last executing test programs:

1m25.077591043s ago: executing program 3 (id=628):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, '/de\x86\n\x0e\a\x0fM\x1f\x82dq?w\xaf\x8fE/\x8baudio'}, {0x20, '$\\^'}], 0xa, "b7ef1c3e000056655c186e000000005394a5e5b7d866178878c05fa87a33827f49f06be514c801ff3d10e24e53081d79d1952b90e4d3ffc96260d4a36a0468ee214843233ce829494aa707b13b6cab38f20af5dc90d6ab61d9289e8be432a6cd672f28a8000000000000"}, 0x93)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x64}}, 0x24002800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000000306010200"/19], 0x1c}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000300080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9d16fa41c857a80f, 0xfff4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000400)={{r3}, 0xa960, 0x2, 0x60})
write$smackfs_access(r3, &(0x7f00000000c0)={'/dev/audio\x00', 0x20, '/dev/audio\x00', 0x20, 'rwxab'}, 0x1e)

1m19.675434536s ago: executing program 3 (id=637):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fbdbdf2509000000050007000000000008000300", @ANYRES32=0x0, @ANYBLOB="05000800180000000c00060001"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002540)=ANY=[@ANYBLOB="020700"], 0x10}}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_procfs(0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@private1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@remote, 0x0, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0x80, 0xfffffffc, 0xfffffffc}}, 0xe8)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000600)=0x7, 0x4)
sendmmsg$inet6(r4, &(0x7f00000090c0)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x20}}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000002c0)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x20)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r7, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)="f7f5e9e4fa75e98b04b447075061f4ae31c9fe9741a5f2405ab7671f87eaf610ec0180f86c12808b43a72b2d2067dfb0bb7327e70ef08b20cfd28e3cd70dd69dd8812ed9a1303c717e3217697d333851875bad0fd8da090db64e972b49385a4c08f1eca32a0e1e3130dd220f5c31ab7739960219566623a3d7a2ac56fb5e01b7f47e51ec8d12b12d5e280d860ce1213b8896ab9a098610", 0x97}, {&(0x7f0000000200)="4028d0d6ae0efdf2972e6e6d4e3af2dc71a104b62c63974b17827ff5a8d6a3978a6c3098e04a38b230cc3cc2e59931206dc85ba94010472a62a4e908c804e8f9451b423f90e2176b31c751b45f3ecb8279a273d784132f8cb49212470cdcb07d963ee7afe22f2b9fa4a06e3afb4e4d8d7cae2ff646c7738e5480e8bbd625db65550506c25b2091aa478167011754d43c48ae419a3a1294b2f29ad76d8a17a90340ea7a9c87c19dbf0211d96254f27dd6e5be31916b69b42d1575bd4f110db7532ee5", 0xc2}, {&(0x7f0000000300)="ebd0b3beda4e0381cc7fdd0bfdb69676540a8bf02b16e39a3d5dcdafd32d5d3722df8726343276cf23eef0845cd00fd72ed6a08652151c4e7a2bff588c4168c6f1aeb437a524873ec066482aee0a434c6ee053cebc5768783ab7a8c0e0652f14edf0de118edc4e46d53783ad0f25a5e704f4cbee714e21ac6ec6e5a4348cb8452fd16a2788426dc103620bcb1843bb81c695fa9895cee03760a6af66c64c855b3de7034daccfbf6c13ec133da0dfb4c4b278d19719a0f5f805add789b2e0ef37274f430f9b2bd6ea84b1baf3", 0xcc}, {&(0x7f00000004c0)="891a13fb274229a7cd36b9f11574cd3d5abf0abc3ad62227a18b09570774abc58e478a2529625e9d110feaa6db16c1fe5a7e47dc3b54a5ec00809ac42c2a6a25fad6ed77dd6cde8bf522a9f7df4e331c58364a79ed1941d7ba3c4dc342af59b4700a83a5c0c671b236713f13a054d39ebb925087cbb35a059c1a42d0fe6403cfd16ebf990d6e3a16", 0x88}, {&(0x7f0000000400)="6b9f1130f0cbb39924b1f13fc3fabb9638c881bde4aeaf376c85d8ac0000000009fcb3b8983252f3fcf75a03cea94e446f125ffd6247b229cf0188d60a36d29763c33efb7d48cc7a040000000000", 0x4e}], 0x5}}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a00)="8b0fdb03bbdb2f5afcc202e5dd0ce841925f332f01ed00f985e300e8c752f74f569b9477d103c62004b9684bf9ba5503301918b24b6cdf7243a41903805a250d6272505970572a148e58c18eacd0fce63bf4a96263b2a0c0258c3abe3c13e72483c30b94faaad3a5f5a3a1c4a2487c580cdd17eb960906bfb3b0a8c7935dab4a050a68df0721c4940b3a06429465c0a115bff383867bf17e9deef5de1c2d56a395e12e164b59c6bb0d55f4e6eaec6fa7db5a622a42fcfda37974a0064cd3cecf69baa76796b17829b214c485207fd742a68be74946b4cd6ca000", 0xda}, {&(0x7f0000001b00)="69c4d1bb956f9cac315109a3b52ca9ed4731ecb9a8d1c3f75e9a771c634713ffed270d66c0e0dcd622f8d6435ac9fd4da108e9318d8fa68316a2380018db97190f4ad623cc88f3f91a98559de6f656e831fd21fbeb19b356af14f9598362d6401adf6f6f9ed9d00c07ce8a3603e767e9033e3264c30db9261038521c0430bbf43222094718b957eb44cb921404ca31befc2e3ce494a41767b9ea1fec0ebfe55aee7ce1", 0xa3}, {&(0x7f00000027c0)="8adc6c3009af743dd27f1cded499661bdc60f67cc239ece6923d5bbd9811b958640d7093238b58b060db6ed31873b1a1eab4927051818ac8c57db8508c3b6f832f1bf2218b9bf581b24f79b1ca2cfb9573c072d2b99c96eddc0b90e83f966092a6ab89853cf873592cd1b4f5ece38bf05116ff3e682d139c76e06642ee77d84121da4ea4617a671598dff824f9bfae006aa47018fd717a97aae7ecfa8bc84ead3577753823bb22b6eb07f0ddca413fc7c895566b35141eea0ec8dd74b4697a48bb45eb3d517614ed9284b54b85d7c4bf", 0xd0}, {&(0x7f0000001cc0)="1b2ed9efd95459b99faff1adfa54be7956726b087de3e6ceced9f47e86d27216e8662f63b760930cb931ced15105e9b3ad0bcb78014d854612", 0x39}], 0x4, &(0x7f0000002080)=ANY=[], 0x2f0}}, {{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000002600)="a4", 0x1}], 0x1}}], 0x3, 0x0)
setsockopt$sock_int(r7, 0x1, 0x21, &(0x7f0000000040), 0x4)
recvmmsg(r7, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000000a00)=""/4095, 0xfff}], 0x1}}], 0x1, 0x0, 0x0)

1m17.61076591s ago: executing program 3 (id=641):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

1m15.776477958s ago: executing program 3 (id=644):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002780), 0x0, 0x8890)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00')
pread64(r1, &(0x7f0000000040)=""/103, 0x67, 0x67)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan1\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

1m15.593754148s ago: executing program 3 (id=646):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000200)='./file0/bus\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f00)={'veth1_macvtap\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x4b, 0x37, "4b72097ab253a745c575"}})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001f0001000000000000000000030000000c0001"], 0x114}], 0x1}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r1, 0x89f9, &(0x7f0000000300)={'sit0\x00', &(0x7f00000002c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @multicast1, 0x1c, 0x16}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00')
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000140))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xac, 0x0, 0xfffffffe}]})
getpid()
r4 = syz_open_procfs(0x0, &(0x7f0000000500)='attr/current\x00')
preadv(r4, &(0x7f0000000040)=[{0x0}, {&(0x7f00000000c0)=""/113, 0x71}], 0x2, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
socketpair$unix(0x1, 0xd, 0x0, &(0x7f0000000040))
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0xa, [@struct={0x8, 0x0, 0x0, 0xf, 0x0, 0x10005}, @var={0x4, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x30, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x3e, 0x0, 0x6, 0x0, 0x0, @void, @value}, 0x28)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x0, 0x0, 0xfffffffd, 0x0, 0x8})
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000200)=ANY=[@ANYRES32=r5, @ANYRES32=r5, @ANYRES16=r5])

1m11.396255835s ago: executing program 3 (id=656):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002780), 0x0, 0x8890)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00')
pread64(r1, &(0x7f0000000040)=""/103, 0x67, 0x67)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan1\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

55.619287358s ago: executing program 32 (id=656):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002780), 0x0, 0x8890)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00')
pread64(r1, &(0x7f0000000040)=""/103, 0x67, 0x67)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan1\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

12.184837622s ago: executing program 5 (id=786):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x100)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, '/de\x86\n\x0e\a\x0fM\x1f\x82dq?w\xaf\x8fE/\x8baudio'}, {0x20, '$\\^'}], 0xa, "b7ef1c3e000056655c186e000000005394a5e5b7d866178878c05fa87a33827f49f06be514c801ff3d10e24e53081d79d1952b90e4d3ffc96260d4a36a0468ee214843233ce829494aa707b13b6cab38f20af5dc90d6ab61d9289e8be432a6cd672f28a8000000000000"}, 0x93)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000030601020000000000000000000000000500010007"], 0x1c}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000300080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9d16fa41c857a80f, 0xfff4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f0000000400)={{r7}, 0xa960, 0x2, 0x60})
write$smackfs_access(r7, 0x0, 0x0)

10.559382328s ago: executing program 5 (id=791):
r0 = syz_io_uring_setup(0x157a, &(0x7f0000000280)={0x0, 0x8db6, 0x2, 0x0, 0x392}, &(0x7f0000000100), &(0x7f0000000300))
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x14010, r0, 0x10000000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="6d020000feffffff0000161b6aa713c06add00002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b750dbaa962dadde982a0c9aefd899470300007720d5bd5900000000850000001700000095001b0000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6a6df9b985587149, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9545dd30a3731677b2d0bfa91", 0x0, 0x27cb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1, 0x7, 0x7, 0x6}, {0xb6, 0x2, 0x8a, 0x7}]})

9.893665874s ago: executing program 5 (id=794):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e280)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_proto_private(0xffffffffffffffff, 0x89e7, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
epoll_create(0x207ffd)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x7)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})

8.999076103s ago: executing program 0 (id=799):
r0 = socket$inet(0x10, 0x3, 0x0)
pipe2$watch_queue(&(0x7f0000000580)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xf8, 0xf8, 0x5, [@ptr={0xd, 0x0, 0x0, 0x2, 0x3}, @enum={0x6, 0x6, 0x0, 0x6, 0x4, [{0x8, 0x529b}, {0xb, 0xfff}, {0x0, 0x40}, {0x2, 0x6672}, {0x0, 0x7}, {0x6}]}, @volatile={0x3, 0x0, 0x0, 0x9, 0x5}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}, @enum64={0x7, 0x6, 0x0, 0x13, 0x1, 0x8, [{0x4, 0x6, 0x7a0}, {0xd, 0x0, 0xfffffffb}, {0xb, 0x2, 0x3}, {0x3, 0x9, 0x40}, {0x10, 0x5, 0x43bd8e78}, {0xf, 0x2, 0xff}]}, @type_tag={0x9, 0x0, 0x0, 0x12, 0x3}, @volatile={0x3, 0x0, 0x0, 0x9, 0x5}, @ptr={0xa, 0x0, 0x0, 0x2, 0x2}, @func={0x7, 0x0, 0x0, 0xc, 0x1}, @enum={0xd, 0x1, 0x0, 0x6, 0x4, [{0x6, 0x100}]}]}, {0x0, [0x5f, 0x10, 0x2e]}}, &(0x7f0000000700)=""/31, 0x115, 0x1f, 0x0, 0x8, 0x0, @void, @value}, 0x28)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, {}, {}, [@alu={0x0, 0x0, 0x0, 0x5, 0x9, 0xfffffffffffffffe, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x78, &(0x7f0000000100)=""/120, 0x41100, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000180)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0x1, 0x6, 0x85f}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000280)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0x1], &(0x7f0000000340)=[{0x5, 0x4, 0x5, 0x4}, {0x3, 0x5, 0x8, 0x8}, {0x1, 0x4, 0x3, 0xa}, {0x2, 0x1, 0x2, 0xb}, {0x1, 0x3, 0x10, 0x3}, {0x5, 0x5, 0xa, 0x6}, {0x2, 0x2, 0xf, 0x394deb2f880524a6}], 0x10, 0xc, @void, @value}, 0x94)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz0\x00', 0x200002, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000540)=@other={'unlock', ' ', 'io'}, 0xa)
io_uring_register$IORING_UNREGISTER_RING_FDS(r1, 0x15, &(0x7f0000003540)=[{0x4, 0x1, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000780)=""/164, 0xa4}, {&(0x7f0000000840)=""/83, 0x53}, {&(0x7f00000008c0)=""/3, 0x3}, {&(0x7f0000000900)=""/171, 0xab}], &(0x7f0000000a00)=[0x1, 0x2, 0x100, 0x4, 0x2, 0xc, 0x5]}, {0x5, 0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000000a40)=""/60, 0x3c}, {&(0x7f0000000a80)=""/248, 0xf8}, {&(0x7f0000000b80)=""/4096, 0x1000}, {&(0x7f0000001b80)=""/244, 0xf4}, {&(0x7f0000001c80)=""/39, 0x27}], &(0x7f0000001d40)=[0x8]}, {0x8, 0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000001d80)=""/191, 0xbf}, {&(0x7f0000001e40)=""/207, 0xcf}, {&(0x7f0000001f40)=""/72, 0x48}, {&(0x7f0000001fc0)=""/134, 0x86}, {&(0x7f0000002080)=""/239, 0xef}, {&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/70, 0x46}, {&(0x7f0000003200)}], &(0x7f00000032c0)=[0xfb6f]}, {0x2, 0x0, 0x0, &(0x7f00000034c0)=[{&(0x7f0000003300)=""/135, 0x87}, {&(0x7f00000033c0)=""/224, 0xe0}], &(0x7f0000003500)=[0x10000, 0x309, 0x338848de, 0x7]}], 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x100000, 0x0, <r5=>0xffffffffffffffff})
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@cgroup=r4, r3, 0x15, 0x2010, 0x0, @value=r5}, 0x20)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'tunl0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005e00010027bd7000fbdbdf2500000000", @ANYRES32=r6, @ANYBLOB='['], 0x1c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x4000000)
r8 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, 0x0, 0x46)
recvmmsg(r8, &(0x7f0000005380)=[{{&(0x7f00000035c0)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000003200)=[{&(0x7f0000003640)=""/220, 0xdc}], 0x1, &(0x7f0000003740)=""/247, 0xf7}, 0x7}, {{&(0x7f0000003840)=@x25={0x9, @remote}, 0x80, &(0x7f0000003c80)=[{&(0x7f00000038c0)=""/46, 0x2e}, {&(0x7f0000003900)=""/12, 0xc}, {&(0x7f0000003940)=""/68, 0x44}, {&(0x7f00000039c0)=""/243, 0xf3}, {&(0x7f0000003ac0)=""/220, 0xdc}, {&(0x7f0000003bc0)=""/118, 0x76}, {&(0x7f0000003c40)=""/51, 0x33}], 0x7, &(0x7f0000003d00)=""/123, 0x7b}, 0x3ff}, {{&(0x7f0000003d80)=@rc, 0x80, &(0x7f0000004240)=[{&(0x7f0000003e00)=""/230, 0xe6}, {&(0x7f0000003f00)=""/135, 0x87}, {&(0x7f0000003fc0)=""/176, 0xb0}, {&(0x7f0000004080)=""/167, 0xa7}, {&(0x7f0000004140)=""/215, 0xd7}], 0x5, &(0x7f00000042c0)=""/50, 0x32}, 0x7197}, {{&(0x7f0000004300)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f0000004900)=[{&(0x7f0000004380)=""/167, 0xa7}, {&(0x7f0000004440)=""/206, 0xce}, {&(0x7f0000004540)=""/85, 0x55}, {&(0x7f00000045c0)=""/71, 0x47}, {&(0x7f0000004640)=""/211, 0xd3}, {&(0x7f0000004740)=""/172, 0xac}, {&(0x7f0000004800)=""/195, 0xc3}], 0x7, &(0x7f0000004980)=""/165, 0xa5}, 0x9}, {{&(0x7f0000004a40)=@vsock, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004ac0)=""/71, 0x47}, {&(0x7f0000004b40)=""/101, 0x65}, {&(0x7f0000004bc0)=""/59, 0x3b}], 0x3}, 0x6}, {{&(0x7f0000004c40)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000005140)=[{&(0x7f0000004cc0)=""/215, 0xd7}, {&(0x7f0000004dc0)=""/250, 0xfa}, {&(0x7f0000004ec0)=""/241, 0xf1}, {&(0x7f0000004fc0)=""/173, 0xad}, {&(0x7f0000005080)=""/146, 0x92}], 0x5}, 0x8}, {{&(0x7f00000051c0)=@isdn, 0x80, &(0x7f0000005280)=[{&(0x7f0000005240)=""/63, 0x3f}], 0x1, &(0x7f00000052c0)=""/129, 0x81}}], 0x7, 0x2042, &(0x7f0000005540))

