last executing test programs:

3m14.792514375s ago: executing program 0 (id=727):
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x3, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/llc/core\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00)
sendmmsg$sock(r5, &(0x7f0000003bc0), 0x4000000000002ca, 0x4040014)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f00000000c0)={0x3, 0xd, {<r6=>r0}, {0xee00}, 0x0, 0x3})
prlimit64(r6, 0x4, &(0x7f0000000180)={0xf4, 0xe}, &(0x7f00000001c0))
r7 = syz_open_dev$vcsn(0x0, 0x2, 0x101081)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r7, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="100569120c0eabb03435f2128e5a49dc7ea81292499d23045ac26e32a12c9684800c9212227722f0d72316f419748b588e84cc5d157ecda3de046bfa6a9a4578959711f5cc08eba7947d4dba4e2e84dcbcd1b9a87fd6626ae4200efe5fe51bef849a15a3a39a354356bb6475fd5dc1abb6117922664e237ce79526520d23e3abd682053d09bc38d76cd59f288b8f928498a02373f800ca3bd10d742c54e8ba0000000000", @ANYBLOB], 0x110}, 0x1, 0x0, 0x0, 0x4001}, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x3)
inotify_init()

3m9.038868489s ago: executing program 0 (id=743):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
accept4(r2, 0x0, 0x0, 0x800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa06"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840)
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

3m7.210727011s ago: executing program 0 (id=749):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000980)=ANY=[@ANYBLOB="9feb01001800430000000000240000002400000002000000000000000000000d020000000000000001000005fa0d"], &(0x7f0000000f40)=""/4089, 0x3e, 0xff9, 0x1, 0x1, 0x0, @void, @value}, 0x28)

3m6.74032214s ago: executing program 0 (id=750):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="8c00000040000900fffffffffddbdf250100000004001f0071000180664daf258421409993b071068ff774eed479ee4e29250582841b6edd83f3af6cb8803c581cef8f3813c52f97b3ced597fe5a237df002de7f7d292d812d5d21fa6fe19b7400a22e1694a2aa33b57d477772df85cbe8099645ce3bee1631df8cc496d2"], 0x8c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000140), 0x4000000000000000, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = inotify_init1(0x80000)
inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x440000a0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x1a8)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000004c0)='./bus\x00')
io_setup(0x9d4, &(0x7f00000001c0)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000140)='i', 0x1}])
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000480)='wchan\x00')
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000003c0)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_rxfh_indir={0x38, 0x6, [0x6, 0x1, 0xff, 0x7, 0x7, 0x4]}})
preadv2(r4, &(0x7f0000000380)=[{&(0x7f0000000500)=""/103, 0x67}], 0x1, 0x5, 0x101, 0xd)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0)

3m5.506888054s ago: executing program 0 (id=753):
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setresuid(0xee01, 0x0, 0x0)
faccessat2(0xffffffffffffff9c, 0x0, 0x1, 0x100)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57bbb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333a8b1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d65ceec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d7500760600f3ffb2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a08ff275df45508ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a03b4c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b1eb176d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4f9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000061d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a381b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df620047bade4ba41ee0141843958479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2af2b96779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd02000000bf48ea48e0e1f463d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a24460e545c71e1940c998f39ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d596b5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c3e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1a1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a1866b598a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a8adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cea48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89e11a300510776934e87bb3c21394f46954a012b2a3b0760f5bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb000000000000000000000000001b58cadcc5aaf65e05663985a177aa1d1ea2ad1b8151c7d58f5b92827f550269b3585d98e1394e816a477e52ce2f6de2bd7192f46cf965e774968d151d2bda084b10ec4c8d2c6ab582b1e5e3ed874235ff128c661298ed75879d8a4025ad1c3d9ef6355dc7284c6e648a61da026a777fcc7ae2c60ce64a2f2b0000000000000000000000000000003022110d1230e998429a6fd8f35939a8ae5acc89123839d84b98df6f8ee2ad0b238759bf400ac14c591aefe9660076a494f73b0ea8f3cb4a9c2e4f745a2afb593fabb9481600b2f44e6415153c1f8cf974a226d2700608bb2838ef07d75aed8b082716be3c37f60f48b9995f6325fdaa1c164b1e2bcbde00"/3344], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

3m4.262411395s ago: executing program 0 (id=759):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
accept4(r2, 0x0, 0x0, 0x800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa06"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840)
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

3m3.831007139s ago: executing program 32 (id=759):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
accept4(r2, 0x0, 0x0, 0x800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa06"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840)
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

10.06329129s ago: executing program 3 (id=1275):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xb, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0xf000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
socket$rds(0x15, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r8, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd600141400010880020010000000000000000000000000000fe8000000000000000000000000000aa00000000000890"], 0x0)

9.844351854s ago: executing program 3 (id=1276):
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32, @ANYBLOB="b0c2780001051200000008000000080000000a00000009040200000000402032754c64d36ef3f10cefdcf820f8a65f815b7d0557cca5e26932fb57e8cb5f376dc776158be4fe6ff6d3c4f36b4fff8fc06675820393b0ba6c57f458f74f06e814bbab97f5588304f411ae88c9800948d800ef5e1bdd6964314910cd80284073738c0513eee78399945d369a713e020f2b4054"], 0x2e3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x39, &(0x7f0000000300)={0x0, 0xfffffffe, 0x4000, 0x1, 0x10000}, 0x0, &(0x7f0000001880))
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, 0x0, 0x4044)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="54010000120001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200020000000000000006001c000400000000000000000000000000000000000000000000000001480003006465666c61746500"/260], 0x154}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000140))

8.975901968s ago: executing program 3 (id=1278):
semget$private(0x0, 0x2, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000940)={0x202d520, 0x2, 0x0, 0x8d6b, 0x40, "04000a00800000000e00"})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000040)=0xd)
semop(0x0, &(0x7f00000002c0)=[{0x0, 0x3}, {0x0, 0x8000}], 0x2)
semop(0x0, &(0x7f0000000300)=[{0x0, 0xd90d}], 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
read$FUSE(r4, &(0x7f00000007c0)={0x2020}, 0x2020)
semctl$IPC_RMID(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0)

7.742124414s ago: executing program 5 (id=1282):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000000c0601010000004a0000000000000008050001"], 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000)

7.531623677s ago: executing program 5 (id=1284):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000500)={&(0x7f0000000240)={0x74, r3, 0x800, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x4af6a438, 0x21}}}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "50d307a92f93d40e4e783a51e1"}, @NL80211_ATTR_KEY={0x2c, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "7cb8a9e8d8671194b1fd6e0b7f"}, @NL80211_KEY_DEFAULT_TYPES={0xc, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x874f522ee1a2c1b7}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)={0x20, r0, 0x1, 0x0, 0x0, {0x1e}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x20}}, 0x80)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r6, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0}}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x4c, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_SRC={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, @RTA_SPORT={0x6, 0x1c, 0x4e24}]}, 0x4c}}, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
unshare(0x22020600)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x2})
syz_usb_connect$cdc_ncm(0x0, 0x75, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000082505a1a4400001020301090263000201fdffff080480000102090000052406000105240000000d240f0100000000000000000006341a00000107241400efffff08058103"], 0x0)

4.998915394s ago: executing program 2 (id=1296):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000440)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2000000000000000290000000400"], 0xd8}}], 0x1, 0x40088d0)

4.957164618s ago: executing program 3 (id=1297):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000200))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000000c0)=0x4)
r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x23f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x2, 0x8, {0x9, 0x21, 0xd, 0xb, 0x1, {0x22, 0xfb4}}, {{{0x9, 0x5, 0x81, 0x3, 0x420, 0x8, 0x1, 0x6}}}}}]}}]}}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000500)={0x2c, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000f00)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000e40)={0x20, 0x1, 0x9, "0d023bb34e27ce631b"}, 0x0})
syz_usb_control_io$hid(r3, 0x0, 0x0)
writev(r2, &(0x7f000009de80)=[{&(0x7f000009df00)='\f', 0x1}], 0x1)

4.886863302s ago: executing program 2 (id=1299):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xb, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0xf000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
socket$rds(0x15, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, 0x0, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd600141400010880020010000000000000000000000000000fe8000000000000000000000000000aa00000000000890"], 0x0)

4.800668634s ago: executing program 1 (id=1300):
unshare(0x8020480)
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000200)=@updpolicy={0x27c, 0x19, 0x1, 0x0, 0x0, {{@in6=@dev={0xfe, 0x7}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@tmpl={0x1c4, 0x5, [{{@in6=@remote}, 0x0, @in=@broadcast}, {{@in6=@mcast2}, 0x0, @in=@dev}, {{@in=@multicast2}, 0x0, @in6=@loopback}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, @in6=@dev}, {{@in=@remote}, 0x0, @in6=@loopback}, {{}, 0x0, @in6=@rand_addr=' \x01\x00'}, {{@in6=@dev}, 0x0, @in=@local}]}]}, 0x27c}}, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r2, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfff00002}, {0x16, 0x0, 0x0, 0x31}]}, 0x10)
sendmmsg$inet6(r2, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="00f13c3c4e9b12ee08f606e0349d7dd29c20af0e2c89278852d9868ccd4d3fc168926d96e0559af54cb260ed75", 0x2d}], 0x1}}], 0x1, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000140)={0x2, 0x9, @remote}, 0x10)

4.499043872s ago: executing program 1 (id=1301):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$TIOCMSET(r0, 0x5418, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003afe0620e60405000001010203010902240001000010000904140002a024260009050602ff0300000009058202"], 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r3 = socket(0x18, 0x0, 0x0)
connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x2, @empty, 'geneve1\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
mount(0x0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x141202, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
sysinfo(&(0x7f0000000000)=""/109)

4.451234847s ago: executing program 2 (id=1303):
r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffd, 0x6, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x30, 0xffffffffffffffff, 0x0}) (fail_nth: 4)

4.304659825s ago: executing program 2 (id=1304):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x1, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x83fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100000000, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd451, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3000602c, 0x10000, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x7, 0xbffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffff0001, 0x0, 0x4000000]})

4.28307835s ago: executing program 2 (id=1305):
creat(&(0x7f0000000200)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYRES64=r0], 0x15)
r2 = dup(r1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect(0x0, 0x3d, 0x0, 0x0)
write$smackfs_access(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendto(r6, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r8, &(0x7f00000004c0)=[{&(0x7f0000010240)="07d0", 0x2}], 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2])

3.960187659s ago: executing program 4 (id=1307):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0xc2, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "42c59c23cba5509acc1fcb978db9c707"}]}}}}}}}, 0x0)
syz_emit_ethernet(0x38, &(0x7f0000000380)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4}, {'2Z'}}}}}}, 0x0)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x4, 0x2}, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2fc, 0x30, 0x20, 0x70bd2b, 0x25dfdbff, {}, [{0x2e8, 0x1, [@m_nat={0xb8, 0x20, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x678e, 0x8, 0x401, 0x7}, @dev={0xac, 0x14, 0x14, 0x1d}, @private=0xa010100, 0xff, 0x1}}]}, {0x65, 0x6, "22f8041133b73c8aea5c5688dbba84d22497a97c5283662e93bb7ebc1355b877d4ae5fd87a74d2ba911a1aa914cbc54186ccbcc807990cd8f2824a6a7ef12ef2cca086806b5b015e0f7b7d33f319419fc6ac5cf90c6b01d3bd08ba8952c5b159ff"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_connmark={0x14c, 0x1f, 0x0, 0x0, {{0xd}, {0x11c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0xd, 0x0, 0x1, 0x1}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x9, 0x7, 0xbebe, 0x3}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x4, 0x6, 0xba, 0x7fff}, 0x1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffff3df, 0x6, 0xffffffffffffffff, 0x4, 0x3}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x5, 0x8, 0x4685, 0x7fffdfff}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4a302503, 0x188e, 0x0, 0x800, 0x9}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x9fa, 0x0, 0xc299, 0x9}, 0x79a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x30, 0x4, 0xffffffffffffffff, 0x9, 0x8}, 0x10}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x269c, 0x0, 0x7, 0x3}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x10001, 0xff, 0x10000000, 0x44d9, 0xfffffe01}, 0xe54}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x4, 0x2}}}}, @m_sample={0xb0, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x81, 0x6, "4d11ef01da7337625695ddc3d5012aa6f3638794346943b9ee757a1a4ac5f8ce5f6016d63b9db431952a32c8ea295bd8bea222698ce859490fd8784037c47670d89010426411cce59038883b69db801c8d08e1d6ea90e03c637d4dc6a17cefee6540c36dba3573d039f7b6e9fb810ecdc039c3105f3423c721e04c7b05"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ctinfo={0x30, 0x13, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x2fc}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000088c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000008900)={0x6, 0x8, 0x1, 0x0, 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xb)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000002c0)={'vcan0\x00', <r9=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=@can_delroute={0x88, 0x19, 0x0, 0x70bd28, 0x25dfdbfe, {0x1d, 0x1, 0x6}, [@CGW_FILTER={0xc, 0xb, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1, 0x1}}}, @CGW_SRC_IF={0x8, 0x9, r7}, @CGW_SRC_IF={0x8, 0x9, r9}, @CGW_SRC_IF={0x8, 0x9, r7}, @CGW_MOD_OR={0x15, 0x2, {{{0x4, 0x1, 0x1, 0x1}, 0x1, 0x1}}}, @CGW_MOD_AND={0x15, 0x1, {{{0x3, 0x1}, 0x7, 0x1, 0x0, 0x0, "c8aa592cd23abdb6"}}}, @CGW_DST_IF={0x8, 0xa, r9}, @CGW_MOD_XOR={0x15, 0x3, {{{0x3, 0x1, 0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, "35c22819427bf746"}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000800}, 0x80)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000600)={0x6, @sliced={0xe, [0x9, 0x4, 0x7, 0xe, 0x7ff, 0x2, 0x6e, 0x8, 0x2, 0xea4, 0x9, 0x7, 0x40, 0x5, 0xe, 0x6, 0x4, 0x4, 0xe06, 0xfff, 0x7, 0x5, 0x101, 0x8001, 0xd230, 0x8, 0x5, 0x8001, 0x5, 0x2, 0x7f, 0x0, 0x2087, 0x100, 0x8, 0x5, 0xeea9, 0x9, 0x8, 0x0, 0xe1b, 0x40, 0x6, 0xaf, 0x89, 0x9db7, 0x0, 0x8]}})

3.906972553s ago: executing program 5 (id=1308):
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x101202, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x40000000)
r0 = io_uring_setup(0x6280, &(0x7f0000000080)={0x0, 0x10000000, 0x0, 0x0, 0x1d2})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

3.778753395s ago: executing program 4 (id=1309):
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000100)="305c065ae182d12fd8326183700398d1c7d7982b8f57fb20a3adc9e3baa292ce8f0a861e6417acfc8648ad1b93d502b0cd490e35d53ddf6fd0461690982b0269490100b06df5aa58a09a000000808ce41d86b9b949004fd8fe7b80000000", 0x5e, 0xfffffffffffffffe)

2.610099434s ago: executing program 1 (id=1310):
mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x4002, &(0x7f0000000000)=0x100002, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@newtaction={0x304, 0x30, 0xb, 0x1d9, 0x0, {}, [{0x34, 0x1, [@m_gact={0x0, 0x18, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x1, 0xac1, 0x5}}]}, {0x0, 0x6, "36b914f58ac99a32d345aa1c51f8d0e1924d4bce8f4f562733cc6ea529a8f6993b4284da7c70ee4418a2dce806f54c88a26759159b145b7925b00194ca0663bff00ba504f4dc6cba00f850b26062792cc1e23d05d3db49ef73fbd09b2e238feeb86a94e8d968fa6ab4161a0cb31df60ff36a1e"}, {0x0, 0x7, {0x1}}, {0x0, 0x8, {0x1, 0x3}}}}]}, {0x2bc, 0x1, [@m_ctinfo={0x124, 0x4, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xc}]}, {0xed, 0x6, "c240656981530988b71edaaf3aa0bed2328076cf34e20e47c1780f98d232ac7840ebfd6db8595ebecd31e28db64eb08bc92cb5a6d1048345b13707d6e3e697d77c5799fcfdc7f89205a54c7bd66f0b5827ff68e6530d27dd1c1acbde25c0cb0339bb5a822562920374f0129faaa5e956fa6d9611997b3a04cf5d09dd3452454690b64be9cc91c1067f2052e91c8cace55538d775cf8a012ac13a8a7d7c1ead5eb34b80a8c5f3008b5fdf1c5a426d8356d6e346614511d1faab5b8ee118055c536d673a75ebcaebded09787de1793cd69648a33f0891537ac3f0c76484ebb894f87d42aa5d4b9b7f488"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ife={0x194, 0x28, 0x0, 0x0, {{0x8}, {0xa0, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x8, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_TYPE={0x6, 0x5, 0x1}, @TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @TCA_IFE_DMAC={0xa}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x347db2d0, 0x6, 0x3, 0x6}}}, @TCA_IFE_SMAC={0xa, 0x4, @local}, @TCA_IFE_PARMS={0x1c, 0x1, {{0xee70, 0x2, 0xffffffffffffffee, 0x2, 0x1}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x2, 0x0, 0x6, 0x6, 0x7}}}, @TCA_IFE_DMAC={0xa, 0x3, @remote}]}, {0xfffffe7e, 0x6, "b05e096b4e5a86873efdebfb082811137cba969c07c746a830c05b85a0c1ad7253015fa99c3fd5aeddd0aa234df509b044371273add9750e7d683dd918d383a270e65141ba7fae999a6792f556c3447f295c6965d3463eb2f4342a2252c9e44602729b258d3c6786a1d04b297c07f914acce1b14d5d945505f5dc73207ce4adf7536f8daf2d7d595fda47acd052422e0cb3ab96aae9c7c2cc82207d4600aef54de7ef378c2b61eb97a891ec6e8dc7216fce2753b9921edeb3a83a2813c36f8646d4d1751b0297b2eae"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x304}, 0x1, 0x0, 0x0, 0x4044800}, 0x0)

2.609264329s ago: executing program 4 (id=1311):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b1936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000000048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab35eb4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace59645885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb001598cb30711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c20000000000015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95ec2eeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee93f9959e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749feaecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed30713304811d889a70c22232496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cd2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ed65af3d194db76127f88f284fa1b71ab964fdd2474488da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bc84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985af5b07cb20488ea035df7f5dccd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0b2e9f3bb90613508c00a292a0c5b87a4f8ff35eba73ce9ebf77d0c842063a7b42c757d008678d38e6a868eaead4f19cdeb7cfc100ceabb4a3999cce5d36ecfe80def20f7187bab75515226f4d9b30e0567612210d492468781999ce795522b726bdf37b15e9afde32a7052cc909efe6ae7804e5044f9f7ae2d8cb08cca312c557bff04cf1fbb0dcfe8ac000000000000000000d4ffcfca7266a0ef3a12fd18925d2a64e10e5c8f381cb10a19864b19d4799a32669c11684eb4b1e71ed7e6b7ad3f3dbdd6458c88a8e17bfe6f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff4f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0x81, 0x0, &(0x7f0000000380)="76389e147583ddd0569ba56a5cfd648648c794dceff4649348f1d269778c7dc094c0ee86c3a16d309153fc598ccf53aca6eacff037eeeed4a2c65e339b5d9e94c1885e4a8c83c6c29c9fbd1bc918c1fb569de249da976736052b1e0b0ea3da438a30d6c5e65ce45b43c56651c769540324707221d45140bdd23454a43d9daaafd7", 0x0, 0x3404, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000002280)={@val={0x8, 0x88e7}, @val={0x7, 0x83, 0x2, 0x100, 0x14}, @llc={@snap={0xaa, 0x1, '\x00', "5f5c1a", 0x2, "3dae39566565c0742a226a2904a71c745e4112d354469555edc4497f1e8833c1082884a3a5bcbfab3940c7e02e228b5f937bc738181a47ee3bad0a642d4c18a73c68d917e0aa74b125b9ef4835a7e4206e33a85b7478264b64e23195269d04061d1c8f3a1020d84464742adb0c7a544e2dd3ca8f307b2b35662864d4b1f663579970992d58e7c760cf09ea9548166a68895a0e3d966c4c0a24811f65e006c841818368951fba6cf12b8b45ec623341f855c9531e1a67846c555f7df561f742f6578759769ce50a0df988eaa5b58e8eeead4ac67548ddcc1e858565dfb98ab629c01f9621cf3baf1a7da101e0a8bfc5a693574a818b"}}}, 0x10b)

