last executing test programs:

13m31.93206271s ago: executing program 2 (id=526):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6a)
epoll_pwait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}, {}, {}], 0x4, 0x80, &(0x7f0000000240)={[0xffffffffffffffff]}, 0x8)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004090}, 0x40000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
statx(0xffffffffffffffff, 0x0, 0x1000, 0x0, 0x0)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8918, &(0x7f0000000000)={'ipvlan0\x00', @random="0200ff7fffff"})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r2, 0xc01064bd, &(0x7f0000000040)={&(0x7f00000000c0)="1b815aad", 0x4})
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e21, 0x4, @private0, 0x8000}}}, &(0x7f0000000000)=0xcf)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100fd3929a255b4814d930000001800018014000200776c616e31000000000000000000000008000600ff07000008000800060000000870093235b514196716fc1b3a372b268840a2fe2a36a424ed8e9f657044e093c4ec799780a81668d7c9f51c2af57fd09774c817399639d376c42c71ddd4d726df23d0c05febecb935f2bce5ad2b0228d832431edfc42a2fe3c47f47f15c129d779dfaea8a3898e6eb217046c1155d4a5ab7769dd8"], 0x3c}}, 0x100)

13m30.413838709s ago: executing program 2 (id=534):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(r2, &(0x7f00000021c0)='wchan\x00')
read$FUSE(r5, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000bc0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000002c0)={0x50, r1, 0x1, 0x70bd29, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x34, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffffff8}]}]}, 0x50}}, 0x0)
dup(0xffffffffffffffff)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000000140)=""/4087, 0x1022}], 0x1, 0x79, 0x0)
syz_clone3(&(0x7f0000000580)={0x200000400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

13m29.202522962s ago: executing program 2 (id=536):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x26c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x22, 0x8, {[@main=@item_012={0x2, 0x0, 0xa, 't|'}, @main=@item_4={0x3, 0x0, 0xc, "bac18c3f"}]}}, 0x0}, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x101002, 0x0)

13m26.577511109s ago: executing program 2 (id=545):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000240)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x111101, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0xa)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701)
ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB="0200ff03100005000500000002000020d3"])

13m25.630549965s ago: executing program 2 (id=546):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(r2, &(0x7f00000021c0)='wchan\x00')
read$FUSE(r5, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000bc0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000002c0)={0x50, r1, 0x1, 0x70bd29, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x34, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffffff8}]}]}, 0x50}}, 0x0)
dup(0xffffffffffffffff)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000000140)=""/4087, 0x1022}], 0x1, 0x79, 0x0)
syz_clone3(&(0x7f0000000580)={0x200000400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

13m23.875517503s ago: executing program 2 (id=549):
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000000000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000200000084a97e616b1868104d781b3588dccb802a3190f72c8ff17bdd1ed830f50842fcde16d6660012213eb6789e178dea94eebdf9ec68539a27f2dfb7d93d633409e5d26012b8e4142873b5a3340773dbb5f38cdb9fba9715ec32929c5cc6f0e68dd8bb7b26f60a9ce5b498dcdd3d324bce2ba296eec2a20640a639cb90a0e2af4efb395975"], 0x50)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x16bf7e, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = dup(r2)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = syz_io_uring_setup(0xe80, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0xffffffffffffffff, 0x0})
io_uring_enter(r5, 0x5afe, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003700)=ANY=[@ANYRES32=r4], 0x28}, 0x1, 0x0, 0x0, 0x20040004}, 0x4000011)
io_uring_enter(r0, 0x77a4, 0x5e6d, 0x2, &(0x7f0000000100)={[0xd]}, 0x8)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
read$FUSE(r8, &(0x7f0000001500)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
r10 = getpgid(0xffffffffffffffff)
r11 = getpid()
r12 = socket$kcm(0x10, 0x2, 0x10)
r13 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x8014)
recvmsg$kcm(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4097, 0x1001}], 0x1}, 0x0)
sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90424fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r14 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r14, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r15 = syz_clone(0x30200000, &(0x7f0000000200)="dc0744d952b0bb49b57e0adafdf0cda4e90f67dc8e0316a449bcb707755f17b809546317e70d471fb8da0a2b048b73e8796c06303e81532bac", 0x39, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000003540)="75bb5fe4e610bedd60ee7fd6517cca2a71bac4065bb86de1b13a6f9ee874c31a8bed6467ff1ec86dcc50ed454ed6eb2e36b4ccd7c678b5254acecfe331dd0bd24b2b2daaded6d612d58e53e55d796f132e6394ba59d9fa6d4de05ade68142067e71bece5dd791db80b7ca71b42222d0c752d683ce75ca23222ffd1536ba3b2d6e9bb1cf763d2263308bf9cc1f13cbb6f02f075132ab139ef289ff6598a370a2bc8bda97848eb03a836238a51bed895a7fa50005573dbc135ec2ca183c777994fc2dd36a66ebd8cc180952cfb4f5f7b0c6032130c3c432139ef7fabf507098383c9febc4e70bae06e819b62dbf30d5e758d31caae90756dbe1b3703cb3a36")
r16 = getpgrp(0x0)
r17 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r17, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x1c0, 0xc8, 0x8, 0x0, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @empty, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x6}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x2, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)
r18 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003640)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000003680)={0x2280200, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000180), {0x34}, &(0x7f00000001c0)=""/47, 0x2f, &(0x7f0000000500)=""/4096, &(0x7f0000000340)=[r9, r10, r11, r15, r16], 0x5, {r18}}, 0x58)
write$binfmt_elf64(r8, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000000000000003000000000000000000000000000000000000000000000000000000000000000008"], 0x878)

13m7.860877971s ago: executing program 32 (id=549):
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0100000000000000000000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000200000084a97e616b1868104d781b3588dccb802a3190f72c8ff17bdd1ed830f50842fcde16d6660012213eb6789e178dea94eebdf9ec68539a27f2dfb7d93d633409e5d26012b8e4142873b5a3340773dbb5f38cdb9fba9715ec32929c5cc6f0e68dd8bb7b26f60a9ce5b498dcdd3d324bce2ba296eec2a20640a639cb90a0e2af4efb395975"], 0x50)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x16bf7e, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = dup(r2)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = syz_io_uring_setup(0xe80, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0xffffffffffffffff, 0x0})
io_uring_enter(r5, 0x5afe, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003700)=ANY=[@ANYRES32=r4], 0x28}, 0x1, 0x0, 0x0, 0x20040004}, 0x4000011)
io_uring_enter(r0, 0x77a4, 0x5e6d, 0x2, &(0x7f0000000100)={[0xd]}, 0x8)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
read$FUSE(r8, &(0x7f0000001500)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
r10 = getpgid(0xffffffffffffffff)
r11 = getpid()
r12 = socket$kcm(0x10, 0x2, 0x10)
r13 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x8014)
recvmsg$kcm(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4097, 0x1001}], 0x1}, 0x0)
sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90424fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r14 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r14, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c2d94f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
r15 = syz_clone(0x30200000, &(0x7f0000000200)="dc0744d952b0bb49b57e0adafdf0cda4e90f67dc8e0316a449bcb707755f17b809546317e70d471fb8da0a2b048b73e8796c06303e81532bac", 0x39, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000003540)="75bb5fe4e610bedd60ee7fd6517cca2a71bac4065bb86de1b13a6f9ee874c31a8bed6467ff1ec86dcc50ed454ed6eb2e36b4ccd7c678b5254acecfe331dd0bd24b2b2daaded6d612d58e53e55d796f132e6394ba59d9fa6d4de05ade68142067e71bece5dd791db80b7ca71b42222d0c752d683ce75ca23222ffd1536ba3b2d6e9bb1cf763d2263308bf9cc1f13cbb6f02f075132ab139ef289ff6598a370a2bc8bda97848eb03a836238a51bed895a7fa50005573dbc135ec2ca183c777994fc2dd36a66ebd8cc180952cfb4f5f7b0c6032130c3c432139ef7fabf507098383c9febc4e70bae06e819b62dbf30d5e758d31caae90756dbe1b3703cb3a36")
r16 = getpgrp(0x0)
r17 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r17, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x1c0, 0xc8, 0x8, 0x0, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @empty, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x6}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x2, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)
r18 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003640)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000003680)={0x2280200, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000180), {0x34}, &(0x7f00000001c0)=""/47, 0x2f, &(0x7f0000000500)=""/4096, &(0x7f0000000340)=[r9, r10, r11, r15, r16], 0x5, {r18}}, 0x58)
write$binfmt_elf64(r8, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000000000000003000000000000000000000000000000000000000000000000000000000000000008"], 0x878)

12m42.335709621s ago: executing program 1 (id=645):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x303, &(0x7f0000000400)={0x0, 0x10004})
r0 = socket(0x1, 0x803, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaa0180c200000008004500005c000000000011907800000000000000010000800000000078030000000008000000000000009911c40180000012110200c72597a2d165de62580c5119fb37bf4a8be03c1f77030bafce6ab79eb3b71dc477351f542ce9232f484f8900000000"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getsockname$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000002c0)=0x1c)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000200)={0xa, 0x0, @private}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=@can_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_DST_IF={0x8}, @CGW_FILTER={0xc, 0xb, {{0x3, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x1}}}, @CGW_SRC_IF={0x8}]}, 0x30}}, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newtaction={0x60, 0x30, 0x0, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ctinfo={0xfffffffffffffeb8, 0x0, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE]}, {0x4}, {0xfffffffffffffeb6}, {0xc}}}]}]}, 0xfffffffffffffed8}}, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
r7 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r7, 0x10d, 0xab, &(0x7f0000000000), &(0x7f0000000080)=0x4)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendto$inet(r0, &(0x7f0000000000)="55bd302ceb72dc5cc6e7ec0372d2a2d8b79a770b88ca1f78e23a4a4ec15d9d96f72fcc29a7af9ac8dd2fa5d6b4638bbf8a5c94f05becda", 0x37, 0x0, 0x0, 0x0)

12m41.203453226s ago: executing program 1 (id=647):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004090}, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002400010000feffffffffffff"], 0x14}}, 0x0)
splice(r3, 0x0, r4, 0x0, 0x25a5, 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e21, 0xfffffff7, @local, 0x8000}}}, &(0x7f0000000000)=0x84)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x0)

12m39.096946613s ago: executing program 1 (id=650):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000040)=0x3, 0x4)
sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0), 0x41, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x320c1, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000000000000000100000500000001000000000000000600000000000000ff070000000000009a00000000000000efb0000007000000675effff0300000001000000000000000000000007000000817d00000600000000000000000000000000000000000000b38aed22a011e4601d86385db4240cc4a50534b984f4b5f4b6b3cc36bd07c92148bb47fd8d48cdf5a781501350499b68468104794da0ed4741d0a117aeaa425ec0f625d0d844546642edb064729a81369c172b288a020000004d3d6b7ed763a8a73569f0da7340bf0ae215b528cbf97d76768fd3bcbc80"])
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$cgroup(0x0, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f0000000180)=[{r0, 0x97}], 0x1, &(0x7f0000000300)={0x0, 0x3938700}, &(0x7f0000000340)={[0xffffffffffffff09]}, 0x8)
mount(&(0x7f0000000200)=@filename='./file0/../file0/../file0\x00', 0x0, &(0x7f00000002c0)='9p\x00', 0x1000000, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
msgget$private(0x0, 0x0)
getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000003c0))
getegid()
r4 = getpid()
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000deffffff6a0a00ff00000000850000002b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c5c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f772fd0e17c9b9101644f8c06b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583f76e412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19002cc93c1c13ca67fdc6c238342033070000004a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000140eb2e9c15b6c8f6198282df27badac8500bc7d202e099009ca515007e5f009735200040000001896d46cdac0abb841d9f96e2e6a19b7bf661c01800000d77d6165f253683cd8dc926518c699a2b14fb2bb40425dee631368340711a8c47318d5d13085938c3ec5c39b540b34157b0330aa16bd0998607f0ecea84919712d36"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xffff0000, 0xe, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0x0, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
getpid()
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

12m37.586538152s ago: executing program 1 (id=652):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000300004"], 0x84}}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f000019"], 0xfe33)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000800)={'bridge0\x00'})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3000000071000100000000000000000007000000", @ANYRES16=r2, @ANYBLOB="18000c000700"/15, @ANYRESOCT=r4, @ANYRESDEC=r2, @ANYRES32=r0], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)

12m36.720796913s ago: executing program 1 (id=656):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004090}, 0x44000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4)
r3 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x28, 0x0, r6, 0x0, 0x0})
io_uring_enter(r3, 0x5e40, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r3, 0x92, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000711935000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010400018000000000000000801f", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b000100677265"], 0x3c}}, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)

12m34.566718145s ago: executing program 1 (id=658):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@loopback, 0x0, 0x32}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_aead={0x50, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x20, 0x80, "25cac521"}}]}, 0x140}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121302, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, 0x0})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000004740)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, 0x0)
socket(0x1, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b4000000020000006600000000000000730150000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e27401aa306a7ab7069790da79b7ab4512fa4b64a00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181f5f18d772fb5c58a93b5afed6ce430a50f398d2ec77b1d7a6620ba1f5fbb48703ab220f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8efe7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c33edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a45526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef9691863c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2ebe448cbe850efd24bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed5de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d03652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b9c6c36a33eb3adc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a71dc202c851d99851bc7a62ea705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f6a70c031929a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28743f77b8724487a9b37ca66d20aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe2bae2bd4c498a10d4e17dceb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a4307f0e4360651dc7f89247a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c8b781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b978e0a5f69671f52401892dba8a63c8f7eb280880dbdcee5d8e8aae9de9d28cbe0de2f4642c4fe69db3b7432b2eb7ca282fbfe030ad6c33a73feef1cd517cedc2c0059e5636ae0fb3969ce7f64c6f6cffcc40ac1331f6b50d4f95c490edd75e8cdba278a602c8a200000000000000000000000091b39ecd9b22cc68dde3760f3bd7377b35f4d41a46959070cddc4a9c340455f97ff0ea8c6adbff47a39269b2e90dffa1ec22d41f9da01ec44847a88334e106ff455f9ca2a0b2900591ceac1f0e823eaa7ed5b359eed1a39a6f75e7556ab52ac0c2c46b28f3791edf8f25cc2e6cab30841d3fac1e1644f35ed7899a903df3901f89e13cee8589df43652fbe05a789881dcae97ffdc52363bc61c334480afac09e04f9e5ce0bcd12c997545053b64bb2ba920a1071d2ca692c72965bdc0022f7f147943001a55ed8c7b3181fbfabd2069ac7bd4f9b459463edb8a05d1fde9a000000000085b6f76cf1667ca9c4c09bc185348df7972ed45ef93479986d28a6e72ea9becd8d83434c009f089f07da335da3711b0e2b6e813f79aafdbd5858463ae47a5495dc0a7e6548774ad6f9dc3356481c4472a6455324731fe1635fd7d35bba6c7475cad7702815070f8b38c0ca2222daba"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x21e, 0x10, &(0x7f00000002c0), 0x83419149c3b785d0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$nl_rdma(0x10, 0x3, 0x14)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010005000500070000000000080009000000000014002000fec00000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

12m19.460713102s ago: executing program 33 (id=658):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@loopback, 0x0, 0x32}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_aead={0x50, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x20, 0x80, "25cac521"}}]}, 0x140}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121302, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, 0x0})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000004740)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, 0x0)
socket(0x1, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b4000000020000006600000000000000730150000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e27401aa306a7ab7069790da79b7ab4512fa4b64a00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181f5f18d772fb5c58a93b5afed6ce430a50f398d2ec77b1d7a6620ba1f5fbb48703ab220f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8efe7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c33edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a45526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef9691863c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2ebe448cbe850efd24bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed5de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d03652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b9c6c36a33eb3adc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a71dc202c851d99851bc7a62ea705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f6a70c031929a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28743f77b8724487a9b37ca66d20aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe2bae2bd4c498a10d4e17dceb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a4307f0e4360651dc7f89247a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c8b781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b978e0a5f69671f52401892dba8a63c8f7eb280880dbdcee5d8e8aae9de9d28cbe0de2f4642c4fe69db3b7432b2eb7ca282fbfe030ad6c33a73feef1cd517cedc2c0059e5636ae0fb3969ce7f64c6f6cffcc40ac1331f6b50d4f95c490edd75e8cdba278a602c8a200000000000000000000000091b39ecd9b22cc68dde3760f3bd7377b35f4d41a46959070cddc4a9c340455f97ff0ea8c6adbff47a39269b2e90dffa1ec22d41f9da01ec44847a88334e106ff455f9ca2a0b2900591ceac1f0e823eaa7ed5b359eed1a39a6f75e7556ab52ac0c2c46b28f3791edf8f25cc2e6cab30841d3fac1e1644f35ed7899a903df3901f89e13cee8589df43652fbe05a789881dcae97ffdc52363bc61c334480afac09e04f9e5ce0bcd12c997545053b64bb2ba920a1071d2ca692c72965bdc0022f7f147943001a55ed8c7b3181fbfabd2069ac7bd4f9b459463edb8a05d1fde9a000000000085b6f76cf1667ca9c4c09bc185348df7972ed45ef93479986d28a6e72ea9becd8d83434c009f089f07da335da3711b0e2b6e813f79aafdbd5858463ae47a5495dc0a7e6548774ad6f9dc3356481c4472a6455324731fe1635fd7d35bba6c7475cad7702815070f8b38c0ca2222daba"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x21e, 0x10, &(0x7f00000002c0), 0x83419149c3b785d0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$nl_rdma(0x10, 0x3, 0x14)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010005000500070000000000080009000000000014002000fec00000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

10.643537911s ago: executing program 5 (id=2710):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r1, 0x4b67, &(0x7f0000000000))

10.33058527s ago: executing program 5 (id=2711):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x7}, {0x0, 0xc9}}}}, 0xa)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20a0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000000000000200004000"/28], 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001ac0)={0x2020}, 0x2020)

10.074746635s ago: executing program 4 (id=2714):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010435504000001090224000100000000090400000203000100092100000001220500090581030000"], 0x0)
socketpair(0x29, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000c40)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0000f500000003"], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

9.275698991s ago: executing program 5 (id=2716):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101c1b021b00000000000109022400010000400009040000010300400009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(r1, 0x3, &(0x7f00000000c0)=0x8000) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000000)=0x7fffffff) (async)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040))
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x20031, 0xffffffffffffffff, 0xfffff000) (async)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) (async)
ioctl$UFFDIO_REGISTER(r6, 0x8010aa01, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) (async)
syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000380)={0x24, &(0x7f0000000240)={0x40, 0x10, 0xec, {0xec, 0x1, "94af0745ca377121fb63dbf953a481a9a8d9e66f1643e3e8fd4e3fb1fd6b10e3d7f247dd1e383d0d4e4c7fa4265799c85fda2512619f954cc0140c14e8406c1fc52d706a9822e014453ed877bfae01a71cd8bfe4e1a246ff223f8235858b3a58db78b619c0c56485ea9af1b93f74c98bc5cdc18a11697c5f2e82dc623dd656f472061f13cd75ef351afda24d236464dd02c4e4b1d480c52298941a27df10b240a54cae8924ebe4b0718a1970fdcfcb00b1aa8e3af897fce64ab3b6715e7e0e7b5ba8959c74fe8ea7a3d09dff7bb59e4045f6fbd7e17b2c07ae1e94c18a72fff02c77f249d827448c338e"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2802}}, &(0x7f0000000180)={0x0, 0x22, 0xf, {[@local=@item_012={0x2, 0x2, 0xa, '$2'}, @local=@item_012={0x1, 0x2, 0x3, '\x00'}, @global=@item_4={0x3, 0x1, 0x4, "72580443"}, @local=@item_4={0x3, 0x2, 0x0, "27f7c302"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0xa, 0x6, 0x1, {0x22, 0xb2b}}}}, &(0x7f0000000540)={0x2c, &(0x7f00000003c0)={0x60, 0x5, 0x75, "842310d77589cde59fd1dd0a177e3fba14a796e5ab93b7a4e50a1eb16dfdd000b2c7e4774b7ba694ce635bcc5c287dce69010b73e622492869205d0e29e56d08f7c5156190054e53f0d0e912de895fff87186c89a7251caad4c4088194a1dc8b6336ff89bffdbfc72bf90cb21542be7868b520bb41"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x3b}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000600)={0x20, 0x1, 0xc0, "f1e8d9e7e9624f24d8c559b7d023d959adea382533e8e50cdc9e96db8d872f91218de14e182a505e931338a35979eb52447793548d63df591bec982c273020d5f46b0800ab7bf0202d674d7fe7ccc41f6572ee3474d97e854bb9f52d2b118343c9fc4983535699f7771b2d718541deb3d05db3aeb2817193b9031ee8d59222aa0d944f0a8801d22be8ff0a2b190b768e79b74c205b6128b862e748e216a49a7bd852fccfa53add4ffe47889ea3146ef3a8896e2efbbec98e7e0e1f5b278f68ed"}, &(0x7f00000004c0)={0x20, 0x3, 0x1, 0x7}}) (async)
syz_open_dev$hidraw(&(0x7f0000000340), 0xa, 0x10d000)

