last executing test programs:

5m24.792508465s ago: executing program 0 (id=1913):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x12, 0x13, &(0x7f0000000000)=ANY=[@ANYRESDEC=0x0], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file1\x00'})
chdir(&(0x7f0000000080)='./file1\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x200000000000002a, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
unshare(0x2c020600)
r4 = msgget$private(0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000380)=ANY=[@ANYRESOCT], 0x2000, 0x800)
msgsnd(r4, 0x0, 0x27, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
setpgid(0x0, r5)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) (fail_nth: 10)

5m23.439729717s ago: executing program 0 (id=1916):
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x4e21, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x40, 0x8000}}}}}}, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
statfs(&(0x7f00000003c0)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'ipvlan0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c000000100003052cbd7000fedbdf2500000020", @ANYRES32=0x0, @ANYBLOB="0000000000080400240012800b0001006d6163736563000014000280050006000000000005000f000000000008000500", @ANYRES32=r2], 0x4c}}, 0x0)

5m22.162581376s ago: executing program 0 (id=1923):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000001c0))
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$kcm(0x2, 0x200000000000001, 0x106)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(0xffffffffffffffff, 0xdb4, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r4, 0x4008700c, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x40, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000200))
syz_clone(0x201011, 0x0, 0xfffffffffffffdfc, 0x0, 0x0, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(0xffffffffffffffff, 0x3309)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

5m20.92389292s ago: executing program 0 (id=1928):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000000000c9"], 0x48)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

5m20.696057944s ago: executing program 0 (id=1930):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@allocspi={0x11c, 0x16, 0x1, 0x70bd27, 0x25dfdbfd, {{{@in=@private=0xa010101, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4e24, 0x0, 0x4e20, 0xc, 0xa, 0x0, 0x20, 0xc}, {@in=@local, 0x4d6, 0x32}, @in=@local, {0x4, 0x9, 0x7, 0x401, 0x7, 0x8, 0x7, 0x7fff}, {0x6, 0x10000, 0x0, 0x6}, {0x45d4, 0xf}, 0x70bd2b, 0x3507, 0xa, 0x2, 0xc, 0x45}, 0x9, 0x80000001}, [@lifetime_val={0x24, 0x9, {0x6, 0xffffffffffffff01, 0x6, 0x5}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4881}, 0x800)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x100010, r0, 0x6e004000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000080000000000000000005808330000000004950000000000000020fb3731e2ac"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

5m20.41952103s ago: executing program 0 (id=1935):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1700000005000000020000000000000008000000", @ANYRES32=0x1, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000525ace67f6a65738c5c7efff03ffffff00000000000000000080000000070000000000001e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000040)=0x5, 0x23)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0x5460, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$midi(&(0x7f00000001c0), 0xac, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffff0000}, 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
socket$unix(0x1, 0x2, 0x0)

5m19.9277009s ago: executing program 32 (id=1935):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1700000005000000020000000000000008000000", @ANYRES32=0x1, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000525ace67f6a65738c5c7efff03ffffff00000000000000000080000000070000000000001e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000040)=0x5, 0x23)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0x5460, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$midi(&(0x7f00000001c0), 0xac, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffff0000}, 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
socket$unix(0x1, 0x2, 0x0)

15.375863337s ago: executing program 3 (id=3023):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x0, 0xc5cc}})
timer_create(0x1, &(0x7f00000002c0)={0x0, 0x40, 0x2, @tid=r0}, &(0x7f0000000300)=<r2=>0x0)
timer_delete(r2)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r5, 0xc2604110, &(0x7f0000000040)={0x0, [[0x8000008, 0x0, 0x7fffffff, 0x20000000, 0x0, 0xb, 0x9, 0x2], [0x10000, 0x40, 0x3, 0x200000, 0x0, 0x0, 0x9], [0x7, 0x0, 0x0, 0x0, 0x4]], '\x00', [{}, {0x86}, {}, {0x0, 0x8}, {0x3, 0x7}, {0x8000000, 0x4005f, 0x1}, {0x1}, {0x1}, {}, {}, {}, {0x0, 0x400000}], '\x00', 0x1000})

13.734878638s ago: executing program 3 (id=3029):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0), 0x0)
r1 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @dev}, 0x4, {0x2, 0x0, @multicast1=0xe000cc02}})

10.091083212s ago: executing program 3 (id=3033):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300006773da2085000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_split\x00', r0}, 0x10)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
unshare(0x20000400)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r3, r3, 0x2f, 0x2000, 0x4, @value}, 0x20)
r4 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x43400)
r6 = socket$inet6_sctp(0xa, 0xa, 0x84)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000180)={0x0, 0x1, 0xe6e9, 0x4})

9.688014319s ago: executing program 1 (id=3038):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000003c0)="ae", 0x1, r3)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@secondary)
keyctl$link(0x8, r4, r3)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='syzkaller\x00', &(0x7f00000000c0)=@secondary)
preadv(r2, &(0x7f0000000440)=[{&(0x7f0000000240)=""/169, 0xa9}], 0x1, 0x1000000, 0x3)

9.600993796s ago: executing program 3 (id=3041):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x401}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0xffffff25}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x610e}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x100, 0x3c, &(0x7f0000000340)=""/60, 0x41000, 0x13, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x4, 0xd, 0xfffffff7, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r1, 0x1, r1], &(0x7f0000000480)=[{0x5, 0x5, 0x9, 0xb}, {0x2, 0x5, 0x2}, {0x1, 0x5, 0xe, 0xa}, {0x3, 0x1, 0xc, 0x7}, {0x3, 0x1, 0x4, 0x6}, {0x5, 0x4, 0x10, 0x8}, {0x4, 0x2, 0x10, 0xc}], 0x10, 0x80000000, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r5}, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
unshare(0x2040400)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfffffbff, 0x20, 0x0, 0x0, 0x8, 0x1, 0x0, 0x5, 0x3, 0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000800)=<r7=>0x0, &(0x7f0000000840)=0x4)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r9 = accept$alg(r8, 0x0, 0x0)
r10 = dup(r9)
r11 = open(&(0x7f0000000000)='./file1\x00', 0x10f0c2, 0x0)
bind$alg(r8, &(0x7f0000000ac0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58)
ftruncate(r11, 0x200004)
read$FUSE(r10, &(0x7f00000023c0)={0x2020}, 0xfffffe9f)
sendfile(r10, r11, 0x0, 0x80001d00c0d1)
r12 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={r1, <r13=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x6, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x16}, [@exit, @btf_id={0x18, 0x3, 0x3, 0x0, 0x2}]}, &(0x7f0000000500)='GPL\x00', 0x6, 0x7c, &(0x7f0000000700)=""/124, 0x41100, 0x5, '\x00', r7, 0x25, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000880)={0x3, 0x2, 0x9, 0xffffffaa}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000940)=[r1, r12, r13, r1, r1, r1], &(0x7f0000000980)=[{0x4, 0x5, 0x8, 0x4}, {0x0, 0x2, 0xd, 0x3}], 0x10, 0x8, @void, @value}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x28, 0x16, 0xa, 0x901, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}]}], {0x14}}, 0xe4}, 0x1, 0x0, 0x0, 0x10}, 0x0)

9.531510108s ago: executing program 4 (id=3042):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
syz_open_dev$sndctrl(0x0, 0x0, 0xa0002)
openat$audio(0xffffffffffffff9c, 0x0, 0x88602, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_STATX={0x15, 0x22, 0x0, 0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000440)='./file0\x00', 0x4, 0x800, 0x0, {0x0, r2}})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, &(0x7f0000000080)=0x2000000, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x7de4}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)

9.480284699s ago: executing program 1 (id=3043):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001ffffcffffff0300000000000000", @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES32], 0x3c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
memfd_create(0x0, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r1, 0x5608)
socket$inet(0x2, 0xa, 0x0)
socket(0x10, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x47314356, 0x0, 0x6, [{0x0, 0x400}, {0x2}, {}, {}, {0x0, 0x2}, {0x0, 0xfffffffe}, {}, {0x0, 0xc}]}})
prlimit64(0x0, 0x2, &(0x7f0000000140)={0x403, 0x103}, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x80083, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e21, 0x3d3, @loopback, 0xd0}, 0x1c)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@local})
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000940), 0xc02, 0x0)
ioctl$FBIO_WAITFORVSYNC(r5, 0x40044620, 0x0)
syz_clone(0x41100, 0x0, 0x0, &(0x7f0000000340), 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x400]}, 0x8, 0x0)

7.27320877s ago: executing program 4 (id=3045):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18080000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000a000000850000000c000000b70700000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000005232f4779dd90a240000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94)

5.951802552s ago: executing program 3 (id=3046):
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x1, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, 0x0}}], 0x1, 0x8054)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
lseek(0xffffffffffffffff, 0xfffffffffffffffe, 0x1)
socket(0x10, 0x803, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$evdev(&(0x7f0000000200), 0x3, 0x8002)
ioctl$EVIOCGEFFECTS(r7, 0x80044584, &(0x7f0000000000)=""/43)

5.951447401s ago: executing program 5 (id=3047):
r0 = socket(0x10, 0x2, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x336)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000240)={0x0, 0x3}, &(0x7f00000002c0)=0x8)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r6, 0x4068aea3, &(0x7f0000000c00))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x898)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="94010000", @ANYRES16=r7, @ANYBLOB="00082cbd7000fbdbdf250200000048000780080001000300000008000100090000000800020008000000080002000f0000000c00040006000000000000000c00030000000000000000000c0003000600000000000000340003800800020001000080080003000400000008000300f70c000008000100f8ffffff08000200040000000800020000000000c40002800800010000040000240003800800020010000000080001000300000008000100050000000800020002000000040004001c00038008000100008000000800010003000000080001000600000008000200000000003c00038008000100800000000800010081ffffff080002000000000008000100ff010000080001005a0800000800020008000000080002000c00000004000400080002000400000008000200040000001c000380080001000300000008000200030000000800010004000000cba1058008000100657468003400098008000200ff000000080002000700000008000200090000000800020000000000080002000700000008000200ff030000f10e0557e019240606000000000000009daf86e275899619daa47662b67b170942b63562f086c115c5eb13b92a86e7c640a68184d78cdb15eba4c681d419601caa93cbc76660b9b19129ccf77c3764abc876fa39bd7e77968f0b80f7c4c62cd7"], 0x194}, 0x1, 0x0, 0x0, 0x804}, 0xc000)
close_range(r0, 0xffffffffffffffff, 0x0)

5.704272956s ago: executing program 4 (id=3048):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000400)=0x14)
syz_open_dev$dri(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000002060108000000000000000000000000050005000a000000050001000700000005000400030000000900020073797a310000000016000300686173683a6e6574"], 0x50}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000002020104000000000000000a0000003c0002800c000280040001100000000014000300fe80000000000000000000000000000014000400"/72], 0x50}}, 0x0)

5.688995023s ago: executing program 1 (id=3049):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x2100, 0x0, &(0x7f00000002c0), 0x0, 0x2000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000629700000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000080000000000a"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)={0x20, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)

4.774722199s ago: executing program 3 (id=3051):
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f00000004c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb86dd60003a0400033afffe800000000000000000000000000000ff020000000000000000000000000001"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mremap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000003000/0x2000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="050000000100"], 0x50)
r2 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc4c85513, &(0x7f0000000040)={0x1, 0x3, 0x103, 0x1, 'syz1\x00', 0x4})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, 0x0, 0x0, 0x0)
r4 = openat$smackfs_relabel_self(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$smackfs_labels_list(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="47ef"], 0x2)
llistxattr(&(0x7f0000000340)='./file1\x00', &(0x7f0000000400)=""/89, 0x59)

4.675350024s ago: executing program 1 (id=3052):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x581, 0x20000000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x40000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newtaction={0x74, 0x30, 0xb, 0xfffffffc, 0x600, {}, [{0x60, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3}]}, {0x4}, {0xc}, {0xfffffffffffffd86}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4044800}, 0x0)

3.952917912s ago: executing program 4 (id=3053):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a3000000000080003"], 0x64}, 0x1, 0x0, 0x0, 0x20048800}, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000f00)={0x44, &(0x7f0000000cc0)={0x20, 0xe, 0x2, "19dc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f00000002c0)=ANY=[@ANYRESOCT=0x0], 0x0, 0x0}) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3) (async)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xe8c, 0x258, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x7, 0x6009, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
syz_open_dev$video4linux(&(0x7f0000000180), 0x3, 0x8100) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x1, &(0x7f0000000440)=""/203, &(0x7f0000000140)=0xcb) (async)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f00000029c0)={0x20, 0x0, 0x9, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32=r8, @ANYBLOB="08000b000000000008000200ac14143f080009"], 0x54}}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e20, 0x1d, @empty, 0x3}, @in6={0xa, 0x4e24, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}], 0x38) (async)
syz_usb_connect(0x0, 0x5b, &(0x7f0000001e00)=ANY=[@ANYBLOB="1201000002ffa9400819151300000102030109024900020000000009047f00022513bf000a240100000002010205240400001d050000000000000007250100000000072501000000000905000000000000000904e1"], 0x0)

3.759569142s ago: executing program 2 (id=3054):
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = socket$inet6(0xa, 0x2, 0x3a)
r1 = dup(r0)
bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000069000010000000000100200018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7ffffffb702000008000000b703000000400000850000001000000095"], &(0x7f0000000040)='syzkaller\x00', 0x7, 0xfe3, &(0x7f0000001e00)=""/4067, 0x41000, 0x41, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8002)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000500)='./file0\x00', &(0x7f0000000780)='system.posix_acl_access\x00', &(0x7f0000000b40)={{}, {0x1, 0x4}, [{0x2, 0x1, 0xffffffffffffffff}], {0x4, 0x5}, [], {0x10, 0x3}}, 0x2c, 0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x9, 0x0, &(0x7f0000000040), 0x0, 0x0}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x69)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='reiserfs\x00', 0x4012, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_opts(r4, 0x0, 0x17, &(0x7f0000000100)="e1", 0x1)
setitimer(0x2, 0x0, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000400)='syscall\x00')

2.784991021s ago: executing program 1 (id=3055):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
syz_open_dev$sndctrl(0x0, 0x0, 0xa0002)
openat$audio(0xffffffffffffff9c, 0x0, 0x88602, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_STATX={0x15, 0x22, 0x0, 0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000440)='./file0\x00', 0x4, 0x800, 0x0, {0x0, r2}})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, &(0x7f0000000080)=0x2000000, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x7de4}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)

2.749268657s ago: executing program 5 (id=3056):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000004c40)=""/4098, 0x1002}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000000700)=""/179, 0xb3}], 0x5}, 0x80000000}], 0x4, 0x40008062, 0x0)

2.452137909s ago: executing program 2 (id=3057):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x25, &(0x7f00000001c0)={0x0, @in={{0x2, 0x20, @private=0xa010102}}, 0x2, 0xfffe}, 0x90)
r1 = fsopen(&(0x7f0000000040)='nilfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x10008ff, &(0x7f0000000340))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
fcntl$getflags(r2, 0xb)
epoll_pwait2(r2, &(0x7f0000000280)=[{}, {}], 0x2, &(0x7f00000002c0), &(0x7f0000000300)={[0x373]}, 0x8)
brk(0x200000001000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0xc}, &(0x7f0000010080), &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e20, 0x800, @rand_addr=' \x01\x00', 0x4}, @in6={0xa, 0x4e23, 0xb4a, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000}, @in6={0xa, 0x4e20, 0x8001, @remote, 0x4}, @in={0x2, 0x4e24, @multicast2}], 0x74)
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000010300)=[{0x0}, {&(0x7f0000010380)=""/47, 0x2f}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000180)=[0x1]}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r4, 0x29, 0xce, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