2.138871129s ago: executing program 5 (id=1312):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000140)={0x2, 0x9, @remote}, 0x10)

1.967256894s ago: executing program 1 (id=1313):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x0, 0x50c00)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = dup2(r1, r0)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000100)=""/84, 0x54}, {0x0}], 0x2)

1.88461341s ago: executing program 5 (id=1314):
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32, @ANYBLOB="b0c2780001051200000008000000080000000a00000009040200000000402032754c64d36ef3f10cefdcf820f8a65f815b7d0557cca5e26932fb57e8cb5f376dc776158be4fe6ff6d3c4f36b4fff8fc06675820393b0ba6c57f458f74f06e814bbab97f5588304f411ae88c9800948d800ef5e1bdd6964314910cd80284073738c0513eee78399945d369a713e020f2b4054"], 0x2e3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x39, &(0x7f0000000300)={0x0, 0xfffffffe, 0x4000, 0x1, 0x10000}, 0x0, &(0x7f0000001880))
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, 0x0, 0x4044)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="54010000120001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006c000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200020000000000000006001c000400000000000000000000000000000000000000000000000001480003006465666c61746500"/260], 0x154}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000140))

1.884132223s ago: executing program 4 (id=1315):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x1, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x83fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100000000, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd451, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3000602c, 0x10000, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x7, 0xbffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffff0001, 0x0, 0x4000000]})

1.840908421s ago: executing program 4 (id=1316):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000000c0)=0x2001)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000280)=ANY=[@ANYRES32=r3], 0x14)
r4 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r4, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x5}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time}], 0x38)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000002c0)={r3, 0x42, 0xc00}, 0x8)
readv(r4, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1)

1.324301581s ago: executing program 1 (id=1317):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$TIOCMSET(r0, 0x5418, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003afe0620e60405000001010203010902240001000010000904140002a024260009050602ff0300000009058202"], 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r3 = socket(0x18, 0x0, 0x0)
connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x2, @empty, 'geneve1\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x141202, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
sysinfo(&(0x7f0000000000)=""/109)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_usb_connect(0x0, 0x24, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xb9, 0x12, 0xf1, 0x20, 0x55f, 0xa800, 0x721d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x4, 0x0, 0x0, [{{0x9, 0x4, 0x6d, 0x0, 0x0, 0x37, 0xf8, 0x7e}}]}}]}}, 0x0)

1.228476714s ago: executing program 3 (id=1318):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0xffffffff80000000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000029c0)=@newtaction={0x478, 0x13, 0x53b, 0x0, 0x0, {}, [{0x464, 0x1, [@m_police={0x460, 0xf, 0x0, 0x0, {{0xb}, {0x434, 0x2, 0x0, 0x1, [[@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}, @TCA_POLICE_RATE64={0xc, 0x8, 0x2}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x86f7}], [@TCA_POLICE_RATE64={0xc, 0x8, 0xc}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x59, 0xfffff4a5, 0x0, 0x3, 0x1, 0x6, 0x1, 0x0, 0x6, 0xb10, 0x800, 0xe, 0x33c, 0x81, 0x96, 0x6, 0x6d, 0xc35, 0xfffffffc, 0x9, 0xe, 0x4, 0x8, 0x7ff, 0x4, 0x3d9, 0x3, 0x0, 0x1000, 0x6, 0x8c, 0xa9af9d3, 0x1, 0x5, 0xf15, 0x0, 0x1, 0x3, 0x7f, 0x1, 0x1, 0x7, 0x3, 0x4a, 0x6, 0x9, 0x5, 0x3, 0x5, 0x3ff, 0x4, 0x1, 0x6, 0x80000000, 0x3, 0x100, 0x3ff, 0x0, 0x53a, 0xb275, 0x79, 0xfffffff7, 0x7, 0xfffffffd, 0x7, 0x82f, 0x2, 0x4, 0x10001, 0x1, 0x9, 0x70, 0x6c, 0x5, 0xb, 0x10000, 0x3, 0xffffffff, 0x5, 0x1, 0xfffff801, 0x7fffffff, 0xfffffffa, 0x6, 0x3, 0x6, 0x80000001, 0x200, 0x7, 0x0, 0x40, 0xe, 0x2, 0x5, 0x7, 0x7, 0x4, 0x6, 0x2, 0xa, 0x9, 0x0, 0x1, 0x2, 0x8, 0x1, 0x9, 0x785, 0x0, 0x77, 0x5, 0x10000, 0x800, 0x5933, 0xff, 0x9, 0x401, 0x200, 0x2, 0x9, 0xfffffff9, 0x2, 0x3, 0x800, 0xfe4a, 0xfffffffd, 0x8000, 0x2, 0x7f, 0xe, 0x5, 0x9, 0xffff9137, 0x8, 0xa07, 0x4, 0x10001, 0x4, 0xb, 0x1ff, 0xfff, 0x3, 0x6c, 0x2, 0xc, 0x4b, 0xfffffffc, 0x0, 0xb68, 0x3, 0xffff, 0x7a, 0x7d1, 0x7, 0x8001, 0x8, 0x5, 0x7, 0x6, 0x5, 0x7ff, 0xfffffff7, 0x67, 0x2, 0x9, 0x7, 0x0, 0x9, 0x4, 0x0, 0x8, 0x3, 0x5, 0x2, 0x48, 0x4, 0x3, 0x112, 0x1, 0x4, 0x0, 0x0, 0x87, 0x3, 0x0, 0xde1d, 0x5aa3, 0x6, 0x80000001, 0xfffffffc, 0x7, 0x3ff, 0x3, 0x7724, 0xd0, 0x250d5eb1, 0x29d, 0x3, 0x7, 0x3, 0xff, 0x7, 0x3, 0x2, 0x0, 0x4, 0xa1, 0x7b53a07c, 0x400, 0x8, 0x8000, 0xf, 0x18000, 0x2, 0x4, 0x200, 0xdd, 0x1, 0xe26f, 0x0, 0x7, 0x1, 0x2, 0x1, 0xeda17dc, 0xbf, 0x2ed, 0xbd5a, 0x5, 0xdcca, 0x9, 0x9, 0x2, 0x1, 0x1ff, 0x75, 0x7, 0x1ff, 0x0, 0x1, 0x87, 0x9, 0x8, 0x8, 0x4, 0xb, 0x3, 0x6, 0x7, 0x4c, 0x7f, 0x3ff, 0xffffffff, 0xffff, 0x80]}]]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x478}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[], 0x13d8}, 0x1, 0x0, 0x0, 0x40c0051}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="4000000010001fff2bbd7000000000000000000081043b276a7b3d655db00e1b087f02738da92adb1836ba0398bf0a3c5e0e1dde36a06f0e494e2883fd46b015133058ff52b1fd3fdd135832b4f22df4773a96c79ebdd8c6cebb1f0c4dfad2a2071d3850ede3170efbf8c0a86bac5a381369179ee734050887b4de012b219ea0056f6a82a7fe3b2c2803089379b1c81e7d794c8dfea6d916c5b75888028dd5c07557d5783918cc8370621bd110003ede73b8", @ANYRES32=0x0, @ANYBLOB="42950400c81a0100180012800b000100697036746e6c000008000280040013000800040093310000"], 0x40}, 0x1, 0x0, 0x0, 0x48030}, 0x4000)
ppoll(&(0x7f0000000500), 0x0, &(0x7f00000005c0), 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000000)={[0x1000]}, &(0x7f00000000c0), &(0x7f0000000180)={0x0, 0x989680}, 0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xb0000008})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x4, 0x4, 0x3b0, 0xffffffff, 0x1a0, 0x1a0, 0x1a0, 0xffffffff, 0xffffffff, 0x2e0, 0x2e0, 0x2e0, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @remote, [], [], 'bridge_slave_1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x410)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r8 = userfaultfd(0x1)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r8, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)
signalfd4(r7, &(0x7f0000000000)={[0x4]}, 0x8, 0x0)

1.024089102s ago: executing program 2 (id=1319):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x1e)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042)
ioctl$HIDIOCGRDESC(r2, 0x40305829, &(0x7f0000000140)={0xd, "7954bbc8aae250bd23544617d5"})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'veth1_virt_wifi\x00', &(0x7f0000000f00)=@ethtool_cmd={0x23, 0x9, 0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x1, 0x1000005, 0x8, 0x2, 0x0, 0x4, 0xfffffffe, [0xeaea]}})
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x0)
r5 = dup(r4)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x3)
dup3(0xffffffffffffffff, r5, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280), 0x22200, 0x0)
r6 = dup3(r1, r0, 0x80000)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x13)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
pwritev(r7, &(0x7f0000000080)=[{&(0x7f00000010c0)="aabf", 0x2}, {&(0x7f0000000400)='=', 0x1}, {&(0x7f00000004c0)="40aa", 0x2}], 0x3, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(r1, 0x0, 0x4040)
sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000001240)={&(0x7f0000001140), 0xc, &(0x7f0000001200)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x4010)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES32=r5, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="122de2f481006f81ecb0b5cc09b460e34b1f5985e912aa88c76277a7100288879ae5c2d931c6e21e6d690d19ef1c03ae31769b68bb2ae049299bf02633622c29ea4017556ed5acf3c3238c332bfdf9daa4f9fc7ed54d2104f67bce9d28da138a0f520d659c32c951f485a8b895cd1f563d25ec74ad015ca4891b2c286deb768e6ff7a20f00dfbdb396f02abd4c936198cc9533609f1a5bcc08f82d70138712031c0f393781e31bcfbd06d8e18c854ed0fd75ed0e46faf163e91fdd34824607c1eb940f9cd605cb1d1db50a2f48e1c9"], 0x50)
openat$nullb(0xffffffffffffff9c, 0x0, 0x40440, 0x0)

953.53577ms ago: executing program 5 (id=1320):
open(&(0x7f0000000300)='./file2\x00', 0x0, 0xf4)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_mr_vif\x00')
preadv(r0, 0x0, 0x0, 0x2c, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="c0400001", @ANYRES16=0x0, @ANYBLOB="000000000000000000001b000000200022801c000080080002000000000008000400000000000800050000000000050092000000000007002100616100007c00228034000080080003000000000008000500000000000800020000000000080003000000000008000200000000000800040000000000440000800800040000000000080007000000000008000600000000000800050000000000080001000000000008000200000000000800030000000000080007"], 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000500)={'nat\x00', 0x0, 0x0, 0x0, [0x75, 0x80000000, 0x654, 0x80000000, 0x51, 0xfffffffffffff800]}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x7)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
unshare(0x8000000)
clock_gettime(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x400, 0x105)
mknodat$loop(r2, &(0x7f0000001600)='./bus\x00', 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r6, 0x1040}}, 0x20}}, 0x0)

799.850762ms ago: executing program 3 (id=1321):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
setrlimit(0x8, &(0x7f0000000080))
mlockall(0x7)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x30000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$kcm(0x11, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x78, 0x30, 0xb, 0x70bd2a, 0x0, {}, [{0x64, 0x1, [@m_ct={0xbc, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x40000000}}, @TCA_CT_MARK={0x8, 0x10}, @TCA_CT_LABELS={0x14, 0x7, "01a822886d9641ddd79edd5310228fb6"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x10000000)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000540)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xb, 0x6, 0x5004, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
r8 = accept4$alg(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="bfe7d7c351f89e65232b8729529b26c0", 0x10}], 0x1}, 0x0)
read$alg(r8, &(0x7f0000000480)=""/179, 0xb3)
sendmsg$kcm(r0, 0x0, 0x40008c0)
mount(0x0, &(0x7f0000000300)='./file0/../file0/../file0\x00', &(0x7f0000000180)='mqueue\x00', 0x0, 0x0)

158.423791ms ago: executing program 4 (id=1322):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1d, 0x90, 0x6e, 0x20, 0x1d50, 0x60c6, 0x629b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xdd, 0x0, 0x1, 0x76, 0x24, 0x67, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x0, 0x40}}]}}]}}]}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
syz_emit_ethernet(0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="aa"], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0xb9, 0x4)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r3, &(0x7f0000000200)=[{0x0}, {&(0x7f00000000c0)=""/135, 0x87}], 0x2)

0s ago: executing program 1 (id=1323):
r0 = socket(0xf, 0x80000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0x3, 0x31)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x10, &(0x7f0000000100)=ANY=[@ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r5, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r7, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000017000d0000000000a2000f00329c"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10)
sendmsg$xdp(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