8.853511932s ago: executing program 5 (id=801):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x100)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, '/de\x86\n\x0e\a\x0fM\x1f\x82dq?w\xaf\x8fE/\x8baudio'}, {0x20, '$\\^'}], 0xa, "b7ef1c3e000056655c186e000000005394a5e5b7d866178878c05fa87a33827f49f06be514c801ff3d10e24e53081d79d1952b90e4d3ffc96260d4a36a0468ee214843233ce829494aa707b13b6cab38f20af5dc90d6ab61d9289e8be432a6cd672f28a8000000000000"}, 0x93)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000030601020000000000000000000000000500010007"], 0x1c}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000300080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9d16fa41c857a80f, 0xfff4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f0000000400)={{r7}, 0xa960, 0x2, 0x60})
write$smackfs_access(r7, 0x0, 0x0)

8.82621255s ago: executing program 0 (id=802):
sched_setattr(0x0, &(0x7f0000000140)={0x82}, 0x0) (async)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848390000005e140602000300000e0027000f000000028000001294", 0x2e}], 0x1}, 0x0)

8.650535485s ago: executing program 0 (id=803):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x12)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)

7.298090986s ago: executing program 5 (id=804):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x690, 0x300, 0x1e0, 0x20, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1}, {}, {0x0, 0x3}, {0x5}, 0x0, 0x3f0, 0x0, 0xffff8001, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffc, 0x0, 0x400000, 0x0, 0x1})
ioctl$FBIOBLANK(r0, 0x4611, 0x3)

6.925370498s ago: executing program 0 (id=806):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$dupfd(r2, 0x0, r1)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r4, 0x2000009)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x7ffff004)
recvmsg(r3, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000}, 0x700)

6.925018996s ago: executing program 1 (id=807):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x7f, 0x0, 0x3}, 0x10)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0)
syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x1, 0x10100, 0x0, 0x13}, &(0x7f0000000000), &(0x7f0000000040))
syz_open_dev$video(&(0x7f0000000280), 0x2, 0x400080)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r3, 0x10d, 0x9b, &(0x7f0000000240), &(0x7f0000000040)=0x4)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xc1)
r4 = socket(0x40000000015, 0x5, 0x0)
ioctl$DRM_IOCTL_MODE_GETENCODER(r4, 0xc01464a6, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f00000000c0)={0x28, 0x0, 0x2711, @hyper}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="06000000040800007b0000000a9cd0075a000000", @ANYRES32, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000370189d6ee385a7a00000000000000000000000100"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x15, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES16=r5], 0x44}}, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c8, &(0x7f0000000100))

6.737976475s ago: executing program 5 (id=808):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$vim2m(&(0x7f0000000380), 0x1, 0x2)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x118, &(0x7f0000000100)={0x0, 0x2, 0x10, 0x0, 0x3e4}, 0x0, 0x0)
syslog(0x3, &(0x7f0000000080)=""/48, 0x30)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000540)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0x10)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]})
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
epoll_create1(0x80000)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
flistxattr(r1, &(0x7f0000000300)=""/102, 0x66)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x800)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, &(0x7f0000000400)={{0x0, 0x2, 0x3, 0x1, 0x4}, 0x40, 0x1, 'id0\x00', 'timer0\x00', 0x0, 0x7, 0x8000, 0x89f, 0xfffffa8f})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec97020fc80400fe8000000000000000000000000000aaff0200"/53], 0xffe)

5.64983525s ago: executing program 2 (id=809):
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0xf6ff, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

5.649481869s ago: executing program 0 (id=810):
socket(0x10, 0x803, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
socket(0x2, 0x80805, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r5)
ioctl$SIOCSIFHWADDR(r5, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
ioctl$NBD_DO_IT(r5, 0xab03)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r4], 0x90}}, 0x0)

5.649293748s ago: executing program 4 (id=811):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x7, 0x200000})

5.397124454s ago: executing program 4 (id=812):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x610d3c29, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x5, [{0x4, 0x5, 0x3ff}]}]}, {0x0, [0x5f, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x37, 0x0, 0x9, 0x0, 0x0, @void, @value}, 0x28)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x8, 0x2, 0x2, '\x00', 0x3})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.383821497s ago: executing program 2 (id=813):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000005b80)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8}]}}}]}, 0x3c}}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00"/20, @ANYRES32=0x1, @ANYBLOB="00ad6a1177f4c0e2e5dd0c000000000000", @ANYRES32=0x0, @ANYRES32], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x33fe0}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1000040, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
write$tun(r6, &(0x7f0000000300)={@val={0x0, 0x9000}, @val={0x3, 0x80, 0x5, 0x81, 0x81, 0x4}, @ipv6=@icmpv6={0x9, 0x6, 'X-7', 0xa4, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[@fragment={0xc, 0x0, 0xb, 0x0, 0x0, 0x9, 0x67}, @srh={0x1, 0x8, 0x4, 0x4, 0x14, 0x8, 0x8b9, [@empty, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast1}, @remote]}, @fragment={0x3c, 0x0, 0x7, 0x0, 0x0, 0x3, 0x67}], @mlv2_query={0x82, 0x0, 0x0, 0xffff, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6, 0x0, 0x1, 0x6, 0x3, [@rand_addr=' \x01\x00', @rand_addr=' \x01\x00', @loopback]}}}}, 0xda)
syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0xc6102)
r7 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

5.235664106s ago: executing program 1 (id=814):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x500, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
socket$tipc(0x1e, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$smackfs_cipso(0xffffff9c, &(0x7f0000000640)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

4.940334908s ago: executing program 4 (id=815):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x100)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040))
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, '/de\x86\n\x0e\a\x0fM\x1f\x82dq?w\xaf\x8fE/\x8baudio'}, {0x20, '$\\^'}], 0xa, "b7ef1c3e000056655c186e000000005394a5e5b7d866178878c05fa87a33827f49f06be514c801ff3d10e24e53081d79d1952b90e4d3ffc96260d4a36a0468ee214843233ce829494aa707b13b6cab38f20af5dc90d6ab61d9289e8be432a6cd672f28a8000000000000"}, 0x93)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000030601020000000000000000000000000500010007"], 0x1c}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000300080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9d16fa41c857a80f, 0xfff4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f0000000400)={{r7}, 0xa960, 0x2, 0x60})
write$smackfs_access(r7, 0x0, 0x0)

4.816651844s ago: executing program 1 (id=816):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x12)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)

3.645454896s ago: executing program 0 (id=817):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x23, 0x803, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000100039042cbd70000000000000000000", @ANYRES32=r1, @ANYBLOB="059800000020000014001280080001006772650008000280040012"], 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000100039042cbd70000000000000000000", @ANYRES32=r1, @ANYBLOB="059800000020000014001280080001006772650008000280040012"], 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$kcm(0x11, 0x5, 0x300) (async)
socket$kcm(0x11, 0x5, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffc, 0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0) (async)
syz_open_dev$dri(0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x21c0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket(0x10, 0x2, 0x0) (async)
socket(0x10, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000), 0x4)
socket(0x10, 0x803, 0x2)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) (async)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001bc0)=@newtfilter={0xc4, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0xe}, {0x9}, {0x8, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x1, 0x2, 0x8, 0xff, 0x94, 0x9, 0x3, 0x1000, [{0x4, 0xffffffff, 0x5, 0x35b}, {0x6, 0x7fffffff, 0x5, 0x92d}, {0x6, 0x5, 0x8, 0x6}, {0x9, 0x5, 0x4, 0x5}, {0x9, 0x800, 0xbf2e, 0x2}, {0x7f59, 0x8, 0x18000, 0x8}, {0x9, 0x1, 0x4018, 0xe0}, {0x476a, 0x4, 0x5}]}}]}}]}, 0xc4}}, 0x4000) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001bc0)=@newtfilter={0xc4, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0xe}, {0x9}, {0x8, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x1, 0x2, 0x8, 0xff, 0x94, 0x9, 0x3, 0x1000, [{0x4, 0xffffffff, 0x5, 0x35b}, {0x6, 0x7fffffff, 0x5, 0x92d}, {0x6, 0x5, 0x8, 0x6}, {0x9, 0x5, 0x4, 0x5}, {0x9, 0x800, 0xbf2e, 0x2}, {0x7f59, 0x8, 0x18000, 0x8}, {0x9, 0x1, 0x4018, 0xe0}, {0x476a, 0x4, 0x5}]}}]}}]}, 0xc4}}, 0x4000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8000, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x7, 0x0, 0x0, @multicast2, @private}}}})

3.305255603s ago: executing program 4 (id=818):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000000), 0x12)

2.793360151s ago: executing program 1 (id=819):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'veth0\x00', 0x2})
r2 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, &(0x7f0000000380)={0x8, [[0x1, 0x5, 0x9525, 0x3, 0x3, 0xf, 0x1b, 0x1], [0x5, 0x57, 0xfffffff8, 0x1, 0x858e, 0xfffffffd, 0xff, 0x7fff], [0x7, 0x4, 0x9, 0x12, 0xf68, 0x5, 0x10, 0x5]], '\x00', [{0x8, 0x3, 0x0, 0x1, 0x1}, {0x1, 0x3f, 0x1, 0x1, 0x1}, {0x8, 0x9, 0x0, 0x0, 0x0, 0x1}, {0x80000000, 0x7af4, 0x1, 0x1, 0x1}, {0x10000, 0x5, 0x1, 0x0, 0x0, 0x1}, {0x9, 0x4, 0x0, 0x0, 0x0, 0x1}, {0x1ff, 0x4, 0x1, 0x1, 0x1}, {0x7, 0x3, 0x1, 0x0, 0x1}, {0xfffffff8, 0x1, 0x1, 0x0, 0x0, 0x1}, {0xfffffeff, 0x9, 0x1, 0x1}, {0x9, 0x2, 0x1, 0x0, 0x1, 0x1}, {0xf, 0x5, 0x1, 0x1, 0x1}], '\x00', 0x2})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000500)={@val, @val={0x0, 0x3, 0x5, 0xb0, 0xfff8, 0xbf}, @arp=@generic={0x30a, 0x88f7, 0x6, 0x0, 0x3, @broadcast, "", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}}, 0x22)
syz_open_dev$rtc(&(0x7f0000000040), 0x6, 0x400000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

1.951003913s ago: executing program 4 (id=820):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f0000000000)=[{{&(0x7f0000000080)={0xa, 0x1f4, 0x3e, @dev={0xfe, 0x80, '\x00', 0x21}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0xf}}, {{&(0x7f00000006c0)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xa4}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x2, 0x0)

1.933351391s ago: executing program 2 (id=821):
mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func={0x2, 0x1c, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xda, &(0x7f0000000100), &(0x7f0000000040)=0x4)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x800448d3, &(0x7f00000000c0)={'wlan0\x00', 0x1})

