=r0], 0x50)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_INFO(r7, 0x0, 0x40, &(0x7f00000004c0)={'nat\x00', 0x0, [0x900, 0xffffffff, 0x7, 0x342, 0x1]}, &(0x7f00000001c0)=0x54)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x30, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_TXQLEN={0x8, 0xd, 0x1}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, 0x0, 0x4000000)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1})
unshare(0x2000000)
ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, &(0x7f0000000240)={0x18, r5})
openat$random(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x32, 0xf4, 0x49, 0x10, 0x9c0, 0x201, 0xaa4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe5, 0xa5, 0xc8}}]}}]}}, 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)

1m7.489964411s ago: executing program 2 (id=1336):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0xb0}, 0x20000000)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd09, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_LIMIT={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="84", 0x1}], 0x1)
r8 = socket$xdp(0x2c, 0x3, 0x0)
unshare(0x26020480)
bind$xdp(r8, &(0x7f0000000240)={0x2c, 0x1, 0x0, 0x2a}, 0x10)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x10000)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r10, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xe, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x0, 0x3, 0x3, 0x3, 0x5a, 0x9e, 0xa, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x6, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e29, @multicast1}, 0x10, 0x0}}], 0x1, 0x20004840)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

1m7.194024379s ago: executing program 2 (id=1338):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x3000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000) (fail_nth: 3)

1m6.678001093s ago: executing program 2 (id=1341):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) (rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000440)={{0x2, 0x0, @empty}, {0x0, @remote}, 0x4a, {0x2, 0x0, @broadcast}, 'lo\x00'}) (async)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @broadcast}, {0x0, @dev}, 0x8, {0x2, 0x0, @empty}, 'lo\x00'}) (async, rerun: 32)
r4 = socket$netlink(0x10, 0x3, 0x0) (rerun: 32)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000000800000018360000000000000500000809000100737928c8653cb23333949a92b17b294f987a30000000222c000000030a01010000000000000000030000000900010073c881797a30000000000900030073797a300000000014001000060a01040000000000000000070040001400000011"], 0x88}}, 0x0) (async)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) (async, rerun: 64)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) (rerun: 64)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0x5452, 0x0) (async)
r6 = socket$inet6(0xa, 0x3, 0x6)
r7 = socket(0xf, 0x3, 0x2)
write(r7, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) (async)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7ff}, 0x1c)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
mkdir(&(0x7f0000000280)='./file0\x00', 0x0) (async, rerun: 64)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) (rerun: 64)
lgetxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=@known='system.posix_acl_default\x00', 0x0, 0x0)

1m4.87567851s ago: executing program 1 (id=1343):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x2)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = userfaultfd(0x80001)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x36de, 0x0, 0x0, 0x0}], 0x1})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$FICLONE(r3, 0x40049409, r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="501667d83ef159f0f41a0000001000210404010000fcdbdf5b000000005015033c4763b42dfc37442a522f4fe74ad330d92ca2a7aa13bd3958ae2bbcd784257ff6b976fa56a4520107f8446011e4336acd6cb5683231e52d63d7ffb9caef077c3f5101441f", @ANYRES32, @ANYBLOB="00000000d226000024001280090001007866726d0000000014000280080001000300000008000200250000000a0002000000000000000000"], 0x50}}, 0xc080)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40000000030605000000000000000000070000010900020073797a30000000000900020073797a32000000000900020073797a310000000005000100070000007232b03d07cee06f3c4e905f3033dfb62b918e8a352cacd2f8d334e06e941933420bf33761d39cf724f20b014eaa7a8bd3cbe7db3cff70fdca6b931d56b53735bbd33212771297ffd0dd39cab6d1"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0))
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x7ffffffffffffffe, &(0x7f00000000c0)={<r8=>0xffffffffffffffff}, 0x106, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000180)={0x13, 0x10, 0x8, {0x0, r8, 0x1}}, 0x18)

1m4.437833361s ago: executing program 2 (id=1344):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00)=0x8000000, 0x0}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo\x00')
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x41d}}]})
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0x3)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newqdisc={0x38, 0x10, 0x20, 0xfffffffc, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xc, 0x6}, {0x0, 0x2}, {0xe, 0xf}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xfffffffc}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x38}}, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
r2 = openat2$dir(0xffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x200082, 0x85, 0x22}, 0x18)
r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(r2, r3, &(0x7f00000003c0)={[&(0x7f00000002c0)='\x00', &(0x7f0000000300)='\xbb\xbb\xbb\xbb\xbb\xbb', &(0x7f0000000340)='\x00', &(0x7f0000000380)='\x00']}, &(0x7f00000004c0)={[&(0x7f0000000400)='security.capability\x00', &(0x7f0000000440)='+]{#-]\x00', &(0x7f0000000480)='/[@:*\x00']}, 0x800)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001900000126ad7000fedbdf2502142007ff01ff00000c0000080007000000000008000b0000400000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000081}, 0x80)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)

1m1.358211249s ago: executing program 2 (id=1351):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0xa, 0x0, 0x2005}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000280)="f4000900062b2b25fe80000000000000dc8b850f2323fcb11ea3548466cc00007a000000ad6e911b5181", 0x2a}], 0x1}, 0x0)

1m1.314175825s ago: executing program 2 (id=1353):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0x154, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1a}, @in6=@private0, 0x2, 0x0, 0x4e21, 0x80, 0x0, 0x20}, {@in=@broadcast, 0x0, 0x33}, @in=@rand_addr=0x64010102, {0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0xffffffffffffffff}, {0x97}, {0x10, 0x9, 0x2}, 0x0, 0x0, 0x2, 0x4}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2b, 0x70bd25, 0x70bd2d, 0x70bd2d, 0x6}}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x14)
r1 = socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000040)=0x38133, 0x4)
r5 = syz_open_dev$usbfs(0x0, 0x75, 0x40082)
ioctl$USBDEVFS_CLAIM_PORT(r5, 0x80045518, &(0x7f0000000000)=0x1)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x3, 0x20000000, 0x4)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
dup(0xffffffffffffffff)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000100)=0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x115}, 0x50)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x1f)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x6c}}, 0x0)
openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect(0x6, 0xfffffd40, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa9, 0x74, 0x1d, 0x40, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xfc}}]}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
ioprio_set$pid(0x2, r7, 0x6000)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xe, 0xf, 0x6, 0x9, 0x7f, 0x7, 0xf, 0x7, 0x7, 0xc3, 0x4, 0x4, 0x7, 0xffffffff, 0x3, 0x5, 0x6, 0xad0, 0x0, 0x2, 0xe54, 0x0, 0xf69}})

1m1.279620574s ago: executing program 1 (id=1354):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000140)=0x7fc, 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe0881)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "0000000000000208", "5171bb74cd3660dab9e200", "d8a024e5", "20000926000200"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x18, &(0x7f0000000040)=0xa, 0x4)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x4, @empty, 0x6}, 0x1c, &(0x7f0000000c40)=[{&(0x7f0000000300)="d5", 0x1}], 0x1}}], 0x1, 0x20080058)
close_range(r0, 0xffffffffffffffff, 0x0)

59.485400541s ago: executing program 1 (id=1360):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400500142603600e1208000b0000000401a8001600a400014002000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffec", 0xbd}, {&(0x7f0000000080)="dd4289470cce256876f2c9b17d97b68f2726ed8a10148545240f9f", 0x1b}], 0x2}, 0x410)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
syz_open_dev$video4linux(&(0x7f0000000180), 0x401, 0x2400)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f0000000040)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000480)=ANY=[@ANYBLOB='-', @ANYRESHEX=r3], 0x27)

59.300855856s ago: executing program 1 (id=1361):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x400aee2, 0x400, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0x2, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x300)
socket$kcm(0x29, 0x2, 0x0)
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pwritev2(r6, 0x0, 0x0, 0xe7b, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
syz_usb_connect(0x0, 0x4f, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x2e, 0x5e, 0xfd, 0x10, 0x2ef5, 0xa, 0x34cb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x9, 0x39, 0x10, 0x4, [{{0x9, 0x4, 0xb1, 0x7f, 0x4, 0x81, 0x26, 0x7e, 0x2, [@uac_as], [{{0x9, 0x5, 0x1, 0x10, 0x40, 0x6, 0x6, 0x5e}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x6, 0x6, 0xd}}, {{0x9, 0x5, 0xa, 0x3, 0x200, 0xb3, 0x8, 0xde, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0xfffe}]}}, {{0x9, 0x5, 0x4, 0x0, 0x200, 0x4, 0x0, 0xab}}]}}]}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x99, &(0x7f0000000300)=@string={0x99, 0x3, "b68880f624bba8ddb02e0c8306fb2f15f5d89f541f39e7566f645f19cb21f88c9d7d2e2e365af8969ec20f59579e6a945c51b27a5d811d2e94dcd259a725139b05ab1a8e4bf00e96deefc9f6f42c144771e5e5a2402c0b09853de632d5db92d6e87e2340453aa53881146443536f83fe047867dccc1685c0e95975f79796bea6cef4492b2bb51c6cde3ac52bd44d86142f37e37d861c90"}}]})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x6b, &(0x7f0000000040)=ANY=[@ANYBLOB="1201ff03020000202505a1a440000102030109025900010106000109040006020206000a052406000005240040000d240f010002000000000300fd152412"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})

46.002423711s ago: executing program 32 (id=1353):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0x154, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1a}, @in6=@private0, 0x2, 0x0, 0x4e21, 0x80, 0x0, 0x20}, {@in=@broadcast, 0x0, 0x33}, @in=@rand_addr=0x64010102, {0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0xffffffffffffffff}, {0x97}, {0x10, 0x9, 0x2}, 0x0, 0x0, 0x2, 0x4}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2b, 0x70bd25, 0x70bd2d, 0x70bd2d, 0x6}}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x14)
r1 = socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000040)=0x38133, 0x4)
r5 = syz_open_dev$usbfs(0x0, 0x75, 0x40082)
ioctl$USBDEVFS_CLAIM_PORT(r5, 0x80045518, &(0x7f0000000000)=0x1)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x3, 0x20000000, 0x4)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
dup(0xffffffffffffffff)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000100)=0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x115}, 0x50)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x1f)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x6c}}, 0x0)
openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect(0x6, 0xfffffd40, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa9, 0x74, 0x1d, 0x40, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xfc}}]}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
ioprio_set$pid(0x2, r7, 0x6000)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xe, 0xf, 0x6, 0x9, 0x7f, 0x7, 0xf, 0x7, 0x7, 0xc3, 0x4, 0x4, 0x7, 0xffffffff, 0x3, 0x5, 0x6, 0xad0, 0x0, 0x2, 0xe54, 0x0, 0xf69}})

43.632720918s ago: executing program 33 (id=1361):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x400aee2, 0x400, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0x2, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x300)
socket$kcm(0x29, 0x2, 0x0)
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pwritev2(r6, 0x0, 0x0, 0xe7b, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
syz_usb_connect(0x0, 0x4f, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x2e, 0x5e, 0xfd, 0x10, 0x2ef5, 0xa, 0x34cb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x9, 0x39, 0x10, 0x4, [{{0x9, 0x4, 0xb1, 0x7f, 0x4, 0x81, 0x26, 0x7e, 0x2, [@uac_as], [{{0x9, 0x5, 0x1, 0x10, 0x40, 0x6, 0x6, 0x5e}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x6, 0x6, 0xd}}, {{0x9, 0x5, 0xa, 0x3, 0x200, 0xb3, 0x8, 0xde, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0xfffe}]}}, {{0x9, 0x5, 0x4, 0x0, 0x200, 0x4, 0x0, 0xab}}]}}]}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x99, &(0x7f0000000300)=@string={0x99, 0x3, "b68880f624bba8ddb02e0c8306fb2f15f5d89f541f39e7566f645f19cb21f88c9d7d2e2e365af8969ec20f59579e6a945c51b27a5d811d2e94dcd259a725139b05ab1a8e4bf00e96deefc9f6f42c144771e5e5a2402c0b09853de632d5db92d6e87e2340453aa53881146443536f83fe047867dccc1685c0e95975f79796bea6cef4492b2bb51c6cde3ac52bd44d86142f37e37d861c90"}}]})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x6b, &(0x7f0000000040)=ANY=[@ANYBLOB="1201ff03020000202505a1a440000102030109025900010106000109040006020206000a052406000005240040000d240f010002000000000300fd152412"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})

26.262831981s ago: executing program 3 (id=1444):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048000}, 0x44450)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a0001006d6174636800000040000280080002400000000124000300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d5324520e000100636f6e6e6c696d69740000000900010073797a30000000000900020073797a32"], 0xa8}}, 0x4048010)
r3 = socket(0x10, 0x2, 0x0)
write(r3, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r3, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640), 0x800, 0x0)
preadv(r4, &(0x7f0000001b80)=[{&(0x7f0000000700)=""/12, 0xc}], 0x1, 0x7ff, 0x4f)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0xa, 0x801, 0x84)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r6, 0x7}}, 0x48)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
fcntl$dupfd(r7, 0x0, r7)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x39, 0x7f, @scatter={0x4, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/224, 0xe0}, {&(0x7f0000000500)=""/37, 0x25}, {&(0x7f0000000540)=""/131, 0x83}, {&(0x7f0000000600)=""/21, 0x15}]}, &(0x7f0000000240)="e31fffbff200bdd0bc45abe0bb76b3c82afd3b59f74caa68d4595bd416c175c092b740b7333042af9484c20d286d0e59cd15ae7201670cf8cb", 0x0, 0x0, 0x25, 0x1, 0x0})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYRES8=r3], 0x64}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20041, 0x0)

24.013828472s ago: executing program 0 (id=1448):
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @random="d6fca897f7ee", 'ip6gre0\x00'}}, 0x1e)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000140)=@nfc_llcp, 0xffffffffffffff6a, &(0x7f0000000240)=[{&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f0000000200)=""/54, 0x36}, {&(0x7f0000000500)=""/161, 0xa1}, {&(0x7f00000005c0)=""/173, 0xad}, {&(0x7f0000000680)=""/209, 0xd1}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000000a40)=""/153, 0x99}, {&(0x7f00000008c0)=""/226, 0xe2}], 0x8, &(0x7f00000009c0)=""/93, 0x5d}, 0x10}], 0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f0000000280)={0x58, 0x5, 0x8, 0x8001, 0x0, 0x1000000000009, 0x0, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x5}]}, 0x30}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
readv(r3, &(0x7f0000001840)=[{&(0x7f0000000200)=""/24, 0x18}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000280)={0x3, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000003c0), 0x88000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000100)={0x8, r7})
r9 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGABS20(r9, 0x40044591, 0x0)