8.146716456s ago: executing program 6 (id=2720):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e04722ab30e632635c281000b489687f"], 0x14)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0xfffffffe, 0x1ff)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x8001, 0x0)
syz_clone3(&(0x7f00000004c0)={0x4000200, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, &(0x7f0000000540)=""/127, &(0x7f0000000240)=[0x0, 0x0], 0x2}, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000005c0)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r5, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xf34e, 0x40}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
getpid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f0000000140)='./bus\x00')
fsetxattr(r3, &(0x7f0000000640)=@random={'osx.', 'PPPPPP'}, &(0x7f00000006c0)='freezer.self_freezing\x00', 0x16, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
fsync(r7)
sendmsg$NL80211_CMD_TESTMODE(r6, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)={0x12c, r5, 0x808, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TESTDATA={0x5c, 0x45, "ae31b9ac4302817b93945ac88903282257e4c83d74eec200b89210cbf7da6f6f2420b2bdbefe661b38aa74947809b5583633f8ea2e813fbc77e6daff83d06d7d2426453b776b360ff8eb51ca9124e23bbafe002c5c6701f2"}, @NL80211_ATTR_TESTDATA={0x49, 0x45, "4e9ccd00a6eb7a25a417929bbc1c31a5e4e92c89b20d03406f20749db6308d3a9801402861cc4075f9bae6f006e8ffe89676a65b1893824dc38d40e784d59c1a1ee6dd5bba"}, @NL80211_ATTR_TESTDATA={0x6e, 0x45, "48d7bd96975f7a78d83e75e72545031e478fe02fbd0c0918a36725f3c746de0378ef4d3fb8c4f2dbc6a88f0d8b103e2a014a969e7729c409d4588d89d07b571bf203139fd7cc9d9dabcd0261f104af429da1a3774058b3ac8b5833bcb22ef6cb8ce44c8b7bf539af2c3c"}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4000}, 0x40081)

7.571105377s ago: executing program 0 (id=2721):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/netfilter\x00')
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002900)=ANY=[@ANYBLOB="020bff031a02000029bd7000ffdbdf25010007"], 0x10d0}}, 0x80)
syz_usb_connect(0x3, 0x2d, &(0x7f0000001100)={{0x12, 0x1, 0x200, 0x6d, 0xc7, 0x76, 0x40, 0x5e3, 0x503, 0x2579, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x4, 0x0, 0x50, 0x8, [{{0x9, 0x4, 0x27, 0x7, 0x0, 0xe3, 0x1e, 0xf7}}, {{0x9, 0x4, 0x31, 0x8, 0x0, 0x98, 0x9c, 0x26, 0x5}}]}}]}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x53)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = mq_open(&(0x7f00000001c0)='eth0\xd2', 0x42, 0x1, 0x0)
dup2(r2, r2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = memfd_secret(0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(0xffffffffffffffff, 0x0, r3)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))
socket$inet(0x2, 0x3, 0x33)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xe)
shutdown(r5, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f0000000c80)={&(0x7f0000000980)=@id, 0x10, 0x0}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)

7.530016377s ago: executing program 3 (id=2722):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x7d, &(0x7f00000000c0), &(0x7f0000000240)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x111101, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0xa)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
syz_open_dev$usbfs(0x0, 0x45e, 0x101701)

7.390433205s ago: executing program 6 (id=2723):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r1, 0x4b67, &(0x7f0000000000))

6.887417217s ago: executing program 5 (id=2724):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}, {0xa, 0x4e23, 0x236, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}, 0xffffffffffffffff, 0x5}}, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0xee68, 0x1, 0x0, 0x285}, &(0x7f0000000480)=<r4=>0x0, &(0x7f0000000500)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0, 0xffff, 0x0, 0x0, {0x3}})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x5e4f}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r6, 0x29, 0x11, &(0x7f0000000080)=0x7, 0x4)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_udp_int(r10, 0x11, 0xa, 0x0, 0x0)
sendmsg$kcm(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="d8000000140081044e81f782db44b9040a1d080206000000040000a118000200fe05000000000e1208000f0100810401a80016ea1f00010000005f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e00600000000d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bfffdccf85df947e5e0", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="28000000100001000100000000000000000000073b6ab8aed6856acc877d35343778c502285c4bc23e63c1779bd7e3b4a4eb34945c9c1feb1f74d918c4af904888534a46522b44aef59ba3ae72a1cd4e6726ad0dc156278d26dc80c08269dbbe0f03b3d2b05c585c7c5a2252e70b6503a15b09e3d9f51ad4e3984cd7a6b80c144d7ac56fe8c67a361af8078f9ab5", @ANYRES32=0x0, @ANYBLOB="200400000000000008001b0000000000"], 0x28}}, 0x0)

6.887027886s ago: executing program 6 (id=2725):
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}}, 0x0)

6.532234246s ago: executing program 3 (id=2726):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x400caed0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000000640)=""/102398, 0x18ffe)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0xb, 0x100008b}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
openat$cgroup_devices(r3, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00 rwm\x00'], 0xa)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
creat(&(0x7f0000000540)='./file0\x00', 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x0, 0x0)
memfd_create(&(0x7f0000000040)='/dev/cpu/#/msr\x00', 0x3)
mount(&(0x7f0000000200)=@filename='./file0/../file0/../file0\x00', 0x0, &(0x7f00000002c0)='9p\x00', 0x1000000, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00000020000103000000000000000002140000"], 0x2c}}, 0x4010004)

5.501177582s ago: executing program 4 (id=2727):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x7}, {0x0, 0xc9}}}}, 0xa)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20a0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000000000000200004000"/28], 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001ac0)={0x2020}, 0x2020)

5.47689501s ago: executing program 6 (id=2728):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2000000})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x25, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000100000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
bind$inet6(r0, &(0x7f00000024c0)={0xa, 0x4e22}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd000000100001000c080800418e00000004fcff", 0x58}], 0x1)

5.45035693s ago: executing program 3 (id=2729):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/netfilter\x00')
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002900)=ANY=[], 0x10d0}}, 0x80)
syz_usb_connect(0x3, 0x2d, &(0x7f0000001100)={{0x12, 0x1, 0x200, 0x6d, 0xc7, 0x76, 0x40, 0x5e3, 0x503, 0x2579, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x4, 0x0, 0x50, 0x8, [{{0x9, 0x4, 0x27, 0x7, 0x0, 0xe3, 0x1e, 0xf7}}, {{0x9, 0x4, 0x31, 0x8, 0x0, 0x98, 0x9c, 0x26, 0x5}}]}}]}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des-generic)\x00'}, 0x58)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x53)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = mq_open(&(0x7f00000001c0)='eth0\xd2', 0x42, 0x1, 0x0)
dup2(r3, r3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = memfd_secret(0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(0xffffffffffffffff, 0x0, r4)
ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0)
socket$inet(0x2, 0x3, 0x33)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xe)
shutdown(r6, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000000c80)={&(0x7f0000000980)=@id, 0x10, 0x0}, 0x0)
connect$tipc(r7, &(0x7f00000000c0)=@name, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)

4.50882406s ago: executing program 4 (id=2730):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
fcntl$lock(r2, 0x5, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x51f2, r1})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x9, &(0x7f0000000240)=[{0x2, 0x9, 0x0, 0x2}, {0x7a83, 0x9, 0x6, 0x9}, {0x5, 0x3, 0x3, 0x3}, {0x1, 0x4, 0x2, 0x400}, {0xfffe, 0xc7, 0xd3, 0x7}, {0x3ff, 0xcb, 0x2, 0xcac3}, {0x4, 0x39, 0x6, 0x26}, {0x2a, 0x7, 0x9, 0xf}, {0x7f, 0x9, 0x1, 0x7f}]}, 0x10)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x17, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})

4.453014367s ago: executing program 6 (id=2731):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xb5, &(0x7f0000000600)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x45, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000980)={'syztnl1\x00', r0, 0x0, 0x10, 0xfffffffd, 0x0, {{0x1a, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @remote, {[@noop, @cipso={0x86, 0x36, 0x3, [{0x6, 0x8, "f92389c96418"}, {0x2, 0xd, "154d93a61f87c441d79807"}, {0x5, 0xf, "e4400b9e393ec393026d8dd403"}, {0x5, 0xc, "4849e049b6839bc43fb3"}]}, @ra={0x94, 0x4}, @rr={0x7, 0xf, 0x63, [@remote, @private=0xa010101, @loopback]}, @rr={0x7, 0x7, 0x5e, [@empty]}]}}}}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
r4 = dup(r2)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080)={0x0, 'batadv0\x00', {0x8}, 0x1})
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000e80)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26765ba5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbdf8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d9447c4df6e21ee0e54f8be072e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r5, 0xfeffff, 0xe80, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
write$FUSE_LK(r3, &(0x7f00000004c0)={0x28, 0x0, 0x0, {{0x0, 0x5, 0x1}}}, 0x28)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r8 = gettid()
rt_sigqueueinfo(r8, 0x1f, &(0x7f0000000500)={0xa, 0x20000c6, 0xfffffffb})
r9 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000001ac0)={r7, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323695c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
write$binfmt_script(r9, &(0x7f0000000440), 0x4)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r6, 0xae9a)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r10}, 0x10)
getitimer(0x1, &(0x7f0000000040))
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)

4.390167399s ago: executing program 0 (id=2732):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a80258c6394f90324fc60100005000a000200053582c137153e37040008", 0x27}], 0x1}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x1f, &(0x7f0000000000)={[0x8]}, 0x8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000010400000000000001000000000000000a00020000000000000000000600"], 0x28}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800000000000000000000000a00000000000000000000000800100004"], 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff02, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_HEADER={0xc}]}, 0x24}}, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="d81400003b00010027bd70000000000003"], 0x14d8}}, 0x0)

4.28014778s ago: executing program 4 (id=2733):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e04722ab30e632635c281000b489687f"], 0x14)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0xfffffffe, 0x1ff)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x8001, 0x0)
syz_clone3(&(0x7f00000004c0)={0x4000200, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, &(0x7f0000000540)=""/127, &(0x7f0000000240)=[0x0, 0x0], 0x2}, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000005c0)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r5, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xf34e, 0x40}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
getpid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f0000000140)='./bus\x00')
fsetxattr(r3, &(0x7f0000000640)=@random={'osx.', 'PPPPPP'}, &(0x7f00000006c0)='freezer.self_freezing\x00', 0x16, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
fsync(r7)
sendmsg$NL80211_CMD_TESTMODE(r6, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)={0x12c, r5, 0x808, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TESTDATA={0x5c, 0x45, "ae31b9ac4302817b93945ac88903282257e4c83d74eec200b89210cbf7da6f6f2420b2bdbefe661b38aa74947809b5583633f8ea2e813fbc77e6daff83d06d7d2426453b776b360ff8eb51ca9124e23bbafe002c5c6701f2"}, @NL80211_ATTR_TESTDATA={0x49, 0x45, "4e9ccd00a6eb7a25a417929bbc1c31a5e4e92c89b20d03406f20749db6308d3a9801402861cc4075f9bae6f006e8ffe89676a65b1893824dc38d40e784d59c1a1ee6dd5bba"}, @NL80211_ATTR_TESTDATA={0x6e, 0x45, "48d7bd96975f7a78d83e75e72545031e478fe02fbd0c0918a36725f3c746de0378ef4d3fb8c4f2dbc6a88f0d8b103e2a014a969e7729c409d4588d89d07b571bf203139fd7cc9d9dabcd0261f104af429da1a3774058b3ac8b5833bcb22ef6cb8ce44c8b7bf539af2c3c"}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4000}, 0x40081)

3.480802249s ago: executing program 0 (id=2734):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$audion(&(0x7f0000000180), 0xe6, 0xa0002)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x111, 0x9}}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000380)={@remote, @multicast2}, 0xc)
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x4, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000000)={0x4}, 0x2)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty}, {@in=@local, 0x0, 0x6c}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000080)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x3}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x14)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'vlan0\x00', <r8=>0x0})
unshare(0x62040200)
r9 = gettid()
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r8, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r9], 0x28}}, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)

3.100198446s ago: executing program 4 (id=2735):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet6(r1, &(0x7f0000002a00)={0xa, 0x4e21, 0x0, @private2, 0xfffffffe}, 0x1c)
getsockname$packet(r1, 0x0, 0x0)
listen(r0, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="e0", 0x1}], 0x1}, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r3, &(0x7f0000000200)={0x2, @long}, 0x8)
accept4(r0, 0x0, 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000140)=0x6, 0x9)
r4 = openat$smackfs_access(0xffffff9c, &(0x7f0000001140)='/sys/fs/smackfs/access2\x00', 0x2, 0x0)
write$smackfs_access(r4, &(0x7f0000001180)=ANY=[@ANYBLOB="402706ff0f000000000000207274626c00"], 0x11)
fsmount(0xffffffffffffffff, 0x0, 0x70)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = getpgid(0x0)
ptrace$getenv(0x4201, r6, 0xd4, &(0x7f0000000180))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
r8 = socket$kcm(0x10, 0x2, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r5, @ANYRES16=0x0], &(0x7f0000000980)='GPL\x00', 0xff, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f00000000c0)=r9, 0x4)

2.893111802s ago: executing program 5 (id=2736):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x7d, &(0x7f00000000c0), &(0x7f0000000240)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x111101, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0xa)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
syz_open_dev$usbfs(0x0, 0x45e, 0x101701)

2.347237734s ago: executing program 6 (id=2737):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x8, &(0x7f0000000000)=0xfffffffd, 0x4)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010b000000000000000011"], 0x14}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x40400c4}, 0x0)
getsockopt$inet6_tcp_buf(r3, 0x6, 0x8, 0x0, &(0x7f0000001040))
ioctl$KDENABIO(r1, 0x4b36)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0f000000456bea5adedf81b4", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r8, @ANYBLOB="08009f000400000008002600800900000800a10005000000"], 0x34}}, 0x0)
fcntl$lock(r6, 0x25, 0x0)
preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000080)=""/4094, 0xffe}], 0x1, 0x7a, 0x0)
bind$l2tp(r6, &(0x7f0000000080)={0x2, 0x0, @empty, 0x4}, 0x10)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)