1.649453036s ago: executing program 2 (id=822):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x802, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000780)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2, 0x0, 0x1}, 0x18)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000001c0)={r6, 0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f0000000200)={r6, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r8, r7, 0x3, 0x0, 0x0, 0x800, {0x4, 0xffff, 0x3, 0x69, 0x200, 0x0, 0x5, 0x5, 0x4cab, 0xe154, 0x1000, 0x0, 0x10, 0xf9, "fe1d00007413000000000000000caa000000090000000000000004b427180010"}})
r9 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
syz_fuse_handle_req(r0, &(0x7f00000020c0)="21ef4576ee57b4f7d681d9febbe47f5b9af866333e6efff0a36c16f2572d537baaf6d8fdedf7e843292b1e8595817a84c04af3b5d1a7af800197c80349a3c6ba07a51ea72dfab4c7ee5890cfa1730e0aa87d8635fb2c78a8561b6d5bfbc079463dbfcf09cd88dc5695803b5422fe3f6852b242fe6b40b005503e4431f83ba7e077ff61aa7e3c0aaf63a897666353197eb0ea920d211e9063579c9356d35cb4556997b1b1cc84c2a4bea6d02c4dd1391102445e38e10b1e86aa402f3f59396e4d024ee9148a8302422854d2d1b22f25b761ae0c292eea5f5a92a3f1caf1692c087ac1eb014edff6dfbe905d4de63215f01bb486c3bc7b648345769a346f82b17307e5378b7cab1b4378e02d72e35e686af45aeed58c5a2d0aa9f07a61be6788d012c7679d1e2555713bba96f0b108d59666300d8940dca3f467341c90c12d1d3a82d7adde12e4b415f88cd40f635bfae5a53ccdbd651b90bccb442e8327ed393f92b46a75c7f0cdb8448e175937f9d4e518badcc850a279a9d07b73d33c0ddc94ea6b515274a092a022571d075294ad2394f912026b24e0b9fff8f2efbf05f8df7172e1c63daa6957d9b8068ac942659ea6d42c9b7170927257e0652d1fd0c96123ad73d796473ff3f0cdeb629fa1e071ea67e7909016c89b483f1c4ffefcadb465aff2723c48599c0ae8a70fe6157c61498250c17c5a7f1b4e3b3781737edb8c2c6ebee9ae944d929c4efc360c994aeeac967e5bc17a693f511a03b98b2dfab3ef3998159316b89229b4070384c654490334d3dee3bb38a9c49222d1f82ed3013654d6cdeb47acbc5b046945f18c12a926fad1860c4af9f256819f005232b21bd4ebb3bc151913673ea443e967a749d437f9e8a9e3c6e170245b816e878a747edbf1b8c9c039e5a2d4ef000854b7919ddfdd2123fa24219338ea5b66ab184eb5c9b3a140fd1febce1190c89362ce10a05df7a7dcf3b653c0724614024a4389a25d75def9234dc728f39335872c5f391b1366acdf17474d903235fee39d478258714b1266cd9bc52c43dfa680a2187a5e9ff8bd1490cdabb0389d3e7b6b9a6be5f9fa341c453fff3ec21f678453ad8fddd18ba6a0f5cc1bf7d3cc8d566f7be64d3d95aa09dec4bc919423ecb5e8b1e55b61fb63c6fff2714b351b7ff96db1cece0aee3521beda9af63922df08040d1fefb6bc18924950cbf132f538d8c8a3ff198e5e864e31278d71d383f4825fba9da676c3c03f164224bc57b8060251f0775b9b9e9607cf39381c2abb4c33775c21daaee87bf8a5632e4cd7f17fc23672f214758cbb3307af39191f0cfabec2a5fef4f29670065c8edcb7134014f0819c0da355c86c6fcdc16e984e8aa04cfb1f28a15d393e2f9c9df797a36666729509f3238765b92180a9e86fe74f3d50784b6b1651834e7d8aad54c52436cf65859bf8ebd080bffbbefa2485693e2708bed13911ba2595a68dd8b1571e274d87551c0eb38b44623de735c00bc4be2e2df750ecd0b425263b1fa76005d1b073eab296654a0b546ea00f588f7b33dd2a660ee91217515bb0b17c3ef5e93270a35387df994b5d75a5c62796e267402e2b45711392acb00dba47c89a67df8bd73d80b0596e8ce00ed85356cfd44e715fbc8bc9a5397b906f7d79c207e2fdaf4c8d44614a5e572f84b66740521f89514037714f481b190e4713c87d00a1909bbf0d4cf174c0d2dfa65385206ff51b5c572a7b97ca70459c3d725036af3192f3cff927d76f9d03931503fe69823fcc87a46fbb2a27a7d300a988b345a13d205a43b6e869c60034caf3c44c9d767c6656ecca3233963c55e3785db2b111ba96cc7e40724b47739687981fb9f45401a4ea54ae79e78e3821193824798435c5f241c3a2cb7579a95e1cc68bf3d6e5d3a4e5773016022df50543c868fe6dba09c7197258960179cf0c128677f6f17b7cb7099af5f60116bd6ad603159b93428eb633ce859bc05860d0425b17980c852cfb02778c253195b5d08844d5d846c81a0a69f0592a3c9874436ac6903c535dfe1b1f8f55915180391414471700b70b43527e8919ff144f62aa78959544f00b7175138f426d078e1b3796a0e669c8442b4dd3625a7c6b0f260ce4334441896ecb5c4e3f027084f84a4cec0e0ea96197ce17bd0666a52d1d3b1c60bcdd8f627fbb5d2d5501788d68bbf3cb3bf920da7a2d8fa76add4bce4139911d50e82b731fa908216cca3c9173e9d1d0c6c7bb56ebeca50a51c64483dbb1c086d259a4236ca5ad427e141a16e090fae26a4416a02baaf8dab4dcb6b1fa19c58502c326f8923f7206417a17673a8b8931a82c05cfa2d39bde56214a130fc949af3840fdd0534e537562fc7cebad2814f5689637406c8afdac76623fbc97e0c024f6e5e430d5444ee8945768144fb0c59e1a780c7b4947308cc3e3dc71eacb968ab90d3e969a728381a9cf8b12a7fb12b832dd5dde57eafd4c500ff2c7751afc456ef33c389d929cad90ee2322a58ab67b62ac07496b6b7ba9db8364bbe2507ad1a2754efb81202058f477b6ee49364a6473845b90040f561c3ba2f2ed4e3a9a991ec11990d09589e7d1e674163f87d6cf8fa11edaa5b29dd81a94a1ac2f777ce7d4c4303e96b8734a790cf16b2aaeb2690f869e45618cfff0f8667ee117155aeea6b6e18c1d9101e4a5e7104ded50fd3ee3b57438b2290cf046b3c65edbd1132151622159d147bdf08dd008d84b31e381d3b2c53296468f16172d71f5940c45db815b6c1c13117075dc8c656cb19c23898cf4539f3a9c5dc0412b58e2e35bc24c16116988f70150ca81bae4f32e55a29a9f55a1812450a651064490e372783d6ed0cbe9e20b53ed75d97641877c45a2401b473a0553a8fc8d06ba2abb96e9f57c0c9f006547878b0bfe6cd5e4f5f764c2e8a22c593fd49eaa72f38c0550f4aedff9b77566017a22e65ea9a9800885d13b7f88895ebb1d69eb414d52843c4c6b0914d12a8ca60100dcda8a189af77b638af57d26c70dae7579b01f390ea7470e6e469ee91e01beba55f171f3e69c0ae195e7c7915bb9ad386bc2f0b551867f6e4d260e2894e2bb4a78bb82453947ada1d9e90db90d4676510eb6d153e48a0bb8b6db78d531d743890d2b324352868feeb01f97fc98c70beb2452933e60867722264cb3ede5dfada29e3b5893936d6d8d6b791be10b5b93e0a7eccccdf3bd7805dadb9c25f5d077c5094d83303d0c876da604070b566d09ff63d71833d8683d6a9826ff780f49a19191e56ece7a6c5c8810f4191a4aac77134eeedbdec0b08c811ed02739c6ccc3554879fd05340063ace0bc5796cc51fec773f650701f9b04cb402ebcc127f158caf9d96570f70ff2c7ceb61c1a96f821abdc603e46fbea714c06ff4379a8e82d0669f1660d8344f1ab81f3a12fed2d58dbf5f7e45e422137a3ff57015761f042940a513606f5d85d4efeef44e8ce477f93640d5c2e74b0c394759d1a4b4fc5b9c0cb1ba83d7e923c75c73c7abe36bed7348274aa135b67e07e956701241a29c8f0900c62e02bb083b605dbc1eca00eeb9ee95201b66e64818edecd9a75b25219836d77f5a51925a0f9d98da1cfbb3b608edd36bf79c54a5162ee0271241f67dd7edcf03d85e4748bc6f68d799eb2aca762d2bc3d51b2d62ea89e215da1124bfd429508d2cf0d155227207371a85e1673155c8d09e178ac3ed17daca639a1203e73a0e937d8ed653e45e68768c114d0eee6d1b4042006e0046fd46db781611e832daa4935233bf24e3335a82c9cb87c87d7785d7d6c5d77f3d1a43968083068503e3a9ea06567c8f2722388e15f137e592ed658a3bb4241446762cf19d18fd0485c6eef26f625f0144e89f3c4e158fe3a3371ea54b6e4c5a0abbb662598bff5782c26f36890b0654876655cf85cddc76234b281c1b467ab1ed1dd130356cf5b5964596c973bfe1b055a78eb86a8bb29a4283a3fcbd92f24dd56d55163d2a7ffc46dba107a11ff5538028286fe09ec2b5302d16f2e9d0b5c96b113aa7a5e7d5f4e469e2b50d0bf1f639921ba0369fda52ba42e62d5c68c851b2d02bd996678d6dc7c63e0be47edff19e4d684b7fca7aa20a24bb91c0f402acfd66be5ff780bb6617fcb40837f8c63681463ed88022ed931d11b8527f5d3c7736d035ce2f2697bd2cf507663b16cc124d48dfbcf35592f2fc3358b0fc0006c9332a1df4908516c4953083bc89aca3508121d7eeab0cab07b24bdad3521e1973c1a4ecd6c6cca8504a424d8f8d7fbd671229e5d9513c517d06e230a52aab2e80948cd67b3594d205b6d86e988b78dc4f91dc022fcd29d4fefbd71b69a0cecc1b07bf89236d66d75ea7043e27d4a6b6b99a5934f0f99907e3347e26424d578e0d3cd6984aa1833b51be40e34505a4e8f139c8cd5961a6d68fd3898a0e2be3540ae4167bc30b6bc1729991c2307eeec2d7ff4baa48d55a2d865bab3225983913f6208e747a9d6648529fc92883e0184ccf0c564e484b124b219333c09913555bb0b0736c18f9a4d2b1bc7d9ee55340b25ee94e074044009dc902f5d5a57db5eab92a1803435715698a3cfad6c63fc253eb279b90aa15ed83f521b070d5ccf7bcfa5dc80d5004cce4dde256df3d070132fca71c37a6925e9515c7d01a144554feea7155c0766c67b16560b0dc46fba72a45a2cd0aec7c7d8a74e31c629a5cbf8d12b5cecdaf38ba2e5ab5dad97acc0fc0010396ebc748fd4a8a85c5b9899610f0c16550bb8e7ce8f08ab593b4af5d43bc156392a61e087e096e9ce65d0e8b7056d60f0af902b6576c6cc57a430dce0da3a9a262ded64ecdf604064d9e7fd3613c98454451d76345466461fca2d3358d8ca41e58ee5519502b887fb6cc0264a5e1b7d0470df43011173f9b75f8cda5055b8552dc2392b8d4079cf4a2aafb4e2b92652f1527adb7d16e659f30f1ba245db779068263831dd1c763aef89ca7ca426f4151e5fb882ac1539bf1e5b8a8ce932e4e408ca08d72e25001ff9ab95e9a437879dcecea56dd3a1bc21adf36453b11673c335112c3dbff5abda8b961c84702606d7fb0c1ab7183322fa576d8fc46f0001e449dbd68bbd3c1d09690be2b88e58391b5e06db283e14d94ccd3553709437802fb5b3a1ccade66077ce648df5a7bc440924a0debb2ea83b036fb8ed87757cfe8a2112ab62c9b565843e0d3f3cc8a28ab692b864c4d261cad18447563168a2ad6f17a355b706b288ae2983ee03ac38ac98ab6938fe844b1d9c962fbc1a74da71b70ad906fab06a0fab9158414b0f9103fabdeaf2efe7a46913eb6e319ea10f381b0d95dfcf7d567ba00c16699e34843e8077b0d00f95624672cc78c7cc017017b97a03e46aa65f2e6dfc28edc0e1a43eec1aca59a3255941c8f9e700c9f4c9251c7e43d2e577af31eb7e084b40b15da9154369479d9358997a87f8f919a9afd9809105ad799058853d0164c95e403fa5de651edb23590b1a43775cdb52ccbd22abded87000129071564e6f7aa9c083df968bbd196748c43c6b8493d447674c1771dad368a594d5f76dc9995db97f47a85b76fb063605ae61c331d5baff39c9b2c4244e2cf3997a0a272c1de0b84175b9037ad08b24460f5de2e97379c23f6d8fe5c20d4ac0df1b34ec026618741fe13a62679b056c707737664fc23422264a2b2927ab4edecf48e5ceecd36b68b16a948d602a0b1323e49d9b6a3a4ac177fec6230e5d0166114dea41df8d9e122a1dee1b2a5946e67c1958e6cd89023e159afa6cae54f5e6e39e298cf2a89ce2831b1c176ef81e4ffc5d0925fb99aa901b29ee113b7b9a24ba0992880352749e3f9dc5f7e04a88598eca17a4998cf0b2912423aea86ef609485a2b13ee0c45808a535bf179834643a1ceb11f4ab2c22cc0334614a8b7fad95df39ec701a017446e6e23127df48a80d8b7cf4edb595ecdb9812bf1364d87c47223b8cace138e485772e410cb00776b0772c7d75c7f8d75f0c2a56eb61c9d390aa7862c467668207f8377b386a0c878691a1ea4a4f0ee8ef01e6b5c7413fece21d6fb75738efefcc4b100bee28c6f20409a196a154305d40b5fdaac31b6e212c6ac92c61f583df6fa2496718d475c86b12fea80719ba813ec9cd5f9f53053f7508bc5e93e0ed412cf1895b756a144dc8b4db214fa24473df2bc3629ac4ec79ba678fe153c6437de1459a965c20b8a3087007c5f00cb1e760f57573ffac4b42eb8bc3713cc874dd257d0103e7901111b638a2224fbeed63a49b06fd9344b69bdf3d3ba2f2796f2748969498a7eef558e31f66e26c0fbbac1f447eeb4182a6d1ad85ef5d1b2a4b79e0c5f5f91101170e0cf8c663026aa665a067a1ec2e93c008afb79c91546d7284df9cf59302bcf83e5fd47120bbf1abed06c96f55187ee455d4e6088e83e02a96ed69879e2587a49037d82992c4b2d8e38c67776250d0f7f089b4ac24587f5fb4749c462557cbcda2922248e7b39981b7c648909587ed7083ba1e61bece78910c7f427fe3c94fa9dc46e87f114ac7230fb5cfb42bd62a5801425701b9fe8658cf8a886499754b761eb804313684f8626afdcdb7cb8c3c3729c7e71425bed9fde4893fd73829941aa304810a2049ccfc5626c513cbf936ee7f4b98c1615cd98d15a5566c7ded1539b661bfcf9b6c8d1260e9e777b850618131098c47e72783599fa5fb93fcefea184fbe4f0028f5ea35649c3300e07ff061bb93bfaa0543d6b2af0ae616c97462f80a159ac9814c80903e8813fe301e826a8e0d89c0f13acd75e2d3e90a97245116f1d141dae63419ccf62ef018aaf30df3ebc26364d6840d976e6abaa874125857a877b62211ec5156bec09ee32187119f6e5d0a950d4f2a2b99a00db3d90f847507156c08bc0dcd51800e66083724f92c9bf9a6afd65a3ab6ff5ac5db92449d2c5c0ae3eda30e2ed3a975882327a4d37ca2897120933c18c7d21d3734c0aff204923cb68f1b3f795b2cae568f668b2ec38fabb0dfae11371e1957b02099260d74b73426ca1113914d5c3168c90732c98ef42df1912351b00b03b6747dd3d9091499a1014237f3e96aba851b7f83993b3cf3cb81c04cf16ab75ae19d46f870910217e445e1f9b4314a674a11e3aa1e3b0ed747513dcbfaabb7d8c52caca61f03eb4dad646c2cf0e669852752d44c29db32c487c09ef6108f93bdcc24e939bc1a1c00e498c677312a6347c61c96d717d250f7600447868f5ed6364bb621f5ee8f4fff42ce2b410eeb1722531f62cc47f3ea59ed2dfa8c9c28543ee996042dced999647423497489332e3356c2282c733c8db610b71846226de34845cbad7af372860ec4c258e43cbdd09e1abddcbcbe2085ceb09e654d93c085da7f2e3a58b6350b1a782ad22a653446c3e90bdbf6c38e1eb70e35e0b8977c60d7e4a6024e52b8e836f85f38261bc41b08d16e400a101032dc70c5270111f1cdf3fa6c439927a3de4184d5a21a09fdc0ee200559302f5f105db0a5b73ec33146efbda68fd0bf47f1708706ecaa491d0c91b04cd4fd07a044e4c9e55b93a04a860f80cb5fc436321af11397f984e045f42ff0cd15692a2dc5afb09eae1a4df3d97e2ddcd60b4a1fec7692299594071f9d6e4a39e63078491d4d7903bf660e84ddfb1b6db6872d6ef5cbabc8143ea6691e833ef240f73bb2c56bc7d8f9cd72209198ee0f464a74cae4f56c32d8f497791ca3e738ed348c92d0d31959df980e585780abde86ec4133279b2ab94a731ae540843087656f51d2c0f4c118012c551c339199b4ae2083ffda19aafbe8eee77b15e65017ddb711cf6b61b828f2644ee3962830063eeffc24a26f830fe0668a6d1e7c4a89c2dec7eb3389f25473b3512807189e409e8f4d941644847ac6cad0009d885886adc29a4e4c1f62283a4e5a5420c3063e20be061c39f5e61c2d5f7d0b051b1af05ee8ff6335e672d3d4eaff97a0d5bd37b585fa2c35b9f5a288524b985b13801186f44658e723d7dfe5903fbee8628af6e005446386bab1e520a05c681a054dffa9d06260238d8c3ace24be4a26eaa8183bfd1147b3aa049e402af7e56857b574e65e2cd5c24509b3b958537daf586a192ecbb3dc821391349aee83258aaa900eaaded03b8d14b92535e69b6f242a2a34b52438eb3735180a8c8a5f834f9a53c1e1216d01a5ead0b3420b5cdab35ba1fd92c12997de2034010d2f221f81b0d61cc2fd0081e3530df85d742700379d9a74e27903c305abb4d47ee8f797ebf0247a37620d5c5b148a65335e3740d8822e6ac4f08b8285347e9a5e4602755cf221563840ce38e8babb1d2d3f413afeff776e99769cdda4babc24fdded8b085d0db1677e4e50a89f65face14b93927818ca1fe2463c37c97e3ac47a3ebd4c40a8bf6ff3e7a5894850a00d78c0fad2779ac09db3e0128d51371575cfae7aa26a17b7cd71562ad6f77448a2b89e2ec16396349b80207e095c547e9f47c067e0dbf9925049a714c11a0b17509aa963511096184695d84dc5f728eccd53ec5fb9e2532c7b3be0e6fe570f1e01d80eaaf12c3d99aa0c65ec4207122da9b7d974698eaa849f222f640a7ae78a13991b7779902d8f6cf91420381d1e0c486b6869779478150fd4345bd4c7c6c3b600d4053b2985b4d29acb51e776061063541ac95d37389a0c11e6cfe6f43d6d60fe9d29a8ad9d086036346560a86bba9b73a79c6fb739794a3d5161d057a70f3fd84ef6efc9142179a5c578fb4f0e712677b15c311ad0af67d28c9478572b966502d482de0f56d6d01e09f3ef7f2e6ccd5cf5cbffed929b1f86b3434863c41aea60cf462b78275f7d437b826080ed16c105042689d4f3b7bb8fc679552d2424642f877f505366f072559e0aab8bdbe04800e7117d566e95b226f83871437363aaf2122676949a7b58684d289aa85bad6e3ccfe41348d1a27008294bbe9710c5e7021b5723b1e8b3b36ae5fbe62e1c1c24f22c30f224302c3a4bc94fbd4cd633423ef6c78da1cebcca240d2f9309efc14040606754c58d4795f3f7dd07d256c9527ea0e58cb8d9363ccd4b8e9e07383e6a8020acab5983a9db5d46b648c3a654081faab7d3fd51be5bc34124677c0c8b8e28dfd6e2effd8e68dba321d41fd963b474bf0234b3393b64686e0f19bcc5c5e4ab1549efd030ad0f20dc42ecaa3a4b8a0cae30caff64f124862380f7f32fe908c9397fcbfc534dd75238760c56e099f81ca896ae929f0399f1bbfe42d357e8ae92ecd3cff902c6f45a0b1742fc2be96908fbc98908270c49a2398599b868f933597cc4909e5c57ecbe8324100ee0fe65fc5b8147a97d6d32a07632980305a01da77a0c231d54390d6a7fb715e1456cb6ce557d41983c76b202999f36d639a3973e8eb0b9e0ce39f8ab1b0b76a217f1a94eeb5183826f37440be049d419f000813bf30a64273d68685c3155f975914bd776079a4cd8e8f092ef8d8ed356dffecf7079125c5c125182901f15ec2e3fb28c622e1b006894c029243d9aa7ea303cb7cf4e0c396d5d355d4b2844f3571a26c481d4cde77ce890e333864cfb5864d5cf31a90de7f478af3e85e7f3d8af026fc147c02948e02dcce39cdb23c50ad80701b968d9a18f3206e6169634557e69ccfb7325bad326dfe2d4fe5dfa967168f9466ed4fbb72ba33682fce571f95dc34359f29fa84cb7edc9ab6830e3b50d25a1f36a22d5663b5138ecf919db6fcc3779dfa526ca5f9a1dc69e9b651b32e1d18d7dadefd2d3a02dfe9dba3b0ae2ba49d4a5a954f555545c26a245d3a5a3d24f862e69330e9a5534ef3f7d479ed0e4efd7029c9316cc5ceaf0d34e5827840581b63e03a6f9be7cf5133c6c3f3adbb99a222db64806c42b08dc859fbfb22fcbff8ff2ecc972d09db03ab410f1356cfea382ab58b4dab512938a02a8c9c65c2b9584b6e52e80176b16b3ee39f9df1091bc7ce569f97cfb49a2d4628faa5f7fe52a9098a12eb309367e869896ceaf439e6e8c8bb0bb9d9ceabaa67f4425aff11b345e7810bd059b03d3df03a1414a94d0ccf2f5e49f9feb1c1cc7ccb68ded752946dc1c93726b949005b51bd3ee3d4aa5a71dceabf0d178054efb3aa8f76caec7b4d60cbc78f6c35251022099b2b8175ecb4a86696778db0aac7790d73fc4b34bb38d3e227de583a1bc48d53569f3b484c0b58289fa7aa817c2678fa5bfdfa1e694fd8e7ca8c6342085e85b42f56e08c97248849370f891faf3b715c60b7611055d2150bc76f1e78254f187909b365447bd98deee3e5d054fc50436946ad54f6cff34ce9e632901f27afbe6440ec33bed777cfabe8f7b68f05ba9a36bb8cd35e0907bed5e8c45c90d9b35648195867dbfa7a6f2b6bc2f2bae0697aac631669973db265bd9cce4fafa2017f1a78928f71b41f8d05cdea4727394c71299ee3c92f9a68c249ee2879453bb5b4db4ba668c87891823eccccb4bc25cf951e707a33822bca8c737759250ba0c2511c0ed4cdb0884a04932774c1d933526008e945939805811a96b651e948e413f7486493922869f0d8fddcabaad716b57a116292f00ea36c41fa56f50b60940af50a9711f9bd9507492a547085041e71483c06e285fea46efe664765498bfe9917150d0ee306aea02dab5b1cc5643b8f7376b463f08a3cdebf201ecc8a24a2ef4817e233bca2f4401c151b53f75ece34e3a3e6b82d8cda3b570a1b84de85e139815e2a68476c012be3225554060d1ea20c51433b5526d3faa93cc399cbcdbd8baa89c0b9e653d06867f00a481f79e7432b0cb6de5449c9ff8ee0edce61f893782f10c790ede4f668bf61e1bedc147282ddae8042a4bb71811b9429fc5f1ca48e58010964b41a6af386982c5128d1b607b793770de580f66fcb10638125ff16248c741c93929f6734df6390b503aa1460de5f263be527962bba0f2396f4ab336873b8f4373c4a7f7f5600086e75605048b5858061fd740bf6d311b9c0a5aa14417be367885872b24dd595ddd515f35377a68b1258439e3e81825489b457e028c9e3ca15f0ab3c9594075fc8c94e064a1be9a315dd5226f2cd28e7a17e9500bc54e913f9c744c4b062858f19a4a38dc15396e1158b799d3f1737aa9274cd2c5c371c1605a880d1ff61e98c2194edc71d00f5f03614b0b5471d524e239a674728a5a76cf8e99c2cc098aa76d7a35e66b32dafeb9d9aeff6ebb53da8263e4fb5c8c9cbf707e81e9e35e1ad87571bb640851e3bbb1772fcf2cdd0b123677c00cad235213025067e9aa0837498faaba85f4b884d2b58e6c22c072a7ecd8b0afa3e60c93c29058f045eb8186986dbd852197ac886e33328b967150cf2ce5a2d791622a164c3594d1285bf1089fb857b9ad9fc75496528fa205df3cce48be6c61df9074ac00a1ea581ad8f167e5eff348b6e95a3da455c06fe4fa9d68f5d54d42ae311402581b50f9ae82d3cf77d572683b4710590f0f67fc5e932afc9ccf46230a227d868a3eff891273e6cc292c757d809bcd0add079f532bcb0bf810759acb890b76518d824f2b7a5f664326da11af8367c0c488d242675766717a3c5fab62940a0358bd954e507f021ced793fd2d4b6d58d41b0e335d0e", 0x2000, &(0x7f0000001380)={&(0x7f0000000300)={0x50, 0x0, 0x6, {0x7, 0x29, 0xed4, 0x8400000, 0xe, 0x6, 0x5, 0x10000, 0x0, 0x0, 0x20, 0xffff}}, &(0x7f0000000180)={0x18, 0x0, 0x2, {0xe}}, &(0x7f0000000380)={0x18, 0xfffffffffffffff5, 0x35, {0x9}}, &(0x7f0000000480)={0x18, 0x0, 0xfffffffffffffff8, {0xfff}}, &(0x7f0000000500)={0x18, 0x0, 0x4, {0x9}}, &(0x7f0000000540)={0x28, 0xfffffffffffffff5, 0x9, {{0x8, 0x6, 0x1, r1}}}, &(0x7f0000000580)={0x60, 0x0, 0x2, {{0x80000000, 0x910, 0xa4e2, 0x5, 0x80, 0x3, 0x200}}}, &(0x7f0000000600)={0x18, 0x0, 0x1000, {0xc}}, &(0x7f0000000640)={0x24, 0x0, 0x0, {'-\\\\$/%+\xc1&$\x83(-;\\/-@@\x00'}}, &(0x7f0000000680)={0x20, 0x0, 0x200, {0x0, 0x2}}, &(0x7f00000008c0)={0x78, 0xffffffffffffffda, 0x7fff, {0x1a, 0x9, 0x0, {0x5, 0xffff, 0x0, 0x7, 0x2, 0xf625, 0xc36, 0x5, 0x5d, 0x4000, 0xff, 0x0, 0x0, 0x8449, 0xf}}}, &(0x7f0000000940)={0x90, 0x0, 0x8, {0x2, 0x0, 0x10001, 0x7, 0x5, 0x6, {0x5, 0x3ea9, 0x763677af, 0x7, 0x5, 0x2, 0x8, 0x56c, 0x6, 0xc000, 0x1, 0x0, 0x0, 0x5, 0xf}}}, &(0x7f0000000a00)={0x88, 0xffffffffffffffda, 0x4, [{0x3, 0x5, 0xf, 0x0, '/dev/cpu/#/msr\x00'}, {0x4, 0xfffffffffffffff7, 0x11, 0xfffffe00, '/proc/partitions\x00'}, {0x1, 0x7, 0x1, 0x1, '\x00'}]}, &(0x7f0000000e00)={0x2a0, 0xffffffffffffffda, 0x28034446, [{{0x4, 0x2, 0x1, 0x8, 0x7, 0xe971, {0x6, 0x100, 0x0, 0x7, 0x109a384d, 0x6, 0x70, 0x40, 0x3ff, 0xc000, 0x7, 0x0, 0x0, 0x400, 0x9}}, {0x6, 0x7, 0x3, 0xa4f, '.%&'}}, {{0x5, 0x0, 0x6, 0x3, 0x4, 0x8, {0x5, 0x3, 0xa370, 0x5, 0x4758, 0x1040000, 0x4, 0x51b, 0x5, 0xa000, 0x3, 0x0, 0x0, 0x6, 0x5}}, {0x6, 0xffffffffffffffff, 0x0, 0x9}}, {{0x1, 0x2, 0x80000000, 0xb2f9, 0xffffffff, 0x8001, {0x5, 0xb823, 0x4, 0xa, 0xd5f8, 0x2000000, 0x9, 0x78dfe7b, 0x3, 0x1000, 0x3, 0xffffffffffffffff, 0x0, 0x4, 0x9}}, {0x3, 0x9, 0x19, 0x4, '/proc/sys/vm/drop_caches\x00'}}, {{0x5, 0x1, 0x3ff, 0x2, 0x7, 0x8001, {0x2, 0xe86, 0x7, 0x4, 0x9, 0x0, 0x3, 0x5, 0x0, 0x0, 0x81, 0x0, 0x0, 0x1f3, 0x7fff}}, {0x4, 0x9, 0x1, 0x66a1ebf4, '-'}}]}, &(0x7f0000001140)={0xa0, 0xffffffffffffffda, 0x4, {{0x2, 0x1, 0xfb, 0x0, 0x20000, 0x5, {0x3, 0xe, 0x400, 0x5, 0x0, 0x8, 0x9, 0xb012, 0x0, 0x4000, 0x2, 0x0, 0x0, 0xff, 0x7}}, {0x0, 0x4}}}, &(0x7f0000001200)={0x20, 0x0, 0x6, {0x80000000, 0x4, 0x6, 0x8}}, &(0x7f0000001240)={0x130, 0x0, 0x2, {0xffffffffffffffff, 0x0, 0x0, '\x00', {0x10000, 0xd0000, 0x7, 0x3, 0xffffffffffffffff, 0x0, 0xc000, '\x00', 0x1, 0x4, 0xffffffffffffffff, 0x15d6, {0x3ff, 0x9}, {0x3f, 0xb}, {0xffff, 0x8}, {0x1, 0xffffffff}, 0xfffffff1, 0x5, 0x7fffffff, 0x3d}}}})
read(r9, &(0x7f0000001e80)=""/96, 0x60)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r11 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r11, r10, &(0x7f0000002080)=0x64, 0x23b)