  444.506293][ T5839] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  444.518406][ T5839] cdc_wdm 2-1:1.0: Unknown control protocol
[  446.348338][ T5893] usb 2-1: USB disconnect, device number 13
[  446.563316][ T8848] bridge0: entered promiscuous mode
[  446.610774][ T8848] netlink: 4 bytes leftover after parsing attributes in process `syz.5.851'.
[  446.652278][ T8848] bridge_slave_1: left allmulticast mode
[  446.678530][ T8848] bridge_slave_1: left promiscuous mode
[  446.691002][ T8848] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.763573][ T8848] bridge_slave_0: left allmulticast mode
[  446.779733][ T8853] fuse: Bad value for 'user_id'
[  446.790936][ T8848] bridge_slave_0: left promiscuous mode
[  446.796877][ T8853] fuse: Bad value for 'user_id'
[  446.827667][ T8848] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.065789][ T8848] bridge0 (unregistering): left promiscuous mode
[  447.259264][ T5839] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  448.148813][ T8870] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  448.178379][ T5839] usb 3-1: unable to get BOS descriptor or descriptor too short
[  448.182680][ T8870] netlink: 52 bytes leftover after parsing attributes in process `syz.5.858'.
[  448.186955][ T5839] usb 3-1: not running at top speed; connect to a high speed hub
[  448.204320][ T5839] usb 3-1: config 174 has an invalid descriptor of length 16, skipping remainder of the config
[  448.214845][ T5839] usb 3-1: config 174 has 0 interfaces, different from the descriptor's value: 1
[  448.233326][ T5839] usb 3-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=31.a4
[  448.242709][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.250867][ T5839] usb 3-1: Product: syz
[  448.255680][ T5839] usb 3-1: Manufacturer: syz
[  448.260595][ T5839] usb 3-1: SerialNumber: syz
[  448.442930][ T8878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.860'.
[  449.312087][ T5839] usb 3-1: USB disconnect, device number 22
[  449.528701][ T8889] fuse: Bad value for 'user_id'
[  449.544392][ T8889] fuse: Bad value for 'user_id'
[  450.776501][ T8913] FAULT_INJECTION: forcing a failure.
[  450.776501][ T8913] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.806714][ T8913] CPU: 1 UID: 0 PID: 8913 Comm: syz.2.875 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  450.806745][ T8913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  450.806759][ T8913] Call Trace:
[  450.806766][ T8913]  <TASK>
[  450.806776][ T8913]  dump_stack_lvl+0x241/0x360
[  450.806816][ T8913]  ? __pfx_dump_stack_lvl+0x10/0x10
[  450.806848][ T8913]  ? __pfx__printk+0x10/0x10
[  450.806880][ T8913]  ? __pfx_lock_release+0x10/0x10
[  450.806914][ T8913]  should_fail_ex+0x40a/0x550
[  450.806943][ T8913]  _copy_from_user+0x2d/0xb0
[  450.806966][ T8913]  bpf_test_init+0x11f/0x180
[  450.807002][ T8913]  bpf_prog_test_run_xdp+0x48e/0x11e0
[  450.807041][ T8913]  ? __pfx_lock_release+0x10/0x10
[  450.807075][ T8913]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  450.807109][ T8913]  ? __fget_files+0x2a/0x410
[  450.807140][ T8913]  ? __fget_files+0x2a/0x410
[  450.807170][ T8913]  ? fput+0x21b/0x290
[  450.807196][ T8913]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  450.807239][ T8913]  bpf_prog_test_run+0x2e4/0x360
[  450.807269][ T8913]  __sys_bpf+0x48d/0x810
[  450.807295][ T8913]  ? __pfx___sys_bpf+0x10/0x10
[  450.807330][ T8913]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  450.807364][ T8913]  ? rcu_is_watching+0x15/0xb0
[  450.807400][ T8913]  __x64_sys_bpf+0x7c/0x90
[  450.807422][ T8913]  do_syscall_64+0xf3/0x230
[  450.807453][ T8913]  ? clear_bhb_loop+0x35/0x90
[  450.807486][ T8913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.807515][ T8913] RIP: 0033:0x7f81da58cde9
[  450.807534][ T8913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.807551][ T8913] RSP: 002b:00007f81db3d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  450.807573][ T8913] RAX: ffffffffffffffda RBX: 00007f81da7a5fa0 RCX: 00007f81da58cde9
[  450.807588][ T8913] RDX: 0000000000000050 RSI: 0000400000000240 RDI: 000000000000000a
[  450.807600][ T8913] RBP: 00007f81db3d4090 R08: 0000000000000000 R09: 0000000000000000
[  450.807613][ T8913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.807624][ T8913] R13: 0000000000000000 R14: 00007f81da7a5fa0 R15: 00007fffc5da08c8
[  450.807653][ T8913]  </TASK>
[  451.905113][ T8927] team_slave_0: entered promiscuous mode
[  451.911363][ T8927] team_slave_1: entered promiscuous mode
[  451.962831][ T8927] vlan2: entered promiscuous mode
[  451.967952][ T8927] team0: entered promiscuous mode
[  452.067669][ T8930] fuse: Bad value for 'user_id'
[  452.073137][ T8930] fuse: Bad value for 'user_id'
[  452.085356][ T8927] team0: left promiscuous mode
[  452.107721][ T8927] team_slave_0: left promiscuous mode
[  452.113297][ T8927] team_slave_1: left promiscuous mode
[  452.261877][ T8935] FAULT_INJECTION: forcing a failure.
[  452.261877][ T8935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  452.296613][ T8935] CPU: 0 UID: 0 PID: 8935 Comm: syz.2.882 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  452.296646][ T8935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  452.296660][ T8935] Call Trace:
[  452.296668][ T8935]  <TASK>
[  452.296676][ T8935]  dump_stack_lvl+0x241/0x360
[  452.296715][ T8935]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.296744][ T8935]  ? __pfx__printk+0x10/0x10
[  452.296772][ T8935]  ? __pfx_lock_release+0x10/0x10
[  452.296803][ T8935]  should_fail_ex+0x40a/0x550
[  452.296829][ T8935]  _copy_from_user+0x2d/0xb0
[  452.296849][ T8935]  do_sock_getsockopt+0x1d1/0x7e0
[  452.296891][ T8935]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  452.296917][ T8935]  ? __fget_files+0x2a/0x410
[  452.296942][ T8935]  ? __fget_files+0x395/0x410
[  452.296964][ T8935]  ? __fget_files+0x2a/0x410
[  452.296993][ T8935]  __x64_sys_getsockopt+0x2a1/0x370
[  452.297018][ T8935]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  452.297038][ T8935]  ? do_syscall_64+0x100/0x230
[  452.297065][ T8935]  ? do_syscall_64+0xb6/0x230
[  452.297092][ T8935]  do_syscall_64+0xf3/0x230
[  452.297115][ T8935]  ? clear_bhb_loop+0x35/0x90
[  452.297144][ T8935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.297168][ T8935] RIP: 0033:0x7f81da58cde9
[  452.297185][ T8935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  452.297200][ T8935] RSP: 002b:00007f81db3d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  452.297221][ T8935] RAX: ffffffffffffffda RBX: 00007f81da7a5fa0 RCX: 00007f81da58cde9
[  452.297234][ T8935] RDX: 000000000000007d RSI: 0000000000000084 RDI: 0000000000000006
[  452.297245][ T8935] RBP: 00007f81db3d4090 R08: 0000400000000100 R09: 0000000000000000
[  452.297257][ T8935] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  452.297268][ T8935] R13: 0000000000000000 R14: 00007f81da7a5fa0 R15: 00007fffc5da08c8
[  452.297293][ T8935]  </TASK>
[  452.520793][ T8939] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  452.544345][   T29] audit: type=1326 audit(1739164685.799:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.595570][   T29] audit: type=1326 audit(1739164685.799:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.617271][   T29] audit: type=1326 audit(1739164685.799:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.639175][   T29] audit: type=1326 audit(1739164685.799:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.662361][   T29] audit: type=1326 audit(1739164685.799:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.684020][   T29] audit: type=1326 audit(1739164685.809:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.705757][   T29] audit: type=1326 audit(1739164685.809:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  452.777783][   T29] audit: type=1326 audit(1739164685.809:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  453.827808][ T5834] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  453.946714][   T29] audit: type=1326 audit(1739164685.809:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  454.561143][ T5834] usb 5-1: Using ep0 maxpacket: 16
[  454.568054][   T29] audit: type=1326 audit(1739164685.809:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8938 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  454.627859][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  454.651027][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  454.675533][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  454.881328][ T8958] FAULT_INJECTION: forcing a failure.
[  454.881328][ T8958] name failslab, interval 1, probability 0, space 0, times 0
[  454.899143][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  454.919269][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  454.931389][ T8958] CPU: 0 UID: 0 PID: 8958 Comm: syz.2.889 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  454.931426][ T8958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  454.931440][ T8958] Call Trace:
[  454.931448][ T8958]  <TASK>
[  454.931460][ T8958]  dump_stack_lvl+0x241/0x360
[  454.931509][ T8958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.931550][ T8958]  ? __pfx__printk+0x10/0x10
[  454.931586][ T8958]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  454.931618][ T8958]  ? __pfx___might_resched+0x10/0x10
[  454.931648][ T8958]  should_fail_ex+0x40a/0x550
[  454.931689][ T8958]  should_failslab+0xac/0x100
[  454.931719][ T8958]  kmem_cache_alloc_node_noprof+0x77/0x380
[  454.931748][ T8958]  ? __alloc_skb+0x1c3/0x440
[  454.931785][ T8958]  __alloc_skb+0x1c3/0x440
[  454.931824][ T8958]  ? __pfx___alloc_skb+0x10/0x10
[  454.931860][ T8958]  ? netlink_ack_tlv_len+0x6e/0x200
[  454.931899][ T8958]  netlink_ack+0x145/0xa50
[  454.931948][ T8958]  netlink_rcv_skb+0x262/0x430
[  454.931984][ T8958]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  454.932013][ T8958]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  454.932072][ T8958]  ? netlink_deliver_tap+0x2e/0x1b0
[  454.932096][ T8958]  netlink_unicast+0x7f6/0x990
[  454.932138][ T8958]  ? __pfx_netlink_unicast+0x10/0x10
[  454.932166][ T8958]  ? __virt_addr_valid+0x45f/0x530
[  454.932195][ T8958]  ? __phys_addr_symbol+0x2f/0x70
[  454.932222][ T8958]  ? __check_object_size+0x47a/0x730
[  454.932251][ T8958]  netlink_sendmsg+0x8e4/0xcb0
[  454.932283][ T8958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  454.932317][ T8958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  454.932336][ T8958]  __sock_sendmsg+0x221/0x270
[  454.932366][ T8958]  ____sys_sendmsg+0x52a/0x7e0
[  454.932397][ T8958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  454.932417][ T8958]  ? __fget_files+0x2a/0x410
[  454.932452][ T8958]  ? __fget_files+0x2a/0x410
[  454.932491][ T8958]  __sys_sendmsg+0x269/0x350
[  454.932518][ T8958]  ? __pfx___sys_sendmsg+0x10/0x10
[  454.932555][ T8958]  ? do_sys_openat2+0x17a/0x1d0
[  454.932612][ T8958]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  454.932642][ T8958]  ? do_syscall_64+0x100/0x230
[  454.932687][ T8958]  ? do_syscall_64+0xb6/0x230
[  454.932719][ T8958]  do_syscall_64+0xf3/0x230
[  454.932750][ T8958]  ? clear_bhb_loop+0x35/0x90
[  454.932785][ T8958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.932815][ T8958] RIP: 0033:0x7f81da58cde9
[  454.932834][ T8958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.932853][ T8958] RSP: 002b:00007f81db3d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.932878][ T8958] RAX: ffffffffffffffda RBX: 00007f81da7a5fa0 RCX: 00007f81da58cde9
[  454.932895][ T8958] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003
[  454.932909][ T8958] RBP: 00007f81db3d4090 R08: 0000000000000000 R09: 0000000000000000
[  454.932923][ T8958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.932935][ T8958] R13: 0000000000000000 R14: 00007f81da7a5fa0 R15: 00007fffc5da08c8
[  454.932968][ T8958]  </TASK>
[  455.947125][ T5834] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  455.947163][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.947187][ T5834] usb 5-1: Product: syz
[  455.947204][ T5834] usb 5-1: Manufacturer: syz
[  455.947221][ T5834] usb 5-1: SerialNumber: syz
[  455.949778][ T5834] usb 5-1: config 0 descriptor??
[  456.211986][ T5834] appledisplay 5-1:0.0: Error while getting initial brightness: -110
[  456.217428][ T5834] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -110
[  456.444543][ T5834] usb 5-1: USB disconnect, device number 15
[  459.988219][ T9012] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  459.997069][ T9012] PKCS7: Only support pkcs7_signedData type
[  461.114352][ T9023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.907'.
[  461.379227][ T5893] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  461.549350][ T5893] usb 2-1: Using ep0 maxpacket: 8
[  461.565357][ T5893] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  461.602519][ T5893] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  461.633235][ T5893] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  461.669602][ T5893] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  461.685460][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.709256][ T5893] usb 2-1: Product: syz
[  461.713483][ T5893] usb 2-1: Manufacturer: syz
[  461.728504][ T5893] usb 2-1: SerialNumber: syz
[  462.564608][ T5893] usb 2-1: found format II with max.bitrate = 11, frame size=3572
[  462.579231][ T5893] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  462.849360][ T5893] usb 2-1: USB disconnect, device number 14
[  463.615231][ T9056] bridge5: entered promiscuous mode
[  463.620649][ T9056] bridge5: entered allmulticast mode
[  463.680173][ T9056] Invalid ELF header magic: != ELF
[  464.376764][ T9056] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  465.745854][ T5823] Bluetooth: hci3: command 0x0405 tx timeout
[  465.984673][ T9076] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  466.513455][ T9078] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  466.584677][ T9078] PKCS7: Only support pkcs7_signedData type
[  467.264357][ T9091] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  467.296046][ T9094] netlink: 28 bytes leftover after parsing attributes in process `syz.2.923'.
[  468.010864][ T9099] netlink: 'syz.5.925': attribute type 1 has an invalid length.
[  468.231976][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  469.469354][    T9] usb 2-1: Using ep0 maxpacket: 8
[  469.490011][    T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  469.503250][    T9] usb 2-1: config 179 has no interface number 0
[  469.522986][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  469.562695][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  469.614126][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 48, changing to 9
[  469.637060][    T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8244, setting to 1024
[  469.663982][    T9] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  469.710394][    T9] usb 2-1: config 179 interface 65 has no altsetting 0
[  469.717504][    T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  469.727075][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.742412][ T9097] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  469.773588][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input16
[  469.828564][ T9108] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'.
[  469.870964][ T5181] input input16: unable to receive magic message: -110
[  469.950811][ T5181] input input16: unable to receive magic message: -32
[  469.974811][ T9113] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  469.999565][ T5181] input input16: unable to receive magic message: -32
[  470.042376][ T5181] input input16: unable to receive magic message: -32
[  470.099731][ T5905] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  470.349305][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  470.358335][ T5905] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  470.375905][ T5905] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  470.428835][ T5905] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  470.457092][ T5905] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  470.467588][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.479223][ T5905] usb 4-1: Product: syz
[  470.485515][ T5905] usb 4-1: Manufacturer: syz
[  470.493224][ T5905] usb 4-1: SerialNumber: syz
[  471.604698][ T5905] usb 4-1: found format II with max.bitrate = 11, frame size=3572
[  471.614463][ T5905] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  471.667260][ T5905] usb 4-1: USB disconnect, device number 14
[  471.765582][ T3077] usb 2-1: USB disconnect, device number 15
[  471.765656][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  471.800976][ T3077] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  471.857932][ T9127] netlink: 1280 bytes leftover after parsing attributes in process `syz.4.935'.
[  471.869998][ T9127] openvswitch: netlink: Flow actions attr not present in new flow.
[  473.247031][ T9144] FAULT_INJECTION: forcing a failure.
[  473.247031][ T9144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.268773][ T9144] CPU: 1 UID: 0 PID: 9144 Comm: syz.1.940 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  473.268805][ T9144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  473.268819][ T9144] Call Trace:
[  473.268827][ T9144]  <TASK>
[  473.268836][ T9144]  dump_stack_lvl+0x241/0x360
[  473.268877][ T9144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.268910][ T9144]  ? __pfx__printk+0x10/0x10
[  473.268941][ T9144]  ? __pfx_lock_release+0x10/0x10
[  473.268975][ T9144]  should_fail_ex+0x40a/0x550
[  473.269003][ T9144]  _copy_from_user+0x2d/0xb0
[  473.269030][ T9144]  copy_msghdr_from_user+0xae/0x680
[  473.269056][ T9144]  ? __pfx___might_resched+0x10/0x10
[  473.269081][ T9144]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  473.269105][ T9144]  ? __fget_files+0x2a/0x410
[  473.269138][ T9144]  ? __sys_sendmmsg+0x392/0x720
[  473.269159][ T9144]  ? __might_fault+0xaa/0x120
[  473.269196][ T9144]  __sys_sendmmsg+0x32b/0x720
[  473.269228][ T9144]  ? __pfx___sys_sendmmsg+0x10/0x10
[  473.269258][ T9144]  ? __pfx_lock_release+0x10/0x10
[  473.269280][ T9144]  ? kstrtouint_from_user+0x128/0x190
[  473.269332][ T9144]  ? ksys_write+0x22a/0x2b0
[  473.269351][ T9144]  ? __pfx_lock_release+0x10/0x10
[  473.269383][ T9144]  ? sb_end_write+0xe9/0x1c0
[  473.269410][ T9144]  ? vfs_write+0x7fa/0xd10
[  473.269431][ T9144]  ? __mutex_unlock_slowpath+0x227/0x800
[  473.269489][ T9144]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  473.269518][ T9144]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  473.269556][ T9144]  ? do_syscall_64+0x100/0x230
[  473.269584][ T9144]  __x64_sys_sendmmsg+0xa0/0xb0
[  473.269604][ T9144]  do_syscall_64+0xf3/0x230
[  473.269627][ T9144]  ? clear_bhb_loop+0x35/0x90
[  473.269655][ T9144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.269678][ T9144] RIP: 0033:0x7f44f998cde9
[  473.269694][ T9144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.269709][ T9144] RSP: 002b:00007f44fa7b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  473.269729][ T9144] RAX: ffffffffffffffda RBX: 00007f44f9ba5fa0 RCX: 00007f44f998cde9
[  473.269742][ T9144] RDX: 00000000040000cc RSI: 0000400000000c80 RDI: 0000000000000003
[  473.269753][ T9144] RBP: 00007f44fa7b0090 R08: 0000000000000000 R09: 0000000000000000
[  473.269764][ T9144] R10: 000000000000c000 R11: 0000000000000246 R12: 0000000000000002
[  473.269775][ T9144] R13: 0000000000000000 R14: 00007f44f9ba5fa0 R15: 00007fff4c9713d8
[  473.269799][ T9144]  </TASK>
[  473.512801][    C1] vkms_vblank_simulate: vblank timer overrun
[  473.666375][ T9149] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  473.802737][ T9149] PKCS7: Only support pkcs7_signedData type
[  474.729181][ T5834] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  474.802551][ T9166] netlink: 'syz.4.949': attribute type 1 has an invalid length.
[  474.814203][ T9166] netlink: 224 bytes leftover after parsing attributes in process `syz.4.949'.
[  474.838731][ T9167] random: crng reseeded on system resumption
[  474.892336][   T29] kauditd_printk_skb: 54 callbacks suppressed
[  474.892357][   T29] audit: type=1326 audit(1739164708.159:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  474.941411][ T5834] usb 4-1: config 0 has an invalid interface number: 20 but max is 0
[  474.955483][ T5834] usb 4-1: config 0 has no interface number 0
[  474.965615][ T9172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.950'.
[  474.966892][ T5834] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  475.001695][   T29] audit: type=1326 audit(1739164708.159:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.041561][ T5834] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  475.055573][   T29] audit: type=1326 audit(1739164708.209:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.086954][   T29] audit: type=1326 audit(1739164708.209:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.130152][ T5834] usb 4-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00
[  475.145531][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.153776][ T5834] usb 4-1: Product: syz
[  475.158080][ T5834] usb 4-1: Manufacturer: syz
[  475.167118][   T29] audit: type=1326 audit(1739164708.209:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.189602][ T5834] usb 4-1: SerialNumber: syz
[  475.205516][ T5834] usb 4-1: config 0 descriptor??
[  475.211602][ T9158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  475.221940][ T5834] ums-sddr09 4-1:0.20: USB Mass Storage device detected
[  475.231122][   T29] audit: type=1326 audit(1739164708.209:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.273435][   T29] audit: type=1326 audit(1739164708.209:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.313123][   T29] audit: type=1326 audit(1739164708.389:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.334690][    C1] vkms_vblank_simulate: vblank timer overrun
[  475.363847][ T5834] ums-sddr09 4-1:0.20: probe with driver ums-sddr09 failed with error -22
[  475.375459][ T9179] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  475.408732][   T29] audit: type=1326 audit(1739164708.389:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f998cde9 code=0x7ffc0000