2.430173176s ago: executing program 1 (id=3058):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
timer_create(0x6, &(0x7f0000000000)={0x0, 0x3c, 0x1, @thr={&(0x7f0000000100), 0x0}}, 0x0)
r0 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x3000})
r1 = io_uring_setup(0x2110, &(0x7f0000000380)={0x0, 0x5f3c, 0x1000, 0x3, 0x338, 0x0, r0})
r2 = io_uring_setup(0x6fcf, &(0x7f0000000400)={0x0, 0xaf67, 0xbc00, 0x3, 0x226, 0x0, r1})
io_uring_enter(r2, 0x0, 0xcb, 0x5f, &(0x7f0000000240), 0x8)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
syz_usb_connect(0x2, 0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bd3619204433f0224def010203010902400001020000000904"], 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="2599ad8800000000140012800b00010067656e657665000001668631c833d0a8c9b5a500"/50], 0x40}}, 0x0)
chdir(&(0x7f0000000340)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1d, &(0x7f0000000300)=0xf8, 0x4)
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}})
r6 = getuid()
quotactl$Q_QUOTAOFF(0xffffffff80000301, &(0x7f0000000080)=@md0, r6, 0x0)
write$sndseq(r5, &(0x7f0000000280)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0xa0, &(0x7f0000000480)="c48acc8e6e5a9f950eed744d9d185f0a84a27769ac9e3e660448d9d9f7a5de812bd60c9e42d063444bfd7bd10fd3ad89b1cf9d7a588c5ff71d3ad337a1fd5fc679eee859e7372b79a260ddb06886dc483696a27887c7de2ca66d42ca87fb0911b3ab74f8b1a8e49f5d38576cbdcd0e0fbd85c8415b60d20f6ebf4bd88c80031a9aac8993596603e0a0b6a853a9b11d624a49d85422501c0c264f707882771c0c"}}], 0x1c)
r7 = epoll_create(0x3ff)
r8 = epoll_create1(0x80000)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r7, @ANYRES64=r8, @ANYRES64=r8], 0x48)
getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8)
creat(&(0x7f0000000040)='./file0\x00', 0x12c)

2.332081022s ago: executing program 5 (id=3059):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="180800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000a000000850000000c000000b70700000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000005232f4779dd90a240000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94)

2.255153356s ago: executing program 2 (id=3060):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000088000000060a010400000000000000000100000008000b4000000000600004805c0001800a00010072656469720000004c000280080002400000000a080003400000004808000240eaffff1108000340000000200800034000000048080002400000000f0800034000000011080001400000000808000140000000170900010073797a3000", @ANYBLOB="cc2d05c4a776aec99e115967"], 0xfc}}, 0x40000000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket(0x400000000010, 0x3, 0x0)
write(r3, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c041f030080000900", 0x33a)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x1c, r2, 0x7d243a6ea807936d, 0x12, 0x25dfdbf8, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48891}, 0x880)
pwritev2(r1, &(0x7f0000000200), 0x0, 0xd, 0x8030, 0x4)

2.190242279s ago: executing program 5 (id=3061):
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x1, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, 0x0}}], 0x1, 0x8054)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
lseek(0xffffffffffffffff, 0xfffffffffffffffe, 0x1)
socket(0x10, 0x803, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$evdev(&(0x7f0000000200), 0x3, 0x8002)
ioctl$EVIOCGEFFECTS(r7, 0x80044584, &(0x7f0000000000)=""/43)

2.04401912s ago: executing program 2 (id=3062):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x500401, 0x1e8)
flock(r1, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0)
flock(r2, 0xf)
close(0x3)
io_setup(0x20, &(0x7f0000001140)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000080)="0d32818e", 0x4}])

1.937871734s ago: executing program 4 (id=3063):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="210000000000000003000000000097a7bd"], 0x48)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'netpci0\x00'})

1.116085374s ago: executing program 5 (id=3064):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000400)=0x14)
syz_open_dev$dri(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000002060108000000000000000000000000050005000a000000050001000700000005000400030000000900020073797a310000000016000300686173683a6e6574"], 0x50}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000002020104000000000000000a0000003c0002800c000280040001100000000014000300fe80000000000000000000000000000014000400"/72], 0x50}}, 0x0)

1.047891685s ago: executing program 4 (id=3065):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb7, 0x5c, 0x7f, 0x40, 0x547, 0x201, 0x1164, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa2, 0xcd, 0xd2}}]}}]}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001300000008000300", @ANYRES32=r4, @ANYBLOB="06001200000000000600b50085017daa0a000600ffffffffffff0000040013000c0043"], 0x48}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="28010000", @ANYRES16], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$VT_OPENQRY(r1, 0x5600, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x18, 0x24, 0x301, 0x270bd27, 0x25dfdbfd, {0x5}, [@typed={0x4, 0xb0}]}, 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000340)={0x1, @vbi={0x4, 0x3, 0x6, 0x34343459, [0xa289, 0x800], [0xa, 0x24], 0x2}})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r8, &(0x7f00000000c0)={0x20000003})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e6400000000180002801400088008"], 0x48}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

1.047546529s ago: executing program 2 (id=3066):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_macvtap\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r1], 0x34}}, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x20, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc10c5541, &(0x7f0000000340)=0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x5c, 0x10, 0x401, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b, 0x8000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @dev={0xfe, 0x80, '\x00', 0x27}}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'geneve1\x00'}]}, 0x5c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="9fe90100180000006d5b949fb769b64d1400000005000000030000000100000604000000020000000800000000002e6100"], 0x0, 0x31, 0x0, 0x1, 0x4, 0x0, @void, @value}, 0x28)

855.581339ms ago: executing program 2 (id=3067):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000004c40)=""/4098, 0x1002}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000000700)=""/179, 0xb3}], 0x5}, 0x80000000}], 0x4, 0x40008062, 0x0)

0s ago: executing program 5 (id=3068):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="13000000000000000100000022bf000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ca00"/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000180)="10000000000000000100000001000000", 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000080), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)
mkdir(0x0, 0x8)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12)
gettid()
move_mount(0xffffffffffffff9c, &(0x7f0000008080)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='\x00', 0x160)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000280)="bb3965c2c4d8f4c8252bc12620612bc7ccfd5f5587336a774f4d1545f79b4cfbd4be46398891b10dfe13ad8dc2bdf657bfaaa9dd7dc2428b0d7a82f33e99fc30f8180cdfc1d12ab4c36d61589beab52a9ce1b1aeb2101c22e7d232f97161566df7858abe91b79749d12f7f865332efbe36413e8ee5a88078b5d3a00241880abcf91f9387294a24362bb22a45e2aad0632fde50b5a170e0422ad6f6f45b28b03a870c993dc9cd893ff0ab90693def387683703c5776879fea425fdabcffb7880bcc31e36bcd6be19949494cc0b456", 0xce)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0)
writev(r4, &(0x7f0000000380)=[{&(0x7f00000003c0)="ea783c92238d743acbd9ae1904f0c3ac5c6eb1cb60047c942a82672a880cfd272c804133d613246811dc0bceb263758e84ee0b8486e415bc9f94e1badc2f4e823a025754f7608f0836a6d3a07f41a5d13a0fb7b9b3ca2bdbb878b24800000000000000009b0ff9e7eceefb30962a3c85f3368fc8a5d3497b840f48c9f2eb5efed5a6bce7", 0x84}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4000003, 0x13, r4, 0x0)
ioctl(r4, 0x1, &(0x7f0000000080))
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