23.579625979s ago: executing program 4 (id=1449):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg2\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$key(r2, 0x0, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000001480))
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001840)={&(0x7f0000000100)=@phonet={0x23, 0x40, 0x5, 0x40}, 0x80, &(0x7f0000001400)=[{&(0x7f00000001c0)="e0a6896f345d4d2fcfd64444bfbdc86ffde43044e06b802ac1f24a17d109dce66cb5f4ab7a6922e3d51b8243c5a82e3a0493e244d5a8d4a0ac9000c584c487b7537b03b4da59c9e483adf4e0255efabff5b2abdb908a666837858fffc2204aa90c43dab345c4b27c07c74300aec3d4e1a0458135fe6ccae0da1f79d3689ce2be5ba05ab5ecaa69e9c2c4d010ac2be7f7892a1b5a863e4646661804fb69539828aa4340c931a587ba8b3b98310c4163c2c14f9f9014ec5357906bef273312cff15302ed0c9d54ca8baa11e8934b827d179e43c1d2894956dd08068fd741352de50e34475ca673aac9d2ed734c993b274e9001f83ef0f8162c29a86ce7558e082251741cd03ddd1f5c39c9083644f21973ae4d90156114f644981f22e8e0168de01265aab6b6cb0f36dfbd3fa4ba6a986b4b71841ca3d8734cc74375ee4a175dbe8d25a6bbd777092d798b95b29304935cf58c7b5664a81f0de7d6cc126b66aa2e54e938d27bd52d9655d044c6a5d3df3983047f506e686d4e8e84b10c66a5e452ad346f2382c201925c99c54c5f07ac29955ad660ba7c3532c1dc55b13aa44014882d6e4751dcbb49c6fc2938e36ab37c68726e8651cd02df174c621196b696545619f20836d8e7b7d3181f64273e829a48c0d931f02378063dbaf7a8e522132f3385e9dcfd775ba416abeb3aed2c1f0ba791035222c64b373fbafbc6580d4caff51004c707783b00a6f03e6ab0aac377e5bbd076d45759d91cd1bcb8cec108ce4deebffc69cfadafd264fd6625ad96b1e22b446a49939bc62921f306ba30911fae47013becd66a6f17494a5c981c720938ff9deaebb6e607cb356cb00f0e6973037efbafb3b2d7eee42b1b8ccf33d5a713852e193dfc00ee889fe816cf82b94cef78b0f9b9914b426a10c877b495dfe9e58f7844cc5763ae235c5f4911e6bf00a5990eb0b98461b9dfb5bd7b10356335c73309ffd2b745f3ce55fbec582d14bfbf4325b34b03490aa65b4d11d46b973799d74ff07401b8c2d64deb880109fdde3aa375c6dc5a0d3bcb0dcba3d4cd199c594fdf6f1b44bec2bc1aa7558e8655ca4ee75b34f8a981d772d8eb0708bccf0dfe94a018b35acfcb6c9518717d7f9c177ad3c86eca9ee203eb0565073b4cd8a6110ec14946c0adb6b5623c3f9c5293a4e62a88ebddf45c6eb49c6d8d42e17f2221a686f1330302931884309feaa13ec47e55cfdbc80a131fd0d36cb1a2288218c194945cc3aaf7700e0614fba35c14e80dbd3ce5e44d33dfacc844a38068ee05bd739454d12cdd1385dfff138e12546c0f8c4b50bcd584dc39b80ff24da443b48c20ef7358d9914890acc728e1ba63b81eff0584d4ff4e9ac3131ba1c0386798c43e93941bb852d78e5867b4b6b9bd456b08fbd1b37693145b9c9a4b90ae33933911033042128dce1721bf054714e1a2cac896304cd68d84bee6528bc04102bd3cbd6ead02fa899923d5ea82be9e102627f19cd7f19b11a3e38cfa3faf001ae4d75305b99143a51fbde2ae4a294e7b0b2bfaebbec1a164c362a19d2a6bbb5e3a36e97daab2292b9c28af63c59a8e907532256d8d696f04a88456efe04aae18237f4fcba33221e430f18d8c3a72aaf6cf068190fe2c7159cad50b6c39a9390ef6145227867880135c019fcfffd411889c4dbfaf802a3c9cf55ccf3b972f001c8d6cac763707a2dc5012a6681e00b718473388d0a32530c87674ab39975cb762773d4c194381d5eed73aac29eb237985561074384c2567fabce857cf1c4996a2a3d5e34dc7291624b671bae5ab314faed92c47c2bdb4a3cb6d83d59ccf3aab4aa9d6d3c769e891ca5cd9b9d2abb8d401c2006270b9b14c042ff471e6bfee56d5aafd76e211d8aa5de8f1cf14fb49adde55884d1ae2139f7e712d8886821843ebd45a0b6a06037f6320dd09f62bb0c085ad22921e755433009e7414b66b826a9c8f0ad33e21e7393b703e9dc86d60e6c593f748bd96421524d0355694c7864b5008dec7cad6bed9270f2c114b098c3cdef4219c3d057bd5eec7f96e2d11e15334a943d3b0e3842cd0b47a8c6f26396dc49be23b883f421ac1ad247e570a4782cfdadbc7e5944e1ca1d77c89a7dcf470a070347a32fd90b4b59aa07e4fa953127f43caa4c80a79037b809ce86a5e2f9d03b12f2034099cadf35e6f80ad335075043bfa1bbb1b9645ec5b194bfe7e8a9e6468a8dc589c68362b8e6ff55a92e4206cc50194f68c71032493885c259d78ab9b40b2f94895886cbeb9848b1aa4a97c4017668b7d5cf4a16e9692ec8ece97f9e5b69cf13bb6dd900321073094b76db37ec26a91402170ddcc24735e9675099390c380a6aa2fbdf9dd1ffc38dc786d7acb9de7fc014fdae735e1b2e4a1be1601577c03ca868b78229c89b0ca3bb6c4ea7715de9e47f02ea77116775d34c7a072c966cfb1601a5288d5550b696cbad5529144eaaedebb60274ab33ab0b9cab53d52d65b6cc61106a7e676e3e9c350150267b4c25c00aa7ea411b63a6f7d23bbdcaecd027925f24616f9d74fd880995f4c2a6f5ea6583bab79fe0505d79fadeb68bc38c4cabfe04b5fbc610752e25a36ec15a2b5c21fda71560d663a98e07e0c6a767d3a39e11cf46cc00deb58796e331b4f702400c071abac2330746a374cf458566c5f29483100c00ef26b2ebbc979e1a2bb8a635a2448a8ecdddbd9dc4d8c6f757f24da4bf16d750dc195591d84cbdf3d8e3a63b883d91ae2cfee103325254cd053ea01de15ef5858626a3866b90201d6b2876ed1890adc437a93a7f6ec774a9799a7fc139c232e45e62a2ec8b7313c01d33a0dd248548df813f2d3d6cda19ae5888da74520d085f78009cf773f150545309e254284ea2db713882ef24f8df3f7895100617b7f6c6c0b2567815e77ef86f2a0b35ca91f17cb7363bfffb90724e70daae7e59a556d2722845ce2e630ba439700a95f0dfded3638eaae2ed6cbd65c4a1ce8c0b08f27f1aee4894234908bad402102435b1f6fec5cf555b6a90c36cd7e91590a5d1f9e0a92b1219d87c2f99350881a44df77ed1c273d6aac4667de4a4b97e200c35b74365bd2366bc16ef93476131b67bdf59208961ebaf696306720f08782f840ef98d3675b09b5dca2656437de685ed3b65defea4ef806feb3e8b872a3c325ae1a0efd4aaa285e639ff50d012be71d847af053b845c1a3d14ac100827ae43d8f4232acf54bcf4b43476c37cc858ff71f080667a964ab8e8e416c8249fa25b1bba787b767ddc4e5b73a0408d52798f09022f183e3685a2e22d1405655a301cdaf32f46dd6dcd07ad40b9968d1bb89a246c1a02062d23d27972483919f04c6ba65b5e4641a22adfe44d8338b1fa61c923e54a0dd2b1d62adfd113f59afba47f58a7119463c3576ef16f537a62c25e994b6d71da40f6950cf88f07e31571b47fb903f334f237a1fc5e3327d80000db7bd721a69da70f4b3b4782be4766faff4375b29b5a0f3ef97292ab27fd744f047f4a3ec13c847d19255aa35f8d2c460279a5e94c44f5b190ac180df56a342d6fee86d5607ebd9238776ead2147432dc76d98bf988b2e81263466fb0874f3ae5326816aa24019b067ff5719017c022cd64a4e6776068d1e1cb649190171e0ab7cbafbb97ea014a0ed3b05c02d19eb0d23b3414bf67d7ae113111605ed21390637549223c2a0760aab39d1b6ef021f67901aa73cbb8202a324a7d3c9d6ab32fc5474aa5936cf7ec4814fd8b38d0bcdc1f089812aac1ac03939fc124ed9731fa6216f114a23d8caafc342ff73adc4450130a83ea23fe3f286c4b36ff43341631007a54f97d766c39d1a9f590b98fc89ce8cd674c990b17befa36e84404d8259871f35057ca15129649a64136617ffe699dfba51342f7a579696f1a17a3c8495adfa406124cb0ec8dc5c550285e29a23b25d6c143e18d63bd0f8f48e4e4078b884d4333ce1d021ed0a309f976d6d077d6bdde7358af7e8b5da4bb5b97d6f44f9e8a2b375b44674bb7c9e8c91879488ac2cddc7ac9c99534ac726c3750520fd3c998efbfae0512201c6fb5025b215f558e75a0058c54e920532ff6f7e587a6bca6857020b279326185d5c0d8bfa91fb3ae547602f12c4ad3d5b12dcc379040a6e3740f98ba032ea5155dc1c1926544edd4fb30c523090f13697b76083a90a3ad00dab550458a4460126693e35a82d4d31af8bbe009dde2908ee7d0edcec445ae6fb97a0cbced77363421a834f9835d87dfdf677ec1701152480c39bc366d07ab235332b17c31e6070fca38f70b96d52064a1da3446459bd367ac8aa883a6de2ab0f3e248dbacbbfd5771c30873c95a763b7d859e5d84bef60e68cc33abf6ad15681eb281606b78c65deffa669090a8b8afc6258acb2094c264c28a68a86e1c8a60c1b549d1d0b56e5833e9570a65c741b03f717ab836b7fa327fb524b3e3719a3bc0ddb7b0b0558526d2246787fd47c98a0b29579813e20443503a5169d7c8296a7a033299db2e95e1a8628ace092ef1781fa9245722dbdcb7466f21206579d5514a4552024e106fbe1d1891772bb299270184281cfdab6f925de3d080c43604986142607376d5cfd8a3e45c269f8021ce77518db77e997ac9d4e2cd2191b457eaf6d07b20fefdbb4e7c3b30f612b258be2ed71dd57a700f735b01373b3fad0721dff6d3b2bcb2d5a510a21b62136e7a127d5b2ee1e7c37af88e59080c4beef2e82ecddd697396543fb4a902952bf517b363c3c5c45810f22fcc0a110959da039853cd37d77c0c21872a13b3c6d21058af3782f82a5e34737ee87ccd3b11f04f8ff3733f98ba55879e3b792cfa845a4757193436662e3cb329e22ebc3e7c4ce653b542849bff5e99cd2b1952cab1618af746f4cdfb2e10db084ee0b2dcddddf78968de58296a43f74c6c49cb437fbb074bf14fd1a6ec6e649eb414fe191de8581e972236a24f5f30445335a27aa078e4590e64348dbe49aa80066f1bed66456496de100c90e523afd88b967532667e89531abbf4852f126736c48476c099c0b332747f1ca719db8375073e5bba1012c7ffdcbf00b1944c41bc76fe70dfa7c1dd348d8a181b591df89ba0c2528c69d3ced24fac8f4d7bc5de607970df709cd6196ae6143ff6aa5f20bc67c415a7df7a3ea47288137d724f73ce12d39759a5fcc04c92805ea5e65c8be442f0ef9696882bcc1492d1c356b063ef6a6f2523a89ac366099b94a1def499a22348bf4de635fcad793f0ea42fc1c35c5794c2c1e73cc24bad90c69eb19d690ff1a6ea18a31f8d37fae3978fe06575770291fdaeb41af6c828a9ff81fc719536c31c9bfc61e6726448eeba4a8453a2817ea59f7a42c9e25f5d40fd10bb532b53e3913e251b58bd834002682f6cc2daf647adb6daac3bd0d3986cbe42969ed1844f56fba27332e7b4b69d9b1953886de059d7be20f114aa29423d3376866324e4a1d3241060c98f55851a4196b5d3e7cc7e6de4e341c1bdc4a3cbcc8e4b37145b9ba967f222f595474203eaba67bad27bbd9fff5454e79b1d9b463bcf2f48f584702d36aac8200e3ea7c061456860551a3d4afd3b8588715999f1fb445aaaf018996d045018c04d2629cf5fedb2d02465ad35521927e9cd4f7ab0178ab15049ee6f0b5b95d240ecf9cea6bb25d2241b518bbfe1fc08f3ae80ab3a7b52e56803b1f02f8b8109fc7210fc5e0f2ebeaf9a77657f5a1849483a28a6cd8ab9a91d20ce9bd17050dbcdc129532a3c2c21965c7934966d1c0213e12662982bd272630f473f12f13696b386c1", 0x1000}, {&(0x7f0000000080)="aab1fa3d86984e6f198acb517fd6ed3feb78", 0x12}, {&(0x7f00000011c0)="16fb525e98d56eb98d77caf1c031e42b54bcc08b55c45f6e6592ab26b964ac7362f4a04b62ca14d7809750fca1b26dd8df126a01b2d5270ac75eab0495eb2fdab9195a10671ce778dd9bf7cf1b70056c83e10ddd6ca6549cc8bfdbbb6361fcf5dc90d7660f535bc106293f770a390a698978dda127312b343b68c60a4cd28c8c2ac2dd3193658e40d88d2d89da251f5cc106650091928c7e792d4ba1815e085e427b55788533bfc313", 0xa9}, {&(0x7f00000012c0)="4d45f5b368b472b97b6c7a78625d92588d9e186fba1ac9edca8aa54d201eae113b8f4adc09fa270c37e8db11d83dc1a6508d7caf6b22ec0f1b463101a2344ad100", 0x41}, {&(0x7f0000001340)="6e9137c33e1b054c67b57694287b35cbfa8b878545eb85c7bc93e2dce313489f70cdc117e9945af32019cf4c86329ead443fdae69b7236bd2fdbb4dd349a8adea76278fe8d03cb88b278394b24124629b510127e334055a640a7f16da7fcfbd9b70a55908e4b2d7b63c1731928cc18fe8dd3b78aae1e94a613f06b0096bd796d3725222ec41f4e4a2c291732192e832986135d5cd2d0a98f8a", 0x99}], 0x5, &(0x7f0000001440)=[{0xe4, 0x10c, 0x8, "7845a93fb6da00f68d59b50fc1587df361f0db26666af469f38c4b0b7eb2bf47bdfff3113df42a1a956f647f3f230ac55ae984bef364997998e715753f9b11e6dc310d011bb605ea10f616854c0d743a9acb4064becaa2c29d780e7b51aabfb6be9680fc4c94193a25d666f84be0e15fe9a01dd7065161eaa589f636b8a81ca265b95d2aafe4efc539ab389c9f337bf8db9a06114f65000df4c11757e98ce1d9f8ce0c9ef53ea9851a61cce74ef1825ac4e28404d7d22192ccd4a07f02d2b0176ca96301334732076a616b62310ff53abe906f030cd6e3"}, {0x104, 0xff, 0x0, "74b87ef11ed6bec740cbe229b819f4f9076386397f4f00a760c57ee378cdd73c2d7197d51cd4753d9af31a97d715fecc54d680a6c52e5cb89482f586cb91885cea69b9c88e9c1f9d2ff51216cb854cd3e7c2d143d05ab95a6dfd9109194829211cf0e9bf85f725f812156117c1fa1a441eac627aa0eac4ae237214574f56cca8bbe29398da97053e490a0f69740111747dba4d3d99d90eee8e8bd8b2c64d5bd84cfeb03094f07a595fa3c0248332c1f085d80b3ceb733aa142a560a8d71b560ab3d7c7b7a0f27cbd5fe4036604d312da9b03576ff53cd91e88f204aa8c0c88a62c97fa98ff4e565ec660280448bd36de283c45dd175a7a"}, {0xec, 0x10f, 0x8, "aa3e50920982eae8d870c46bca73d926506c5b25b8609d6fa343e1b6bbe57cab809dd25e91952a5c71d7fd17b9227d7dd463057d19d04ff4a448ab252243792f154a99ce92475a45683a8034e9262f70dbd4b95e4b168cd5541840dbead396ff10da035dffdde3e1815aeedbe9f2b9ab14a117e025c95937ee88151998725fed5d633d7a97781e6332336cd542b7bc83e248fe8d448b92895589c228bbbe11688ff84268b46e7d520dcafbbc8ba8455c0bf114c90d88626ed4e35b36690ef2fd87f3c241d58430b7c7f26d1d12b5224b1796925a6290f5ccdb35ad25bb91a8"}, {0xf4, 0x1, 0xe, "8cecf628c4049e4cfae9f3df55fd19d020ea23ef3c53ec29ccdc9426df76cf60f5137fea35f0f9a350a0fd43013fc2fda644c342e6c545ab05abd2c26a56f135641180c701af5770f4f15d69cbdb74aaad2e26cce07e08aa37848331ba56d558a060e0d3e93321207d0b37e1f0233892bd50e09ae7eecdf28f1d135658b77ed05acfe3dbfa864a59525da63ea96065d3bcb2261f2b43eabeeb5562634c5185602b1765c7366e03296cd64f0da159b8fefd5d9fa2263daad79aace2ba879c6c5447758fa5d339d2c89c220fdc7be416e444e6adc53545ca760cef069a77d0eba45650ae2d9f"}], 0x3c8}, 0x8040)

23.097294305s ago: executing program 3 (id=1450):
socket$inet_sctp(0x2, 0x1, 0x84)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_to_team\x00'})
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000240)=""/229, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01030000000000001c0012000c000100626f6e64000000000c000200080001000535cb791cf3e5b70232d790d9c04fe43a7bccf8c1da7ccaeb2139e26949091daef3a65ea915fa328ea3e70c9110ba58f2187888ae4d7776b4df2cbc2dc561eaad02975097e5"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x0)
getsockname$packet(r5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}}, 0x20}, 0x1, 0x0, 0x0, 0x600}, 0x0)
syz_usb_connect(0x4, 0x2d, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0)
openat$rtc(0xffffffffffffff9c, 0x0, 0x383802, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0)
sendmsg$NFT_MSG_GETSET(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000080))

22.88576091s ago: executing program 0 (id=1451):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
recvfrom$packet(r0, &(0x7f0000000400)=""/179, 0xb3, 0x40000000, &(0x7f0000000100)={0x11, 0x16, 0x0, 0x1, 0xff, 0x6, @random="89633880f135"}, 0x14)
listen(0xffffffffffffffff, 0x8)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0xf)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x400c044)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
cachestat(r5, &(0x7f0000000040), 0x0, 0x0)

22.544630636s ago: executing program 4 (id=1452):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (fail_nth: 10)

21.740132334s ago: executing program 4 (id=1453):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000240)=0x8000000000000001)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000008000080"])
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000008000080"])
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x20000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
io_setup(0x1, &(0x7f00000004c0)=<r8=>0x0)
io_submit(r8, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r7, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])

21.649880161s ago: executing program 0 (id=1454):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYBLOB="01002cbd70451594d2a398c7390008000300", @ANYRES32=r1, @ANYBLOB="0a0006"], 0x28}, 0x1, 0x0, 0x0, 0x85}, 0x20000822)

21.571337386s ago: executing program 0 (id=1455):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x9, 0x4)
syz_emit_ethernet(0x381, &(0x7f0000002240)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x373, 0x0, 0x0, 0x3f, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0x35f, 0x0, @wg=@data={0x4, 0xc, 0x4, "f7b9aa3f9606d32f2d244712593e655e189e64f114be88c85290b6e10e1ca6068680f332d169f5da49814c1b6f8911e2a3d47626bb6923b125ce6307126479cf56d6dc5dff64c72f107b0237e546caa662409346aa0d4fb5ae90f8a15032185f64a096dece906ff7b1220334c224753274d580b2c4374ac7b2d8237c795790f79a673fd61f3125f2403aefa47bd6c796c84bcd00e94a83a20091f0505294a337dc9edf01779b1f8e6a269be5fa227c0aca19e30e3be6091af879d173e7a61ffa34913e01cb5d3d14ea390ed39946a158b137095f57bfb35eda028b958c3301a1287294f5a6b4ea0c373b6f9c3f9e4bf5d63e9229408d6146a068ba63a157cf56c4f34441cca4af07dca3807d105a2a473034671c7941573bf51eab322691a832f6e269b835aba2c867dfb9a86481237e74c2e65925b63de2890e2b3758de16068e1cbf0489b026fc24a5ca4d437660b4ad0b8a4a50f2493e94ae0c728919b61190a72233c9f94051449cc892d9fa1fcf0d6171eefdcefcaff6ffc3a9655b21fdc6e5290aca58a9ba8a4ceec79a6a5bc35e2d9e1eee7c3280b9dea7f453aea3f8ba285ea8e583323f4a60d536632827d1b4dff36d7cd3d749a1910675eaf848e016f6d73ac42f999212c10780e6f02034ad140741969031c02cc13b2832e585b54eaeeb7eae88b64a33ec31e610949e489d2d703f705d099908e54f58c808a78187bc9a6b17c646130ae6761ec2fdca6556a2c8616bd7c549476d86bb629e50d7fe118cafcf4545203b2331c8a8b839550395ffc1731d27e1b2b9335f332dbe96a0d0ece42ff9f285951e3780418c1f99abad90cd2b800d5bc4181b5012aa72576d574a205123227763dbc166b0ef77cfb0f59836f151c193e1fa7dd6ae7f00a55000944358f3a94530421a3332763ec4d13d0be573ed0ace88ee53002c143ab1993b8b9e82b5ab43fcbb158d3b1e5505394e6e09b63439e1d0430126687b888c714bbec2fdebcb896ba4c6c9995f2abdb696a89c710ff64c6b353e81d876e7ba9beceb2673bc8272fa1b65b7fffa7c4e011bafd4c8312ab7db243c847bb4cb7ae77d2ee7da8fec73c0a3cb4a7a4413729a6acad55120e13f8cdb595ec5e1f7fef794a393bfa9ecaf8356411f0103f7010e0771e36f82a42023c6b8bdfca95a61c8988aa5765d29"}}}}}}, 0x0)
syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0) (fail_nth: 1)

21.025986208s ago: executing program 0 (id=1456):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x3b1c25aed43c2db}, 0xc)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
close(r1) (async)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) (async, rerun: 64)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
clock_getres(0x3, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000002d00090027bd700000000000040000008814d2cac88a4d33c05eda9ddeab6bd70d05d6a68355f71b43a6284fb9fd8eef1c5c2a0660e8b01e"], 0x14}}, 0x84) (async, rerun: 32)
recvmmsg(r5, 0x0, 0x0, 0x400120a0, 0x0) (rerun: 32)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r5)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x2000, {0x2a00, 0x80010000, 0x0, 0xe01, 0x0, 0x0, 0x0, 0x0, 0x1c, "001ea89d9bb7fb0000e60080b8785d96000100000000000000000000000000000000000000000000000000000000de000000000a00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x10000]}}) (async)
read$FUSE(r1, &(0x7f000000c400)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020) (async)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0xd1, 0x4, 0xfffffefffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {0x0, 0xfffffffffffffffc}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe4)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRES16, @ANYRES8=r6, @ANYRES32=0x0, @ANYRESOCT=r6], 0x138}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

20.829375181s ago: executing program 0 (id=1457):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fsopen(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000001200050100000000fedbdf252800e800ffffffff0000000000000000000000000a0101020000000000000000000000000a000609862da10461b068354336a4bcc4963e377ac9605e33e0b303fe1affc110e3e56936783555d070a6089d0263a21186d18674f00f2f6e6c05af9ee57601d03633"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040810)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0)
fanotify_init(0xa00, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r4, 0x6, 0x22, 0xffffffffffffffff, &(0x7f00000002c0)=0x49)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x64, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff}, {0x10, 0xfff3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x34, 0x2, [@TCA_FQ_PIE_ALPHA={0x8, 0x5, 0xc}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0x1d}, @TCA_FQ_PIE_QUANTUM={0x8}, @TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}, @TCA_FQ_PIE_ECN={0x8}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfcf1}]}}]}, 0x64}}, 0x4048000)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa3})
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x42241, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r7, 0x800c5012, &(0x7f0000000040))
write$sysctl(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r8 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r8, r8, 0x0, 0x4800000009)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000900)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf250400000004001d"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x4000010)

20.310396249s ago: executing program 4 (id=1458):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)={'#! ', './file0/file0'}, 0x11)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='status\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
io_uring_setup(0x1047, &(0x7f0000000440)={0x0, 0x8270, 0x4000, 0x3, 0x10b})
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'veth0\x00', 0x1000})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xb, 0xa}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_route={{0xa}, {0x38, 0x2, [@TCA_ROUTE4_ACT={0x34, 0x6, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4, 0x3f0f}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r8 = request_key(&(0x7f0000000340)='rxrpc_s\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='\x00', 0xfffffffffffffffc)
add_key$user(&(0x7f0000000200), 0x0, &(0x7f0000000280)="aef9559dd62f453b025418908399e20c3d457201ee7fd5ba38b8891e71c3e65fa19de54302edc2f5ce5b70c7ee793e399a22e2813c21ae83166e384d8f3d4902083bf264750a74640b5e8b38224bdb9f2c38a6394e782993acb5802826f4b2ea1dde4334989a2ec5a6392f1d1588cf4209399ade98efd3e1a4e538d1740a175cf66647f00ce676ea0514341e109664be1c32b8168bc7c35b37e990c601", 0x9d, r8)

19.335297624s ago: executing program 4 (id=1459):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)={'#! ', './file0/file0'}, 0x11)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='status\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) (fail_nth: 1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
io_uring_setup(0x1047, &(0x7f0000000440)={0x0, 0x8270, 0x4000, 0x3, 0x10b})
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'veth0\x00', 0x1000})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xb, 0xa}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_route={{0xa}, {0x38, 0x2, [@TCA_ROUTE4_ACT={0x34, 0x6, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4, 0x3f0f}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r8 = request_key(&(0x7f0000000340)='rxrpc_s\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='\x00', 0xfffffffffffffffc)
add_key$user(&(0x7f0000000200), 0x0, &(0x7f0000000280)="aef9559dd62f453b025418908399e20c3d457201ee7fd5ba38b8891e71c3e65fa19de54302edc2f5ce5b70c7ee793e399a22e2813c21ae83166e384d8f3d4902083bf264750a74640b5e8b38224bdb9f2c38a6394e782993acb5802826f4b2ea1dde4334989a2ec5a6392f1d1588cf4209399ade98efd3e1a4e538d1740a175cf66647f00ce676ea0514341e109664be1c32b8168bc7c35b37e990c601", 0x9d, r8)

19.011468355s ago: executing program 3 (id=1460):
gettid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000000000000040'], 0x2a, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b00000013000000cc000200060000", @ANYRES32], 0x50)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b36, &(0x7f0000000040))
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xf)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008051}, 0x80)
ioctl$EXT4_IOC_SETFSUUID(r4, 0x4008662c, &(0x7f0000000000)={0x10, 0x0, "8970ba71ca25a8f01b6e3d16be49d843"})
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xb, &(0x7f0000000240)={0x8, 0x4}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r5, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f00000004c0), 0xffffffffffffffff, 0x1}}, 0x18)

18.926018666s ago: executing program 4 (id=1461):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x8)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="dc000000", @ANYRES16=r4, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e000000200000000000b0000380a80003805800018008200100040000000400030011000200646f6e745f617070726169737a0000000800010001000000040003000800010001f8ffff080001007a00000008000100ed26000008000200235be500060002002d000000340001800d0002003a2d2d2c2c2b25250000000008000100000000000800010003000000080002005e7b2f000400030004000300140001800c000200657468746f6f6c00040003000451dcb1851b715a08cbdc9cb1ff00"/233], 0xdc}}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001000000000000f1ff000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000001308000140000000050600030076657468315f6d6163767461700000000900010073797a"], 0xe8}}, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x25, 0x0, 0x0)
close(0x3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x100, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, 0x0, {0x5, 0x10}, {0x9, 0xffff}, {0x9, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004004}, 0x8080)
r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0xa0002)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000100))
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88600, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r7, 0x40044146, 0x0)

17.895727089s ago: executing program 3 (id=1462):
unshare(0x2000080)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
set_tid_address(0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x398, [0x0, 0x80000380, 0x800003b0, 0x800006e8], 0xf9ffff00, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff02000000030000000500000000f876657468305f746f5f626f6e640000000000000000000000000000000000000076657468305f746f5f626f6e64000000766c616e3000000000000000000000000180c2000002ff00ffffff00690d09ca47d100ffffffffffe60000000e010000520100006c696d69740000000000000000000000000000000000000000000000000000001800000008000000ab0000000000010001000000ff7f00000900000074696d6500000000000000000000000000000000000000000000000000000000180000000800000000000000f8ac0000fb4301000500000000010000415544495400000000000000000000000000000000000000000000000000000004000000020000004552524f52000000000000000000000000000000000000000000000000000700200000005f2544b36a233f56acf8fcab88529b512399e2092fb4bd0e596faf4a66f40000090000001400000081007465616d5f736c6176655f31000000006d6163736563300000000000000000006261746164765f736c6176655f30000076657468315f746f5f62617461647600ffffffffffffffffffff00000180c2000003ff000000ffffd600000046010000b6010000706879736465760000000000000000000000000000000000000000000000000044000000766972745f776966693000000000000000000000000000000000000000000000776732000000000000000000000000000000000000000000000000000000000004170000434c415353494659000000000000000000000000000000000000000000000000040000000e0000006c6f6700000000000000000000000000000000000000000000000000000000002400000081bae3cfd325000b0f2e13eca500a0499a400ffde03e3beb15402b8d137a4500080000004e464c4f470000000000000000000000000000000000000000000000000000004c000000040000000700050001000000b4bc9b95393b5f3c6bf1e515140e955c23c3e06987846a92de5635194ead0c9cde03dc3650ad229eb01cabac035d092ddddb1d7df9ff745f7f8dfb5d3c70dfc800000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000"]}, 0x3e8)
socket$alg(0x26, 0x5, 0x0)