[  475.645814][   T29] audit: type=1326 audit(1739164708.389:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9165 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f44f998b750 code=0x7ffc0000
[  475.667312][    C1] vkms_vblank_simulate: vblank timer overrun
[  476.435023][ T9181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.482379][ T9181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.538952][ T5839] usb 4-1: USB disconnect, device number 15
[  476.619263][ T5905] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  476.769272][ T5905] usb 3-1: Using ep0 maxpacket: 8
[  476.780509][ T5905] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  476.792491][ T5905] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  476.802770][ T5905] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  476.818723][ T5905] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  476.828846][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.837441][ T5905] usb 3-1: Product: syz
[  476.842058][ T5905] usb 3-1: Manufacturer: syz
[  476.847091][ T5905] usb 3-1: SerialNumber: syz
[  477.279992][ T9187] netlink: zone id is out of range
[  477.292749][ T9187] netlink: zone id is out of range
[  477.298582][ T9187] netlink: zone id is out of range
[  477.308245][ T9187] netlink: zone id is out of range
[  477.319174][ T9187] netlink: zone id is out of range
[  477.319356][ T9190] netlink: 244 bytes leftover after parsing attributes in process `syz.5.953'.
[  477.325967][ T9187] random: crng reseeded on system resumption
[  477.349865][ T5905] usb 3-1: found format II with max.bitrate = 11, frame size=3572
[  477.368130][ T5905] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  477.411187][ T5905] usb 3-1: USB disconnect, device number 23
[  478.366323][ T9205] fuse: Bad value for 'fd'
[  478.861719][ T9221] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  478.904936][ T9221] PKCS7: Only support pkcs7_signedData type
[  479.529437][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  479.825509][ T9237] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  479.997987][ T9239] FAULT_INJECTION: forcing a failure.
[  479.997987][ T9239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.030788][ T9239] CPU: 0 UID: 0 PID: 9239 Comm: syz.3.969 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  480.030827][ T9239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  480.030841][ T9239] Call Trace:
[  480.030850][ T9239]  <TASK>
[  480.030858][ T9239]  dump_stack_lvl+0x241/0x360
[  480.030890][ T9239]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.030914][ T9239]  ? __pfx__printk+0x10/0x10
[  480.030938][ T9239]  ? __pfx_lock_release+0x10/0x10
[  480.030964][ T9239]  should_fail_ex+0x40a/0x550
[  480.030985][ T9239]  _copy_from_iter+0x1e9/0x1c20
[  480.031011][ T9239]  ? __pfx_lock_acquire+0x10/0x10
[  480.031036][ T9239]  ? unwind_next_frame+0x18e6/0x22d0
[  480.031058][ T9239]  ? __pfx__copy_from_iter+0x10/0x10
[  480.031080][ T9239]  ? preempt_count_add+0x93/0x190
[  480.031096][ T9239]  ? 0xffffffffa00038c0
[  480.031109][ T9239]  ? 0xffffffffa00038c0
[  480.031126][ T9239]  tun_get_user+0x43f/0x48a0
[  480.031150][ T9239]  ? __kernel_text_address+0xd/0x40
[  480.031182][ T9239]  ? __lock_acquire+0x1397/0x2100
[  480.031206][ T9239]  ? __pfx_tun_get_user+0x10/0x10
[  480.031241][ T9239]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  480.031262][ T9239]  ? tun_get+0x1e/0x2f0
[  480.031284][ T9239]  ? __pfx_lock_release+0x10/0x10
[  480.031313][ T9239]  ? tun_get+0x1e/0x2f0
[  480.031334][ T9239]  ? tun_get+0x27d/0x2f0
[  480.031357][ T9239]  tun_chr_write_iter+0x10d/0x1f0
[  480.031379][ T9239]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  480.031403][ T9239]  io_write+0x9c5/0x15c0
[  480.031435][ T9239]  ? __pfx_io_write+0x10/0x10
[  480.031460][ T9239]  ? io_file_get_normal+0x10d/0x310
[  480.031486][ T9239]  io_issue_sqe+0x37f/0x12b0
[  480.031514][ T9239]  ? __pfx_io_issue_sqe+0x10/0x10
[  480.031542][ T9239]  io_submit_sqes+0xa75/0x1d60
[  480.031591][ T9239]  __se_sys_io_uring_enter+0x2c8/0x3390
[  480.031622][ T9239]  ? ksys_write+0x22a/0x2b0
[  480.031636][ T9239]  ? __pfx_lock_release+0x10/0x10
[  480.031659][ T9239]  ? sb_end_write+0xe9/0x1c0
[  480.031679][ T9239]  ? vfs_write+0x7fa/0xd10
[  480.031695][ T9239]  ? __mutex_unlock_slowpath+0x227/0x800
[  480.031716][ T9239]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  480.031741][ T9239]  ? do_sys_openat2+0x17a/0x1d0
[  480.031777][ T9239]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  480.031797][ T9239]  ? __fget_files+0x2a/0x410
[  480.031819][ T9239]  ? __fget_files+0x2a/0x410
[  480.031855][ T9239]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  480.031884][ T9239]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  480.031912][ T9239]  ? do_syscall_64+0x100/0x230
[  480.031944][ T9239]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  480.031980][ T9239]  do_syscall_64+0xf3/0x230
[  480.032007][ T9239]  ? clear_bhb_loop+0x35/0x90
[  480.032040][ T9239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.032069][ T9239] RIP: 0033:0x7f972b38cde9
[  480.032087][ T9239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.032105][ T9239] RSP: 002b:00007f972c1c8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  480.032127][ T9239] RAX: ffffffffffffffda RBX: 00007f972b5a5fa0 RCX: 00007f972b38cde9
[  480.032143][ T9239] RDX: 0000000000000000 RSI: 0000000000007a98 RDI: 0000000000000004
[  480.032156][ T9239] RBP: 00007f972c1c8090 R08: 0000000000000000 R09: 0000000000000000
[  480.032168][ T9239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.032180][ T9239] R13: 0000000000000000 R14: 00007f972b5a5fa0 R15: 00007fff2a355558
[  480.032212][ T9239]  </TASK>
[  482.363801][ T9248] FAULT_INJECTION: forcing a failure.
[  482.363801][ T9248] name failslab, interval 1, probability 0, space 0, times 0
[  482.376643][ T9248] CPU: 1 UID: 0 PID: 9248 Comm: syz.1.974 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  482.376670][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  482.376685][ T9248] Call Trace:
[  482.376692][ T9248]  <TASK>
[  482.376698][ T9248]  dump_stack_lvl+0x241/0x360
[  482.376729][ T9248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.376753][ T9248]  ? __pfx__printk+0x10/0x10
[  482.376783][ T9248]  should_fail_ex+0x40a/0x550
[  482.376804][ T9248]  should_failslab+0xac/0x100
[  482.376831][ T9248]  kmem_cache_alloc_node_noprof+0x77/0x380
[  482.376852][ T9248]  ? __alloc_skb+0x1c3/0x440
[  482.376877][ T9248]  __alloc_skb+0x1c3/0x440
[  482.376902][ T9248]  ? __pfx___alloc_skb+0x10/0x10
[  482.376923][ T9248]  ? __rcu_read_unlock+0xa1/0x110
[  482.376943][ T9248]  ? netlink_autobind+0xd6/0x2f0
[  482.376957][ T9248]  ? netlink_autobind+0x2b0/0x2f0
[  482.376976][ T9248]  netlink_sendmsg+0x638/0xcb0
[  482.376998][ T9248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  482.377015][ T9248]  ? tomoyo_socket_sendmsg_permission+0x12e/0x420
[  482.377031][ T9248]  ? __sock_sendmsg+0x54/0x270
[  482.377055][ T9248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  482.377069][ T9248]  __sock_sendmsg+0x221/0x270
[  482.377089][ T9248]  ____sys_sendmsg+0x52a/0x7e0
[  482.377109][ T9248]  ? __pfx_____sys_sendmsg+0x10/0x10
[  482.377123][ T9248]  ? __fget_files+0x2a/0x410
[  482.377145][ T9248]  ? __fget_files+0x2a/0x410
[  482.377170][ T9248]  __sys_sendmsg+0x269/0x350
[  482.377188][ T9248]  ? __pfx___sys_sendmsg+0x10/0x10
[  482.377232][ T9248]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  482.377252][ T9248]  ? do_syscall_64+0x100/0x230
[  482.377275][ T9248]  ? do_syscall_64+0xb6/0x230
[  482.377297][ T9248]  do_syscall_64+0xf3/0x230
[  482.377317][ T9248]  ? clear_bhb_loop+0x35/0x90
[  482.377340][ T9248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.377360][ T9248] RIP: 0033:0x7f44f998cde9
[  482.377374][ T9248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  482.377386][ T9248] RSP: 002b:00007f44fa78f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  482.377403][ T9248] RAX: ffffffffffffffda RBX: 00007f44f9ba6080 RCX: 00007f44f998cde9
[  482.377414][ T9248] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000006
[  482.377423][ T9248] RBP: 00007f44fa78f090 R08: 0000000000000000 R09: 0000000000000000
[  482.377432][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.377441][ T9248] R13: 0000000000000000 R14: 00007f44f9ba6080 R15: 00007fff4c9713d8
[  482.377462][ T9248]  </TASK>
[  483.156249][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  483.156268][   T29] audit: type=1800 audit(1739164716.419:305): pid=9251 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.973" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  483.389253][    T9] usb 2-1: device descriptor read/64, error -71
[  483.979573][    T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  484.150101][    T9] usb 2-1: Using ep0 maxpacket: 32
[  484.207107][    T9] usb 2-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 32
[  484.235959][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[  484.272619][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  484.293057][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.317683][    T9] usb 2-1: Product: �
[  484.330230][    T9] usb 2-1: Manufacturer: 〨㱡ꤿ疲嗦⸎�讈崘�䛒峮�敿ᮈ�袃���귮㖦錾ྞԔ苉糽Ύﳘ햺�ለ擔ﯵ㶤�僔㇮㗛뱚ꢕᮉ盦�ꦚ‷䰙㻴﹂焳䗔錰�뀚ﳧ�椢㬛ໜ㙮窿╖�酀ⷅꔷꈞ䱬谈桵苩岲絑댩�ㄎ�硞㴴��ࠋꔋﴑ䅽䧪᠉蔟쪲蘞⭌哈頖�⸭ပ旣㩘۳刖稹�衭가
[  484.903576][    T9] usb 2-1: SerialNumber: syz
[  485.061004][ T9249] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  485.275838][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8
[  485.298667][    T9] usb 2-1: USB disconnect, device number 17
[  485.311385][    T9] usblp0: removed
[  485.369256][ T5910] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  485.560735][ T5910] usb 6-1: Using ep0 maxpacket: 32
[  485.583563][ T5910] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  485.659285][ T5910] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  485.870819][ T5910] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  485.949683][ T5910] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  485.969821][ T9281] netlink: 68 bytes leftover after parsing attributes in process `syz.3.983'.
[  486.249488][ T5910] usb 6-1: config 0 interface 0 has no altsetting 0
[  486.478799][ T5910] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  486.489993][ T8534] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  486.498010][ T5910] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  486.511808][ T5910] usb 6-1: Product: syz
[  486.516049][ T5910] usb 6-1: Manufacturer: syz
[  486.539987][ T5910] usb 6-1: SerialNumber: syz
[  486.555894][ T5910] usb 6-1: config 0 descriptor??
[  486.569516][ T5910] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  486.585706][ T5910] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  486.617138][ T5874] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  486.735988][ T8534] usb 5-1: config 0 has an invalid interface number: 216 but max is 0
[  486.748247][ T8534] usb 5-1: config 0 has no interface number 0
[  486.755919][ T8534] usb 5-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  486.857103][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  486.925957][ T5910] usb 6-1: USB disconnect, device number 2
[  486.934044][ T5874] usb 4-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 32
[  486.956901][ T5910] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  486.957064][ T8534] usb 5-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  486.964817][ T5874] usb 4-1: config 1 interface 0 has no altsetting 0
[  487.425618][ T5874] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  487.453935][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.478838][ T5874] usb 4-1: Product: �
[  487.510210][ T8534] usb 5-1: New USB device found, idVendor=0499, idProduct=1002, bcdDevice=df.d7
[  487.549156][ T8534] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.557493][ T5874] usb 4-1: Manufacturer: 〨㱡ꤿ疲嗦⸎�讈崘�䛒峮�敿ᮈ�袃���귮㖦錾ྞԔ苉糽Ύﳘ햺�ለ擔ﯵ㶤�僔㇮㗛뱚ꢕᮉ盦�ꦚ‷䰙㻴﹂焳䗔錰�뀚ﳧ�椢㬛ໜ㙮窿╖�酀ⷅꔷꈞ䱬谈桵苩岲絑댩�ㄎ�硞㴴��ࠋꔋﴑ䅽䧪᠉蔟쪲蘞⭌哈頖�⸭ပ旣㩘۳刖稹�衭가
[  487.577852][ T8534] usb 5-1: Product: syz
[  487.650870][ T5874] usb 4-1: SerialNumber: syz
[  487.652596][ T8534] usb 5-1: Manufacturer: syz
[  487.688961][ T9281] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  487.689438][ T8534] usb 5-1: SerialNumber: syz
[  487.730273][ T8534] usb 5-1: config 0 descriptor??
[  487.758967][ T8534] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  487.838941][ T8534] snd-usb-audio 5-1:0.216: probe with driver snd-usb-audio failed with error -2
[  487.946275][ T5874] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8
[  487.970302][ T8534] usb 5-1: USB disconnect, device number 16
[  487.987786][ T5874] usb 4-1: USB disconnect, device number 16
[  488.011915][ T5874] usblp0: removed
[  488.043001][ T9298] vlan2: entered promiscuous mode
[  488.060634][ T9298] team0: entered promiscuous mode
[  488.065754][ T9298] team_slave_0: entered promiscuous mode
[  488.072774][ T9298] team_slave_1: entered promiscuous mode
[  488.086049][ T9298] team0: left promiscuous mode
[  488.091777][ T9298] team_slave_0: left promiscuous mode
[  488.099460][ T9298] team_slave_1: left promiscuous mode
[  489.799163][ T8534] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  489.949195][    T9] usb 5-1: new low-speed USB device number 17 using dummy_hcd
[  489.971550][ T8534] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  489.993469][ T8534] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  490.054941][ T8534] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  490.084950][ T8534] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.127078][    T9] usb 5-1: Invalid ep0 maxpacket: 32
[  490.138094][ T8534] usb 2-1: config 0 descriptor??
[  490.241529][ T5874] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  490.520020][ T5874] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  490.619509][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.704333][ T5874] usb 6-1: Product: syz
[  490.822570][ T5874] usb 6-1: Manufacturer: syz
[  490.838269][ T5874] usb 6-1: SerialNumber: syz
[  490.866994][ T5874] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  490.894900][ T5910] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  491.047535][ T8534] usbhid 2-1:0.0: can't add hid device: -71
[  491.064404][ T8534] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  491.074535][ T8534] usb 2-1: USB disconnect, device number 18
[  491.101337][    T9] usb 5-1: new low-speed USB device number 18 using dummy_hcd
[  491.579978][ T3077] usb 6-1: USB disconnect, device number 3
[  491.612203][    T9] usb 5-1: Invalid ep0 maxpacket: 32
[  491.618866][    T9] usb usb5-port1: attempt power cycle
[  492.019315][ T5910] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  492.176344][ T5910] ath9k_htc: Failed to initialize the device
[  492.209178][ T3077] usb 6-1: ath9k_htc: USB layer deinitialized
[  492.469611][    T9] usb 5-1: new low-speed USB device number 19 using dummy_hcd
[  492.608647][    T9] usb 5-1: device descriptor read/8, error -71
[  492.642025][ T9334] netlink: zone id is out of range
[  492.676229][ T9334] netlink: zone id is out of range
[  492.681741][ T9334] netlink: zone id is out of range
[  492.724226][ T9334] netlink: zone id is out of range
[  492.779193][ T9334] netlink: zone id is out of range
[  492.835766][ T9334] netlink: zone id is out of range
[  492.849239][ T3077] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  492.904944][ T9334] netlink: zone id is out of range
[  492.925234][ T9334] netlink: zone id is out of range
[  492.952243][ T9334] netlink: set zone limit has 4 unknown bytes
[  493.060221][ T3077] usb 6-1: config 0 has an invalid interface number: 20 but max is 0
[  493.104549][ T3077] usb 6-1: config 0 has no interface number 0
[  493.159206][ T3077] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  493.209746][ T3077] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  493.257690][ T3077] usb 6-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00
[  493.277504][ T3077] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.308401][ T3077] usb 6-1: Product: syz
[  493.332038][ T3077] usb 6-1: Manufacturer: syz
[  493.336720][ T3077] usb 6-1: SerialNumber: syz
[  493.364091][ T3077] usb 6-1: config 0 descriptor??
[  493.382998][ T9330] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  493.400880][ T3077] ums-sddr09 6-1:0.20: USB Mass Storage device detected
[  494.071456][ T9328] Set syz1 is full, maxelem 65536 reached
[  494.116082][ T3077] ums-sddr09 6-1:0.20: probe with driver ums-sddr09 failed with error -22
[  494.157464][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  494.173772][ T5905] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  494.499121][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.699171][ T5905] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  494.734126][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.759124][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  494.772745][ T5905] usb 3-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  494.808529][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.822142][ T5910] usb 6-1: USB disconnect, device number 4
[  494.824653][ T9350] netlink: 'syz.1.1003': attribute type 1 has an invalid length.
[  494.836836][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  494.858608][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.867815][ T5905] usb 3-1: config 0 descriptor??
[  494.897715][    T9] usb 5-1: config 0 descriptor??
[  494.947277][ T9350] 8021q: adding VLAN 0 to HW filter on device bond1
[  495.032231][ T9354] 8021q: adding VLAN 0 to HW filter on device batadv1
[  495.097029][ T9354] bond1: (slave batadv1): making interface the new active one
[  495.240782][ T9354] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  495.262631][ T9338] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1001'.
[  495.376863][ T9357] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1001'.
[  496.394215][ T9354] 8021q: adding VLAN 0 to HW filter on device batadv2
[  496.456667][ T9354] bond1: (slave batadv2): Enslaving as an active interface with an up link
[  496.652702][ T9361] dlm: no locking on control device
[  496.737888][ T5905] usbhid 3-1:0.0: can't add hid device: -71
[  496.744117][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  496.750511][ T5905] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  496.760828][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  496.773509][ T5905] usb 3-1: USB disconnect, device number 24
[  496.785649][    T9] usb 5-1: USB disconnect, device number 20
[  496.917320][ T9364] team_slave_0: entered promiscuous mode
[  496.923226][ T9364] team_slave_1: entered promiscuous mode
[  496.933167][ T9364] vlan2: entered promiscuous mode
[  496.938414][ T9364] team0: entered promiscuous mode
[  496.956102][ T9364] team0: left promiscuous mode
[  496.971619][ T9364] team_slave_0: left promiscuous mode
[  496.977255][ T9364] team_slave_1: left promiscuous mode
[  497.830849][ T9374] netlink: 'syz.5.1010': attribute type 1 has an invalid length.
[  498.879976][    T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  499.281540][ T9388] bridge0: entered promiscuous mode
[  499.286980][ T9388] bridge0: entered allmulticast mode
[  499.443501][ T9389] Invalid ELF header magic: != ELF
[  500.162851][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  500.899248][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  500.908822][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.939184][    T9] usb 5-1: Product: syz
[  500.945826][    T9] usb 5-1: Manufacturer: syz
[  500.964478][    T9] usb 5-1: SerialNumber: syz
[  500.980925][    T9] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  501.011261][ T9398] xfrm0: left allmulticast mode
[  501.260479][ T9405] netlink: 2716 bytes leftover after parsing attributes in process `syz.2.1019'.
[  501.805253][    T9] usb 5-1: USB disconnect, device number 21
[  502.093940][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  502.109300][ T3077] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  502.322246][ T3077] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  502.357914][ T3077] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  502.396950][ T3077] usb 2-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  502.431203][ T3077] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.956536][ T3077] usb 2-1: config 0 descriptor??
[  503.403643][ T9409] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1022'.
[  503.499497][ T9425] bridge6: entered promiscuous mode
[  503.505022][ T9425] bridge6: entered allmulticast mode
[  503.540516][ T9425] Invalid ELF header magic: != ELF
[  503.707322][ T9427] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.1022'.
[  504.234848][ T3077] usbhid 2-1:0.0: can't add hid device: -71
[  504.249809][ T3077] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  504.260420][ T3077] usb 2-1: USB disconnect, device number 19
[  504.270462][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1021'.
[  504.591057][ T5910] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  504.629343][ T5834] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  504.780451][ T5910] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  504.850503][ T5910] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  504.965072][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.001785][ T5910] usb 5-1: config 0 descriptor??
[  505.027853][ T5910] pwc: Askey VC010 type 2 USB webcam detected.
[  505.374915][ T9447] 8021q: adding VLAN 0 to HW filter on device bond2
[  505.406149][ T9447] bond0: (slave bond2): Enslaving as an active interface with an up link
[  505.483339][ T9447] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1033'.
[  505.694192][ T5910] pwc: recv_control_msg error -71 req 02 val 2700
[  505.711112][ T5910] pwc: recv_control_msg error -71 req 02 val 2c00
[  505.725991][ T5910] pwc: recv_control_msg error -71 req 04 val 1000
[  505.738519][ T5910] pwc: recv_control_msg error -71 req 04 val 1300
[  505.891569][ T9460] bridge1: entered promiscuous mode
[  505.897308][ T9460] bridge1: entered allmulticast mode
[  506.072307][ T9460] Invalid ELF header magic: != ELF