2.338607731s ago: executing program 3 (id=2738):
ioprio_set$pid(0x3, 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f00000005c0)={&(0x7f00000000c0)=@can={{}, 0x86, 0x0, 0x4, 0x2, '\x00\x00\x00\x00\a\x00'}, 0x48}}, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004f40)="e911c90b6c5104ad51115c756c2eacd1ab6fec942dc7c2df545b7fbd4c5bea19399b48dc17b3c63003225a8adeebbf5ecdfa76a3fa8ea2169b58881537259572400ec371cac67a61c8682405eabd7fad877bfec4df9b201a173c3f216622b2680fab064b30844d166ab55633a968ab7fd24c0fa551c0a26f36fd2ad68bcd637fc810c19a59f7d192ea689ace6f0d6efd410a5d28cdc6ca117fe11d6988699c89fa9c05d39abfc3be44c71cbe450d1d236ea5d7eb7b6a29d9fe67cdeb0eaa46a2a184b3f233aac0ee2435f5d025f431e80d145baacfe7999f461a7f8823256d65edee905232b45994a7c1d6081181fe633b741a1cc68cfa65f746557c3e1e16edda682441a0224775134cc329a47c4ee5dc23de300200a5e06885fa2916f42b1dfc26ef3af08b18b2be978a2a4cc54a9321947d7c89a697d48b08a2700b2f577701747de382dfa2e07f92ccd96f7932517aa4442f25485451818b4e9df0608dba6dab28fa2c5aaed9522c839786c5c017673ba59c6d914dfbde6c4bee9855d72f62b02eb12fa591a76509462aa5ebc877f0b60042a0b6caf15dfb0e4f74c0662dfa23dbf2b013c0b95e98150c144cf63f13d20eaf9a3bff74567b6832c36cc6ac532ce8b563745bb7bc11afe15bb337a98fff20e03c4893383cf05d68caca8e3aff4a0da14caaa9597d3f22af1c0cda973d07bf54e97b5b38f5c5cbac41dca75a772e52bf459ba6fe1740ca6854fdd8ac2e002b46c8c61a6aab5de3afb0cf54b92956c13f34889e22714d6e3b6f9bfb72feb61e58b33e9cc0d6bdf3527be2cca1bc8e06bfe38200a685b9cafa038f2085d409cd6afed57714d486a563c5b1a81b6344afb18029f6a563dd00bacc9d323829593f56c2ee390234d2e9d0f271dff9b2b017bd5033c1501e39f729d957b3a52ad853283fd2bc2c00ee1f7e4f3b5e0985b327ca081b17935a8201f80cf36deea8f9e8ba8ed02ed8f59eba7c2fc6b405eb191e3e34e852692aacae129b6feb98f862d2397605e492b5e6e73aaebf3200ba50997ad80dda7ea0d7becc7639c8d0445d72da6817bb283a9aa9ab18b996d43342db5914ac3aa000118410b95fff15004f1ace296f75a465e42bd9139b9f7a30e2f35ff188b53e9fa12d09a4e2b762ce85009126cd28e53cf0d69161dd01e9618f08500c0dd24481adc604d37a460816d6abcc4cdee8f7ecda3608191a7dfaeef94b6d8c464b8b6197af49e01497843f4275b1b1250a5e2b5e0617aef8bb2e5f19942fe1daa1f89abefc36963d04008d2f2ca164e8074d58c1aa025831cfb519a8bcd607e2b23cbecdc78ef8828cd8adcae24c135c6d991ea81ff2589aadda99d1f314143daa810478364142f0dd1c4191b68bd081e331d5759b4768729f4d49271401df07ad4a9bfb108d26763622b6ba923930a2ff387aae26338ddc66c3f3205023ee29d01ac150a7bdf80ff9a9a741f275951321901b6844477c7f0b5342e8047d42852731b614c5878d4b442e7950c330a784c0f12efc09f8d3321cb7acdb274d3bcf26a5245fa0f29e3b753ef021e4f1cb6845c8094c5908e17ad4bd376895f168f2dcff37b7438b05f1c6abfa1a3f1334a7b0f7e84446601935cdc0db0081a93a50487bac999976b3aa6bbae47e71486e7e9a77b68e11771962dec08e94ef1023648e8d0722bbad9178b7a4bee612bbab7ff786c363308c40a09df01d5d7b62760a02d0761f63ec908bd3d734d827b5034e40df53ee4829b221e98fcc584e06bf91d1026acc9e749f1c17ca269c4f54d49c34ad38ba7a60c88480bbd6de859a55483559ba7ca73326facb0fbddbdbdff31c01c6b87cccd784ad15e4c3c680265ee77c4b3cca7be0b7681804b514227a832717dc189e4f7346bf4bff7e12ca9b3d820361c8edc97f319c0361151fb68f65f7f86140ce0bb9ac3510a880cb7bf89e050845da8d5d1367e190d40d5137bf60de9741e363915726a56cf78eed7a309beae54f98154dea42d0989c46dc92a8776235856c822bfa54b493cc49edcf7e5540c21c247c93e5f25f6bf5973a613cee0b5b7a683d2bd4c80f72a59d09549f01f70a581d72ad11a0d725dc32920e2d8880682d2e7c3712e44bb933f1c9080990a447db9e4f24df66b72177bff9fab3eec7df2ac314cef7a66ed13172e372573686d8f37aff4872e2555d2d85b92a98f7c2e15402da6e00cdd4d565e1b1f0ef1c9e9d053eefbe0fc761c95675795250a7421852c0d811e45256b5612bc91602823171b3d8292b76ea7ce201b9114cfb3d3dbb7d10ee20565c9860f6816542a4b83611bab1e78c03c9a5deb7ea7241100cbf9523ae1ed5d9937234d3bd11cf7a44880f4d56a9ea1ea26ad4e547511d22b55bdb144ca20e211d5e8845786d2acd779e085ae50d75ca36c9f284ed2edf9be69a09cc697e847460c61da35e2d2bca2eca0b9332abc830c68fba6dbfdd1d8946b2eef29d64d3c7476e9701dcb43c487dd0fc15c7c8f3eabc4f059eb1631176872a1cfd69afc73e424578b00baf091d177d54e64d7fc260705d139017859f1ed62e0d9b57ab8c891280457b8b011ca1a2fa92577465c7ff8ba0ac0a3e0867f43e5d7df1f387187030b0f196afc48011e27944831f5f4db0006a20dcfe7a1dea9eb6dea96d528af3fb6b38b9df3eaca143739675f9b722465128a71dd25d4536c0b9fcca377ebe10b1de8aa17e6a999ff8890ad2ee2afe8d41ab76eae8df8c52a15c6428eba61d31ddee6a53f812ec5ba4b8bda40216223fbe20c09d642efd8fc470ff4828f0c621ff4671734f68277da1eee0e359c691ec56f09b2af495ec8ca8c50ceef6c302efd63286485b3a0db8732c018708ea4f1598df0bdedd6e5cb3abb3566997f3c3479e501c4f8b81e166b74a46417afc94b99dad3a0fea6cebf72973f7bd2378548b6fe303b09a6c24a116e1862b0e04bd2c60385c780e992ea4210b28c1d4ab77ab4a44d39dd34612f79885381b4118677e285127b18faa776fd9c1a30798ee56f31fd19b93c071d2547176a959a9b6c46d495999be720ad7a36324c8995068b8ef1b278d88cec24c62d55ebf3bb9f58d86727b35ff1bd0bb40e111dbcbabff0e51e3f70da2b3fee10e83120f3d52161c07aec0f02364450d2a996035cd93226d7fd71e174203a7d3b6c6d52bb030b5f48fc6ddfe5ce69179333d37128f022f9f245e8bc4583cc40f3114b8136298e1e1a55aaa18cd9a785cc2144f414e29160c6d742024834b073cd451b30d3b760cbdf91091d40a7d6b1cc801c016afbfff71f480ba51983d153619c234062a68eca91a1a2a50c28eb7f56b5304d3238fe1cb049bf739392c4ae2ac751e20f089c89533fb50e38500e4bc9a21b582a2cb0856a9c3a002336099c78fec2ea7f1865a4ec6503261b3185f90a9827e120005353fd7ed8ed424bf8eac7a9ef67c3cfe17674390c731cb9135b68bbf524fb3c3d165bd366311e5c49be29dba2694fa2af8b00ebc04d30c1dd1e980c562bc7d90dc0a1872e679cf6210e6509e30d52e85b569bfa77f3bea9f48de9470c2a0622eefc6a56e507f7cc67f3171bc480a00b901bce0d0d575ac38c816b18e79e0fe09b513bf93c4fe11e086d4007bd1f343654b56ca8e34be89b24997014551fc362b3d2dbc4082052473a4e9bdb6e1a4707551ebc8e51be5452e29a1dfdfce23fded6bdb804da173abfc9b706998558bdc0edff764e4a6d616a888fe8d5fcb87b8e34d0f3484189f6f06e24b74e468f7fc9f60c2f456feb0eca04c91f002e4ebcb6adae6bea953e3fb1f3c01a68a08a92005c3629f0f4906e2bdee32cd86c6b751e775c3b28864640511a32c4f10f86e90cb2a508d0f5e15a18f3c0bbb5e5d2d2ce880ebd0e05898947eef255af66fbc6633544953710ba4ecda3ab44a7566c925973da584e634080aacecabb3f22ffe5957bc753820a3509b4c82c013829713b500c752a0d8de7729ab1ad79ac39db6331525bdc18083e76256edb16d60b09f8765d2ca2de9a676c13086ff5ed770012cec20ccf49a3edeecb6ecd826f4c970a6a015754a53aa74210a3d5bb697f231bbdfcf11352a666f0e24585e84b8d9a4b5f21a4d6b84082a211ee45d50416d06fdc5a04720c658221dda22aa4c34fb17b7fb115543aea896ed01d7665325090e54b713f500e9fa1671b315a854ab5d2c3902d1c8fd974983332ca09aa8eca6b641197da9be026ce965eace3d4e05939a399922d3142e1191753b57cbf7ea054fb48737473c03410bb0f40f98a7d8096fc29b732c37e2452f647a86b45240f2a3c73dfe81354b1800993f63776a0642e3c12bbd7aab9c328914372e1f7a3917923dadb1d60fa5abeb94fa959a9dfc801a470f1f3e2fa8fa534a733d3e509d36df243dcf9172ac2590150a0e1a6f2077d2301bb2c53a441abaa56ce75d946efeca2aa85cf6461fc957acea20eee92f78f13a70f28ea5f929774f94f959d956ac1c090148e5dc9f4292dd6ab6e5a2a13ea3323af35d87a3cb7c95c2c3e0612ed96c8d08e7d93b5f94eec417a3b645224806fcc0939342a15da6130d237e40a937393a19f935aca46d5f2bbc2b2dfa73735f9a8f29b12dd7a2dbf047354222b6fc8f3a9a5c162a12defe31c2cc48cddbd5d1b98f6ef6f190e63d2bedf5b622b082297585fd123c80e927ed52ad543a19f8448b3d00b00a9ab01d123d6bb3876374d2afec7b4b8a09b1d3195042ea7ed867447abe9881b6673d40698420f0910cb9e64e9b5972af3b4de62e842788b4b7665c7662e25378a6b42f3d01b5c20d9e1fd12aed90eae6de95b506272cfae02c82b3caf1fafcce2497f203c7c1bbb287e6ab06602db40e28e18bce3d4667ba8af53382dbcc76cf821604c2636a14bd12a36a905207e7f7c581b733819aead52a9f800ca27d312de5d3b5f80272594d385304e5cbd1c9bea9106bca6c6ba8371a4ded2c556664bab5cf8f7e10197b6f677971243ad64a7786f9bfb613f282771eceb38b4bef9fc5d2a9cbff0828206dd6ea2a89cd846edfeba758f14196496180ddbb2c474efbaa85041c548ded5541e1d03a5d08e7bfb277841507e17bbab91afeae6cd1bf90799c9b270e701b39d484281bccb206d584f872ed34781cc7c99a7c7b82c1c89055f46bb160b5387ac9a75a2e9975e4189f90a74e6ea17920c84f81e0fce7673c861868aaec3547a734f8bec0617bc809a17a0f2ced98615fb833a12dba259e5d5c087c2cfe0c7b9605f1691a71516d3e23f4132b0fd17ed93534e5d4864217422c117f27231adf2f59d3f4c9286899c451f63d809f18f15c88c5298d75d85976c3e7206000c4c645fee33657ee753b4304fd47adfa35f5bb1dad0babac17975ded43038f827af353b0518a5cbc73242afe59c06ee2a3bf6e43b6dde6ea1c60c7103c91ba6614c0d6f399ba17d4257cfba018e52fd87fbbe7c9b5406ac987ba15965552745d3d239e70b6aa3848c8e8eaa2589acde9dbb8e915aa55e1aa3aa8f7656b359edb292e3f784bc4f10180d404113e1c59040e0a7393c2ebe56c9925eeb250aeb98cda5500833d2231cc7832f14637ec81fa2e20c5809b3c397ffafd7e71dfba79b00d88f26b711aefc914984d99a9efabb02694304d6c4de07c53a5e5e5d823502dc5938b7854050fc1172cfe21c1c7864f5015c05bdb87bfbb236567e8e9e9404761d4a4e36f7030eea38c689fa573ef9d462b81cff417b832baeb0ac51a010a106449b3cec1189bfeb4ff8e236ffa36111c64c87d50d196fe3aa45110d20fb87055fc0ca796bbc3b1bbe61f7021a85c27d2bdf7f14186e66d3b8a37b070a7633ff2fb2a4f432665a5a0d1329b901409884fbf9bbc3e6936833868adbc4c239ad511fc26c0ffd4deae2fa988e20cc326df717390bf5506f0394f7c7e8a155a70e6f2634b5464fc49ed5359d8653766b59a07940e1b81eb8f028c08ac8ee15efbf11668f44aa8b709eb85cf8176e3cdeef1cdd5518de7ed9cb191a5ed41055b4f60e9a05ed7a89ae755606c45758c2792f2a6e65cdbf93502f72953b317896bb3bc97f84ab81a9be93b832d07e1f815d6d8a8c08cd7859c2b568c01e8711cd171fc19dd3172380e880aa0f80fffd84611dc8f3d7fe7b3959edd15f62ca0a3961e50f14bbe9c7219f9ff98fef6484d52aed162b185d2d124309b0b32aa079182a821ee17bbdb2798745ca87e8e34f81da19835ae18d85aeed37d3cfebe759e1f96837ba270ed469a26a9a76267077cba063d94803fdc9de6befb0ff6bac574c72a3b9f48662a7a6ddb15b64b1d966f4533f0a2d92c0095cec6d0a868ef2db8acc3f3bea605c4c5b93457ea76ab0428af48d7aa007d9f9f8a6143947c35ecac82a817200d4d9d51d9ee1c8596b62c5e5e605d6b5c3420c38d06817a4f1f952345b36d47a76999fd2a027a2a1b99eb040b66e2dc5d78e5f5541ae338029ee69c71c6e4619b2cfdf175653feed99a9260c78198914a2b9dc0198adcaf85dee7232974d6701ab5d4edc357b50a1418ed672ae66f66b1a7992432d51c64ffe6df318d9910a50695f4430112d32874d24f7a811fef4c6fe6b0f3e0cb2f48b243a836022e06e2e87cd9f0f5ed877ccb222e70d431b3e84420c0bedd99604ef9733916352b5c39a127d59761977ae22f67db6dd1eefcf89739a8b061da169fedfb8d3ed38425ebcc286f27fa7367a2da038042c23413b25a62432efc3d6cc09833f828c2855ad3d0c17d737e3991ed1c5f41b0d361198bb1cca3a441133e980420cc86ce4552c1b6b0981d0c7b5ada53b556fbd9e0bb0155c2eb848c2d8e83d6a97b4afffc7d4bd1a7219cfe3f9fb2ba7881b48a6394b9b32814ea8d26f7e5dc1b9fedb0286a38ef21d338a76eeb48f4fb6a0eb51b1bbcccf6af09efba8009bd2ba1591be67d67b06ac1350d6d58496ce1dff5086642d131dd1a906e579fd410e5ee20ec7d38cc7ee11fbe7ceb6b2857b21cef47debd4362d02f6f8ed3027ea96cc5c58f2522ffa6e193d9b8dd315e4441c08bc5078d0ebe73f8fac8fca2ac8c37f95d15f2dd13b473614025bd82942e21f4abe06cb9d304a4835efa77b0656050a2a0d945b0b62347a9de54a5e5cf27a0b0b22fff1ada12ac5e6332794987a7e1d309da0e0161f1db47107f57c989b59b9011babfe72beeb74566e3dc23c2ca806d02bfcc9e61061a88a5b9e418052edbd12a92d6a67ec87046abfe42d41ce8a624035ca284a107507aeed9aaac8e9c0979fe4d0e93c66c0fe5613f28e93a678a1eb0c22262c22665f3da0c69e49ca2a82fadc0fec2dbdf96601550f0a65ae7537d50bcecc7ddfd2fcf8ff6ae46786fa346b6a2840e83f81ba13849599af1063fd546631e4fd8f836bdf3c644de179697d3efabfe8cd4a74005c5afd542314524734e25d6ac94a3b2b7f90d9c25177fdcb27a7d043f4cfa6466410c540535d8d757f7d9e64fa250de95784b82f47b878ec077d18c2ef4d7e3068678b4f3de4261b7e5de8b38bb01e844c0faac5c78ef834ea5f8d707989a998ca8ea95f7b68543da6496e0aab4545ede40da4a7efec64ac32f36d37ff8c34a4885e225a5b138260394afecaa773f46e4c5e48f2ff17b2957f765752d356eabf4bc011843b0af689048439fd04a77042df1dc99023defbd86f8907d24b88512ea80089becba451ef32fa93e49938201325f55f0a360d3690707b350a67a06111a5db6ed9323940f91f7de0dbdfda4cb5348a734a18fec704e8a627edb1bcea83facad474d9b4238f0efd529653c3e69751233081fae1224197cb467a7de72bd422551ac7036fc6dfd9ef8b6d1bd2e1923e32c787c5de7f5c69fd69729b172804d234c4e009ee74c534f9cf38cd4d66abdbe64aa13382003ed7cec6c99f72ffae20cbd9d59e8afe8e16497d5eabb0bfbdab1656d2925d879eebad050b4af59d7bdd9b88ab0df4e68ea9c75e689a2406d299d2ac7f5cd51e8d93294c9c6bc249ea9163f2e17d7d24f32320666d71f11b5bb7313caa2f84c3f7a4a072bcbbe01bd6b10ce005bccbd5dc045c52fdf2bd20eb7a36520a01b951749850650bc1204c9ac31a22a0c8b07f86d63aa37f1adcb80fff407627c2f2c0d0dde0672d4290d8a2c9271906e091a0b2110adc5410280c2824c1691e3f04472e5b1ed980445d29f7fc603da6306018f74d6687c45a50d414d39d49725e0d943239f230639c9d9d0526c3cc769839dbc3b2abe256f22e72f7314672a669735bb3cff4d29c83315db306c93a6db585c9451125399003ca9e6f3f0a8e2b4d8c461635e69d721e520723de7066ba202fc3070c8a01ff2048dee50085cad06376e0fdfbc29a3db608646f4a2521ea6372e08ceb8becc85c8a4685ea4c39ba7065a21f52b090dff72b99d5da6090b80283c26a4112ab2e0201de0fd455b4dff2116808df6184527a2761b9399c90ad1d84299acf971b0c7fb58e88e91c0d11b88b55fefd3d9d86d5f58c03d010c4a132b98bc55517ed6bd4b2d3a7b092c73cd5ec7a004b18ed27dc6146b428ae7034c290e37a18fef372c874605fed5b6a73b3670089728260ff74cb7289e032668bab9ef6a3b02ade004de952d18f9a0dd5756f3eb479ea89a403dca27dc205bb5c6a8cf26ab1229b365069c8aee6374b254ee7d7610057afa7872faec0c449d1918b146c1005c143a944ffe43556a5f83c989f7c3cf465fc9d16584db129d575c4bee84c25e7cafb578b1cb4305584d6557c73b1b85ba2457c4b4c287751b421c8357ef3b868c00f4c90a6e944fc314333059a22ae07461de6139f8dabab5d00c2d4d89011d02dda2e86810a0b9be61bfd723c11ccc40c2386dec9901fecdbfd8a8eed8e892f639b0f77f15143450cbaf435f6b13065d7d4a95bf09994b490a873f8bbb87e6c9e06dfd50d5cb0fa8ab871ee24158bda8e0ab493050f336a0ffc333422ede6c425f18bcc2ccb71ca565a298e7c7fd494175810a1268c2bf8a8a0fe7716115fcf463ea9cc1004d73f2b13fa50b1bb5d799aa2ef938a51b51f23dd7b9557ef14c7982bfa085b44825e0dcc2faf1f56a6124624e046e1f51b09132c806664633ed8e6bcfecb995f7ef7ac7bdf480aac1c2aca577e98d8dfbb098fe29beb45b8c2ed85425946e9bb6771efdf6f548b85399ef6421d9ea7cab7b552fb6352d8912f2809454e3ef2849e31662d6449b5c69bd46a6b9036eae04420bdc08f6062c8fd48a0d48011154f7a6c16867df030fcd139b043823b11d72bb3d5c4cd77f860f25310f5d6bb29f06dea7970aa9560c487efe0e0810746c6865d9b37d60617bed512f58a8a7a118de85f7721a4be9a21eb1451acd7815820ab829f078ce31a31d4fc81832cd384ce4ccebfd586dae1265c68ac7e0b0b02c43d85af5fe69b443bd44c7d0d6b53f3ea4f10799780e2a5e15197388790b57ae524b4c48977cea5c306c0e05672c999b384b516f891ffa528dd19628ac0db7e071184b2f8e66c4a655d3eb600b7e86187b5f244b52173b2a6c92a8d3cc988f5aa7fb153716a83b0ab9afae2af971d82dd116dad8f8402df05959524a66ba67ca3be63a73aec5c85ebbe56dfc1e6aceb2b35c907034cf3121b14af9e2d1fdc499c913e8deecbece3e955a1490cd4391456c36cf708ca579aa668386107097638c5abcafb3c45832582a4a5ba1f77020152526c6988aa0217d482e1468c69440a317ab45cf1b0923d23414ebf6124c8d2ab65b83d833d83944aa7acd12adf1d6d1982dd6733de42835f82fa7f8c531867c3ceb83e214e0aa0c00652473190605337444f0cbcdbb3d09ca58798b453bd80fcaf8b1efe07e44e8a572e2900f79955c5bc2d66156fb810f4e823480c46d0d045464ca8bd49981797dee7e19594424a2696d9dfc05a8952d77e5146873524cd78088d8d731089da66bde12fc2e67912ade6348a3de5e8760dde7c521371f4f5fbab5aef8672e6f8a20688be5e6acf8ca624c5bb92fe82abe508a9f1e773f987a11e711ded4347722d785be356ab7c03cc0c26586a6ba2f8c9de718dbf35fc0ad6f701f85f760b49c1570f114a4651f25573003ce8f90cdb152d33b5c69d8e83849d914acae1e18f1e5d0192419c36900e5f4b7d0b0b35e4869dc892b7e6091ddb03fc5e01c93f171b3f73eaf08399deee1159e0042755c985d2fbecd1aba1fe3b86cb60b16b65e5bbb0f7246035bbee2c7f3e82abd112261376d8a145e47c6792847c02fce040de6d5d9491531759a50ddaf59c8f489dd3fbe45be54ce9882c8937107160b2f07ab47eb6d8d74cb009e23cdd16f541b64ce127ae37929c802ca752fd2d2c2d8b014317310712eeeffc17706e43d5e2bd4c45d0bc897636dc5732a8798aed06a129650f95e6bb6069a4076261f2787103f30d286afb7a743e592539a9b5dc7d3aa88e6ef327e965b2afb93aae3cd4ac0be7082826d107f7318d281e8a1379ec0b27efc4bb50c592d71b24c31b7006a7d5cae4bf961e668aa09d636b46544762a5dc5ccf0ecfac3e1edeb995ff389384feb1bbc0f983520294ec215a8ad29a164f3a4c6719784615b5d368ffe3cd2143a889270a60685929185753e4bcc1c02f756cddc0580380634185ea6febafd13f73a06167dd20e46b7f1d63c60916ea89f95dda4e3b8d75bd3ccf70d843cd4d24839d103c076b3c94ddbcb96d4bcb1ee98030a40f50af2f3be245d8d4c9028ce43e8ff9766f4d4df3bf354254191b9d7e0a552b2db2521db880f2fe1c7849d5666978a7c6461d2bd03de1bc84efe513025b6aa0fe482de1f386ec4f59b3e7abc4e348870ac10699de5bae5b042a24afbba4aded80d6753bc773e7a1fdda1d01fc97f03099b6a2d4cf2a8829a5d108c35e1a03434092fcb9e28e7c9989b3b0bfea5b7faade5cce059848f5c5bb8e5eae9edeb018cad243d9b3f4ea6f318773cba6e16457801ce015c4994a70fa4aaeaf02d2c6e6289cb1f48fc916a69f51b7dd0613fc0a96530fe989712c89e6cdfd7910569edfd542dda48e4a5d3ebda61d4e30537f30d63b0d3927ab78563c48f538b30a3f4e176077a0e8730a2bf7ffe7ac310f93b78cb096839ba374ca54d7b5f2cdc2abdd9e07b254a798bd0037f098642b41f64987130f3ba5d51a3a0e9de8fcd5e12de75eaf2d69dbea101e899bd526d95f4c925f25eaba72103e4f4c76e00536d6366fc801e3e589da731eb957f0176d07ea8eaa1a5cbc182eb6802b78b713a325fcffc67062134e7331ea9ba85979d741272bae3c1d70f84ba3a6434f902dfa82d9eeae063623b847f23073f862faaa75e6e83fabda3b0b312d08e945015fd6ded12902e0e282fcefce0d8c7a514684cdc7768c37034c951d2c81fce3992a82d270cb1965ff4e08583ab2791f518267d2125fd95894d0496a7bb7b98040339d7aafe64a5e8112ef0b047839f96a48e13c3149be7fb9a0c94fd6eee8b9b01711addd641f803109d5218de4b604a8f5766e2403babeec2dc3b4fc73195edb225d892c44850498cc786545e27ddbdb0d7062f169fec9dbb23788938d6a54babeb719f34be30e4526acc7f903085ef3c443b6cfaccf055fd794b", 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

2.028225602s ago: executing program 3 (id=2739):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r0, 0x0, 0x0) (fail_nth: 1)

1.975964311s ago: executing program 0 (id=2740):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x7}, {0x0, 0xc9}}}}, 0xa)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20a0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="00000000000000000200004000"/28], 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001ac0)={0x2020}, 0x2020)

1.449331147s ago: executing program 4 (id=2741):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e2000000400060008000a00b5"], 0x48}}, 0x4000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC(r5, 0x4068aea3, &(0x7f0000000180))
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x400000006}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000280e180000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.384005481s ago: executing program 3 (id=2742):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$audion(&(0x7f0000000180), 0xe6, 0xa0002)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x111, 0x9}}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000380)={@remote, @multicast2}, 0xc)
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x4, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000000)={0x4}, 0x2)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@updsa={0xf0, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@empty}, {@in=@local, 0x0, 0x6c}, @in6=@private1, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000080)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x3}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x14)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'vlan0\x00', <r8=>0x0})
unshare(0x62040200)
r9 = gettid()
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r11}, &(0x7f0000bbdffc))
ioctl$TCSETSW2(r10, 0x402c542c, &(0x7f00000000c0)={0xfffffffc, 0x0, 0x0, 0x1, 0x4, "f996ff109a04000000008000"})
sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r8, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r9], 0x28}}, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)

814.455511ms ago: executing program 0 (id=2743):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000), 0x0)
r1 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, r1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, 0x0)
bind$netlink(r2, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x110000}, 0xc)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a000000", 0x4)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=ANY=[@ANYBLOB="000000001600"/19, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
r5 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x19)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

63.086209ms ago: executing program 0 (id=2744):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2000000})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x25, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000100000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
socket$packet(0x11, 0x2, 0x300)
bind$inet6(r0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd000000100001000c080800418e00000004fcff", 0x58}], 0x1)

0s ago: executing program 5 (id=2745):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e04722ab30e632635c281000b489687f"], 0x14)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0xfffffffe, 0x1ff)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x8001, 0x0)
syz_clone3(&(0x7f00000004c0)={0x4000200, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, &(0x7f0000000540)=""/127, &(0x7f0000000240)=[0x0, 0x0], 0x2}, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000005c0)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x38}}, 0x0)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r5, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xf34e, 0x40}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
getpid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f0000000140)='./bus\x00')
fsetxattr(r3, &(0x7f0000000640)=@random={'osx.', 'PPPPPP'}, &(0x7f00000006c0)='freezer.self_freezing\x00', 0x16, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
fsync(r7)
sendmsg$NL80211_CMD_TESTMODE(r6, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)={0x12c, r5, 0x808, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TESTDATA={0x5c, 0x45, "ae31b9ac4302817b93945ac88903282257e4c83d74eec200b89210cbf7da6f6f2420b2bdbefe661b38aa74947809b5583633f8ea2e813fbc77e6daff83d06d7d2426453b776b360ff8eb51ca9124e23bbafe002c5c6701f2"}, @NL80211_ATTR_TESTDATA={0x49, 0x45, "4e9ccd00a6eb7a25a417929bbc1c31a5e4e92c89b20d03406f20749db6308d3a9801402861cc4075f9bae6f006e8ffe89676a65b1893824dc38d40e784d59c1a1ee6dd5bba"}, @NL80211_ATTR_TESTDATA={0x6e, 0x45, "48d7bd96975f7a78d83e75e72545031e478fe02fbd0c0918a36725f3c746de0378ef4d3fb8c4f2dbc6a88f0d8b103e2a014a969e7729c409d4588d89d07b571bf203139fd7cc9d9dabcd0261f104af429da1a3774058b3ac8b5833bcb22ef6cb8ce44c8b7bf539af2c3c"}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4000}, 0x40081)

kernel console output (not intermixed with test programs):