3
[  721.707698][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  721.761094][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  721.784402][    T9] usb 4-1: SerialNumber: syz
[  722.025347][    T9] usb 4-1: 0:2 : does not exist
[  722.074572][    T9] usb 4-1: USB disconnect, device number 53
[  722.224455][   T10] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input16
[  722.247851][ T5183] bcm5974 6-1:1.0: could not read from device
[  722.257715][   T10] usb 6-1: USB disconnect, device number 4
[  722.266504][ T5183] bcm5974 6-1:1.0: could not read from device
[  722.275826][T10028] udevd[10028]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  722.292001][ T5870] usb 3-1: new full-speed USB device number 50 using dummy_hcd
[  722.447112][   T47] IPVS: starting estimator thread 0...
[  722.455406][ T5870] usb 3-1: config index 0 descriptor too short (expected 63186, got 210)
[  722.483168][ T5870] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[  722.500867][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  722.522632][ T5870] usb 3-1: config 0 has no interface number 0
[  722.536265][ T5870] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  722.554360][T14195] IPVS: using max 29 ests per chain, 69600 per kthread
[  722.575457][ T5870] usb 3-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  722.610644][ T5870] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  722.641232][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.669407][ T5870] usb 3-1: config 0 descriptor??
[  722.733498][ T5870] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  722.807416][T14200] erspan0: entered promiscuous mode
[  722.861547][T14200] erspan0: left promiscuous mode
[  722.954962][   T12] usb 3-1: Failed to submit usb control message: -71
[  722.964995][   T12] usb 3-1: unable to send the bmi data to the device: -71
[  722.972174][   T12] usb 3-1: unable to get target info from device
[  722.984230][ T5870] usb 3-1: USB disconnect, device number 50
[  722.992083][   T12] usb 3-1: could not get target info (-71)
[  722.998644][   T12] usb 3-1: could not probe fw (-71)
[  724.258091][T14228] 8021q: VLANs not supported on wlan1
[  724.335674][T14232] virt_wifi0 speed is unknown, defaulting to 1000
[  724.579108][T14239] netfs: Couldn't get user pages (rc=-14)
[  725.094112][T14256] syz.5.2224: attempt to access beyond end of device
[  725.094112][T14256] nbd5: rw=0, sector=2, nr_sectors = 1 limit=0
[  725.963742][   T30] audit: type=1400 audit(2000000621.130:204): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14261 comm="syz.2.2228" dest=20004
[  726.590771][T14271] netlink: 'syz.1.2230': attribute type 1 has an invalid length.
[  726.627764][T14271] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2230'.
[  727.039963][T14284] FAULT_INJECTION: forcing a failure.
[  727.039963][T14284] name failslab, interval 1, probability 0, space 0, times 0
[  727.091463][T14284] CPU: 0 UID: 0 PID: 14284 Comm: syz.2.2234 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  727.091493][T14284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  727.091505][T14284] Call Trace:
[  727.091513][T14284]  <TASK>
[  727.091521][T14284]  dump_stack_lvl+0x241/0x360
[  727.091552][T14284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  727.091575][T14284]  ? __pfx__printk+0x10/0x10
[  727.091595][T14284]  ? __lock_acquire+0xad5/0xd80
[  727.091628][T14284]  should_fail_ex+0x424/0x570
[  727.091657][T14284]  should_failslab+0xac/0x100
[  727.091688][T14284]  kmem_cache_alloc_noprof+0x78/0x390
[  727.091718][T14284]  ? skb_clone+0x20c/0x390
[  727.091739][T14284]  skb_clone+0x20c/0x390
[  727.091759][T14284]  __netlink_deliver_tap+0x3c4/0x7f0
[  727.091787][T14284]  ? netlink_deliver_tap+0x2e/0x1b0
[  727.091804][T14284]  netlink_deliver_tap+0x19d/0x1b0
[  727.091823][T14284]  netlink_unicast+0x7c6/0x9a0
[  727.091857][T14284]  ? __pfx_netlink_unicast+0x10/0x10
[  727.091884][T14284]  ? __virt_addr_valid+0x45f/0x530
[  727.091906][T14284]  ? __phys_addr_symbol+0x2f/0x70
[  727.091926][T14284]  ? __check_object_size+0x478/0x720
[  727.091959][T14284]  netlink_sendmsg+0x8e8/0xce0
[  727.091987][T14284]  ? __pfx_netlink_sendmsg+0x10/0x10
[  727.092016][T14284]  ? __pfx_netlink_sendmsg+0x10/0x10
[  727.092035][T14284]  __sock_sendmsg+0x221/0x270
[  727.092059][T14284]  ____sys_sendmsg+0x53c/0x870
[  727.092094][T14284]  ? __pfx_____sys_sendmsg+0x10/0x10
[  727.092121][T14284]  ? __fget_files+0x2a/0x420
[  727.092143][T14284]  ? __fget_files+0x2a/0x420
[  727.092169][T14284]  __sys_sendmsg+0x271/0x360
[  727.092196][T14284]  ? bpf_bprintf_cleanup+0x9f/0xd0
[  727.092220][T14284]  ? __pfx___sys_sendmsg+0x10/0x10
[  727.092270][T14284]  ? __pfx_bpf_trace_run2+0x10/0x10
[  727.092298][T14284]  ? trace_sys_enter+0x74/0x120
[  727.092331][T14284]  ? rcu_is_watching+0x15/0xb0
[  727.092349][T14284]  ? trace_sys_enter+0x25/0x120
[  727.092380][T14284]  do_syscall_64+0xf3/0x230
[  727.092406][T14284]  ? clear_bhb_loop+0x45/0xa0
[  727.092428][T14284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.092447][T14284] RIP: 0033:0x7fdd91d8d169
[  727.092463][T14284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.092481][T14284] RSP: 002b:00007fdd92c8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  727.092512][T14284] RAX: ffffffffffffffda RBX: 00007fdd91fa5fa0 RCX: 00007fdd91d8d169
[  727.092525][T14284] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  727.092536][T14284] RBP: 00007fdd92c8f090 R08: 0000000000000000 R09: 0000000000000000
[  727.092547][T14284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.092557][T14284] R13: 0000000000000000 R14: 00007fdd91fa5fa0 R15: 00007ffc3122fa68
[  727.092579][T14284]  </TASK>
[  727.576071][T14293] netfs: Couldn't get user pages (rc=-14)
[  728.209665][T14300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2239'.
[  728.256900][T14300] netlink: 'syz.4.2239': attribute type 12 has an invalid length.
[  728.319056][T14304] virt_wifi0 speed is unknown, defaulting to 1000
[  729.538947][T14321] syz.2.2243: attempt to access beyond end of device
[  729.538947][T14321] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0
[  729.823871][ T5870] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  730.119637][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  730.329682][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  730.340076][ T5870] usb 4-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  730.350855][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.363466][ T5870] usb 4-1: config 0 descriptor??
[  731.084756][ T5870] hid-led 0003:1D34:0004.000C: unknown main item tag 0x0
[  731.393930][ T5870] hid-led 0003:1D34:0004.000C: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.3-1/input0
[  731.419685][ T5870] hid-led 0003:1D34:0004.000C: Dream Cheeky Webmail Notifier initialized
[  731.521784][T14337] ip6t_rpfilter: unknown options
[  732.089400][   T47] usb 4-1: USB disconnect, device number 54
[  732.301233][T14339] bridge0: port 2(vlan3) entered blocking state
[  732.310649][T14339] bridge0: port 2(vlan3) entered disabled state
[  732.320511][T14339] vlan3: entered allmulticast mode
[  732.327585][T14339] batadv0: entered allmulticast mode
[  732.337839][T14339] vlan3: entered promiscuous mode
[  732.343009][T14339] batadv0: entered promiscuous mode
[  732.351442][T14339] bridge0: port 2(vlan3) entered blocking state
[  732.357844][T14339] bridge0: port 2(vlan3) entered forwarding state
[  733.493893][T14357] KVM: debugfs: duplicate directory 14357-6
[  733.633763][    T9] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  733.794274][ T5871] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  733.807562][    T9] usb 4-1: config 16 has an invalid interface number: 224 but max is 0
[  733.816466][    T9] usb 4-1: config 16 has an invalid interface number: 2 but max is 0
[  733.825020][    T9] usb 4-1: config 16 has 2 interfaces, different from the descriptor's value: 1
[  733.834772][    T9] usb 4-1: config 16 has no interface number 0
[  733.842370][    T9] usb 4-1: config 16 has no interface number 1
[  733.849470][    T9] usb 4-1: config 16 interface 2 has no altsetting 0
[  733.872702][    T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice=76.e9
[  733.883428][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.896214][    T9] usb 4-1: Product: syz
[  733.900549][    T9] usb 4-1: Manufacturer: syz
[  733.907364][    T9] usb 4-1: SerialNumber: syz
[  733.933028][    T9] snd-usb-audio 4-1:16.224: probe with driver snd-usb-audio failed with error -22
[  733.955456][ T5871] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  733.967711][ T5871] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  733.985420][ T5871] usb 3-1: config 0 interface 0 has no altsetting 0
[  733.995404][ T5871] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  734.005550][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.016866][ T5871] usb 3-1: config 0 descriptor??
[  734.024771][T14360] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  734.149725][T14354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.173972][T14354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  734.227226][    T9] snd-usb-audio 4-1:16.2: probe with driver snd-usb-audio failed with error -22
[  734.239652][    T9] usb 4-1: USB disconnect, device number 55
[  734.457484][T10028] udevd[10028]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:16.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  734.475736][ T5871] usbhid 3-1:0.0: can't add hid device: -71
[  734.481782][ T5871] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  734.593948][T14380] blktrace: Concurrent blktraces are not allowed on loop3
[  734.621294][   T30] audit: type=1400 audit(2000000629.800:205): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14375 comm="syz.1.2264" daddr=::ffff:172.20.20.0
[  735.105103][ T5871] usb 3-1: USB disconnect, device number 51
[  735.310178][T14388] cifs: Unknown parameter 'no'‘a�£Nð[G¶zob,erèèµ;%j¸¼
[  735.310178][T14388] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.�W1ȱ¨nNCº"†CÙ×ðÚ<“™+`# ÷Ž¢k²–'
[  735.503859][ T5870] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  735.593830][   T47] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[  735.633901][ T5870] usb 6-1: device descriptor read/64, error -71
[  735.968878][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  736.505836][ T5870] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  736.813964][T14408] Failed to get privilege flags for destination (handle=0x2:0x9)
[  737.160209][   T47] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  737.176913][   T47] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  737.185386][   T47] usb 4-1: Product: syz
[  737.190241][   T47] usb 4-1: Manufacturer: syz
[  737.195076][   T47] usb 4-1: SerialNumber: syz
[  737.208033][   T47] usb 4-1: config 0 descriptor??
[  737.214769][T14390] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  737.228622][   T47] hub 4-1:0.0: bad descriptor, ignoring hub
[  737.234845][ T5870] usb 6-1: device descriptor read/64, error -71
[  737.247325][   T47] hub 4-1:0.0: probe with driver hub failed with error -5
[  737.354432][ T5870] usb usb6-port1: attempt power cycle
[  737.624536][   T10] usb 4-1: USB disconnect, device number 56
[  737.724629][ T5870] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  737.757296][ T5870] usb 6-1: device descriptor read/8, error -71
[  738.043859][ T5870] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  738.678679][ T5870] usb 6-1: device descriptor read/8, error -71
[  738.773782][ T5874] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  738.825558][ T5870] usb usb6-port1: unable to enumerate USB device
[  738.923923][ T5874] usb 3-1: Using ep0 maxpacket: 16
[  739.130623][ T5874] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  739.283705][ T5874] usb 3-1: config 0 has no interface number 0
[  740.103352][ T5874] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  740.120238][T14438] ipip0: entered promiscuous mode
[  740.125555][T14438] ipip0: entered allmulticast mode
[  740.144341][T14439] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2287'.
[  740.151052][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.169423][ T5874] usb 3-1: Product: syz
[  740.180984][ T5874] usb 3-1: Manufacturer: syz
[  740.242999][ T5874] usb 3-1: SerialNumber: syz
[  740.269414][ T5874] usb 3-1: config 0 descriptor??
[  740.297318][ T5874] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  740.506520][   T30] audit: type=1400 audit(2000000635.720:206): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="]-{" object="_" requested=w pid=14422 comm="syz.2.2282" saddr=::ffff:224.0.0.2 daddr=fe80::aa dest=20002 netif=wpan0
[  740.926945][T14454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2293'.
[  741.043977][ T5874] gspca_spca1528: reg_w err -110
[  741.063864][ T5874] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  741.817231][ T5874] usb 3-1: USB disconnect, device number 52
[  743.355456][T14490] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2301'.
[  743.936173][T14504] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2306'.
[  743.975314][   T30] audit: type=1400 audit(2000000638.980:207): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14501 comm="syz.1.2307" daddr=::ffff:224.0.0.2
[  744.738077][T14507] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2309'.
[  744.889572][T14514] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2310'.
[  744.947691][T14511] IPVS: set_ctl: invalid protocol: 58 172.20.20.187:20000
[  744.955700][T14516] IPVS: sync thread started: state = MASTER, mcast_ifn = macvlan1, syncid = -1, id = 0
[  745.023532][T14519] netlink: 'syz.2.2311': attribute type 2 has an invalid length.
[  745.035759][T14519] netlink: 119 bytes leftover after parsing attributes in process `syz.2.2311'.
[  746.010439][T14544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2318'.
[  747.145366][T14557] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2319'.
[  747.162271][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  747.169018][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  748.272423][T14565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2323'.
[  748.423771][ T5874] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  748.450468][T14578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2327'.
[  748.603695][ T5874] usb 3-1: Using ep0 maxpacket: 8
[  748.637086][ T5874] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  748.673033][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  748.780912][ T5874] usb 3-1: Product: syz
[  748.833760][ T5874] usb 3-1: Manufacturer: syz
[  748.856187][ T5874] usb 3-1: SerialNumber: syz
[  749.159787][ T5874] usb 3-1: config 0 descriptor??
[  749.177103][ T5874] usbtest 3-1:0.0: FX2 device
[  749.203772][ T5874] usbtest 3-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  749.486330][T14590] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2330'.
[  749.527308][T14590] xfrm1: entered promiscuous mode
[  749.532400][T14590] xfrm1: entered allmulticast mode
[  749.856862][T14599] kvm: pic: non byte read
[  749.861851][T14599] kvm: pic: level sensitive irq not supported
[  749.862003][T14599] kvm: pic: non byte read
[  749.896223][T14599] kvm: pic: level sensitive irq not supported
[  749.896297][T14599] kvm: pic: non byte read
[  749.914208][T14599] kvm: pic: level sensitive irq not supported
[  749.914282][T14599] kvm: pic: non byte read
[  749.974227][T14599] kvm: pic: level sensitive irq not supported
[  749.974289][T14599] kvm: pic: non byte read
[  750.007047][ T5871] usb 3-1: USB disconnect, device number 53
[  750.019800][T14599] kvm: pic: level sensitive irq not supported
[  750.019872][T14599] kvm: pic: non byte read
[  750.083139][T14599] kvm: pic: level sensitive irq not supported
[  750.083216][T14599] kvm: pic: non byte read
[  750.281968][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2337'.
[  750.336868][T14614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2338'.
[  751.012848][T14618] tmpfs: Unknown parameter 'quot ¬'
[  751.048957][T14609] netlink: 'syz.2.2337': attribute type 12 has an invalid length.
[  751.088207][T14614] netlink: 'syz.3.2338': attribute type 12 has an invalid length.
[  751.458319][T14634] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2341'.
[  751.806838][T14643] FAULT_INJECTION: forcing a failure.
[  751.806838][T14643] name failslab, interval 1, probability 0, space 0, times 0
[  751.853961][T14643] CPU: 1 UID: 0 PID: 14643 Comm: syz.2.2344 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  751.853991][T14643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  751.854003][T14643] Call Trace:
[  751.854011][T14643]  <TASK>
[  751.854018][T14643]  dump_stack_lvl+0x241/0x360
[  751.854045][T14643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  751.854064][T14643]  ? __pfx__printk+0x10/0x10
[  751.854084][T14643]  ? __pfx___might_resched+0x10/0x10
[  751.854111][T14643]  should_fail_ex+0x424/0x570
[  751.854136][T14643]  should_failslab+0xac/0x100
[  751.854165][T14643]  __kmalloc_noprof+0xdf/0x4d0
[  751.854180][T14643]  ? video_usercopy+0x1f4/0x1390
[  751.854210][T14643]  video_usercopy+0x1f4/0x1390
[  751.854245][T14643]  ? __pfx___video_do_ioctl+0x10/0x10
[  751.854262][T14643]  ? __pfx_video_usercopy+0x10/0x10
[  751.854288][T14643]  ? smack_file_ioctl+0x306/0x3b0
[  751.854317][T14643]  ? __fget_files+0x2a/0x420
[  751.854339][T14643]  ? __fget_files+0x2a/0x420
[  751.854359][T14643]  v4l2_ioctl+0x189/0x1e0
[  751.854385][T14643]  ? __pfx_v4l2_ioctl+0x10/0x10
[  751.854412][T14643]  __se_sys_ioctl+0xf1/0x160
[  751.854434][T14643]  do_syscall_64+0xf3/0x230
[  751.854456][T14643]  ? clear_bhb_loop+0x45/0xa0
[  751.854474][T14643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.854497][T14643] RIP: 0033:0x7fdd91d8d169
[  751.854511][T14643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  751.854525][T14643] RSP: 002b:00007fdd92c8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  751.854542][T14643] RAX: ffffffffffffffda RBX: 00007fdd91fa5fa0 RCX: 00007fdd91d8d169
[  751.854553][T14643] RDX: 0000200000000140 RSI: 00000000c100565c RDI: 0000000000000003
[  751.854563][T14643] RBP: 00007fdd92c8f090 R08: 0000000000000000 R09: 0000000000000000
[  751.854573][T14643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  751.854582][T14643] R13: 0000000000000000 R14: 00007fdd91fa5fa0 R15: 00007ffc3122fa68
[  751.854602][T14643]  </TASK>
[  752.487725][   T47] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  752.518629][   T47] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  752.996631][T14663] netlink: 'syz.3.2350': attribute type 1 has an invalid length.
[  753.015861][T14663] batadv1: entered allmulticast mode
[  754.212084][T14665] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  754.227404][T14674] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2352'.
[  755.183697][   T30] audit: type=1400 audit(2000000649.850:208): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14677 comm="syz.3.2353" daddr=::ffff:172.20.20.57 dest=20001
[  756.150386][T14707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2365'.
[  756.261487][T14713] netlink: 'syz.5.2363': attribute type 10 has an invalid length.
[  756.270736][T14713] bridge0: port 2(vlan3) entered disabled state
[  756.973766][ T5871] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  757.145548][ T5871] usb 3-1: Using ep0 maxpacket: 8
[  757.160108][T14719] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2367'.
[  757.179249][ T5871] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  757.382208][T14727] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  757.396740][ T5871] usb 3-1: config 0 has no interfaces?