[  506.742672][ T5910] pwc: recv_control_msg error -71 req 04 val 1400
[  506.749939][ T5910] pwc: recv_control_msg error -71 req 02 val 2000
[  506.757055][ T5910] pwc: recv_control_msg error -71 req 02 val 2100
[  506.764052][ T5910] pwc: recv_control_msg error -71 req 04 val 1500
[  506.771310][ T5910] pwc: recv_control_msg error -71 req 02 val 2500
[  506.778183][ T5910] pwc: recv_control_msg error -71 req 02 val 2400
[  506.785383][ T5910] pwc: recv_control_msg error -71 req 02 val 2600
[  507.068550][ T5910] pwc: recv_control_msg error -71 req 02 val 2900
[  507.075646][ T5910] pwc: recv_control_msg error -71 req 02 val 2800
[  507.121196][ T5910] pwc: recv_control_msg error -71 req 04 val 1100
[  507.128219][ T5910] pwc: recv_control_msg error -71 req 04 val 1200
[  507.141107][ T5910] pwc: Registered as video103.
[  507.147731][ T5910] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17
[  507.163383][ T5910] usb 5-1: USB disconnect, device number 22
[  507.533518][ T9469] netlink: 700 bytes leftover after parsing attributes in process `syz.3.1040'.
[  507.544640][ T9469] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1040'.
[  507.788250][ T9465] syzkaller1: entered promiscuous mode
[  507.829629][ T9465] syzkaller1: entered allmulticast mode
[  507.921415][ T5835] Bluetooth: hci3: ISO packet for unknown connection handle 1481
[  508.216987][ T9485] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  508.239312][ T5834] usb 3-1: device descriptor read/64, error -71
[  508.539674][ T5834] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  508.585928][ T9485] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1043'.
[  508.819775][ T5834] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.848970][ T5834] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  509.158069][ T5834] usb 3-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  509.167444][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.864079][ T5834] usb 3-1: config 0 descriptor??
[  510.019320][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  510.202901][    T9] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[  510.246361][    T9] usb 6-1: config 0 has no interface number 0
[  510.264292][ T9511] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1042'.
[  510.275469][ T9511] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1042'.
[  510.363600][    T9] usb 6-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  510.415769][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.477999][    T9] usb 6-1: Product: syz
[  510.489438][    T9] usb 6-1: Manufacturer: syz
[  510.489514][ T5834] usbhid 3-1:0.0: can't add hid device: -71
[  510.494088][    T9] usb 6-1: SerialNumber: syz
[  510.511234][ T5834] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  510.531600][ T5834] usb 3-1: USB disconnect, device number 26
[  510.550204][    T9] usb 6-1: config 0 descriptor??
[  513.995395][    T9] asix 6-1:0.239 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  514.009271][ T5905] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  514.018382][    T9] asix 6-1:0.239: probe with driver asix failed with error -71
[  514.030882][    T9] usb 6-1: USB disconnect, device number 5
[  514.179839][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  514.188781][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  514.219754][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  514.240890][ T5905] usb 4-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  514.276222][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  514.299177][ T5905] usb 4-1: Product: syz
[  514.327973][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1057'.
[  514.352933][ T5905] usb 4-1: Manufacturer: syz
[  514.357617][ T5905] usb 4-1: SerialNumber: syz
[  515.388598][ T5905] usb 4-1: config 0 descriptor??
[  515.412169][ T9534] 9pnet_fd: Insufficient options for proto=fd
[  515.484550][ T5905] usb 4-1: can't set config #0, error -71
[  515.495815][ T5905] usb 4-1: USB disconnect, device number 17
[  516.133803][ T9541] netlink: 'syz.3.1061': attribute type 1 has an invalid length.
[  516.352231][ T9539] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  517.042077][ T9548] qrtr: Invalid version 0
[  517.259464][ T5905] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  517.433120][ T5905] usb 2-1: Using ep0 maxpacket: 16
[  517.446564][ T5905] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  517.464420][ T5905] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  517.484408][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.544407][ T5905] usb 2-1: config 0 descriptor??
[  517.560524][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  517.591304][ T9562] FAULT_INJECTION: forcing a failure.
[  517.591304][ T9562] name failslab, interval 1, probability 0, space 0, times 0
[  517.604143][ T9562] CPU: 1 UID: 0 PID: 9562 Comm: syz.4.1068 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  517.604172][ T9562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  517.604185][ T9562] Call Trace:
[  517.604194][ T9562]  <TASK>
[  517.604204][ T9562]  dump_stack_lvl+0x241/0x360
[  517.604247][ T9562]  ? __pfx_dump_stack_lvl+0x10/0x10
[  517.604280][ T9562]  ? __pfx__printk+0x10/0x10
[  517.604312][ T9562]  ? kmem_cache_alloc_noprof+0x48/0x380
[  517.604340][ T9562]  ? __pfx___might_resched+0x10/0x10
[  517.604367][ T9562]  should_fail_ex+0x40a/0x550
[  517.604396][ T9562]  should_failslab+0xac/0x100
[  517.604424][ T9562]  ? alloc_empty_file+0x9e/0x1d0
[  517.604450][ T9562]  kmem_cache_alloc_noprof+0x70/0x380
[  517.604483][ T9562]  alloc_empty_file+0x9e/0x1d0
[  517.604513][ T9562]  path_openat+0x107/0x3590
[  517.604546][ T9562]  ? __schedule+0x18c4/0x4c40
[  517.604588][ T9562]  ? __pfx___schedule+0x10/0x10
[  517.604611][ T9562]  ? __pfx_path_openat+0x10/0x10
[  517.604661][ T9562]  do_filp_open+0x27f/0x4e0
[  517.604695][ T9562]  ? __pfx_do_filp_open+0x10/0x10
[  517.604724][ T9562]  ? do_raw_spin_lock+0x14f/0x370
[  517.604782][ T9562]  do_sys_openat2+0x13e/0x1d0
[  517.604813][ T9562]  ? __pfx_do_sys_openat2+0x10/0x10
[  517.604844][ T9562]  ? __fget_files+0x2a/0x410
[  517.604877][ T9562]  __x64_sys_openat+0x247/0x2a0
[  517.604908][ T9562]  ? __pfx___x64_sys_openat+0x10/0x10
[  517.604940][ T9562]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  517.604969][ T9562]  ? do_syscall_64+0xb6/0x230
[  517.605001][ T9562]  do_syscall_64+0xf3/0x230
[  517.605029][ T9562]  ? clear_bhb_loop+0x35/0x90
[  517.605062][ T9562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.605089][ T9562] RIP: 0033:0x7f8d02d8cde9
[  517.605119][ T9562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.605137][ T9562] RSP: 002b:00007f8d03b3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  517.605158][ T9562] RAX: ffffffffffffffda RBX: 00007f8d02fa6080 RCX: 00007f8d02d8cde9
[  517.605174][ T9562] RDX: 0000000000000001 RSI: 0000400000000040 RDI: ffffffffffffff9c
[  517.605188][ T9562] RBP: 00007f8d03b3c090 R08: 0000000000000000 R09: 0000000000000000
[  517.605201][ T9562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.605213][ T9562] R13: 0000000000000000 R14: 00007f8d02fa6080 R15: 00007ffeca587a38
[  517.605243][ T9562]  </TASK>
[  517.606279][ T5905] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input18
[  517.870263][ T9545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.971713][    T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  518.320453][ T9545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.340278][ T9545] input: syz1 as /devices/virtual/input/input19
[  518.347230][ T9563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1069'.
[  518.715114][ T9563] netlink: 'syz.3.1069': attribute type 33 has an invalid length.
[  518.762931][    T9] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  519.016216][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  519.025549][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  519.037042][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  519.080818][    T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  519.097579][    T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  519.131008][    T9] usb 3-1: Product: syz
[  519.135266][    T9] usb 3-1: Manufacturer: syz
[  519.154293][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  519.159889][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  519.170880][    T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  519.176853][    T9] cdc_wdm 3-1:1.0: Unknown control protocol
[  519.218738][ T5905] usb 2-1: USB disconnect, device number 20
[  519.226671][ T5181] bcm5974 2-1:0.0: could not read from device
[  519.414781][ T9558] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294901760 (8589803520 ns) > initial count (54 ns). Using initial count to start timer.
[  519.535355][ T9569] 9pnet: Could not find request transport: fdz)ÅÉo=
[  519.559271][ T5910] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  519.617112][ T9571] 9pnet_fd: Insufficient options for proto=fd
[  519.662359][ T5905] usb 3-1: USB disconnect, device number 27
[  519.760576][ T5910] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  519.790810][ T5910] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  519.822368][ T5910] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  519.836142][ T9578] netlink: zone id is out of range
[  519.848099][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.852120][ T9578] netlink: zone id is out of range
[  519.870087][ T9568] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  519.881191][ T5910] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  519.906586][ T9578] netlink: zone id is out of range
[  519.938737][ T9578] netlink: zone id is out of range
[  519.989438][ T9578] netlink: zone id is out of range
[  519.998097][ T9578] netlink: zone id is out of range
[  520.009187][ T9578] netlink: zone id is out of range
[  520.014437][ T9578] netlink: zone id is out of range
[  520.028163][ T9578] netlink: set zone limit has 4 unknown bytes
[  520.129591][ T5874] usb 4-1: USB disconnect, device number 18
[  520.211191][ T9583] netlink: 'syz.1.1075': attribute type 1 has an invalid length.
[  521.498228][ T5874] IPVS: starting estimator thread 0...
[  521.858679][ T5874] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  521.886780][ T9598] IPVS: using max 20 ests per chain, 48000 per kthread
[  522.017320][ T9589] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  522.148205][ T9603] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1081'.
[  522.256077][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  522.279071][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  522.299906][ T5874] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  522.319360][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.346532][ T5874] usb 4-1: config 0 descriptor??
[  522.381559][ T9604] netlink: 'syz.2.1081': attribute type 33 has an invalid length.
[  522.669483][ T9614] process 'syz.1.1083' launched './file0' with NULL argv: empty string added
[  522.722308][ T5874] usbhid 4-1:0.0: can't add hid device: -71
[  522.739893][ T5874] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  522.821960][ T5874] usb 4-1: USB disconnect, device number 19
[  522.879507][ T5905] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  523.059630][ T5905] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  523.087781][ T5905] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  523.140552][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.152502][ T5905] usb 6-1: Product: syz
[  523.156917][ T5905] usb 6-1: Manufacturer: syz
[  523.161849][ T5905] usb 6-1: SerialNumber: syz
[  523.170152][ T5905] usb 6-1: config 0 descriptor??
[  523.179598][ T5905] ims_pcu 6-1:0.0: probe with driver ims_pcu failed with error -22
[  523.209506][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  523.382583][    T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  523.412549][    T9] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  523.425857][ T5910] usb 6-1: USB disconnect, device number 6
[  523.440687][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  523.466656][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  523.486371][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  523.536560][    T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  523.550868][    T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  523.559778][    T9] usb 5-1: Product: syz
[  523.564043][    T9] usb 5-1: Manufacturer: syz
[  523.577425][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  523.583994][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  523.592220][    T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  523.598389][    T9] cdc_wdm 5-1:1.0: Unknown control protocol
[  523.611464][ T9625] netlink: 'syz.1.1088': attribute type 1 has an invalid length.
[  523.835190][ T9620] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294901760 (8589803520 ns) > initial count (54 ns). Using initial count to start timer.
[  524.746307][    T9] usb 5-1: USB disconnect, device number 23
[  524.867655][ T9632] netlink: zone id is out of range
[  524.884236][ T9632] netlink: zone id is out of range
[  524.899063][ T9632] netlink: zone id is out of range
[  524.907690][ T9632] netlink: zone id is out of range
[  524.934040][ T9632] netlink: zone id is out of range
[  524.971655][ T9632] netlink: zone id is out of range
[  525.122965][ T9632] netlink: zone id is out of range
[  525.128178][ T9632] netlink: zone id is out of range
[  525.133749][ T9632] netlink: set zone limit has 4 unknown bytes
[  526.109147][    T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  526.116938][ T9632] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  526.301645][    T9] usb 2-1: Using ep0 maxpacket: 8
[  526.316364][    T9] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  526.327050][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.347930][    T9] usb 2-1: Product: syz
[  526.358282][    T9] usb 2-1: Manufacturer: syz
[  526.363098][    T9] usb 2-1: SerialNumber: syz
[  526.384176][    T9] usb 2-1: config 0 descriptor??
[  526.390126][ T9645] syzkaller0: entered allmulticast mode
[  526.410993][ T9642] syzkaller0: entered promiscuous mode
[  526.511488][ T9642] syzkaller0 (unregistering): left promiscuous mode
[  526.531619][ T9642] syzkaller0 (unregistering): left allmulticast mode
[  526.612872][    T9] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  526.630262][ T9651] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1096'.
[  526.670464][ T9651] 8021q: adding VLAN 0 to HW filter on device batadv1
[  526.695605][ T9651] bridge0: port 3(batadv1) entered blocking state
[  526.994591][ T9651] bridge0: port 3(batadv1) entered disabled state
[  527.284217][ T9651] batadv1: entered allmulticast mode
[  527.342328][ T9651] batadv1: entered promiscuous mode
[  527.357962][ T9651] bridge0: port 3(batadv1) entered blocking state
[  527.366694][ T9651] bridge0: port 3(batadv1) entered forwarding state
[  527.535156][ T9657] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1098'.
[  527.568676][  T764] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  527.578856][  T764] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  527.805265][ T9663] FAULT_INJECTION: forcing a failure.
[  527.805265][ T9663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  527.820329][ T9663] CPU: 0 UID: 0 PID: 9663 Comm: syz.3.1101 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  527.820360][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  527.820377][ T9663] Call Trace:
[  527.820385][ T9663]  <TASK>
[  527.820394][ T9663]  dump_stack_lvl+0x241/0x360
[  527.820435][ T9663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.820469][ T9663]  ? __pfx__printk+0x10/0x10
[  527.820499][ T9663]  ? rcu_is_watching+0x15/0xb0
[  527.820530][ T9663]  ? __pfx_lock_release+0x10/0x10
[  527.820555][ T9663]  ? __alloc_frozen_pages_noprof+0x350/0x710
[  527.820586][ T9663]  should_fail_ex+0x40a/0x550
[  527.820616][ T9663]  _copy_from_iter+0x1e9/0x1c20
[  527.820655][ T9663]  ? alloc_pages_mpol+0x4bd/0x660
[  527.820686][ T9663]  ? __pfx__copy_from_iter+0x10/0x10
[  527.820718][ T9663]  ? tun_get_user+0x875/0x48a0
[  527.820754][ T9663]  ? set_page_refcounted+0xa1/0x1e0
[  527.820782][ T9663]  ? alloc_pages_noprof+0x136/0x190
[  527.820807][ T9663]  ? page_copy_sane+0x46/0x260
[  527.820841][ T9663]  copy_page_from_iter+0x7a/0x100
[  527.820876][ T9663]  tun_get_user+0x2035/0x48a0
[  527.820910][ T9663]  ? tun_get_user+0x875/0x48a0
[  527.820961][ T9663]  ? __pfx_tun_get_user+0x10/0x10
[  527.821011][ T9663]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  527.821039][ T9663]  ? tun_get+0x1e/0x2f0
[  527.821069][ T9663]  ? __pfx_lock_release+0x10/0x10
[  527.821123][ T9663]  ? tun_get+0x1e/0x2f0
[  527.821152][ T9663]  ? tun_get+0x27d/0x2f0
[  527.821186][ T9663]  tun_chr_write_iter+0x10d/0x1f0
[  527.821221][ T9663]  vfs_write+0xacf/0xd10
[  527.821245][ T9663]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  527.821278][ T9663]  ? __pfx_vfs_write+0x10/0x10
[  527.821309][ T9663]  ? do_sys_openat2+0x17a/0x1d0
[  527.821339][ T9663]  ? __fget_files+0x2a/0x410
[  527.821369][ T9663]  ? __fget_files+0x2a/0x410
[  527.821406][ T9663]  ksys_write+0x18f/0x2b0
[  527.821428][ T9663]  ? __pfx_ksys_write+0x10/0x10
[  527.821449][ T9663]  ? do_syscall_64+0x100/0x230
[  527.821481][ T9663]  ? do_syscall_64+0xb6/0x230
[  527.821512][ T9663]  do_syscall_64+0xf3/0x230
[  527.821541][ T9663]  ? clear_bhb_loop+0x35/0x90
[  527.821579][ T9663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.821607][ T9663] RIP: 0033:0x7f972b38b89f
[  527.821626][ T9663] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  527.821644][ T9663] RSP: 002b:00007f972c1c8000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  527.821666][ T9663] RAX: ffffffffffffffda RBX: 00007f972b5a5fa0 RCX: 00007f972b38b89f
[  527.821682][ T9663] RDX: 0000000000000042 RSI: 0000400000000440 RDI: 00000000000000c8
[  527.821695][ T9663] RBP: 00007f972c1c8090 R08: 0000000000000000 R09: 0000000000000000
[  527.821708][ T9663] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000001
[  527.821720][ T9663] R13: 0000000000000001 R14: 00007f972b5a5fa0 R15: 00007fff2a355558
[  527.821750][ T9663]  </TASK>
[  528.139498][    T9] gspca_sunplus: reg_w_riv err -71
[  528.145069][    T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  528.165493][    T9] usb 2-1: USB disconnect, device number 21
[  528.439688][ T5874] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  528.479762][ T9676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1105'.
[  528.548438][ T9680] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1106'.
[  528.614602][ T5874] usb 5-1: Using ep0 maxpacket: 32
[  528.629458][ T5874] usb 5-1: config 0 has an invalid interface number: 138 but max is 0
[  528.641426][ T5874] usb 5-1: config 0 has no interface number 0
[  528.646154][ T9681] netlink: 'syz.2.1106': attribute type 33 has an invalid length.
[  528.670075][ T5874] usb 5-1: New USB device found, idVendor=07c4, idProduct=a002, bcdDevice=c0.dd
[  528.704124][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.749422][ T3077] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  528.794497][ T5874] usb 5-1: Product: syz
[  528.837200][ T5874] usb 5-1: Manufacturer: syz
[  528.906156][ T5874] usb 5-1: SerialNumber: syz
[  528.969394][ T3077] usb 4-1: Using ep0 maxpacket: 8
[  529.008436][ T3077] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  529.042481][ T5874] usb 5-1: config 0 descriptor??
[  529.216900][ T5874] ums-datafab 5-1:0.138: USB Mass Storage device detected
[  529.234577][ T3077] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  529.269608][ T5874] ums-datafab 5-1:0.138: Quirks match for vid 07c4 pid a002: 1
[  529.279713][ T3077] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  529.292961][ T3077] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  529.303703][ T3077] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.312854][ T3077] usb 4-1: Product: syz
[  529.317362][ T3077] usb 4-1: Manufacturer: syz
[  529.322354][ T3077] usb 4-1: SerialNumber: syz
[  529.380380][ T5874] usb 5-1: USB disconnect, device number 24
[  529.738561][ T9688] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  529.747516][ T9688] PKCS7: Only support pkcs7_signedData type
[  530.443890][ T3077] usb 4-1: found format II with max.bitrate = 11, frame size=3572
[  530.476841][ T3077] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  530.619443][ T3077] usb 4-1: USB disconnect, device number 20
[  531.948003][ T9721] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1118'.
[  531.999549][ T5910] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  532.189907][ T5910] usb 3-1: Using ep0 maxpacket: 16
[  532.190835][ T5905] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  532.269298][ T5910] usb 3-1: unable to get BOS descriptor or descriptor too short
[  532.377586][ T5910] usb 3-1: config 0 has no interfaces?
[  532.440591][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  532.442055][ T5910] usb 3-1: language id specifier not provided by device, defaulting to English
[  532.518445][ T5910] usb 3-1: New USB device found, idVendor=050d, idProduct=5055, bcdDevice= d.95
[  532.518462][ T5905] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  532.538908][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.627081][ T5910] usb 3-1: Product: syz
[  532.645931][ T5905] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  532.656098][ T5910] usb 3-1: Manufacturer: 뽱봦펚茊蕈�⼇넛�ꡂ懔��穕誌ℾ孭��욆倶霮㫱崋䘿澒觹泴�綰歗
[  532.688696][ T5910] usb 3-1: SerialNumber: syz
[  532.705857][ T5905] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  532.708188][ T5910] usb 3-1: config 0 descriptor??
[  532.747951][ T5905] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  532.789132][ T5905] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  532.808608][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.882207][ T5905] hub 4-1:1.0: bad descriptor, ignoring hub
[  532.919623][ T5905] hub 4-1:1.0: probe with driver hub failed with error -5
[  532.927384][ T5905] cdc_wdm 4-1:1.0: skipping garbage