1.543301928s ago: executing program 1 (id=823):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00%'], 0x8, 0x800)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_RUN(r4, 0xae80, 0xe4)
r6 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r6, 0x0, 0x83, &(0x7f00000001c0)={'nat\x00', 0x0, 0x4, 0x68, [0x1, 0x9d, 0x0, 0x9, 0x0, 0x2], 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000140)=""/104}, &(0x7f0000000040)=0x78)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)

684.062472ms ago: executing program 2 (id=824):
r0 = fsmount(0xffffffffffffffff, 0x0, 0x77)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x87)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
removexattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@known='trusted.overlay.metacopy\x00')
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x6f37, 0x0, r1, 0x8, '\x00', r2, r3, 0x3, 0x5, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0xe, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0xfffffffb}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000040)='syzkaller\x00', 0x7, 0xfa, &(0x7f0000000080)=""/250, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x4, 0x2, 0x4, 0xb}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000200)=[0x1], 0x0, 0x10, 0x9, @void, @value}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000340)={0xb907, <r5=>0x0}, 0x8)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000000706010300000000000000090000000308000640000000030500010007"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)={@fallback, 0xffffffffffffffff, 0xf, 0x203d, 0xffffffffffffffff, @void, @void, @value=r5}, 0x20)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x303041, 0x0)
ioctl$TUNGETDEVNETNS(r7, 0x54e3, 0x0)

337.676237ms ago: executing program 4 (id=825):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x52)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000140)='./file1\x00', 0x400017e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)

1.107755ms ago: executing program 1 (id=826):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0x2, &(0x7f0000000100), &(0x7f0000000080)=0x4) (fail_nth: 2)