[  757.444983][T14719] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  757.450417][ T5871] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  757.500008][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.724469][ T5871] usb 3-1: Product: syz
[  757.728685][ T5871] usb 3-1: Manufacturer: syz
[  757.733453][ T5871] usb 3-1: SerialNumber: syz
[  757.739814][ T5871] usb 3-1: config 0 descriptor??
[  757.994757][T14699] netlink: 'syz.2.2361': attribute type 1 has an invalid length.
[  758.002566][T14699] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2361'.
[  758.038259][   T47] usb 3-1: USB disconnect, device number 54
[  760.248999][T14767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2378'.
[  760.623793][   T10] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  760.645261][T14779] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2380'.
[  761.508825][   T10] usb 4-1: Using ep0 maxpacket: 8
[  761.517935][   T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  761.540367][T14783] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  761.540899][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  761.563983][T14783] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  761.564222][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  761.624392][   T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  761.662256][T14790] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2388'.
[  761.671314][   T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  761.696091][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.706397][T14790] netlink: 'syz.1.2388': attribute type 12 has an invalid length.
[  762.541073][   T10] usb 4-1: GET_CAPABILITIES returned 0
[  762.555171][   T10] usbtmc 4-1:16.0: can't read capabilities
[  762.945547][   T10] usb 4-1: USB disconnect, device number 57
[  763.440368][T14826] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2399'.
[  763.579146][   T30] audit: type=1326 audit(2000000658.800:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  763.606525][   T30] audit: type=1326 audit(2000000658.800:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  763.709729][   T30] audit: type=1326 audit(2000000658.800:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  763.750387][   T30] audit: type=1326 audit(2000000658.800:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd62f529359 code=0x7ffc0000
[  763.771953][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.800593][   T30] audit: type=1326 audit(2000000658.800:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  763.813192][T14837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2402'.
[  763.822458][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.827556][   T30] audit: type=1326 audit(2000000658.820:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd62f529359 code=0x7ffc0000
[  763.859000][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.873164][T14831] vlan3: entered promiscuous mode
[  763.879733][T14837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2402'.
[  763.897922][T14831] veth1_to_batadv: entered promiscuous mode
[  763.907196][T14831] veth1_to_batadv: left promiscuous mode
[  763.913504][T14837] netlink: 'syz.4.2402': attribute type 15 has an invalid length.
[  763.942667][   T30] audit: type=1326 audit(2000000658.820:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  763.982167][   T30] audit: type=1326 audit(2000000658.820:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd62f529359 code=0x7ffc0000
[  764.109039][   T30] audit: type=1326 audit(2000000658.820:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd62f58d169 code=0x7ffc0000
[  764.133837][   T10] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  764.163492][   T30] audit: type=1326 audit(2000000658.920:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14829 comm="syz.1.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd62f529359 code=0x7ffc0000
[  764.200488][T14845] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  764.232622][T14853] netlink: 'syz.5.2407': attribute type 10 has an invalid length.
[  764.317499][T14853] mac80211_hwsim hwsim17 wlan1: left allmulticast mode
[  764.356028][T14853] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode
[  764.393985][T14853] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  764.418426][T14853] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  764.664066][   T47] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  764.686671][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.692145][ T9441] libceph: connect (1)[c::]:6789 error -101
[  764.698118][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.714316][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  764.727973][T14866] ceph: No mds server is up or the cluster is laggy
[  764.728366][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  764.744373][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.747295][ T9441] libceph: mon0 (1)[c::]:6789 connect error
[  764.764350][   T10] usb 4-1: config 0 descriptor??
[  764.865132][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  764.875883][   T47] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  764.888995][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.899790][   T47] usb 3-1: config 0 descriptor??
[  764.916145][   T47] pwc: Askey VC010 type 2 USB webcam detected.
[  764.952762][T14875] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2415'.
[  765.227737][T14884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2419'.
[  765.253839][T14884] macvtap1: entered promiscuous mode
[  765.262224][T14884] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  765.278496][T14884] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  765.392051][   T47] pwc: recv_control_msg error -32 req 02 val 2b00
[  765.418406][   T47] pwc: recv_control_msg error -32 req 02 val 2700
[  765.431298][   T47] pwc: recv_control_msg error -32 req 02 val 2c00
[  765.453127][   T47] pwc: recv_control_msg error -32 req 04 val 1000
[  765.482294][   T47] pwc: recv_control_msg error -32 req 04 val 1300
[  765.498673][   T47] pwc: recv_control_msg error -32 req 04 val 1400
[  765.511444][   T47] pwc: recv_control_msg error -32 req 02 val 2000
[  765.535223][   T47] pwc: recv_control_msg error -32 req 02 val 2100
[  765.542936][   T47] pwc: recv_control_msg error -32 req 04 val 1500
[  765.736771][T14891] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2422'.
[  765.802077][   T47] pwc: recv_control_msg error -32 req 02 val 2400
[  765.824189][   T47] pwc: recv_control_msg error -32 req 02 val 2600
[  765.841028][   T47] pwc: recv_control_msg error -32 req 02 val 2900
[  765.851558][   T47] pwc: recv_control_msg error -32 req 02 val 2800
[  765.871842][   T47] pwc: recv_control_msg error -32 req 04 val 1100
[  765.885048][   T47] pwc: Registered as video103.
[  765.891075][   T47] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input17
[  766.090738][   T47] usb 3-1: USB disconnect, device number 55
[  766.138529][T14903] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2424'.
[  766.209063][ T9441] libceph: connect (1)[c::]:6789 error -101
[  766.215515][ T9441] libceph: mon0 (1)[c::]:6789 connect error
[  766.257780][T14905] ceph: No mds server is up or the cluster is laggy
[  766.361771][T14915] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2427'.
[  766.854144][T14930] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2434'.
[  767.205271][T14933] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2435'.
[  767.526769][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  767.541158][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  767.567089][   T10] usb 4-1: USB disconnect, device number 58
[  767.944516][T14945] ceph: No mds server is up or the cluster is laggy
[  767.951902][    T9] libceph: connect (1)[c::]:6789 error -101
[  767.968598][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  768.139056][T14960] TCP: TCP_TX_DELAY enabled
[  768.278179][T14960] virt_wifi0 speed is unknown, defaulting to 1000
[  768.936088][ T5870] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  769.093838][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  769.114327][ T5870] usb 4-1: unable to get BOS descriptor or descriptor too short
[  769.143405][ T5870] usb 4-1: config 2 has an invalid interface number: 9 but max is 0
[  769.152306][ T5870] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  769.171062][ T5870] usb 4-1: config 2 has no interface number 0
[  769.179511][ T5870] usb 4-1: config 2 interface 9 altsetting 10 bulk endpoint 0x9 has invalid maxpacket 64
[  769.195897][ T5870] usb 4-1: config 2 interface 9 altsetting 10 endpoint 0xC has invalid wMaxPacketSize 0
[  769.206312][ T5870] usb 4-1: config 2 interface 9 altsetting 10 bulk endpoint 0xC has invalid maxpacket 0
[  769.224427][ T5870] usb 4-1: config 2 interface 9 altsetting 10 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  769.264897][ T5870] usb 4-1: config 2 interface 9 has no altsetting 0
[  769.275937][ T5870] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=6f.97
[  769.285381][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.305479][ T5870] usb 4-1: Product: Ы
[  769.323763][ T5870] usb 4-1: Manufacturer: ﳿ
[  769.328442][ T5870] usb 4-1: SerialNumber: �䌦��鯯ว滑Ÿ긙��俄છÿ㘔摫෺欕釤�떢ﰚ㮂뀲惵袥箒ꓷ院ᾡᓡ�凉�챮甤倠鯬襵螖瓬굻샥ś虴᥶�䉰᣶惈ㅌꢌ蘄厃䕜
[  769.383871][T14989] __nla_validate_parse: 1 callbacks suppressed
[  769.383893][T14989] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2452'.
[  769.424461][T14967] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  769.623086][T14992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2454'.
[  769.633992][T14992] netlink: 'syz.1.2454': attribute type 1 has an invalid length.
[  769.656991][T14967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.694763][T14967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.703099][T14992] netlink: 'syz.1.2454': attribute type 2 has an invalid length.
[  772.028501][ T5870] pn533_usb 4-1:2.9: NFC: Could not find bulk-in or bulk-out endpoint
[  772.102780][ T5870] usb 4-1: USB disconnect, device number 59
[  772.429109][T15029] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2465'.
[  772.838311][T15039] trusted_key: syz.3.2469 sent an empty control message without MSG_MORE.
[  772.964114][T15035] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2467'.
[  773.100470][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  773.100490][   T30] audit: type=1326 audit(2000000668.320:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15041 comm="syz.2.2470" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdd91d8d169 code=0x0
[  773.978570][T15048] random: crng reseeded on system resumption
[  773.993681][ T5871] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  774.153770][ T5871] usb 3-1: Using ep0 maxpacket: 8
[  774.166965][ T5871] usb 3-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a
[  774.177842][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  774.191176][ T5871] usb 3-1: Product: syz
[  774.197354][ T5871] usb 3-1: Manufacturer: syz
[  774.202225][ T5871] usb 3-1: SerialNumber: syz
[  774.218689][ T5871] usb 3-1: config 0 descriptor??
[  774.238355][ T5871] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[  774.316211][   T30] audit: type=1326 audit(2000000669.540:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  774.351485][   T30] audit: type=1326 audit(2000000669.560:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.382020][   T30] audit: type=1326 audit(2000000669.560:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  774.404725][   T30] audit: type=1326 audit(2000000669.560:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.429152][   T30] audit: type=1326 audit(2000000669.560:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.455539][   T30] audit: type=1326 audit(2000000669.560:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.535364][   T30] audit: type=1326 audit(2000000669.560:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.566441][   T30] audit: type=1326 audit(2000000669.560:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da5b29359 code=0x7ffc0000
[  774.589589][   T30] audit: type=1326 audit(2000000669.560:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15060 comm="syz.5.2474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  774.755982][ T5871] gspca_sn9c2028: read1 error -110
[  774.761572][ T5871] gspca_sn9c2028: read1 error -32
[  774.767173][ T5871] gspca_sn9c2028: read1 error -32
[  774.772435][ T5871] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -32
[  775.615487][T15071] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2478'.
[  776.685030][T15081] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000'
[  776.972680][ T9441] usb 3-1: USB disconnect, device number 56
[  777.253226][T15083] vlan2: left allmulticast mode
[  777.290805][T15089] FAULT_INJECTION: forcing a failure.
[  777.290805][T15089] name failslab, interval 1, probability 0, space 0, times 0
[  777.314822][T15083] bond0: left allmulticast mode
[  777.319858][T15083] vlan2: left promiscuous mode
[  777.339768][T15089] CPU: 1 UID: 0 PID: 15089 Comm: syz.2.2483 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  777.339795][T15089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  777.339806][T15089] Call Trace:
[  777.339813][T15089]  <TASK>
[  777.339821][T15089]  dump_stack_lvl+0x241/0x360
[  777.339850][T15089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.339874][T15089]  ? __pfx__printk+0x10/0x10
[  777.339899][T15089]  ? __pfx___might_resched+0x10/0x10
[  777.339931][T15089]  should_fail_ex+0x424/0x570
[  777.339958][T15089]  should_failslab+0xac/0x100
[  777.339988][T15089]  __kmalloc_noprof+0xdf/0x4d0
[  777.340004][T15089]  ? do_sys_poll+0x2c5/0x1610
[  777.340027][T15089]  do_sys_poll+0x2c5/0x1610
[  777.340061][T15089]  ? __pfx_do_sys_poll+0x10/0x10
[  777.340081][T15089]  ? __pfx_ring_buffer_lock_reserve+0x10/0x10
[  777.340118][T15089]  ? kstrtoull+0x1d3/0x2f0
[  777.340213][T15089]  ? ktime_get_ts64+0xa1/0x440
[  777.340233][T15089]  ? seqcount_lockdep_reader_access+0x159/0x230
[  777.340254][T15089]  ? lockdep_hardirqs_on+0x9d/0x150
[  777.340299][T15089]  ? __pfx_set_user_sigmask+0x10/0x10
[  777.340329][T15089]  ? bpf_trace_run2+0x39f/0x550
[  777.340358][T15089]  __se_sys_ppoll+0x2a2/0x330
[  777.340403][T15089]  ? __pfx___se_sys_ppoll+0x10/0x10
[  777.340436][T15089]  ? trace_sys_enter+0x74/0x120
[  777.340466][T15089]  ? rcu_is_watching+0x15/0xb0
[  777.340485][T15089]  ? trace_sys_enter+0x25/0x120
[  777.340515][T15089]  ? __x64_sys_ppoll+0x20/0xc0
[  777.340551][T15089]  do_syscall_64+0xf3/0x230
[  777.340580][T15089]  ? clear_bhb_loop+0x45/0xa0
[  777.340605][T15089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.340626][T15089] RIP: 0033:0x7fdd91d8d169
[  777.340644][T15089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  777.340662][T15089] RSP: 002b:00007fdd92c8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  777.340684][T15089] RAX: ffffffffffffffda RBX: 00007fdd91fa5fa0 RCX: 00007fdd91d8d169
[  777.340699][T15089] RDX: 0000200000000340 RSI: 200000000000007e RDI: 0000200000000300
[  777.340714][T15089] RBP: 00007fdd92c8f090 R08: 0000000000000000 R09: 0000000000000000
[  777.340727][T15089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.340740][T15089] R13: 0000000000000000 R14: 00007fdd91fa5fa0 R15: 00007ffc3122fa68
[  777.340767][T15089]  </TASK>
[  777.353715][T15083] bond0: left promiscuous mode
[  777.504226][T15092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'.
[  777.644866][T15083] bridge0: port 1(vlan2) entered disabled state
[  777.878578][T15099] netlink: 277 bytes leftover after parsing attributes in process `syz.5.2486'.
[  778.445643][T15116] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2491'.
[  778.456085][T15116] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2491'.
[  780.824609][   T30] kauditd_printk_skb: 247 callbacks suppressed
[  780.824627][   T30] audit: type=1800 audit(2000000676.040:509): pid=15143 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.2500" name="/newroot/570/memory.stat" dev="tmpfs" ino=3064 res=0 errno=0
[  781.201399][   T30] audit: type=1400 audit(2000000676.190:510): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=15157 comm="syz.3.2504" daddr=::ffff:172.20.20.0
[  784.333751][   T10] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  784.429317][T15207] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2518'.
[  785.063790][ T5827] Bluetooth: hci2: command 0x0406 tx timeout
[  785.324663][   T10] usb 3-1: Using ep0 maxpacket: 32
[  785.336166][   T10] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[  785.360799][   T10] usb 3-1: New USB device found, idVendor=04e2, idProduct=1410, bcdDevice=81.85
[  785.374418][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.404582][   T10] usb 3-1: Product: syz
[  785.408825][   T10] usb 3-1: Manufacturer: syz
[  785.425506][   T10] usb 3-1: SerialNumber: syz
[  785.443200][   T10] xr_serial 3-1:253.0: failed to claim sibling interface: -16
[  785.461940][   T10] xr_serial 3-1:253.0: probe with driver xr_serial failed with error -16
[  785.647794][ T5871] usb 3-1: USB disconnect, device number 57
[  786.525234][   T10] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  786.678624][T15235] xt_time: invalid argument - start or stop time greater than 23:59:59
[  786.729454][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  786.780483][ T5871] IPVS: starting estimator thread 0...
[  787.297367][T15236] Device name cannot be null; rc = [-22]
[  787.304145][   T10] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  787.316997][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  787.340568][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  787.351667][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  787.370821][   T10] usb 4-1: SerialNumber: syz
[  787.439064][T15238] IPVS: using max 42 ests per chain, 100800 per kthread
[  787.451553][T15224] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  787.462529][   T10] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  787.479061][   T10] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12
[  787.515195][ T5826] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  787.695449][   T10] usb 4-1: USB disconnect, device number 60
[  787.994783][ T5826] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  788.337891][ T5826] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  788.348959][T15250] FAULT_INJECTION: forcing a failure.
[  788.348959][T15250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  788.369745][T15250] CPU: 0 UID: 0 PID: 15250 Comm: syz.5.2532 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  788.369775][T15250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  788.369787][T15250] Call Trace:
[  788.369794][T15250]  <TASK>
[  788.369803][T15250]  dump_stack_lvl+0x241/0x360
[  788.369834][T15250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  788.369858][T15250]  ? __pfx__printk+0x10/0x10
[  788.369889][T15250]  should_fail_ex+0x424/0x570
[  788.369924][T15250]  strncpy_from_user+0x36/0x280
[  788.369951][T15250]  getname_flags+0xf0/0x530
[  788.369975][T15250]  do_sys_openat2+0xbf/0x1d0
[  788.369996][T15250]  ? bpf_trace_run2+0x1fe/0x550
[  788.370018][T15250]  ? __pfx_do_sys_openat2+0x10/0x10
[  788.370040][T15250]  ? bpf_trace_run2+0x39f/0x550
[  788.370075][T15250]  __x64_sys_openat+0x249/0x2a0
[  788.370095][T15250]  ? __pfx___x64_sys_openat+0x10/0x10
[  788.370115][T15250]  ? rcu_is_watching+0x15/0xb0
[  788.370150][T15250]  ? trace_sys_enter+0x25/0x120
[  788.370184][T15250]  do_syscall_64+0xf3/0x230