[  532.964234][ T9709] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  532.987118][ T5910] usb 3-1: USB disconnect, device number 28
[  533.024714][ T5905] cdc_wdm 4-1:1.0: skipping garbage
[  533.033520][ T5905] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  533.040572][ T5905] cdc_wdm 4-1:1.0: Unknown control protocol
[  533.340357][ T9730] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  533.349868][ T9730] PKCS7: Only support pkcs7_signedData type
[  533.671742][ T5905] usb 4-1: USB disconnect, device number 21
[  534.349579][ T9733] pim6reg: entered allmulticast mode
[  534.449395][ T5905] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  535.099800][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  535.313119][ T5905] usb 4-1: device descriptor read/all, error -71
[  536.669343][ T5874] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  536.873030][ T5874] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  536.899504][ T5874] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  536.903957][ T9761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1130'.
[  536.916549][ T5874] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  536.950632][ T5874] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  536.972500][ T5874] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  537.042619][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.158140][ T5874] usb 5-1: config 0 descriptor??
[  537.773151][ T9768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1133'.
[  537.843378][ T5874] hdpvr 5-1:0.0: firmware version 0x12 dated 
[  538.071351][ T9756] netem: incorrect gi model size
[  538.076718][ T9756] netem: change failed
[  538.099334][ T5905] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  538.297373][ T5874] hdpvr 5-1:0.0: device init failed
[  538.371187][ T5874] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[  538.576229][ T5874] usb 5-1: USB disconnect, device number 25
[  539.086003][ T5905] usb 3-1: config 0 has an invalid interface number: 20 but max is 0
[  539.103414][ T5905] usb 3-1: config 0 has no interface number 0
[  539.125519][ T5905] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  539.137539][ T5905] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  539.165415][ T5905] usb 3-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00
[  539.178284][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.208353][ T5905] usb 3-1: Product: syz
[  539.216679][ T5905] usb 3-1: Manufacturer: syz
[  539.222595][ T5905] usb 3-1: SerialNumber: syz
[  539.238472][ T5905] usb 3-1: config 0 descriptor??
[  539.250328][ T9764] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  539.271845][ T5905] ums-sddr09 3-1:0.20: USB Mass Storage device detected
[  539.398520][ T5905] ums-sddr09 3-1:0.20: probe with driver ums-sddr09 failed with error -22
[  539.629336][ T8534] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  540.076980][ T8534] usb 4-1: Using ep0 maxpacket: 16
[  540.238254][ T8534] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.259601][ T8534] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  540.265541][ T9788] tmpfs: Unknown parameter 'hugecý`Ëays'
[  540.292159][ T8534] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.325984][ T8534] usb 4-1: config 0 descriptor??
[  541.802791][ T8534] logitech 0003:046D:C294.0002: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.3-1/input0
[  541.828441][ T8534] logitech 0003:046D:C294.0002: no inputs found
[  541.883057][ T9798] syz.4.1141 uses obsolete (PF_INET,SOCK_PACKET)
[  541.925611][ T9798] bridge0: port 3(gretap0) entered blocking state
[  541.935942][ T9786] tmpfs: Bad value for 'mpol'
[  542.132666][ T9798] bridge0: port 3(gretap0) entered disabled state
[  542.150058][ T9798] gretap0: entered allmulticast mode
[  542.160306][ T3077] usb 3-1: USB disconnect, device number 29
[  542.180604][ T9798] gretap0: entered promiscuous mode
[  542.188086][   T29] audit: type=1326 audit(1739164775.449:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.220514][ T9798] bridge0: port 3(gretap0) entered blocking state
[  542.227766][ T9798] bridge0: port 3(gretap0) entered forwarding state
[  542.267525][   T29] audit: type=1326 audit(1739164775.449:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.280661][ T9806] fuse: Bad value for 'user_id'
[  542.300786][ T9802] gretap0: left allmulticast mode
[  542.308838][   T29] audit: type=1326 audit(1739164775.449:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.313489][ T9806] fuse: Bad value for 'user_id'
[  542.332254][   T29] audit: type=1326 audit(1739164775.449:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.336937][ T9802] gretap0: left promiscuous mode
[  542.367852][   T29] audit: type=1326 audit(1739164775.449:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.387304][ T9802] bridge0: port 3(gretap0) entered disabled state
[  542.390381][   T29] audit: type=1326 audit(1739164775.449:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.422321][   T29] audit: type=1326 audit(1739164775.449:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.445170][   T29] audit: type=1326 audit(1739164775.449:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.445216][   T29] audit: type=1326 audit(1739164775.449:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  542.445257][   T29] audit: type=1326 audit(1739164775.449:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9797 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8d02d8cde9 code=0x7ffc0000
[  543.230066][ T3077] usb 4-1: USB disconnect, device number 24
[  544.411792][ T9824] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  544.420831][ T9824] PKCS7: Only support pkcs7_signedData type
[  546.214627][ T9838] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1152'.
[  547.019600][ T3077] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  547.249395][ T3077] usb 3-1: device descriptor read/64, error -71
[  548.352260][    T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  548.389200][ T3077] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  548.680401][ T3077] usb 3-1: device descriptor read/64, error -71
[  548.687746][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  548.699858][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  548.714006][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  548.723732][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.744927][    T9] usb 5-1: config 0 descriptor??
[  548.790088][ T9865] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  548.799213][ T9865] PKCS7: Only support pkcs7_signedData type
[  549.439462][ T3077] usb usb3-port1: attempt power cycle
[  549.564346][ T9857] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.1157'.
[  549.991273][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  549.997497][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  550.953607][    T9] usb 5-1: USB disconnect, device number 26
[  551.888561][ T9886] netlink: 'syz.4.1165': attribute type 1 has an invalid length.
[  551.903114][ T9888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.926458][ T9888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.850505][ T9893] veth0_to_bridge: entered promiscuous mode
[  554.056273][ T9891] veth0_to_bridge: left promiscuous mode
[  554.577722][ T9903] netlink: 'syz.3.1170': attribute type 1 has an invalid length.
[  555.287582][ T9914] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  555.296666][ T9914] PKCS7: Only support pkcs7_signedData type
[  556.199253][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  556.199276][   T29] audit: type=1326 audit(1739164789.449:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9920 comm="syz.2.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81da58cde9 code=0x7fc00000
[  556.241822][ T5839] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  556.279357][   T29] audit: type=1326 audit(1739164789.449:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9920 comm="syz.2.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f81da58cde9 code=0x7fc00000
[  557.189712][ T9939] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  557.201227][ T9944] netlink: 'syz.2.1180': attribute type 1 has an invalid length.
[  559.625331][ T9956] FAULT_INJECTION: forcing a failure.
[  559.625331][ T9956] name failslab, interval 1, probability 0, space 0, times 0
[  559.750245][ T9956] CPU: 0 UID: 0 PID: 9956 Comm: syz.4.1183 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  559.750281][ T9956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  559.750295][ T9956] Call Trace:
[  559.750303][ T9956]  <TASK>
[  559.750312][ T9956]  dump_stack_lvl+0x241/0x360
[  559.750357][ T9956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.750391][ T9956]  ? __pfx__printk+0x10/0x10
[  559.750438][ T9956]  should_fail_ex+0x40a/0x550
[  559.750469][ T9956]  should_failslab+0xac/0x100
[  559.750497][ T9956]  ? skb_clone+0x20c/0x390
[  559.750518][ T9956]  kmem_cache_alloc_noprof+0x70/0x380
[  559.750553][ T9956]  skb_clone+0x20c/0x390
[  559.750588][ T9956]  __netlink_deliver_tap+0x3cc/0x7f0
[  559.750624][ T9956]  ? netlink_deliver_tap+0x2e/0x1b0
[  559.750643][ T9956]  netlink_deliver_tap+0x19d/0x1b0
[  559.750666][ T9956]  netlink_unicast+0x7c4/0x990
[  559.750707][ T9956]  ? __pfx_netlink_unicast+0x10/0x10
[  559.750735][ T9956]  ? __virt_addr_valid+0x45f/0x530
[  559.750766][ T9956]  ? __phys_addr_symbol+0x2f/0x70
[  559.750795][ T9956]  ? __check_object_size+0x47a/0x730
[  559.750827][ T9956]  netlink_sendmsg+0x8e4/0xcb0
[  559.750861][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  559.750898][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  559.750917][ T9956]  __sock_sendmsg+0x221/0x270
[  559.750948][ T9956]  ____sys_sendmsg+0x52a/0x7e0
[  559.750980][ T9956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  559.750999][ T9956]  ? __fget_files+0x2a/0x410
[  559.751031][ T9956]  ? __fget_files+0x2a/0x410
[  559.751068][ T9956]  __sys_sendmmsg+0x36a/0x720
[  559.751103][ T9956]  ? __pfx___sys_sendmmsg+0x10/0x10
[  559.751139][ T9956]  ? __pfx_lock_release+0x10/0x10
[  559.751164][ T9956]  ? kstrtouint_from_user+0x128/0x190
[  559.751225][ T9956]  ? ksys_write+0x22a/0x2b0
[  559.751246][ T9956]  ? __pfx_lock_release+0x10/0x10
[  559.751280][ T9956]  ? sb_end_write+0xe9/0x1c0
[  559.751309][ T9956]  ? vfs_write+0x7fa/0xd10
[  559.751332][ T9956]  ? __mutex_unlock_slowpath+0x227/0x800
[  559.751393][ T9956]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  559.751425][ T9956]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  559.751454][ T9956]  ? do_syscall_64+0x100/0x230
[  559.751487][ T9956]  __x64_sys_sendmmsg+0xa0/0xb0
[  559.751512][ T9956]  do_syscall_64+0xf3/0x230
[  559.751542][ T9956]  ? clear_bhb_loop+0x35/0x90
[  559.751575][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.751616][ T9956] RIP: 0033:0x7f8d02d8cde9
[  559.751635][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.751653][ T9956] RSP: 002b:00007f8d03b5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  559.751677][ T9956] RAX: ffffffffffffffda RBX: 00007f8d02fa5fa0 RCX: 00007f8d02d8cde9
[  559.751693][ T9956] RDX: 040000000000009f RSI: 00004000000002c0 RDI: 0000000000000004
[  559.751707][ T9956] RBP: 00007f8d03b5d090 R08: 0000000000000000 R09: 0000000000000000
[  559.751720][ T9956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.751733][ T9956] R13: 0000000000000000 R14: 00007f8d02fa5fa0 R15: 00007ffeca587a38
[  559.751765][ T9956]  </TASK>
[  560.184440][ T9964] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  560.193333][ T9964] PKCS7: Only support pkcs7_signedData type
[  560.969236][ T5834] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  561.169293][ T5834] usb 5-1: Using ep0 maxpacket: 32
[  561.633945][ T5834] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  561.800869][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.808947][ T5834] usb 5-1: Product: syz
[  561.820378][ T5834] usb 5-1: Manufacturer: syz
[  561.825070][ T5834] usb 5-1: SerialNumber: syz
[  561.832025][ T5834] usb 5-1: config 0 descriptor??
[  562.043623][ T5834] snd-usb-6fire 5-1:0.0: unknown device firmware state received from device:
[  562.062955][ T5834] 00 00 00 00 00 00 00 00 
[  562.068629][ T5834] snd-usb-6fire 5-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  563.109126][ T5834] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  563.305165][ T5834] usb 2-1: config 0 has an invalid interface number: 20 but max is 0
[  563.319081][ T5834] usb 2-1: config 0 has no interface number 0
[  563.328844][ T5834] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  563.349618][ T5834] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  563.399958][ T5834] usb 2-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00
[  563.413855][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.422910][ T5834] usb 2-1: Product: syz
[  563.427182][ T5834] usb 2-1: Manufacturer: syz
[  563.432015][ T5834] usb 2-1: SerialNumber: syz
[  563.441783][ T5834] usb 2-1: config 0 descriptor??
[  563.447581][ T9987] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  563.458106][ T5834] ums-sddr09 2-1:0.20: USB Mass Storage device detected
[  563.536594][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  563.712719][ T5834] ums-sddr09 2-1:0.20: probe with driver ums-sddr09 failed with error -22
[  564.050631][ T5839] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  564.056100][T10005] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  564.559099][T10012] xt_NFQUEUE: number of total queues is 0
[  564.758723][T10012] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14)
[  564.765912][T10012] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  564.776087][T10012] vhci_hcd vhci_hcd.0: Device attached
[  565.336217][ T8534] usb 5-1: USB disconnect, device number 27
[  565.699281][ T5834] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  566.918381][T10014] vhci_hcd: connection reset by peer
[  567.005698][T10026] FAULT_INJECTION: forcing a failure.
[  567.005698][T10026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.033660][   T33] vhci_hcd: stop threads
[  567.041089][T10026] CPU: 0 UID: 0 PID: 10026 Comm: syz.3.1199 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  567.041119][T10026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.041133][T10026] Call Trace:
[  567.041140][T10026]  <TASK>
[  567.041149][T10026]  dump_stack_lvl+0x241/0x360
[  567.041190][T10026]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.041223][T10026]  ? __pfx__printk+0x10/0x10
[  567.041265][T10026]  should_fail_ex+0x40a/0x550
[  567.041294][T10026]  _copy_to_user+0x31/0xb0
[  567.041318][T10026]  drm_getunique+0x136/0x1f0
[  567.041360][T10026]  drm_ioctl_kernel+0x337/0x440
[  567.041392][T10026]  ? __pfx_drm_getunique+0x10/0x10
[  567.041420][T10026]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  567.041448][T10026]  ? __might_fault+0xaa/0x120
[  567.041489][T10026]  drm_ioctl+0x60e/0xad0
[  567.041518][T10026]  ? __pfx_drm_getunique+0x10/0x10
[  567.041554][T10026]  ? __pfx_drm_ioctl+0x10/0x10
[  567.041596][T10026]  ? __fget_files+0x2a/0x410
[  567.041629][T10026]  ? __pfx_drm_ioctl+0x10/0x10
[  567.041658][T10026]  __se_sys_ioctl+0xf5/0x170
[  567.041682][T10026]  do_syscall_64+0xf3/0x230
[  567.041712][T10026]  ? clear_bhb_loop+0x35/0x90
[  567.041743][T10026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.041771][T10026] RIP: 0033:0x7f972b38cde9
[  567.041790][T10026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.041808][T10026] RSP: 002b:00007f972c1c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  567.041831][T10026] RAX: ffffffffffffffda RBX: 00007f972b5a5fa0 RCX: 00007f972b38cde9
[  567.041846][T10026] RDX: 0000400000000100 RSI: 00000000c0106401 RDI: 0000000000000003
[  567.041860][T10026] RBP: 00007f972c1c8090 R08: 0000000000000000 R09: 0000000000000000
[  567.041873][T10026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.041885][T10026] R13: 0000000000000000 R14: 00007f972b5a5fa0 R15: 00007fff2a355558
[  567.041917][T10026]  </TASK>
[  567.244989][   T33] vhci_hcd: release socket
[  567.253092][   T33] vhci_hcd: disconnect device
[  567.373682][T10028] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  569.500119][T10048] IPv6: Can't replace route, no match found
[  570.939265][ T5834] vhci_hcd: vhci_device speed not set
[  571.137073][T10070] FAULT_INJECTION: forcing a failure.
[  571.137073][T10070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  571.164988][T10070] CPU: 0 UID: 0 PID: 10070 Comm: syz.2.1213 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  571.165021][T10070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  571.165034][T10070] Call Trace:
[  571.165041][T10070]  <TASK>
[  571.165051][T10070]  dump_stack_lvl+0x241/0x360
[  571.165093][T10070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.165126][T10070]  ? __pfx__printk+0x10/0x10
[  571.165160][T10070]  ? __pfx_lock_release+0x10/0x10
[  571.165196][T10070]  should_fail_ex+0x40a/0x550
[  571.165223][T10070]  _copy_from_iter+0x1e9/0x1c20
[  571.165246][T10070]  ? __virt_addr_valid+0x183/0x530
[  571.165275][T10070]  ? __alloc_skb+0x28f/0x440
[  571.165296][T10070]  ? __pfx__copy_from_iter+0x10/0x10
[  571.165320][T10070]  ? __virt_addr_valid+0x183/0x530
[  571.165340][T10070]  ? __virt_addr_valid+0x183/0x530
[  571.165359][T10070]  ? __virt_addr_valid+0x45f/0x530
[  571.165380][T10070]  ? __phys_addr_symbol+0x2f/0x70
[  571.165400][T10070]  ? __check_object_size+0x47a/0x730
[  571.165421][T10070]  netlink_sendmsg+0x73d/0xcb0
[  571.165447][T10070]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.165479][T10070]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.165498][T10070]  __sock_sendmsg+0x221/0x270
[  571.165527][T10070]  ____sys_sendmsg+0x52a/0x7e0
[  571.165557][T10070]  ? __pfx_____sys_sendmsg+0x10/0x10
[  571.165576][T10070]  ? __fget_files+0x2a/0x410
[  571.165606][T10070]  ? __fget_files+0x2a/0x410
[  571.165640][T10070]  __sys_sendmsg+0x269/0x350
[  571.165665][T10070]  ? __pfx___sys_sendmsg+0x10/0x10
[  571.165698][T10070]  ? do_sys_openat2+0x17a/0x1d0
[  571.165751][T10070]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  571.165788][T10070]  ? do_syscall_64+0x100/0x230
[  571.165817][T10070]  ? do_syscall_64+0xb6/0x230
[  571.165845][T10070]  do_syscall_64+0xf3/0x230
[  571.165871][T10070]  ? clear_bhb_loop+0x35/0x90
[  571.165903][T10070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.165930][T10070] RIP: 0033:0x7f81da58cde9
[  571.165949][T10070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.165967][T10070] RSP: 002b:00007f81db3d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  571.165989][T10070] RAX: ffffffffffffffda RBX: 00007f81da7a5fa0 RCX: 00007f81da58cde9
[  571.166004][T10070] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003
[  571.166017][T10070] RBP: 00007f81db3d4090 R08: 0000000000000000 R09: 0000000000000000
[  571.166030][T10070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.166042][T10070] R13: 0000000000000000 R14: 00007f81da7a5fa0 R15: 00007fffc5da08c8
[  571.166072][T10070]  </TASK>
[  571.439094][ T3077] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  572.929135][ T3077] usb 5-1: Using ep0 maxpacket: 32
[  572.980675][ T3077] usb 5-1: config 0 has an invalid interface number: 244 but max is 0
[  573.024280][ T3077] usb 5-1: config 0 has no interface number 0
[  573.059110][ T3077] usb 5-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  573.129211][ T3077] usb 5-1: config 0 interface 244 has no altsetting 0
[  573.157798][ T3077] usb 5-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  573.254949][ T3077] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.269205][ T3077] usb 5-1: Product: syz
[  573.288091][ T3077] usb 5-1: Manufacturer: syz
[  573.359537][ T3077] usb 5-1: SerialNumber: syz
[  573.410260][ T3077] usb 5-1: config 0 descriptor??
[  573.415745][ T5834] usb 2-1: USB disconnect, device number 22
[  573.452713][ T3077] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort found
[  573.578235][T10092] FAULT_INJECTION: forcing a failure.
[  573.578235][T10092] name failslab, interval 1, probability 0, space 0, times 0
[  573.609153][T10092] CPU: 1 UID: 0 PID: 10092 Comm: syz.3.1222 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  573.609187][T10092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  573.609204][T10092] Call Trace:
[  573.609211][T10092]  <TASK>
[  573.609220][T10092]  dump_stack_lvl+0x241/0x360
[  573.609262][T10092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  573.609297][T10092]  ? __pfx__printk+0x10/0x10
[  573.609330][T10092]  ? __kmalloc_cache_noprof+0x48/0x390
[  573.609360][T10092]  ? __pfx___might_resched+0x10/0x10
[  573.609387][T10092]  should_fail_ex+0x40a/0x550
[  573.609418][T10092]  should_failslab+0xac/0x100
[  573.609445][T10092]  __kmalloc_cache_noprof+0x70/0x390
[  573.609472][T10092]  ? sctp_auth_init+0x1e6/0x430
[  573.609502][T10092]  sctp_auth_init+0x1e6/0x430
[  573.609531][T10092]  sctp_setsockopt_auth_supported+0x32f/0x560
[  573.609559][T10092]  sctp_setsockopt+0x540/0x11c0
[  573.609590][T10092]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  573.609618][T10092]  do_sock_setsockopt+0x3af/0x720
[  573.609659][T10092]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  573.609697][T10092]  ? __fget_files+0x395/0x410
[  573.609724][T10092]  ? __fget_files+0x2a/0x410
[  573.609760][T10092]  __x64_sys_setsockopt+0x1ee/0x280
[  573.609801][T10092]  do_syscall_64+0xf3/0x230
[  573.609839][T10092]  ? clear_bhb_loop+0x35/0x90
[  573.609872][T10092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.609900][T10092] RIP: 0033:0x7f972b38cde9
[  573.609918][T10092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.609936][T10092] RSP: 002b:00007f972c1c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  573.609959][T10092] RAX: ffffffffffffffda RBX: 00007f972b5a5fa0 RCX: 00007f972b38cde9
[  573.609974][T10092] RDX: 0000000000000081 RSI: 0000000000000084 RDI: 0000000000000003
[  573.609987][T10092] RBP: 00007f972c1c8090 R08: 0000000000000008 R09: 0000000000000000
[  573.610000][T10092] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  573.610013][T10092] R13: 0000000000000000 R14: 00007f972b5a5fa0 R15: 00007fff2a355558
[  573.610043][T10092]  </TASK>