=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14462 comm="syz.6.2258" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x0
[  922.213044][    C0] vkms_vblank_simulate: vblank timer overrun
[  922.431151][ T5931] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  925.522250][T14494] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2267'.
[  925.532035][T14494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2267'.
[  926.327858][    T8] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[  926.987765][    T8] usb 7-1: Using ep0 maxpacket: 8
[  927.014740][    T8] usb 7-1: config 0 interface 0 has no altsetting 0
[  927.027201][    T8] usb 7-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[  927.046955][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.056740][   T29] audit: type=1326 audit(1730620431.808:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14512 comm="syz.3.2272" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x0
[  927.099624][    T8] usb 7-1: config 0 descriptor??
[  927.107506][    T8] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[  927.136305][    T8] usb 7-1: selecting invalid altsetting 0
[  927.146406][    T8] cxusb: set interface failed
[  928.131238][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  928.146309][T14504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  928.155538][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  928.165526][    T8] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[  928.174217][    T8] usb 7-1: media controller created
[  928.363665][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  928.372922][T14504] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  928.430299][T14504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  928.558920][T14504] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  928.568130][    T8] DVB: Unable to find symbol lgdt330x_attach()
[  928.574319][    T8] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[  929.573615][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  929.587738][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[  929.820685][    T8] usb 7-1: USB disconnect, device number 56
[  929.852133][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  929.969575][T14532] syz.5.2277 (14532): drop_caches: 2
[  930.552404][T14534] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.932958][T14534] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.344939][T14557] syz.4.2283 (14557): drop_caches: 2
[  931.459428][T14534] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.498911][T14553] syzkaller1: entered promiscuous mode
[  931.520935][T14553] syzkaller1: entered allmulticast mode
[  931.629175][T14534] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.662257][T14562] pimreg: entered allmulticast mode
[  931.790985][T14534] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  931.816864][T14534] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  931.823750][T14534] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  931.843439][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.871096][T14534] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  931.872310][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  932.027293][    T8] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[  932.357960][T14571] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2288'.
[  932.635184][    T8] usb 7-1: config 4 has an invalid interface number: 39 but max is 1
[  932.643778][    T8] usb 7-1: config 4 has an invalid interface number: 49 but max is 1
[  932.764302][    T8] usb 7-1: config 4 has no interface number 0
[  932.770620][    T8] usb 7-1: config 4 has no interface number 1
[  932.776729][    T8] usb 7-1: config 4 interface 39 has no altsetting 0
[  932.783536][    T8] usb 7-1: config 4 interface 49 has no altsetting 0
[  932.820570][T14579] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2291'.
[  932.851948][T14581] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.2290'.
[  932.861639][T14581] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  933.136589][T14579] netlink: 5296 bytes leftover after parsing attributes in process `syz.4.2291'.
[  933.344707][    T8] usb 7-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  933.354167][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.379345][    T8] usb 7-1: Product: syz
[  933.385726][    T8] usb 7-1: Manufacturer: syz
[  933.435374][    T8] usb 7-1: SerialNumber: syz
[  933.661756][T14585] sctp: [Deprecated]: syz.3.2293 (pid 14585) Use of struct sctp_assoc_value in delayed_ack socket option.
[  933.661756][T14585] Use struct sctp_sack_info instead
[  933.798373][    C1] sd 0:0:1:0: [sda] tag#1600 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  933.808830][    C1] sd 0:0:1:0: [sda] tag#1600 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  934.910561][T14595] 9pnet_fd: Insufficient options for proto=fd
[  934.977726][    T8] usb 7-1: USB disconnect, device number 57
[  935.257751][T12560] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  935.387736][T12560] usb 5-1: device descriptor read/64, error -71
[  936.197785][T12560] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  936.317500][T14619] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2301'.
[  936.338019][T12560] usb 5-1: device descriptor read/64, error -71
[  936.374662][T14621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2302'.
[  936.406685][T14621] netlink: 5296 bytes leftover after parsing attributes in process `syz.3.2302'.
[  936.453906][T12560] usb usb5-port1: attempt power cycle
[  939.079141][T14652] syz.5.2310 (14652): drop_caches: 2
[  940.226837][T12705] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  940.437494][T12705] usb 6-1: config 4 has an invalid interface number: 39 but max is 1
[  940.447031][T12705] usb 6-1: config 4 has an invalid interface number: 49 but max is 1
[  940.551278][T12705] usb 6-1: config 4 has no interface number 0
[  940.578207][T12705] usb 6-1: config 4 has no interface number 1
[  940.607701][T12705] usb 6-1: config 4 interface 39 has no altsetting 0
[  940.811744][T12705] usb 6-1: config 4 interface 49 has no altsetting 0
[  940.821736][T12705] usb 6-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  940.830932][T12705] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.839511][T12705] usb 6-1: Product: syz
[  940.843699][T12705] usb 6-1: Manufacturer: syz
[  940.848664][T12705] usb 6-1: SerialNumber: syz
[  940.849912][T14681] loop0: detected capacity change from 0 to 7
[  940.943083][T14681] Dev loop0: unable to read RDB block 7
[  941.124771][T14681]  loop0: AHDI p3
[  941.239542][T14681] loop0: partition table partially beyond EOD, truncated
[  941.977350][    C1] sd 0:0:1:0: [sda] tag#1625 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  941.987785][    C1] sd 0:0:1:0: [sda] tag#1625 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  942.005202][T12705] usb 6-1: USB disconnect, device number 61
[  942.067060][ T5204] Dev loop0: unable to read RDB block 7
[  942.076201][ T5204]  loop0: AHDI p3
[  942.080465][ T5204] loop0: partition table partially beyond EOD, truncated
[  943.435305][T14696] trusted_key: encrypted_key: master key parameter '' is invalid
[  943.483855][T14700] openvswitch: netlink: Actions may not be safe on all matching packets
[  943.578353][T12560] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  943.705493][T14702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2327'.
[  943.780519][T12560] usb 5-1: config 4 has an invalid interface number: 39 but max is 1
[  943.790151][T12560] usb 5-1: config 4 has an invalid interface number: 49 but max is 1
[  943.799051][T12560] usb 5-1: config 4 has no interface number 0
[  943.805385][T12560] usb 5-1: config 4 has no interface number 1
[  944.156236][T12560] usb 5-1: config 4 interface 39 has no altsetting 0
[  944.268064][T12560] usb 5-1: config 4 interface 49 has no altsetting 0
[  944.382215][T12560] usb 5-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  944.417427][T12560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.437888][T12560] usb 5-1: Product: syz
[  944.442138][T12560] usb 5-1: Manufacturer: syz
[  944.451810][T12560] usb 5-1: SerialNumber: syz
[  944.539579][T14713] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.612965][T14713] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.662431][T14713] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.718447][ T5827] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[  944.802008][    C1] sd 0:0:1:0: [sda] tag#1626 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  944.812449][    C1] sd 0:0:1:0: [sda] tag#1626 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  944.821681][    T8] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  944.907877][ T5827] usb 7-1: Using ep0 maxpacket: 16
[  944.962756][T14713] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.001953][ T5827] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  945.070838][ T5827] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  945.074685][    T8] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  945.086694][ T5827] usb 7-1: Product: syz
[  945.093661][ T5827] usb 7-1: Manufacturer: syz
[  945.101480][    T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  945.108947][ T5827] usb 7-1: SerialNumber: syz
[  945.270038][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  945.321335][T12560] usb 5-1: USB disconnect, device number 78
[  945.328421][ T5827] r8152-cfgselector 7-1: Unknown version 0x0000
[  945.341773][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  945.345316][ T5827] r8152-cfgselector 7-1: config 0 descriptor??
[  945.362598][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  945.393601][    T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  945.404971][T14713] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  945.438020][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.462382][T14713] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  945.467193][    T8] usb 4-1: config 0 descriptor??
[  945.480812][T14715] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  945.496029][T14713] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  945.512244][T14713] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  945.767758][ T5836] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  945.822190][ T5827] r8152-cfgselector 7-1: USB disconnect, device number 58
[  945.912987][    T8] plantronics 0003:047F:FFFF.002C: unknown main item tag 0xd
[  945.925195][    T8] plantronics 0003:047F:FFFF.002C: No inputs registered, leaving
[  945.939469][ T5836] usb 6-1: Using ep0 maxpacket: 16
[  945.950321][    T8] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  945.967799][ T5836] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  945.978963][ T5836] usb 6-1: config 0 has no interface number 0
[  945.987833][ T5836] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  945.997841][ T5836] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  946.007951][ T5836] usb 6-1: config 0 interface 41 has no altsetting 0
[  946.037034][ T5836] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  946.051148][ T5836] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.059763][ T5836] usb 6-1: Product: syz
[  946.064150][ T5836] usb 6-1: Manufacturer: syz
[  946.069505][ T5836] usb 6-1: SerialNumber: syz
[  946.079968][ T5836] usb 6-1: config 0 descriptor??
[  946.085875][T14724] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  946.095970][T14724] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  946.137088][T14729] syz.4.2335 (14729): drop_caches: 2
[  946.175526][    T8] usb 4-1: USB disconnect, device number 71
[  946.323209][ T5836] dm9601 6-1:0.41: probe with driver dm9601 failed with error -71
[  946.335876][ T5836] sr9700 6-1:0.41: probe with driver sr9700 failed with error -71
[  946.354208][ T5836] usb 6-1: USB disconnect, device number 62
[  946.574954][T14739] trusted_key: encrypted_key: master key parameter '' is invalid
[  948.320570][T14753] program syz.6.2339 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  948.830457][T14746] syz.5.2341 (14746): drop_caches: 2
[  948.967365][T14755] netlink: 'syz.6.2343': attribute type 10 has an invalid length.
[  948.986507][T14755] team0: Port device netdevsim0 added
[  950.098031][ T5836] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  950.538083][ T5836] usb 5-1: Using ep0 maxpacket: 32
[  950.556872][T14765] syz.5.2346 (14765): drop_caches: 2
[  950.572131][ T5836] usb 5-1: config index 0 descriptor too short (expected 29, got 18)
[  950.581779][ T5836] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  950.614335][ T5836] usb 5-1: config 0 has no interface number 0
[  950.639866][ T5836] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  950.662096][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.680186][ T5836] usb 5-1: Product: syz
[  950.684829][ T5836] usb 5-1: Manufacturer: syz
[  950.692099][ T5836] usb 5-1: SerialNumber: syz
[  950.726653][ T5836] usb 5-1: config 0 descriptor??
[  950.749763][ T5836] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  950.759273][T12560] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[  950.787017][ T5836] usb 5-1: selecting invalid altsetting 1
[  950.804965][ T5836] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  950.816713][ T5836] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  950.827877][ T5836] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  950.836266][ T5836] usb 5-1: media controller created
[  950.856478][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  950.968137][T12560] usb 7-1: config 4 has an invalid interface number: 39 but max is 1
[  951.014198][T14778] trusted_key: encrypted_key: master key parameter '' is invalid
[  951.626833][ T5836] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  951.634006][T12560] usb 7-1: config 4 has an invalid interface number: 49 but max is 1
[  951.759203][T14779] syz.3.2349 (14779): drop_caches: 2
[  951.933809][ T5836] zl10353_read_register: readreg error (reg=127, ret==-71)
[  951.941799][T12560] usb 7-1: config 4 has no interface number 0
[  951.954692][T14779] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2349'.
[  951.966333][ T5836] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  951.973539][T12560] usb 7-1: config 4 has no interface number 1
[  951.981853][T12560] usb 7-1: config 4 interface 39 has no altsetting 0
[  952.185665][T12560] usb 7-1: config 4 interface 49 has no altsetting 0
[  952.200229][T12560] usb 7-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  952.209847][T12560] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  952.236543][T12560] usb 7-1: Product: syz
[  952.284961][ T5836] usb 5-1: USB disconnect, device number 79
[  952.313421][T12560] usb 7-1: Manufacturer: syz
[  952.396995][T12560] usb 7-1: SerialNumber: syz
[  954.151297][    C1] sd 0:0:1:0: [sda] tag#1647 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  954.161752][    C1] sd 0:0:1:0: [sda] tag#1647 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  954.569334][T12560] usb 7-1: USB disconnect, device number 59
[  954.981212][T14797] FAULT_INJECTION: forcing a failure.
[  954.981212][T14797] name failslab, interval 1, probability 0, space 0, times 0
[  955.454255][T14797] CPU: 0 UID: 0 PID: 14797 Comm: syz.5.2356 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[  955.465060][T14797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  955.475105][T14797] Call Trace:
[  955.478374][T14797]  <TASK>
[  955.481294][T14797]  dump_stack_lvl+0x241/0x360
[  955.485963][T14797]  ? __pfx_dump_stack_lvl+0x10/0x10
[  955.491158][T14797]  ? __pfx__printk+0x10/0x10
[  955.495738][T14797]  ? fs_reclaim_acquire+0x93/0x130
[  955.500845][T14797]  ? __pfx___might_resched+0x10/0x10
[  955.506125][T14797]  should_fail_ex+0x3b0/0x4e0
[  955.510812][T14797]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  955.516549][T14797]  should_failslab+0xac/0x100
[  955.521230][T14797]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  955.526950][T14797]  __kmalloc_noprof+0xd8/0x400
[  955.531714][T14797]  tomoyo_realpath_from_path+0xcf/0x5e0
[  955.537264][T14797]  tomoyo_path_number_perm+0x23a/0x880
[  955.542719][T14797]  ? tomoyo_path_number_perm+0x208/0x880
[  955.548344][T14797]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  955.554311][T14797]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  955.561253][T14797]  ? lock_acquire+0x264/0x550
[  955.565969][T14797]  ? rcu_read_unlock_special+0x497/0x570
[  955.571652][T14797]  ? __rcu_read_unlock+0xa1/0x110
[  955.576694][T14797]  ? __fget_files+0x29/0x470
[  955.581283][T14797]  ? __fget_files+0x3f3/0x470
[  955.585956][T14797]  security_file_ioctl+0xc6/0x2a0
[  955.590984][T14797]  __se_sys_ioctl+0x47/0x170
[  955.595561][T14797]  do_syscall_64+0xf3/0x230
[  955.600063][T14797]  ? clear_bhb_loop+0x35/0x90
[  955.604767][T14797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.610678][T14797] RIP: 0033:0x7fb3fe57e719
[  955.615105][T14797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  955.634725][T14797] RSP: 002b:00007fb3ff3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  955.643166][T14797] RAX: ffffffffffffffda RBX: 00007fb3fe735f80 RCX: 00007fb3fe57e719
[  955.651156][T14797] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003
[  955.658108][T14807] syz.4.2355 (14807): drop_caches: 2
[  955.659124][T14797] RBP: 00007fb3ff3f4090 R08: 0000000000000000 R09: 0000000000000000
[  955.659143][T14797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  955.659156][T14797] R13: 0000000000000000 R14: 00007fb3fe735f80 R15: 00007ffd535d65a8
[  955.688341][T14797]  </TASK>
[  955.705727][T14807] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2355'.
[  955.707037][T14797] ERROR: Out of memory at tomoyo_realpath_from_path.
[  956.317085][T14813] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2360'.
[  956.403572][T14816] trusted_key: encrypted_key: master key parameter '' is invalid
[  959.406833][   T29] audit: type=1326 audit(1730620464.168:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14840 comm="syz.3.2370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x0
[  959.620525][T14849] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  960.231632][T14862] syz.3.2373 (14862): drop_caches: 2
[  960.603058][T14868] trusted_key: encrypted_key: master key parameter '' is invalid
[  960.628119][T14865] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2372'.
[  960.744432][T14861] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2372'.
[  961.198212][ T5931] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  961.333756][T14879] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2379'.
[  961.434066][T14879] syz_tun: entered promiscuous mode
[  961.492365][ T5931] usb 4-1: Using ep0 maxpacket: 32
[  961.734698][T14879] macvtap1: entered promiscuous mode
[  961.747183][ T5931] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  961.774978][T14879] macvtap1: entered allmulticast mode
[  961.780674][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  961.792424][T14879] syz_tun: entered allmulticast mode
[  961.799550][T14884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2379'.
[  961.808676][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  961.821295][ T5931] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  961.832451][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.856246][ T5931] usb 4-1: config 0 descriptor??
[  961.873023][T14877] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  961.882899][ T5931] hub 4-1:0.0: USB hub found
[  961.888596][T14884] syz_tun: left allmulticast mode
[  961.894065][T14884] syz_tun: left promiscuous mode
[  961.925660][ T5835] block nbd4: Receive control failed (result -32)
[  961.949327][T14887] block nbd4: shutting down sockets
[  962.141896][ T5931] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  962.443684][T14894] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2382'.
[  962.453731][T14894] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  963.066530][ T5931] hid-generic 0003:046D:C314.002D: unknown main item tag 0x0
[  963.088107][ T5931] hid-generic 0003:046D:C314.002D: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.3-1/input0
[  963.852712][ T5931] usb 4-1: USB disconnect, device number 72
[  964.010243][   T29] audit: type=1326 audit(1730620468.778:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14900 comm="syz.6.2384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x0
[  964.124661][T14906] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  964.558016][    T8] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  964.727719][    T8] usb 4-1: Using ep0 maxpacket: 32
[  964.746717][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  964.770004][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.824338][    T8] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  964.847939][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.868481][    T8] usb 4-1: config 0 descriptor??
[  964.886286][    T8] hub 4-1:0.0: USB hub found
[  965.108454][    T8] hub 4-1:0.0: 1 port detected
[  965.292213][T14917] syz.6.2388 (14917): drop_caches: 2
[  965.645892][    T8] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  965.653187][    T8] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  965.666976][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  965.684018][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  965.709834][    T8] usb 4-1: USB disconnect, device number 73
[  965.730619][T14922] syzkaller1: entered promiscuous mode
[  965.736195][T14922] syzkaller1: entered allmulticast mode
[  965.897888][ T5836] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  966.078203][ T5836] usb 6-1: config 4 has an invalid interface number: 39 but max is 1
[  966.086393][ T5836] usb 6-1: config 4 has an invalid interface number: 49 but max is 1
[  966.106765][T14926] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.2391'.
[  966.116729][T14926] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  966.196788][ T5836] usb 6-1: config 4 has no interface number 0
[  966.292997][ T5836] usb 6-1: config 4 has no interface number 1
[  966.329093][ T5836] usb 6-1: config 4 interface 39 has no altsetting 0
[  966.360792][ T5836] usb 6-1: config 4 interface 49 has no altsetting 0
[  966.390620][ T5836] usb 6-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  966.432182][ T5836] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  966.487963][ T5836] usb 6-1: Product: syz
[  966.492183][ T5836] usb 6-1: Manufacturer: syz
[  966.508928][ T5836] usb 6-1: SerialNumber: syz
[  966.941355][T14935] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.2393'.
[  966.950936][T14935] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[  967.549272][    C1] sd 0:0:1:0: [sda] tag#1635 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  967.559706][    C1] sd 0:0:1:0: [sda] tag#1635 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  967.608160][ T5931] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  967.778291][ T5931] usb 4-1: Using ep0 maxpacket: 16
[  967.804611][ T5931] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  967.845070][ T5931] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  967.882876][T14933] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2394'.
[  968.027994][ T5931] usb 4-1: Product: syz
[  968.032218][ T5931] usb 4-1: Manufacturer: syz
[  968.036838][ T5931] usb 4-1: SerialNumber: syz
[  968.182275][ T5931] r8152-cfgselector 4-1: Unknown version 0x0000
[  968.199566][ T5931] r8152-cfgselector 4-1: config 0 descriptor??
[  968.492721][T14947] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2395'.
[  968.543276][T14954] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2395'.
[  968.619281][T10215] r8152-cfgselector 4-1: USB disconnect, device number 74
[  968.887824][ T5931] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  969.076220][ T5931] usb 5-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  969.095633][ T5836] usb 6-1: USB disconnect, device number 63
[  969.117741][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.149218][ T5931] usb 5-1: config 0 descriptor??
[  969.412918][ T5931] kaweth 5-1:0.0: Firmware present in device.
[  969.585876][ T5931] kaweth 5-1:0.0: Statistics collection: 0
[  969.627975][ T5931] kaweth 5-1:0.0: Multicast filter limit: 0
[  969.634260][ T5931] kaweth 5-1:0.0: MTU: 0
[  969.649183][ T5931] kaweth 5-1:0.0: Read MAC address 00:00:00:00:00:00
[  969.678017][T14966] syz.3.2400 (14966): drop_caches: 2
[  970.386140][ T5931] kaweth 5-1:0.0: kaweth interface created at eth5
[  970.660443][T14978] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2401'.
[  971.285339][T14990] FAULT_INJECTION: forcing a failure.
[  971.285339][T14990] name failslab, interval 1, probability 0, space 0, times 0
[  971.311586][T14990] CPU: 1 UID: 0 PID: 14990 Comm: syz.0.2404 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[  971.322398][T14990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  971.332478][T14990] Call Trace:
[  971.335780][T14990]  <TASK>
[  971.338735][T14990]  dump_stack_lvl+0x241/0x360
[  971.343451][T14990]  ? __pfx_dump_stack_lvl+0x10/0x10
[  971.348676][T14990]  ? __pfx__printk+0x10/0x10
[  971.353301][T14990]  ? ref_tracker_alloc+0x332/0x490
[  971.358445][T14990]  should_fail_ex+0x3b0/0x4e0
[  971.363151][T14990]  ? skb_clone+0x20c/0x390
[  971.367596][T14990]  should_failslab+0xac/0x100
[  971.372301][T14990]  ? skb_clone+0x20c/0x390
[  971.376720][T14990]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  971.382096][T14990]  skb_clone+0x20c/0x390
[  971.386343][T14990]  __netlink_deliver_tap+0x3cc/0x7c0
[  971.391633][T14990]  ? netlink_deliver_tap+0x2e/0x1b0
[  971.396829][T14990]  netlink_deliver_tap+0x19d/0x1b0
[  971.401942][T14990]  netlink_unicast+0x7c4/0x990
[  971.406712][T14990]  ? __pfx_netlink_unicast+0x10/0x10
[  971.411993][T14990]  ? __virt_addr_valid+0x183/0x530
[  971.417101][T14990]  ? __check_object_size+0x48e/0x900
[  971.422390][T14990]  netlink_sendmsg+0x8e4/0xcb0
[  971.427165][T14990]  ? __pfx_netlink_sendmsg+0x10/0x10
[  971.432469][T14990]  ? __pfx_netlink_sendmsg+0x10/0x10
[  971.437755][T14990]  __sock_sendmsg+0x221/0x270
[  971.442434][T14990]  ____sys_sendmsg+0x52a/0x7e0
[  971.447201][T14990]  ? __pfx_____sys_sendmsg+0x10/0x10
[  971.452499][T14990]  __sys_sendmsg+0x292/0x380
[  971.457089][T14990]  ? __pfx___sys_sendmsg+0x10/0x10
[  971.462208][T14990]  ? __pfx_vfs_write+0x10/0x10
[  971.466991][T14990]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  971.473322][T14990]  ? do_syscall_64+0x100/0x230
[  971.478087][T14990]  ? do_syscall_64+0xb6/0x230
[  971.482766][T14990]  do_syscall_64+0xf3/0x230
[  971.487268][T14990]  ? clear_bhb_loop+0x35/0x90
[  971.491945][T14990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.497837][T14990] RIP: 0033:0x7fdf6457e719
[  971.502248][T14990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  971.521850][T14990] RSP: 002b:00007fdf6529e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  971.530263][T14990] RAX: ffffffffffffffda RBX: 00007fdf64735f80 RCX: 00007fdf6457e719
[  971.538236][T14990] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006
[  971.546213][T14990] RBP: 00007fdf6529e090 R08: 0000000000000000 R09: 0000000000000000
[  971.554181][T14990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  971.562147][T14990] R13: 0000000000000000 R14: 00007fdf64735f80 R15: 00007ffea3261ee8
[  971.570128][T14990]  </TASK>
[  971.635214][ T5931] usb 5-1: USB disconnect, device number 80
[  971.708060][ T5836] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  971.867676][ T5836] usb 4-1: Using ep0 maxpacket: 32
[  971.880133][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  971.915228][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  971.980991][ T5836] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  972.004840][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  972.037356][ T5836] usb 4-1: config 0 descriptor??
[  972.060752][ T5836] hub 4-1:0.0: USB hub found
[  972.217776][ T5931] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  972.267527][ T5836] hub 4-1:0.0: 1 port detected
[  972.379605][ T5931] usb 5-1: config 4 has an invalid interface number: 39 but max is 1
[  972.394727][ T5931] usb 5-1: config 4 has an invalid interface number: 49 but max is 1
[  972.427889][ T5931] usb 5-1: config 4 has no interface number 0
[  972.448223][ T5931] usb 5-1: config 4 has no interface number 1
[  972.466381][ T5931] usb 5-1: config 4 interface 39 has no altsetting 0
[  972.474003][ T5836] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  972.492202][ T5931] usb 5-1: config 4 interface 49 has no altsetting 0
[  972.492221][ T5836] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  972.520776][ T5931] usb 5-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  972.536901][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.540796][ T5836] usbhid 4-1:0.0: can't add hid device: -71
[  972.565203][ T5931] usb 5-1: Product: syz
[  972.583631][ T5931] usb 5-1: Manufacturer: syz
[  972.588144][ T5836] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  972.596072][ T5931] usb 5-1: SerialNumber: syz
[  972.643059][ T5836] usb 4-1: USB disconnect, device number 75
[  972.881815][    C1] sd 0:0:1:0: [sda] tag#1661 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  972.892219][    C1] sd 0:0:1:0: [sda] tag#1661 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  973.390380][ T5931] usb 5-1: USB disconnect, device number 81
[  974.366011][T15037] syz.4.2413 (15037): drop_caches: 2
[  975.194469][T15042] netlink: 120 bytes leftover after parsing attributes in process `syz.4.2416'.
[  975.207166][T15042] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2416'.
[  975.278975][T15051] FAULT_INJECTION: forcing a failure.
[  975.278975][T15051] name failslab, interval 1, probability 0, space 0, times 0
[  975.294141][T15051] CPU: 0 UID: 0 PID: 15051 Comm: syz.4.2417 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[  975.304941][T15051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  975.315019][T15051] Call Trace:
[  975.318319][T15051]  <TASK>
[  975.321265][T15051]  dump_stack_lvl+0x241/0x360
[  975.325951][T15051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  975.331156][T15051]  ? __pfx__printk+0x10/0x10
[  975.335751][T15051]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  975.341209][T15051]  ? __pfx___might_resched+0x10/0x10
[  975.346522][T15051]  should_fail_ex+0x3b0/0x4e0
[  975.351212][T15051]  should_failslab+0xac/0x100
[  975.355897][T15051]  ? shmem_init_fs_context+0x57/0x240
[  975.361276][T15051]  __kmalloc_cache_noprof+0x6c/0x2c0
[  975.366565][T15051]  shmem_init_fs_context+0x57/0x240
[  975.371768][T15051]  alloc_fs_context+0x68a/0x800
[  975.376625][T15051]  path_mount+0xb2e/0xfa0
[  975.380964][T15051]  __se_sys_mount+0x2d6/0x3c0
[  975.385659][T15051]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  975.391651][T15051]  ? __pfx___se_sys_mount+0x10/0x10
[  975.396866][T15051]  ? do_syscall_64+0x100/0x230
[  975.401639][T15051]  ? __x64_sys_mount+0x20/0xc0
[  975.406405][T15051]  do_syscall_64+0xf3/0x230
[  975.410924][T15051]  ? clear_bhb_loop+0x35/0x90
[  975.415608][T15051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  975.421503][T15051] RIP: 0033:0x7ff44b97e719
[  975.425925][T15051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  975.445540][T15051] RSP: 002b:00007ff44c805038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  975.453957][T15051] RAX: ffffffffffffffda RBX: 00007ff44bb35f80 RCX: 00007ff44b97e719
[  975.461926][T15051] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000
[  975.469892][T15051] RBP: 00007ff44c805090 R08: 0000000000000000 R09: 0000000000000000
[  975.477861][T15051] R10: 00000000002a00a9 R11: 0000000000000246 R12: 0000000000000001
[  975.485832][T15051] R13: 0000000000000000 R14: 00007ff44bb35f80 R15: 00007fffdca94ea8
[  975.493816][T15051]  </TASK>
[  975.747901][T15048] syz.3.2415 (15048): drop_caches: 2
[  976.665301][T12705] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  976.674761][ T5931] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  976.847949][ T5931] usb 5-1: Using ep0 maxpacket: 32
[  976.855989][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.867421][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  976.884438][T12705] usb 4-1: config 4 has an invalid interface number: 39 but max is 1
[  976.892663][ T5931] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  976.907892][T12705] usb 4-1: config 4 has an invalid interface number: 49 but max is 1
[  976.917560][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.938146][T12705] usb 4-1: config 4 has no interface number 0
[  976.944871][T12705] usb 4-1: config 4 has no interface number 1
[  976.976042][ T5931] usb 5-1: config 0 descriptor??
[  976.985315][T12705] usb 4-1: config 4 interface 39 has no altsetting 0
[  977.012318][ T5931] hub 5-1:0.0: USB hub found
[  977.016961][T12705] usb 4-1: config 4 interface 49 has no altsetting 0
[  977.035473][T12705] usb 4-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  977.051778][T12705] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.061923][T12705] usb 4-1: Product: syz
[  977.066228][T12705] usb 4-1: Manufacturer: syz
[  977.072728][T12705] usb 4-1: SerialNumber: syz
[  977.214282][ T5931] hub 5-1:0.0: 1 port detected
[  977.401966][    C1] sd 0:0:1:0: [sda] tag#1611 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  977.412482][    C1] sd 0:0:1:0: [sda] tag#1611 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  977.967876][ T5931] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  977.990332][T12705] usb 4-1: USB disconnect, device number 76
[  977.997957][ T5931] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  978.017478][ T5931] usbhid 5-1:0.0: can't add hid device: -71
[  978.023992][ T5931] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  978.079261][ T5931] usb 5-1: USB disconnect, device number 82
[  978.847877][T15080] syz.3.2425 (15080): drop_caches: 2
[  979.170776][T15086] netlink: 'syz.4.2426': attribute type 1 has an invalid length.
[  979.292337][T15093] netlink: 5296 bytes leftover after parsing attributes in process `syz.4.2426'.
[  979.313275][T15086] 8021q: adding VLAN 0 to HW filter on device bond6
[  979.557945][ T5931] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  979.587948][T12705] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  979.677946][ T5886] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[  979.707997][ T5931] usb 6-1: Using ep0 maxpacket: 8
[  979.733313][ T5931] usb 6-1: config 0 interface 0 has no altsetting 0
[  979.740549][ T5931] usb 6-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[  979.750269][T12705] usb 4-1: Using ep0 maxpacket: 8
[  979.755557][ T5931] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.773000][T12705] usb 4-1: config 0 interface 0 has no altsetting 0
[  979.780610][T12705] usb 4-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[  979.800616][T12705] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.857788][ T5886] usb 7-1: Using ep0 maxpacket: 8
[  979.867620][ T5886] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  979.879412][T12705] usb 4-1: config 0 descriptor??
[  979.885433][ T5931] usb 6-1: config 0 descriptor??
[  979.922155][T12705] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[  979.930853][ T5931] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[  979.948311][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.981057][T12705] usb 4-1: selecting invalid altsetting 0
[  979.986943][ T5886] usb 7-1: Product: syz
[  979.992159][ T5931] usb 6-1: selecting invalid altsetting 0
[  980.020904][ T5886] usb 7-1: Manufacturer: syz
[  980.025881][T12705] cxusb: set interface failed
[  980.035153][ T5931] cxusb: set interface failed
[  980.040781][ T5886] usb 7-1: SerialNumber: syz
[  980.045447][T12705] dvb-usb: bulk message failed: -22 (1/0)
[  980.051307][ T5931] dvb-usb: bulk message failed: -22 (1/0)
[  980.061787][ T5886] usb 7-1: config 0 descriptor??
[  980.069499][T12705] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  980.079549][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  980.095892][T12705] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[  980.104837][T12705] usb 4-1: media controller created
[  980.112617][ T5931] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[  980.120637][T15096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  980.125793][ T5931] usb 6-1: media controller created
[  980.137404][T15094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  980.152460][T15096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  980.169074][T15094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  980.179362][T12705] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  980.190927][T15096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  980.206604][T15096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  980.211531][T15094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  980.225920][T15094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  980.227469][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  980.317248][ T5931] DVB: Unable to find symbol lgdt330x_attach()
[  980.323824][ T5931] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[  980.366539][T12705] DVB: Unable to find symbol lgdt330x_attach()
[  980.372845][T12705] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[  980.381807][ T5886] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  980.391151][ T5931] dvb-usb: bulk message failed: -22 (1/0)
[  980.397721][ T5931] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[  980.410961][ T5931] usb 6-1: USB disconnect, device number 64
[  980.422054][T12705] dvb-usb: bulk message failed: -22 (1/0)
[  980.427886][T12705] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[  980.444168][T12705] usb 4-1: USB disconnect, device number 77
[  980.468839][ T5931] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  980.534304][T12705] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  980.580044][T15110] fuse: Unknown parameter 'Yd'
[  981.033719][T15114] syz.3.2436 (15114): drop_caches: 2
[  981.340144][ T5886] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  981.469347][ T5886] usb 7-1: USB disconnect, device number 60
[  982.078211][ T5886] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  982.268106][ T5886] usb 6-1: Using ep0 maxpacket: 32
[  982.330204][ T5886] usb 6-1: config index 0 descriptor too short (expected 29, got 18)
[  982.339157][ T5886] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  982.347437][ T5886] usb 6-1: config 0 has no interface number 0
[  982.411219][ T5886] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  982.471186][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.698404][ T5886] usb 6-1: Product: syz
[  982.704025][ T5886] usb 6-1: Manufacturer: syz
[  982.744317][ T5886] usb 6-1: SerialNumber: syz
[  983.068044][ T5886] usb 6-1: config 0 descriptor??
[  983.083728][ T5886] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  983.103235][ T5886] usb 6-1: selecting invalid altsetting 1
[  983.110323][ T5886] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  983.146605][ T5886] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  983.194280][ T5886] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  983.238620][ T5886] usb 6-1: media controller created
[  983.298839][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  983.381180][ T5886] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  983.438026][ T5886] zl10353_read_register: readreg error (reg=127, ret==-71)
[  983.445673][ T5886] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  983.479627][ T5886] usb 6-1: USB disconnect, device number 65
[  984.214920][T15151] syzkaller1: entered promiscuous mode
[  984.223866][T15151] syzkaller1: entered allmulticast mode
[  984.314529][T12705] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[  984.509559][T12705] usb 7-1: config 4 has an invalid interface number: 39 but max is 1
[  984.520640][T12705] usb 7-1: config 4 has an invalid interface number: 49 but max is 1
[  984.532832][T12705] usb 7-1: config 4 has no interface number 0
[  984.683447][T12705] usb 7-1: config 4 has no interface number 1
[  984.690796][ T5827] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  984.732746][T12705] usb 7-1: config 4 interface 39 has no altsetting 0
[  984.760640][T12705] usb 7-1: config 4 interface 49 has no altsetting 0
[  984.781861][T12705] usb 7-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  984.791986][T12705] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.801962][T12705] usb 7-1: Product: syz
[  984.806225][T12705] usb 7-1: Manufacturer: syz
[  984.812905][T12705] usb 7-1: SerialNumber: syz
[  984.861563][ T5836] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  984.878293][ T5827] usb 4-1: Using ep0 maxpacket: 16
[  984.940192][ T5827] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  984.999965][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.020057][ T5827] usb 4-1: Product: syz
[  985.024419][ T5827] usb 4-1: Manufacturer: syz
[  985.034884][ T5827] usb 4-1: SerialNumber: syz
[  985.089217][ T5836] usb 6-1: Using ep0 maxpacket: 16
[  985.150453][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  985.220098][    C1] sd 0:0:1:0: [sda] tag#1617 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  985.230468][    C1] sd 0:0:1:0: [sda] tag#1617 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  985.651329][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  985.769908][ T5836] usb 6-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00
[  985.782042][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  985.817366][ T5836] usb 6-1: config 0 descriptor??
[  985.828265][ T5827] r8152-cfgselector 4-1: Unknown version 0x0000
[  985.834556][ T5827] r8152-cfgselector 4-1: config 0 descriptor??
[  985.981765][T12705] usb 7-1: USB disconnect, device number 61
[  986.234751][ T5836] razer 0003:1532:011B.002E: unknown main item tag 0x0
[  986.241825][ T5836] razer 0003:1532:011B.002E: unknown main item tag 0x0
[  986.248884][ T5836] razer 0003:1532:011B.002E: unknown main item tag 0x0
[  986.255776][ T5836] razer 0003:1532:011B.002E: unknown main item tag 0x0
[  986.262907][ T5836] razer 0003:1532:011B.002E: unknown main item tag 0x0
[  986.278996][ T5827] r8152-cfgselector 4-1: USB disconnect, device number 78
[  986.435643][T12560] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  986.601690][T12560] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  986.612095][T12560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.628287][T12560] usb 5-1: Product: syz
[  986.632834][T12560] usb 5-1: Manufacturer: syz
[  986.651334][T12560] usb 5-1: SerialNumber: syz
[  986.675001][T12560] usb 5-1: config 0 descriptor??
[  987.336711][T15175] program syz.6.2454 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  987.502176][T12560] usb 5-1: Firmware: major: 108, minor: 101, hardware type: UNKNOWN (114)
[  987.534915][ T5836] razer 0003:1532:011B.002E: failed to enable macro keys: -71
[  987.546343][ T5836] razer 0003:1532:011B.002E: hidraw0: USB HID v0.00 Device [HID 1532:011b] on usb-dummy_hcd.5-1/input0
[  987.623521][T15181] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2455'.
[  987.632960][T15181] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  988.310757][ T5836] usb 6-1: USB disconnect, device number 66
[  988.508803][T12560] usb 5-1: Read permanent extended address 86:c3:c7:9f:b4:e0:d6:c3 from device
[  989.362051][T12560] usb 5-1: atusb_probe: initialization failed, error = -524
[  989.401027][T12560] atusb 5-1:0.0: probe with driver atusb failed with error -524
[  990.475999][T12560] usb 5-1: USB disconnect, device number 83
[  990.697871][ T5836] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[  990.863595][T15213] program syz.4.2466 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  990.880668][ T5836] usb 7-1: config 4 has an invalid interface number: 39 but max is 1
[  990.894036][ T5836] usb 7-1: config 4 has an invalid interface number: 49 but max is 1
[  990.947976][ T5836] usb 7-1: config 4 has no interface number 0
[  990.954979][ T5836] usb 7-1: config 4 has no interface number 1
[  990.961646][ T5836] usb 7-1: config 4 interface 39 has no altsetting 0
[  990.968733][ T5836] usb 7-1: config 4 interface 49 has no altsetting 0
[  990.984662][ T5836] usb 7-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  990.994903][ T5836] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  991.003221][ T5836] usb 7-1: Product: syz
[  991.007953][ T5836] usb 7-1: Manufacturer: syz
[  991.012773][ T5836] usb 7-1: SerialNumber: syz
[  991.325251][    C1] sd 0:0:1:0: [sda] tag#1622 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  991.335691][    C1] sd 0:0:1:0: [sda] tag#1622 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  991.867140][ T5836] usb 7-1: USB disconnect, device number 62
[  991.939246][T15227] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  992.009750][   T29] audit: type=1326 audit(1730620496.778:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15226 comm="syz.4.2469" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff44b97e719 code=0x0
[  992.467162][T15234] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  992.723523][T15242] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2471'.
[  993.784210][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.796557][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  994.138126][ T5883] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  994.309206][ T5883] usb 5-1: Using ep0 maxpacket: 8
[  994.335802][ T5883] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  994.351983][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.378398][ T5883] usb 5-1: Product: syz
[  994.388009][ T5883] usb 5-1: Manufacturer: syz
[  994.399087][ T5883] usb 5-1: SerialNumber: syz
[  994.425259][ T5883] usb 5-1: config 0 descriptor??
[  994.459009][ T5883] gspca_main: se401-2.14.0 probing 047d:5003
[  994.656115][T15255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  994.668209][T15255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  994.941337][ T5883] gspca_se401: Wrong descriptor type
[  995.162844][T10215] usb 5-1: USB disconnect, device number 84
[  996.332170][T15286] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2484'.
[  996.341704][T15286] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  997.160306][ T5827] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  997.215410][T15296] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2486'.
[  997.329751][ T5827] usb 5-1: config 4 has an invalid interface number: 39 but max is 1
[  997.338009][ T5827] usb 5-1: config 4 has an invalid interface number: 49 but max is 1
[  997.346922][ T5827] usb 5-1: config 4 has no interface number 0
[  997.354117][ T5827] usb 5-1: config 4 has no interface number 1
[  997.361223][ T5827] usb 5-1: config 4 interface 39 has no altsetting 0
[  997.368347][ T5827] usb 5-1: config 4 interface 49 has no altsetting 0
[  997.377947][ T5827] usb 5-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  997.392338][ T5827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.401074][ T5827] usb 5-1: Product: syz
[  997.405326][ T5827] usb 5-1: Manufacturer: syz
[  997.410484][ T5827] usb 5-1: SerialNumber: syz
[  997.702361][    C1] sd 0:0:1:0: [sda] tag#1646 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  997.712811][    C1] sd 0:0:1:0: [sda] tag#1646 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  998.480265][ T5827] usb 5-1: USB disconnect, device number 85
[  999.817749][ T5836] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  999.828942][T10215] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  999.977873][ T5836] usb 6-1: Using ep0 maxpacket: 8
[  999.989618][ T5836] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1000.001627][T10215] usb 7-1: Using ep0 maxpacket: 8
[ 1000.010444][ T5836] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1000.021952][ T5836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1000.032027][ T5836] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1000.042548][ T5836] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1000.057844][T10215] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1000.728282][ T5836] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1000.737375][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1000.745474][T10215] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1000.754407][T10215] usb 7-1: Product: syz
[ 1000.758688][T10215] usb 7-1: Manufacturer: syz
[ 1000.763301][T10215] usb 7-1: SerialNumber: syz
[ 1000.883720][T10215] usb 7-1: config 0 descriptor??
[ 1000.896543][T10215] gspca_main: se401-2.14.0 probing 047d:5003
[ 1000.979706][T15324] all (unregistering): Released all slaves
[ 1001.051658][ T5836] usb 6-1: usb_control_msg returned -32
[ 1001.057298][ T5836] usbtmc 6-1:16.0: can't read capabilities
[ 1001.099814][T15312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1001.111245][T15312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1001.177727][T12560] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1001.197714][ T5886] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1001.321820][T10215] gspca_se401: Wrong descriptor type
[ 1001.341142][T12560] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1001.350479][T12560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1001.358653][T12560] usb 5-1: Product: syz
[ 1001.362822][T12560] usb 5-1: Manufacturer: syz
[ 1001.367404][T12560] usb 5-1: SerialNumber: syz
[ 1001.368187][ T5886] usb 4-1: Using ep0 maxpacket: 32
[ 1001.377071][T12560] usb 5-1: config 0 descriptor??
[ 1001.385140][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1001.395108][ T5886] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1001.404507][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1001.415570][ T5886] usb 4-1: config 0 descriptor??
[ 1001.429416][T15331] usbtmc 6-1:16.0: usb_control_msg returned -32