0s ago: executing program 2 (id=827):
r0 = socket$alg(0x26, 0x5, 0x0)
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x398, 0xffffffff, 0x228, 0x0, 0x228, 0xfeffffff, 0xffffffff, 0x2f8, 0x2f8, 0x2f8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xe0, 0x108, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}]}, @REJECT={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@loopback, @mcast1, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3f8)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="15000000080000000cc76e040000000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r5, 0x0, 0x0}, 0x20)
r6 = syz_open_procfs(0x0, &(0x7f0000001a80)='net/unix\x00')
read$FUSE(r6, &(0x7f0000004ac0)={0x2020}, 0x2020)
preadv(r6, &(0x7f0000000140)=[{&(0x7f0000000080)}, {&(0x7f0000000340)=""/109, 0x6d}], 0x2, 0x2, 0x77f83464)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r7 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

kernel console output (not intermixed with test programs):

evice found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  166.115562][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.125008][ T5831] usb 2-1: Product: syz
[  166.129344][ T5831] usb 2-1: Manufacturer: syz
[  166.134045][ T5831] usb 2-1: SerialNumber: syz
[  166.140761][ T5831] usb 2-1: config 0 descriptor??
[  166.164958][ T6602] usb 3-1: config 1 has an invalid interface descriptor of length 6, skipping
[  166.176143][ T6602] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  166.186745][ T6602] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  166.195945][ T6602] usb 3-1: config 1 has no interface number 1
[  166.202227][ T6602] usb 3-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  166.213715][ T6602] usb 3-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  166.264529][ T6602] usb 3-1: config 1 interface 2 has no altsetting 1
[  166.288988][ T6602] usb 3-1: string descriptor 0 read error: -22
[  166.311385][ T6602] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  166.344422][ T6602] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.416102][ T6602] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  166.572747][ T6602] usb 3-1: MIDIStreaming interface descriptor not found
[  166.587190][ T5831] gs_usb 2-1:0.0: Couldn't get device config: (err=-121)
[  166.615027][ T5831] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -121
[  166.924155][ T5831] usb 2-1: USB disconnect, device number 12
[  166.951005][ T6602] usb 3-1: USB disconnect, device number 9
[  167.261095][ T6861] Cannot find map_set index 0 as target
[  169.563318][ T6602] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  169.734257][ T6602] usb 2-1: Using ep0 maxpacket: 8
[  169.823596][ T6602] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  169.893217][ T6602] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.902056][ T6602] usb 2-1: Product: syz
[  169.970770][ T6602] usb 2-1: Manufacturer: syz
[  170.012116][ T6602] usb 2-1: SerialNumber: syz
[  170.896067][ T6884] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  170.905934][ T6602] usb 2-1: config 0 descriptor??
[  170.921074][ T6602] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  170.957871][ T6897] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  171.153545][ T5903] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  171.250747][ T6870] netlink: 48 bytes leftover after parsing attributes in process `syz.1.276'.
[  171.261454][    T9] usb 3-1: new low-speed USB device number 10 using dummy_hcd
[  171.407510][ T5903] usb 5-1: config 1 has an invalid interface descriptor of length 6, skipping
[  171.434702][    T9] usb 3-1: config 1 has an invalid interface descriptor of length 6, skipping
[  171.438640][ T5903] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  171.454985][ T6602] gspca_sonixj: reg_w1 err -110
[  171.460384][ T6602] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[  171.465137][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  171.470915][ T5903] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  171.635718][    T9] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  171.652989][    T9] usb 3-1: config 1 has no interface number 1
[  171.659135][    T9] usb 3-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  171.662909][ T5903] usb 5-1: config 1 has no interface number 1
[  171.695594][    T9] usb 3-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  171.719335][    T9] usb 3-1: config 1 interface 2 has no altsetting 1
[  171.720410][ T5903] usb 5-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  171.735148][    T9] usb 3-1: string descriptor 0 read error: -22
[  171.746777][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  171.758194][ T5903] usb 5-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  171.773651][ T5903] usb 5-1: config 1 interface 2 has no altsetting 1
[  171.785365][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.802731][    T9] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  171.820673][    T9] usb 3-1: MIDIStreaming interface descriptor not found
[  171.830176][ T5903] usb 5-1: string descriptor 0 read error: -22
[  171.836599][ T5903] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  171.853217][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.974368][    T9] usb 2-1: USB disconnect, device number 13
[  172.166839][ T5903] usb 5-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  172.246222][ T5903] usb 5-1: MIDIStreaming interface descriptor not found
[  172.470237][ T5903] usb 5-1: USB disconnect, device number 8
[  172.718715][ T6910] vivid-007: =================  START STATUS  =================
[  172.726568][ T6910] vivid-007: Enable Output Cropping: true
[  172.733062][ T6910] vivid-007: Enable Output Composing: true
[  172.738929][ T6910] vivid-007: Enable Output Scaler: true
[  172.745294][ T6910] vivid-007: Tx RGB Quantization Range: Automatic
[  172.751783][ T6910] vivid-007: Transmit Mode: HDMI
[  172.756836][ T6910] vivid-007: Hotplug Present: 0x00000000
[  172.762552][ T6910] vivid-007: RxSense Present: 0x00000000
[  172.768488][ T6910] vivid-007: EDID Present: 0x00000000
[  172.773982][ T6910] vivid-007: ==================  END STATUS  ==================
[  172.923351][    T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  173.741619][  T942] usb 3-1: USB disconnect, device number 10
[  173.845188][    T9] usb 1-1: Using ep0 maxpacket: 8
[  173.865977][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  173.866007][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  173.904542][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  173.916018][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.932361][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  173.955508][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.221315][ T6909] Invalid source name
[  174.491425][    T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  174.611769][    T9] usb 1-1: usb_control_msg returned -71
[  174.624320][    T9] usbtmc 1-1:16.0: can't read capabilities
[  174.691533][    T9] usb 1-1: USB disconnect, device number 15
[  175.715666][    T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD3, changing to 0x83
[  175.728908][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 115, setting to 64
[  175.750237][    T8] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  175.853748][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.876217][    T8] usb 5-1: config 0 descriptor??
[  175.903580][ T5874] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  176.073070][ T5874] usb 3-1: Using ep0 maxpacket: 8
[  176.097653][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.4.293'.
[  176.110785][ T5874] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  176.122347][ T5874] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  176.132040][    T8] ath6kl: Failed to submit usb control message: -71
[  176.139794][    T8] ath6kl: unable to send the bmi data to the device: -71
[  176.147113][ T5874] usb 3-1: config 0 has no interface number 0
[  176.153402][ T5874] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  176.159101][ T6934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.295'.
[  176.165236][    T8] ath6kl: Unable to send get target info: -71
[  176.185662][ T6934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.295'.
[  176.201175][ T6934] netlink: 'syz.1.295': attribute type 14 has an invalid length.
[  176.218474][    T8] ath6kl: Failed to init ath6kl core: -71
[  176.224548][ T5874] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  176.238179][    T8] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  176.253525][ T5874] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  176.278270][    T8] usb 5-1: USB disconnect, device number 9
[  176.295060][ T5874] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  176.514358][ T6944] Cannot find map_set index 0 as target
[  176.739777][ T5874] usb 3-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  176.820556][ T5874] usb 3-1: Product: syz
[  176.826842][ T5874] usb 3-1: Manufacturer: syz
[  176.840988][ T5874] usb 3-1: config 0 descriptor??
[  176.849782][ T6933] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  177.205235][ T6952] vivid-007: =================  START STATUS  =================
[  177.213005][ T6952] vivid-007: Enable Output Cropping: true
[  177.218796][ T6952] vivid-007: Enable Output Composing: true
[  177.224751][ T6952] vivid-007: Enable Output Scaler: true
[  177.230362][ T6952] vivid-007: Tx RGB Quantization Range: Automatic
[  177.238191][ T6952] vivid-007: Transmit Mode: HDMI
[  177.243342][ T6952] vivid-007: Hotplug Present: 0x00000000
[  177.249057][ T6952] vivid-007: RxSense Present: 0x00000000
[  177.254825][ T6952] vivid-007: EDID Present: 0x00000000
[  177.260326][ T6952] vivid-007: ==================  END STATUS  ==================
[  177.852448][ T5874] usb 3-1: USB disconnect, device number 11
[  179.458896][ T6961] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'.
[  181.297664][ T6997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.314'.
[  181.306986][ T6997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.314'.
[  181.316654][ T6997] netlink: 'syz.0.314': attribute type 14 has an invalid length.
[  184.598899][ T7020] veth0_to_batadv: entered allmulticast mode
[  184.680694][ T7024] overlayfs: overlapping lowerdir path
[  185.169393][ T7021] 9pnet: Could not find request transport: fd0x0000000000000003
[  186.002622][ T7042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.331'.
[  186.016430][ T7042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.048731][ T7044] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  186.092454][ T7042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  186.144064][    T8] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  186.265112][ T5903] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  186.475553][ T5903] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  186.475988][ T5874] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  186.530565][    T8] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  186.539908][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.541887][ T5903] usb 1-1: config 0 descriptor??
[  186.629022][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.638851][    T8] usb 3-1: config 0 descriptor??
[  186.670627][ T5903] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  186.788210][ T5874] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping
[  186.813892][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  186.942450][ T5874] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  186.998569][ T5874] usb 4-1: config 1 has no interface number 1
[  187.031993][ T5874] usb 4-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  187.098566][ T5874] usb 4-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  187.214265][ T5874] usb 4-1: config 1 interface 2 has no altsetting 1
[  187.279402][ T5874] usb 4-1: string descriptor 0 read error: -22
[  187.304266][ T5874] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  187.342727][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.390003][ T5903] gp8psk: usb in 128 operation failed.
[  187.397462][ T5903] gp8psk: usb in 137 operation failed.
[  187.403057][ T5903] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  187.413075][ T5903] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  187.422934][ T5903] usb 1-1: media controller created
[  187.442653][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  187.445639][ T5874] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  187.465993][ T5903] gp8psk_fe: Frontend attached
[  187.469896][ T5874] usb 4-1: MIDIStreaming interface descriptor not found
[  187.471267][ T5903] usb 1-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  187.487704][ T5903] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  187.543061][ T5904] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  187.732614][ T5903] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  187.760430][ T5904] usb 2-1: Using ep0 maxpacket: 16
[  187.800881][ T5903] gp8psk: found Genpix USB device pID = 203 (hex)
[  187.896976][ T5904] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  187.912750][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.945794][ T5904] usb 2-1: Product: syz
[  187.952914][    T8] usb 3-1: Cannot set MAC address
[  187.963325][    T8] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  187.983247][ T5904] usb 2-1: Manufacturer: syz
[  187.992034][ T5904] usb 2-1: SerialNumber: syz
[  188.218688][    T8] usb 3-1: USB disconnect, device number 12
[  188.281914][ T5904] r8152-cfgselector 2-1: Unknown version 0x0000
[  188.303858][ T5904] r8152-cfgselector 2-1: config 0 descriptor??
[  188.335497][ T5874] usb 1-1: USB disconnect, device number 16
[  188.371333][ T5874] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  188.907999][ T5903] usb 4-1: USB disconnect, device number 11
[  189.053474][ T7071] Invalid source name
[  189.071765][ T5904] r8152-cfgselector 2-1: USB disconnect, device number 14
[  189.300232][ T7074] FAULT_INJECTION: forcing a failure.
[  189.300232][ T7074] name failslab, interval 1, probability 0, space 0, times 0
[  189.314137][ T7074] CPU: 0 UID: 0 PID: 7074 Comm: syz.3.338 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  189.314162][ T7074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  189.314176][ T7074] Call Trace:
[  189.314182][ T7074]  <TASK>
[  189.314188][ T7074]  dump_stack_lvl+0x241/0x360
[  189.314221][ T7074]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.314237][ T7074]  ? __pfx__printk+0x10/0x10
[  189.314261][ T7074]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  189.314286][ T7074]  ? __pfx___might_resched+0x10/0x10
[  189.314309][ T7074]  should_fail_ex+0x40a/0x550
[  189.314333][ T7074]  should_failslab+0xac/0x100
[  189.314357][ T7074]  kmem_cache_alloc_node_noprof+0x77/0x380
[  189.314378][ T7074]  ? __alloc_skb+0x1c3/0x440
[  189.314402][ T7074]  __alloc_skb+0x1c3/0x440
[  189.314425][ T7074]  ? __pfx___alloc_skb+0x10/0x10
[  189.314519][ T7074]  ? netlink_autobind+0xd6/0x2f0
[  189.314534][ T7074]  ? netlink_autobind+0x2b0/0x2f0
[  189.314554][ T7074]  netlink_sendmsg+0x634/0xcb0
[  189.314587][ T7074]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.314620][ T7074]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.314640][ T7074]  __sock_sendmsg+0x221/0x270
[  189.314661][ T7074]  ____sys_sendmsg+0x53a/0x860
[  189.314689][ T7074]  ? __pfx_____sys_sendmsg+0x10/0x10
[  189.314707][ T7074]  ? __fget_files+0x2a/0x410
[  189.314726][ T7074]  ? __fget_files+0x2a/0x410
[  189.314750][ T7074]  __sys_sendmsg+0x269/0x350
[  189.314775][ T7074]  ? __pfx___sys_sendmsg+0x10/0x10
[  189.314808][ T7074]  ? do_sys_openat2+0x17a/0x1d0
[  189.314848][ T7074]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  189.314870][ T7074]  ? do_syscall_64+0x100/0x230
[  189.314891][ T7074]  ? do_syscall_64+0xb6/0x230
[  189.314912][ T7074]  do_syscall_64+0xf3/0x230
[  189.314929][ T7074]  ? clear_bhb_loop+0x35/0x90
[  189.314952][ T7074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.314971][ T7074] RIP: 0033:0x7ff2d978cde9
[  189.314989][ T7074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.315001][ T7074] RSP: 002b:00007ff2d75f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  189.315021][ T7074] RAX: ffffffffffffffda RBX: 00007ff2d99a5fa0 RCX: 00007ff2d978cde9
[  189.315032][ T7074] RDX: 0000000000040000 RSI: 0000400000000200 RDI: 0000000000000003
[  189.315042][ T7074] RBP: 00007ff2d75f6090 R08: 0000000000000000 R09: 0000000000000000
[  189.315050][ T7074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.315059][ T7074] R13: 0000000000000000 R14: 00007ff2d99a5fa0 R15: 00007ffe8b8f6c68
[  189.315084][ T7074]  </TASK>
[  189.910948][ T7076] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.921842][ T7076] bond0: (slave rose0): Enslaving as an active interface with an up link
[  191.661893][ T7109] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  192.753078][ T5826] usb 4-1: new low-speed USB device number 12 using dummy_hcd
[  194.803540][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.809938][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.838960][ T5826] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping
[  194.876697][ T5826] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.922996][ T5826] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  194.943821][ T5826] usb 4-1: config 1 has no interface number 1
[  194.965690][ T5826] usb 4-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  195.001127][ T5826] usb 4-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  195.050271][ T5826] usb 4-1: config 1 interface 2 has no altsetting 1
[  195.091562][ T5826] usb 4-1: string descriptor 0 read error: -22
[  195.093230][    T8] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  195.130223][ T5826] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.173440][ T5826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.173712][ T7133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.352'.
[  195.219454][ T5826] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  195.233234][ T5826] usb 4-1: MIDIStreaming interface descriptor not found
[  195.274936][    T8] usb 5-1: Using ep0 maxpacket: 32