[  573.970842][ T3077] snd_usb_toneport 5-1:0.244: cannot get proper max packet size
[  573.976281][T10100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1223'.
[  573.982743][ T3077] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort now disconnected
[  573.997178][ T3077] snd_usb_toneport 5-1:0.244: probe with driver snd_usb_toneport failed with error -22
[  574.157469][T10071] tmpfs: Unknown parameter 'usrquota_block_hk´ timit'
[  574.178130][T10071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  574.190005][T10071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.263247][ T5905] usb 5-1: USB disconnect, device number 28
[  574.370338][ T5834] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  574.469408][ T5839] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  574.531741][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  574.563317][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  574.590628][ T3567] bond0: (slave bond2): link status definitely down, disabling slave
[  574.602229][ T5834] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  574.612583][T10119] netlink: 'syz.1.1228': attribute type 10 has an invalid length.
[  574.623472][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.629470][ T5839] usb 3-1: device descriptor read/64, error -71
[  574.640682][T10119] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.649609][T10119] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.659476][ T5834] usb 4-1: config 0 descriptor??
[  574.867911][T10119] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.875256][T10119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  574.882732][T10119] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.889922][T10119] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.921908][T10119] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  575.000024][ T5839] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  575.075217][T10124] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1229'.
[  575.177940][ T5839] usb 3-1: device descriptor read/64, error -71
[  575.208184][ T5834] logitech-djreceiver 0003:046D:C71B.0003: unbalanced delimiter at end of report description
[  575.251950][ T5834] logitech-djreceiver 0003:046D:C71B.0003: logi_dj_probe: parse failed
[  575.314201][ T5834] logitech-djreceiver 0003:046D:C71B.0003: probe with driver logitech-djreceiver failed with error -22
[  575.414275][ T5839] usb usb3-port1: attempt power cycle
[  575.484739][ T5834] usb 4-1: USB disconnect, device number 25
[  575.517698][T10121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1229'.
[  575.678360][T10128] netlink: 700 bytes leftover after parsing attributes in process `syz.5.1230'.
[  575.687992][T10128] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1230'.
[  575.929606][ T5839] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  575.949248][    T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  575.977536][ T5839] usb 3-1: device descriptor read/8, error -71
[  576.180882][T10136] netlink: 300 bytes leftover after parsing attributes in process `syz.5.1232'.
[  576.465352][    T9] usb 5-1: Using ep0 maxpacket: 8
[  576.480220][    T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  576.499750][    T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  576.509957][    T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  576.560344][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  576.569940][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.577985][    T9] usb 5-1: Product: syz
[  576.582541][    T9] usb 5-1: Manufacturer: syz
[  576.587197][    T9] usb 5-1: SerialNumber: syz
[  576.599275][ T5839] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  576.620144][ T5839] usb 3-1: device descriptor read/8, error -71
[  576.730449][ T5839] usb usb3-port1: unable to enumerate USB device
[  576.824571][T10141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1234'.
[  577.159662][    T9] usb 5-1: found format II with max.bitrate = 11, frame size=3572
[  577.633198][    T9] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  577.735182][    T9] usb 5-1: USB disconnect, device number 29
[  578.390924][T10164] netlink: 1280 bytes leftover after parsing attributes in process `syz.2.1242'.
[  578.400451][T10164] openvswitch: netlink: Flow actions attr not present in new flow.
[  578.442518][T10157] netlink: 'syz.1.1240': attribute type 16 has an invalid length.
[  579.960799][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1251'.
[  580.560927][T10192] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  580.570264][T10192] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  580.579164][T10192] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  580.587930][T10192] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  581.476587][T10192] vxlan0: entered promiscuous mode
[  582.200983][T10203] netlink: 'syz.1.1256': attribute type 1 has an invalid length.
[  582.303680][T10204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1254'.
[  582.432172][T10212] FAULT_INJECTION: forcing a failure.
[  582.432172][T10212] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  582.464126][T10212] CPU: 0 UID: 0 PID: 10212 Comm: syz.3.1255 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  582.464161][T10212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  582.464175][T10212] Call Trace:
[  582.464182][T10212]  <TASK>
[  582.464191][T10212]  dump_stack_lvl+0x241/0x360
[  582.464234][T10212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.464269][T10212]  ? __pfx__printk+0x10/0x10
[  582.464314][T10212]  should_fail_ex+0x40a/0x550
[  582.464346][T10212]  prepare_alloc_pages+0x1da/0x5b0
[  582.464378][T10212]  __alloc_frozen_pages_noprof+0x16f/0x710
[  582.464406][T10212]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  582.464444][T10212]  ? __pfx_lock_release+0x10/0x10
[  582.464477][T10212]  alloc_pages_mpol+0x311/0x660
[  582.464510][T10212]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  582.464540][T10212]  ? down_read+0x82b/0xa40
[  582.464575][T10212]  alloc_pages_noprof+0x121/0x190
[  582.464606][T10212]  pte_alloc_one+0x24/0x160
[  582.464635][T10212]  __pte_alloc+0x79/0x220
[  582.464664][T10212]  ? __pfx___pte_alloc+0x10/0x10
[  582.464694][T10212]  ? uffd_lock_vma+0x118/0x2e0
[  582.464726][T10212]  mfill_atomic_copy+0xbd2/0x1a60
[  582.464770][T10212]  ? __pfx___might_resched+0x10/0x10
[  582.464795][T10212]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  582.464823][T10212]  ? __pfx_lock_release+0x10/0x10
[  582.464852][T10212]  ? preempt_count_add+0x93/0x190
[  582.464875][T10212]  ? 0xffffffffa00038c0
[  582.464902][T10212]  ? __might_fault+0xaa/0x120
[  582.464944][T10212]  userfaultfd_ioctl+0x2987/0x6840
[  582.465001][T10212]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  582.465032][T10212]  ? stack_trace_save+0x118/0x1d0
[  582.465059][T10212]  ? __pfx_stack_trace_save+0x10/0x10
[  582.465084][T10212]  ? stack_depot_save_flags+0x37/0x940
[  582.465125][T10212]  ? kasan_save_track+0x51/0x80
[  582.465145][T10212]  ? kasan_save_track+0x3f/0x80
[  582.465164][T10212]  ? kasan_save_free_info+0x40/0x50
[  582.465192][T10212]  ? __kasan_slab_free+0x59/0x70
[  582.465211][T10212]  ? kfree+0x196/0x430
[  582.465235][T10212]  ? tomoyo_path_number_perm+0x679/0x860
[  582.465263][T10212]  ? security_file_ioctl+0xc6/0x2a0
[  582.465293][T10212]  ? __se_sys_ioctl+0x46/0x170
[  582.465311][T10212]  ? do_syscall_64+0xf3/0x230
[  582.465339][T10212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.465373][T10212]  ? do_vfs_ioctl+0xf07/0x2e40
[  582.465401][T10212]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  582.465426][T10212]  ? mark_lock+0x9a/0x360
[  582.465471][T10212]  ? tomoyo_path_number_perm+0x206/0x860
[  582.465502][T10212]  ? __pfx_lock_release+0x10/0x10
[  582.465533][T10212]  ? tomoyo_path_number_perm+0x679/0x860
[  582.465566][T10212]  ? tomoyo_path_number_perm+0x679/0x860
[  582.465600][T10212]  ? tomoyo_path_number_perm+0x6f9/0x860
[  582.465629][T10212]  ? __lock_acquire+0x1397/0x2100
[  582.465658][T10212]  ? tomoyo_path_number_perm+0x206/0x860
[  582.465688][T10212]  ? smack_log+0x10d/0x5c0
[  582.465718][T10212]  ? __pfx_smack_log+0x10/0x10
[  582.465743][T10212]  ? smk_access+0x4ab/0x4e0
[  582.465773][T10212]  ? smk_tskacc+0x300/0x370
[  582.465803][T10212]  ? smack_file_ioctl+0x2f7/0x3a0
[  582.465834][T10212]  ? __pfx_smack_file_ioctl+0x10/0x10
[  582.465869][T10212]  ? __fget_files+0x2a/0x410
[  582.465908][T10212]  ? __fget_files+0x2a/0x410
[  582.465940][T10212]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  582.465976][T10212]  __se_sys_ioctl+0xf5/0x170
[  582.466000][T10212]  do_syscall_64+0xf3/0x230
[  582.466030][T10212]  ? clear_bhb_loop+0x35/0x90
[  582.466063][T10212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.466092][T10212] RIP: 0033:0x7f972b38cde9
[  582.466111][T10212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.466129][T10212] RSP: 002b:00007f972c1c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  582.466153][T10212] RAX: ffffffffffffffda RBX: 00007f972b5a5fa0 RCX: 00007f972b38cde9
[  582.466169][T10212] RDX: 0000400000000080 RSI: 00000000c028aa03 RDI: 0000000000000003
[  582.466183][T10212] RBP: 00007f972c1c8090 R08: 0000000000000000 R09: 0000000000000000
[  582.466196][T10212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.466208][T10212] R13: 0000000000000000 R14: 00007f972b5a5fa0 R15: 00007fff2a355558
[  582.466240][T10212]  </TASK>
[  583.540208][ T8534] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  583.729498][ T8534] usb 4-1: Using ep0 maxpacket: 16
[  583.788927][ T8534] usb 4-1: config 0 has no interfaces?
[  583.859371][ T8534] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  583.868504][ T8534] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.144839][ T8534] usb 4-1: Product: syz
[  584.330082][ T8534] usb 4-1: Manufacturer: syz
[  584.339885][ T8534] usb 4-1: SerialNumber: syz
[  584.368138][ T8534] usb 4-1: config 0 descriptor??
[  584.412216][T10231] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1262'.
[  584.721054][ T5834] usb 4-1: USB disconnect, device number 26
[  585.704279][T10237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1265'.
[  586.113081][T10253] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  586.419398][ T5834] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  586.581496][ T5834] usb 6-1: Using ep0 maxpacket: 32
[  586.610222][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.623013][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.624497][T10271] netlink: 300 bytes leftover after parsing attributes in process `syz.3.1276'.
[  586.643394][ T5834] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  586.736430][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.931276][ T5834] usb 6-1: config 0 descriptor??
[  587.353095][T10273] FAULT_INJECTION: forcing a failure.
[  587.353095][T10273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  587.375664][T10273] CPU: 0 UID: 0 PID: 10273 Comm: syz.4.1277 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  587.375698][T10273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  587.375712][T10273] Call Trace:
[  587.375720][T10273]  <TASK>
[  587.375730][T10273]  dump_stack_lvl+0x241/0x360
[  587.375775][T10273]  ? __pfx_dump_stack_lvl+0x10/0x10
[  587.375808][T10273]  ? __pfx__printk+0x10/0x10
[  587.375851][T10273]  should_fail_ex+0x40a/0x550
[  587.375881][T10273]  _copy_to_user+0x31/0xb0
[  587.375906][T10273]  sk_getsockopt+0x23cb/0x3770
[  587.375948][T10273]  ? __pfx_sk_getsockopt+0x10/0x10
[  587.376000][T10273]  ? __pfx___might_resched+0x10/0x10
[  587.376024][T10273]  ? __might_fault+0xaa/0x120
[  587.376058][T10273]  ? __pfx_lock_release+0x10/0x10
[  587.376094][T10273]  ? __might_fault+0xaa/0x120
[  587.376125][T10273]  ? __might_fault+0xc6/0x120
[  587.376160][T10273]  do_sock_getsockopt+0x2d5/0x7e0
[  587.376202][T10273]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  587.376233][T10273]  ? __fget_files+0x2a/0x410
[  587.376262][T10273]  ? __fget_files+0x395/0x410
[  587.376286][T10273]  ? __fget_files+0x2a/0x410
[  587.376321][T10273]  __x64_sys_getsockopt+0x2a1/0x370
[  587.376350][T10273]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  587.376373][T10273]  ? do_syscall_64+0x100/0x230
[  587.376406][T10273]  ? do_syscall_64+0xb6/0x230
[  587.376437][T10273]  do_syscall_64+0xf3/0x230
[  587.376474][T10273]  ? clear_bhb_loop+0x35/0x90
[  587.376506][T10273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.376535][T10273] RIP: 0033:0x7f8d02d8cde9
[  587.376553][T10273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.376571][T10273] RSP: 002b:00007f8d03b5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  587.376599][T10273] RAX: ffffffffffffffda RBX: 00007f8d02fa5fa0 RCX: 00007f8d02d8cde9
[  587.376615][T10273] RDX: 000000000000003c RSI: 0000000000000001 RDI: 0000000000000003
[  587.376628][T10273] RBP: 00007f8d03b5d090 R08: 0000400000000040 R09: 0000000000000000
[  587.376642][T10273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.376654][T10273] R13: 0000000000000000 R14: 00007f8d02fa5fa0 R15: 00007ffeca587a38
[  587.376684][T10273]  </TASK>
[  587.721651][ T5834] usbhid 6-1:0.0: can't add hid device: -71
[  587.748331][ T5834] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  587.773329][ T5834] usb 6-1: USB disconnect, device number 8
[  588.141126][ T5839] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  588.237132][T10285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1281'.
[  588.514624][ T5839] usb 5-1: unable to get BOS descriptor or descriptor too short
[  588.541548][ T5839] usb 5-1: config 1 has an invalid interface number: 3 but max is 2
[  588.562507][ T5839] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  588.589445][ T5839] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  588.615069][ T5839] usb 5-1: config 1 has no interface number 1
[  588.634897][ T5839] usb 5-1: too many endpoints for config 1 interface 3 altsetting 184: 97, using maximum allowed: 30
[  588.663455][ T5839] usb 5-1: config 1 interface 3 altsetting 184 has 0 endpoint descriptors, different from the interface descriptor's value: 97
[  588.680081][T10289] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1282'.
[  588.695911][ T5839] usb 5-1: config 1 interface 3 has no altsetting 0
[  588.719363][ T5839] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  588.739065][ T5839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.769447][ T5834] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  588.775490][ T5839] usb 5-1: Product: syz
[  588.856790][ T5839] usb 5-1: Manufacturer: syz
[  588.921142][ T5839] usb 5-1: SerialNumber: syz
[  588.942541][ T5834] usb 4-1: device descriptor read/64, error -71
[  589.252732][ T5834] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  589.341562][T10280] netlink: 'syz.4.1279': attribute type 4 has an invalid length.
[  589.438106][T10297] netlink: 'syz.1.1285': attribute type 10 has an invalid length.
[  589.486404][ T5839] usb 5-1: 0:2 : does not exist
[  589.499941][ T5834] usb 4-1: device descriptor read/64, error -71
[  589.517890][ T5839] usb 5-1: USB disconnect, device number 30
[  589.542830][T10297] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  589.619632][ T5834] usb usb4-port1: attempt power cycle
[  589.656508][T10302] xt_NFQUEUE: number of total queues is 0
[  589.729467][ T5910] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  589.804405][T10309] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  589.994492][ T5910] usb 6-1: Using ep0 maxpacket: 8
[  590.006607][ T5910] usb 6-1: config 1 has an invalid interface descriptor of length 8, skipping
[  590.016025][ T5910] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  590.027388][ T5910] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  590.036764][ T5834] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  590.046599][ T5910] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  590.056050][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.064762][ T5910] usb 6-1: Product: syz
[  590.069756][ T5834] usb 4-1: device descriptor read/8, error -71
[  590.077152][ T5910] usb 6-1: Manufacturer: syz
[  590.090014][ T5910] usb 6-1: SerialNumber: syz
[  590.110826][ T5910] usb 6-1: rejected 1 configuration due to insufficient available bus power
[  590.139253][ T5910] usb 6-1: no configuration chosen from 1 choice
[  590.329357][ T5834] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  590.366884][ T5834] usb 4-1: device descriptor read/8, error -71
[  590.479732][ T5834] usb usb4-port1: unable to enumerate USB device
[  590.620164][T10320] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  590.629137][T10320] PKCS7: Only support pkcs7_signedData type
[  591.523766][T10330] FAULT_INJECTION: forcing a failure.
[  591.523766][T10330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.552247][T10330] CPU: 0 UID: 0 PID: 10330 Comm: syz.4.1298 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  591.552283][T10330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  591.552296][T10330] Call Trace:
[  591.552304][T10330]  <TASK>
[  591.552313][T10330]  dump_stack_lvl+0x241/0x360
[  591.552355][T10330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  591.552388][T10330]  ? __pfx__printk+0x10/0x10
[  591.552432][T10330]  should_fail_ex+0x40a/0x550
[  591.552462][T10330]  _copy_to_user+0x31/0xb0
[  591.552486][T10330]  copy_fid_info_to_user+0x551/0x9b0
[  591.552530][T10330]  ? __pfx_copy_fid_info_to_user+0x10/0x10
[  591.552567][T10330]  ? __might_fault+0xaa/0x120
[  591.552599][T10330]  ? __might_fault+0xc6/0x120
[  591.552637][T10330]  fanotify_read+0x174d/0x2e90
[  591.552709][T10330]  ? __pfx_fanotify_read+0x10/0x10
[  591.552746][T10330]  ? __pfx_lock_acquire+0x10/0x10
[  591.552773][T10330]  ? iovec_from_user+0x1b4/0x240
[  591.552799][T10330]  ? __import_iovec+0x3a8/0x870
[  591.552824][T10330]  ? __pfx_woken_wake_function+0x10/0x10
[  591.552856][T10330]  ? bpf_lsm_file_permission+0x9/0x10
[  591.552879][T10330]  ? rw_verify_area+0x243/0x630
[  591.552914][T10330]  vfs_readv+0x6bc/0xa80
[  591.552949][T10330]  ? __pfx_fanotify_read+0x10/0x10
[  591.552978][T10330]  ? __pfx_vfs_readv+0x10/0x10
[  591.553016][T10330]  ? do_sys_openat2+0x17a/0x1d0
[  591.553042][T10330]  ? __fget_files+0x2a/0x410
[  591.553071][T10330]  ? __fget_files+0x395/0x410
[  591.553095][T10330]  ? __fget_files+0x2a/0x410
[  591.553130][T10330]  do_readv+0x1b6/0x360
[  591.553169][T10330]  ? __pfx_do_readv+0x10/0x10
[  591.553196][T10330]  ? do_syscall_64+0x100/0x230
[  591.553228][T10330]  ? do_syscall_64+0xb6/0x230
[  591.553259][T10330]  do_syscall_64+0xf3/0x230
[  591.553285][T10330]  ? clear_bhb_loop+0x35/0x90
[  591.553317][T10330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.553344][T10330] RIP: 0033:0x7f8d02d8cde9
[  591.553361][T10330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  591.553378][T10330] RSP: 002b:00007f8d03b5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  591.553401][T10330] RAX: ffffffffffffffda RBX: 00007f8d02fa5fa0 RCX: 00007f8d02d8cde9
[  591.553416][T10330] RDX: 0000000000000002 RSI: 0000400000000180 RDI: 0000000000000003
[  591.553428][T10330] RBP: 00007f8d03b5d090 R08: 0000000000000000 R09: 0000000000000000
[  591.553441][T10330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  591.553452][T10330] R13: 0000000000000000 R14: 00007f8d02fa5fa0 R15: 00007ffeca587a38
[  591.553482][T10330]  </TASK>
[  591.922451][T10338] FAULT_INJECTION: forcing a failure.
[  591.922451][T10338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  591.936793][T10338] CPU: 0 UID: 0 PID: 10338 Comm: syz.2.1303 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  591.936827][T10338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  591.936841][T10338] Call Trace:
[  591.936849][T10338]  <TASK>
[  591.936858][T10338]  dump_stack_lvl+0x241/0x360
[  591.936904][T10338]  ? __pfx_dump_stack_lvl+0x10/0x10
[  591.936938][T10338]  ? __pfx__printk+0x10/0x10
[  591.936969][T10338]  ? _raw_write_unlock_irqrestore+0xdd/0x140
[  591.936998][T10338]  ? __pfx_lock_release+0x10/0x10
[  591.937036][T10338]  should_fail_ex+0x40a/0x550
[  591.937066][T10338]  _copy_from_user+0x2d/0xb0
[  591.937089][T10338]  sg_new_write+0x563/0x7f0
[  591.937125][T10338]  ? __pfx_sg_new_write+0x10/0x10
[  591.937192][T10338]  sg_ioctl+0x17b7/0x2e80
[  591.937240][T10338]  ? __pfx_sg_ioctl+0x10/0x10
[  591.937275][T10338]  ? __fget_files+0x2a/0x410
[  591.937306][T10338]  ? __fget_files+0x2a/0x410
[  591.937338][T10338]  ? __pfx_sg_ioctl+0x10/0x10
[  591.937367][T10338]  __se_sys_ioctl+0xf5/0x170
[  591.937390][T10338]  do_syscall_64+0xf3/0x230
[  591.937420][T10338]  ? clear_bhb_loop+0x35/0x90
[  591.937453][T10338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.937481][T10338] RIP: 0033:0x7f81da58cde9
[  591.937500][T10338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  591.937519][T10338] RSP: 002b:00007f81db3d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  591.937542][T10338] RAX: ffffffffffffffda RBX: 00007f81da7a5fa0 RCX: 00007f81da58cde9
[  591.937558][T10338] RDX: 00004000000000c0 RSI: 0000000000002285 RDI: 0000000000000003
[  591.937571][T10338] RBP: 00007f81db3d4090 R08: 0000000000000000 R09: 0000000000000000
[  591.937584][T10338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  591.937596][T10338] R13: 0000000000000000 R14: 00007f81da7a5fa0 R15: 00007fffc5da08c8
[  591.937626][T10338]  </TASK>
[  591.939365][ T5834] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  592.268680][    T9] usb 6-1: USB disconnect, device number 9
[  592.347966][T10347] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1307'.
[  592.369878][T10348] 9pnet_fd: Insufficient options for proto=fd
[  592.439314][ T5834] usb 4-1: Using ep0 maxpacket: 32
[  592.450991][ T5834] usb 4-1: unable to get BOS descriptor or descriptor too short
[  592.462585][ T5834] usb 4-1: config 1 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 1056, setting to 1024
[  592.484435][ T5834] usb 4-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  592.515603][ T5834] usb 4-1: config 1 interface 0 has no altsetting 0
[  592.549296][ T5834] usb 4-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice= 0.40