[  788.370218][T15250]  ? clear_bhb_loop+0x45/0xa0
[  788.370239][T15250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.370256][T15250] RIP: 0033:0x7f3da5b8d169
[  788.370273][T15250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  788.370288][T15250] RSP: 002b:00007f3da6972038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  788.370309][T15250] RAX: ffffffffffffffda RBX: 00007f3da5da5fa0 RCX: 00007f3da5b8d169
[  788.370324][T15250] RDX: 0040000000040201 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  788.370340][T15250] RBP: 00007f3da6972090 R08: 0000000000000000 R09: 0000000000000000
[  788.370353][T15250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.370365][T15250] R13: 0000000000000000 R14: 00007f3da5da5fa0 R15: 00007ffc6ec063d8
[  788.370392][T15250]  </TASK>
[  788.375223][ T5826] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  788.727464][ T5826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  788.728185][   T30] audit: type=1400 audit(2000000683.940:511): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=15252 comm="syz.5.2534" dest=2
[  788.743644][ T5826] usb 3-1: SerialNumber: syz
[  788.772161][T15253] dlm: no locking on control device
[  788.991483][T15270] tipc: Enabling of bearer <eth:syz_tun> rejected, failed to enable media
[  788.993522][ T5826] usb 3-1: 0:2 : does not exist
[  789.026170][T15270] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2539'.
[  789.038901][ T5826] usb 3-1: unit 255 not found!
[  789.076698][ T5826] usb 3-1: USB disconnect, device number 58
[  789.160228][T15277] overlay: Unknown parameter 'subj_role'
[  789.274616][T10028] udevd[10028]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  791.723925][   T30] audit: type=1326 audit(2000000686.940:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  791.745821][ T5902] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  791.934384][   T30] audit: type=1326 audit(2000000687.010:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  791.956700][   T30] audit: type=1326 audit(2000000687.080:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  791.978828][   T30] audit: type=1326 audit(2000000687.080:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  792.027134][   T30] audit: type=1326 audit(2000000687.080:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  792.050485][   T30] audit: type=1326 audit(2000000687.080:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  792.142005][T15339] x_tables: ip6_tables: udplite match: only valid for protocol 136
[  792.750801][   T30] audit: type=1326 audit(2000000687.080:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  792.773140][   T30] audit: type=1326 audit(2000000687.080:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  792.842709][   T30] audit: type=1326 audit(2000000687.080:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15326 comm="syz.5.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da5b8d169 code=0x7ffc0000
[  793.082781][T15348] x_tables: ip6_tables: udplite match: only valid for protocol 136
[  793.459878][T15347] fuse: Unknown parameter 'group_i00000000000000000000'
[  793.639048][T15349] virt_wifi0 speed is unknown, defaulting to 1000
[  793.670566][T15347] netfs: Couldn't get user pages (rc=-14)
[  794.499497][T15360] overlayfs: failed to clone upperpath
[  795.333701][   T10] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  795.994978][T15384] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  796.429152][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  796.429242][   T30] audit: type=1400 audit(2000000691.640:540): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=15386 comm="syz.3.2578"
[  797.027783][T15399] overlayfs: failed to clone upperpath
[  797.238591][T15407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2581'.
[  797.256220][T15406] 9pnet_fd: Insufficient options for proto=fd
[  797.338798][T15411] bridge3: entered promiscuous mode
[  799.683831][T15139] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  799.853738][T15139] usb 4-1: device descriptor read/64, error -71
[  800.173788][T15139] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  800.353713][T15139] usb 4-1: device descriptor read/64, error -71
[  800.465588][T15139] usb usb4-port1: attempt power cycle
[  800.864476][T15139] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  800.884575][T15139] usb 4-1: device descriptor read/8, error -71
[  801.135731][T15461] overlayfs: missing 'lowerdir'
[  801.724838][T15460] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2601'.
[  801.744054][T15139] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  801.785347][T15139] usb 4-1: device descriptor read/8, error -71
[  801.921029][T15139] usb usb4-port1: unable to enumerate USB device
[  802.209100][T15474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2603'.
[  802.292034][   T30] audit: type=1326 audit(2000000697.510:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.3.2594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f099b18d169 code=0x7fc00000
[  802.445823][T15485] IPVS: length: 171 != 8
[  802.452133][T15485] sctp: [Deprecated]: syz.4.2608 (pid 15485) Use of int in max_burst socket option deprecated.
[  802.452133][T15485] Use struct sctp_assoc_value instead
[  803.984717][T15504] overlayfs: failed to clone upperpath
[  804.944247][T15504] overlayfs: failed to clone lowerpath
[  804.950550][T15503] fuse: Unknown parameter 'group_id00000000000000000000'
[  804.977011][T15504] overlayfs: failed to clone lowerpath
[  804.993700][T15503] netfs: Couldn't get user pages (rc=-14)
[  806.063443][T15522] overlayfs: failed to clone upperpath
[  806.543077][ T2913] Bluetooth: Error in BCSP hdr checksum
[  806.797367][ T3499] Bluetooth: Error in BCSP hdr checksum
[  807.037089][T15547] virt_wifi0 speed is unknown, defaulting to 1000
[  807.094856][ T9116] Bluetooth: Error in BCSP hdr checksum
[  807.214690][T15546] IPVS: Scheduler module ip_vs_sip not found
[  807.338716][ T6728] Bluetooth: Error in BCSP hdr checksum
[  807.601611][ T2923] Bluetooth: Error in BCSP hdr checksum
[  808.064219][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  808.444872][ T5834] Bluetooth: hci5: command 0x1003 tx timeout
[  808.453257][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  808.461862][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  808.469702][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  808.478157][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  808.487556][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  808.497226][T11483] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  808.509036][ T2923] Bluetooth: Error in BCSP hdr checksum
[  808.624554][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  808.631051][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  808.736858][T15555] virt_wifi0 speed is unknown, defaulting to 1000
[  808.824053][ T6728] Bluetooth: Error in BCSP hdr checksum
[  808.875054][T15568] fuse: Unknown parameter 'group_id00000000000000000000'
[  808.965830][T15568] netfs: Couldn't get user pages (rc=-14)
[  809.076459][ T2923] Bluetooth: Error in BCSP hdr checksum
[  809.092118][T15579] overlayfs: failed to clone lowerpath
[  809.187566][T15555] chnl_net:caif_netlink_parms(): no params data found
[  809.216951][T15584] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2636'.
[  809.673368][T15591] virt_wifi0 speed is unknown, defaulting to 1000
[  810.635448][T11483] Bluetooth: hci1: command tx timeout
[  810.701955][T15555] bridge0: port 1(bridge_slave_0) entered blocking state
[  810.738263][T15555] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.764400][T15555] bridge_slave_0: entered allmulticast mode
[  810.776042][T15555] bridge_slave_0: entered promiscuous mode
[  810.783901][T15555] bridge0: port 2(bridge_slave_1) entered blocking state
[  810.791056][T15555] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.798370][T15555] bridge_slave_1: entered allmulticast mode
[  810.809656][T15555] bridge_slave_1: entered promiscuous mode
[  810.919468][T15615] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2642'.
[  810.932146][T15615] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2642'.
[  810.946960][T15615] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2642'.
[  810.972520][T15615] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2642'.
[  811.735783][T15555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  811.845762][T15555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  811.941998][T15627] fuse: Bad value for 'user_id'
[  811.998990][T15627] fuse: Bad value for 'user_id'
[  812.022999][T15555] team0: Port device team_slave_0 added
[  812.027093][T15627] netfs: Couldn't get user pages (rc=-14)
[  812.050893][T15555] team0: Port device team_slave_1 added
[  812.107347][T15555] batman_adv: batadv0: Adding interface: batadv_slave_0
[  812.116649][T15555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.147770][T15555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  812.160515][T15555] batman_adv: batadv0: Adding interface: batadv_slave_1
[  812.181524][T15555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.207827][T15555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  812.257083][T15555] hsr_slave_0: entered promiscuous mode
[  812.264711][T15555] hsr_slave_1: entered promiscuous mode
[  812.270792][T15555] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  812.280271][T15555] Cannot create hsr debugfs directory
[  812.306758][T15638] netlink: 'syz.4.2650': attribute type 12 has an invalid length.
[  812.318252][   T47] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  812.350312][T15640] netlink: 'syz.5.2648': attribute type 1 has an invalid length.
[  812.373701][T15640] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2648'.
[  812.494109][   T47] usb 3-1: Using ep0 maxpacket: 8
[  812.506268][   T47] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  812.569742][   T47] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  812.663131][   T47] usb 3-1: config 1 has no interface number 1
[  812.669969][ T5834] Bluetooth: hci1: command tx timeout
[  812.729562][   T47] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  812.764440][   T47] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  812.774609][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.782744][   T47] usb 3-1: Manufacturer: ೵侻ਙȯﺨ╹沛�
[  813.095076][   T47] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  813.153840][   T47] usb 3-1: USB disconnect, device number 60
[  813.309503][T15555] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.356452][T15658] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2655'.
[  813.871714][T15555] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.419818][T15666] fuse: Bad value for 'user_id'
[  814.424998][T15666] fuse: Bad value for 'user_id'
[  814.447439][T15666] netfs: Couldn't get user pages (rc=-14)
[  814.521249][T15555] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.671868][T15555] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.744659][ T5834] Bluetooth: hci1: command tx timeout
[  814.878369][T15688] netlink: 'syz.3.2664': attribute type 12 has an invalid length.
[  814.899274][T15555] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  814.926595][T15555] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  814.948066][T15555] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  814.967762][T15555] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  815.059936][T15555] 8021q: adding VLAN 0 to HW filter on device bond0
[  815.093424][T15555] 8021q: adding VLAN 0 to HW filter on device team0
[  815.105580][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  815.112740][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  815.125556][ T6728] bridge0: port 2(bridge_slave_1) entered blocking state
[  815.132675][ T6728] bridge0: port 2(bridge_slave_1) entered forwarding state
[  815.223660][ T5902] usb 3-1: new full-speed USB device number 61 using dummy_hcd
[  815.297469][T15555] 8021q: adding VLAN 0 to HW filter on device batadv0
[  815.332878][T15555] veth0_vlan: entered promiscuous mode
[  815.345181][T15555] veth1_vlan: entered promiscuous mode
[  815.356562][ T5902] usb 3-1: device descriptor read/64, error -71
[  815.378918][T15555] veth0_macvtap: entered promiscuous mode
[  815.396589][T15555] veth1_macvtap: entered promiscuous mode
[  815.419870][T15555] batman_adv: batadv0: Interface activated: batadv_slave_0
[  815.438862][T15555] batman_adv: batadv0: Interface activated: batadv_slave_1
[  815.455344][T15555] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  815.464589][T15555] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  815.475623][T15555] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  815.485628][T15555] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.582892][ T9116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.744000][ T5902] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  815.762872][ T9116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.800410][ T2923] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.813305][ T2923] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.957903][ T5902] usb 3-1: device descriptor read/64, error -71
[  816.156334][ T5902] usb usb3-port1: attempt power cycle
[  816.582667][T15719] fuse: Bad value for 'user_id'
[  816.603776][T15719] fuse: Bad value for 'user_id'
[  816.649572][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2670'.
[  816.660041][ T5902] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[  816.705849][ T5902] usb 3-1: device descriptor read/8, error -71
[  816.824250][ T5834] Bluetooth: hci1: command tx timeout
[  816.973699][ T5902] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[  817.007897][ T5902] usb 3-1: device descriptor read/8, error -71
[  817.093830][ T5871] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  817.124545][ T5902] usb usb3-port1: unable to enumerate USB device
[  817.260734][ T5871] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  817.270410][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.280362][ T5871] usb 2-1: config 0 descriptor??
[  817.289071][ T5871] cp210x 2-1:0.0: cp210x converter detected
[  817.424194][T15734] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2675'.
[  817.454914][T15734] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2675'.
[  817.500705][T15739] sctp: [Deprecated]: syz.4.2676 (pid 15739) Use of int in max_burst socket option deprecated.
[  817.500705][T15739] Use struct sctp_assoc_value instead
[  818.629678][ T5871] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  818.857950][ T5871] usb 2-1: cp210x converter now attached to ttyUSB0
[  818.947389][T15752] netlink: 'syz.2.2679': attribute type 12 has an invalid length.
[  819.853394][T15764] fuse: Bad value for 'fd'
[  820.342141][   T30] audit: type=1804 audit(2000000715.550:542): pid=15773 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2684" name="/newroot/489/file0" dev="tmpfs" ino=2658 res=1 errno=0
[  820.404378][   T30] audit: type=1804 audit(2000000715.560:543): pid=15773 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.2684" name="/newroot/489/file0" dev="tmpfs" ino=2658 res=1 errno=0
[  820.664068][ T5871] usb 4-1: new full-speed USB device number 66 using dummy_hcd
[  820.695152][ T5870] usb 2-1: USB disconnect, device number 15
[  820.711676][ T5870] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  820.730240][ T5870] cp210x 2-1:0.0: device disconnected
[  820.835635][ T5871] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  820.851980][ T5871] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  820.870611][ T5871] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  820.880393][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  820.892190][ T5871] usb 4-1: SerialNumber: syz
[  820.901257][ T5871] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  820.914196][ T5871] cdc_acm 4-1:1.0: This needs exactly 3 endpoints
[  820.920857][ T5871] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22
[  821.378523][   T47] usb 4-1: USB disconnect, device number 66
[  870.026827][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  870.033168][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  878.116029][T15788] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[15788]
[  878.193125][T15796] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2691'.
[  878.311242][T15812] netlink: 'syz.3.2697': attribute type 12 has an invalid length.
[  878.360148][T15813] fuse: Bad value for 'fd'
[  878.374907][T15811] 9pnet_fd: Insufficient options for proto=fd
[  879.294587][ T5871] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  879.384049][T15828] ntfs3: Unknown parameter '§"à¿÷·¥a§0(ddZ¬ã56Ñt@Xf«Úæv6ä}¶�×æü¹µWVä�‘qDy¥Œ63çŽÀ<D3'
[  879.811818][T15833] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[15833]
[  880.189759][ T5871] usb 3-1: config 7 has an invalid interface number: 192 but max is 0
[  880.198924][ T5871] usb 3-1: config 7 has no interface number 0
[  880.227799][ T5871] usb 3-1: config 7 interface 192 has no altsetting 0
[  880.236138][ T5871] usb 3-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice= 0.8d
[  880.264229][ T5871] usb 3-1: New USB device strings: Mfr=8, Product=0, SerialNumber=0
[  880.272291][ T5871] usb 3-1: Manufacturer: syz
[  880.511322][T15818] 8021q: VLANs not supported on sit0
[  880.552783][ T5871] usb 3-1: USB disconnect, device number 65
[  880.569655][T15847] siw: device registration error -23
[  881.257613][T15853] fuse: Bad value for 'fd'
[  881.298205][T15855] netlink: 'syz.2.2709': attribute type 12 has an invalid length.
[  881.326665][T15853] netfs: Couldn't get user pages (rc=-14)
[  882.480858][T15872] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2710'.
[  883.596903][T15881] batadv_slave_1: entered promiscuous mode
[  883.969439][T15880] batadv_slave_1: left promiscuous mode
[  884.484152][T15892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  884.492703][T15892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  884.666815][T15894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2722'.
[  885.043878][   T47] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  885.485476][    T9] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  885.493886][   T47] usb 2-1: device descriptor read/64, error -71
[  885.650143][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  885.670343][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[  885.678732][    T9] usb 4-1: can't read configurations, error -71
[  885.781879][T15915] overlayfs: missing 'lowerdir'
[  885.803642][   T47] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  885.808535][T15917] netlink: 'syz.4.2726': attribute type 12 has an invalid length.
[  885.953798][   T47] usb 2-1: device descriptor read/64, error -71
[  886.084444][   T47] usb usb2-port1: attempt power cycle
[  886.451412][   T47] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  886.527554][   T47] usb 2-1: device descriptor read/8, error -71
[  886.773857][   T47] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  886.841053][   T47] usb 2-1: device descriptor read/8, error -71
[  886.990529][   T47] usb usb2-port1: unable to enumerate USB device
[  887.283314][T15925] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[15925]
[  887.408781][T15935] syz.2.2730: attempt to access beyond end of device
[  887.408781][T15935] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0
[  888.795705][T15961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2736'.
[  888.905452][T15967] netlink: 'syz.5.2740': attribute type 12 has an invalid length.