[ 1001.437069][ T5886] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1001.445479][ T5886] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1001.463080][ T5886] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1001.524088][T10215] usb 7-1: USB disconnect, device number 63
[ 1001.796627][T12560] usb 5-1: Firmware: major: 0, minor: 248, hardware type: ATUSB (0)
[ 1002.000407][T12560] usb 5-1: no permanent extended address found, random address set
[ 1002.260615][T12560] usb 5-1: USB disconnect, device number 86
[ 1002.524858][T10215] usb 6-1: USB disconnect, device number 67
[ 1002.813284][T15340] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2500'.
[ 1005.022693][ T5886] usb 4-1: reset high-speed USB device number 79 using dummy_hcd
[ 1005.098701][ T5886] usb 4-1: device reset changed ep0 maxpacket size!
[ 1005.483342][ T5886] usb 4-1: USB disconnect, device number 79
[ 1006.827353][ T5843] Bluetooth: hci2: command 0x0406 tx timeout
[ 1006.957801][ T5886] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1007.121051][ T5886] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[ 1007.130488][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.144934][ T5886] usb 4-1: config 0 descriptor??
[ 1007.152820][ T5886] gspca_main: sunplus-2.14.0 probing 055f:c420
[ 1007.159652][ T5883] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1007.258046][ T5931] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[ 1007.328489][ T5883] usb 5-1: Using ep0 maxpacket: 16
[ 1007.335536][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1007.346614][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1007.356877][ T5883] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1007.374877][ T5883] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1007.385480][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.396325][ T5883] usb 5-1: config 0 descriptor??
[ 1007.417759][ T5931] usb 6-1: Using ep0 maxpacket: 8
[ 1007.424398][ T5931] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1007.431531][ T5931] usb 6-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[ 1007.440840][ T5931] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.452914][ T5931] usb 6-1: config 0 descriptor??
[ 1007.463059][ T5931] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[ 1007.471436][ T5931] usb 6-1: selecting invalid altsetting 0
[ 1007.477232][ T5931] cxusb: set interface failed
[ 1007.483114][ T5931] dvb-usb: bulk message failed: -22 (1/0)
[ 1007.492179][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1007.502580][ T5931] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[ 1007.511402][ T5931] usb 6-1: media controller created
[ 1007.526696][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1007.577434][ T5931] DVB: Unable to find symbol lgdt330x_attach()
[ 1007.585334][ T5931] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[ 1007.595791][ T5931] dvb-usb: bulk message failed: -22 (1/0)
[ 1007.601724][ T5931] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[ 1007.705214][T15379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.738112][T15379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.760066][T15379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.898665][T15379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.950167][ T5836] usb 6-1: USB disconnect, device number 68
[ 1008.022572][ T5886] gspca_sunplus: reg_w_riv err -110
[ 1008.027917][ T5886] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[ 1008.041374][ T5883] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[ 1008.048739][ T5883] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[ 1008.056501][ T5883] microsoft 0003:045E:07DA.002F: No inputs registered, leaving
[ 1008.083144][ T5883] microsoft 0003:045E:07DA.002F: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 1008.376348][ T5883] microsoft 0003:045E:07DA.002F: no inputs found
[ 1008.564434][ T5883] microsoft 0003:045E:07DA.002F: could not initialize ff, continuing anyway
[ 1008.720715][ T5836] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[ 1008.775654][ T5883] usb 5-1: USB disconnect, device number 87
[ 1008.807818][T12560] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[ 1008.880938][T15395] loop9: detected capacity change from 0 to 7
[ 1008.895211][ T5886] usb 4-1: USB disconnect, device number 80
[ 1008.913001][T15395] Dev loop9: unable to read RDB block 7
[ 1008.919549][T15395]  loop9: unable to read partition table
[ 1008.925588][T15395] loop9: partition table beyond EOD, truncated
[ 1008.935122][T15395] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[ 1008.935122][T15395] 
) failed (rc=-5)
[ 1008.987853][T12560] usb 7-1: Using ep0 maxpacket: 32
[ 1009.030041][T12560] usb 7-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1009.039387][T12560] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1009.047404][T12560] usb 7-1: Product: syz
[ 1009.139750][T12560] usb 7-1: Manufacturer: syz
[ 1009.192525][T12560] usb 7-1: SerialNumber: syz
[ 1009.363626][T12560] usb 7-1: config 0 descriptor??
[ 1009.456229][T12560] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1009.975060][T15407] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0
[ 1010.249837][T15388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1010.297960][T15388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1010.420616][T15407] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0
[ 1010.532347][T12560] gspca_ov534_9: reg_w failed -110
[ 1010.540037][T15388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1010.552347][T15388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1010.573079][T15407] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0
[ 1010.827370][T12560] gspca_ov534_9: Unknown sensor 0000
[ 1010.830661][T12560] ov534_9 7-1:0.0: probe with driver ov534_9 failed with error -22
[ 1011.238679][T15407] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0
[ 1011.413855][T15407] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20002 - 0
[ 1011.429051][T15428] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1011.444440][T15407] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20002 - 0
[ 1011.456568][T15407] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20002 - 0
[ 1011.473079][T15407] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20002 - 0
[ 1011.496103][   T29] audit: type=1326 audit(1730620516.258:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15426 comm="syz.3.2529" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x0
[ 1011.517124][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1011.551464][T15431] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1011.658164][ T5827] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1011.692352][T15435] syz.5.2530 (15435): drop_caches: 2
[ 1011.769011][T12560] usb 7-1: USB disconnect, device number 64
[ 1011.821903][ T5827] usb 5-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[ 1011.842741][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1011.862755][T15437] FAULT_INJECTION: forcing a failure.
[ 1011.862755][T15437] name failslab, interval 1, probability 0, space 0, times 0
[ 1011.876245][T15437] CPU: 0 UID: 0 PID: 15437 Comm: syz.6.2531 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[ 1011.877014][ T5827] usb 5-1: config 0 descriptor??
[ 1011.887366][T15437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1011.887383][T15437] Call Trace:
[ 1011.887392][T15437]  <TASK>
[ 1011.887401][T15437]  dump_stack_lvl+0x241/0x360
[ 1011.887433][T15437]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.887456][T15437]  ? __pfx__printk+0x10/0x10
[ 1011.887479][T15437]  ? fs_reclaim_acquire+0x93/0x130
[ 1011.887503][T15437]  ? __pfx___might_resched+0x10/0x10
[ 1011.887530][T15437]  should_fail_ex+0x3b0/0x4e0
[ 1011.887554][T15437]  ? tomoyo_encode+0x26f/0x540
[ 1011.887577][T15437]  should_failslab+0xac/0x100
[ 1011.887603][T15437]  ? tomoyo_encode+0x26f/0x540
[ 1011.887626][T15437]  __kmalloc_noprof+0xd8/0x400
[ 1011.887651][T15437]  tomoyo_encode+0x26f/0x540
[ 1011.887681][T15437]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 1011.887717][T15437]  tomoyo_path_number_perm+0x23a/0x880
[ 1011.887747][T15437]  ? tomoyo_path_number_perm+0x208/0x880
[ 1011.887771][T15437]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1011.887833][T15437]  ? __fget_files+0x29/0x470
[ 1011.887861][T15437]  ? __fget_files+0x3f3/0x470
[ 1011.887901][T15437]  security_file_ioctl+0xc6/0x2a0
[ 1011.887928][T15437]  __se_sys_ioctl+0x47/0x170
[ 1011.887954][T15437]  do_syscall_64+0xf3/0x230
[ 1011.887976][T15437]  ? clear_bhb_loop+0x35/0x90
[ 1011.888001][T15437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.888022][T15437] RIP: 0033:0x7f2f3057e719
[ 1011.908159][ T5827] gspca_main: sunplus-2.14.0 probing 055f:c420
[ 1011.909183][T15437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1012.048676][T15437] RSP: 002b:00007f2f31334038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1012.057095][T15437] RAX: ffffffffffffffda RBX: 00007f2f30735f80 RCX: 00007f2f3057e719
[ 1012.065078][T15437] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003
[ 1012.073051][T15437] RBP: 00007f2f31334090 R08: 0000000000000000 R09: 0000000000000000
[ 1012.081021][T15437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1012.088993][T15437] R13: 0000000000000000 R14: 00007f2f30735f80 R15: 00007ffeb0104fc8
[ 1012.096995][T15437]  </TASK>
[ 1012.150960][T15437] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1012.648150][ T5827] gspca_sunplus: reg_w_riv err -110
[ 1012.653438][ T5827] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[ 1012.707827][T12560] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 1012.773141][    T8] usb 5-1: USB disconnect, device number 88
[ 1012.864453][T12560] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1012.891754][T12560] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.901763][T12560] usb 7-1: Product: syz
[ 1012.906106][T12560] usb 7-1: Manufacturer: syz
[ 1012.918533][T12560] usb 7-1: SerialNumber: syz
[ 1012.931938][T12560] usb 7-1: config 0 descriptor??
[ 1013.375611][T12560] usb 7-1: Firmware: major: 0, minor: 248, hardware type: ATUSB (0)
[ 1013.506088][T15451] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.2536'.
[ 1013.812484][T12560] usb 7-1: Read permanent extended address 00:00:00:00:00:00:00:c3 from device
[ 1014.139603][T15442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1014.298510][T15442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1014.350853][T12560] usb 7-1: USB disconnect, device number 65
[ 1014.587765][ T5836] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1014.699501][T15469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1014.729657][T15469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1014.747163][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1014.770973][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1014.788719][ T5836] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[ 1014.805172][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.816877][ T5836] usb 4-1: config 0 descriptor??
[ 1014.986421][   T29] audit: type=1326 audit(1730620519.748:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15474 comm="syz.6.2543" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x0
[ 1015.307153][T15463] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1015.330642][T15463] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1015.561790][T15463] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1015.631431][T15463] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1015.727327][T15463] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1015.789673][T15463] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1015.997782][T12560] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[ 1016.002241][T15483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1016.036304][T15483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1016.540317][T12560] usb 6-1: Using ep0 maxpacket: 8
[ 1016.569265][T12560] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1016.575919][T12560] usb 6-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[ 1016.596076][T12560] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1016.620158][T12560] usb 6-1: config 0 descriptor??
[ 1016.635455][T12560] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[ 1016.658069][T12560] usb 6-1: selecting invalid altsetting 0
[ 1016.663888][T12560] cxusb: set interface failed
[ 1016.677878][T12560] dvb-usb: bulk message failed: -22 (1/0)
[ 1016.709337][T12560] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1016.736435][T12560] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[ 1016.755522][T12560] usb 6-1: media controller created
[ 1016.789374][T12560] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1016.841334][T15473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1016.856586][T12560] DVB: Unable to find symbol lgdt330x_attach()
[ 1016.875491][T12560] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[ 1016.885651][T15473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1016.893785][T15492] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2547'.
[ 1016.917068][T15473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1016.918912][T12560] dvb-usb: bulk message failed: -22 (1/0)
[ 1016.934339][T15473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1016.935860][T15492] netlink: 'syz.0.2547': attribute type 1 has an invalid length.
[ 1016.973549][T12560] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[ 1016.991690][T12560] usb 6-1: USB disconnect, device number 69
[ 1016.997931][ T5883] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[ 1017.017409][T12560] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[ 1017.197740][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[ 1017.246551][ T5883] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1017.255980][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.263030][ T5836] hid-led 0003:27B8:01ED.0030: probe with driver hid-led failed with error -71
[ 1017.264899][ T5883] usb 7-1: Product: syz
[ 1017.277421][ T5836] usb 4-1: USB disconnect, device number 81
[ 1017.281883][ T5883] usb 7-1: Manufacturer: syz
[ 1017.287509][T15501] netlink: 'syz.0.2550': attribute type 1 has an invalid length.
[ 1017.289135][ T5883] usb 7-1: SerialNumber: syz
[ 1017.310287][ T5883] usb 7-1: config 0 descriptor??
[ 1017.444557][    T8] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1017.600781][    T8] usb 5-1: Using ep0 maxpacket: 8
[ 1017.609074][ T5835] Bluetooth: hci5: command 0x0406 tx timeout
[ 1017.615536][    T8] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1017.627249][    T8] usb 5-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[ 1017.649707][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.665145][    T8] usb 5-1: config 0 descriptor??
[ 1017.696866][    T8] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[ 1017.712730][    T8] usb 5-1: selecting invalid altsetting 0
[ 1017.724541][    T8] cxusb: set interface failed
[ 1017.729423][    T8] dvb-usb: bulk message failed: -22 (1/0)
[ 1017.736897][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1017.760575][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[ 1017.765767][    T8] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[ 1017.799907][ T5883] usb 7-1: Firmware: major: 0, minor: 101, hardware type: UNKNOWN (114)
[ 1017.804633][    T8] usb 5-1: media controller created
[ 1017.937014][T15497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1018.042165][T15497] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1018.095676][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1018.105509][ T5883] usb 7-1: Read permanent extended address 86:c3:c7:9f:b4:e0:d6:c3 from device
[ 1018.158865][ T5883] usb 7-1: atusb_probe: initialization failed, error = -524
[ 1018.180253][ T5883] atusb 7-1:0.0: probe with driver atusb failed with error -524
[ 1018.421802][T15497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1018.673610][ T5886] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[ 1018.677816][T15497] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1018.760827][    T8] DVB: Unable to find symbol lgdt330x_attach()
[ 1018.788186][    T8] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[ 1018.807539][    T8] dvb-usb: bulk message failed: -22 (1/0)
[ 1018.824868][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[ 1018.837807][ T5886] usb 6-1: Using ep0 maxpacket: 16
[ 1018.840888][    T8] usb 5-1: USB disconnect, device number 89
[ 1019.384952][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1019.389496][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[ 1019.406185][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1019.416148][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[ 1019.422666][ T5886] usb 6-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00
[ 1019.431787][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.448616][ T5886] usb 6-1: config 0 descriptor??
[ 1019.719054][ T5835] Bluetooth: hci5: command 0x0406 tx timeout
[ 1019.893694][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[ 1019.908318][ T5886] razer 0003:1532:011B.0031: unknown main item tag 0x0
[ 1019.918162][ T5886] razer 0003:1532:011B.0031: unknown main item tag 0x0
[ 1019.948281][ T5886] razer 0003:1532:011B.0031: unknown main item tag 0x0
[ 1019.961582][ T5886] razer 0003:1532:011B.0031: unknown main item tag 0x0
[ 1019.970494][ T5886] razer 0003:1532:011B.0031: unknown main item tag 0x0
[ 1020.229401][ T5836] usb 7-1: USB disconnect, device number 66
[ 1020.799298][T15538] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2560'.
[ 1020.808995][T15538] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes.
[ 1021.307260][ T5886] razer 0003:1532:011B.0031: failed to enable macro keys: -71
[ 1021.368576][ T5886] razer 0003:1532:011B.0031: hidraw0: USB HID v0.00 Device [HID 1532:011b] on usb-dummy_hcd.5-1/input0
[ 1021.396314][ T5886] usb 6-1: USB disconnect, device number 70
[ 1021.408304][ T5836] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1021.450966][T15530] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.577895][ T5836] usb 4-1: Using ep0 maxpacket: 8
[ 1021.606357][ T5836] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1021.616248][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.645698][ T5836] usb 4-1: Product: syz
[ 1021.661634][ T5836] usb 4-1: Manufacturer: syz
[ 1021.666273][ T5836] usb 4-1: SerialNumber: syz
[ 1021.699025][ T5836] usb 4-1: config 0 descriptor??
[ 1021.732105][ T5836] gspca_main: se401-2.14.0 probing 047d:5003
[ 1021.750535][T15530] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.915514][T15530] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1021.969051][T15534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1021.985246][T15534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1022.086256][T15530] team0: Port device netdevsim0 removed
[ 1022.132804][T15530] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1022.276410][ T5836] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1022.284324][ T5836] se401 4-1:0.0: probe with driver se401 failed with error -71
[ 1022.328477][ T5836] usb 4-1: USB disconnect, device number 82
[ 1022.436198][T15530] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1022.488133][T15530] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1022.505668][T15530] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1022.521570][T15530] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1023.074845][T15565] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2570'.
[ 1023.086073][ T5886] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[ 1023.358341][ T5883] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1023.448211][ T5886] usb 7-1: Using ep0 maxpacket: 32
[ 1023.455821][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1023.473486][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1023.491464][ T5886] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1023.500674][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.526877][ T5886] usb 7-1: config 0 descriptor??
[ 1023.543508][ T5883] usb 5-1: Using ep0 maxpacket: 32
[ 1023.554694][ T5886] hub 7-1:0.0: USB hub found
[ 1023.568539][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1023.599881][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1023.615021][ T5883] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1023.624622][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.648176][ T5883] usb 5-1: config 0 descriptor??
[ 1023.685728][ T5883] hub 5-1:0.0: USB hub found
[ 1023.759894][ T5886] hub 7-1:0.0: 1 port detected
[ 1023.873175][ T5883] hub 5-1:0.0: 1 port detected
[ 1025.534027][ T5886] hub 7-1:0.0: hub_hub_status failed (err = -32)
[ 1025.540535][ T5883] hub 5-1:0.0: hub_hub_status failed (err = -32)
[ 1025.546903][ T5883] hub 5-1:0.0: config failed, can't get hub status (err -32)
[ 1025.556294][ T5886] hub 7-1:0.0: config failed, can't get hub status (err -32)
[ 1025.567895][ T5883] usbhid 5-1:0.0: can't add hid device: -32
[ 1025.573988][ T5883] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[ 1025.792608][ T5886] usbhid 7-1:0.0: can't add hid device: -32
[ 1025.798962][ T5886] usbhid 7-1:0.0: probe with driver usbhid failed with error -32
[ 1027.015193][    T8] usb 7-1: USB disconnect, device number 67
[ 1027.023077][T12560] usb 5-1: USB disconnect, device number 90
[ 1028.590971][T15602] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2579'.
[ 1028.601038][T15602] openvswitch: netlink: Tunnel attr 6 has unexpected len 1 expected 0
[ 1029.239323][    T9] kworker/0:1 (9) used greatest stack depth: 12528 bytes left
[ 1029.986238][T15608] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1029.995137][T15608] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1030.003619][T15608] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1030.012462][T15608] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1030.021677][T15608] geneve2: entered promiscuous mode
[ 1030.027859][T15608] geneve2: entered allmulticast mode
[ 1030.054823][T15610] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1030.159051][T15608] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1030.181893][T15608] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1030.194618][T15608] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1030.203660][T15608] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1030.207822][   T29] audit: type=1326 audit(1730620534.958:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.6.2584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x0
[ 1030.300927][T15622] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1030.321166][T15601] loop6: detected capacity change from 0 to 524287999
[ 1030.333961][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.343346][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.356183][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.365392][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.374870][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.384161][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.395914][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.405228][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.413956][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.423148][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.432589][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.441805][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.449897][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.451644][ T5886] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[ 1030.459109][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.459572][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.483893][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.492100][T15601] ldm_validate_partition_table(): Disk read failed.
[ 1030.499474][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.508670][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.537126][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1030.546381][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1030.565183][T15601] Dev loop6: unable to read RDB block 0
[ 1030.584519][T15601]  loop6: unable to read partition table
[ 1030.601423][T15601] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1030.632759][T15619] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.641070][T15619] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1030.687979][ T5886] usb 6-1: Using ep0 maxpacket: 32
[ 1030.697105][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1030.712805][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1030.723678][ T5886] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1030.734653][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.753587][ T5886] usb 6-1: config 0 descriptor??
[ 1030.770697][ T5886] hub 6-1:0.0: USB hub found
[ 1030.976901][T15619] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1030.993358][ T5886] hub 6-1:0.0: 1 port detected
[ 1031.047443][T15619] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1031.176496][T15630] overlayfs: failed to resolve './file0': -2