[  592.558801][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.575908][ T5834] usb 4-1: Product: syz
[  592.586560][ T5834] usb 4-1: Manufacturer: syz
[  592.596038][ T5834] usb 4-1: SerialNumber: syz
[  592.611984][T10329] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  592.843941][ T5834] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input21
[  592.939371][T10357] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776
[  592.948593][T10357] PKCS7: Only support pkcs7_signedData type
[  594.027622][T10359] netlink: 700 bytes leftover after parsing attributes in process `syz.1.1310'.
[  594.036845][T10359] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1310'.
[  594.143956][T10363] syzkaller1: entered promiscuous mode
[  594.175408][T10363] syzkaller1: entered allmulticast mode
[  594.213145][ T5181] bcm5974 4-1:1.0: could not read from device
[  594.220526][ T8534] usb 4-1: USB disconnect, device number 31
[  594.228804][ T5181] bcm5974 4-1:1.0: could not read from device
[  595.022470][T10371] netlink: 300 bytes leftover after parsing attributes in process `syz.5.1314'.
[  595.277125][T10381] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1318'.
[  595.302021][T10381] xt_CONNSECMARK: invalid mode: 0
[  595.592359][T10386] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1321'.
[  596.662206][T10396] netlink: 'syz.1.1323': attribute type 13 has an invalid length.
[  596.670337][T10396] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1323'.
[  596.887827][ T3567] 
[  596.890924][ T3567] =============================
[  596.895834][ T3567] WARNING: suspicious RCU usage
[  596.900874][ T3567] 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Not tainted
[  596.908008][ T3567] -----------------------------
[  596.912909][ T3567] net/sched/sch_generic.c:1251 suspicious rcu_dereference_protected() usage!
[  596.921828][ T3567] 
[  596.921828][ T3567] other info that might help us debug this:
[  596.921828][ T3567] 
[  596.932123][ T3567] 
[  596.932123][ T3567] rcu_scheduler_active = 2, debug_locks = 1
[  596.940563][ T3567] 3 locks held by kworker/u8:7/3567:
[  596.945863][ T3567]  #0: ffff88807ce87948 ((wq_completion)bond0){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  596.957169][ T3567]  #1: ffffc9000cf5fc60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  596.970229][ T3567]  #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170
[  596.979963][ T3567] 
[  596.979963][ T3567] stack backtrace:
[  596.985938][ T3567] CPU: 0 UID: 0 PID: 3567 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  596.985958][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  596.985969][ T3567] Workqueue: bond0 bond_mii_monitor
[  596.985997][ T3567] Call Trace:
[  596.986006][ T3567]  <TASK>
[  596.986013][ T3567]  dump_stack_lvl+0x241/0x360
[  596.986042][ T3567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  596.986065][ T3567]  ? __pfx__printk+0x10/0x10
[  596.986096][ T3567]  lockdep_rcu_suspicious+0x226/0x340
[  596.986122][ T3567]  dev_activate+0xf8/0x1240
[  596.986140][ T3567]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  596.986160][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  596.986181][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  596.986198][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  596.986217][ T3567]  ? __pfx_dev_activate+0x10/0x10
[  596.986231][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  596.986248][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  596.986269][ T3567]  ? rfc2863_policy+0x1ce/0x3f0
[  596.986293][ T3567]  linkwatch_do_dev+0xfb/0x170
[  596.986316][ T3567]  ethtool_op_get_link+0x15/0x60
[  596.986332][ T3567]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  596.986347][ T3567]  bond_check_dev_link+0x1f1/0x3f0
[  596.986372][ T3567]  ? __pfx_bond_check_dev_link+0x10/0x10
[  596.986406][ T3567]  bond_mii_monitor+0x49a/0x3170
[  596.986435][ T3567]  ? __lock_acquire+0x1397/0x2100
[  596.986454][ T3567]  ? bond_mii_monitor+0x174/0x3170
[  596.986479][ T3567]  ? do_raw_spin_unlock+0x13c/0x8b0
[  596.986500][ T3567]  ? __pfx_bond_mii_monitor+0x10/0x10
[  596.986532][ T3567]  ? __pfx_lock_acquire+0x10/0x10
[  596.986551][ T3567]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  596.986573][ T3567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  596.986599][ T3567]  ? process_scheduled_works+0x976/0x1840
[  596.986616][ T3567]  process_scheduled_works+0xa66/0x1840
[  596.986652][ T3567]  ? __pfx_process_scheduled_works+0x10/0x10
[  596.986675][ T3567]  ? assign_work+0x364/0x3d0
[  596.986695][ T3567]  worker_thread+0x870/0xd30
[  596.986717][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  596.986738][ T3567]  ? __kthread_parkme+0x169/0x1d0
[  596.986758][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  596.986780][ T3567]  kthread+0x7a9/0x920
[  596.986798][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986818][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  596.986835][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986852][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986873][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986891][ T3567]  ? _raw_spin_unlock_irq+0x23/0x50
[  596.986907][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  596.986925][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986945][ T3567]  ret_from_fork+0x4b/0x80
[  596.986964][ T3567]  ? __pfx_kthread+0x10/0x10
[  596.986983][ T3567]  ret_from_fork_asm+0x1a/0x30
[  596.987010][ T3567]  </TASK>
[  597.149289][ T5834] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  597.325642][ T3567] 
[  597.328056][ T3567] =============================
[  597.333099][ T3567] WARNING: suspicious RCU usage
[  597.338038][ T3567] 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Not tainted
[  597.345326][ T3567] -----------------------------
[  597.350716][ T3567] net/sched/sch_generic.c:1229 suspicious rcu_dereference_protected() usage!
[  597.359990][ T3567] 
[  597.359990][ T3567] other info that might help us debug this:
[  597.359990][ T3567] 
[  597.370314][ T3567] 
[  597.370314][ T3567] rcu_scheduler_active = 2, debug_locks = 1
[  597.378423][ T3567] 3 locks held by kworker/u8:7/3567:
[  597.383823][ T3567]  #0: ffff88807ce87948 ((wq_completion)bond0){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  597.395014][ T3567]  #1: ffffc9000cf5fc60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  597.408100][ T3567]  #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170
[  597.417912][ T3567] 
[  597.417912][ T3567] stack backtrace:
[  597.423974][ T3567] CPU: 1 UID: 0 PID: 3567 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  597.424010][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  597.424025][ T3567] Workqueue: bond0 bond_mii_monitor
[  597.424066][ T3567] Call Trace:
[  597.424074][ T3567]  <TASK>
[  597.424084][ T3567]  dump_stack_lvl+0x241/0x360
[  597.424123][ T3567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  597.424157][ T3567]  ? __pfx__printk+0x10/0x10
[  597.424204][ T3567]  lockdep_rcu_suspicious+0x226/0x340
[  597.424239][ T3567]  transition_one_qdisc+0x8e/0x1c0
[  597.424265][ T3567]  dev_activate+0x838/0x1240
[  597.424294][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  597.424321][ T3567]  ? __pfx_dev_activate+0x10/0x10
[  597.424341][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  597.424367][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  597.424397][ T3567]  ? rfc2863_policy+0x1ce/0x3f0
[  597.424431][ T3567]  linkwatch_do_dev+0xfb/0x170
[  597.424464][ T3567]  ethtool_op_get_link+0x15/0x60
[  597.424486][ T3567]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  597.424508][ T3567]  bond_check_dev_link+0x1f1/0x3f0
[  597.424543][ T3567]  ? __pfx_bond_check_dev_link+0x10/0x10
[  597.424594][ T3567]  bond_mii_monitor+0x49a/0x3170
[  597.424636][ T3567]  ? __lock_acquire+0x1397/0x2100
[  597.424663][ T3567]  ? bond_mii_monitor+0x174/0x3170
[  597.424700][ T3567]  ? do_raw_spin_unlock+0x13c/0x8b0
[  597.424728][ T3567]  ? __pfx_bond_mii_monitor+0x10/0x10
[  597.424776][ T3567]  ? __pfx_lock_acquire+0x10/0x10
[  597.424804][ T3567]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  597.424836][ T3567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  597.424875][ T3567]  ? process_scheduled_works+0x976/0x1840
[  597.424899][ T3567]  process_scheduled_works+0xa66/0x1840
[  597.424951][ T3567]  ? __pfx_process_scheduled_works+0x10/0x10
[  597.424993][ T3567]  ? assign_work+0x364/0x3d0
[  597.425021][ T3567]  worker_thread+0x870/0xd30
[  597.425054][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  597.425084][ T3567]  ? __kthread_parkme+0x169/0x1d0
[  597.425112][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  597.425136][ T3567]  kthread+0x7a9/0x920
[  597.425161][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425191][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  597.425215][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425240][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425271][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425296][ T3567]  ? _raw_spin_unlock_irq+0x23/0x50
[  597.425319][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  597.425346][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425375][ T3567]  ret_from_fork+0x4b/0x80
[  597.425400][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.425427][ T3567]  ret_from_fork_asm+0x1a/0x30
[  597.425467][ T3567]  </TASK>
[  597.425568][ T3567] 
[  597.696009][ T3567] =============================
[  597.700972][ T3567] WARNING: suspicious RCU usage
[  597.705864][ T3567] 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Not tainted
[  597.713071][ T3567] -----------------------------
[  597.717972][ T3567] ./include/linux/rtnetlink.h:162 suspicious rcu_dereference_protected() usage!
[  597.727149][ T3567] 
[  597.727149][ T3567] other info that might help us debug this:
[  597.727149][ T3567] 
[  597.737728][ T3567] 
[  597.737728][ T3567] rcu_scheduler_active = 2, debug_locks = 1
[  597.745900][ T3567] 3 locks held by kworker/u8:7/3567:
[  597.751288][ T3567]  #0: ffff88807ce87948 ((wq_completion)bond0){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  597.762839][ T3567]  #1: ffffc9000cf5fc60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  597.776310][ T3567]  #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170
[  597.786182][ T3567] 
[  597.786182][ T3567] stack backtrace:
[  597.792170][ T3567] CPU: 1 UID: 0 PID: 3567 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  597.792199][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  597.792213][ T3567] Workqueue: bond0 bond_mii_monitor
[  597.792252][ T3567] Call Trace:
[  597.792260][ T3567]  <TASK>
[  597.792268][ T3567]  dump_stack_lvl+0x241/0x360
[  597.792308][ T3567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  597.792341][ T3567]  ? __pfx__printk+0x10/0x10
[  597.792386][ T3567]  lockdep_rcu_suspicious+0x226/0x340
[  597.792421][ T3567]  dev_activate+0x925/0x1240
[  597.792454][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  597.792482][ T3567]  ? __pfx_dev_activate+0x10/0x10
[  597.792501][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  597.792527][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  597.792556][ T3567]  ? rfc2863_policy+0x1ce/0x3f0
[  597.792590][ T3567]  linkwatch_do_dev+0xfb/0x170
[  597.792623][ T3567]  ethtool_op_get_link+0x15/0x60
[  597.792645][ T3567]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  597.792667][ T3567]  bond_check_dev_link+0x1f1/0x3f0
[  597.792709][ T3567]  ? __pfx_bond_check_dev_link+0x10/0x10
[  597.792758][ T3567]  bond_mii_monitor+0x49a/0x3170
[  597.792801][ T3567]  ? __lock_acquire+0x1397/0x2100
[  597.792826][ T3567]  ? bond_mii_monitor+0x174/0x3170
[  597.792862][ T3567]  ? do_raw_spin_unlock+0x13c/0x8b0
[  597.792892][ T3567]  ? __pfx_bond_mii_monitor+0x10/0x10
[  597.792939][ T3567]  ? __pfx_lock_acquire+0x10/0x10
[  597.792967][ T3567]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  597.792998][ T3567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  597.793038][ T3567]  ? process_scheduled_works+0x976/0x1840
[  597.793063][ T3567]  process_scheduled_works+0xa66/0x1840
[  597.793118][ T3567]  ? __pfx_process_scheduled_works+0x10/0x10
[  597.793152][ T3567]  ? assign_work+0x364/0x3d0
[  597.793180][ T3567]  worker_thread+0x870/0xd30
[  597.793214][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  597.793243][ T3567]  ? __kthread_parkme+0x169/0x1d0
[  597.793272][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  597.793296][ T3567]  kthread+0x7a9/0x920
[  597.793322][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793352][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  597.793377][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793402][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793434][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793460][ T3567]  ? _raw_spin_unlock_irq+0x23/0x50
[  597.793484][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  597.793511][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793540][ T3567]  ret_from_fork+0x4b/0x80
[  597.793565][ T3567]  ? __pfx_kthread+0x10/0x10
[  597.793593][ T3567]  ret_from_fork_asm+0x1a/0x30
[  597.793634][ T3567]  </TASK>
[  597.794391][ T3567] ------------[ cut here ]------------
[  598.061029][ T3567] RTNL: assertion failed at net/core/dev.c (2132)
[  598.071162][ T3567] WARNING: CPU: 1 PID: 3567 at net/core/dev.c:2132 call_netdevice_notifiers_info+0x106/0x110
[  598.081583][ T3567] Modules linked in:
[  598.085540][ T3567] CPU: 1 UID: 0 PID: 3567 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  598.096687][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  598.106891][ T3567] Workqueue: bond0 bond_mii_monitor
[  598.112235][ T3567] RIP: 0010:call_netdevice_notifiers_info+0x106/0x110
[  598.119138][ T3567] Code: cc cc cc cc e8 db bb 0a f8 c6 05 e6 ca 4f 06 01 90 48 c7 c7 c0 4e 0c 8d 48 c7 c6 a0 4e 0c 8d ba 54 08 00 00 e8 1b 65 cb f7 90 <0f> 0b 90 90 e9 73 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90
[  598.138869][ T3567] RSP: 0018:ffffc9000cf5f638 EFLAGS: 00010246
[  598.145113][ T3567] RAX: 134c0ebb013cd200 RBX: ffff88807c551e40 RCX: ffff888032070000
[  598.153212][ T3567] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  598.161308][ T3567] RBP: 0000000000000000 R08: ffffffff817ffb32 R09: fffffbfff1cfa588
[  598.170332][ T3567] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: dffffc0000000000
[  598.178377][ T3567] R13: 1ffff920019ebecc R14: 0000000000000004 R15: ffffc9000cf5f680
[  598.186487][ T3567] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  598.195535][ T3567] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  598.202252][ T3567] CR2: 00007f81da778ab8 CR3: 0000000034bd0000 CR4: 00000000003526f0
[  598.210345][ T3567] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  598.218374][ T3567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  598.226462][ T3567] Call Trace:
[  598.229836][ T3567]  <TASK>
[  598.232814][ T3567]  ? __warn+0x165/0x4d0
[  598.237025][ T3567]  ? call_netdevice_notifiers_info+0x106/0x110
[  598.243301][ T3567]  ? report_bug+0x2b3/0x500
[  598.247952][ T3567]  ? call_netdevice_notifiers_info+0x106/0x110
[  598.254307][ T3567]  ? handle_bug+0x60/0x90
[  598.258715][ T3567]  ? exc_invalid_op+0x1a/0x50
[  598.263570][ T3567]  ? asm_exc_invalid_op+0x1a/0x20
[  598.269228][ T3567]  ? __warn_printk+0x292/0x360
[  598.274071][ T3567]  ? call_netdevice_notifiers_info+0x106/0x110
[  598.280835][ T3567]  ? call_netdevice_notifiers_info+0x105/0x110
[  598.287078][ T3567]  netdev_state_change+0x11f/0x1a0
[  598.292340][ T3567]  ? __pfx_netdev_state_change+0x10/0x10
[  598.298045][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  598.304059][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  598.310510][ T3567]  ? rfc2863_policy+0x1ce/0x3f0
[  598.315483][ T3567]  linkwatch_do_dev+0x112/0x170
[  598.320463][ T3567]  ethtool_op_get_link+0x15/0x60
[  598.325450][ T3567]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  598.331431][ T3567]  bond_check_dev_link+0x1f1/0x3f0
[  598.336640][ T3567]  ? __pfx_bond_check_dev_link+0x10/0x10
[  598.342407][ T3567]  bond_mii_monitor+0x49a/0x3170
[  598.347420][ T3567]  ? __lock_acquire+0x1397/0x2100
[  598.352550][ T3567]  ? bond_mii_monitor+0x174/0x3170
[  598.357736][ T3567]  ? do_raw_spin_unlock+0x13c/0x8b0
[  598.363062][ T3567]  ? __pfx_bond_mii_monitor+0x10/0x10
[  598.368510][ T3567]  ? __pfx_lock_acquire+0x10/0x10
[  598.374127][ T3567]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  598.380717][ T3567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  598.387136][ T3567]  ? process_scheduled_works+0x976/0x1840
[  598.392993][ T3567]  process_scheduled_works+0xa66/0x1840
[  598.398656][ T3567]  ? __pfx_process_scheduled_works+0x10/0x10
[  598.404764][ T3567]  ? assign_work+0x364/0x3d0
[  598.409480][ T3567]  worker_thread+0x870/0xd30
[  598.414221][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  598.420229][ T3567]  ? __kthread_parkme+0x169/0x1d0
[  598.425333][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  598.430589][ T3567]  kthread+0x7a9/0x920
[  598.434726][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.439455][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  598.444628][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.449327][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.453981][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.458626][ T3567]  ? _raw_spin_unlock_irq+0x23/0x50
[  598.463941][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  598.469255][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.474380][ T3567]  ret_from_fork+0x4b/0x80
[  598.479341][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.484003][ T3567]  ret_from_fork_asm+0x1a/0x30
[  598.488842][ T3567]  </TASK>
[  598.492093][ T3567] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  598.499414][ T3567] CPU: 1 UID: 0 PID: 3567 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  598.510319][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  598.520423][ T3567] Workqueue: bond0 bond_mii_monitor
[  598.525664][ T3567] Call Trace:
[  598.528986][ T3567]  <TASK>
[  598.531985][ T3567]  dump_stack_lvl+0x241/0x360
[  598.536734][ T3567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.541974][ T3567]  ? __pfx__printk+0x10/0x10
[  598.546600][ T3567]  ? vscnprintf+0x5d/0x90
[  598.550955][ T3567]  panic+0x349/0x880
[  598.554882][ T3567]  ? __warn+0x174/0x4d0
[  598.559071][ T3567]  ? __pfx_panic+0x10/0x10
[  598.563523][ T3567]  ? ret_from_fork_asm+0x1a/0x30
[  598.568514][ T3567]  __warn+0x344/0x4d0
[  598.572567][ T3567]  ? call_netdevice_notifiers_info+0x106/0x110
[  598.578780][ T3567]  report_bug+0x2b3/0x500
[  598.583176][ T3567]  ? call_netdevice_notifiers_info+0x106/0x110
[  598.589372][ T3567]  handle_bug+0x60/0x90
[  598.593554][ T3567]  exc_invalid_op+0x1a/0x50
[  598.598083][ T3567]  asm_exc_invalid_op+0x1a/0x20
[  598.602959][ T3567] RIP: 0010:call_netdevice_notifiers_info+0x106/0x110
[  598.609751][ T3567] Code: cc cc cc cc e8 db bb 0a f8 c6 05 e6 ca 4f 06 01 90 48 c7 c7 c0 4e 0c 8d 48 c7 c6 a0 4e 0c 8d ba 54 08 00 00 e8 1b 65 cb f7 90 <0f> 0b 90 90 e9 73 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90
[  598.629392][ T3567] RSP: 0018:ffffc9000cf5f638 EFLAGS: 00010246
[  598.635480][ T3567] RAX: 134c0ebb013cd200 RBX: ffff88807c551e40 RCX: ffff888032070000
[  598.643469][ T3567] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  598.651476][ T3567] RBP: 0000000000000000 R08: ffffffff817ffb32 R09: fffffbfff1cfa588
[  598.659490][ T3567] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: dffffc0000000000
[  598.667484][ T3567] R13: 1ffff920019ebecc R14: 0000000000000004 R15: ffffc9000cf5f680
[  598.675486][ T3567]  ? __warn_printk+0x292/0x360
[  598.680290][ T3567]  ? call_netdevice_notifiers_info+0x105/0x110
[  598.686479][ T3567]  netdev_state_change+0x11f/0x1a0
[  598.691620][ T3567]  ? __pfx_netdev_state_change+0x10/0x10
[  598.697300][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  598.703235][ T3567]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  598.709623][ T3567]  ? rfc2863_policy+0x1ce/0x3f0
[  598.714512][ T3567]  linkwatch_do_dev+0x112/0x170
[  598.719394][ T3567]  ethtool_op_get_link+0x15/0x60
[  598.724364][ T3567]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  598.730018][ T3567]  bond_check_dev_link+0x1f1/0x3f0
[  598.735169][ T3567]  ? __pfx_bond_check_dev_link+0x10/0x10
[  598.741025][ T3567]  bond_mii_monitor+0x49a/0x3170
[  598.746005][ T3567]  ? __lock_acquire+0x1397/0x2100
[  598.751055][ T3567]  ? bond_mii_monitor+0x174/0x3170
[  598.756202][ T3567]  ? do_raw_spin_unlock+0x13c/0x8b0
[  598.761427][ T3567]  ? __pfx_bond_mii_monitor+0x10/0x10
[  598.766845][ T3567]  ? __pfx_lock_acquire+0x10/0x10
[  598.771900][ T3567]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  598.778005][ T3567]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  598.784407][ T3567]  ? process_scheduled_works+0x976/0x1840
[  598.790154][ T3567]  process_scheduled_works+0xa66/0x1840
[  598.795748][ T3567]  ? __pfx_process_scheduled_works+0x10/0x10
[  598.801760][ T3567]  ? assign_work+0x364/0x3d0
[  598.806382][ T3567]  worker_thread+0x870/0xd30
[  598.811006][ T3567]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  598.816933][ T3567]  ? __kthread_parkme+0x169/0x1d0
[  598.822034][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  598.827183][ T3567]  kthread+0x7a9/0x920
[  598.831282][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.835901][ T3567]  ? __pfx_worker_thread+0x10/0x10
[  598.841038][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.845668][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.850313][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.854944][ T3567]  ? _raw_spin_unlock_irq+0x23/0x50
[  598.860174][ T3567]  ? lockdep_hardirqs_on+0x99/0x150
[  598.865401][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.870020][ T3567]  ret_from_fork+0x4b/0x80
[  598.874461][ T3567]  ? __pfx_kthread+0x10/0x10
[  598.879080][ T3567]  ret_from_fork_asm+0x1a/0x30
[  598.883885][ T3567]  </TASK>
[  598.887212][ T3567] Kernel Offset: disabled
[  598.891668][ T3567] Rebooting in 86400 seconds..