17.689680061s ago: executing program 3 (id=1463):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x500)
ioctl$I2C_RDWR(r1, 0x707, 0x0)

15.470965539s ago: executing program 3 (id=1464):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3c42, 0x0)
ioctl$TIOCGETD(r4, 0x5424, &(0x7f0000000040))
pipe2$watch_queue(&(0x7f0000000340), 0x80)
r5 = dup3(r3, r2, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x400c6313, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x168, r1, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3603}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x63}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}]}, 0x168}, 0x1, 0x0, 0x0, 0x20001000}, 0xc011)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000cc0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000040)={0x50, r7, 0x33ec42f8b9a4771, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "04dd292062801b00"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="580198e56de3d74a3b00c1f3f6cd0ee76d9c9d074683ba0cc3a404ec75bea810"}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x44010)

5.502187541s ago: executing program 34 (id=1457):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fsopen(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000001200050100000000fedbdf252800e800ffffffff0000000000000000000000000a0101020000000000000000000000000a000609862da10461b068354336a4bcc4963e377ac9605e33e0b303fe1affc110e3e56936783555d070a6089d0263a21186d18674f00f2f6e6c05af9ee57601d03633"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040810)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0)
fanotify_init(0xa00, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r4, 0x6, 0x22, 0xffffffffffffffff, &(0x7f00000002c0)=0x49)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x64, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff}, {0x10, 0xfff3}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x34, 0x2, [@TCA_FQ_PIE_ALPHA={0x8, 0x5, 0xc}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0x1d}, @TCA_FQ_PIE_QUANTUM={0x8}, @TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}, @TCA_FQ_PIE_ECN={0x8}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfcf1}]}}]}, 0x64}}, 0x4048000)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xa3})
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x42241, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r7, 0x800c5012, &(0x7f0000000040))
write$sysctl(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r8 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r8, r8, 0x0, 0x4800000009)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000900)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf250400000004001d"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x4000010)

3.500303309s ago: executing program 35 (id=1461):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x8)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="dc000000", @ANYRES16=r4, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e000000200000000000b0000380a80003805800018008200100040000000400030011000200646f6e745f617070726169737a0000000800010001000000040003000800010001f8ffff080001007a00000008000100ed26000008000200235be500060002002d000000340001800d0002003a2d2d2c2c2b25250000000008000100000000000800010003000000080002005e7b2f000400030004000300140001800c000200657468746f6f6c00040003000451dcb1851b715a08cbdc9cb1ff00"/233], 0xdc}}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001000000000000f1ff000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000001308000140000000050600030076657468315f6d6163767461700000000900010073797a"], 0xe8}}, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x25, 0x0, 0x0)
close(0x3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x100, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, 0x0, {0x5, 0x10}, {0x9, 0xffff}, {0x9, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004004}, 0x8080)
r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0xa0002)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000100))
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88600, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r7, 0x40044146, 0x0)

0s ago: executing program 36 (id=1464):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3c42, 0x0)
ioctl$TIOCGETD(r4, 0x5424, &(0x7f0000000040))
pipe2$watch_queue(&(0x7f0000000340), 0x80)
r5 = dup3(r3, r2, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x400c6313, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x168, r1, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3603}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x63}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}]}, 0x168}, 0x1, 0x0, 0x0, 0x20001000}, 0xc011)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000cc0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000040)={0x50, r7, 0x33ec42f8b9a4771, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "04dd292062801b00"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="580198e56de3d74a3b00c1f3f6cd0ee76d9c9d074683ba0cc3a404ec75bea810"}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x44010)

kernel console output (not intermixed with test programs):