[  195.293779][    T8] usb 5-1: config 0 has an invalid interface number: 136 but max is 0
[  195.307638][    T8] usb 5-1: config 0 has no interface number 0
[  195.338534][    T8] usb 5-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  195.433655][    T8] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  195.473281][    T8] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  195.484410][    T8] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  195.496996][    T8] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  195.526538][    T8] usb 5-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0
[  195.562147][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.615986][    T8] usb 5-1: config 0 descriptor??
[  195.649123][    T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  195.809573][ T7148] netlink: 'syz.1.356': attribute type 5 has an invalid length.
[  195.920460][ T7123] overlayfs: failed to clone upperpath
[  195.950399][ T5826] usb 5-1: USB disconnect, device number 10
[  196.457956][    T8] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  196.544035][  T942] usb 4-1: USB disconnect, device number 12
[  196.616185][    T8] usb 2-1: Using ep0 maxpacket: 8
[  196.636310][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  196.649854][ T7152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.357'.
[  196.658899][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.357'.
[  196.668278][ T7152] netlink: 'syz.0.357': attribute type 14 has an invalid length.
[  197.440250][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  197.534343][    T8] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  197.575801][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.049564][    T8] usb 2-1: Product: syz
[  198.060269][    T8] usb 2-1: Manufacturer: syz
[  198.074230][    T8] usb 2-1: SerialNumber: syz
[  198.099980][    T8] usb 2-1: config 0 descriptor??
[  198.128375][    T8] streamzap 2-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[  198.346810][ T7148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.362540][ T7148] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.407851][    T8] usb 2-1: USB disconnect, device number 15
[  200.211421][ T7207] pimreg: entered allmulticast mode
[  200.294902][ T7210] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  200.378516][ T7211] veth0_to_batadv: left allmulticast mode
[  200.544876][ T7211] pimreg: left allmulticast mode
[  200.643802][  T942] usb 4-1: new low-speed USB device number 13 using dummy_hcd
[  201.752906][  T942] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping
[  201.761838][  T942] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  201.814799][  T942] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  201.862990][  T942] usb 4-1: config 1 has no interface number 1
[  201.873951][  T942] usb 4-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  201.937882][  T942] usb 4-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  202.000124][  T942] usb 4-1: config 1 interface 2 has no altsetting 1
[  202.088180][  T942] usb 4-1: string descriptor 0 read error: -22
[  202.137921][  T942] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  202.202805][  T942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.555152][  T942] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  202.577504][  T942] usb 4-1: MIDIStreaming interface descriptor not found
[  202.771075][ T7234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.375'.
[  202.789824][ T7234] netlink: 4 bytes leftover after parsing attributes in process `syz.4.375'.
[  202.803051][ T7234] netlink: 'syz.4.375': attribute type 14 has an invalid length.
[  203.852133][  T942] usb 4-1: USB disconnect, device number 13
[  206.673511][ T7268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'.
[  206.682484][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.3.384'.
[  206.701745][ T7268] netlink: 'syz.3.384': attribute type 14 has an invalid length.
[  206.710422][ T7268] netlink: 'syz.3.384': attribute type 13 has an invalid length.
[  207.796034][ T7283] vlan2: entered promiscuous mode
[  207.801138][ T7283] hsr0: entered promiscuous mode
[  207.810982][ T7283] hsr0: left promiscuous mode
[  208.341849][ T7282] xt_CT: No such helper "pptp"
[  209.027426][ T7292] netlink: 116 bytes leftover after parsing attributes in process `syz.2.392'.
[  209.622657][ T7298] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  209.655467][ T5824] Bluetooth: hci4: unexpected event for opcode 0x0000
[  210.259113][ T7300] netlink: 12 bytes leftover after parsing attributes in process `syz.4.393'.
[  210.443378][ T6602] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  210.658106][ T6602] usb 1-1: config 1 has an invalid interface descriptor of length 6, skipping
[  210.736383][ T6602] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.769001][ T6602] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  210.801560][ T6602] usb 1-1: config 1 has no interface number 1
[  210.868932][ T6602] usb 1-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  211.218692][ T6602] usb 1-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  211.220197][ T7306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.395'.
[  211.244171][ T7306] netlink: 4 bytes leftover after parsing attributes in process `syz.1.395'.
[  211.253652][ T7306] netlink: 'syz.1.395': attribute type 14 has an invalid length.
[  211.319247][ T6602] usb 1-1: config 1 interface 2 has no altsetting 1
[  211.336653][ T6602] usb 1-1: string descriptor 0 read error: -22
[  211.774055][ T6602] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.783362][ T6602] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.797946][ T6602] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  211.833369][ T6602] usb 1-1: MIDIStreaming interface descriptor not found
[  211.999278][ T5874] usb 1-1: USB disconnect, device number 17
[  212.215625][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.2.399'.
[  212.224804][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.2.399'.
[  212.235362][ T7320] netlink: 'syz.2.399': attribute type 14 has an invalid length.
[  213.095859][ T7326] overlayfs: missing 'lowerdir'
[  213.518973][ T7335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.400'.
[  213.686413][ T5824] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  213.696898][ T5824] Bluetooth: hci4: Injecting HCI hardware error event
[  213.718156][ T5824] Bluetooth: hci4: hardware error 0x00
[  214.079227][ T7334] block nbd2: NBD_DISCONNECT
[  214.354890][ T7344] netlink: 116 bytes leftover after parsing attributes in process `syz.2.405'.
[  214.449057][ T5833] Bluetooth: hci4: unexpected event for opcode 0x0000
[  214.868045][ T7347] FAULT_INJECTION: forcing a failure.
[  214.868045][ T7347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.881473][ T7347] CPU: 1 UID: 0 PID: 7347 Comm: syz.4.406 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  214.881487][ T7347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  214.881493][ T7347] Call Trace:
[  214.881497][ T7347]  <TASK>
[  214.881502][ T7347]  dump_stack_lvl+0x241/0x360
[  214.881518][ T7347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.881528][ T7347]  ? __pfx__printk+0x10/0x10
[  214.881546][ T7347]  ? snprintf+0xda/0x120
[  214.881561][ T7347]  should_fail_ex+0x40a/0x550
[  214.881577][ T7347]  _copy_to_user+0x31/0xb0
[  214.881590][ T7347]  simple_read_from_buffer+0xca/0x150
[  214.881606][ T7347]  proc_fail_nth_read+0x1e9/0x250
[  214.881622][ T7347]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.881638][ T7347]  ? rw_verify_area+0x243/0x630
[  214.881649][ T7347]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.881664][ T7347]  vfs_read+0x1f8/0xb40
[  214.881675][ T7347]  ? fdget_pos+0x254/0x320
[  214.881686][ T7347]  ? __pfx___mutex_lock+0x10/0x10
[  214.881697][ T7347]  ? __pfx_vfs_read+0x10/0x10
[  214.881707][ T7347]  ? do_sys_openat2+0x17a/0x1d0
[  214.881717][ T7347]  ? __fget_files+0x2a/0x410
[  214.881727][ T7347]  ? __fget_files+0x395/0x410
[  214.881735][ T7347]  ? __fget_files+0x2a/0x410
[  214.881748][ T7347]  ksys_read+0x18f/0x2b0
[  214.881760][ T7347]  ? __pfx_ksys_read+0x10/0x10
[  214.881772][ T7347]  ? do_syscall_64+0x100/0x230
[  214.881785][ T7347]  ? do_syscall_64+0xb6/0x230
[  214.881797][ T7347]  do_syscall_64+0xf3/0x230
[  214.881808][ T7347]  ? clear_bhb_loop+0x35/0x90
[  214.881823][ T7347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.881835][ T7347] RIP: 0033:0x7f3177f8b7fc
[  214.881845][ T7347] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  214.881852][ T7347] RSP: 002b:00007f3178e6c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  214.881864][ T7347] RAX: ffffffffffffffda RBX: 00007f31781a5fa0 RCX: 00007f3177f8b7fc
[  214.881870][ T7347] RDX: 000000000000000f RSI: 00007f3178e6c0a0 RDI: 0000000000000007
[  214.881876][ T7347] RBP: 00007f3178e6c090 R08: 0000000000000000 R09: 0000000000000000
[  214.881882][ T7347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.881887][ T7347] R13: 0000000000000000 R14: 00007f31781a5fa0 R15: 00007ffd8a3ebe38
[  214.881902][ T7347]  </TASK>
[  215.779814][ T5824] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  218.033529][ T7385] netlink: 12 bytes leftover after parsing attributes in process `syz.4.412'.
[  219.011176][ T7381] SET target dimension over the limit!
[  219.197481][ T7393] netlink: 'syz.1.416': attribute type 2 has an invalid length.
[  219.297693][ T7400] ufs: Invalid option: "¯„•Å}ƒŽ™®„‰QÊÔx!º´ðÆÕ¡Ÿ|°ŠˆXñ7ôAœGáuM>¿AiÚ”�Rmdµ?SP
[  219.297693][ T7400] �àXŒƒe+ãßñÐÍ:qj¡@7TžRž…8" or missing value
[  219.338869][ T7400] ufs: wrong mount options
[  219.757766][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.1.419'.
[  221.121442][ T7418] vlan3: entered allmulticast mode
[  221.163012][ T7418] veth0_to_batadv: entered allmulticast mode
[  221.223840][ T7418] bridge0: port 3(vlan3) entered blocking state
[  221.230204][ T7418] bridge0: port 3(vlan3) entered disabled state
[  221.262392][ T7418] vlan3: entered promiscuous mode
[  221.274330][ T7418] veth0_to_batadv: entered promiscuous mode
[  221.294486][ T7418] bridge0: port 3(vlan3) entered blocking state
[  221.301272][ T7418] bridge0: port 3(vlan3) entered forwarding state
[  221.463338][ T7433] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  224.773433][  T942] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  225.139339][ T7462] vlan2: entered promiscuous mode
[  225.144490][ T7462] hsr0: entered promiscuous mode
[  225.151697][ T7462] hsr0: left promiscuous mode
[  225.993832][  T942] usb 2-1: Using ep0 maxpacket: 16
[  226.012313][  T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.134001][ T7460] xt_CT: No such helper "pptp"
[  226.234888][  T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.245198][  T942] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  226.258651][  T942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.268861][  T942] usb 2-1: config 0 descriptor??
[  226.413923][  T942] usbhid 2-1:0.0: can't add hid device: -71
[  226.430350][  T942] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  226.481012][  T942] usb 2-1: USB disconnect, device number 16
[  226.830853][ T7476] netlink: 48 bytes leftover after parsing attributes in process `syz.4.440'.
[  226.852087][ T7476] warning: `syz.4.440' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  226.869585][ T7481] netlink: 560 bytes leftover after parsing attributes in process `syz.4.440'.
[  226.879726][ T7481] netlink: 36 bytes leftover after parsing attributes in process `syz.4.440'.
[  227.685276][ T7486] pimreg: entered allmulticast mode
[  227.692441][ T7486] pimreg: left allmulticast mode
[  229.049953][ T7509] netlink: 12 bytes leftover after parsing attributes in process `syz.3.446'.
[  229.344723][ T7514] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  229.384141][ T7520] vivid-007: =================  START STATUS  =================
[  229.391843][ T7520] vivid-007: Enable Output Cropping: true
[  229.397702][ T7520] vivid-007: Enable Output Composing: true
[  229.403641][ T7520] vivid-007: Enable Output Scaler: true
[  229.409229][ T7520] vivid-007: Tx RGB Quantization Range: Automatic
[  229.415749][ T7520] vivid-007: Transmit Mode: HDMI
[  229.420719][ T7520] vivid-007: Hotplug Present: 0x00000000
[  229.426490][ T7520] vivid-007: RxSense Present: 0x00000000
[  229.432152][ T7520] vivid-007: EDID Present: 0x00000000
[  229.437699][ T7520] vivid-007: ==================  END STATUS  ==================
[  229.908731][ T7525] netlink: 'syz.0.449': attribute type 11 has an invalid length.
[  230.341081][ T7526] netlink: 12 bytes leftover after parsing attributes in process `syz.4.453'.
[  230.840783][ T7529] bond1: entered promiscuous mode
[  230.847864][ T7529] 8021q: adding VLAN 0 to HW filter on device bond1
[  232.634927][ T7549] netlink: 116 bytes leftover after parsing attributes in process `syz.2.460'.
[  233.308661][ T6602] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  233.812408][ T6602] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  234.291566][ T7561] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  236.068497][ T7566] bridge1: entered promiscuous mode
[  236.652577][ T6602] usb 5-1: string descriptor 0 read error: -71
[  236.658890][ T6602] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  236.681166][ T6602] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  236.702864][ T6602] usb 5-1: can't set config #1, error -71
[  236.721134][ T6602] usb 5-1: USB disconnect, device number 11
[  236.922426][ T7582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.467'.
[  237.899551][ T7595] FAULT_INJECTION: forcing a failure.
[  237.899551][ T7595] name failslab, interval 1, probability 0, space 0, times 0
[  237.912404][ T7595] CPU: 0 UID: 0 PID: 7595 Comm: syz.2.473 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  237.912427][ T7595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  237.912438][ T7595] Call Trace:
[  237.912445][ T7595]  <TASK>
[  237.912453][ T7595]  dump_stack_lvl+0x241/0x360
[  237.912478][ T7595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.912495][ T7595]  ? __pfx__printk+0x10/0x10
[  237.912519][ T7595]  ? __kmalloc_noprof+0xb5/0x4c0
[  237.912536][ T7595]  ? __pfx___might_resched+0x10/0x10
[  237.912560][ T7595]  should_fail_ex+0x40a/0x550
[  237.912586][ T7595]  should_failslab+0xac/0x100
[  237.912610][ T7595]  __kmalloc_noprof+0xdd/0x4c0
[  237.912624][ T7595]  ? __kmalloc_cache_noprof+0x243/0x390
[  237.912639][ T7595]  ? alloc_pipe_info+0x1ff/0x4d0
[  237.912670][ T7595]  alloc_pipe_info+0x1ff/0x4d0
[  237.912694][ T7595]  splice_direct_to_actor+0xa9e/0xc80
[  237.912716][ T7595]  ? __pfx___schedule+0x10/0x10
[  237.912737][ T7595]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  237.912766][ T7595]  ? __pfx_direct_splice_actor+0x10/0x10
[  237.912788][ T7595]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  237.912812][ T7595]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  237.912839][ T7595]  do_splice_direct+0x289/0x3e0
[  237.912864][ T7595]  ? __pfx_do_splice_direct+0x10/0x10
[  237.912887][ T7595]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  237.912913][ T7595]  ? do_sendfile+0x541/0x8a0
[  237.912935][ T7595]  do_sendfile+0x564/0x8a0
[  237.912959][ T7595]  ? __pfx_do_sendfile+0x10/0x10
[  237.912976][ T7595]  ? __fget_files+0x2a/0x410
[  237.912994][ T7595]  ? __pfx___schedule+0x10/0x10
[  237.913013][ T7595]  __se_sys_sendfile64+0x17c/0x1e0
[  237.913039][ T7595]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  237.913061][ T7595]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  237.913085][ T7595]  ? do_syscall_64+0xb6/0x230
[  237.913106][ T7595]  do_syscall_64+0xf3/0x230
[  237.913124][ T7595]  ? clear_bhb_loop+0x35/0x90
[  237.913146][ T7595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.913167][ T7595] RIP: 0033:0x7f8d8b18cde9
[  237.913181][ T7595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.913194][ T7595] RSP: 002b:00007f8d8c008038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  237.913212][ T7595] RAX: ffffffffffffffda RBX: 00007f8d8b3a6160 RCX: 00007f8d8b18cde9
[  237.913224][ T7595] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000006
[  237.913234][ T7595] RBP: 00007f8d8c008090 R08: 0000000000000000 R09: 0000000000000000
[  237.913244][ T7595] R10: 000000007ffff004 R11: 0000000000000246 R12: 0000000000000001
[  237.913254][ T7595] R13: 0000000000000000 R14: 00007f8d8b3a6160 R15: 00007ffc1161dba8
[  237.913280][ T7595]  </TASK>
[  238.488601][ T7601] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  242.968601][ T7629] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.483'.
[  243.016230][ T7628] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.483'.
[  243.300753][ T5831] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  243.465449][ T5831] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  243.497323][ T5831] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  243.531129][ T5831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  243.555473][ T5831] usb 5-1: SerialNumber: syz
[  243.573253][ T7631] Illegal XDP return value 4291481600 on prog  (id 74) dev N/A, expect packet loss!
[  244.754856][ T5831] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  244.820490][ T5831] usb 5-1: USB disconnect, device number 12
[  245.233788][ T7649] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  246.831204][ T5831] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  247.111016][ T5831] usb 3-1: Using ep0 maxpacket: 16
[  247.133784][ T5831] usb 3-1: config 0 has an invalid interface number: 195 but max is 0
[  247.284661][ T5831] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  247.333357][ T5831] usb 3-1: config 0 has no interface number 0
[  247.354105][ T5831] usb 3-1: New USB device found, idVendor=0421, idProduct=0418, bcdDevice=95.ff
[  247.366689][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.375727][ T5831] usb 3-1: Product: syz
[  247.389977][ T5831] usb 3-1: Manufacturer: syz
[  247.395693][ T5831] usb 3-1: SerialNumber: syz
[  247.572260][ T5831] usb 3-1: config 0 descriptor??
[  248.485194][ T5831] rndis_host 3-1:0.195: More than one union descriptor, skipping ...
[  248.521056][ T5831] usb 3-1: bad CDC descriptors
[  248.531397][ T5831] cdc_acm 3-1:0.195: More than one union descriptor, skipping ...