[ 1031.195132][T15619] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.200837][ T5886] hub 6-1:0.0: hub_hub_status failed (err = -71)
[ 1031.204508][T15619] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.220311][T15619] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.226067][ T5886] hub 6-1:0.0: config failed, can't get hub status (err -71)
[ 1031.232357][T15619] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.266398][ T5886] usbhid 6-1:0.0: can't add hid device: -71
[ 1031.276375][ T5886] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1031.349568][ T5886] usb 6-1: USB disconnect, device number 71
[ 1033.556090][T15652] mmap: syz.3.2596 (15652): VmData 41648128 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[ 1033.613269][T15653] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1033.622242][T15653] overlayfs: failed to set xattr on upper
[ 1033.656128][T15653] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1033.664004][T15657] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[ 1033.678968][T15653] overlayfs: ...falling back to metacopy=off.
[ 1033.685118][T15653] overlayfs: ...falling back to index=off.
[ 1033.696915][T15653] overlayfs: ...falling back to uuid=null.
[ 1033.827832][ T5915] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 1033.977956][ T5915] usb 6-1: Using ep0 maxpacket: 16
[ 1033.989384][ T5915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1034.012068][ T5915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1034.035707][ T5915] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1034.065864][ T5915] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1034.083630][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1034.147108][ T5915] usb 6-1: config 0 descriptor??
[ 1034.314570][ T5931] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 1034.588410][ T5915] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[ 1034.618239][ T5915] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[ 1034.651679][ T5915] microsoft 0003:045E:07DA.0032: No inputs registered, leaving
[ 1034.690488][ T5915] microsoft 0003:045E:07DA.0032: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[ 1034.752055][ T5915] microsoft 0003:045E:07DA.0032: no inputs found
[ 1034.761350][ T5915] microsoft 0003:045E:07DA.0032: could not initialize ff, continuing anyway
[ 1034.777988][ T5931] usb 7-1: Using ep0 maxpacket: 8
[ 1034.796460][ T5915] usb 6-1: USB disconnect, device number 72
[ 1034.800666][ T5931] usb 7-1: config 0 has an invalid interface number: 63 but max is 0
[ 1034.825546][ T5931] usb 7-1: config 0 has no interface number 0
[ 1034.848091][ T5931] usb 7-1: New USB device found, idVendor=061d, idProduct=c170, bcdDevice=d5.e7
[ 1034.875725][ T5931] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1034.884917][ T5931] usb 7-1: Product: syz
[ 1034.891742][ T5931] usb 7-1: Manufacturer: syz
[ 1034.896521][ T5931] usb 7-1: SerialNumber: syz
[ 1035.017483][ T5931] usb 7-1: config 0 descriptor??
[ 1035.025409][ T5931] quatech2 7-1:0.63: Quatech 2nd gen USB to Serial Driver converter detected
[ 1035.229253][ T5931] usb 7-1: qt2_attach - failed to power on unit: -71
[ 1035.269796][ T5931] quatech2 7-1:0.63: probe with driver quatech2 failed with error -71
[ 1036.066289][ T5931] usb 7-1: USB disconnect, device number 68
[ 1037.879222][T15693] syz.3.2608 (15693): drop_caches: 2
[ 1038.939754][T15705] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2610'.
[ 1039.439612][T15710] trusted_key: encrypted_key: master key parameter '' is invalid
[ 1039.893268][ T5835] Bluetooth: hci3: unexpected event for opcode 0x1408
[ 1041.332322][T15721] syz.0.2615 (15721): drop_caches: 2
[ 1041.388712][ T5931] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 1041.951865][ T5931] usb 7-1: Using ep0 maxpacket: 32
[ 1041.965392][ T5931] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1041.977014][ T5931] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1042.005831][ T5931] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1042.015894][T15737] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2623'.
[ 1042.045469][ T5931] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1042.069215][T12560] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 1042.077238][ T5931] usb 7-1: config 0 descriptor??
[ 1042.110649][ T5931] hub 7-1:0.0: USB hub found
[ 1042.227820][T12560] usb 6-1: Using ep0 maxpacket: 8
[ 1042.252482][T12560] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1042.277819][T12560] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.319056][T12560] usb 6-1: Product: syz
[ 1042.337392][T12560] usb 6-1: Manufacturer: syz
[ 1042.356792][T12560] usb 6-1: SerialNumber: syz
[ 1042.375170][ T5931] hub 7-1:0.0: 1 port detected
[ 1042.410302][T12560] usb 6-1: config 0 descriptor??
[ 1042.419004][T12560] gspca_main: se401-2.14.0 probing 047d:5003
[ 1042.652726][T15731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1042.661852][T15731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1042.740123][T15750] trusted_key: encrypted_key: insufficient parameters specified
[ 1042.883497][T12560] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1042.897080][T12560] se401 6-1:0.0: probe with driver se401 failed with error -71
[ 1042.922693][T12560] usb 6-1: USB disconnect, device number 73
[ 1042.983626][ T5915] usb 7-1: USB disconnect, device number 69
[ 1043.111651][ T5835] Bluetooth: hci2: unexpected event for opcode 0x1408
[ 1044.206460][T15768] loop6: detected capacity change from 0 to 524287999
[ 1044.234466][    C1] blk_print_req_error: 7 callbacks suppressed
[ 1044.234486][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.249830][    C1] buffer_io_error: 7 callbacks suppressed
[ 1044.249845][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.303049][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.312296][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.324184][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.351001][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.360171][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.370388][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.379588][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.388294][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.397439][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.408542][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.417759][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.427689][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.436868][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.446157][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.455348][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.463350][T15768] ldm_validate_partition_table(): Disk read failed.
[ 1044.567616][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1044.576818][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.592392][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1044.607851][T15768] Dev loop6: unable to read RDB block 0
[ 1045.180122][ T5931] usb 7-1: new full-speed USB device number 70 using dummy_hcd
[ 1045.593288][T15768]  loop6: unable to read partition table
[ 1045.600108][T15768] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1045.652812][T15784] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2635'.
[ 1045.693839][ T5931] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1045.709399][ T5931] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1045.711383][T15786] trusted_key: encrypted_key: insufficient parameters specified
[ 1045.720073][ T5931] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1045.739531][ T5931] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1045.748843][ T5931] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1045.784546][ T5931] usb 7-1: Product: syz
[ 1045.862178][T15787] syz.3.2636 (15787): drop_caches: 2
[ 1045.891532][ T5931] usb 7-1: Manufacturer: syz
[ 1045.894356][T15788] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2636'.
[ 1045.899169][ T5931] usb 7-1: SerialNumber: syz
[ 1046.472787][T15801] netlink: 'syz.3.2642': attribute type 9 has an invalid length.
[ 1046.487823][T15801] netlink: 134672 bytes leftover after parsing attributes in process `syz.3.2642'.
[ 1046.516757][T15801] openvswitch: netlink: Key 2 has unexpected len 20 expected 4
[ 1046.545194][T15771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1046.570811][T15801] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2642'.
[ 1046.626471][T15771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1046.660740][T15771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1046.701451][T15771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1046.847720][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2641'.
[ 1046.980246][T15771] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1047.064744][T15771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1047.083720][T15771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1047.127234][ T5931] usb 7-1: 0:2 : does not exist
[ 1047.156691][ T5931] usb 7-1: USB disconnect, device number 70
[ 1048.249148][ T5915] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1048.336624][T15817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2648'.
[ 1048.345785][T15815] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1048.617134][ T5915] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1048.626389][   T29] audit: type=1326 audit(1730620553.378:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15813 comm="syz.5.2646" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x0
[ 1048.628484][T15821] trusted_key: encrypted_key: insufficient parameters specified
[ 1048.649105][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1049.407020][ T5915] usb 5-1: Product: syz
[ 1049.428220][ T5915] usb 5-1: Manufacturer: syz
[ 1049.629839][T15830] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2650'.
[ 1049.638998][T15830] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2650'.
[ 1050.169744][ T5915] usb 5-1: SerialNumber: syz
[ 1050.177294][ T5915] usb 5-1: config 0 descriptor??
[ 1050.733516][ T5915] usb 5-1: Firmware version (0.0) predates our first public release.
[ 1050.741880][ T5915] usb 5-1: Please update to version 0.2 or newer
[ 1051.024282][ T5915] usb 5-1: USB disconnect, device number 91
[ 1051.102762][   T29] audit: type=1326 audit(1730620555.828:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1051.747666][   T29] audit: type=1326 audit(1730620555.828:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1051.889244][ T5835] Bluetooth: hci2: unexpected event for opcode 0x1408
[ 1051.957691][   T29] audit: type=1326 audit(1730620555.828:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1052.010833][   T29] audit: type=1326 audit(1730620555.828:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1052.267836][   T29] audit: type=1326 audit(1730620555.828:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1052.948373][   T29] audit: type=1326 audit(1730620555.828:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1052.971328][   T29] audit: type=1326 audit(1730620555.828:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1052.976982][T15865] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1052.995049][   T29] audit: type=1326 audit(1730620555.828:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15852 comm="syz.5.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3fe57e719 code=0x7ffc0000
[ 1053.144235][   T29] audit: type=1326 audit(1730620557.858:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15864 comm="syz.4.2660" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff44b97e719 code=0x0
[ 1053.154088][T15873] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1053.315538][T15879] usb usb8: usbfs: process 15879 (syz.3.2664) did not claim interface 0 before use
[ 1054.247070][T12705] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1054.553837][T12705] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1054.956827][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.964001][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.326857][T12705] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1055.334969][T12705] usb 4-1: Product: syz
[ 1055.339190][T12705] usb 4-1: Manufacturer: syz
[ 1055.343811][T12705] usb 4-1: SerialNumber: syz
[ 1055.360187][T12705] usb 4-1: config 0 descriptor??
[ 1055.634113][T15899] loop6: detected capacity change from 0 to 524287999
[ 1055.664721][    C0] blk_print_req_error: 8 callbacks suppressed
[ 1055.664739][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.680088][    C0] buffer_io_error: 7 callbacks suppressed
[ 1055.680103][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.694147][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.706980][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.716211][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.724330][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.733556][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.742118][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.751337][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.759780][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.769067][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.786821][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.796037][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.804504][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.813675][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.823807][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.832987][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.840888][T15899] ldm_validate_partition_table(): Disk read failed.
[ 1055.858425][T12705] usb 4-1: Firmware: major: 108, minor: 101, hardware type: UNKNOWN (114)
[ 1055.865632][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1055.876195][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.885048][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1055.893643][T15899] Dev loop6: unable to read RDB block 0
[ 1055.900459][T15899]  loop6: unable to read partition table
[ 1055.906448][T15899] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1056.004824][ T5835] Bluetooth: hci5: unexpected event for opcode 0x1408
[ 1057.899751][T12705] usb 4-1: Read permanent extended address 86:c3:c7:9f:b4:e0:d6:c3 from device
[ 1057.908818][T12705] usb 4-1: atusb_probe: initialization failed, error = -524
[ 1057.911911][T15919] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2674'.
[ 1057.916218][T12705] atusb 4-1:0.0: probe with driver atusb failed with error -524
[ 1058.008057][T15919] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2674'.
[ 1059.203016][T15928] netlink: 'syz.4.2678': attribute type 1 has an invalid length.
[ 1059.256255][T15930] 9pnet_fd: Insufficient options for proto=fd
[ 1059.486742][T10215] usb 4-1: USB disconnect, device number 83
[ 1059.830968][T15928] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1059.856509][T15932] bond7: (slave bridge2): making interface the new active one
[ 1059.893309][T15932] bond7: (slave bridge2): Enslaving as an active interface with an up link
[ 1059.920622][T15936] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1059.942835][T15936] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1059.973212][T15936] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1059.991824][T15936] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1060.013389][T15936] geneve3: entered promiscuous mode
[ 1060.040866][T15936] geneve3: entered allmulticast mode
[ 1060.120531][T15939] loop6: detected capacity change from 0 to 524287999
[ 1060.133303][T15936] netdevsim netdevsim5 eth0: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1060.168854][T15939] ldm_validate_partition_table(): Disk read failed.
[ 1060.183290][T15939] Dev loop6: unable to read RDB block 0
[ 1060.189413][T15936] netdevsim netdevsim5 eth1: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1060.231481][T15939]  loop6: unable to read partition table
[ 1060.237969][   T29] audit: type=1326 audit(1730620564.998:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.259559][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1060.268186][T15936] netdevsim netdevsim5 eth2: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1060.287285][T15939] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1060.296685][   T29] audit: type=1326 audit(1730620564.998:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.297719][T15936] netdevsim netdevsim5 eth3: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1060.339680][   T29] audit: type=1326 audit(1730620564.998:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.390182][   T29] audit: type=1326 audit(1730620564.998:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.412385][   T29] audit: type=1326 audit(1730620564.998:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.439918][   T29] audit: type=1326 audit(1730620564.998:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.681388][   T29] audit: type=1326 audit(1730620564.998:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.694879][T15950] FAULT_INJECTION: forcing a failure.
[ 1060.694879][T15950] name failslab, interval 1, probability 0, space 0, times 0
[ 1060.703238][   T29] audit: type=1326 audit(1730620564.998:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.703277][   T29] audit: type=1326 audit(1730620564.998:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.703310][   T29] audit: type=1326 audit(1730620564.998:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15938 comm="syz.3.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facf0f7e719 code=0x7ffc0000
[ 1060.786335][T15950] CPU: 1 UID: 0 PID: 15950 Comm: syz.3.2683 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[ 1060.797130][T15950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1060.807207][T15950] Call Trace:
[ 1060.810506][T15950]  <TASK>
[ 1060.813456][T15950]  dump_stack_lvl+0x241/0x360
[ 1060.818165][T15950]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1060.823385][T15950]  ? __pfx__printk+0x10/0x10
[ 1060.828000][T15950]  ? __kmalloc_cache_noprof+0x44/0x2c0
[ 1060.833486][T15950]  ? __pfx___might_resched+0x10/0x10
[ 1060.838806][T15950]  should_fail_ex+0x3b0/0x4e0
[ 1060.843514][T15950]  should_failslab+0xac/0x100
[ 1060.848226][T15950]  ? tcf_action_init_1+0x1d6/0x890
[ 1060.853361][T15950]  __kmalloc_cache_noprof+0x6c/0x2c0
[ 1060.858683][T15950]  tcf_action_init_1+0x1d6/0x890
[ 1060.863640][T15950]  ? nla_strscpy+0x100/0x180
[ 1060.868266][T15950]  ? __pfx_tcf_action_init_1+0x10/0x10
[ 1060.873741][T15950]  ? _raw_read_unlock+0x28/0x50
[ 1060.878593][T15950]  ? tc_action_load_ops+0x26d/0x590
[ 1060.883810][T15950]  ? __nla_parse+0x40/0x60
[ 1060.888230][T15950]  tcf_action_init+0x2e8/0xae0
[ 1060.893003][T15950]  ? __pfx_tcf_action_init+0x10/0x10
[ 1060.898324][T15950]  ? cap_capable+0x1b4/0x250
[ 1060.902918][T15950]  ? cap_capable+0x1b4/0x250
[ 1060.907507][T15950]  ? safesetid_security_capable+0xb2/0x1d0
[ 1060.913321][T15950]  tc_ctl_action+0x47d/0xcf0
[ 1060.917918][T15950]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1060.923049][T15950]  ? trace_contention_end+0x3c/0x120
[ 1060.928342][T15950]  ? __mutex_lock+0x2ef/0xd70
[ 1060.933025][T15950]  ? __pfx___mutex_lock+0x10/0x10
[ 1060.938078][T15950]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1060.943189][T15950]  rtnetlink_rcv_msg+0x73f/0xcf0
[ 1060.948122][T15950]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[ 1060.953228][T15950]  ? __lock_acquire+0x1384/0x2050
[ 1060.958255][T15950]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1060.963719][T15950]  netlink_rcv_skb+0x1e3/0x430
[ 1060.968483][T15950]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1060.973939][T15950]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1060.979239][T15950]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1060.984437][T15950]  netlink_unicast+0x7f6/0x990
[ 1060.989204][T15950]  ? __pfx_netlink_unicast+0x10/0x10
[ 1060.994487][T15950]  ? __virt_addr_valid+0x183/0x530
[ 1060.999598][T15950]  ? __check_object_size+0x48e/0x900
[ 1061.004889][T15950]  netlink_sendmsg+0x8e4/0xcb0
[ 1061.009661][T15950]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1061.014953][T15950]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1061.020240][T15950]  __sock_sendmsg+0x221/0x270
[ 1061.024920][T15950]  ____sys_sendmsg+0x52a/0x7e0
[ 1061.029691][T15950]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1061.034991][T15950]  __sys_sendmsg+0x292/0x380
[ 1061.039592][T15950]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1061.044719][T15950]  ? __pfx_vfs_write+0x10/0x10
[ 1061.049504][T15950]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1061.055834][T15950]  ? do_syscall_64+0x100/0x230
[ 1061.060598][T15950]  ? do_syscall_64+0xb6/0x230
[ 1061.065274][T15950]  do_syscall_64+0xf3/0x230
[ 1061.069779][T15950]  ? clear_bhb_loop+0x35/0x90
[ 1061.074457][T15950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1061.080352][T15950] RIP: 0033:0x7facf0f7e719
[ 1061.084764][T15950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1061.104366][T15950] RSP: 002b:00007facf1d92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1061.112778][T15950] RAX: ffffffffffffffda RBX: 00007facf1135f80 RCX: 00007facf0f7e719
[ 1061.120749][T15950] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 1061.128717][T15950] RBP: 00007facf1d92090 R08: 0000000000000000 R09: 0000000000000000
[ 1061.136683][T15950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1061.144651][T15950] R13: 0000000000000000 R14: 00007facf1135f80 R15: 00007ffd3de4a9e8
[ 1061.152633][T15950]  </TASK>
[ 1061.255652][ T5835] Bluetooth: hci5: unexpected event for opcode 0x1408
[ 1062.508239][ T5883] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1063.233847][ T5883] usb 5-1: config 4 has an invalid interface number: 39 but max is 1
[ 1063.248038][ T5883] usb 5-1: config 4 has an invalid interface number: 49 but max is 1
[ 1063.333213][ T5883] usb 5-1: config 4 has no interface number 0
[ 1063.402106][ T5883] usb 5-1: config 4 has no interface number 1
[ 1063.419963][ T5883] usb 5-1: config 4 interface 39 has no altsetting 0
[ 1063.426646][ T5883] usb 5-1: config 4 interface 49 has no altsetting 0
[ 1063.557826][T15974] 9pnet_fd: Insufficient options for proto=fd
[ 1063.590780][ T5883] usb 5-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[ 1063.632299][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1063.679716][ T5883] usb 5-1: Product: syz
[ 1063.704101][ T5883] usb 5-1: Manufacturer: syz
[ 1063.727868][ T5883] usb 5-1: SerialNumber: syz
[ 1064.207893][T15987] program syz.3.2693 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1064.803306][    C1] sd 0:0:1:0: [sda] tag#1626 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1064.813723][    C1] sd 0:0:1:0: [sda] tag#1626 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[ 1065.193651][ T5883] usb 5-1: USB disconnect, device number 92
[ 1066.533592][T16013] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.2699'.
[ 1066.543428][T16013] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[ 1067.248503][ T5827] usb 7-1: new high-speed USB device number 71 using dummy_hcd
[ 1067.410067][ T5827] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1067.424067][ T5827] usb 7-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 1067.456489][ T5827] usb 7-1: config 0 has no interface number 0
[ 1067.477699][ T5827] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1067.509666][ T5827] usb 7-1: config 0 interface 8 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0
[ 1067.532189][ T5827] usb 7-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[ 1067.548800][ T5827] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.576660][ T5827] usb 7-1: config 0 descriptor??
[ 1067.598570][ T5931] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1067.890677][ T5836] usb 7-1: USB disconnect, device number 71
[ 1067.929844][ T5931] usb 4-1: Using ep0 maxpacket: 32
[ 1067.936525][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1067.948538][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1067.959568][ T5931] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1067.968973][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.984079][ T5931] usb 4-1: config 0 descriptor??
[ 1067.991420][ T5931] hub 4-1:0.0: USB hub found
[ 1068.014795][ T5835] Bluetooth: hci5: unexpected event for opcode 0x1408
[ 1068.117313][T16043] netlink: 'syz.4.2713': attribute type 1 has an invalid length.
[ 1068.145394][T16043] 8021q: adding VLAN 0 to HW filter on device bond8
[ 1068.156455][T16043] netlink: 5296 bytes leftover after parsing attributes in process `syz.4.2713'.
[ 1068.247361][ T5931] hub 4-1:0.0: 1 port detected
[ 1068.593284][ T5931] hub 4-1:0.0: hub_hub_status failed (err = -71)
[ 1068.609852][ T5931] hub 4-1:0.0: config failed, can't get hub status (err -71)
[ 1068.806226][ T5931] usbhid 4-1:0.0: can't add hid device: -71
[ 1068.864003][ T5931] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1068.908453][ T5931] usb 4-1: USB disconnect, device number 84