[  889.114078][   T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  889.319330][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  889.333685][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  889.471559][   T10] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  889.479565][T15982] 9pnet_fd: Insufficient options for proto=fd
[  889.561782][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.675736][T15979] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[15979]
[  889.715636][   T10] usb 2-1: config 0 descriptor??
[  890.327023][T15995] QAT: Invalid ioctl 21531
[  890.502355][T15995] xt_CT: No such helper "pptp"
[  890.684314][ T5902] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  890.789274][T16002] FAULT_INJECTION: forcing a failure.
[  890.789274][T16002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  890.803011][T16002] CPU: 1 UID: 0 PID: 16002 Comm: syz.3.2751 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  890.803038][T16002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  890.803052][T16002] Call Trace:
[  890.803058][T16002]  <TASK>
[  890.803064][T16002]  dump_stack_lvl+0x241/0x360
[  890.803088][T16002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  890.803109][T16002]  ? __pfx__printk+0x10/0x10
[  890.803129][T16002]  ? strncpy_from_user+0x1b8/0x280
[  890.803157][T16002]  ? rep_movs_alternative+0xf/0x70
[  890.803196][T16002]  should_fail_ex+0x424/0x570
[  890.803219][T16002]  strncpy_from_user+0x36/0x280
[  890.803237][T16002]  strncpy_from_user_nofault+0x71/0x140
[  890.803286][T16002]  bpf_probe_read_compat_str+0xe9/0x180
[  890.803319][T16002]  ? bpf_trace_run2+0x1fe/0x550
[  890.803340][T16002]  bpf_prog_1ccb8ba97563bf77+0x41/0x64
[  890.803357][T16002]  bpf_trace_run2+0x2ee/0x550
[  890.803384][T16002]  ? __pfx_bpf_trace_run2+0x10/0x10
[  890.803398][T16002]  ? __bad_area_nosemaphore+0x117/0x770
[  890.803446][T16002]  ? __bpf_trace_tlb_flush+0x152/0x230
[  890.803474][T16002]  __bpf_trace_tlb_flush+0x176/0x230
[  890.803498][T16002]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  890.803537][T16002]  ? irqentry_exit+0x63/0x90
[  890.803566][T16002]  ? __pfx_native_flush_tlb_one_user+0x10/0x10
[  890.803599][T16002]  trace_tlb_flush+0x11c/0x140
[  890.803624][T16002]  flush_tlb_func+0x19b/0x7a0
[  890.803655][T16002]  ? __pfx_flush_tlb_func+0x10/0x10
[  890.803684][T16002]  ? __pfx_flush_tlb_func+0x10/0x10
[  890.803710][T16002]  smp_call_function_many_cond+0x1709/0x2d40
[  890.803750][T16002]  ? __pfx_should_flush_tlb+0x10/0x10
[  890.803773][T16002]  ? __pfx_flush_tlb_func+0x10/0x10
[  890.803797][T16002]  ? __bpf_trace_tlb_flush+0x152/0x230
[  890.803828][T16002]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  890.803854][T16002]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  890.803887][T16002]  ? __lock_acquire+0xad5/0xd80
[  890.803928][T16002]  ? rcu_is_watching+0x15/0xb0
[  890.803946][T16002]  ? __pfx_flush_tlb_func+0x10/0x10
[  890.803969][T16002]  ? __pfx_should_flush_tlb+0x10/0x10
[  890.803995][T16002]  on_each_cpu_cond_mask+0x3f/0x80
[  890.804028][T16002]  flush_tlb_mm_range+0xb8d/0x13f0
[  890.804062][T16002]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  890.804096][T16002]  ptep_clear_flush+0x11a/0x170
[  890.804119][T16002]  do_wp_page+0x1c69/0x49b0
[  890.804141][T16002]  ? do_wp_page+0x1640/0x49b0
[  890.804188][T16002]  ? __pfx_do_wp_page+0x10/0x10
[  890.804213][T16002]  ? __lock_acquire+0xad5/0xd80
[  890.804244][T16002]  ? do_raw_spin_lock+0x151/0x370
[  890.804282][T16002]  __handle_mm_fault+0x2305/0x6ef0
[  890.804305][T16002]  ? kernel_text_address+0xa7/0xe0
[  890.804354][T16002]  ? __pfx___handle_mm_fault+0x10/0x10
[  890.804387][T16002]  ? mtree_range_walk+0x700/0x8e0
[  890.804420][T16002]  ? mt_find+0x28a/0x8f0
[  890.804448][T16002]  ? mt_find+0x28a/0x8f0
[  890.804478][T16002]  ? mt_find+0x699/0x8f0
[  890.804507][T16002]  ? mt_find+0x28a/0x8f0
[  890.804537][T16002]  ? __pfx_mt_find+0x10/0x10
[  890.804581][T16002]  ? find_vma+0xfa/0x170
[  890.804602][T16002]  ? __pfx_find_vma+0x10/0x10
[  890.804627][T16002]  handle_mm_fault+0x2c1/0x7e0
[  890.804658][T16002]  exc_page_fault+0x2bb/0x8b0
[  890.804689][T16002]  asm_exc_page_fault+0x26/0x30
[  890.804708][T16002] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  890.804744][T16002] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  890.804761][T16002] RSP: 0018:ffffc90003357718 EFLAGS: 00050202
[  890.804780][T16002] RAX: ffff888042004001 RBX: 0000000000000e5c RCX: 000000000000041c
[  890.804794][T16002] RDX: 0000000000000000 RSI: ffff888042004a40 RDI: 0000200000001000
[  890.804807][T16002] RBP: ffffc90003357890 R08: ffff888042004e5b R09: 1ffff110084009cb
[  890.804822][T16002] R10: dffffc0000000000 R11: ffffed10084009cc R12: 0000000000000000
[  890.804836][T16002] R13: ffffc90003357e10 R14: ffff888042004000 R15: 000020000000141c
[  890.804865][T16002]  _copy_to_iter+0x4d2/0x1c90
[  890.804923][T16002]  ? __pfx__copy_to_iter+0x10/0x10
[  890.804945][T16002]  ? __virt_addr_valid+0x183/0x530
[  890.804968][T16002]  ? __virt_addr_valid+0x183/0x530
[  890.804990][T16002]  ? __virt_addr_valid+0x45f/0x530
[  890.805014][T16002]  ? __phys_addr_symbol+0x2f/0x70
[  890.805037][T16002]  ? __check_object_size+0x478/0x720
[  890.805068][T16002]  ? skb_recv_datagram+0x26e/0x310
[  890.805094][T16002]  ? is_bpf_text_address+0x288/0x2a0
[  890.805125][T16002]  __skb_datagram_iter+0x111/0x940
[  890.805148][T16002]  ? __kernel_text_address+0xd/0x40
[  890.805174][T16002]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  890.805201][T16002]  skb_copy_datagram_iter+0xd1/0x250
[  890.805225][T16002]  netlink_recvmsg+0x2d4/0x1180
[  890.805254][T16002]  ? __pfx_netlink_recvmsg+0x10/0x10
[  890.805290][T16002]  ? __lock_acquire+0xad5/0xd80
[  890.805325][T16002]  ? __import_iovec+0x3c2/0x830
[  890.805346][T16002]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  890.805366][T16002]  ? __pfx_netlink_recvmsg+0x10/0x10
[  890.805388][T16002]  sock_recvmsg+0x22f/0x280
[  890.805415][T16002]  ____sys_recvmsg+0x1c8/0x480
[  890.805453][T16002]  ? __pfx_____sys_recvmsg+0x10/0x10
[  890.805503][T16002]  __sys_recvmsg+0x2a5/0x3a0
[  890.805525][T16002]  ? __pfx___sys_recvmsg+0x10/0x10
[  890.805554][T16002]  ? __fget_files+0x2a/0x420
[  890.805595][T16002]  ? do_syscall_64+0xb6/0x230
[  890.805625][T16002]  do_syscall_64+0xf3/0x230
[  890.805652][T16002]  ? clear_bhb_loop+0x45/0xa0
[  890.805675][T16002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  890.805695][T16002] RIP: 0033:0x7f099b18d169
[  890.805711][T16002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  890.805728][T16002] RSP: 002b:00007f099c07a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  890.805748][T16002] RAX: ffffffffffffffda RBX: 00007f099b3a5fa0 RCX: 00007f099b18d169
[  890.805763][T16002] RDX: 0000000000000102 RSI: 0000200000000040 RDI: 0000000000000003
[  890.805776][T16002] RBP: 00007f099c07a090 R08: 0000000000000000 R09: 0000000000000000
[  890.805788][T16002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  890.805800][T16002] R13: 0000000000000000 R14: 00007f099b3a5fa0 R15: 00007ffca0810e98
[  890.805826][T16002]  </TASK>
[  891.495688][T11483] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  891.496336][ T5902] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  891.516056][ T5902] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  891.521036][T11483] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  891.529634][ T5902] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  891.545177][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  891.545203][T11483] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  891.553316][ T5902] usb 3-1: Product: syz
[  891.564780][ T5902] usb 3-1: Manufacturer: syz
[  891.569565][ T5902] usb 3-1: SerialNumber: syz
[  891.574463][T11483] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  891.657880][T11483] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  891.665271][T11483] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  891.673368][   T10] hid-led 0003:27B8:01ED.000E: probe with driver hid-led failed with error -71
[  891.858151][T15998] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  891.902146][   T10] usb 2-1: USB disconnect, device number 20
[  891.943984][T16015] bond0: (slave wlan1): Releasing backup interface
[  891.953468][T16015] mac80211_hwsim hwsim17 wlan1: left promiscuous mode
[  891.961586][T16015] vlan2: left allmulticast mode
[  892.014233][T16015] bond0: left allmulticast mode
[  892.035164][T16015] vlan2: left promiscuous mode
[  892.148777][T16015] bond0: left promiscuous mode
[  892.349827][T16015] bridge0: port 1(vlan2) entered disabled state
[  892.522659][T16016] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2755'.
[  892.645812][T16015] vlan3: left allmulticast mode
[  892.650729][T16015] batadv0: left allmulticast mode
[  892.702424][T16015] vlan3: left promiscuous mode
[  892.714743][T16015] batadv0: left promiscuous mode
[  892.726195][T16015] bridge0: port 2(vlan3) entered disabled state
[  892.740838][T16004] virt_wifi0 speed is unknown, defaulting to 1000
[  892.936458][T16034] netlink: 'syz.1.2756': attribute type 12 has an invalid length.
[  893.045856][T16004] chnl_net:caif_netlink_parms(): no params data found
[  893.243278][T16004] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.251087][T16004] bridge0: port 1(bridge_slave_0) entered disabled state
[  893.258379][T16004] bridge_slave_0: entered allmulticast mode
[  893.275116][T16004] bridge_slave_0: entered promiscuous mode
[  893.297355][T16004] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.305496][T16004] bridge0: port 2(bridge_slave_1) entered disabled state
[  893.312687][T16004] bridge_slave_1: entered allmulticast mode
[  893.322579][T16004] bridge_slave_1: entered promiscuous mode
[  893.363206][T16004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  893.385297][T16004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  893.425758][T16004] team0: Port device team_slave_0 added
[  893.444577][T16004] team0: Port device team_slave_1 added
[  893.483192][T16004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  893.491103][T16004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.518291][T16004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  893.531414][T16004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  893.539782][T16004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.566813][T16004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  893.606473][T16004] hsr_slave_0: entered promiscuous mode
[  893.613057][T16004] hsr_slave_1: entered promiscuous mode
[  893.619517][T16004] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  893.628956][T16004] Cannot create hsr debugfs directory
[  893.745991][T16004] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.756854][T16004] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 30910 - 0
[  893.784163][T11483] Bluetooth: hci0: command tx timeout
[  893.829036][T16004] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.842257][T16004] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 30910 - 0
[  893.934949][T16004] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.950192][T16004] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 30910 - 0
[  894.030337][T16004] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.058143][T16004] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 30910 - 0
[  894.076272][ T5902] cdc_mbim 3-1:1.0: failed GET_NTB_PARAMETERS
[  894.082493][ T5902] cdc_mbim 3-1:1.0: bind() failure
[  894.096487][ T5902] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  894.103362][ T5902] cdc_ncm 3-1:1.1: bind() failure
[  894.116438][ T5902] usb 3-1: USB disconnect, device number 66
[  895.713694][T16004] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  895.752612][T16004] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  895.782407][T16004] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  895.825574][T16004] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  895.855724][T16073] netlink: 'syz.2.2768': attribute type 1 has an invalid length.
[  895.863843][T11483] Bluetooth: hci0: command tx timeout
[  895.873731][T16073] netlink: 'syz.2.2768': attribute type 2 has an invalid length.
[  896.128121][T16081] blktrace: Concurrent blktraces are not allowed on loop3
[  896.761250][T16004] 8021q: adding VLAN 0 to HW filter on device bond0
[  896.782733][T16004] 8021q: adding VLAN 0 to HW filter on device team0
[  896.807088][   T30] audit: type=1400 audit(2000000791.340:544): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16074 comm="syz.1.2769" daddr=::ffff:172.20.20.0
[  896.835161][T16004] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  896.846164][T16004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  896.864547][T16080] netlink: 'syz.5.2771': attribute type 12 has an invalid length.
[  896.915415][ T9116] bridge0: port 1(bridge_slave_0) entered blocking state
[  896.922595][ T9116] bridge0: port 1(bridge_slave_0) entered forwarding state
[  896.972731][ T9116] bridge0: port 2(bridge_slave_1) entered blocking state
[  896.979997][ T9116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  897.026550][T16086] batadv_slave_1: entered promiscuous mode
[  897.032545][T16088] batadv_slave_1: entered promiscuous mode
[  897.665857][T16087] batadv_slave_1: left promiscuous mode
[  897.679438][T16085] batadv_slave_1: left promiscuous mode
[  897.812676][T16004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.880664][   T30] audit: type=1400 audit(2000000793.100:545): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16104 comm="syz.5.2776" daddr=::ffff:127.0.0.1
[  897.995369][T11483] Bluetooth: hci0: command tx timeout
[  899.964783][   T12] Bluetooth: hci5: Frame reassembly failed (-84)
[  900.024265][ T5834] Bluetooth: hci0: command tx timeout
[  900.502226][T16122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2780'.
[  900.854584][T16132] blktrace: Concurrent blktraces are not allowed on loop3
[  900.865752][   T30] audit: type=1400 audit(2000000796.070:546): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16123 comm="syz.1.2781" daddr=::ffff:172.20.20.0
[  901.508894][T16004] veth0_vlan: entered promiscuous mode
[  901.527752][T16004] veth1_vlan: entered promiscuous mode
[  901.576633][T16134] FAULT_INJECTION: forcing a failure.
[  901.576633][T16134] name failslab, interval 1, probability 0, space 0, times 0
[  901.593590][T16134] CPU: 1 UID: 0 PID: 16134 Comm: syz.1.2783 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  901.593621][T16134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  901.593635][T16134] Call Trace:
[  901.593642][T16134]  <TASK>
[  901.593651][T16134]  dump_stack_lvl+0x241/0x360
[  901.593683][T16134]  ? __pfx_dump_stack_lvl+0x10/0x10
[  901.593709][T16134]  ? __pfx__printk+0x10/0x10
[  901.593735][T16134]  ? __pfx___might_resched+0x10/0x10
[  901.593770][T16134]  should_fail_ex+0x424/0x570
[  901.593800][T16134]  should_failslab+0xac/0x100
[  901.593833][T16134]  __kmalloc_cache_noprof+0x73/0x370
[  901.593852][T16134]  ? ovl_init_fs_context+0x11d/0x4f0
[  901.593881][T16134]  ovl_init_fs_context+0x11d/0x4f0
[  901.593910][T16134]  alloc_fs_context+0x68a/0x800
[  901.593940][T16134]  do_new_mount+0x160/0xb70
[  901.593965][T16134]  ? __pfx_do_new_mount+0x10/0x10
[  901.593992][T16134]  __se_sys_mount+0x38c/0x400
[  901.594017][T16134]  ? __pfx___se_sys_mount+0x10/0x10
[  901.594043][T16134]  ? __x64_sys_mount+0x20/0xc0
[  901.594066][T16134]  do_syscall_64+0xf3/0x230
[  901.594103][T16134]  ? clear_bhb_loop+0x45/0xa0
[  901.594127][T16134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.594147][T16134] RIP: 0033:0x7ff76a18d169
[  901.594166][T16134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  901.594184][T16134] RSP: 002b:00007ff76b071038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  901.594206][T16134] RAX: ffffffffffffffda RBX: 00007ff76a3a5fa0 RCX: 00007ff76a18d169
[  901.594222][T16134] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  901.594235][T16134] RBP: 00007ff76b071090 R08: 0000200000000900 R09: 0000000000000000
[  901.594249][T16134] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000000000002
[  901.594262][T16134] R13: 0000000000000000 R14: 00007ff76a3a5fa0 R15: 00007fff5a60c258
[  901.594288][T16134]  </TASK>
[  901.796005][T16004] veth0_macvtap: entered promiscuous mode
[  901.816162][T16004] veth1_macvtap: entered promiscuous mode
[  901.830458][T16004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.847832][T16004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.859897][T16004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  901.872730][T16004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.883308][T16004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.894682][T16004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  901.907715][T16004] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  901.916934][T16004] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  901.939184][T16004] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  901.948431][T16004] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  901.957178][T11483] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  902.112903][T16140] netlink: 'syz.5.2786': attribute type 12 has an invalid length.
[  902.210650][ T3499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  902.221212][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  902.240992][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  902.263070][ T3499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  902.270442][T16143] batadv_slave_1: entered promiscuous mode
[  902.308243][T16141] batadv_slave_1: left promiscuous mode
[  902.464129][T16146] FAULT_INJECTION: forcing a failure.
[  902.464129][T16146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  902.533841][T16146] CPU: 0 UID: 0 PID: 16146 Comm: syz.1.2788 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  902.533874][T16146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  902.533887][T16146] Call Trace:
[  902.533894][T16146]  <TASK>
[  902.533903][T16146]  dump_stack_lvl+0x241/0x360
[  902.533934][T16146]  ? __pfx_dump_stack_lvl+0x10/0x10
[  902.533960][T16146]  ? __pfx__printk+0x10/0x10
[  902.533989][T16146]  should_fail_ex+0x424/0x570
[  902.534019][T16146]  _copy_to_user+0x31/0xb0
[  902.534045][T16146]  simple_read_from_buffer+0xdc/0x170
[  902.534082][T16146]  proc_fail_nth_read+0x1ef/0x260
[  902.534109][T16146]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  902.534136][T16146]  ? rw_verify_area+0x246/0x630
[  902.534178][T16146]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  902.534203][T16146]  vfs_read+0x21f/0xb90
[  902.534233][T16146]  ? __pfx___mutex_lock+0x10/0x10
[  902.534261][T16146]  ? __pfx_vfs_read+0x10/0x10
[  902.534289][T16146]  ? __fget_files+0x2a/0x420
[  902.534311][T16146]  ? __fget_files+0x39d/0x420
[  902.534331][T16146]  ? __fget_files+0x2a/0x420
[  902.534370][T16146]  ksys_read+0x19d/0x2d0
[  902.534397][T16146]  ? __pfx_ksys_read+0x10/0x10
[  902.534444][T16146]  ? do_syscall_64+0xb6/0x230
[  902.534475][T16146]  do_syscall_64+0xf3/0x230
[  902.534502][T16146]  ? clear_bhb_loop+0x45/0xa0
[  902.534527][T16146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.534558][T16146] RIP: 0033:0x7ff76a18bb7c
[  902.534576][T16146] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  902.534594][T16146] RSP: 002b:00007ff76b071030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  902.534615][T16146] RAX: ffffffffffffffda RBX: 00007ff76a3a5fa0 RCX: 00007ff76a18bb7c
[  902.534630][T16146] RDX: 000000000000000f RSI: 00007ff76b0710a0 RDI: 0000000000000006
[  902.534643][T16146] RBP: 00007ff76b071090 R08: 0000000000000000 R09: 0000000000000000