x113/0x200
[  451.808438][T10681]  vfs_write+0x5c9/0xb30
[  451.808467][T10681]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  451.808487][T10681]  ? __pfx_vfs_write+0x10/0x10
[  451.808520][T10681]  ? __fget_files+0x2a/0x420
[  451.808546][T10681]  ksys_write+0x145/0x250
[  451.808568][T10681]  ? exc_page_fault+0x82/0x100
[  451.808592][T10681]  ? __pfx_ksys_write+0x10/0x10
[  451.808618][T10681]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  451.808643][T10681]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.808669][T10681]  __do_fast_syscall_32+0xb6/0x2b0
[  451.808695][T10681]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.808720][T10681]  do_fast_syscall_32+0x34/0x80
[  451.808744][T10681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  451.808765][T10681] RIP: 0023:0xf7f44539
[  451.808782][T10681] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  451.808797][T10681] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  451.808817][T10681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0
[  451.808830][T10681] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000
[  451.808841][T10681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  451.808852][T10681] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  451.808863][T10681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  451.808891][T10681]  </TASK>
[  452.108943][    T9] usb 1-1: config 0 has no interfaces?
[  452.118664][    T9] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  452.127877][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.135951][    T9] usb 1-1: Product: syz
[  452.141852][    T9] usb 1-1: Manufacturer: syz
[  452.146485][    T9] usb 1-1: SerialNumber: syz
[  452.158706][    T9] usb 1-1: config 0 descriptor??
[  452.192387][ T5888] usb 4-1: USB disconnect, device number 40
[  452.313772][T10688] FAULT_INJECTION: forcing a failure.
[  452.313772][T10688] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  452.327585][T10688] CPU: 1 UID: 0 PID: 10688 Comm: syz.4.1165 Not tainted syzkaller #0 PREEMPT(full) 
[  452.327600][T10688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  452.327607][T10688] Call Trace:
[  452.327612][T10688]  <TASK>
[  452.327616][T10688]  dump_stack_lvl+0x189/0x250
[  452.327634][T10688]  ? __pfx____ratelimit+0x10/0x10
[  452.327648][T10688]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.327660][T10688]  ? __pfx__printk+0x10/0x10
[  452.327670][T10688]  ? __might_fault+0xb0/0x130
[  452.327689][T10688]  should_fail_ex+0x414/0x560
[  452.327706][T10688]  _copy_from_user+0x2d/0xb0
[  452.327727][T10688]  __sys_bpf+0x1e3/0x860
[  452.327739][T10688]  ? __pfx___sys_bpf+0x10/0x10
[  452.327757][T10688]  ? ksys_write+0x22a/0x250
[  452.327772][T10688]  ? __pfx_ksys_write+0x10/0x10
[  452.327788][T10688]  __ia32_sys_bpf+0x7c/0x90
[  452.327803][T10688]  __do_fast_syscall_32+0xb6/0x2b0
[  452.327818][T10688]  ? lockdep_hardirqs_on+0x9c/0x150
[  452.327834][T10688]  do_fast_syscall_32+0x34/0x80
[  452.327847][T10688]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  452.327860][T10688] RIP: 0023:0xf7f44539
[  452.327870][T10688] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  452.327878][T10688] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  452.327891][T10688] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000180
[  452.327898][T10688] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  452.327904][T10688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  452.327910][T10688] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  452.327915][T10688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  452.327930][T10688]  </TASK>
[  452.612740][T10690] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1164'.
[  452.645442][T10690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1164'.
[  452.657729][T10690] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1164'.
[  453.823281][ T5916] usb 1-1: USB disconnect, device number 53
[  454.483544][T10708] netlink: 'syz.0.1169': attribute type 9 has an invalid length.
[  454.491670][T10708] netlink: 'syz.0.1169': attribute type 11 has an invalid length.
[  454.503893][T10708] netlink: 'syz.0.1169': attribute type 12 has an invalid length.
[  454.511708][T10708] netlink: 210060 bytes leftover after parsing attributes in process `syz.0.1169'.
[  454.553047][T10708] openvswitch: netlink: Message has 4 unknown bytes.
[  455.205271][  T938] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  455.502598][T10725] loop6: detected capacity change from 0 to 524287999
[  456.238151][  T938] usb 3-1: config 0 has no interfaces?
[  456.248703][  T938] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  456.262141][  T938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.278106][  T938] usb 3-1: Product: syz
[  456.318316][  T938] usb 3-1: Manufacturer: syz
[  456.323000][  T938] usb 3-1: SerialNumber: syz
[  456.374236][  T938] usb 3-1: config 0 descriptor??
[  456.530097][T10733] netlink: 'syz.1.1174': attribute type 1 has an invalid length.
[  456.786943][T10733] bond7: entered promiscuous mode
[  456.792233][T10733] bond7: entered allmulticast mode
[  456.801184][T10733] 8021q: adding VLAN 0 to HW filter on device bond7
[  458.212186][ T5921] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  458.349453][    T9] usb 3-1: USB disconnect, device number 43
[  458.573941][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  458.661371][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.675006][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  458.699233][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  458.871675][ T5921] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  458.890804][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.937204][ T5921] usb 5-1: config 0 descriptor??
[  459.427749][T10758] FAULT_INJECTION: forcing a failure.
[  459.427749][T10758] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  459.485124][T10758] CPU: 1 UID: 0 PID: 10758 Comm: syz.3.1181 Not tainted syzkaller #0 PREEMPT(full) 
[  459.485149][T10758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  459.485161][T10758] Call Trace:
[  459.485169][T10758]  <TASK>
[  459.485178][T10758]  dump_stack_lvl+0x189/0x250
[  459.485205][T10758]  ? __pfx____ratelimit+0x10/0x10
[  459.485229][T10758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.485251][T10758]  ? __pfx__printk+0x10/0x10
[  459.485272][T10758]  ? fs_reclaim_acquire+0x7d/0x100
[  459.485306][T10758]  should_fail_ex+0x414/0x560
[  459.485337][T10758]  prepare_alloc_pages+0x213/0x610
[  459.485363][T10758]  __alloc_frozen_pages_noprof+0x123/0x370
[  459.485386][T10758]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  459.485421][T10758]  alloc_pages_mpol+0x232/0x4a0
[  459.485445][T10758]  alloc_pages_noprof+0xa9/0x190
[  459.485466][T10758]  pte_alloc_one+0x23/0x310
[  459.485491][T10758]  __do_fault+0xd1/0x390
[  459.485511][T10758]  __handle_mm_fault+0x1847/0x5400
[  459.485548][T10758]  ? __pfx___handle_mm_fault+0x10/0x10
[  459.485588][T10758]  ? __pfx_mtree_load+0x10/0x10
[  459.485609][T10758]  ? __pfx___might_resched+0x10/0x10
[  459.485632][T10758]  handle_mm_fault+0x40a/0x8e0
[  459.485665][T10758]  __get_user_pages+0x165c/0x2a00
[  459.485720][T10758]  faultin_page_range+0x240/0x8d0
[  459.485744][T10758]  ? __asan_memset+0x22/0x50
[  459.485766][T10758]  ? blk_start_plug+0x6f/0x1b0
[  459.485793][T10758]  madvise_do_behavior+0x2e7/0x550
[  459.485825][T10758]  ? __pfx_madvise_do_behavior+0x10/0x10
[  459.485860][T10758]  ? down_read+0x1ad/0x2e0
[  459.485885][T10758]  do_madvise+0x1bc/0x270
[  459.485913][T10758]  ? __pfx_do_madvise+0x10/0x10
[  459.485962][T10758]  ? __pfx_ksys_write+0x10/0x10
[  459.485999][T10758]  __ia32_sys_madvise+0xa7/0xc0
[  459.486019][T10758]  __do_fast_syscall_32+0xb6/0x2b0
[  459.486043][T10758]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.486070][T10758]  do_fast_syscall_32+0x34/0x80
[  459.486095][T10758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  459.486118][T10758] RIP: 0023:0xf706d539
[  459.486134][T10758] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  459.486149][T10758] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 00000000000000db
[  459.486169][T10758] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000c00000
[  459.486182][T10758] RDX: 0000000000000017 RSI: 0000000000000000 RDI: 0000000000000000
[  459.486193][T10758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  459.486203][T10758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  459.486214][T10758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  459.486242][T10758]  </TASK>
[  460.067535][ T5921] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.000C/input/input19
[  460.193352][ T5921] appleir 0003:05AC:8241.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0
[  460.226807][ T5921] usb 5-1: USB disconnect, device number 44
[  460.723400][T10774] netlink: 'syz.3.1182': attribute type 9 has an invalid length.
[  460.747425][T10774] netlink: 'syz.3.1182': attribute type 11 has an invalid length.
[  460.788045][T10768] fido_id[10768]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  460.832214][T10774] netlink: 'syz.3.1182': attribute type 12 has an invalid length.
[  460.872322][T10774] netlink: 210060 bytes leftover after parsing attributes in process `syz.3.1182'.
[  460.896892][T10774] openvswitch: netlink: Message has 4 unknown bytes.
[  461.371583][T10782] fuseblk: Unknown parameter 'smackfsdef'
[  462.512303][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1192'.
[  463.269481][T10817] kvm: pic: non byte read
[  463.274117][T10817] kvm: pic: non byte read
[  463.278566][T10817] kvm: pic: non byte read
[  463.284515][T10817] kvm: pic: non byte read
[  463.290841][T10817] kvm: pic: non byte read
[  463.316553][T10817] kvm: pic: non byte read
[  463.321210][T10817] kvm: pic: non byte read
[  464.087180][T10824] FAULT_INJECTION: forcing a failure.
[  464.087180][T10824] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  464.116296][T10824] CPU: 0 UID: 0 PID: 10824 Comm: syz.2.1195 Not tainted syzkaller #0 PREEMPT(full) 
[  464.116322][T10824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  464.116333][T10824] Call Trace:
[  464.116341][T10824]  <TASK>
[  464.116349][T10824]  dump_stack_lvl+0x189/0x250
[  464.116377][T10824]  ? __pfx____ratelimit+0x10/0x10
[  464.116399][T10824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.116420][T10824]  ? __pfx__printk+0x10/0x10
[  464.116437][T10824]  ? __might_fault+0xb0/0x130
[  464.116471][T10824]  should_fail_ex+0x414/0x560
[  464.116499][T10824]  _copy_from_user+0x2d/0xb0
[  464.116521][T10824]  get_compat_msghdr+0xad/0x4a0
[  464.116546][T10824]  ? __pfx_get_compat_msghdr+0x10/0x10
[  464.116575][T10824]  ___sys_sendmsg+0x193/0x2a0
[  464.116596][T10824]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.116648][T10824]  ? __fget_files+0x2a/0x420
[  464.116664][T10824]  ? __fget_files+0x3a0/0x420
[  464.116688][T10824]  __sys_sendmsg+0x164/0x220
[  464.116705][T10824]  ? __pfx___sys_sendmsg+0x10/0x10
[  464.116728][T10824]  ? __pfx_ksys_write+0x10/0x10
[  464.116753][T10824]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  464.116787][T10824]  ? lockdep_hardirqs_on+0x9c/0x150
[  464.116812][T10824]  __do_fast_syscall_32+0xb6/0x2b0
[  464.116834][T10824]  ? lockdep_hardirqs_on+0x9c/0x150
[  464.116859][T10824]  do_fast_syscall_32+0x34/0x80
[  464.116882][T10824]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  464.116903][T10824] RIP: 0023:0xf702d539
[  464.116917][T10824] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  464.116929][T10824] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  464.116946][T10824] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000400
[  464.116956][T10824] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  464.116967][T10824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  464.116976][T10824] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  464.116987][T10824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  464.117011][T10824]  </TASK>
[  464.332601][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.128012][ T5921] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  465.522717][ T5921] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  465.536533][ T5921] usb 3-1: config 0 has no interface number 0
[  465.561159][ T5921] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  465.573424][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.833911][T10850] netlink: 'syz.0.1201': attribute type 9 has an invalid length.
[  465.841918][T10850] netlink: 'syz.0.1201': attribute type 11 has an invalid length.
[  465.870552][ T5921] usb 3-1: config 0 descriptor??
[  465.888564][ T5921] usb 3-1: selecting invalid altsetting 1
[  465.896898][ T5921] dvb_ttusb_budget: ttusb_init_controller: error
[  465.905077][ T5921] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  465.930085][T10850] netlink: 'syz.0.1201': attribute type 12 has an invalid length.
[  465.948315][T10850] netlink: 210060 bytes leftover after parsing attributes in process `syz.0.1201'.
[  465.959542][T10850] openvswitch: netlink: Message has 4 unknown bytes.
[  466.002246][   T24] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  466.044980][ T5921] DVB: Unable to find symbol cx22700_attach()
[  466.165571][ T5921] DVB: Unable to find symbol tda10046_attach()
[  466.187744][ T5921] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  466.312525][   T24] usb 2-1: Using ep0 maxpacket: 8
[  466.341791][   T24] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  466.363493][   T24] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  466.376778][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.395417][   T24] usb 2-1: Product: syz
[  466.399595][   T24] usb 2-1: Manufacturer: syz
[  466.420570][   T24] usb 2-1: SerialNumber: syz
[  466.632859][   T24] usb 2-1: config 0 descriptor??
[  466.712969][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  466.734991][   T24] usb 2-1: setting power ON
[  466.739610][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  466.748560][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  466.779283][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  466.795304][   T24] usb 2-1: media controller created
[  466.840936][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  466.903097][   T24] usb 2-1: selecting invalid altsetting 6
[  466.908992][   T24] usb 2-1: digital interface selection failed (-22)
[  466.916217][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  466.926404][   T24] usb 2-1: setting power OFF
[  466.931138][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  466.937466][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  466.950831][   T24] (NULL device *): no alternate interface
[  467.007319][T10860] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1203'.
[  467.185597][T10861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'.
[  467.224582][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  467.365825][T10860] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1203'.
[  467.742191][ T5888] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  467.960771][ T5921] usb 3-1: USB disconnect, device number 44
[  468.004542][T10869] FAULT_INJECTION: forcing a failure.
[  468.004542][T10869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.052551][ T5888] usb 1-1: config 0 has no interfaces?
[  468.068780][ T5888] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.31
[  468.078105][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=16
[  468.082761][T10869] CPU: 0 UID: 0 PID: 10869 Comm: syz.2.1206 Not tainted syzkaller #0 PREEMPT(full) 
[  468.082785][T10869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  468.082796][T10869] Call Trace:
[  468.082803][T10869]  <TASK>
[  468.082812][T10869]  dump_stack_lvl+0x189/0x250
[  468.082838][T10869]  ? __pfx____ratelimit+0x10/0x10
[  468.082861][T10869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  468.082882][T10869]  ? __pfx__printk+0x10/0x10
[  468.082899][T10869]  ? __might_fault+0xb0/0x130
[  468.082931][T10869]  should_fail_ex+0x414/0x560
[  468.082960][T10869]  _copy_from_user+0x2d/0xb0
[  468.082981][T10869]  get_compat_msghdr+0xad/0x4a0
[  468.083005][T10869]  ? __pfx_get_compat_msghdr+0x10/0x10
[  468.083034][T10869]  ___sys_sendmsg+0x193/0x2a0
[  468.083055][T10869]  ? __pfx____sys_sendmsg+0x10/0x10
[  468.083112][T10869]  ? __fget_files+0x2a/0x420
[  468.083128][T10869]  ? __fget_files+0x3a0/0x420
[  468.083157][T10869]  __sys_sendmsg+0x164/0x220
[  468.083177][T10869]  ? __pfx___sys_sendmsg+0x10/0x10
[  468.083203][T10869]  ? __pfx_ksys_write+0x10/0x10
[  468.083228][T10869]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  468.083253][T10869]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.083277][T10869]  __do_fast_syscall_32+0xb6/0x2b0
[  468.083301][T10869]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.083326][T10869]  do_fast_syscall_32+0x34/0x80
[  468.083349][T10869]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  468.083368][T10869] RIP: 0023:0xf702d539
[  468.083383][T10869] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  468.083398][T10869] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  468.083417][T10869] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0
[  468.083429][T10869] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  468.083440][T10869] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  468.083450][T10869] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  468.083460][T10869] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  468.083487][T10869]  </TASK>
[  468.499425][T10871] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  468.552265][    T9] usb 2-1: USB disconnect, device number 38
[  468.587005][ T5888] usb 1-1: SerialNumber: syz
[  468.594757][ T5888] usb 1-1: config 0 descriptor??
[  468.604666][T10871] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  468.677262][T10871] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  468.689328][T10871] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1207'.
[  468.945847][    T9] usb 1-1: USB disconnect, device number 54
[  469.533787][T10888] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1211'.
[  469.842184][ T5921] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  470.017287][ T5921] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  470.027073][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.086968][ T5921] usb 5-1: Product: syz
[  470.091382][ T5921] usb 5-1: Manufacturer: syz
[  470.096400][ T5921] usb 5-1: SerialNumber: syz
[  470.492235][    T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  470.667371][    T9] usb 1-1: config 0 has no interfaces?
[  470.680950][    T9] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  470.914690][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.936058][    T9] usb 1-1: Product: syz
[  470.941407][    T9] usb 1-1: Manufacturer: syz
[  470.946699][    T9] usb 1-1: SerialNumber: syz
[  470.964514][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  470.979870][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  470.994636][    T9] usb 1-1: config 0 descriptor??
[  471.022865][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  471.051899][ T5921] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  471.631694][T10918] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1218'.
[  471.652366][   T24] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  471.805658][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.830846][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  471.896465][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  472.076577][   T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  472.091648][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.107042][   T24] usb 3-1: config 0 descriptor??
[  472.222999][T10933] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1219'.
[  472.371572][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1219'.
[  472.387324][T10933] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1219'.
[  472.675161][   T24] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  473.128058][T10940] FAULT_INJECTION: forcing a failure.
[  473.128058][T10940] name failslab, interval 1, probability 0, space 0, times 0
[  473.154745][T10940] CPU: 1 UID: 0 PID: 10940 Comm: syz.2.1217 Not tainted syzkaller #0 PREEMPT(full) 
[  473.154769][T10940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  473.154783][T10940] Call Trace:
[  473.154790][T10940]  <TASK>
[  473.154799][T10940]  dump_stack_lvl+0x189/0x250
[  473.154828][T10940]  ? __pfx____ratelimit+0x10/0x10
[  473.154852][T10940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.154880][T10940]  ? __pfx__printk+0x10/0x10
[  473.154904][T10940]  ? __pfx___might_resched+0x10/0x10
[  473.154929][T10940]  should_fail_ex+0x414/0x560
[  473.154960][T10940]  should_failslab+0xa8/0x100
[  473.154980][T10940]  __kmalloc_noprof+0xcb/0x7f0
[  473.155003][T10940]  ? kfree+0x4d/0x6d0
[  473.155021][T10940]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  473.155052][T10940]  tomoyo_realpath_from_path+0xe3/0x5d0
[  473.155079][T10940]  ? tomoyo_domain+0xd9/0x130
[  473.155101][T10940]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  473.155123][T10940]  tomoyo_path_number_perm+0x1e8/0x5a0
[  473.155148][T10940]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  473.155187][T10940]  ? __lock_acquire+0xab9/0xd20
[  473.155225][T10940]  ? __fget_files+0x2a/0x420
[  473.155247][T10940]  ? __fget_files+0x3a0/0x420
[  473.155263][T10940]  ? __fget_files+0x2a/0x420
[  473.155284][T10940]  security_file_ioctl_compat+0xcb/0x2d0
[  473.155308][T10940]  __ia32_compat_sys_ioctl+0x128/0x840
[  473.155334][T10940]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  473.155357][T10940]  ? __fget_files+0x3a0/0x420
[  473.155381][T10940]  ? fput+0xa0/0xd0
[  473.155401][T10940]  ? ksys_write+0x22a/0x250
[  473.155422][T10940]  ? exc_page_fault+0x82/0x100
[  473.155445][T10940]  ? __pfx_ksys_write+0x10/0x10
[  473.155471][T10940]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  473.155497][T10940]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.155523][T10940]  __do_fast_syscall_32+0xb6/0x2b0
[  473.155548][T10940]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.155575][T10940]  do_fast_syscall_32+0x34/0x80
[  473.155599][T10940]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  473.155620][T10940] RIP: 0023:0xf702d539
[  473.155637][T10940] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  473.155653][T10940] RSP: 002b:00000000f53fc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  473.155673][T10940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080044801
[  473.155686][T10940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  473.155697][T10940] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.155708][T10940] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  473.155719][T10940] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.155748][T10940]  </TASK>
[  473.155873][T10940] ERROR: Out of memory at tomoyo_realpath_from_path.
[  473.505939][    T9] usb 5-1: USB disconnect, device number 45
[  473.675390][ T5888] usb 1-1: USB disconnect, device number 55
[  474.132490][ T5888] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  474.294371][ T5888] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  474.312391][ T5888] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  474.323428][ T5888] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  474.333752][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.346602][T10950] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  474.369008][ T5888] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  474.617352][ T5888] usb 4-1: USB disconnect, device number 41
[  474.888949][T10959] FAULT_INJECTION: forcing a failure.
[  474.888949][T10959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.903073][T10959] CPU: 1 UID: 0 PID: 10959 Comm: syz.0.1227 Not tainted syzkaller #0 PREEMPT(full) 
[  474.903097][T10959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  474.903107][T10959] Call Trace:
[  474.903114][T10959]  <TASK>
[  474.903120][T10959]  dump_stack_lvl+0x189/0x250
[  474.903142][T10959]  ? __pfx____ratelimit+0x10/0x10
[  474.903160][T10959]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.903177][T10959]  ? __pfx__printk+0x10/0x10
[  474.903191][T10959]  ? __might_fault+0xb0/0x130
[  474.903217][T10959]  should_fail_ex+0x414/0x560
[  474.903240][T10959]  _copy_from_iter+0x1de/0x1790
[  474.903263][T10959]  ? __lock_acquire+0xab9/0xd20
[  474.903277][T10959]  ? __pfx__copy_from_iter+0x10/0x10
[  474.903299][T10959]  ? page_copy_sane+0x4e/0x280
[  474.903314][T10959]  copy_page_from_iter+0xdd/0x170
[  474.903333][T10959]  tun_get_user+0x1d7b/0x3e90
[  474.903355][T10959]  ? tun_get_user+0x6f6/0x3e90
[  474.903375][T10959]  ? aa_file_perm+0x44d/0x1550
[  474.903388][T10959]  ? __pfx_tun_get_user+0x10/0x10
[  474.903403][T10959]  ? _parse_integer_limit+0x1ae/0x1f0
[  474.903422][T10959]  ? __lock_acquire+0xab9/0xd20
[  474.903439][T10959]  ? ref_tracker_alloc+0x318/0x460
[  474.903452][T10959]  ? __lock_acquire+0xab9/0xd20
[  474.903466][T10959]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  474.903483][T10959]  ? tun_get+0x1c/0x2f0
[  474.903502][T10959]  ? tun_get+0x1c/0x2f0
[  474.903516][T10959]  ? tun_get+0x1c/0x2f0
[  474.903534][T10959]  tun_chr_write_iter+0x113/0x200
[  474.903551][T10959]  vfs_write+0x5c9/0xb30
[  474.903572][T10959]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  474.903588][T10959]  ? __pfx_vfs_write+0x10/0x10
[  474.903612][T10959]  ? __fget_files+0x2a/0x420
[  474.903632][T10959]  ksys_write+0x145/0x250
[  474.903649][T10959]  ? exc_page_fault+0x82/0x100
[  474.903666][T10959]  ? __pfx_ksys_write+0x10/0x10
[  474.903686][T10959]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  474.903711][T10959]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.903730][T10959]  __do_fast_syscall_32+0xb6/0x2b0
[  474.903749][T10959]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.903769][T10959]  do_fast_syscall_32+0x34/0x80
[  474.903788][T10959]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  474.903804][T10959] RIP: 0023:0xf70fd539
[  474.903816][T10959] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  474.903827][T10959] RSP: 002b:00000000f54ed520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  474.903844][T10959] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000100
[  474.903854][T10959] RDX: 0000000000000080 RSI: 00000000f7496ff4 RDI: 0000000000000000
[  474.903863][T10959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  474.903871][T10959] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  474.903879][T10959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  474.903900][T10959]  </TASK>
[  475.253867][   T24] usb 3-1: reset high-speed USB device number 45 using dummy_hcd
[  475.263514][   T24] usb 3-1: device reset changed ep0 maxpacket size!
[  475.285273][ T5921] usb 3-1: USB disconnect, device number 45
[  475.312796][ T5868] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  475.364424][T10963] loop2: detected capacity change from 0 to 7
[  475.371644][T10963] Dev loop2: unable to read RDB block 7
[  475.377547][T10963]  loop2: AHDI p1 p2 p3
[  475.381965][T10963] loop2: partition table partially beyond EOD, truncated
[  475.392948][T10963] loop2: p1 start 1601398130 is beyond EOD, truncated
[  475.399742][T10963] loop2: p2 start 1702059890 is beyond EOD, truncated
[  475.456718][ T5921] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  475.472538][ T5868] usb 5-1: Using ep0 maxpacket: 16
[  475.480698][ T5868] usb 5-1: config 166 has an invalid interface number: 177 but max is 1
[  475.491155][ T5868] usb 5-1: config 166 has an invalid interface number: 34 but max is 1
[  475.501270][ T5868] usb 5-1: config 166 has no interface number 0
[  475.502490][T10967] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1231'.
[  475.507805][ T5868] usb 5-1: config 166 has no interface number 1
[  475.523769][ T5868] usb 5-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  475.537099][ T5868] usb 5-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  475.602193][ T5868] usb 5-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  475.634479][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  475.639865][ T5868] usb 5-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  475.654190][ T5868] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  475.666503][ T5868] usb 5-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  475.676762][ T5921] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  475.676789][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.676842][ T5921] usb 3-1: Product: syz