[ 1069.199095][ T5836] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1069.428922][ T5836] usb 5-1: Using ep0 maxpacket: 8
[ 1069.471089][ T5836] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1069.487363][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.607065][ T5836] usb 5-1: Product: syz
[ 1069.633933][ T5836] usb 5-1: Manufacturer: syz
[ 1069.887711][ T5836] usb 5-1: SerialNumber: syz
[ 1069.903984][ T5836] usb 5-1: config 0 descriptor??
[ 1069.915532][ T5836] gspca_main: se401-2.14.0 probing 047d:5003
[ 1070.133231][T16046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1070.178080][ T5827] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 1070.377841][ T5827] usb 6-1: Using ep0 maxpacket: 16
[ 1070.392637][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1070.422546][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1070.457485][ T5827] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[ 1070.475969][T16046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1070.729323][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1070.751951][ T5827] usb 6-1: config 0 descriptor??
[ 1070.963484][ T5836] gspca_se401: Wrong descriptor type
[ 1071.051522][ T5827] usbhid 6-1:0.0: can't add hid device: -71
[ 1071.057945][ T5827] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1071.067688][ T5827] usb 6-1: USB disconnect, device number 74
[ 1071.330530][ T5915] usb 5-1: USB disconnect, device number 93
[ 1071.437335][T16081] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.504602][T16081] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.582477][T16081] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.645715][T16081] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1071.754323][T16081] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1071.772119][T16081] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1071.788883][T16081] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1071.882514][T16088] syz.3.2726 (16088): drop_caches: 2
[ 1071.950701][T16081] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1071.966933][T16088] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2726'.
[ 1072.811636][ T5835] Bluetooth: hci3: unexpected event for opcode 0x1408
[ 1072.983670][T16089] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2724'.
[ 1073.033966][T16089] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2724'.
[ 1073.220682][ T5886] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1073.442292][ T5886] usb 4-1: config 4 has an invalid interface number: 39 but max is 1
[ 1073.457270][ T5886] usb 4-1: config 4 has an invalid interface number: 49 but max is 1
[ 1073.509468][ T5886] usb 4-1: config 4 has no interface number 0
[ 1073.640931][ T5886] usb 4-1: config 4 has no interface number 1
[ 1073.743172][ T5886] usb 4-1: config 4 interface 39 has no altsetting 0
[ 1073.750627][ T5886] usb 4-1: config 4 interface 49 has no altsetting 0
[ 1073.761031][ T5886] usb 4-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[ 1073.770289][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1073.779386][ T5886] usb 4-1: Product: syz
[ 1073.783577][ T5886] usb 4-1: Manufacturer: syz
[ 1073.788945][ T5886] usb 4-1: SerialNumber: syz
[ 1073.958582][T16107] netlink: 'syz.0.2732': attribute type 1 has an invalid length.
[ 1074.011266][T16107] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1074.069310][T16112] netlink: 5296 bytes leftover after parsing attributes in process `syz.0.2732'.
[ 1074.167249][    C1] sd 0:0:1:0: [sda] tag#1631 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1074.177675][    C1] sd 0:0:1:0: [sda] tag#1631 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[ 1074.791693][T16104] loop6: detected capacity change from 0 to 524287999
[ 1074.816942][ T5886] usb 4-1: USB disconnect, device number 85
[ 1074.830251][    C0] blk_print_req_error: 26 callbacks suppressed
[ 1074.830269][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1074.845614][    C0] buffer_io_error: 24 callbacks suppressed
[ 1074.845624][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1074.865629][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1074.874848][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1074.888879][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1074.899203][   T29] audit: type=1326 audit(1730620579.668:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1074.930852][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1074.937244][   T29] audit: type=1326 audit(1730620579.668:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1074.940037][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1074.980653][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1074.989843][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.005019][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1075.014233][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.022830][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1075.032012][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.044404][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1075.053622][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.063661][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1075.072876][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.084840][T16104] ldm_validate_partition_table(): Disk read failed.
[ 1075.098888][   T29] audit: type=1326 audit(1730620579.688:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1075.136854][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1075.146118][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.159003][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1075.168932][T16104] Dev loop6: unable to read RDB block 0
[ 1075.184166][   T29] audit: type=1326 audit(1730620579.688:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1075.216581][T16104]  loop6: unable to read partition table
[ 1075.226677][T16104] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1075.236742][   T29] audit: type=1326 audit(1730620579.688:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1075.277898][ T5204] ldm_validate_partition_table(): Disk read failed.
[ 1075.287925][   T29] audit: type=1326 audit(1730620579.688:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1075.327974][ T5204] Dev loop6: unable to read RDB block 0
[ 1075.359820][ T5204]  loop6: unable to read partition table
[ 1075.509282][   T29] audit: type=1326 audit(1730620579.688:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1075.929389][   T29] audit: type=1326 audit(1730620579.688:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1076.056406][   T29] audit: type=1326 audit(1730620579.688:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1076.132405][   T29] audit: type=1326 audit(1730620579.688:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16103 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3057e719 code=0x7ffc0000
[ 1076.378740][ T5835] Bluetooth: hci2: unexpected event for opcode 0x1408
[ 1076.729722][T16139] FAULT_INJECTION: forcing a failure.
[ 1076.729722][T16139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1076.762679][T16139] CPU: 1 UID: 0 PID: 16139 Comm: syz.3.2739 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[ 1076.773458][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1076.783532][T16139] Call Trace:
[ 1076.786834][T16139]  <TASK>
[ 1076.789788][T16139]  dump_stack_lvl+0x241/0x360
[ 1076.794497][T16139]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1076.799723][T16139]  ? __pfx__printk+0x10/0x10
[ 1076.804458][T16139]  ? snprintf+0xda/0x120
[ 1076.804877][T16139]  should_fail_ex+0x3b0/0x4e0
[ 1076.804904][T16139]  _copy_to_user+0x31/0xb0
[ 1076.804922][T16139]  simple_read_from_buffer+0xca/0x150
[ 1076.804956][T16139]  proc_fail_nth_read+0x1e9/0x250
[ 1076.804981][T16139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1076.805006][T16139]  ? rw_verify_area+0x55e/0x6f0
[ 1076.805025][T16139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1076.805046][T16139]  vfs_read+0x1fc/0xb70
[ 1076.805069][T16139]  ? fdget_pos+0x24e/0x320
[ 1076.805093][T16139]  ? __pfx_vfs_read+0x10/0x10
[ 1076.805117][T16139]  ? __fget_files+0x3f3/0x470
[ 1076.805145][T16139]  ? fdget_pos+0x24e/0x320
[ 1076.805169][T16139]  ksys_read+0x183/0x2b0
[ 1076.805192][T16139]  ? __pfx_ksys_read+0x10/0x10
[ 1076.805211][T16139]  ? __secure_computing+0x125/0x370
[ 1076.805236][T16139]  do_syscall_64+0xf3/0x230
[ 1076.805257][T16139]  ? clear_bhb_loop+0x35/0x90
[ 1076.805279][T16139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1076.805299][T16139] RIP: 0033:0x7facf0f7d15c
[ 1076.805317][T16139] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1076.805333][T16139] RSP: 002b:00007facf1d92030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1076.805354][T16139] RAX: ffffffffffffffda RBX: 00007facf1135f80 RCX: 00007facf0f7d15c
[ 1076.805369][T16139] RDX: 000000000000000f RSI: 00007facf1d920a0 RDI: 0000000000000004
[ 1076.805383][T16139] RBP: 00007facf1d92090 R08: 0000000000000000 R09: 0000000000000000
[ 1076.805395][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1076.805407][T16139] R13: 0000000000000000 R14: 00007facf1135f80 R15: 00007ffd3de4a9e8
[ 1076.805436][T16139]  </TASK>
[ 1076.945189][T16141] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0
[ 1076.945226][T16141] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0
[ 1076.945247][T16141] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0
[ 1076.945264][T16141] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0
[ 1076.945400][T16141] geneve3: entered promiscuous mode
[ 1076.945412][T16141] geneve3: entered allmulticast mode
[ 1076.961397][T16141] netdevsim netdevsim4 netdevsim0: unset [1, 2] type 2 family 0 port 20000 - 0
[ 1076.961436][T16141] netdevsim netdevsim4 netdevsim1: unset [1, 2] type 2 family 0 port 20000 - 0
[ 1076.961467][T16141] netdevsim netdevsim4 netdevsim2: unset [1, 2] type 2 family 0 port 20000 - 0
[ 1076.961510][T16141] netdevsim netdevsim4 netdevsim3: unset [1, 2] type 2 family 0 port 20000 - 0
[ 1077.331452][T16141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1077.498489][T16141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1077.510150][T16141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1077.593302][T16141] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1077.644215][T16141] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1078.108197][T16141] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1078.129395][T16141] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1078.245791][T16141] ------------[ cut here ]------------
[ 1078.251469][T16141] WARNING: CPU: 0 PID: 16141 at kernel/kcov.c:872 kcov_remote_start+0x542/0x7d0
[ 1078.260517][T16141] Modules linked in:
[ 1078.264401][T16141] CPU: 0 UID: 0 PID: 16141 Comm: syz.4.2741 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[ 1078.275143][T16141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1078.285204][T16141] RIP: 0010:kcov_remote_start+0x542/0x7d0
[ 1078.290918][T16141] Code: 4c 89 ff be 03 00 00 00 e8 9b df 1f 03 e9 04 fb ff ff e8 d1 af 29 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 06 cd 29 0a 89 c0 48 c7 c7 c0 d4 02 00 48 03 3c c5 50
[ 1078.310516][T16141] RSP: 0018:ffffc9000d826610 EFLAGS: 00010002
[ 1078.316584][T16141] RAX: 0000000080000200 RBX: ffff888033771e00 RCX: 0000000000000002
[ 1078.324551][T16141] RDX: dffffc0000000000 RSI: ffffffff8c0adc40 RDI: ffffffff8c603460
[ 1078.332513][T16141] RBP: 0000000000000000 R08: ffffffff9429786f R09: 1ffffffff2852f0d
[ 1078.340472][T16141] R10: dffffc0000000000 R11: fffffbfff2852f0e R12: ffffffff8194e367
[ 1078.348448][T16141] R13: ffff888025389780 R14: 0000000000000246 R15: ffff8880b862d4c0
[ 1078.356429][T16141] FS:  00007ff44c8056c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1078.365354][T16141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1078.372065][T16141] CR2: 00007fdf652656c0 CR3: 000000001fed8000 CR4: 00000000003526f0
[ 1078.380031][T16141] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1078.388014][T16141] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1078.396010][T16141] Call Trace:
[ 1078.399282][T16141]  <TASK>
[ 1078.402204][T16141]  ? __warn+0x168/0x4e0
[ 1078.406350][T16141]  ? kcov_remote_start+0x542/0x7d0
[ 1078.411454][T16141]  ? report_bug+0x2b3/0x500
[ 1078.415945][T16141]  ? kcov_remote_start+0x542/0x7d0
[ 1078.421064][T16141]  ? handle_bug+0x60/0x90
[ 1078.425392][T16141]  ? exc_invalid_op+0x1a/0x50
[ 1078.430062][T16141]  ? asm_exc_invalid_op+0x1a/0x20
[ 1078.435074][T16141]  ? kcov_remote_start+0x97/0x7d0
[ 1078.440095][T16141]  ? kcov_remote_start+0x542/0x7d0
[ 1078.445202][T16141]  ? mark_lock+0x9a/0x360
[ 1078.449527][T16141]  ieee80211_rx_list+0x799/0x3780
[ 1078.454540][T16141]  ? __lock_acquire+0x1384/0x2050
[ 1078.459563][T16141]  ? __pfx_ieee80211_rx_list+0x10/0x10
[ 1078.465014][T16141]  ? __pfx_lock_acquire+0x10/0x10
[ 1078.470036][T16141]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1078.476006][T16141]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1078.482328][T16141]  ? ieee80211_rx_napi+0xd6/0x3c0
[ 1078.487341][T16141]  ieee80211_rx_napi+0x18a/0x3c0
[ 1078.492286][T16141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1078.498606][T16141]  ? __local_bh_disable_ip+0x179/0x220
[ 1078.504057][T16141]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[ 1078.509503][T16141]  ? skb_dequeue+0x113/0x150
[ 1078.514099][T16141]  ieee80211_handle_queued_frames+0xe7/0x1e0
[ 1078.520075][T16141]  ? ieee80211_stop_device+0x2a/0xf0
[ 1078.525350][T16141]  ieee80211_stop_device+0x3f/0xf0
[ 1078.530466][T16141]  ieee80211_do_stop+0x1cb5/0x2300
[ 1078.535577][T16141]  ? __pfx_ieee80211_do_stop+0x10/0x10
[ 1078.541026][T16141]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1078.546907][T16141]  ? lockdep_hardirqs_on+0x99/0x150
[ 1078.552101][T16141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1078.558415][T16141]  ? wiphy_work_cancel+0x1f0/0x3e0
[ 1078.563518][T16141]  ieee80211_stop+0x436/0x4a0
[ 1078.568184][T16141]  ? __pfx_ieee80211_stop+0x10/0x10
[ 1078.573370][T16141]  __dev_close_many+0x219/0x300
[ 1078.578207][T16141]  ? __pfx___dev_close_many+0x10/0x10
[ 1078.583568][T16141]  ? dev_set_rx_mode+0x233/0x2e0
[ 1078.588494][T16141]  __dev_change_flags+0x30e/0x6f0
[ 1078.593504][T16141]  ? __pfx___dev_change_flags+0x10/0x10
[ 1078.599041][T16141]  ? netdev_state_change+0xa8/0x1a0
[ 1078.604229][T16141]  ? __pfx_netdev_state_change+0x10/0x10
[ 1078.609851][T16141]  ? kernel_text_address+0xa7/0xe0
[ 1078.614950][T16141]  dev_change_flags+0x8b/0x1a0
[ 1078.619702][T16141]  do_setlink+0xcd0/0x41f0
[ 1078.624109][T16141]  ? stack_trace_save+0x118/0x1d0
[ 1078.629123][T16141]  ? __pfx_stack_trace_save+0x10/0x10
[ 1078.634489][T16141]  ? __pfx_do_setlink+0x10/0x10
[ 1078.639328][T16141]  ? __nla_validate_parse+0x26ce/0x3090
[ 1078.644860][T16141]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 1078.650395][T16141]  ? rtnl_newlink+0xf2/0x20a0
[ 1078.655080][T16141]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1078.660807][T16141]  ? validate_linkmsg+0x71e/0x900
[ 1078.665820][T16141]  rtnl_newlink+0x1119/0x20a0
[ 1078.670488][T16141]  ? rtnl_newlink+0xb21/0x20a0
[ 1078.675252][T16141]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1078.680265][T16141]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1078.686148][T16141]  ? rcu_is_watching+0x15/0xb0
[ 1078.690896][T16141]  ? trace_contention_end+0x3c/0x120
[ 1078.696168][T16141]  ? __mutex_lock+0x2ef/0xd70
[ 1078.700837][T16141]  ? __pfx_lock_release+0x10/0x10
[ 1078.705858][T16141]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1078.710869][T16141]  rtnetlink_rcv_msg+0x73f/0xcf0
[ 1078.715787][T16141]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[ 1078.720883][T16141]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1078.726329][T16141]  ? ref_tracker_free+0x643/0x7e0
[ 1078.731344][T16141]  netlink_rcv_skb+0x1e3/0x430
[ 1078.736094][T16141]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1078.741540][T16141]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1078.746835][T16141]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1078.752023][T16141]  netlink_unicast+0x7f6/0x990
[ 1078.756780][T16141]  ? __pfx_netlink_unicast+0x10/0x10
[ 1078.762048][T16141]  ? __virt_addr_valid+0x183/0x530
[ 1078.767149][T16141]  ? __check_object_size+0x48e/0x900
[ 1078.772427][T16141]  netlink_sendmsg+0x8e4/0xcb0
[ 1078.777182][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1078.782460][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1078.787733][T16141]  __sock_sendmsg+0x221/0x270
[ 1078.792399][T16141]  ____sys_sendmsg+0x52a/0x7e0
[ 1078.797172][T16141]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1078.802456][T16141]  __sys_sendmsg+0x292/0x380
[ 1078.807033][T16141]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1078.812162][T16141]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1078.818479][T16141]  ? do_syscall_64+0x100/0x230
[ 1078.823234][T16141]  ? do_syscall_64+0xb6/0x230
[ 1078.827898][T16141]  do_syscall_64+0xf3/0x230
[ 1078.832386][T16141]  ? clear_bhb_loop+0x35/0x90
[ 1078.837049][T16141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1078.842926][T16141] RIP: 0033:0x7ff44b97e719
[ 1078.847326][T16141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1078.866920][T16141] RSP: 002b:00007ff44c805038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1078.875325][T16141] RAX: ffffffffffffffda RBX: 00007ff44bb35f80 RCX: 00007ff44b97e719
[ 1078.883303][T16141] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[ 1078.891265][T16141] RBP: 00007ff44b9f132e R08: 0000000000000000 R09: 0000000000000000
[ 1078.899224][T16141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1078.907196][T16141] R13: 0000000000000000 R14: 00007ff44bb35f80 R15: 00007fffdca94ea8
[ 1078.915162][T16141]  </TASK>
[ 1078.918183][T16141] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1078.925445][T16141] CPU: 0 UID: 0 PID: 16141 Comm: syz.4.2741 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
[ 1078.936182][T16141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1078.946221][T16141] Call Trace:
[ 1078.949492][T16141]  <TASK>
[ 1078.952408][T16141]  dump_stack_lvl+0x241/0x360
[ 1078.957076][T16141]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1078.962264][T16141]  ? __pfx__printk+0x10/0x10
[ 1078.966837][T16141]  ? _printk+0xd5/0x120
[ 1078.970981][T16141]  ? __init_begin+0x41000/0x41000
[ 1078.975991][T16141]  ? vscnprintf+0x5d/0x90
[ 1078.980307][T16141]  panic+0x349/0x880
[ 1078.984189][T16141]  ? __warn+0x177/0x4e0
[ 1078.988329][T16141]  ? __pfx_panic+0x10/0x10
[ 1078.992725][T16141]  ? show_trace_log_lvl+0x3b2/0x410
[ 1078.997937][T16141]  __warn+0x34b/0x4e0
[ 1079.001916][T16141]  ? kcov_remote_start+0x542/0x7d0
[ 1079.007015][T16141]  report_bug+0x2b3/0x500
[ 1079.011327][T16141]  ? kcov_remote_start+0x542/0x7d0
[ 1079.016426][T16141]  handle_bug+0x60/0x90
[ 1079.020568][T16141]  exc_invalid_op+0x1a/0x50
[ 1079.025056][T16141]  asm_exc_invalid_op+0x1a/0x20
[ 1079.029893][T16141] RIP: 0010:kcov_remote_start+0x542/0x7d0
[ 1079.035598][T16141] Code: 4c 89 ff be 03 00 00 00 e8 9b df 1f 03 e9 04 fb ff ff e8 d1 af 29 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 06 cd 29 0a 89 c0 48 c7 c7 c0 d4 02 00 48 03 3c c5 50
[ 1079.055192][T16141] RSP: 0018:ffffc9000d826610 EFLAGS: 00010002
[ 1079.061248][T16141] RAX: 0000000080000200 RBX: ffff888033771e00 RCX: 0000000000000002
[ 1079.069204][T16141] RDX: dffffc0000000000 RSI: ffffffff8c0adc40 RDI: ffffffff8c603460
[ 1079.077156][T16141] RBP: 0000000000000000 R08: ffffffff9429786f R09: 1ffffffff2852f0d
[ 1079.085127][T16141] R10: dffffc0000000000 R11: fffffbfff2852f0e R12: ffffffff8194e367
[ 1079.093105][T16141] R13: ffff888025389780 R14: 0000000000000246 R15: ffff8880b862d4c0
[ 1079.101081][T16141]  ? kcov_remote_start+0x97/0x7d0
[ 1079.106108][T16141]  ? mark_lock+0x9a/0x360
[ 1079.110433][T16141]  ieee80211_rx_list+0x799/0x3780
[ 1079.115444][T16141]  ? __lock_acquire+0x1384/0x2050
[ 1079.120467][T16141]  ? __pfx_ieee80211_rx_list+0x10/0x10
[ 1079.125916][T16141]  ? __pfx_lock_acquire+0x10/0x10
[ 1079.130946][T16141]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1079.136922][T16141]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1079.143249][T16141]  ? ieee80211_rx_napi+0xd6/0x3c0
[ 1079.148264][T16141]  ieee80211_rx_napi+0x18a/0x3c0
[ 1079.153211][T16141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1079.159529][T16141]  ? __local_bh_disable_ip+0x179/0x220
[ 1079.164982][T16141]  ? __pfx_ieee80211_rx_napi+0x10/0x10
[ 1079.170431][T16141]  ? skb_dequeue+0x113/0x150
[ 1079.175020][T16141]  ieee80211_handle_queued_frames+0xe7/0x1e0
[ 1079.180998][T16141]  ? ieee80211_stop_device+0x2a/0xf0
[ 1079.186285][T16141]  ieee80211_stop_device+0x3f/0xf0
[ 1079.191388][T16141]  ieee80211_do_stop+0x1cb5/0x2300
[ 1079.196497][T16141]  ? __pfx_ieee80211_do_stop+0x10/0x10
[ 1079.201947][T16141]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1079.207829][T16141]  ? lockdep_hardirqs_on+0x99/0x150
[ 1079.213039][T16141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1079.219365][T16141]  ? wiphy_work_cancel+0x1f0/0x3e0
[ 1079.224475][T16141]  ieee80211_stop+0x436/0x4a0
[ 1079.229153][T16141]  ? __pfx_ieee80211_stop+0x10/0x10
[ 1079.234344][T16141]  __dev_close_many+0x219/0x300
[ 1079.239181][T16141]  ? __pfx___dev_close_many+0x10/0x10
[ 1079.244539][T16141]  ? dev_set_rx_mode+0x233/0x2e0
[ 1079.249466][T16141]  __dev_change_flags+0x30e/0x6f0
[ 1079.254479][T16141]  ? __pfx___dev_change_flags+0x10/0x10
[ 1079.260014][T16141]  ? netdev_state_change+0xa8/0x1a0
[ 1079.265211][T16141]  ? __pfx_netdev_state_change+0x10/0x10
[ 1079.270839][T16141]  ? kernel_text_address+0xa7/0xe0
[ 1079.275941][T16141]  dev_change_flags+0x8b/0x1a0
[ 1079.280706][T16141]  do_setlink+0xcd0/0x41f0
[ 1079.285118][T16141]  ? stack_trace_save+0x118/0x1d0
[ 1079.290130][T16141]  ? __pfx_stack_trace_save+0x10/0x10
[ 1079.295493][T16141]  ? __pfx_do_setlink+0x10/0x10
[ 1079.300333][T16141]  ? __nla_validate_parse+0x26ce/0x3090
[ 1079.305869][T16141]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 1079.311400][T16141]  ? rtnl_newlink+0xf2/0x20a0
[ 1079.316078][T16141]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1079.321815][T16141]  ? validate_linkmsg+0x71e/0x900
[ 1079.326829][T16141]  rtnl_newlink+0x1119/0x20a0
[ 1079.331498][T16141]  ? rtnl_newlink+0xb21/0x20a0
[ 1079.336277][T16141]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1079.341304][T16141]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1079.347186][T16141]  ? rcu_is_watching+0x15/0xb0
[ 1079.351935][T16141]  ? trace_contention_end+0x3c/0x120
[ 1079.357209][T16141]  ? __mutex_lock+0x2ef/0xd70
[ 1079.361891][T16141]  ? __pfx_lock_release+0x10/0x10
[ 1079.366917][T16141]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1079.371933][T16141]  rtnetlink_rcv_msg+0x73f/0xcf0
[ 1079.376854][T16141]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[ 1079.381953][T16141]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1079.387398][T16141]  ? ref_tracker_free+0x643/0x7e0
[ 1079.392420][T16141]  netlink_rcv_skb+0x1e3/0x430
[ 1079.397179][T16141]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1079.402626][T16141]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1079.407911][T16141]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1079.413094][T16141]  netlink_unicast+0x7f6/0x990
[ 1079.417846][T16141]  ? __pfx_netlink_unicast+0x10/0x10
[ 1079.423113][T16141]  ? __virt_addr_valid+0x183/0x530
[ 1079.428210][T16141]  ? __check_object_size+0x48e/0x900
[ 1079.433486][T16141]  netlink_sendmsg+0x8e4/0xcb0
[ 1079.438241][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1079.443518][T16141]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1079.448790][T16141]  __sock_sendmsg+0x221/0x270
[ 1079.453455][T16141]  ____sys_sendmsg+0x52a/0x7e0
[ 1079.458213][T16141]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1079.463494][T16141]  __sys_sendmsg+0x292/0x380
[ 1079.468088][T16141]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1079.473215][T16141]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1079.479531][T16141]  ? do_syscall_64+0x100/0x230
[ 1079.484284][T16141]  ? do_syscall_64+0xb6/0x230
[ 1079.488945][T16141]  do_syscall_64+0xf3/0x230
[ 1079.493435][T16141]  ? clear_bhb_loop+0x35/0x90
[ 1079.498101][T16141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1079.503978][T16141] RIP: 0033:0x7ff44b97e719
[ 1079.508378][T16141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1079.527968][T16141] RSP: 002b:00007ff44c805038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1079.536367][T16141] RAX: ffffffffffffffda RBX: 00007ff44bb35f80 RCX: 00007ff44b97e719
[ 1079.544323][T16141] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[ 1079.552278][T16141] RBP: 00007ff44b9f132e R08: 0000000000000000 R09: 0000000000000000
[ 1079.560232][T16141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1079.568187][T16141] R13: 0000000000000000 R14: 00007ff44bb35f80 R15: 00007fffdca94ea8
[ 1079.576155][T16141]  </TASK>
[ 1079.579305][T16141] Kernel Offset: disabled
[ 1079.583691][T16141] Rebooting in 86400 seconds..