[  248.779361][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.497'.
[  248.788829][ T7678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.497'.
[  248.799512][ T7678] netlink: 'syz.1.497': attribute type 14 has an invalid length.
[  248.927423][  T942] usb 3-1: USB disconnect, device number 13
[  249.294730][ T7665] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  249.339111][ T7665] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  249.354404][ T7665] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  249.381028][ T7665] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  249.600999][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout
[  249.846988][ T7685] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.499'.
[  249.858344][ T7686] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.499'.
[  250.384804][ T7690] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  250.775860][ T7697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.502'.
[  250.785107][ T7697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.502'.
[  250.794445][ T7697] netlink: 'syz.2.502': attribute type 14 has an invalid length.
[  251.361104][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  251.367200][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  251.430967][ T5872] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  251.442392][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[  251.607979][ T5872] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  251.635883][ T5872] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  251.911091][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  252.108039][ T7717] vlan4: entered promiscuous mode
[  252.113262][ T7717] hsr0: entered promiscuous mode
[  252.127822][ T7717] hsr0: left promiscuous mode
[  252.697457][ T7719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.506'.
[  253.037827][ T7716] xt_CT: No such helper "pptp"
[  253.152269][ T5872] usb 1-1: SerialNumber: syz
[  253.433858][ T7725] Cannot find map_set index 0 as target
[  253.795989][ T5831] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  253.973518][ T5831] usb 3-1: Using ep0 maxpacket: 16
[  253.997143][ T5831] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  254.020362][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.181636][ T5831] usb 3-1: Product: syz
[  254.186586][ T5831] usb 3-1: Manufacturer: syz
[  254.191598][ T5831] usb 3-1: SerialNumber: syz
[  254.213265][ T5831] r8152-cfgselector 3-1: Unknown version 0x0000
[  254.226889][ T5831] r8152-cfgselector 3-1: config 0 descriptor??
[  255.386234][ T7730] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  255.501736][ T5872] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  255.541494][ T5872] usb 1-1: USB disconnect, device number 18
[  255.925758][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  255.932376][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  256.214023][    T9] r8152-cfgselector 3-1: USB disconnect, device number 14
[  256.454254][ T7749] No control pipe specified
[  257.674628][ T7760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.521'.
[  261.204345][    T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  261.702375][ T7790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.530'.
[  261.711529][ T7790] netlink: 4 bytes leftover after parsing attributes in process `syz.2.530'.
[  261.724306][ T7790] netlink: 'syz.2.530': attribute type 14 has an invalid length.
[  261.904635][    T8] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  261.942344][    T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  261.951820][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  261.959837][    T8] usb 2-1: SerialNumber: syz
[  262.571015][ T5831] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  262.735446][ T5831] usb 3-1: device descriptor read/64, error -71
[  263.022523][ T5831] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  263.132242][    T8] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  263.286094][    T8] usb 2-1: USB disconnect, device number 17
[  263.344246][ T5831] usb 3-1: device descriptor read/64, error -71
[  263.483485][ T5831] usb usb3-port1: attempt power cycle
[  263.545446][ T7803] pimreg: entered allmulticast mode
[  263.576368][ T7803] pimreg: left allmulticast mode
[  263.686360][ T7782] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  263.711383][ T7782] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  263.750747][ T7782] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  263.777251][ T7782] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  263.806174][ T7808] netlink: 'syz.1.536': attribute type 3 has an invalid length.
[  263.851109][ T5831] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  263.891870][ T7811] SET target dimension over the limit!
[  263.901267][ T7811] netlink: 'syz.1.536': attribute type 10 has an invalid length.
[  263.917746][ T5831] usb 3-1: device descriptor read/8, error -71
[  264.028659][ T7811] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  264.601198][ T5831] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  264.631887][ T5831] usb 3-1: device descriptor read/8, error -71
[  265.346039][ T5831] usb usb3-port1: unable to enumerate USB device
[  265.761106][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  265.767322][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  265.773871][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout
[  265.842607][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[  266.408133][ T7829] FAULT_INJECTION: forcing a failure.
[  266.408133][ T7829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.498130][ T7829] CPU: 1 UID: 0 PID: 7829 Comm: syz.2.541 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  266.498158][ T7829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  266.498168][ T7829] Call Trace:
[  266.498174][ T7829]  <TASK>
[  266.498182][ T7829]  dump_stack_lvl+0x241/0x360
[  266.498207][ T7829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.498223][ T7829]  ? __pfx__printk+0x10/0x10
[  266.498248][ T7829]  ? __pfx_lock_release+0x10/0x10
[  266.498277][ T7829]  should_fail_ex+0x40a/0x550
[  266.498303][ T7829]  set_fd_set+0x3a/0xa0
[  266.498326][ T7829]  core_sys_select+0x8e6/0xa40
[  266.498358][ T7829]  ? __pfx_core_sys_select+0x10/0x10
[  266.498382][ T7829]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  266.498424][ T7829]  ? __pfx_vfs_write+0x10/0x10
[  266.498442][ T7829]  ? __pfx_set_user_sigmask+0x10/0x10
[  266.498460][ T7829]  ? __pfx_do_sys_openat2+0x10/0x10
[  266.498474][ T7829]  ? put_files_struct+0x23d/0x310
[  266.498513][ T7829]  __se_sys_pselect6+0x321/0x3e0
[  266.498543][ T7829]  ? __pfx___se_sys_pselect6+0x10/0x10
[  266.498564][ T7829]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  266.498586][ T7829]  ? do_syscall_64+0x100/0x230
[  266.498607][ T7829]  ? __x64_sys_pselect6+0x21/0xf0
[  266.498631][ T7829]  do_syscall_64+0xf3/0x230
[  266.498649][ T7829]  ? clear_bhb_loop+0x35/0x90
[  266.498672][ T7829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.498692][ T7829] RIP: 0033:0x7f8d8b18cde9
[  266.498707][ T7829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.498721][ T7829] RSP: 002b:00007f8d8c04a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  266.498740][ T7829] RAX: ffffffffffffffda RBX: 00007f8d8b3a5fa0 RCX: 00007f8d8b18cde9
[  266.498752][ T7829] RDX: 0000400000000180 RSI: 0000400000000040 RDI: 0000000000000040
[  266.498763][ T7829] RBP: 00007f8d8c04a090 R08: 0000000000000000 R09: 0000000000000000
[  266.498773][ T7829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.498784][ T7829] R13: 0000000000000000 R14: 00007f8d8b3a5fa0 R15: 00007ffc1161dba8
[  266.498810][ T7829]  </TASK>
[  267.466927][ T7838] Cannot find map_set index 0 as target
[  267.937576][ T7846] netlink: 116 bytes leftover after parsing attributes in process `syz.0.548'.
[  268.219767][  T942] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  268.269060][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[  268.464409][ T5824] Bluetooth: hci1: unexpected cc 0x2024 length: 5 > 1
[  268.471933][ T5824] Bluetooth: hci1: unexpected event for opcode 0x2024
[  268.897506][  T942] usb 4-1: Using ep0 maxpacket: 16
[  268.955775][  T942] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  268.965133][  T942] usb 4-1: config 0 has no interface number 0
[  268.971629][ T5872] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  269.412350][  T942] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  269.423190][  T942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.436461][  T942] usb 4-1: Product: syz
[  269.440809][  T942] usb 4-1: Manufacturer: syz
[  269.449951][  T942] usb 4-1: SerialNumber: syz
[  269.485139][  T942] usb 4-1: config 0 descriptor??
[  269.504169][  T942] hub 4-1:0.132: bad descriptor, ignoring hub
[  269.510552][  T942] hub 4-1:0.132: probe with driver hub failed with error -5
[  269.594506][ T7860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'.
[  269.606586][ T7860] netlink: 4 bytes leftover after parsing attributes in process `syz.2.550'.
[  269.616381][ T7860] netlink: 'syz.2.550': attribute type 14 has an invalid length.
[  269.961387][ T5872] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  269.983747][  T942] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input7
[  270.023507][ T5872] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  270.041384][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  270.060998][ T5872] usb 2-1: SerialNumber: syz
[  270.179585][ T7867] netlink: 68 bytes leftover after parsing attributes in process `syz.4.553'.
[  271.331435][ T7876] netlink: 12 bytes leftover after parsing attributes in process `syz.0.552'.
[  271.381299][ T5826] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  271.595614][ T5826] usb 5-1: config 0 has too many interfaces: 36, using maximum allowed: 32
[  271.658077][ T5826] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 36
[  271.688704][ T5872] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  271.812184][ T5826] usb 5-1: New USB device found, idVendor=08ca, idProduct=0104, bcdDevice=32.8f
[  271.876527][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.905153][ T5872] usb 2-1: USB disconnect, device number 18
[  271.962694][ T5826] usb 5-1: config 0 descriptor??
[  271.982671][ T5826] gspca_main: sunplus-2.14.0 probing 08ca:0104
[  272.703968][ T7884] vlan3: entered promiscuous mode
[  272.709116][ T7884] hsr0: entered promiscuous mode
[  272.722491][ T7884] hsr0: left promiscuous mode
[  273.089449][ T7883] xt_CT: No such helper "pptp"
[  273.573143][ T5826] usb 5-1: USB disconnect, device number 13
[  274.008822][ T7896] Cannot find map_set index 0 as target
[  274.767732][ T7901] openvswitch: netlink: Tunnel attr 54 out of range max 16
[  274.917077][ T7903] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.560'.
[  274.935835][ T7902] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.560'.
[  275.335687][ T7907] netlink: 12 bytes leftover after parsing attributes in process `syz.1.562'.
[  275.359088][    T8] usb 4-1: USB disconnect, device number 14
[  275.364969][ T7910] netlink: 92 bytes leftover after parsing attributes in process `syz.0.563'.
[  275.381402][ T7910] netlink: 92 bytes leftover after parsing attributes in process `syz.0.563'.
[  275.393964][ T7907] netlink: 40 bytes leftover after parsing attributes in process `syz.1.562'.
[  275.404088][ T7907] tipc: Started in network mode
[  275.425290][ T7907] tipc: Node identity ac1414bb, cluster identity 4711
[  275.436297][ T7907] tipc: New replicast peer: 172.20.20.170
[  275.443581][ T7907] tipc: Enabled bearer <udp:syz1>, priority 0
[  275.450287][ T7910] hsr0: entered allmulticast mode
[  275.455550][ T7910] hsr_slave_0: entered allmulticast mode
[  275.463120][ T7910] hsr_slave_1: entered allmulticast mode
[  275.633936][    T8] usb 4-1: new low-speed USB device number 15 using dummy_hcd
[  275.642784][ T5874] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  275.808172][    T8] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping
[  276.325559][ T5874] usb 5-1: config 1 has an invalid descriptor of length 103, skipping remainder of the config
[  276.405286][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  276.471180][ T5874] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  276.523387][    T8] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  276.541682][    T8] usb 4-1: config 1 has no interface number 1
[  276.566069][ T5831] tipc: Node number set to 2886997179
[  276.581023][ T5874] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  276.590800][    T8] usb 4-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  276.613882][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  276.654489][ T5874] usb 5-1: SerialNumber: syz
[  276.703209][    T8] usb 4-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  276.765982][    T8] usb 4-1: config 1 interface 2 has no altsetting 1
[  276.776897][    T8] usb 4-1: string descriptor 0 read error: -22
[  276.783903][    T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  277.160452][ T7927] vlan3: entered promiscuous mode
[  277.165633][ T7927] hsr0: entered promiscuous mode
[  277.176376][ T7927] hsr0: left promiscuous mode
[  277.896098][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.914760][ T7926] xt_CT: No such helper "pptp"
[  278.117626][    T8] usb 4-1: can't set config #1, error -71
[  278.268754][ T7930] netlink: 12 bytes leftover after parsing attributes in process `syz.2.568'.
[  278.522047][    T8] usb 4-1: USB disconnect, device number 15
[  279.711846][ T5874] usb 5-1: bad CDC descriptors
[  279.740282][ T5874] usb 5-1: USB disconnect, device number 14
[  279.790582][ T7936] xt_CT: No such helper "pptp"
[  280.539967][ T7949] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.572'.
[  280.572223][ T7946] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.572'.
[  281.222440][ T7958] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.575'.
[  281.232828][ T7957] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.575'.
[  283.079270][ T7954] Cannot find map_set index 0 as target
[  283.344911][ T7962] Cannot find map_set index 0 as target
[  283.558222][ T7974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.579'.
[  283.567529][ T7974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.579'.
[  283.576831][ T7974] netlink: 'syz.0.579': attribute type 14 has an invalid length.
[  284.447172][ T7981] cgroup: fork rejected by pids controller in /syz2
[  286.931859][ T5828] syz-executor (5828) used greatest stack depth: 19416 bytes left
[  287.092091][ T7998] xt_CT: No such helper "pptp"
[  287.270226][ T6233] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.202424][ T6233] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.978831][ T6233] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.216793][ T6233] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.464569][ T8002] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  289.478792][ T8022] block nbd0: NBD_DISCONNECT
[  289.481491][ T8002] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  289.498780][ T8022] block nbd0: Disconnected due to user request.
[  289.563799][ T8022] block nbd0: shutting down sockets
[  289.602938][ T8002] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  289.699098][ T8002] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  289.817746][ T6233] bridge_slave_1: left allmulticast mode
[  289.840492][ T6233] bridge_slave_1: left promiscuous mode
[  289.849604][ T6233] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.898930][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  289.910242][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  289.918830][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  289.935984][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  289.945302][ T5833] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  289.952810][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  289.961743][ T6233] bridge_slave_0: left allmulticast mode
[  289.981994][ T8034] overlayfs: missing 'workdir'
[  289.995969][ T6233] bridge_slave_0: left promiscuous mode
[  290.061231][ T6233] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.133911][ T8018] netlink: 8 bytes leftover after parsing attributes in process `syz.1.593'.
[  291.526923][ T5135] Bluetooth: hci1: command 0x0c1a tx timeout
[  291.534048][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  291.681138][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout
[  291.761327][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  292.005605][ T5833] Bluetooth: hci4: command tx timeout
[  294.661792][ T5833] Bluetooth: hci4: command tx timeout
[  294.905476][ T8065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.605'.
[  294.918852][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.605'.
[  294.928505][ T8065] netlink: 'syz.3.605': attribute type 14 has an invalid length.
[  295.439362][ T6233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.518246][ T6233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.530201][ T6233] bond0 (unregistering): Released all slaves
[  295.562020][ T8035] veth0_to_team: mtu less than device minimum
[  295.885561][ T8070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.606'.
[  295.899558][ T8070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.606'.
[  295.919537][ T8070] netlink: 'syz.1.606': attribute type 14 has an invalid length.
[  296.721103][ T5833] Bluetooth: hci4: command tx timeout
[  297.873924][ T8086] xt_CT: No such helper "pptp"
[  297.990633][ T8087] vlan3: entered promiscuous mode
[  297.996203][ T8087] hsr0: entered promiscuous mode
[  298.003450][ T8087] hsr0: left promiscuous mode
[  298.439963][ T6233] hsr_slave_0: left promiscuous mode
[  298.470251][ T6233] hsr_slave_1: left promiscuous mode
[  298.482963][ T8080] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  298.490028][ T6233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.502717][ T8080] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  298.521091][ T6233] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.528870][ T8080] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  298.536225][ T8080] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  298.552330][ T6233] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.559791][ T6233] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.569890][ T8080] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  298.581317][ T8080] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  298.837689][ T6233] veth1_macvtap: left promiscuous mode