[  475.676856][ T5921] usb 3-1: Manufacturer: syz
[  475.676871][ T5921] usb 3-1: SerialNumber: syz
[  475.712547][ T5921] usb 3-1: config 0 descriptor??
[  475.718412][ T5868] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  475.735532][ T5868] usb 5-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  475.746783][ T5868] usb 5-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  475.767626][ T5921] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  475.776049][ T5921] usb 3-1: setting power ON
[  475.780785][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  475.790269][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  475.792200][  T938] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  475.803116][ T5921] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  475.840122][ T5921] usb 3-1: media controller created
[  475.861587][ T5868] usb 5-1: config 166 interface 177 has no altsetting 0
[  475.890578][ T5868] usb 5-1: config 166 interface 34 has no altsetting 0
[  475.890853][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  475.942924][ T5868] usb 5-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  475.959962][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.968636][ T5868] usb 5-1: Product: syz
[  476.152410][T10955] dvb-usb: bulk message failed: -22 (3/0)
[  476.158185][T10955] dvb-usb: bulk message failed: -22 (3/0)
[  476.217155][T10981] loop6: detected capacity change from 0 to 524287999
[  476.234548][  T938] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  476.243866][  T938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.302151][  T938] usb 4-1: Product: syz
[  476.307119][  T938] usb 4-1: Manufacturer: syz
[  476.313159][ T5868] usb 5-1: Manufacturer: syz
[  476.317781][ T5868] usb 5-1: SerialNumber: syz
[  476.332757][  T938] usb 4-1: SerialNumber: syz
[  476.341214][ T5921] usb 3-1: selecting invalid altsetting 6
[  476.373725][ T5921] usb 3-1: digital interface selection failed (-22)
[  476.392385][ T5921] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  476.420250][ T5921] usb 3-1: setting power OFF
[  476.435648][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  476.447496][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  476.536172][ T5921] (NULL device *): no alternate interface
[  476.654002][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  476.751154][ T5868] ums-realtek 5-1:166.177: USB Mass Storage device detected
[  476.757611][ T5921] usb 3-1: USB disconnect, device number 46
[  476.955576][ T5868] ums-realtek 5-1:166.34: USB Mass Storage device detected
[  477.086148][  T938] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  477.098271][  T938] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  477.111307][  T938] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  477.111603][T10991] FAULT_INJECTION: forcing a failure.
[  477.111603][T10991] name failslab, interval 1, probability 0, space 0, times 0
[  477.144363][T10991] CPU: 0 UID: 0 PID: 10991 Comm: syz.1.1234 Not tainted syzkaller #0 PREEMPT(full) 
[  477.144385][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  477.144395][T10991] Call Trace:
[  477.144402][T10991]  <TASK>
[  477.144410][T10991]  dump_stack_lvl+0x189/0x250
[  477.144436][T10991]  ? __pfx____ratelimit+0x10/0x10
[  477.144459][T10991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  477.144480][T10991]  ? __pfx__printk+0x10/0x10
[  477.144499][T10991]  ? __pfx___might_resched+0x10/0x10
[  477.144516][T10991]  ? fs_reclaim_acquire+0x7d/0x100
[  477.144544][T10991]  should_fail_ex+0x414/0x560
[  477.144574][T10991]  should_failslab+0xa8/0x100
[  477.144594][T10991]  kmem_cache_alloc_noprof+0x74/0x6e0
[  477.144617][T10991]  ? is_bpf_text_address+0x26/0x2b0
[  477.144634][T10991]  ? fuse_get_req+0x7b9/0x10b0
[  477.144657][T10991]  fuse_get_req+0x7b9/0x10b0
[  477.144677][T10991]  ? kernel_text_address+0xa5/0xe0
[  477.144704][T10991]  ? unwind_get_return_address+0x4d/0x90
[  477.144728][T10991]  ? __pfx_fuse_get_req+0x10/0x10
[  477.144762][T10991]  __fuse_simple_request+0x2bb/0x1bb0
[  477.144794][T10991]  ? __pfx___fuse_simple_request+0x10/0x10
[  477.144814][T10991]  ? __lock_acquire+0xab9/0xd20
[  477.144861][T10991]  fuse_getxattr+0x2d7/0x470
[  477.144884][T10991]  ? __page_table_check_zero+0xba/0x530
[  477.144913][T10991]  ? __pfx_fuse_getxattr+0x10/0x10
[  477.144973][T10991]  fuse_xattr_get+0x80/0xa0
[  477.144994][T10991]  ? __pfx_fuse_xattr_get+0x10/0x10
[  477.145019][T10991]  __vfs_getxattr+0x3f4/0x430
[  477.145047][T10991]  cap_inode_need_killpriv+0x45/0x60
[  477.145068][T10991]  security_inode_need_killpriv+0x89/0x270
[  477.145090][T10991]  file_remove_privs_flags+0x297/0x5f0
[  477.145123][T10991]  ? __pfx_file_remove_privs_flags+0x10/0x10
[  477.145147][T10991]  ? aa_file_perm+0x44d/0x1550
[  477.145172][T10991]  ? generic_write_checks_count+0x43e/0x540
[  477.145197][T10991]  file_modified_flags+0x4c/0x560
[  477.145217][T10991]  ? generic_write_checks+0xa6/0x110
[  477.145248][T10991]  fuse_file_write_iter+0xad4/0x10a0
[  477.145273][T10991]  ? __pfx_fuse_file_write_iter+0x10/0x10
[  477.145301][T10991]  ? rcu_read_lock_any_held+0xb3/0x120
[  477.145323][T10991]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  477.145359][T10991]  vfs_write+0x5c9/0xb30
[  477.145387][T10991]  ? __pfx_fuse_file_write_iter+0x10/0x10
[  477.145406][T10991]  ? __pfx_vfs_write+0x10/0x10
[  477.145439][T10991]  ? __fget_files+0x2a/0x420
[  477.145466][T10991]  ksys_write+0x145/0x250
[  477.145488][T10991]  ? exc_page_fault+0x82/0x100
[  477.145512][T10991]  ? __pfx_ksys_write+0x10/0x10
[  477.145537][T10991]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  477.145562][T10991]  ? lockdep_hardirqs_on+0x9c/0x150
[  477.145588][T10991]  __do_fast_syscall_32+0xb6/0x2b0
[  477.145614][T10991]  ? lockdep_hardirqs_on+0x9c/0x150
[  477.145641][T10991]  do_fast_syscall_32+0x34/0x80
[  477.145665][T10991]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  477.145686][T10991] RIP: 0023:0xf7fe1539
[  477.145702][T10991] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  477.145717][T10991] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  477.145736][T10991] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0
[  477.145749][T10991] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000000
[  477.145760][T10991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  477.145771][T10991] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  477.145781][T10991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  477.145811][T10991]  </TASK>
[  477.148358][  T938] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[  477.282200][ T5921] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  477.664809][ T5868] ums-realtek 5-1:166.34: probe with driver ums-realtek failed with error -5
[  477.679778][ T5868] uvcvideo 5-1:166.34: Found UVC 0.00 device syz (0bda:0138)
[  477.691535][ T5868] uvcvideo 5-1:166.34: No valid video chain found.
[  477.736503][ T5868] usb 5-1: USB disconnect, device number 46
[  477.816766][ T5921] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  477.825423][ T5921] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  477.842140][ T5921] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  477.879273][ T5921] usb 3-1: config 220 has no interface number 2
[  477.896751][ T5921] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  477.922217][ T5921] usb 3-1: config 220 interface 0 has no altsetting 0
[  477.929032][ T5921] usb 3-1: config 220 interface 76 has no altsetting 0
[  477.952414][ T5921] usb 3-1: config 220 interface 1 has no altsetting 0
[  477.966080][ T5921] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  477.979252][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.987573][ T5921] usb 3-1: Product: syz
[  477.992021][ T5921] usb 3-1: Manufacturer: syz
[  477.996723][ T5921] usb 3-1: SerialNumber: syz
[  478.188969][T11009] netlink: 'syz.1.1237': attribute type 1 has an invalid length.
[  478.317937][T11014] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1238'.
[  478.407089][T11014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1238'.
[  478.420058][T11016] netlink: 37 bytes leftover after parsing attributes in process `syz.4.1239'.
[  478.436102][T11014] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1238'.
[  478.500351][ T5921] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  478.533580][  T938] usb 4-1: USB disconnect, device number 42
[  478.583984][T11009] bond8: entered promiscuous mode
[  478.589248][T11009] bond8: entered allmulticast mode
[  478.627567][ T5921] uvcvideo 3-1:220.0: No valid video chain found.
[  478.668144][ T5921] usb 3-1: selecting invalid altsetting 0
[  478.677439][T11009] 8021q: adding VLAN 0 to HW filter on device bond8
[  478.705635][ T5921] usb 3-1: selecting invalid altsetting 0
[  478.715970][ T5921] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  478.748089][ T5921] usb 3-1: USB disconnect, device number 47
[  480.742651][T11048] loop6: detected capacity change from 0 to 524287999
[  481.688554][T11056] FAULT_INJECTION: forcing a failure.
[  481.688554][T11056] name failslab, interval 1, probability 0, space 0, times 0
[  481.725758][T11060] FAULT_INJECTION: forcing a failure.
[  481.725758][T11060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.741392][T11056] CPU: 0 UID: 0 PID: 11056 Comm: syz.0.1248 Not tainted syzkaller #0 PREEMPT(full) 
[  481.741417][T11056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  481.741428][T11056] Call Trace:
[  481.741437][T11056]  <TASK>
[  481.741445][T11056]  dump_stack_lvl+0x189/0x250
[  481.741472][T11056]  ? __pfx____ratelimit+0x10/0x10
[  481.741495][T11056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.741517][T11056]  ? __pfx__printk+0x10/0x10
[  481.741542][T11056]  ? __pfx___might_resched+0x10/0x10
[  481.741566][T11056]  should_fail_ex+0x414/0x560
[  481.741597][T11056]  should_failslab+0xa8/0x100
[  481.741617][T11056]  __kmalloc_noprof+0xcb/0x7f0
[  481.741639][T11056]  ? kfree+0x4d/0x6d0
[  481.741657][T11056]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  481.741689][T11056]  tomoyo_realpath_from_path+0xe3/0x5d0
[  481.741716][T11056]  ? tomoyo_domain+0xd9/0x130
[  481.741739][T11056]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  481.741760][T11056]  tomoyo_path_number_perm+0x1e8/0x5a0
[  481.741785][T11056]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  481.741826][T11056]  ? __lock_acquire+0xab9/0xd20
[  481.741863][T11056]  ? __fget_files+0x2a/0x420
[  481.741886][T11056]  ? __fget_files+0x3a0/0x420
[  481.741902][T11056]  ? __fget_files+0x2a/0x420
[  481.741923][T11056]  security_file_ioctl_compat+0xcb/0x2d0
[  481.741947][T11056]  __ia32_compat_sys_ioctl+0x128/0x840
[  481.741973][T11056]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  481.741996][T11056]  ? __fget_files+0x3a0/0x420
[  481.742025][T11056]  ? fput+0xa0/0xd0
[  481.742045][T11056]  ? ksys_write+0x22a/0x250
[  481.742070][T11056]  ? exc_page_fault+0x82/0x100
[  481.742090][T11056]  ? __pfx_ksys_write+0x10/0x10
[  481.742114][T11056]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  481.742137][T11056]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.742159][T11056]  __do_fast_syscall_32+0xb6/0x2b0
[  481.742182][T11056]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.742205][T11056]  do_fast_syscall_32+0x34/0x80
[  481.742226][T11056]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  481.742243][T11056] RIP: 0023:0xf70fd539
[  481.742261][T11056] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  481.742276][T11056] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  481.742296][T11056] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  481.742310][T11056] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  481.742321][T11056] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  481.742332][T11056] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  481.742343][T11056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  481.742373][T11056]  </TASK>
[  482.016061][T11060] CPU: 1 UID: 0 PID: 11060 Comm: syz.1.1249 Not tainted syzkaller #0 PREEMPT(full) 
[  482.016086][T11060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  482.016096][T11060] Call Trace:
[  482.016104][T11060]  <TASK>
[  482.016111][T11060]  dump_stack_lvl+0x189/0x250
[  482.016137][T11060]  ? __pfx____ratelimit+0x10/0x10
[  482.016157][T11060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.016178][T11060]  ? __pfx__printk+0x10/0x10
[  482.016196][T11060]  ? __might_fault+0xb0/0x130
[  482.016230][T11060]  should_fail_ex+0x414/0x560
[  482.016257][T11060]  _copy_from_user+0x2d/0xb0
[  482.016278][T11060]  __sys_bpf+0x1e3/0x860
[  482.016297][T11060]  ? __pfx___sys_bpf+0x10/0x10
[  482.016327][T11060]  ? ksys_write+0x22a/0x250
[  482.016348][T11060]  ? exc_page_fault+0x82/0x100
[  482.016371][T11060]  ? __pfx_ksys_write+0x10/0x10
[  482.016399][T11060]  __ia32_sys_bpf+0x7c/0x90
[  482.016424][T11060]  __do_fast_syscall_32+0xb6/0x2b0
[  482.016448][T11060]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.016475][T11060]  do_fast_syscall_32+0x34/0x80
[  482.016499][T11060]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  482.016520][T11060] RIP: 0023:0xf7fe1539
[  482.016535][T11060] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  482.016548][T11060] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  482.016566][T11060] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000e00
[  482.016578][T11060] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000
[  482.016588][T11060] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  482.016598][T11060] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  482.016609][T11060] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  482.016636][T11060]  </TASK>
[  482.016887][T11056] ERROR: Out of memory at tomoyo_realpath_from_path.
[  482.272214][ T5868] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  482.555564][ T5868] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  482.566150][ T5868] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  482.576253][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.632365][ T5868] gspca_main: stv0680-2.14.0 probing 041e:4007
[  482.662172][   T24] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  482.662172][ T5916] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  482.820072][ T5916] usb 2-1: unable to get BOS descriptor or descriptor too short
[  482.831210][ T5916] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.832193][   T24] usb 3-1: Using ep0 maxpacket: 8
[  482.842024][ T5916] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  482.872033][ T5916] usb 2-1: config 1 interface 1 has no altsetting 0
[  482.906515][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  482.906526][ T5916] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  482.906549][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.935118][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  482.957177][ T5916] usb 2-1: Product: syz
[  482.961763][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  482.989029][ T5916] usb 2-1: Manufacturer: syz
[  483.002530][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  483.019370][ T5916] usb 2-1: SerialNumber: syz
[  483.047488][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  483.354947][   T24] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  483.375156][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.394608][   T24] usb 3-1: Product: syz
[  483.423600][   T24] usb 3-1: Manufacturer: syz
[  483.460278][   T24] usb 3-1: SerialNumber: syz
[  483.553250][   T24] usb 3-1: config 0 descriptor??
[  483.647698][   T24] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input21
[  483.765140][ T5868] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[  483.787287][ T5868] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  483.867392][ T5868] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  483.980342][T11092] netlink: 'syz.4.1256': attribute type 1 has an invalid length.
[  484.055796][ T5868] stv0680 4-1:4.0: last error: 0,  command = 0x0
[  484.105632][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.113527][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.133584][ T5868] usb 4-1: USB disconnect, device number 43
[  484.260140][T11092] bond1: entered promiscuous mode
[  484.288960][T11092] bond1: entered allmulticast mode
[  484.308144][T11098] FAULT_INJECTION: forcing a failure.
[  484.308144][T11098] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.338369][T11092] 8021q: adding VLAN 0 to HW filter on device bond1
[  484.380223][T11098] CPU: 0 UID: 0 PID: 11098 Comm: syz.0.1257 Not tainted syzkaller #0 PREEMPT(full) 
[  484.380243][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  484.380250][T11098] Call Trace:
[  484.380255][T11098]  <TASK>
[  484.380260][T11098]  dump_stack_lvl+0x189/0x250
[  484.380280][T11098]  ? __pfx____ratelimit+0x10/0x10
[  484.380294][T11098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.380306][T11098]  ? __pfx__printk+0x10/0x10
[  484.380317][T11098]  ? __might_fault+0xb0/0x130
[  484.380335][T11098]  should_fail_ex+0x414/0x560
[  484.380353][T11098]  _copy_from_user+0x2d/0xb0
[  484.380367][T11098]  get_compat_msghdr+0xad/0x4a0
[  484.380381][T11098]  ? __pfx_get_compat_msghdr+0x10/0x10
[  484.380397][T11098]  ___sys_sendmsg+0x193/0x2a0
[  484.380410][T11098]  ? __pfx____sys_sendmsg+0x10/0x10
[  484.380438][T11098]  ? __fget_files+0x2a/0x420
[  484.380447][T11098]  ? __fget_files+0x3a0/0x420
[  484.380462][T11098]  __sys_sendmsg+0x164/0x220
[  484.380475][T11098]  ? __pfx___sys_sendmsg+0x10/0x10
[  484.380490][T11098]  ? __pfx_ksys_write+0x10/0x10
[  484.380505][T11098]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  484.380520][T11098]  ? lockdep_hardirqs_on+0x9c/0x150
[  484.380534][T11098]  __do_fast_syscall_32+0xb6/0x2b0
[  484.380548][T11098]  ? lockdep_hardirqs_on+0x9c/0x150
[  484.380563][T11098]  do_fast_syscall_32+0x34/0x80
[  484.380576][T11098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  484.380588][T11098] RIP: 0023:0xf70fd539
[  484.380597][T11098] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  484.380607][T11098] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  484.380618][T11098] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  484.380626][T11098] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  484.380632][T11098] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  484.380638][T11098] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  484.380644][T11098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  484.380659][T11098]  </TASK>
[  485.192563][T11104] loop6: detected capacity change from 0 to 524287999
[  485.608861][ T5868] usb 3-1: USB disconnect, device number 48
[  486.014385][T11107] cifs: Unknown parameter 'f'
[  486.070092][T11109] netlink: 'syz.2.1261': attribute type 15 has an invalid length.
[  486.157971][ T5916] usb 2-1: USB disconnect, device number 39
[  486.570672][T11117] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1264'.
[  486.656066][T11120] vxcan1: entered allmulticast mode
[  486.944768][T11121] loop6: detected capacity change from 0 to 524287999
[  487.295934][T11120] netlink: 'syz.2.1265': attribute type 9 has an invalid length.
[  487.356465][T11120] netlink: 'syz.2.1265': attribute type 11 has an invalid length.
[  487.713910][T11120] netlink: 'syz.2.1265': attribute type 12 has an invalid length.
[  487.723862][T11120] netlink: 210060 bytes leftover after parsing attributes in process `syz.2.1265'.
[  487.742247][T11120] openvswitch: netlink: Message has 4 unknown bytes.
[  488.659814][T11146] support for the xor transformation has been removed.
[  488.680326][T11148] FAULT_INJECTION: forcing a failure.
[  488.680326][T11148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  488.762287][T11148] CPU: 1 UID: 0 PID: 11148 Comm: syz.0.1271 Not tainted syzkaller #0 PREEMPT(full) 
[  488.762321][T11148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  488.762332][T11148] Call Trace:
[  488.762340][T11148]  <TASK>
[  488.762348][T11148]  dump_stack_lvl+0x189/0x250
[  488.762377][T11148]  ? __pfx____ratelimit+0x10/0x10
[  488.762399][T11148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.762420][T11148]  ? __pfx__printk+0x10/0x10
[  488.762438][T11148]  ? __might_fault+0xb0/0x130
[  488.762471][T11148]  should_fail_ex+0x414/0x560
[  488.762500][T11148]  _copy_from_user+0x2d/0xb0
[  488.762522][T11148]  get_compat_msghdr+0xad/0x4a0
[  488.762546][T11148]  ? __pfx_get_compat_msghdr+0x10/0x10
[  488.762576][T11148]  ___sys_sendmsg+0x193/0x2a0
[  488.762598][T11148]  ? __pfx____sys_sendmsg+0x10/0x10
[  488.762650][T11148]  ? __fget_files+0x2a/0x420
[  488.762666][T11148]  ? __fget_files+0x3a0/0x420
[  488.762692][T11148]  __sys_sendmsg+0x164/0x220
[  488.762712][T11148]  ? __pfx___sys_sendmsg+0x10/0x10
[  488.762740][T11148]  ? __pfx_ksys_write+0x10/0x10
[  488.762766][T11148]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  488.762792][T11148]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.762818][T11148]  __do_fast_syscall_32+0xb6/0x2b0
[  488.762843][T11148]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.762869][T11148]  do_fast_syscall_32+0x34/0x80
[  488.762893][T11148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  488.762913][T11148] RIP: 0023:0xf70fd539
[  488.762929][T11148] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  488.762944][T11148] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  488.762963][T11148] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800005c0
[  488.762976][T11148] RDX: 0000000000004045 RSI: 0000000000000000 RDI: 0000000000000000
[  488.762987][T11148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  488.762998][T11148] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  488.763009][T11148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  488.763036][T11148]  </TASK>
[  489.802227][ T5921] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  489.994089][ T5921] usb 2-1: config 0 has no interfaces?
[  490.001362][ T5921] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  490.010925][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.020159][ T5921] usb 2-1: Product: syz
[  490.029104][ T5921] usb 2-1: Manufacturer: syz
[  490.043445][ T5921] usb 2-1: SerialNumber: syz
[  490.079274][ T5921] usb 2-1: config 0 descriptor??
[  490.349809][T11181] FAULT_INJECTION: forcing a failure.
[  490.349809][T11181] name failslab, interval 1, probability 0, space 0, times 0
[  490.392551][T11181] CPU: 0 UID: 0 PID: 11181 Comm: syz.2.1280 Not tainted syzkaller #0 PREEMPT(full) 
[  490.392567][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  490.392573][T11181] Call Trace:
[  490.392578][T11181]  <TASK>
[  490.392583][T11181]  dump_stack_lvl+0x189/0x250
[  490.392601][T11181]  ? __pfx____ratelimit+0x10/0x10
[  490.392615][T11181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.392628][T11181]  ? __pfx__printk+0x10/0x10
[  490.392641][T11181]  ? __pfx___might_resched+0x10/0x10
[  490.392654][T11181]  should_fail_ex+0x414/0x560
[  490.392672][T11181]  should_failslab+0xa8/0x100
[  490.392683][T11181]  __kmalloc_noprof+0xcb/0x7f0
[  490.392700][T11181]  ? kfree+0x4d/0x6d0
[  490.392710][T11181]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  490.392728][T11181]  tomoyo_realpath_from_path+0xe3/0x5d0
[  490.392743][T11181]  ? tomoyo_domain+0xd9/0x130
[  490.392755][T11181]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  490.392767][T11181]  tomoyo_path_number_perm+0x1e8/0x5a0
[  490.392781][T11181]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  490.392802][T11181]  ? __lock_acquire+0xab9/0xd20
[  490.392822][T11181]  ? __fget_files+0x2a/0x420
[  490.392834][T11181]  ? __fget_files+0x3a0/0x420
[  490.392843][T11181]  ? __fget_files+0x2a/0x420
[  490.392854][T11181]  security_file_ioctl_compat+0xcb/0x2d0
[  490.392874][T11181]  __ia32_compat_sys_ioctl+0x128/0x840
[  490.392889][T11181]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  490.392902][T11181]  ? __fget_files+0x3a0/0x420
[  490.392914][T11181]  ? fput+0xa0/0xd0
[  490.392926][T11181]  ? ksys_write+0x22a/0x250
[  490.392940][T11181]  ? __pfx_ksys_write+0x10/0x10
[  490.392954][T11181]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  490.392969][T11181]  ? lockdep_hardirqs_on+0x9c/0x150
[  490.392984][T11181]  __do_fast_syscall_32+0xb6/0x2b0
[  490.392998][T11181]  ? lockdep_hardirqs_on+0x9c/0x150
[  490.393013][T11181]  do_fast_syscall_32+0x34/0x80
[  490.393026][T11181]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  490.393038][T11181] RIP: 0023:0xf702d539
[  490.393048][T11181] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  490.393057][T11181] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  490.393068][T11181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0606610
[  490.393076][T11181] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  490.393082][T11181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  490.393088][T11181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  490.393094][T11181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  490.393109][T11181]  </TASK>
[  490.396666][T11181] ERROR: Out of memory at tomoyo_realpath_from_path.
[  490.733143][ T5921] usb 2-1: USB disconnect, device number 40
[  491.106888][T11183] loop7: detected capacity change from 0 to 7
[  491.155758][T11184] netlink: 'syz.4.1281': attribute type 2 has an invalid length.
[  491.326239][T11184] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1281'.
[  491.470705][T11183] Dev loop7: unable to read RDB block 7
[  491.572353][T11183]  loop7: unable to read partition table
[  491.592381][T11183] loop7: partition table beyond EOD, truncated
[  491.624091][T11183] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  491.892606][   T24] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  492.023462][T11197] FAULT_INJECTION: forcing a failure.
[  492.023462][T11197] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  492.105500][T11197] CPU: 0 UID: 0 PID: 11197 Comm: syz.0.1285 Not tainted syzkaller #0 PREEMPT(full) 
[  492.105524][T11197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  492.105533][T11197] Call Trace:
[  492.105540][T11197]  <TASK>
[  492.105547][T11197]  dump_stack_lvl+0x189/0x250
[  492.105573][T11197]  ? __pfx____ratelimit+0x10/0x10
[  492.105595][T11197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  492.105616][T11197]  ? __pfx__printk+0x10/0x10
[  492.105634][T11197]  ? __might_fault+0xb0/0x130
[  492.105666][T11197]  should_fail_ex+0x414/0x560
[  492.105694][T11197]  _copy_from_user+0x2d/0xb0
[  492.105723][T11197]  get_compat_msghdr+0xad/0x4a0
[  492.105747][T11197]  ? __pfx_get_compat_msghdr+0x10/0x10
[  492.105775][T11197]  ___sys_sendmsg+0x193/0x2a0
[  492.105797][T11197]  ? __pfx____sys_sendmsg+0x10/0x10
[  492.105846][T11197]  ? __fget_files+0x2a/0x420
[  492.105861][T11197]  ? __fget_files+0x3a0/0x420
[  492.105886][T11197]  __sys_sendmsg+0x164/0x220
[  492.105907][T11197]  ? __pfx___sys_sendmsg+0x10/0x10
[  492.105935][T11197]  ? __pfx_ksys_write+0x10/0x10
[  492.105960][T11197]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  492.105984][T11197]  ? lockdep_hardirqs_on+0x9c/0x150
[  492.106008][T11197]  __do_fast_syscall_32+0xb6/0x2b0
[  492.106032][T11197]  ? lockdep_hardirqs_on+0x9c/0x150
[  492.106059][T11197]  do_fast_syscall_32+0x34/0x80
[  492.106079][T11197]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  492.106099][T11197] RIP: 0023:0xf70fd539
[  492.106115][T11197] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  492.106128][T11197] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  492.106146][T11197] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000440
[  492.106158][T11197] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  492.106168][T11197] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  492.106178][T11197] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  492.106189][T11197] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  492.106218][T11197]  </TASK>
[  492.366384][   T24] usb 3-1: config 0 has no interfaces?