[  902.534656][T16146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  902.534668][T16146] R13: 0000000000000000 R14: 00007ff76a3a5fa0 R15: 00007fff5a60c258
[  902.534700][T16146]  </TASK>
[  903.413647][T16170] ptrace attach of "./syz-executor exec"[5835] was attempted by ""[16170]
[  904.247734][   T30] audit: type=1400 audit(2000000799.460:547): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16175 comm="syz.1.2795" daddr=::ffff:0.0.0.0 dest=20004
[  904.806105][ T2923] Bluetooth: hci5: Frame reassembly failed (-84)
[  904.862078][T16185] batadv_slave_1: entered promiscuous mode
[  904.886177][T16183] batadv_slave_1: left promiscuous mode
[  905.096422][T16193] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  905.106632][T16193] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  905.126092][ T5902] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  905.289009][T16197] lo speed is unknown, defaulting to 1000
[  905.295369][T16197] lo speed is unknown, defaulting to 1000
[  905.305296][T16197] lo speed is unknown, defaulting to 1000
[  905.393452][T16197] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  905.802774][T16197] lo speed is unknown, defaulting to 1000
[  905.823702][ T5902] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  905.855483][T16197] lo speed is unknown, defaulting to 1000
[  905.889033][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.965094][ T5902] usb 3-1: Product: syz
[  906.010804][ T5902] usb 3-1: Manufacturer: syz
[  906.066986][T16197] lo speed is unknown, defaulting to 1000
[  906.085613][T16197] lo speed is unknown, defaulting to 1000
[  906.102897][T16197] lo speed is unknown, defaulting to 1000
[  906.122329][T16197] lo speed is unknown, defaulting to 1000
[  906.138055][T16197] lo speed is unknown, defaulting to 1000
[  906.165243][ T5902] usb 3-1: SerialNumber: syz
[  906.179799][ T5902] usb 3-1: config 0 descriptor??
[  906.235085][ T5902] hub 3-1:0.0: bad descriptor, ignoring hub
[  906.269871][ T5902] hub 3-1:0.0: probe with driver hub failed with error -5
[  906.284298][ T5902] f81232 3-1:0.0: f81534a converter detected
[  906.360104][T16207] netlink: 'syz.4.2804': attribute type 12 has an invalid length.
[  906.391018][T16210] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2806'.
[  906.625122][ T5902] usb 3-1: f81534a converter now attached to ttyUSB0
[  906.632529][T16216] random: crng reseeded on system resumption
[  906.824120][T11483] Bluetooth: hci5: command 0x1003 tx timeout
[  908.351557][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  908.924190][T16224] tipc: Enabled bearer <eth:syz_tun>, priority 10
[  908.942804][T16224] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2807'.
[  908.969833][T16224] tipc: Resetting bearer <eth:syz_tun>
[  908.989170][   T10] usb 3-1: USB disconnect, device number 67
[  908.997232][   T10] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0
[  909.005621][   T10] f81232 3-1:0.0: device disconnected
[  909.116351][T16224] tipc: Disabling bearer <eth:syz_tun>
[  909.536581][T16238] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2809'.
[  911.044100][T16255] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2818'.
[  911.161258][T16264] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2820'.
[  911.184690][T16264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2820'.
[  911.234789][   T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  912.089087][T16271] sg_write: data in/out 224/14 bytes for SCSI command 0x0-- guessing data in;
[  912.089087][T16271]    program syz.5.2821 not setting count and/or reply_len properly
[  912.290163][   T10] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  912.302534][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  912.319739][   T10] usb 2-1: config 0 descriptor??
[  912.478371][T16277] random: crng reseeded on system resumption
[  913.305058][T16269] netlink: 'syz.5.2821': attribute type 4 has an invalid length.
[  913.979069][   T10] cp210x 2-1:0.0: cp210x converter detected
[  914.756866][T11483] Bluetooth: hci5: command 0x1003 tx timeout
[  914.769475][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  915.623965][   T10] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[  915.636980][   T10] cp210x 2-1:0.0: querying part number failed
[  915.665310][   T10] usb 2-1: cp210x converter now attached to ttyUSB0
[  915.688931][   T10] usb 2-1: USB disconnect, device number 21
[  915.700457][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  915.708736][   T10] cp210x 2-1:0.0: device disconnected
[  916.598817][T16305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2831'.
[  917.063794][ T5902] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  917.233921][ T5826] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  917.271615][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  917.292743][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  917.305915][ T5902] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  917.343610][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.364765][ T5902] usb 4-1: config 0 descriptor??
[  917.413758][ T5826] usb 2-1: Using ep0 maxpacket: 32
[  917.449178][ T5826] usb 2-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config
[  917.552296][ T5826] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice= 5.ad
[  917.635207][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.719501][T16320] random: crng reseeded on system resumption
[  917.815432][ T5826] usb 2-1: Product: syz
[  919.478128][ T5826] usb 2-1: Manufacturer: syz
[  919.520411][ T5826] usb 2-1: SerialNumber: syz
[  920.017817][ T5902] cm6533_jd 0003:0D8C:0022.000F: unknown main item tag 0x0
[  920.036786][ T5902] cm6533_jd 0003:0D8C:0022.000F: unknown main item tag 0x0
[  920.050589][ T5902] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.000F/input/input18
[  920.072460][ T5826] usb 2-1: can't set config #15, error -71
[  920.080305][ T5826] usb 2-1: USB disconnect, device number 22
[  920.090885][ T5902] cm6533_jd 0003:0D8C:0022.000F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  920.139314][T16328] fuse: Bad value for 'rootmode'
[  920.177704][T16328] netfs: Couldn't get user pages (rc=-14)
[  920.203287][ T5902] usb 4-1: USB disconnect, device number 69
[  920.588441][ T2923] Bluetooth: hci5: Frame reassembly failed (-84)
[  922.900359][T11483] Bluetooth: hci5: command 0x1003 tx timeout
[  922.907374][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  922.942796][   T12] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  923.136785][T16364] ptrace attach of "./syz-executor exec"[16004] was attempted by "®"[16364]
[  923.237122][T16367] overlayfs: missing 'lowerdir'
[  923.366780][T16371] fuse: Bad value for 'rootmode'
[  923.426342][T16371] netfs: Couldn't get user pages (rc=-14)
[  923.683648][ T5826] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  923.865701][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  923.886631][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  923.906783][ T5826] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  923.924256][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.943994][ T5902] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[  923.953166][ T5826] usb 5-1: config 0 descriptor??
[  924.126496][ T5902] usb 3-1: not running at top speed; connect to a high speed hub
[  924.136309][ T5902] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  924.147534][ T5902] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  924.162736][ T5902] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  924.177759][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  924.193851][ T5902] usb 3-1: Product: syz
[  924.202078][ T5902] usb 3-1: Manufacturer: syz
[  924.220157][ T5902] usb 3-1: SerialNumber: syz
[  924.321543][T16392] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2862'.
[  924.399749][ T5826] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0
[  924.473671][ T5826] cm6533_jd 0003:0D8C:0022.0010: unknown main item tag 0x0
[  924.486982][ T5826] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0010/input/input19
[  924.520286][ T5826] cm6533_jd 0003:0D8C:0022.0010: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  924.606954][ T5826] usb 5-1: USB disconnect, device number 37
[  924.704571][ T5902] usb 3-1: 0:2 : does not exist
[  924.724693][ T5902] usb 3-1: USB disconnect, device number 68
[  924.915654][ T5901] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  925.174002][ T5901] usb 2-1: Using ep0 maxpacket: 8
[  925.383596][ T5901] usb 2-1: config 0 has an invalid descriptor of length 49, skipping remainder of the config
[  925.403212][ T5901] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  925.433636][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 101, changing to 10
[  925.465200][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 26213, setting to 1024
[  925.509893][ T5901] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  925.545451][ T5901] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  925.558636][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  925.573287][ T5901] usb 2-1: Product: syz
[  925.613778][ T5901] usb 2-1: Manufacturer: syz
[  925.623235][ T5901] usb 2-1: SerialNumber: syz
[  925.630564][ T5901] usb 2-1: config 0 descriptor??
[  925.639169][T16397] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  925.782002][T16408] 
@ÿ: renamed from veth0_vlan (while UP)
[  925.804596][ T5826] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  926.031901][T16412] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2868'.
[  926.048241][T16412] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2868'.
[  926.057622][T16412] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2868'.
[  926.156506][ T5901] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -110
[  926.237665][ T5901] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  926.355483][ T5901] usb 2-1: USB disconnect, device number 23
[  926.684938][T16414] fuse: Unknown parameter 'use00000000000000000000'
[  926.714592][T16414] netfs: Couldn't get user pages (rc=-14)
[  926.763628][ T5826] usb 5-1: Using ep0 maxpacket: 16
[  926.775026][ T5826] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  926.788340][ T5826] usb 5-1: config 0 has no interface number 0
[  926.795635][ T5826] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  926.812922][ T5826] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  926.844133][ T5826] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  926.853204][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.893242][ T5826] usb 5-1: Product: syz
[  926.897574][ T5826] usb 5-1: Manufacturer: syz
[  926.902699][ T5826] usb 5-1: SerialNumber: syz
[  926.910765][ T5826] usb 5-1: config 0 descriptor??
[  926.917887][T16402] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  926.938881][T16402] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  927.210721][T16422] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[16422]
[  927.550603][T16402] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  927.562255][T16402] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  928.025540][T16402] sch_fq: defrate 0 ignored.
[  928.373743][T16402] evm: overlay not supported
[  928.399807][ T5826] asix 5-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  928.416929][ T5826] asix 5-1:0.251: probe with driver asix failed with error -524
[  928.523947][ T5901] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  928.677224][ T5826] usb 5-1: USB disconnect, device number 38
[  928.692646][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  928.707719][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  928.728268][ T5901] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  928.737804][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.754105][ T5901] usb 4-1: config 0 descriptor??
[  929.230434][ T5901] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0
[  929.271492][T16448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2881'.
[  929.291141][ T5901] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0
[  929.333669][ T5901] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0011/input/input20
[  929.407324][ T5901] cm6533_jd 0003:0D8C:0022.0011: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  929.468773][ T5826] usb 4-1: USB disconnect, device number 70
[  929.582234][T16454] fuse: Unknown parameter 'use00000000000000000000'
[  929.606829][T16454] netfs: Couldn't get user pages (rc=-14)
[  930.167347][T16468] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2888'.
[  930.426336][T16481] FAULT_INJECTION: forcing a failure.
[  930.426336][T16481] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  930.475523][T16481] CPU: 0 UID: 0 PID: 16481 Comm: syz.3.2894 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  930.475556][T16481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  930.475570][T16481] Call Trace:
[  930.475579][T16481]  <TASK>
[  930.475589][T16481]  dump_stack_lvl+0x241/0x360
[  930.475622][T16481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  930.475649][T16481]  ? __pfx__printk+0x10/0x10
[  930.475688][T16481]  should_fail_ex+0x424/0x570
[  930.475720][T16481]  _copy_from_iter+0x211/0x1c70
[  930.475753][T16481]  ? __pfx__copy_from_iter+0x10/0x10
[  930.475776][T16481]  ? __virt_addr_valid+0x183/0x530
[  930.475800][T16481]  ? __virt_addr_valid+0x183/0x530
[  930.475822][T16481]  ? __virt_addr_valid+0x45f/0x530
[  930.475846][T16481]  ? __phys_addr_symbol+0x2f/0x70
[  930.475869][T16481]  ? __check_object_size+0x478/0x720
[  930.475905][T16481]  netlink_sendmsg+0x757/0xce0
[  930.475937][T16481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  930.475969][T16481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  930.475989][T16481]  __sock_sendmsg+0x221/0x270
[  930.476017][T16481]  ____sys_sendmsg+0x53c/0x870
[  930.476055][T16481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  930.476085][T16481]  ? __fget_files+0x2a/0x420
[  930.476110][T16481]  ? __fget_files+0x2a/0x420
[  930.476138][T16481]  __sys_sendmsg+0x271/0x360
[  930.476174][T16481]  ? __pfx___sys_sendmsg+0x10/0x10
[  930.476244][T16481]  ? do_syscall_64+0xb6/0x230
[  930.476276][T16481]  do_syscall_64+0xf3/0x230
[  930.476305][T16481]  ? clear_bhb_loop+0x45/0xa0
[  930.476330][T16481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.476351][T16481] RIP: 0033:0x7f099b18d169
[  930.476370][T16481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  930.476389][T16481] RSP: 002b:00007f099c07a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  930.476412][T16481] RAX: ffffffffffffffda RBX: 00007f099b3a5fa0 RCX: 00007f099b18d169
[  930.476428][T16481] RDX: 0000000000000000 RSI: 0000200000002f80 RDI: 0000000000000003
[  930.476442][T16481] RBP: 00007f099c07a090 R08: 0000000000000000 R09: 0000000000000000
[  930.476456][T16481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  930.476469][T16481] R13: 0000000000000000 R14: 00007f099b3a5fa0 R15: 00007ffca0810e98
[  930.476496][T16481]  </TASK>
[  930.759374][T16456] 9pnet_fd: p9_fd_create_tcp (16456): problem connecting socket to 127.0.0.1
[  930.769970][ T5901] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  930.785239][T16486] fuse: Unknown parameter 'use00000000000000000000'
[  930.807079][T16486] netfs: Couldn't get user pages (rc=-14)
[  930.994697][ T5901] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  931.015885][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.083867][ T5901] usb 2-1: Product: syz
[  931.108591][ T5901] usb 2-1: Manufacturer: syz
[  931.138585][ T5901] usb 2-1: SerialNumber: syz
[  931.224729][ T5901] usb 2-1: config 0 descriptor??
[  931.241751][ T5901] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  931.268101][ T5901] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  931.288616][ T5901] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  931.344389][ T5826] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  931.364620][T16495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2899'.
[  931.467045][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  931.482624][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  931.616294][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  931.648689][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  931.695996][ T5826] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  931.709107][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.735004][ T5826] usb 5-1: config 0 descriptor??
[  931.798570][T16508] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  931.808653][T16508] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  932.342438][ T5826] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  932.350546][ T5826] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  932.361366][ T5826] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0012/input/input21
[  932.409836][ T5826] cm6533_jd 0003:0D8C:0022.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  932.615625][ T5826] usb 5-1: USB disconnect, device number 39
[  932.634610][T16520] netlink: 'syz.2.2907': attribute type 13 has an invalid length.
[  932.652752][T16520] netlink: 'syz.2.2907': attribute type 27 has an invalid length.
[  932.671109][T16518] virt_wifi0 speed is unknown, defaulting to 1000
[  932.953119][T16518] lo speed is unknown, defaulting to 1000
[  933.414058][ T5826] usb 2-1: USB disconnect, device number 24
[  933.535722][T16527] fuse: Unknown parameter 'user_i00000000000000000000'
[  933.546784][ T5834] Bluetooth: hci1: command 0x0406 tx timeout
[  933.548594][T16527] netfs: Couldn't get user pages (rc=-14)
[  934.402483][T16544] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2913'.
[  934.445988][T16542] bridge_slave_0: left allmulticast mode
[  934.460231][T16542] bridge_slave_0: left promiscuous mode
[  934.476870][T16542] bridge0: port 1(bridge_slave_0) entered disabled state
[  934.503154][T16542] bridge_slave_1: left allmulticast mode
[  934.510613][T16542] bridge_slave_1: left promiscuous mode
[  934.517028][T16542] bridge0: port 2(bridge_slave_1) entered disabled state
[  934.543319][T16553] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2912'.
[  934.569156][T16542] bond0: (slave bond_slave_0): Releasing backup interface
[  934.587993][T16542] bond0: (slave bond_slave_1): Releasing backup interface
[  934.639435][T16542] team0: Port device team_slave_0 removed
[  934.655987][T16542] team0: Port device team_slave_1 removed
[  934.662782][T16542] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  934.672845][T16542] batman_adv: batadv0: Removing interface: batadv_slave_0
[  934.693021][T16542] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  934.702134][T16542] batman_adv: batadv0: Removing interface: batadv_slave_1
[  934.783053][    T9] lo speed is unknown, defaulting to 1000
[  934.806827][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2916'.
[  934.818809][T16557] macsec1: entered promiscuous mode
[  934.824681][T16557] bridge0: entered promiscuous mode
[  935.360069][T16546] team0: Mode changed to "loadbalance"
[  935.796567][T16556] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2917'.
[  935.809702][T16556] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2917'.
[  935.820225][T16556] netlink: 81 bytes leftover after parsing attributes in process `syz.1.2917'.
[  935.844929][ T5902] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  936.028841][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.124570][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.169777][T16572] fuse: Unknown parameter 'user_i00000000000000000000'
[  936.206588][T16572] netfs: Couldn't get user pages (rc=-14)