[  492.376064][   T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  492.562264][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.575028][   T24] usb 3-1: Product: syz
[  492.661399][   T24] usb 3-1: Manufacturer: syz
[  492.704314][   T24] usb 3-1: SerialNumber: syz
[  492.733553][   T24] usb 3-1: config 0 descriptor??
[  493.234358][T11208] netlink: 'syz.0.1288': attribute type 9 has an invalid length.
[  493.242223][T11208] netlink: 'syz.0.1288': attribute type 11 has an invalid length.
[  493.250065][T11208] netlink: 'syz.0.1288': attribute type 12 has an invalid length.
[  493.306821][T11211] xt_connbytes: Forcing CT accounting to be enabled
[  493.313760][T11208] netlink: 210060 bytes leftover after parsing attributes in process `syz.0.1288'.
[  493.334059][T11208] openvswitch: netlink: Message has 4 unknown bytes.
[  493.622899][   T24] usb 5-1: new low-speed USB device number 47 using dummy_hcd
[  493.782238][   T24] usb 5-1: Invalid ep0 maxpacket: 32
[  493.842318][ T5921] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  493.954576][   T24] usb 5-1: new low-speed USB device number 48 using dummy_hcd
[  494.014082][ T5921] usb 4-1: not running at top speed; connect to a high speed hub
[  494.027392][ T5921] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  494.046156][ T5921] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  494.168426][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.219578][ T5921] usb 4-1: Product: syz
[  494.230962][ T5921] usb 4-1: Manufacturer: syz
[  494.235922][ T5921] usb 4-1: SerialNumber: syz
[  494.251363][   T24] usb 5-1: Invalid ep0 maxpacket: 32
[  494.262882][   T24] usb usb5-port1: attempt power cycle
[  494.277074][ T5921] usb 4-1: bad CDC descriptors
[  494.452204][ T5942] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  494.522308][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1290'.
[  494.574308][T11230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.597505][T11230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.613150][ T5921] usb 3-1: USB disconnect, device number 49
[  494.633767][   T24] usb 5-1: new low-speed USB device number 49 using dummy_hcd
[  494.651208][ T5942] usb 2-1: unable to get BOS descriptor or descriptor too short
[  494.694380][   T24] usb 5-1: Invalid ep0 maxpacket: 32
[  494.729952][ T5942] usb 2-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  494.769966][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.817691][ T5942] usb 2-1: Product: syz
[  494.851750][ T5888] usb 4-1: USB disconnect, device number 44
[  494.857760][   T24] usb 5-1: new low-speed USB device number 50 using dummy_hcd
[  494.904134][   T24] usb 5-1: Invalid ep0 maxpacket: 32
[  494.919865][ T5942] usb 2-1: Manufacturer: syz
[  494.926230][   T24] usb usb5-port1: unable to enumerate USB device
[  494.947870][ T5942] usb 2-1: SerialNumber: syz
[  495.022329][T11238] loop6: detected capacity change from 0 to 524287999
[  496.292169][ T5888] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  496.508276][ T5888] usb 1-1: config 0 has no interfaces?
[  496.522657][ T5888] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  496.537344][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.561470][ T5888] usb 1-1: Product: syz
[  496.578516][ T5888] usb 1-1: Manufacturer: syz
[  496.629862][ T5888] usb 1-1: SerialNumber: syz
[  496.697511][ T5888] usb 1-1: config 0 descriptor??
[  496.970638][ T5942] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  497.054592][ T5942] snd-usb-audio 2-1:8.0: probe with driver snd-usb-audio failed with error -2
[  497.092554][   T24] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  497.123802][T11256] trusted_key: syz.4.1298 sent an empty control message without MSG_MORE.
[  497.140161][ T5942] usb 2-1: USB disconnect, device number 41
[  497.161094][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  497.322268][   T24] usb 3-1: Using ep0 maxpacket: 32
[  497.337127][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  497.359268][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  497.382679][   T24] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  497.392199][ T5921] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  497.411579][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.427301][   T24] usb 3-1: config 0 descriptor??
[  497.544748][ T5921] usb 5-1: Using ep0 maxpacket: 32
[  497.566339][ T5921] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  497.602024][ T5921] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  497.697299][ T5921] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  497.752444][ T5921] usb 5-1: config 1 has no interface number 0
[  497.800678][ T5921] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  497.816712][ T5921] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  497.831470][ T5921] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  497.840757][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.877759][ T5921] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  497.918879][   T24] ft260 0003:0403:6030.000E: unknown main item tag 0x7
[  498.079236][ T5921] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  498.388298][ T5921] usb 1-1: USB disconnect, device number 56
[  498.523296][T11271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.536827][T11273] vxcan1: entered allmulticast mode
[  498.543293][T11271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.914019][T11279] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  499.405381][ T5921] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  499.463884][T11284] netlink: 'syz.1.1302': attribute type 9 has an invalid length.
[  499.491490][T11284] netlink: 'syz.1.1302': attribute type 11 has an invalid length.
[  499.509262][T11284] netlink: 'syz.1.1302': attribute type 12 has an invalid length.
[  499.518543][T11284] netlink: 210060 bytes leftover after parsing attributes in process `syz.1.1302'.
[  499.530502][T11284] openvswitch: netlink: Message has 4 unknown bytes.
[  500.185092][T11295] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1305'.
[  500.272647][  T938] usb 5-1: USB disconnect, device number 51
[  500.279748][  T938] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  500.675425][   T24] ft260 0003:0403:6030.000E: failed to retrieve chip version
[  500.740125][   T24] ft260 0003:0403:6030.000E: probe with driver ft260 failed with error -71
[  500.756679][T11302] FAULT_INJECTION: forcing a failure.
[  500.756679][T11302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  500.784107][T11302] CPU: 0 UID: 0 PID: 11302 Comm: syz.4.1306 Not tainted syzkaller #0 PREEMPT(full) 
[  500.784133][T11302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  500.784142][T11302] Call Trace:
[  500.784150][T11302]  <TASK>
[  500.784158][T11302]  dump_stack_lvl+0x189/0x250
[  500.784184][T11302]  ? __pfx____ratelimit+0x10/0x10
[  500.784205][T11302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  500.784224][T11302]  ? __pfx__printk+0x10/0x10
[  500.784241][T11302]  ? __might_fault+0xb0/0x130
[  500.784271][T11302]  should_fail_ex+0x414/0x560
[  500.784289][T11302]  _copy_from_user+0x2d/0xb0
[  500.784302][T11302]  get_compat_msghdr+0xad/0x4a0
[  500.784316][T11302]  ? __pfx_get_compat_msghdr+0x10/0x10
[  500.784333][T11302]  ___sys_sendmsg+0x193/0x2a0
[  500.784345][T11302]  ? __pfx____sys_sendmsg+0x10/0x10
[  500.784373][T11302]  ? __fget_files+0x2a/0x420
[  500.784382][T11302]  ? __fget_files+0x3a0/0x420
[  500.784396][T11302]  __sys_sendmsg+0x164/0x220
[  500.784407][T11302]  ? __pfx___sys_sendmsg+0x10/0x10
[  500.784422][T11302]  ? __pfx_ksys_write+0x10/0x10
[  500.784437][T11302]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  500.784452][T11302]  ? lockdep_hardirqs_on+0x9c/0x150
[  500.784466][T11302]  __do_fast_syscall_32+0xb6/0x2b0
[  500.784480][T11302]  ? lockdep_hardirqs_on+0x9c/0x150
[  500.784495][T11302]  do_fast_syscall_32+0x34/0x80
[  500.784508][T11302]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  500.784520][T11302] RIP: 0023:0xf7f44539
[  500.784530][T11302] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  500.784539][T11302] RSP: 002b:00000000f53f455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  500.784551][T11302] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000040
[  500.784558][T11302] RDX: 0000000020004000 RSI: 0000000000000000 RDI: 0000000000000000
[  500.784564][T11302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  500.784569][T11302] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  500.784575][T11302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  500.784590][T11302]  </TASK>
[  501.004231][   T24] usb 3-1: USB disconnect, device number 50
[  501.575623][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.592820][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  503.904606][   T24] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  503.967463][T11341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1314'.
[  503.979039][T11341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1314'.
[  503.988525][T11341] netlink: 'syz.0.1314': attribute type 6 has an invalid length.
[  504.134696][   T24] usb 2-1: config 0 has no interfaces?
[  504.145495][   T24] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  504.156635][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.171642][   T24] usb 2-1: Product: syz
[  504.181078][T11341] netlink: 'syz.0.1314': attribute type 5 has an invalid length.
[  504.236997][T11345] input: syz0 as /devices/virtual/input/input22
[  504.283901][   T24] usb 2-1: Manufacturer: syz
[  504.288733][   T24] usb 2-1: SerialNumber: syz
[  504.343072][   T24] usb 2-1: config 0 descriptor??
[  504.651365][ T5921] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  504.842344][ T5921] usb 4-1: Using ep0 maxpacket: 8
[  504.978312][ T5921] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  504.988887][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.001926][ T5921] usb 4-1: Product: syz
[  505.037958][ T5921] usb 4-1: Manufacturer: syz
[  505.088830][ T5921] usb 4-1: SerialNumber: syz
[  505.167097][ T5921] usb 4-1: config 0 descriptor??
[  505.191511][ T5921] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  505.925345][ T5916] usb 2-1: USB disconnect, device number 42
[  506.200167][T11362] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1319'.
[  506.982191][ T5921] gspca_sonixj: i2c_w8 err -110
[  507.063824][ T5921] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  507.104112][T11373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1321'.
[  507.742325][ T5921] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  508.032236][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  508.044823][ T5921] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  508.054980][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.148411][ T5921] usb 2-1: config 0 descriptor??
[  508.421923][ T5921] gspca_main: sonixj-2.14.0 probing 0471:0327
[  509.866914][    T9] usb 4-1: USB disconnect, device number 45
[  510.122643][ T5921] gspca_sonixj: i2c_w8 err -71
[  510.142426][ T5921] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  510.169613][ T5921] usb 2-1: USB disconnect, device number 43
[  511.132237][ T5888] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  511.474401][ T5888] usb 4-1: unable to get BOS descriptor or descriptor too short
[  511.598870][ T5888] usb 4-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  511.609980][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.618102][ T5888] usb 4-1: Product: syz
[  512.030346][ T5888] usb 4-1: Manufacturer: syz
[  512.049531][ T5888] usb 4-1: SerialNumber: syz
[  512.187713][T11425] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  512.226343][T11425] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  512.602606][T11433] netlink: 'syz.0.1332': attribute type 9 has an invalid length.
[  512.622202][T11433] netlink: 'syz.0.1332': attribute type 11 has an invalid length.
[  512.630057][T11433] netlink: 'syz.0.1332': attribute type 12 has an invalid length.
[  512.666968][T11433] netlink: 210060 bytes leftover after parsing attributes in process `syz.0.1332'.
[  512.737502][T11433] openvswitch: netlink: Message has 4 unknown bytes.
[  512.962199][   T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  513.000916][T11439] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  513.153381][   T24] usb 2-1: Using ep0 maxpacket: 16
[  513.168143][   T24] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  513.186090][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.215594][   T24] usb 2-1: Product: syz
[  513.235587][   T24] usb 2-1: Manufacturer: syz
[  513.246110][   T24] usb 2-1: SerialNumber: syz
[  513.259924][   T24] usb 2-1: config 0 descriptor??
[  513.278541][   T24] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  513.389978][ T5888] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  513.462881][ T5888] snd-usb-audio 4-1:8.0: probe with driver snd-usb-audio failed with error -2
[  513.490718][   T24] gp8psk: usb in 128 operation failed.
[  513.514726][ T5888] usb 4-1: USB disconnect, device number 46
[  513.582422][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  514.081952][T11462] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1340'.
[  514.168202][T11462] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1340'.
[  514.182600][T11462] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1340'.
[  515.480684][   T24] gp8psk: usb in 137 operation failed.
[  515.548005][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  516.012993][   T24] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  516.022582][   T24] usb 2-1: media controller created
[  516.060354][T11476] netlink: 'syz.2.1344': attribute type 27 has an invalid length.
[  516.060706][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  516.185837][   T24] gp8psk_fe: Frontend revision 1 attached
[  516.198975][   T24] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  516.225374][   T24] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  516.318441][T11476] bridge0: port 2(bridge_slave_1) entered disabled state
[  516.325898][T11476] bridge0: port 1(bridge_slave_0) entered disabled state
[  516.381910][T11476] team_slave_0: left promiscuous mode
[  516.475140][T11476] team_slave_1: left promiscuous mode
[  516.483416][   T24] gp8psk: usb in 138 operation failed.
[  516.489062][   T24] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  516.624002][T11476] vxcan1: left allmulticast mode
[  516.661746][   T24] gp8psk: found Genpix USB device pID = 201 (hex)
[  516.674170][   T24] usb 2-1: USB disconnect, device number 44
[  516.723690][T11484] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1346'.
[  516.942549][T11476] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  516.973065][   T24] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  517.030351][T11476] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[  517.971055][T11476] macvtap1: left promiscuous mode
[  517.999656][T11476] macvtap1: left allmulticast mode
[  518.173023][T11476] bond1: left promiscuous mode
[  518.177935][T11476] bond1: left allmulticast mode
[  518.248595][T11476] vlan0: left allmulticast mode
[  518.259653][T11476] veth1: left allmulticast mode
[  518.404875][T11476] bond4: left promiscuous mode
[  518.409795][T11476] bond4: left allmulticast mode
[  518.416191][T11476] bridge1: left promiscuous mode
[  518.422256][T11476] bridge1: left allmulticast mode
[  518.445780][ T2913] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  518.458298][ T2913] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  518.487698][ T2913] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  518.515385][ T2913] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  519.224868][T11513] netlink: 'syz.3.1352': attribute type 9 has an invalid length.
[  519.249534][T11514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1353'.
[  519.368458][T11513] netlink: 'syz.3.1352': attribute type 11 has an invalid length.
[  519.388486][T11513] netlink: 'syz.3.1352': attribute type 12 has an invalid length.
[  519.399573][T11513] netlink: 210060 bytes leftover after parsing attributes in process `syz.3.1352'.
[  519.416139][T11513] openvswitch: netlink: Message has 4 unknown bytes.
[  520.250718][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1357'.
[  520.288181][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1357'.
[  520.591081][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1357'.
[  520.731674][T11541] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1358'.
[  520.838847][T11541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1358'.
[  520.854355][T11541] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1358'.
[  521.010239][T11545] netlink: 'syz.1.1360': attribute type 21 has an invalid length.
[  521.713340][T11550] bridge_slave_0: left allmulticast mode
[  521.719188][T11550] bridge_slave_0: left promiscuous mode
[  521.726611][T11550] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.745508][T11550] bridge_slave_1: left allmulticast mode
[  521.751503][T11550] bridge_slave_1: left promiscuous mode
[  521.760061][T11550] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.140972][T11550] bond0: (slave bond_slave_0): Releasing backup interface
[  522.172411][T11550] bond0: (slave bond_slave_1): Releasing backup interface
[  522.189496][T11556] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1362'.
[  522.290179][T11550] team0: Port device team_slave_0 removed
[  522.352507][    T9] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  522.380416][T11550] team0: Port device team_slave_1 removed
[  522.445018][T11550] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  522.464554][T11550] batman_adv: batadv0: Removing interface: batadv_slave_0
[  522.473322][T11550] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  522.481028][T11550] batman_adv: batadv0: Removing interface: batadv_slave_1
[  522.494380][T11550] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  522.652476][    T9] usb 2-1: Using ep0 maxpacket: 16
[  522.839691][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  522.868799][    T9] usb 2-1: config 9 has an invalid interface number: 177 but max is 0
[  522.893206][    T9] usb 2-1: config 9 has no interface number 0
[  523.143091][    T9] usb 2-1: config 9 interface 177 altsetting 127 bulk endpoint 0x9 has invalid maxpacket 1023
[  523.185067][    T9] usb 2-1: config 9 interface 177 altsetting 127 endpoint 0xA has an invalid bInterval 179, changing to 11
[  523.197844][    T9] usb 2-1: config 9 interface 177 altsetting 127 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  523.221254][T11565] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1365'.
[  523.285404][    T9] usb 2-1: config 9 interface 177 has no altsetting 0
[  523.338627][    T9] usb 2-1: New USB device found, idVendor=2ef5, idProduct=000a, bcdDevice=34.cb
[  523.369263][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.389219][    T9] usb 2-1: Product: syz
[  523.403280][    T9] usb 2-1: Manufacturer: syz
[  523.435670][    T9] usb 2-1: SerialNumber: syz
[  523.476208][T11554] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  523.542254][ T5916] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  523.721832][ T5916] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  523.740829][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.743500][T11550] batman_adv: batadv0: Adding interface: bond0
[  523.762204][ T5916] usb 5-1: Product: syz
[  523.768722][ T5916] usb 5-1: Manufacturer: syz
[  523.768746][T11550] batman_adv: batadv0: The MTU of interface bond0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  523.782506][ T5916] usb 5-1: SerialNumber: syz
[  523.802971][T11550] batman_adv: batadv0: Not using interface bond0 (retrying later): interface not active
[  523.816404][T11554] netlink: 'syz.1.1361': attribute type 10 has an invalid length.
[  523.858692][T11554] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  523.894216][T11550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.909740][T11550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.454538][ T5916] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  524.466780][ T5916] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  524.481973][ T5916] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  524.494820][ T5916] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  525.001864][T11553] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  525.009006][T11553] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  525.025153][T11553] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  525.037566][T11553] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  525.097207][T11553] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  525.113241][T11553] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  525.146673][T11553] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  525.161056][T11553] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  526.907755][T11649] FAULT_INJECTION: forcing a failure.
[  526.907755][T11649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  526.921215][T11649] CPU: 0 UID: 0 PID: 11649 Comm: syz.0.1371 Not tainted syzkaller #0 PREEMPT(full) 
[  526.921239][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  526.921251][T11649] Call Trace:
[  526.921259][T11649]  <TASK>
[  526.921268][T11649]  dump_stack_lvl+0x189/0x250
[  526.921300][T11649]  ? __pfx____ratelimit+0x10/0x10
[  526.921323][T11649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  526.921346][T11649]  ? __pfx__printk+0x10/0x10
[  526.921365][T11649]  ? __might_fault+0xb0/0x130
[  526.921399][T11649]  should_fail_ex+0x414/0x560
[  526.921429][T11649]  _copy_from_user+0x2d/0xb0
[  526.921452][T11649]  get_compat_msghdr+0xad/0x4a0
[  526.921477][T11649]  ? __pfx_get_compat_msghdr+0x10/0x10
[  526.921498][T11649]  ? ___sys_sendmsg+0x22f/0x2a0
[  526.921516][T11649]  ? kfree+0x4d/0x6d0
[  526.921551][T11649]  ___sys_sendmsg+0x193/0x2a0
[  526.921572][T11649]  ? __pfx____sys_sendmsg+0x10/0x10
[  526.921592][T11649]  ? do_user_addr_fault+0xbbc/0x1380
[  526.921654][T11649]  __sys_sendmmsg+0x28e/0x430
[  526.921679][T11649]  ? __pfx___sys_sendmmsg+0x10/0x10
[  526.921696][T11649]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  526.921745][T11649]  ? ksys_write+0x22a/0x250
[  526.921771][T11649]  ? __pfx_ksys_write+0x10/0x10
[  526.921800][T11649]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  526.921822][T11649]  __do_fast_syscall_32+0xb6/0x2b0
[  526.921847][T11649]  ? lockdep_hardirqs_on+0x9c/0x150
[  526.921874][T11649]  do_fast_syscall_32+0x34/0x80
[  526.921898][T11649]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  526.921920][T11649] RIP: 0023:0xf70fd539
[  526.921937][T11649] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  526.921952][T11649] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  526.921973][T11649] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080005240
[  526.921986][T11649] RDX: 0000000004000095 RSI: 0000000000000000 RDI: 0000000000000000
[  526.921997][T11649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  526.922008][T11649] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  526.922019][T11649] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  526.922046][T11649]  </TASK>
[  527.362953][ T5921] usb 5-1: USB disconnect, device number 52
[  527.416312][T11649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1371'.
[  527.612596][ T1211] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  527.921091][ T1211] usb 4-1: unable to get BOS descriptor or descriptor too short
[  527.984931][ T1211] usb 4-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  527.998605][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.087313][ T1211] usb 4-1: Product: syz
[  528.147452][ T1211] usb 4-1: Manufacturer: syz
[  528.196372][ T1211] usb 4-1: SerialNumber: syz
[  528.439465][T11684] gre0: entered allmulticast mode
[  528.472607][T11684] gre0: left allmulticast mode
[  528.535886][    T9] plfxlc 2-1:9.177: Firmware Version: 0
[  528.551342][    T9] plfxlc 2-1:9.177: Unit type is station
[  528.791515][T11693] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1375'.
[  529.879368][ T1211] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  529.965037][ T1211] snd-usb-audio 4-1:8.0: probe with driver snd-usb-audio failed with error -2
[  530.029553][T11706] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  530.057213][ T1211] usb 4-1: USB disconnect, device number 47
[  530.071939][ T8030] udevd[8030]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  530.304215][T11711] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1382'.
[  530.592200][ T5916] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  530.769834][ T5916] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  530.779354][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.818131][ T5916] usb 4-1: Product: syz
[  530.829403][ T5916] usb 4-1: Manufacturer: syz
[  530.835200][ T5916] usb 4-1: SerialNumber: syz
[  531.568384][T11716] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1383'.
[  531.578809][T11716] unsupported nlmsg_type 40
[  531.586632][T11716] netlink: 'syz.4.1383': attribute type 4 has an invalid length.
[  531.597584][T11716] netlink: 'syz.4.1383': attribute type 4 has an invalid length.
[  531.750006][ T5916] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  531.761973][ T5916] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  531.771899][ T5916] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  531.782284][ T5916] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[  531.862690][ T5921] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  532.013121][ T5921] usb 5-1: Using ep0 maxpacket: 8
[  532.019689][ T5921] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  532.027207][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  532.038565][ T5921] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  532.050373][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  532.061581][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  532.073508][ T5921] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  532.080949][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  532.092469][ T5921] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  532.104466][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  532.115972][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  532.127527][ T5921] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  532.134993][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  532.146266][ T5921] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  532.157969][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  532.169028][ T5921] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  532.181875][ T5921] usb 5-1: string descriptor 0 read error: -22
[  532.188485][ T5921] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  532.197602][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.216023][ T5921] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  533.487353][T11727] FAULT_INJECTION: forcing a failure.
[  533.487353][T11727] name failslab, interval 1, probability 0, space 0, times 0
[  533.500534][T11727] CPU: 0 UID: 0 PID: 11727 Comm: syz.0.1386 Not tainted syzkaller #0 PREEMPT(full) 
[  533.500560][T11727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  533.500571][T11727] Call Trace:
[  533.500578][T11727]  <TASK>
[  533.500587][T11727]  dump_stack_lvl+0x189/0x250
[  533.500612][T11727]  ? __pfx____ratelimit+0x10/0x10
[  533.500635][T11727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  533.500656][T11727]  ? __pfx__printk+0x10/0x10
[  533.500676][T11727]  ? __pfx___might_resched+0x10/0x10
[  533.500698][T11727]  should_fail_ex+0x414/0x560
[  533.500725][T11727]  should_failslab+0xa8/0x100
[  533.500746][T11727]  kmem_cache_alloc_node_noprof+0x77/0x710
[  533.500768][T11727]  ? __alloc_skb+0x112/0x2d0
[  533.500781][T11727]  ? __pfx_nf_tables_abort+0x10/0x10
[  533.500802][T11727]  __alloc_skb+0x112/0x2d0
[  533.500823][T11727]  netlink_ack+0x146/0xa50
[  533.500860][T11727]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  533.500891][T11727]  nfnetlink_rcv+0x2309/0x2590
[  533.500945][T11727]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  533.500982][T11727]  ? ref_tracker_free+0x63a/0x7d0
[  533.501023][T11727]  ? __netlink_deliver_tap+0x807/0x850
[  533.501040][T11727]  ? netlink_deliver_tap+0x2e/0x1b0
[  533.501072][T11727]  netlink_unicast+0x82f/0x9e0
[  533.501103][T11727]  ? __pfx_netlink_unicast+0x10/0x10
[  533.501128][T11727]  ? netlink_sendmsg+0x642/0xb30
[  533.501144][T11727]  ? skb_put+0x11b/0x210
[  533.501165][T11727]  netlink_sendmsg+0x805/0xb30
[  533.501190][T11727]  ? __pfx_netlink_sendmsg+0x10/0x10
[  533.501208][T11727]  ? __import_iovec+0x5d4/0x7f0
[  533.501225][T11727]  ? aa_sock_msg_perm+0xf1/0x1d0
[  533.501250][T11727]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  533.501268][T11727]  ? __pfx_netlink_sendmsg+0x10/0x10
[  533.501285][T11727]  __sock_sendmsg+0x21c/0x270
[  533.501311][T11727]  ____sys_sendmsg+0x505/0x830
[  533.501335][T11727]  ? __pfx_____sys_sendmsg+0x10/0x10
[  533.501368][T11727]  ___sys_sendmsg+0x21f/0x2a0
[  533.501389][T11727]  ? __pfx____sys_sendmsg+0x10/0x10
[  533.501442][T11727]  ? __fget_files+0x2a/0x420
[  533.501458][T11727]  ? __fget_files+0x3a0/0x420
[  533.501484][T11727]  __sys_sendmsg+0x164/0x220
[  533.501506][T11727]  ? __pfx___sys_sendmsg+0x10/0x10
[  533.501534][T11727]  ? __pfx_ksys_write+0x10/0x10
[  533.501559][T11727]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  533.501585][T11727]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.501610][T11727]  __do_fast_syscall_32+0xb6/0x2b0
[  533.501634][T11727]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.501660][T11727]  do_fast_syscall_32+0x34/0x80
[  533.501684][T11727]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  533.501704][T11727] RIP: 0023:0xf70fd539
[  533.501721][T11727] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  533.501736][T11727] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  533.501757][T11727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  533.501769][T11727] RDX: 000000000400c040 RSI: 0000000000000000 RDI: 0000000000000000
[  533.501780][T11727] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  533.501791][T11727] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  533.501801][T11727] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  533.501829][T11727]  </TASK>
[  533.882801][T11729] netlink: 'syz.0.1387': attribute type 10 has an invalid length.
[  533.890681][T11729] team0: Device dummy0 is up. Set it down before adding it as a team port
[  533.948226][T11731] binder: 11730:11731 ioctl c0306201 80000640 returned -22
[  534.241706][ T1211] usb 4-1: USB disconnect, device number 48
[  534.568911][  T938] usb 5-1: USB disconnect, device number 53
[  535.042203][ T1211] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  535.280480][ T1211] usb 4-1: unable to get BOS descriptor or descriptor too short
[  535.356401][ T1211] usb 4-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13
[  535.389108][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.412265][ T1211] usb 4-1: Product: syz
[  535.451492][ T1211] usb 4-1: Manufacturer: syz
[  535.461698][ T1211] usb 4-1: SerialNumber: syz
[  535.582185][ T5889] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  535.889289][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short
[  535.899975][ T5889] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  535.910855][ T5889] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  535.928050][ T5889] usb 5-1: config 1 interface 1 has no altsetting 0
[  535.945335][ T5889] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  535.954770][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.964073][ T5889] usb 5-1: Product: syz
[  535.969544][ T5889] usb 5-1: Manufacturer: syz
[  535.978373][ T5889] usb 5-1: SerialNumber: syz
[  538.051020][ T1211] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  538.343427][ T1211] snd-usb-audio 4-1:8.0: probe with driver snd-usb-audio failed with error -2
[  538.383594][ T5889] usb 5-1: USB disconnect, device number 54
[  538.387533][ T1211] usb 4-1: USB disconnect, device number 49
[  538.450305][ T8030] udevd[8030]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  538.507462][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  539.052587][ T1211] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  539.366104][ T1211] usb 4-1: Using ep0 maxpacket: 16
[  539.399110][ T1211] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  539.428020][ T1211] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  539.442172][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.473416][ T1211] usb 4-1: config 0 descriptor??
[  539.565928][T11779] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1400'.
[  539.852152][   T24] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  540.016652][   T24] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  540.026257][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.034347][   T24] usb 5-1: Product: syz
[  540.038607][   T24] usb 5-1: Manufacturer: syz
[  540.043326][   T24] usb 5-1: SerialNumber: syz
[  540.661716][   T24] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  540.678868][   T24] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  540.690288][   T24] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  540.751618][   T24] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  541.701929][ T1211] usbhid 4-1:0.0: can't add hid device: -71
[  541.738647][ T1211] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  541.776895][ T1211] usb 4-1: USB disconnect, device number 50
[  542.412428][ T1211] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  542.520097][T11800] FAULT_INJECTION: forcing a failure.
[  542.520097][T11800] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  542.534810][T11800] CPU: 0 UID: 0 PID: 11800 Comm: syz.0.1406 Not tainted syzkaller #0 PREEMPT(full) 
[  542.534833][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  542.534844][T11800] Call Trace:
[  542.534853][T11800]  <TASK>
[  542.534860][T11800]  dump_stack_lvl+0x189/0x250
[  542.534886][T11800]  ? __pfx____ratelimit+0x10/0x10
[  542.534909][T11800]  ? __pfx_dump_stack_lvl+0x10/0x10
[  542.534931][T11800]  ? __pfx__printk+0x10/0x10
[  542.534950][T11800]  ? __might_fault+0xb0/0x130
[  542.534993][T11800]  should_fail_ex+0x414/0x560
[  542.535010][T11800]  _copy_from_iter+0x589/0x1790
[  542.535029][T11800]  ? __pfx__copy_from_iter+0x10/0x10
[  542.535045][T11800]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  542.535059][T11800]  skb_copy_datagram_from_iter+0xf5/0x720
[  542.535072][T11800]  ? dev_get_by_index+0x22/0x2e0
[  542.535084][T11800]  ? skb_put+0x11b/0x210
[  542.535096][T11800]  packet_sendmsg+0x3797/0x5080
[  542.535115][T11800]  ? aa_new_mount+0x140/0x810
[  542.535137][T11800]  ? __pfx___might_resched+0x10/0x10
[  542.535156][T11800]  ? __pfx_packet_sendmsg+0x10/0x10
[  542.535168][T11800]  ? aa_sk_perm+0x81e/0x950
[  542.535184][T11800]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  542.535200][T11800]  ? __asan_memset+0x22/0x50
[  542.535213][T11800]  ? __import_iovec+0x40e/0x7f0
[  542.535224][T11800]  ? aa_sock_msg_perm+0xf1/0x1d0
[  542.535238][T11800]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  542.535248][T11800]  ? __pfx_packet_sendmsg+0x10/0x10
[  542.535262][T11800]  __sock_sendmsg+0x21c/0x270
[  542.535277][T11800]  ____sys_sendmsg+0x505/0x830
[  542.535290][T11800]  ? __pfx_____sys_sendmsg+0x10/0x10
[  542.535309][T11800]  ___sys_sendmsg+0x21f/0x2a0
[  542.535320][T11800]  ? __pfx____sys_sendmsg+0x10/0x10
[  542.535347][T11800]  ? __fget_files+0x2a/0x420
[  542.535356][T11800]  ? __fget_files+0x3a0/0x420
[  542.535370][T11800]  __sys_sendmsg+0x164/0x220
[  542.535381][T11800]  ? __pfx___sys_sendmsg+0x10/0x10
[  542.535396][T11800]  ? __pfx_ksys_write+0x10/0x10
[  542.535411][T11800]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  542.535426][T11800]  ? lockdep_hardirqs_on+0x9c/0x150
[  542.535440][T11800]  __do_fast_syscall_32+0xb6/0x2b0
[  542.535454][T11800]  ? lockdep_hardirqs_on+0x9c/0x150
[  542.535468][T11800]  do_fast_syscall_32+0x34/0x80
[  542.535482][T11800]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  542.535494][T11800] RIP: 0023:0xf70fd539
[  542.535504][T11800] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  542.535512][T11800] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  542.535524][T11800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  542.535531][T11800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  542.535537][T11800] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  542.535542][T11800] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  542.535548][T11800] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  542.535563][T11800]  </TASK>
[  542.863683][ T1211] usb 4-1: config 0 has no interfaces?
[  542.874076][ T1211] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  542.883369][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.891373][ T1211] usb 4-1: Product: syz
[  542.896109][ T1211] usb 4-1: Manufacturer: syz
[  542.900743][ T1211] usb 4-1: SerialNumber: syz
[  542.908560][ T1211] usb 4-1: config 0 descriptor??
[  542.930782][T11802] syzkaller0: entered promiscuous mode
[  542.936428][T11802] syzkaller0: entered allmulticast mode
[  543.259367][ T1211] usb 5-1: USB disconnect, device number 55
[  543.272397][   T24] usb 4-1: USB disconnect, device number 51
[  544.516658][T11816] netlink: 'syz.3.1410': attribute type 9 has an invalid length.
[  544.527267][T11816] netlink: 'syz.3.1410': attribute type 11 has an invalid length.
[  544.539080][T11816] netlink: 'syz.3.1410': attribute type 12 has an invalid length.
[  544.603619][T11816] netlink: 210060 bytes leftover after parsing attributes in process `syz.3.1410'.
[  544.621238][T11816] openvswitch: netlink: Message has 4 unknown bytes.
[  546.328926][T11843] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1416'.
[  546.592237][ T5921] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  546.606918][T11849] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1419'.
[  546.656392][T11849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1419'.
[  546.755095][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  546.765012][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.782966][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  546.856773][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  546.882228][ T5921] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  546.898511][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.917582][ T5921] usb 5-1: config 0 descriptor??
[  547.031996][T11852] FAULT_INJECTION: forcing a failure.
[  547.031996][T11852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.045879][T11852] CPU: 1 UID: 0 PID: 11852 Comm: syz.3.1420 Not tainted syzkaller #0 PREEMPT(full) 
[  547.045905][T11852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  547.045915][T11852] Call Trace:
[  547.045924][T11852]  <TASK>
[  547.045933][T11852]  dump_stack_lvl+0x189/0x250
[  547.045961][T11852]  ? __pfx____ratelimit+0x10/0x10
[  547.045985][T11852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.046008][T11852]  ? __pfx__printk+0x10/0x10
[  547.046038][T11852]  should_fail_ex+0x414/0x560
[  547.046069][T11852]  _copy_to_user+0x31/0xb0
[  547.046092][T11852]  simple_read_from_buffer+0xe1/0x170
[  547.046123][T11852]  proc_fail_nth_read+0x1b3/0x220
[  547.046148][T11852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  547.046173][T11852]  ? rw_verify_area+0x2a6/0x4d0
[  547.046195][T11852]  ? __lock_acquire+0xab9/0xd20
[  547.046212][T11852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  547.046242][T11852]  vfs_read+0x200/0xa30
[  547.046265][T11852]  ? fdget_pos+0x247/0x320
[  547.046286][T11852]  ? __pfx___mutex_lock+0x10/0x10
[  547.046312][T11852]  ? __pfx_vfs_read+0x10/0x10
[  547.046336][T11852]  ? __fget_files+0x2a/0x420
[  547.046357][T11852]  ? __fget_files+0x3a0/0x420
[  547.046373][T11852]  ? __fget_files+0x2a/0x420
[  547.046397][T11852]  ksys_read+0x145/0x250
[  547.046420][T11852]  ? __pfx_ksys_read+0x10/0x10
[  547.046444][T11852]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  547.046468][T11852]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.046491][T11852]  __do_fast_syscall_32+0xb6/0x2b0
[  547.046518][T11852]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.046546][T11852]  do_fast_syscall_32+0x34/0x80
[  547.046570][T11852]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  547.046591][T11852] RIP: 0023:0xf706d539
[  547.046607][T11852] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  547.046622][T11852] RSP: 002b:00000000f545d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  547.046642][T11852] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f545d620
[  547.046656][T11852] RDX: 000000000000000f RSI: 00000000f7406ff4 RDI: 0000000000000000
[  547.046667][T11852] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  547.046678][T11852] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  547.046690][T11852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  547.046718][T11852]  </TASK>
[  547.348944][T11854] netlink: 212360 bytes leftover after parsing attributes in process `syz.3.1421'.
[  547.582686][ T5921] input: HID 0955:7214 Haptics as /devices/virtual/input/input23
[  547.701687][ T5921] shield 0003:0955:7214.000F: Registered Thunderstrike controller
[  547.715133][ T5921] shield 0003:0955:7214.000F: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  547.770092][T11842] random: crng reseeded on system resumption
[  547.793198][T11842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.807537][T11842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  547.824159][ T5916] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  547.857275][ T5921] usb 5-1: USB disconnect, device number 56
[  547.870012][ T5916] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  547.906423][ T5916] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  547.925383][ T5916] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  549.223645][T11874] netlink: 'syz.4.1427': attribute type 9 has an invalid length.
[  549.241798][T11874] netlink: 'syz.4.1427': attribute type 11 has an invalid length.
[  549.250057][T11874] netlink: 'syz.4.1427': attribute type 12 has an invalid length.
[  549.258581][T11874] netlink: 210060 bytes leftover after parsing attributes in process `syz.4.1427'.
[  549.268695][T11874] openvswitch: netlink: Message has 4 unknown bytes.
[  549.398705][T11878] FAULT_INJECTION: forcing a failure.
[  549.398705][T11878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.411931][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.3.1428 Not tainted syzkaller #0 PREEMPT(full) 
[  549.411956][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  549.411966][T11878] Call Trace:
[  549.411975][T11878]  <TASK>
[  549.411988][T11878]  dump_stack_lvl+0x189/0x250
[  549.412005][T11878]  ? __pfx____ratelimit+0x10/0x10
[  549.412019][T11878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.412031][T11878]  ? __pfx__printk+0x10/0x10
[  549.412050][T11878]  ? __might_fault+0xb0/0x130
[  549.412081][T11878]  should_fail_ex+0x414/0x560
[  549.412110][T11878]  _copy_from_user+0x2d/0xb0
[  549.412133][T11878]  get_compat_msghdr+0xad/0x4a0
[  549.412154][T11878]  ? __pfx_get_compat_msghdr+0x10/0x10
[  549.412166][T11878]  ? ___sys_recvmsg+0x1c4/0x510
[  549.412177][T11878]  ? kfree+0x4d/0x6d0
[  549.412192][T11878]  ___sys_recvmsg+0x17f/0x510
[  549.412206][T11878]  ? __pfx____sys_recvmsg+0x10/0x10
[  549.412230][T11878]  ? __fget_files+0x3a0/0x420
[  549.412246][T11878]  do_recvmmsg+0x36a/0x770
[  549.412261][T11878]  ? __pfx_do_recvmmsg+0x10/0x10
[  549.412272][T11878]  ? ksys_write+0x1cb/0x250
[  549.412294][T11878]  ? __fget_files+0x3a0/0x420
[  549.412307][T11878]  __sys_recvmmsg+0x19d/0x280
[  549.412319][T11878]  ? __pfx___sys_recvmmsg+0x10/0x10
[  549.412329][T11878]  ? __pfx_ksys_write+0x10/0x10
[  549.412345][T11878]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  549.412358][T11878]  __do_fast_syscall_32+0xb6/0x2b0
[  549.412372][T11878]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.412387][T11878]  do_fast_syscall_32+0x34/0x80
[  549.412400][T11878]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.412412][T11878] RIP: 0023:0xf706d539
[  549.412422][T11878] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  549.412431][T11878] RSP: 002b:00000000f543c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  549.412442][T11878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  549.412449][T11878] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[  549.412455][T11878] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  549.412461][T11878] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  549.412467][T11878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  549.412482][T11878]  </TASK>
[  549.820423][T11881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1429'.
[  549.909388][T11885] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1431'.
[  550.002526][T11876] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  550.503889][T11902] fuse: Bad value for 'fd'
[  550.515655][T11902] usb usb8: usbfs: process 11902 (syz.4.1436) did not claim interface 0 before use
[  551.082216][ T5868] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  551.232179][ T5868] usb 4-1: Using ep0 maxpacket: 16
[  551.239240][ T5868] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  551.251125][ T5868] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  551.260328][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.268375][ T5868] usb 4-1: Product: syz
[  551.272825][ T5868] usb 4-1: Manufacturer: syz
[  551.277450][ T5868] usb 4-1: SerialNumber: syz
[  551.285646][ T5868] usb 4-1: config 0 descriptor??
[  551.292929][ T5868] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  551.301238][ T5868] usb 4-1: Detected FT232R
[  551.503701][ T5868] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  551.880181][ T5868] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  552.930707][T11921] netlink: 'syz.3.1438': attribute type 2 has an invalid length.
[  553.303914][T11927] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1441'.
[  553.552166][ T5921] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  553.705415][ T5921] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  553.714631][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.722940][ T5921] usb 5-1: Product: syz
[  553.727261][ T5921] usb 5-1: Manufacturer: syz
[  553.731878][ T5921] usb 5-1: SerialNumber: syz
[  554.002277][   T24] usb 4-1: USB disconnect, device number 52
[  554.031528][   T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  554.043044][   T24] ftdi_sio 4-1:0.0: device disconnected
[  554.359006][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  554.374943][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  554.385312][ T5921] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  554.422206][ T5921] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  554.702178][   T24] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  554.856122][   T24] usb 4-1: config 0 has no interfaces?
[  554.865089][   T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  554.875211][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.883826][   T24] usb 4-1: Product: syz
[  554.888313][   T24] usb 4-1: Manufacturer: syz
[  554.893318][   T24] usb 4-1: SerialNumber: syz
[  554.906816][   T24] usb 4-1: config 0 descriptor??
[  556.482565][   T30] audit: type=1326 audit(1762808085.793:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.512468][   T30] audit: type=1326 audit(1762808085.803:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.536192][   T30] audit: type=1326 audit(1762808085.823:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.558226][   T30] audit: type=1326 audit(1762808085.823:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.580209][   T30] audit: type=1326 audit(1762808085.823:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.603285][   T30] audit: type=1326 audit(1762808085.823:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.628959][   T30] audit: type=1326 audit(1762808085.823:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.653310][   T30] audit: type=1326 audit(1762808085.823:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.675310][   T30] audit: type=1326 audit(1762808085.823:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.697726][   T30] audit: type=1326 audit(1762808085.833:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11957 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[  556.737394][T11961] syzkaller0: entered promiscuous mode
[  556.744406][T11961] syzkaller0: entered allmulticast mode
[  556.816923][   T24] usb 5-1: USB disconnect, device number 57
[  557.296682][   T24] usb 4-1: USB disconnect, device number 53
[  557.494027][T11971] netlink: 'syz.3.1450': attribute type 1 has an invalid length.
[  557.658461][T11971] bond4: entered promiscuous mode
[  557.772924][T11971] bond4: entered allmulticast mode
[  557.788897][T11971] 8021q: adding VLAN 0 to HW filter on device bond4
[  558.256858][T11981] FAULT_INJECTION: forcing a failure.
[  558.256858][T11981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.279827][T11981] CPU: 0 UID: 0 PID: 11981 Comm: syz.4.1452 Not tainted syzkaller #0 PREEMPT(full) 
[  558.279844][T11981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  558.279851][T11981] Call Trace:
[  558.279857][T11981]  <TASK>
[  558.279863][T11981]  dump_stack_lvl+0x189/0x250
[  558.279881][T11981]  ? __pfx____ratelimit+0x10/0x10
[  558.279894][T11981]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.279907][T11981]  ? __pfx__printk+0x10/0x10
[  558.279923][T11981]  should_fail_ex+0x414/0x560
[  558.279941][T11981]  _copy_to_user+0x31/0xb0
[  558.279956][T11981]  simple_read_from_buffer+0xe1/0x170
[  558.279973][T11981]  proc_fail_nth_read+0x1b3/0x220
[  558.279987][T11981]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  558.280000][T11981]  ? rw_verify_area+0x2a6/0x4d0
[  558.280013][T11981]  ? __lock_acquire+0xab9/0xd20
[  558.280022][T11981]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  558.280034][T11981]  vfs_read+0x200/0xa30
[  558.280046][T11981]  ? fdget_pos+0x247/0x320
[  558.280058][T11981]  ? __pfx___mutex_lock+0x10/0x10
[  558.280072][T11981]  ? __pfx_vfs_read+0x10/0x10
[  558.280091][T11981]  ? __fget_files+0x2a/0x420
[  558.280102][T11981]  ? __fget_files+0x3a0/0x420
[  558.280111][T11981]  ? __fget_files+0x2a/0x420
[  558.280124][T11981]  ksys_read+0x145/0x250
[  558.280138][T11981]  ? __pfx_ksys_read+0x10/0x10
[  558.280152][T11981]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  558.280170][T11981]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.280185][T11981]  __do_fast_syscall_32+0xb6/0x2b0
[  558.280200][T11981]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.280214][T11981]  do_fast_syscall_32+0x34/0x80
[  558.280228][T11981]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  558.280240][T11981] RIP: 0023:0xf7f44539
[  558.280250][T11981] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  558.280258][T11981] RSP: 002b:00000000f5436590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  558.280270][T11981] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5436620
[  558.280277][T11981] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000
[  558.280283][T11981] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  558.280289][T11981] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  558.280295][T11981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  558.280310][T11981]  </TASK>
[  559.015435][T11991] FAULT_INJECTION: forcing a failure.
[  559.015435][T11991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.028736][T11991] CPU: 1 UID: 0 PID: 11991 Comm: syz.0.1455 Not tainted syzkaller #0 PREEMPT(full) 
[  559.028760][T11991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  559.028771][T11991] Call Trace:
[  559.028779][T11991]  <TASK>
[  559.028788][T11991]  dump_stack_lvl+0x189/0x250
[  559.028815][T11991]  ? __pfx____ratelimit+0x10/0x10
[  559.028839][T11991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.028861][T11991]  ? __pfx__printk+0x10/0x10
[  559.028880][T11991]  ? __might_fault+0xb0/0x130
[  559.028915][T11991]  should_fail_ex+0x414/0x560
[  559.028945][T11991]  _copy_from_iter+0x1de/0x1790
[  559.028976][T11991]  ? __lock_acquire+0xab9/0xd20
[  559.028995][T11991]  ? __pfx__copy_from_iter+0x10/0x10
[  559.029025][T11991]  ? page_copy_sane+0x4e/0x280
[  559.029047][T11991]  copy_page_from_iter+0xdd/0x170
[  559.029070][T11991]  tun_get_user+0x1d7b/0x3e90
[  559.029100][T11991]  ? tun_get_user+0x6f6/0x3e90
[  559.029126][T11991]  ? aa_file_perm+0x44d/0x1550
[  559.029143][T11991]  ? __pfx_tun_get_user+0x10/0x10
[  559.029161][T11991]  ? _parse_integer_limit+0x1ae/0x1f0
[  559.029187][T11991]  ? __lock_acquire+0xab9/0xd20
[  559.029210][T11991]  ? ref_tracker_alloc+0x318/0x460
[  559.029226][T11991]  ? __lock_acquire+0xab9/0xd20
[  559.029245][T11991]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  559.029268][T11991]  ? tun_get+0x1c/0x2f0
[  559.029294][T11991]  ? tun_get+0x1c/0x2f0
[  559.029313][T11991]  ? tun_get+0x1c/0x2f0
[  559.029343][T11991]  tun_chr_write_iter+0x113/0x200
[  559.029366][T11991]  vfs_write+0x5c9/0xb30
[  559.029394][T11991]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  559.029415][T11991]  ? __pfx_vfs_write+0x10/0x10
[  559.029448][T11991]  ? __fget_files+0x2a/0x420
[  559.029475][T11991]  ksys_write+0x145/0x250
[  559.029497][T11991]  ? exc_page_fault+0x82/0x100
[  559.029521][T11991]  ? __pfx_ksys_write+0x10/0x10
[  559.029547][T11991]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  559.029573][T11991]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.029599][T11991]  __do_fast_syscall_32+0xb6/0x2b0
[  559.029624][T11991]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.029650][T11991]  do_fast_syscall_32+0x34/0x80
[  559.029678][T11991]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  559.029699][T11991] RIP: 0023:0xf70fd539
[  559.029715][T11991] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  559.029730][T11991] RSP: 002b:00000000f54ed520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  559.029750][T11991] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000100
[  559.029763][T11991] RDX: 0000000000000080 RSI: 00000000f7496ff4 RDI: 0000000000000000
[  559.029774][T11991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  559.029785][T11991] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  559.029796][T11991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  559.029824][T11991]  </TASK>
[  562.992264][  T938] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  563.005475][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  563.011884][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  563.152279][  T938] usb 4-1: Using ep0 maxpacket: 32
[  563.164066][  T938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  563.175013][  T938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.184815][  T938] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  563.194103][  T938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.204651][  T938] usb 4-1: config 0 descriptor??
[  563.619356][  T938] ft260 0003:0403:6030.0010: unknown main item tag 0x7
[  563.817346][  T938] ft260 0003:0403:6030.0010: chip code: 6424 8183
[  564.018456][  T938] ft260 0003:0403:6030.0010: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  564.219330][  T938] ft260 0003:0403:6030.0010: failed to retrieve status: -32, no wakeup
[  564.435074][ T5921] usb 4-1: USB disconnect, device number 54
[  565.023493][T12034] binder: 12032:12034 ioctl c0306201 80004a40 returned -22
[  583.623441][ T5199] udevd[5199]: worker [5850] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time
[  624.446742][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.453118][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  682.042194][   T31] INFO: task kworker/0:0:9 blocked for more than 143 seconds.
[  682.049695][   T31]       Not tainted syzkaller #0
[  682.054718][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  682.063443][   T31] task:kworker/0:0     state:D stack:21224 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
[  682.075524][   T31] Workqueue: usb_hub_wq hub_event
[  682.080574][   T31] Call Trace:
[  682.084409][   T31]  <TASK>
[  682.087370][   T31]  __schedule+0x1798/0x4cc0
[  682.091873][   T31]  ? __pfx___schedule+0x10/0x10
[  682.096987][   T31]  ? schedule+0x91/0x360
[  682.101255][   T31]  schedule+0x165/0x360
[  682.105517][   T31]  schedule_preempt_disabled+0x13/0x30
[  682.110986][   T31]  __mutex_lock+0x7e6/0x1350
[  682.115624][   T31]  ? __mutex_lock+0x5bb/0x1350