[  936.283648][ T5902] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  936.335475][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.374256][ T5902] usb 3-1: config 0 descriptor??
[  936.453681][ T5871] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  936.639545][ T5871] usb 2-1: Using ep0 maxpacket: 16
[  936.678476][ T5871] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  936.742666][ T5871] usb 2-1: config 0 has no interface number 0
[  936.921992][ T5902] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0
[  936.927091][ T5871] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  936.932155][ T5902] cm6533_jd 0003:0D8C:0022.0013: unknown main item tag 0x0
[  936.958601][ T5902] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0013/input/input22
[  937.537796][ T5902] cm6533_jd 0003:0D8C:0022.0013: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  937.567237][ T5902] usb 3-1: USB disconnect, device number 69
[  937.579220][ T5871] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 0.00
[  937.629291][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  937.699366][ T5871] usb 2-1: Product: syz
[  937.709663][ T5871] usb 2-1: SerialNumber: syz
[  937.743099][ T5871] usb 2-1: config 0 descriptor??
[  938.184748][ T5871] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71
[  938.575786][T16599] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2930'.
[  938.665833][ T5871] usb 2-1: USB disconnect, device number 25
[  940.194679][T16624] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2934'.
[  940.343795][ T5871] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  943.390133][T16641] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  943.400630][T16641] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  943.503639][T16646] batadv_slave_1: entered promiscuous mode
[  943.864619][T16645] batadv_slave_1: left promiscuous mode
[  944.233258][T16661] fuse: Unknown parameter 'user_id00000000000000000000'
[  944.256040][T16661] netfs: Couldn't get user pages (rc=-14)
[  944.732769][   T30] audit: type=1400 audit(2000000839.930:548): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16666 comm="syz.4.2950" daddr=::ffff:172.20.20.0
[  946.056881][ T9116] Bluetooth: hci5: Frame reassembly failed (-84)
[  946.076061][T16693] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2955'.
[  946.952420][T16704] batadv_slave_1: entered promiscuous mode
[  946.971804][T16703] batadv_slave_1: left promiscuous mode
[  947.363667][ T5871] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[  947.406966][ T5834] Bluetooth: hci2: unexpected event for opcode 0x2003
[  947.417585][T16718] siw: device registration error -23
[  947.540642][ T5871] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  947.558488][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  947.569303][ T5871] usb 3-1: Product: syz
[  947.574090][ T5871] usb 3-1: Manufacturer: syz
[  947.579278][ T5871] usb 3-1: SerialNumber: syz
[  947.587935][ T5871] usb 3-1: config 0 descriptor??
[  947.598277][ T5871] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  947.615471][ T5871] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  947.631050][ T5871] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  947.678839][T16732] loop6: detected capacity change from 0 to 63
[  947.696603][    C1] blk_print_req_error: 22 callbacks suppressed
[  947.696627][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0
[  947.714979][    C0] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.715086][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.724184][    C0] buffer_io_error: 22 callbacks suppressed
[  947.724200][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  947.725255][    C0] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.733344][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.764239][    C0] Buffer I/O error on dev loop6, logical block 2, async page read
[  947.778714][    C1] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.788135][    C1] Buffer I/O error on dev loop6, logical block 3, async page read
[  947.801101][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.802395][    C1] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.810419][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.819520][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  947.836534][    C1] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.845864][    C1] Buffer I/O error on dev loop6, logical block 2, async page read
[  947.853841][    C1] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.863271][    C1] Buffer I/O error on dev loop6, logical block 3, async page read
[  947.875925][   T47] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  947.884653][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  947.893916][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  947.901836][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  948.103656][T11483] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  948.127312][T16738] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  948.137819][T16738] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  948.172497][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  948.188442][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  948.453871][   T47] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  948.529891][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.652190][T16744] batadv_slave_1: entered promiscuous mode
[  948.672087][T16743] batadv_slave_1: left promiscuous mode
[  948.723434][   T47] usb 4-1: config 0 descriptor??
[  948.835065][T16747] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2968'.
[  949.624103][   T47] usbhid 4-1:0.0: can't add hid device: -71
[  949.673929][   T47] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  949.688465][   T47] usb 4-1: USB disconnect, device number 71
[  949.832639][T16759] Bluetooth: MGMT ver 1.23
[  949.953392][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2975'.
[  950.185733][ T5902] usb 3-1: USB disconnect, device number 70
[  950.785552][ T5834] Bluetooth: hci3: unexpected event for opcode 0x3c9d
[  951.053785][   T30] audit: type=1400 audit(2000000846.070:549): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16776 comm="syz.3.2979" daddr=::ffff:172.20.20.0
[  951.274923][T16780] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2978'.
[  951.379343][T16787] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2980'.
[  951.388711][T16787] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2980'.
[  951.486815][   T30] audit: type=1400 audit(2000000846.680:550): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=16779 comm="syz.5.2980" daddr=::ffff:172.20.20.0
[  951.553931][ T5902] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  952.124160][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  952.204858][ T5902] usb 3-1: unable to get BOS descriptor or descriptor too short
[  952.384268][ T5902] usb 3-1: config 1 interface 0 altsetting 48 bulk endpoint 0x1 has invalid maxpacket 32
[  952.487563][T16799] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2984'.
[  953.041862][ T5902] usb 3-1: config 1 interface 0 has no altsetting 0
[  953.153624][ T5902] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  953.193381][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.206859][ T5902] usb 3-1: Product: syz
[  953.211091][ T5902] usb 3-1: Manufacturer: syz
[  953.230666][ T5902] usb 3-1: SerialNumber: syz
[  953.323862][T16780] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  953.552994][   T47] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[  953.912746][   T47] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  953.932864][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.949562][ T5902] usb 3-1: USB disconnect, device number 71
[  953.963649][   T47] usb 4-1: Product: syz
[  953.973637][   T47] usb 4-1: Manufacturer: syz
[  953.981115][   T47] usb 4-1: SerialNumber: syz
[  953.996819][   T47] usb 4-1: config 0 descriptor??
[  954.031393][   T47] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  954.051883][   T47] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  954.065318][   T47] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  955.447115][T16823] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  955.458706][T16823] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  956.751590][    T9] usb 4-1: USB disconnect, device number 72
[  957.143840][ T5871] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  957.333818][ T5871] usb 3-1: Using ep0 maxpacket: 16
[  957.371590][ T5871] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  957.404658][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.616082][ T5871] usb 3-1: Product: syz
[  957.647660][ T5871] usb 3-1: Manufacturer: syz
[  957.666645][ T5871] usb 3-1: SerialNumber: syz
[  957.703377][ T5871] r8152-cfgselector 3-1: Unknown version 0x0000
[  957.735974][ T5871] r8152-cfgselector 3-1: config 0 descriptor??
[  958.123876][ T5826] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  958.293697][ T5826] usb 4-1: Using ep0 maxpacket: 16
[  958.389164][ T5826] usb 4-1: config 0 interface 0 has no altsetting 0
[  958.420886][ T5826] usb 4-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  958.422727][ T5871] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  958.448952][ T5826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  958.651761][ T5826] usb 4-1: config 0 descriptor??
[  958.676903][   T47] r8152-cfgselector 3-1: USB disconnect, device number 72
[  958.832813][ T5871] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  958.974728][ T5826] hid (null): unknown global tag 0xe
[  959.233799][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.244206][ T5871] usb 2-1: config 0 descriptor??
[  959.253848][ T5826] hid (null): invalid report_count 56795
[  959.259541][ T5826] hid (null): unknown global tag 0xd
[  959.266816][ T5871] gspca_main: cpia1-2.14.0 probing 0813:0001
[  959.292690][ T5826] hid (null): invalid report_count 45906
[  959.336899][ T5826] input: HID 0458:5013 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5013.0014/input/input24
[  959.415679][ T5826] input: HID 0458:5013 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5013.0014/input/input25
[  959.580428][ T5826] kye 0003:0458:5013.0014: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.3-1/input0
[  959.661849][ T5826] usb 4-1: USB disconnect, device number 73
[  959.927229][ T5871] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  960.069634][T16886] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[16886]
[  961.143839][ T5871] gspca_cpia1: usb_control_msg 02, error -110
[  961.237877][ T5871] gspca_cpia1: usb_control_msg 05, error -32
[  961.264361][ T5871] gspca_cpia1: usb_control_msg 05, error -32
[  961.283614][ T5871] gspca_cpia1: usb_control_msg 05, error -32
[  961.290540][ T5871] gspca_cpia1: usb_control_msg 05, error -32
[  961.302644][ T5871] cpia1 2-1:0.0: unexpected systemstate: 00
[  963.006423][   T47] usb 2-1: USB disconnect, device number 27
[  964.415988][T16951] tun0: tun_chr_ioctl cmd 2147767519
[  965.234592][T16956] random: crng reseeded on system resumption
[  967.405856][T16960] batadv_slave_1: entered promiscuous mode
[  967.533750][T16959] batadv_slave_1: left promiscuous mode
[  968.252796][T16980] usb usb1: usbfs: process 16980 (syz.3.3041) did not claim interface 0 before use
[  968.828358][T16994] random: crng reseeded on system resumption
[  971.418013][T16998] random: crng reseeded on system resumption
[  972.430438][T17012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3049'.
[  972.750080][T17022] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3048'.
[  974.054055][T17027] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3052'.
[  974.068540][T17027] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3052'.
[  974.193846][ T5826] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  974.721471][ T5826] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  974.806550][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.860305][ T5826] usb 5-1: config 0 descriptor??
[  974.902484][ T5826] cp210x 5-1:0.0: cp210x converter detected
[  975.304514][ T5826] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  975.393621][   T47] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  975.414261][ T5826] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  975.429305][ T5826] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  976.113000][ T5826] usb 5-1: cp210x converter now attached to ttyUSB0
[  976.125421][ T5826] usb 5-1: USB disconnect, device number 40
[  976.132794][ T5826] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  976.152532][ T5826] cp210x 5-1:0.0: device disconnected
[  976.184860][   T47] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  976.299258][   T47] usb 2-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  976.319752][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.341164][   T47] usb 2-1: Product: syz
[  976.365981][   T47] usb 2-1: Manufacturer: syz
[  976.499555][   T47] usb 2-1: SerialNumber: syz
[  976.604167][T17065] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3064'.
[  977.364003][T17041] MTD: Couldn't look up 'mountinfo': -2
[  977.493634][ T5826] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  977.496735][T17066] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[  977.520688][T17066] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 17066, name: syz.1.3058
[  977.554799][T17066] preempt_count: 0, expected: 0
[  977.559870][T17066] RCU nest depth: 1, expected: 0
[  977.565151][T17066] 4 locks held by syz.1.3058/17066:
[  977.570537][T17066]  #0: ffff888053b55cf8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x310
[  977.579837][T17066]  #1: ffff88807a0bdd88 (&type->i_mutex_dir_key#9){++++}-{4:4}, at: iterate_dir+0x4a6/0x760
[  977.590354][T17066]  #2: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: afs_dynroot_readdir+0x466/0xbe0
[  977.602839][T17066]  #3: ffff8880475d0ba0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x2f0
[  977.613127][T17066] CPU: 1 UID: 0 PID: 17066 Comm: syz.1.3058 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
[  977.613157][T17066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  977.613172][T17066] Call Trace:
[  977.613181][T17066]  <TASK>
[  977.613191][T17066]  dump_stack_lvl+0x241/0x360
[  977.613228][T17066]  ? __pfx_dump_stack_lvl+0x10/0x10
[  977.613267][T17066]  __might_resched+0x558/0x6c0
[  977.613301][T17066]  ? down_read_trylock+0xd5/0x3c0
[  977.613322][T17066]  ? __pfx___might_resched+0x10/0x10
[  977.613362][T17066]  ? __alloc_frozen_pages_noprof+0x181/0x7b0
[  977.613394][T17066]  prepare_alloc_pages+0x1cc/0x5c0
[  977.613426][T17066]  __alloc_frozen_pages_noprof+0x181/0x7b0
[  977.613465][T17066]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  977.613492][T17066]  ? lock_release+0x4e/0x3e0
[  977.613528][T17066]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  977.613558][T17066]  alloc_pages_mpol+0x339/0x690
[  977.613595][T17066]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  977.613636][T17066]  folio_alloc_mpol_noprof+0x36/0x70
[  977.613669][T17066]  shmem_alloc_and_add_folio+0x490/0x1070
[  977.613710][T17066]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  977.613744][T17066]  ? shmem_allowable_huge_orders+0x40b/0x420
[  977.613777][T17066]  shmem_get_folio_gfp+0x655/0x1800
[  977.613818][T17066]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  977.613853][T17066]  shmem_fault+0x223/0x5c0
[  977.613888][T17066]  ? __pfx_shmem_fault+0x10/0x10
[  977.613919][T17066]  ? __pfx____pte_offset_map+0x10/0x10
[  977.613950][T17066]  __do_fault+0x135/0x390
[  977.613977][T17066]  __handle_mm_fault+0x2043/0x6ef0
[  977.614022][T17066]  ? __pfx___handle_mm_fault+0x10/0x10
[  977.614046][T17066]  ? cgroup_rstat_updated+0x144/0xc40
[  977.614075][T17066]  ? mtree_range_walk+0x700/0x8e0
[  977.614109][T17066]  ? mt_find+0x28a/0x8f0
[  977.614138][T17066]  ? mt_find+0x28a/0x8f0
[  977.614168][T17066]  ? mt_find+0x699/0x8f0
[  977.614197][T17066]  ? mt_find+0x28a/0x8f0
[  977.614228][T17066]  ? __pfx_mt_find+0x10/0x10
[  977.614273][T17066]  ? find_vma+0xfa/0x170
[  977.614295][T17066]  ? __pfx_find_vma+0x10/0x10
[  977.614320][T17066]  handle_mm_fault+0x2c1/0x7e0
[  977.614351][T17066]  exc_page_fault+0x2bb/0x8b0
[  977.614383][T17066]  asm_exc_page_fault+0x26/0x30
[  977.614403][T17066] RIP: 0010:filldir+0x2c4/0x6a0
[  977.614433][T17066] Code: 87 55 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 30 49 89 46 08 48 8b 4c 24 10 48 8b 44 24 60 48 89 01 48 8b 44 24 18 8b 6c 24 3c <66> 89 41 10 48 98 40 88 6c 01 ff 48 89 44 24 30 4d 63 f5 42 c6 44
[  977.614452][T17066] RSP: 0018:ffffc9000485fbe0 EFLAGS: 00050283
[  977.614482][T17066] RAX: 0000000000000018 RBX: 0000200000002008 RCX: 0000200000001ff0
[  977.614498][T17066] RDX: ffffc9001ed9f000 RSI: 0000200000001fd8 RDI: 0000200000002008
[  977.614514][T17066] RBP: 0000000000000004 R08: ffffffff8240768d R09: 1ffff1100f384b40
[  977.614528][T17066] R10: dffffc0000000000 R11: ffffed100f384b41 R12: ffff8880348200e1
[  977.614544][T17066] R13: 0000000000000003 R14: 0000200000001fd8 R15: 00007ffffffff000
[  977.614565][T17066]  ? filldir+0x28d/0x6a0
[  977.614610][T17066]  afs_dynroot_readdir+0x814/0xbe0
[  977.614636][T17066]  ? __pfx___mutex_lock+0x10/0x10
[  977.614664][T17066]  ? afs_dynroot_readdir+0x466/0xbe0
[  977.614692][T17066]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[  977.614719][T17066]  ? __fget_files+0x2a/0x420
[  977.614746][T17066]  iterate_dir+0x5a9/0x760
[  977.614780][T17066]  __se_sys_getdents+0x1ff/0x4e0
[  977.614817][T17066]  ? __pfx___se_sys_getdents+0x10/0x10
[  977.614846][T17066]  ? __pfx_filldir+0x10/0x10
[  977.614884][T17066]  ? do_syscall_64+0xb6/0x230
[  977.614915][T17066]  do_syscall_64+0xf3/0x230
[  977.614943][T17066]  ? clear_bhb_loop+0x45/0xa0
[  977.614967][T17066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.614988][T17066] RIP: 0033:0x7ff76a18d169
[  977.615007][T17066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  977.615025][T17066] RSP: 002b:00007ff76b050038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  977.615047][T17066] RAX: ffffffffffffffda RBX: 00007ff76a3a6080 RCX: 00007ff76a18d169
[  977.615063][T17066] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000008
[  977.615077][T17066] RBP: 00007ff76a20e2a0 R08: 0000000000000000 R09: 0000000000000000
[  977.615090][T17066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  977.615104][T17066] R13: 0000000000000000 R14: 00007ff76a3a6080 R15: 00007fff5a60c258
[  977.615131][T17066]  </TASK>
[  978.096945][   T47] usb 2-1: selecting invalid altsetting 1
[  978.102974][   T47] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  978.103029][   T47] dvb_usb_lmedm04 2-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  978.125672][   T47] usb 2-1: USB disconnect, device number 28
[  978.167427][ T5826] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  978.177781][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.186049][ T5826] usb 5-1: Product: syz
[  978.190268][ T5826] usb 5-1: Manufacturer: syz
[  978.194966][ T5826] usb 5-1: SerialNumber: syz
[  978.201420][ T5826] usb 5-1: config 0 descriptor??
[  978.208374][ T5826] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  978.218677][ T5826] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  978.230317][ T5826] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  978.660986][T17074] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  978.671206][T17074] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  980.257749][  T883] usb 5-1: USB disconnect, device number 41