[  682.120429][   T31]  ? rfkill_register+0x37/0x8e0
[  682.129075][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  682.134207][   T31]  ? netdev_run_todo+0xe1d/0xea0
[  682.139151][   T31]  ? mod_delayed_work_on+0x1c0/0x200
[  682.144703][   T31]  ? __pfx_netdev_run_todo+0x10/0x10
[  682.149998][   T31]  ? __pfx_mod_delayed_work_on+0x10/0x10
[  682.155761][   T31]  rfkill_register+0x37/0x8e0
[  682.160452][   T31]  wiphy_register+0x2231/0x2aa0
[  682.165380][   T31]  ? __pfx_wiphy_register+0x10/0x10
[  682.170584][   T31]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  682.175734][   T31]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  682.181813][   T31]  ieee80211_register_hw+0x3473/0x40d0
[  682.187367][   T31]  ? _dev_err+0x10a/0x160
[  682.191705][   T31]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  682.197853][   T31]  ? __pfx__dev_err+0x10/0x10
[  682.202595][   T31]  ? plfxlc_upload_mac_and_serial+0x2ad/0x360
[  682.208682][   T31]  ? plfxlc_mac_preinit_hw+0x4a/0x60
[  682.214043][   T31]  ? __asan_memcpy+0x40/0x70
[  682.218647][   T31]  probe+0x1ae/0xfd0
[  682.222591][   T31]  ? __pfx_probe+0x10/0x10
[  682.227042][   T31]  ? __update_runtime_status+0x1b3/0x390
[  682.232717][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[  682.238353][   T31]  ? usb_disable_lpm+0x77/0x3e0
[  682.243243][   T31]  usb_probe_interface+0x668/0xc30
[  682.248361][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  682.254030][   T31]  really_probe+0x26d/0x9e0
[  682.258540][   T31]  __driver_probe_device+0x18c/0x2f0
[  682.263895][   T31]  driver_probe_device+0x4f/0x430
[  682.268930][   T31]  __device_attach_driver+0x2ce/0x530
[  682.274368][   T31]  bus_for_each_drv+0x251/0x2e0
[  682.279207][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  682.285249][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  682.290631][   T31]  __device_attach+0x2b8/0x400
[  682.295431][   T31]  ? __pfx___device_attach+0x10/0x10
[  682.300731][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  682.306146][   T31]  bus_probe_device+0x185/0x260
[  682.311023][   T31]  device_add+0x7b6/0xb50
[  682.315401][   T31]  usb_set_configuration+0x1a87/0x20e0
[  682.320969][   T31]  usb_generic_driver_probe+0x8d/0x150
[  682.326502][   T31]  usb_probe_device+0x1c4/0x390
[  682.331368][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  682.336799][   T31]  really_probe+0x26d/0x9e0
[  682.341316][   T31]  __driver_probe_device+0x18c/0x2f0
[  682.346638][   T31]  driver_probe_device+0x4f/0x430
[  682.351655][   T31]  __device_attach_driver+0x2ce/0x530
[  682.357084][   T31]  bus_for_each_drv+0x251/0x2e0
[  682.361942][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  682.368068][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  682.373471][   T31]  __device_attach+0x2b8/0x400
[  682.378228][   T31]  ? __pfx___device_attach+0x10/0x10
[  682.383570][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  682.388774][   T31]  bus_probe_device+0x185/0x260
[  682.393670][   T31]  device_add+0x7b6/0xb50
[  682.398003][   T31]  usb_new_device+0xa39/0x16f0
[  682.402815][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  682.408045][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  682.413459][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.418667][   T31]  hub_event+0x2958/0x4a20
[  682.423241][   T31]  ? __pfx_hub_event+0x10/0x10
[  682.428010][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.433756][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  682.438964][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.444922][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.450663][   T31]  process_scheduled_works+0xae1/0x17b0
[  682.456309][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  682.462400][   T31]  worker_thread+0x8a0/0xda0
[  682.467021][   T31]  kthread+0x711/0x8a0
[  682.471094][   T31]  ? __pfx_worker_thread+0x10/0x10
[  682.476572][   T31]  ? __pfx_kthread+0x10/0x10
[  682.481168][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  682.486407][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.491606][   T31]  ? __pfx_kthread+0x10/0x10
[  682.496267][   T31]  ret_from_fork+0x4bc/0x870
[  682.500858][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  682.506022][   T31]  ? __switch_to_asm+0x39/0x70
[  682.510785][   T31]  ? __switch_to_asm+0x33/0x70
[  682.515594][   T31]  ? __pfx_kthread+0x10/0x10
[  682.520192][   T31]  ret_from_fork_asm+0x1a/0x30
[  682.525185][   T31]  </TASK>
[  682.528285][   T31] INFO: task kworker/1:4:5888 blocked for more than 143 seconds.
[  682.536027][   T31]       Not tainted syzkaller #0
[  682.540958][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  682.549684][   T31] task:kworker/1:4     state:D stack:19848 pid:5888  tgid:5888  ppid:2      task_flags:0x4208060 flags:0x00080000
[  682.561730][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  682.568449][   T31] Call Trace:
[  682.571730][   T31]  <TASK>
[  682.574719][   T31]  __schedule+0x1798/0x4cc0
[  682.579343][   T31]  ? __pfx___schedule+0x10/0x10
[  682.584253][   T31]  ? schedule+0x91/0x360
[  682.588506][   T31]  schedule+0x165/0x360
[  682.592723][   T31]  schedule_preempt_disabled+0x13/0x30
[  682.598189][   T31]  __mutex_lock+0x7e6/0x1350
[  682.602831][   T31]  ? __mutex_lock+0x5bb/0x1350
[  682.607611][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  682.613891][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  682.618934][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.624707][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.630429][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  682.636705][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  682.642492][   T31]  process_scheduled_works+0xae1/0x17b0
[  682.648079][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  682.654124][   T31]  worker_thread+0x8a0/0xda0
[  682.658724][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  682.665107][   T31]  ? __kthread_parkme+0x7b/0x200
[  682.670084][   T31]  kthread+0x711/0x8a0
[  682.674198][   T31]  ? __pfx_worker_thread+0x10/0x10
[  682.679310][   T31]  ? __pfx_kthread+0x10/0x10
[  682.683992][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  682.689206][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.694485][   T31]  ? __pfx_kthread+0x10/0x10
[  682.699178][   T31]  ret_from_fork+0x4bc/0x870
[  682.703816][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  682.708948][   T31]  ? __switch_to_asm+0x39/0x70
[  682.713769][   T31]  ? __switch_to_asm+0x33/0x70
[  682.718536][   T31]  ? __pfx_kthread+0x10/0x10
[  682.723159][   T31]  ret_from_fork_asm+0x1a/0x30
[  682.728068][   T31]  </TASK>
[  682.731102][   T31] INFO: task syz.2.1059:10250 blocked for more than 144 seconds.
[  682.738872][   T31]       Not tainted syzkaller #0
[  682.743977][   T31]       Blocked by coredump.
[  682.748556][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  682.757268][   T31] task:syz.2.1059      state:D stack:25864 pid:10250 tgid:10250 ppid:5848   task_flags:0x40044c flags:0x10080003
[  682.769393][   T31] Call Trace:
[  682.772699][   T31]  <TASK>
[  682.775688][   T31]  __schedule+0x1798/0x4cc0
[  682.780201][   T31]  ? __pfx___schedule+0x10/0x10
[  682.785117][   T31]  ? schedule+0x91/0x360
[  682.789364][   T31]  schedule+0x165/0x360
[  682.793549][   T31]  schedule_preempt_disabled+0x13/0x30
[  682.799034][   T31]  __mutex_lock+0x7e6/0x1350
[  682.803667][   T31]  ? __mutex_lock+0x5bb/0x1350
[  682.808453][   T31]  ? rfkill_unregister+0xc8/0x220
[  682.813534][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  682.818582][   T31]  ? __pfx_device_del+0x10/0x10
[  682.823492][   T31]  ? hci_sock_dev_event+0x42d/0x600
[  682.828711][   T31]  rfkill_unregister+0xc8/0x220
[  682.833639][   T31]  hci_unregister_dev+0x374/0x510
[  682.838673][   T31]  vhci_release+0x152/0x1a0
[  682.843475][   T31]  ? __pfx_vhci_release+0x10/0x10
[  682.848518][   T31]  __fput+0x44c/0xa70
[  682.852746][   T31]  task_work_run+0x1d4/0x260
[  682.857357][   T31]  ? __pfx_task_work_run+0x10/0x10
[  682.862531][   T31]  ? do_exit+0x6b0/0x2300
[  682.866865][   T31]  ? kmem_cache_free+0x19b/0x690
[  682.871801][   T31]  do_exit+0x6b5/0x2300
[  682.875999][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  682.881378][   T31]  ? do_raw_spin_lock+0x121/0x290
[  682.886443][   T31]  ? __pfx_do_exit+0x10/0x10
[  682.891081][   T31]  do_group_exit+0x21c/0x2d0
[  682.895845][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.901056][   T31]  get_signal+0x1285/0x1340
[  682.905637][   T31]  arch_do_signal_or_restart+0xa0/0x790
[  682.911193][   T31]  ? __pfx_get_old_timespec32+0x10/0x10
[  682.916795][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  682.923048][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[  682.928500][   T31]  exit_to_user_mode_loop+0x72/0x130
[  682.933835][   T31]  __do_fast_syscall_32+0x1f4/0x2b0
[  682.939131][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.944399][   T31]  do_fast_syscall_32+0x34/0x80
[  682.949257][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.955632][   T31] RIP: 0023:0xf702d539
[  682.959706][   T31] RSP: 002b:00000000f53db460 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
[  682.968369][   T31] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000
[  682.976414][   T31] RDX: 00000000f53db494 RSI: 00000000f53db48c RDI: 00000000f53db494
[  682.984457][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.992667][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.000823][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.008874][   T31]  </TASK>
[  683.011933][   T31] INFO: task syz.2.1353:11517 blocked for more than 144 seconds.
[  683.019729][   T31]       Not tainted syzkaller #0
[  683.024722][   T31]       Blocked by coredump.
[  683.029285][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  683.038011][   T31] task:syz.2.1353      state:D stack:26856 pid:11517 tgid:11512 ppid:5848   task_flags:0x40044c flags:0x10080003
[  683.049975][   T31] Call Trace:
[  683.053278][   T31]  <TASK>
[  683.056211][   T31]  __schedule+0x1798/0x4cc0
[  683.060716][   T31]  ? __pfx___schedule+0x10/0x10
[  683.065752][   T31]  ? schedule+0x91/0x360
[  683.070002][   T31]  schedule+0x165/0x360
[  683.074473][   T31]  schedule_preempt_disabled+0x13/0x30
[  683.079998][   T31]  __mutex_lock+0x7e6/0x1350
[  683.084738][   T31]  ? __mutex_lock+0x5bb/0x1350
[  683.089527][   T31]  ? rfkill_unregister+0xc8/0x220
[  683.094724][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  683.099777][   T31]  ? __pfx_device_del+0x10/0x10
[  683.104713][   T31]  rfkill_unregister+0xc8/0x220
[  683.109578][   T31]  nfc_unregister_device+0x96/0x2a0
[  683.114832][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  683.120559][   T31]  virtual_ncidev_close+0x56/0x90
[  683.125679][   T31]  __fput+0x44c/0xa70
[  683.129672][   T31]  task_work_run+0x1d4/0x260
[  683.134326][   T31]  ? __pfx_task_work_run+0x10/0x10
[  683.139461][   T31]  do_exit+0x6b5/0x2300
[  683.143719][   T31]  ? do_raw_spin_lock+0x121/0x290
[  683.148768][   T31]  ? __pfx_do_exit+0x10/0x10
[  683.153454][   T31]  do_group_exit+0x21c/0x2d0
[  683.158062][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.167968][   T31]  get_signal+0x1285/0x1340
[  683.172666][   T31]  arch_do_signal_or_restart+0xa0/0x790
[  683.178230][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  683.184673][   T31]  ? __se_sys_futex_time32+0x360/0x3e0
[  683.190156][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[  683.195726][   T31]  exit_to_user_mode_loop+0x72/0x130
[  683.201021][   T31]  __do_fast_syscall_32+0x1f4/0x2b0
[  683.206301][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.211528][   T31]  do_fast_syscall_32+0x34/0x80
[  683.216480][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.222852][   T31] RIP: 0023:0xf702d539
[  683.226918][   T31] RSP: 002b:00000000f53db60c EFLAGS: 00000206 ORIG_RAX: 00000000000000f0
[  683.235383][   T31] RAX: fffffffffffffe00 RBX: 00000000f73f50b8 RCX: 0000000000000080
[  683.243412][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f73f50bc
[  683.251370][   T31] RBP: 0000000000000081 R08: 0000000000000000 R09: 0000000000000000
[  683.259423][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.267450][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.275507][   T31]  </TASK>
[  683.278533][   T31] INFO: task syz.1.1361:11553 blocked for more than 144 seconds.
[  683.286283][   T31]       Not tainted syzkaller #0
[  683.291211][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  683.300106][   T31] task:syz.1.1361      state:D stack:24904 pid:11553 tgid:11549 ppid:5845   task_flags:0x400040 flags:0x10080003
[  683.312126][   T31] Call Trace:
[  683.315398][   T31]  <TASK>
[  683.318310][   T31]  __schedule+0x1798/0x4cc0
[  683.322902][   T31]  ? __pfx___schedule+0x10/0x10
[  683.327837][   T31]  ? schedule+0x91/0x360
[  683.332128][   T31]  schedule+0x165/0x360
[  683.336300][   T31]  schedule_preempt_disabled+0x13/0x30
[  683.341771][   T31]  __mutex_lock+0x7e6/0x1350
[  683.346459][   T31]  ? __mutex_lock+0x5bb/0x1350
[  683.351246][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  683.356571][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  683.361588][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.366828][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  683.372942][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  683.379292][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  683.385069][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  683.390182][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  683.395988][   T31]  rfkill_set_block+0x1d2/0x440
[  683.400846][   T31]  rfkill_fop_write+0x44b/0x570
[  683.405930][   T31]  ? aa_file_perm+0x13a/0x1550
[  683.410699][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  683.416109][   T31]  ? rw_verify_area+0xb0/0x4d0
[  683.420886][   T31]  ? rw_verify_area+0x255/0x4d0
[  683.425801][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  683.431174][   T31]  vfs_write+0x27e/0xb30
[  683.435518][   T31]  ? __pfx_vfs_write+0x10/0x10
[  683.440293][   T31]  ? __rcu_read_unlock+0x84/0xe0
[  683.445265][   T31]  ? __fget_files+0x2a/0x420
[  683.449854][   T31]  ? __fget_files+0x3a0/0x420
[  683.454563][   T31]  ? __fget_files+0x2a/0x420
[  683.459163][   T31]  ksys_write+0x145/0x250
[  683.463555][   T31]  ? __pfx_ksys_write+0x10/0x10
[  683.468431][   T31]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  683.475168][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.480372][   T31]  __do_fast_syscall_32+0xb6/0x2b0
[  683.485548][   T31]  do_fast_syscall_32+0x34/0x80
[  683.490406][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.496862][   T31] RIP: 0023:0xf7fe1539
[  683.500936][   T31] RSP: 002b:00000000f54b555c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  683.509376][   T31] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080
[  683.517496][   T31] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  683.525518][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  683.533540][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.541616][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.549668][   T31]  </TASK>
[  683.552760][   T31] INFO: task syz-executor:11737 blocked for more than 144 seconds.
[  683.560649][   T31]       Not tainted syzkaller #0
[  683.565619][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  683.574345][   T31] task:syz-executor    state:D stack:23688 pid:11737 tgid:11737 ppid:5818   task_flags:0x400000 flags:0x10080002
[  683.586317][   T31] Call Trace:
[  683.589600][   T31]  <TASK>
[  683.592588][   T31]  __schedule+0x1798/0x4cc0
[  683.597136][   T31]  ? __pfx___schedule+0x10/0x10
[  683.602081][   T31]  ? schedule+0x91/0x360
[  683.606333][   T31]  schedule+0x165/0x360
[  683.610491][   T31]  schedule_preempt_disabled+0x13/0x30
[  683.615994][   T31]  __mutex_lock+0x7e6/0x1350
[  683.620606][   T31]  ? __mutex_lock+0x5bb/0x1350
[  683.625621][   T31]  ? rfkill_register+0x37/0x8e0
[  683.630477][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  683.635572][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  683.640882][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  683.646311][   T31]  ? device_initialize+0x24b/0x440
[  683.651459][   T31]  rfkill_register+0x37/0x8e0
[  683.656254][   T31]  hci_register_dev+0x3f5/0x890
[  683.661122][   T31]  vhci_create_device+0x39c/0x650
[  683.666229][   T31]  vhci_write+0x3ce/0x4a0
[  683.670582][   T31]  vfs_write+0x5c9/0xb30
[  683.674906][   T31]  ? __pfx_vhci_write+0x10/0x10
[  683.679769][   T31]  ? __pfx_vfs_write+0x10/0x10
[  683.684612][   T31]  ? __lock_acquire+0xab9/0xd20
[  683.689473][   T31]  ksys_write+0x145/0x250
[  683.693877][   T31]  ? __pfx_ksys_write+0x10/0x10
[  683.698740][   T31]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  683.705457][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.710669][   T31]  __do_fast_syscall_32+0xb6/0x2b0
[  683.715868][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.721084][   T31]  do_fast_syscall_32+0x34/0x80
[  683.726005][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.732666][   T31] RIP: 0023:0xf707d539
[  683.736747][   T31] RSP: 002b:00000000ffbb6950 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  683.745218][   T31] RAX: ffffffffffffffda RBX: 00000000000000ca RCX: 00000000ffbb69aa
[  683.753246][   T31] RDX: 0000000000000002 RSI: 00000000f7416ff4 RDI: 00000000f74454a8
[  683.761211][   T31] RBP: 00000000ffbb6b18 R08: 0000000000000000 R09: 0000000000000000
[  683.769230][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.777335][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.785380][   T31]  </TASK>
[  683.788408][   T31] INFO: task syz-executor:11753 blocked for more than 145 seconds.
[  683.796339][   T31]       Not tainted syzkaller #0
[  683.801274][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  683.809990][   T31] task:syz-executor    state:D stack:24552 pid:11753 tgid:11753 ppid:5818   task_flags:0x400000 flags:0x10080000
[  683.822049][   T31] Call Trace:
[  683.825338][   T31]  <TASK>
[  683.828259][   T31]  __schedule+0x1798/0x4cc0
[  683.832855][   T31]  ? __pfx___schedule+0x10/0x10
[  683.837720][   T31]  ? schedule+0x91/0x360
[  683.841951][   T31]  schedule+0x165/0x360
[  683.846382][   T31]  schedule_preempt_disabled+0x13/0x30
[  683.851830][   T31]  __mutex_lock+0x7e6/0x1350
[  683.856480][   T31]  ? __mutex_lock+0x5bb/0x1350
[  683.861258][   T31]  ? rfkill_register+0x37/0x8e0
[  683.866170][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  683.871311][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  683.876736][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  683.882421][   T31]  ? device_initialize+0x24b/0x440
[  683.887565][   T31]  rfkill_register+0x37/0x8e0
[  683.892314][   T31]  hci_register_dev+0x3f5/0x890
[  683.897182][   T31]  vhci_create_device+0x39c/0x650
[  683.902253][   T31]  vhci_write+0x3ce/0x4a0
[  683.906613][   T31]  vfs_write+0x5c9/0xb30
[  683.910845][   T31]  ? __pfx_vhci_write+0x10/0x10
[  683.915772][   T31]  ? __pfx_vfs_write+0x10/0x10
[  683.920555][   T31]  ? clockevents_program_event+0x24d/0x360
[  683.926438][   T31]  ? __lock_acquire+0xab9/0xd20
[  683.931328][   T31]  ksys_write+0x145/0x250
[  683.935723][   T31]  ? __pfx_ksys_write+0x10/0x10
[  683.940585][   T31]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  683.947321][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.952692][   T31]  __do_fast_syscall_32+0xb6/0x2b0
[  683.957804][   T31]  do_fast_syscall_32+0x34/0x80
[  683.962770][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.969105][   T31] RIP: 0023:0xf7fe3539
[  683.973293][   T31] RSP: 002b:00000000ffbb0c10 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  683.981775][   T31] RAX: ffffffffffffffda RBX: 00000000000000ca RCX: 00000000ffbb0c6a
[  683.989814][   T31] RDX: 0000000000000002 RSI: 00000000f7476ff4 RDI: 00000000f74a54a8
[  683.997843][   T31] RBP: 00000000ffbb0dd8 R08: 0000000000000000 R09: 0000000000000000
[  684.005856][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  684.013870][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  684.021869][   T31]  </TASK>
[  684.024971][   T31] 
[  684.024971][   T31] Showing all locks held in the system:
[  684.032714][   T31] 6 locks held by kworker/0:0/9:
[  684.037629][   T31]  #0: ffff888140aff948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  684.048974][   T31]  #1: ffffc900000e7ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  684.060854][   T31]  #2: ffff8881453c5198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  684.069879][   T31]  #3: ffff888079c64198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  684.079208][   T31]  #4: ffff8880572f1160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  684.088480][   T31]  #5: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.098455][   T31] 1 lock held by khungtaskd/31:
[  684.103356][   T31]  #0: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  684.113290][   T31] 2 locks held by getty/5596:
[  684.117950][   T31]  #0: ffff88802fbca0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  684.127763][   T31]  #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  684.137976][   T31] 4 locks held by udevd/5850:
[  684.142684][   T31]  #0: ffff888030c98540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe20
[  684.151517][   T31]  #1: ffff888030440088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  684.160998][   T31]  #2: ffff88805d100008 (kn->active#28){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  684.170523][   T31]  #3: ffff888079c64198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  684.179903][   T31] 3 locks held by kworker/1:4/5888:
[  684.185315][   T31]  #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  684.196358][   T31]  #1: ffffc90004f7fba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  684.212775][   T31]  #2: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  684.224414][   T31] 1 lock held by syz.2.1059/10250:
[  684.229539][   T31]  #0: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  684.239708][   T31] 2 locks held by syz.2.1353/11517:
[  684.244941][   T31]  #0: ffff88805b678100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  684.254739][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  684.264894][   T31] 2 locks held by syz.1.1361/11553:
[  684.270091][   T31]  #0: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  684.280281][   T31]  #1: ffff88805b678100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  684.290051][   T31] 2 locks held by syz-executor/11737:
[  684.295587][   T31]  #0: ffff888028f12918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[  684.305703][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.315681][   T31] 2 locks held by syz-executor/11753:
[  684.321048][   T31]  #0: ffff8880286fe918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[  684.331087][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.341070][   T31] 3 locks held by syz.0.1457/12003:
[  684.346316][   T31]  #0: ffffffff8f331610 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  684.354549][   T31]  #1: ffffffff8f331428 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  684.363557][   T31]  #2: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.373531][   T31] 2 locks held by syz.4.1461/12022:
[  684.378720][   T31]  #0: ffffffff8f331610 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  684.386946][   T31]  #1: ffffffff8f331428 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  684.395980][   T31] 2 locks held by syz.3.1464/12033:
[  684.401197][   T31]  #0: ffffffff8f331610 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  684.409418][   T31]  #1: ffffffff8f331428 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  684.418656][   T31] 2 locks held by syz.3.1464/12034:
[  684.423965][   T31]  #0: ffffffff8f331610 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  684.432214][   T31]  #1: ffffffff8f331428 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  684.441203][   T31] 2 locks held by syz-executor/12036:
[  684.446628][   T31]  #0: ffff888079151918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[  684.456716][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.466695][   T31] 2 locks held by syz-executor/12037:
[  684.472139][   T31]  #0: ffff88805a382118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[  684.482239][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.492227][   T31] 2 locks held by syz-executor/12038:
[  684.497595][   T31]  #0: ffff88804d4fc918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[  684.507663][   T31]  #1: ffffffff8f5ab4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  684.517657][   T31] 
[  684.519967][   T31] =============================================
[  684.519967][   T31] 
[  684.528660][   T31] NMI backtrace for cpu 1
[  684.528676][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  684.528694][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  684.528705][   T31] Call Trace:
[  684.528713][   T31]  <TASK>
[  684.528721][   T31]  dump_stack_lvl+0x189/0x250
[  684.528750][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.528772][   T31]  ? __pfx__printk+0x10/0x10
[  684.528801][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  684.528823][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  684.528844][   T31]  ? __pfx__printk+0x10/0x10
[  684.528865][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  684.528891][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  684.528913][   T31]  watchdog+0xf60/0xfa0
[  684.528937][   T31]  ? watchdog+0x1e2/0xfa0
[  684.528960][   T31]  kthread+0x711/0x8a0
[  684.528986][   T31]  ? __pfx_watchdog+0x10/0x10
[  684.529002][   T31]  ? __pfx_kthread+0x10/0x10
[  684.529027][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  684.529048][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  684.529068][   T31]  ? __pfx_kthread+0x10/0x10
[  684.529089][   T31]  ret_from_fork+0x4bc/0x870
[  684.529109][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  684.529134][   T31]  ? __switch_to_asm+0x39/0x70
[  684.529148][   T31]  ? __switch_to_asm+0x33/0x70
[  684.529161][   T31]  ? __pfx_kthread+0x10/0x10
[  684.529183][   T31]  ret_from_fork_asm+0x1a/0x30
[  684.529213][   T31]  </TASK>
[  684.529220][   T31] Sending NMI from CPU 1 to CPUs 0:
[  684.674054][    C0] NMI backtrace for cpu 0
[  684.674069][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  684.674086][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  684.674097][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  684.674122][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 d1 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  684.674136][    C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 000002c6
[  684.674150][    C0] RAX: 25930fe8ca791f00 RBX: ffffffff81968b47 RCX: 25930fe8ca791f00
[  684.674162][    C0] RDX: 0000000000000001 RSI: ffffffff8d70db74 RDI: ffffffff8bbf0760
[  684.674174][    C0] RBP: ffffffff8dc07ea8 R08: ffff8880b8832fdb R09: 1ffff110171065fb
[  684.674186][    C0] R10: dffffc0000000000 R11: ffffed10171065fc R12: ffffffff8f7ce370
[  684.674197][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a40
[  684.674208][    C0] FS:  0000000000000000(0000) GS:ffff88812613b000(0000) knlGS:0000000000000000
[  684.674221][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  684.674232][    C0] CR2: 000055fa9ad83660 CR3: 000000000dd38000 CR4: 00000000003526f0
[  684.674247][    C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000007a8d
[  684.674257][    C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  684.674268][    C0] Call Trace:
[  684.674275][    C0]  <TASK>
[  684.674281][    C0]  default_idle+0x13/0x20
[  684.674295][    C0]  default_idle_call+0x73/0xb0
[  684.674310][    C0]  do_idle+0x1e7/0x510
[  684.674330][    C0]  ? __pfx_do_idle+0x10/0x10
[  684.674351][    C0]  cpu_startup_entry+0x44/0x60
[  684.674366][    C0]  rest_init+0x2de/0x300
[  684.674382][    C0]  start_kernel+0x3ae/0x410
[  684.674399][    C0]  x86_64_start_reservations+0x24/0x30
[  684.674417][    C0]  x86_64_start_kernel+0x143/0x1c0
[  684.674432][    C0]  common_startup_64+0x13e/0x147
[  684.674457][    C0]  </TASK>
[  685.885844][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  685.892364][ T1302] ieee802154 phy1 wpan1: encryption failed: -22