[  298.845006][ T8080] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  298.849703][ T6233] veth0_macvtap: left promiscuous mode
[  298.862779][ T6233] veth1_vlan: left promiscuous mode
[  298.868650][ T6233] veth0_vlan: left promiscuous mode
[  298.932814][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.614'.
[  300.617324][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  300.617342][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout
[  300.623498][ T5135] Bluetooth: hci3: command 0x0c1a tx timeout
[  300.636201][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[  300.642492][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[  300.731078][ T8120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.619'.
[  300.741990][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.619'.
[  300.750985][ T8120] netlink: 'syz.4.619': attribute type 14 has an invalid length.
[  301.871128][ T5831] usb 2-1: new low-speed USB device number 19 using dummy_hcd
[  302.038397][ T6233] team0 (unregistering): Port device team_slave_1 removed
[  302.063014][ T5831] usb 2-1: config 1 has an invalid interface descriptor of length 6, skipping
[  302.072546][ T5831] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.085658][ T5831] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  302.095077][ T5831] usb 2-1: config 1 has no interface number 1
[  302.101776][ T5831] usb 2-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  302.112875][ T5831] usb 2-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  302.127419][ T8129] FAULT_INJECTION: forcing a failure.
[  302.127419][ T8129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.140675][ T8129] CPU: 0 UID: 0 PID: 8129 Comm: syz.0.622 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  302.140697][ T8129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  302.140718][ T8129] Call Trace:
[  302.140723][ T8129]  <TASK>
[  302.140731][ T8129]  dump_stack_lvl+0x241/0x360
[  302.140755][ T8129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.140771][ T8129]  ? __pfx__printk+0x10/0x10
[  302.140794][ T8129]  ? __pfx_lock_release+0x10/0x10
[  302.140823][ T8129]  should_fail_ex+0x40a/0x550
[  302.140848][ T8129]  _copy_from_user+0x2d/0xb0
[  302.140871][ T8129]  copy_msghdr_from_user+0xae/0x680
[  302.140889][ T8129]  ? __pfx___might_resched+0x10/0x10
[  302.140909][ T8129]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  302.140925][ T8129]  ? __fget_files+0x2a/0x410
[  302.140944][ T8129]  ? __sys_sendmmsg+0x392/0x720
[  302.140966][ T8129]  ? __might_fault+0xaa/0x120
[  302.140988][ T8129]  __sys_sendmmsg+0x32b/0x720
[  302.141017][ T8129]  ? __pfx___sys_sendmmsg+0x10/0x10
[  302.141048][ T8129]  ? __pfx_lock_release+0x10/0x10
[  302.141067][ T8129]  ? kstrtouint_from_user+0x128/0x190
[  302.141108][ T8129]  ? ksys_write+0x22a/0x2b0
[  302.141128][ T8129]  ? __pfx_lock_release+0x10/0x10
[  302.141153][ T8129]  ? sb_end_write+0xe9/0x1c0
[  302.141170][ T8129]  ? vfs_write+0x7fa/0xd10
[  302.141191][ T8129]  ? __mutex_unlock_slowpath+0x227/0x800
[  302.141235][ T8129]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  302.141258][ T8129]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  302.141286][ T8129]  ? do_syscall_64+0x100/0x230
[  302.141307][ T8129]  __x64_sys_sendmmsg+0xa0/0xb0
[  302.141330][ T8129]  do_syscall_64+0xf3/0x230
[  302.141349][ T8129]  ? clear_bhb_loop+0x35/0x90
[  302.141371][ T8129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.141391][ T8129] RIP: 0033:0x7fe0ab58cde9
[  302.141412][ T8129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.141426][ T8129] RSP: 002b:00007fe0ac49d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  302.141445][ T8129] RAX: ffffffffffffffda RBX: 00007fe0ab7a6080 RCX: 00007fe0ab58cde9
[  302.141457][ T8129] RDX: 0000000000000299 RSI: 0000400000003dc0 RDI: 0000000000000006
[  302.141468][ T8129] RBP: 00007fe0ac49d090 R08: 0000000000000000 R09: 0000000000000000
[  302.141478][ T8129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.141488][ T8129] R13: 0000000000000000 R14: 00007fe0ab7a6080 R15: 00007fff46ff0908
[  302.141514][ T8129]  </TASK>
[  302.147617][ T6233] team0 (unregistering): Port device team_slave_0 removed
[  302.152435][ T5831] usb 2-1: config 1 interface 2 has no altsetting 1
[  302.407184][ T5831] usb 2-1: string descriptor 0 read error: -22
[  302.416763][ T5831] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  302.428184][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.451984][ T5831] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  302.459770][ T5831] usb 2-1: MIDIStreaming interface descriptor not found
[  302.731137][ T5135] Bluetooth: hci4: command 0x0c1a tx timeout
[  302.858288][ T8028] chnl_net:caif_netlink_parms(): no params data found
[  302.870509][ T8110] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  303.126099][ T8028] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.149164][ T8028] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.157249][ T8028] bridge_slave_0: entered allmulticast mode
[  303.165271][ T8028] bridge_slave_0: entered promiscuous mode
[  303.173848][ T8028] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.181181][ T8028] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.189561][ T8028] bridge_slave_1: entered allmulticast mode
[  303.197350][ T8028] bridge_slave_1: entered promiscuous mode
[  303.276213][ T8028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.355390][ T8028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.213474][  T942] usb 2-1: USB disconnect, device number 19
[  304.812652][ T5135] Bluetooth: hci4: command 0x0c1a tx timeout
[  304.848052][ T8154] FAULT_INJECTION: forcing a failure.
[  304.848052][ T8154] name failslab, interval 1, probability 0, space 0, times 0
[  304.876467][ T8154] CPU: 1 UID: 0 PID: 8154 Comm: syz.4.629 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  304.876493][ T8154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  304.876504][ T8154] Call Trace:
[  304.876509][ T8154]  <TASK>
[  304.876517][ T8154]  dump_stack_lvl+0x241/0x360
[  304.876542][ T8154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  304.876558][ T8154]  ? __pfx__printk+0x10/0x10
[  304.876582][ T8154]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  304.876606][ T8154]  ? __pfx___might_resched+0x10/0x10
[  304.876629][ T8154]  should_fail_ex+0x40a/0x550
[  304.876655][ T8154]  should_failslab+0xac/0x100
[  304.876678][ T8154]  kmem_cache_alloc_node_noprof+0x77/0x380
[  304.876700][ T8154]  ? __alloc_skb+0x1c3/0x440
[  304.876723][ T8154]  __alloc_skb+0x1c3/0x440
[  304.876747][ T8154]  ? __pfx___alloc_skb+0x10/0x10
[  304.876768][ T8154]  ? netlink_autobind+0xd6/0x2f0
[  304.876783][ T8154]  ? netlink_autobind+0x2b0/0x2f0
[  304.876802][ T8154]  netlink_sendmsg+0x634/0xcb0
[  304.876835][ T8154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  304.876855][ T8154]  ? __import_iovec+0x556/0x870
[  304.876885][ T8154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  304.876906][ T8154]  __sock_sendmsg+0x221/0x270
[  304.876927][ T8154]  ____sys_sendmsg+0x53a/0x860
[  304.876960][ T8154]  ? __pfx_____sys_sendmsg+0x10/0x10
[  304.876980][ T8154]  ? __fget_files+0x2a/0x410
[  304.876998][ T8154]  ? __fget_files+0x2a/0x410
[  304.877022][ T8154]  __sys_sendmsg+0x269/0x350
[  304.877048][ T8154]  ? __pfx___sys_sendmsg+0x10/0x10
[  304.877096][ T8154]  ? __pfx___schedule+0x10/0x10
[  304.877121][ T8154]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  304.877143][ T8154]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  304.877168][ T8154]  ? do_syscall_64+0xb6/0x230
[  304.877188][ T8154]  do_syscall_64+0xf3/0x230
[  304.877205][ T8154]  ? clear_bhb_loop+0x35/0x90
[  304.877228][ T8154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.877249][ T8154] RIP: 0033:0x7f3177f8cde9
[  304.877264][ T8154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.877278][ T8154] RSP: 002b:00007f3178e4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  304.877296][ T8154] RAX: ffffffffffffffda RBX: 00007f31781a6080 RCX: 00007f3177f8cde9
[  304.877309][ T8154] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: 0000000000000003
[  304.877319][ T8154] RBP: 00007f3178e4b090 R08: 0000000000000000 R09: 0000000000000000
[  304.877330][ T8154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.877339][ T8154] R13: 0000000000000000 R14: 00007f31781a6080 R15: 00007ffd8a3ebe38
[  304.877365][ T8154]  </TASK>
[  305.476550][ T8028] team0: Port device team_slave_0 added
[  305.506573][ T6233] IPVS: stop unused estimator thread 0...
[  305.515129][ T8028] team0: Port device team_slave_1 added
[  307.079357][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_0
[  307.103588][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.171438][ T8028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.202233][ T8028] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.223989][ T8028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.634899][ T8028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  307.653804][ T8169] netlink: 12 bytes leftover after parsing attributes in process `syz.0.633'.
[  307.677784][ T8165] Smack: duplicate mount options
[  307.949924][ T8028] hsr_slave_0: entered promiscuous mode
[  307.974864][ T8028] hsr_slave_1: entered promiscuous mode
[  308.009866][ T8028] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  308.130971][ T8028] Cannot create hsr debugfs directory
[  308.854686][ T8175] xt_CT: No such helper "pptp"
[  308.895399][ T8177] vlan3: entered promiscuous mode
[  308.900509][ T8177] hsr0: entered promiscuous mode
[  308.911124][ T8177] hsr0: left promiscuous mode
[  309.680514][ T8180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'.
[  309.689422][ T8180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'.
[  309.698329][ T8180] netlink: 'syz.1.635': attribute type 14 has an invalid length.
[  309.904042][ T8193] vlan3: entered promiscuous mode
[  309.909194][ T8193] hsr0: entered promiscuous mode
[  309.924312][ T8193] hsr0: left promiscuous mode
[  310.479945][ T8190] xt_CT: No such helper "pptp"
[  312.521045][ T5872] usb 2-1: new low-speed USB device number 20 using dummy_hcd
[  312.683954][ T5872] usb 2-1: config 1 has an invalid interface descriptor of length 6, skipping
[  312.745223][ T5872] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.815202][ T5872] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  312.825031][ T5872] usb 2-1: config 1 has no interface number 1
[  312.831912][ T5872] usb 2-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  312.885675][ T5872] usb 2-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  312.903276][ T5872] usb 2-1: config 1 interface 2 has no altsetting 1
[  312.916697][ T5872] usb 2-1: string descriptor 0 read error: -22
[  312.979748][ T5872] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  312.995200][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.040606][ T5872] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  313.184262][ T5872] usb 2-1: MIDIStreaming interface descriptor not found
[  313.821481][ T8223] netlink: 'syz.3.646': attribute type 1 has an invalid length.
[  313.851123][ T8223] netlink: 244 bytes leftover after parsing attributes in process `syz.3.646'.
[  313.931520][ T8028] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  313.943474][   T29] audit: type=1326 audit(1739729369.498:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8221 comm="syz.3.646" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2d978cde9 code=0xffff0000
[  313.994938][ T8028] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  314.032825][ T8028] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  314.095972][ T8028] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  314.289714][  T942] usb 2-1: USB disconnect, device number 20
[  314.358206][ T8028] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.404828][ T8028] 8021q: adding VLAN 0 to HW filter on device team0
[  314.669595][ T6230] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.676810][ T6230] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.445523][ T8230] xt_CT: No such helper "pptp"
[  315.453766][ T6230] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.460944][ T6230] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.484046][ T8231] vlan3: entered promiscuous mode
[  315.489198][ T8231] hsr0: entered promiscuous mode
[  315.496376][ T8231] hsr0: left promiscuous mode
[  316.158632][ T8028] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.345297][ T8028] veth0_vlan: entered promiscuous mode
[  316.356316][ T8028] veth1_vlan: entered promiscuous mode
[  316.937748][ T8028] veth0_macvtap: entered promiscuous mode
[  316.986516][ T8028] veth1_macvtap: entered promiscuous mode
[  317.109510][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.122866][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.159495][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.205758][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.241884][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.286318][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.325781][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.376643][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.402398][ T8028] batman_adv: batadv0: Interface activated: batadv_slave_0
[  317.414591][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  317.422694][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  318.364569][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.406056][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.431033][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.457751][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.483758][ T8028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.613508][ T5903] usb 1-1: new low-speed USB device number 19 using dummy_hcd
[  318.638057][ T8028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.656866][ T8028] batman_adv: batadv0: Interface activated: batadv_slave_1
[  318.673741][ T8028] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  318.683974][ T8028] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  318.697455][ T8028] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  318.780245][ T8028] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  318.838901][ T5903] usb 1-1: config 1 has an invalid interface descriptor of length 6, skipping
[  318.861932][ T5903] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  319.016188][ T8270] vlan3: entered promiscuous mode
[  319.021403][ T8270] hsr0: entered promiscuous mode
[  319.034995][ T8270] hsr0: left promiscuous mode
[  319.321012][ T5903] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  319.331789][ T8269] xt_CT: No such helper "pptp"
[  319.467820][ T5903] usb 1-1: config 1 has no interface number 1
[  319.475640][ T5903] usb 1-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  319.487002][ T5903] usb 1-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  319.500336][ T5903] usb 1-1: config 1 interface 2 has no altsetting 1
[  319.510425][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.519307][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.4.660'.
[  319.534097][ T5903] usb 1-1: string descriptor 0 read error: -22
[  319.540409][ T5903] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  319.550163][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.559881][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.576602][ T5903] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  319.596483][ T5903] usb 1-1: MIDIStreaming interface descriptor not found
[  319.605100][ T6233] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.613318][ T6233] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.959990][ T8280] vlan3: entered promiscuous mode
[  319.965300][ T8280] hsr0: entered promiscuous mode
[  319.972535][ T8280] hsr0: left promiscuous mode
[  320.275388][ T8279] xt_CT: No such helper "pptp"
[  321.060827][    T8] usb 1-1: USB disconnect, device number 19
[  321.681680][ T8292] vlan3: entered promiscuous mode
[  321.686919][ T8292] hsr0: entered promiscuous mode
[  321.700507][ T8292] hsr0: left promiscuous mode
[  322.304910][ T8290] xt_CT: No such helper "pptp"
[  325.431353][    T9] usb 2-1: new low-speed USB device number 21 using dummy_hcd
[  325.652811][    T9] usb 2-1: config 1 has an invalid interface descriptor of length 6, skipping
[  325.691590][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  325.731044][    T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  325.750333][    T9] usb 2-1: config 1 has no interface number 1
[  325.763926][    T9] usb 2-1: too many endpoints for config 1 interface 2 altsetting 116: 104, using maximum allowed: 30
[  325.805917][    T9] usb 2-1: config 1 interface 2 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 104
[  325.848473][    T9] usb 2-1: config 1 interface 2 has no altsetting 1
[  325.871959][    T9] usb 2-1: string descriptor 0 read error: -22
[  325.886448][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  325.916448][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.975941][    T9] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  326.001072][    T9] usb 2-1: MIDIStreaming interface descriptor not found
[  326.394926][ T8334] vlan3: entered promiscuous mode
[  326.400131][ T8334] hsr0: entered promiscuous mode
[  326.432127][ T8334] hsr0: left promiscuous mode
[  327.054446][ T8333] xt_CT: No such helper "pptp"
[  328.061118][    T8] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  328.138875][  T942] usb 2-1: USB disconnect, device number 21
[  328.227553][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  328.258027][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  328.510297][    T8] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  328.529865][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.538151][    T8] usb 3-1: Product: syz
[  328.550972][    T8] usb 3-1: Manufacturer: syz
[  328.555937][    T8] usb 3-1: SerialNumber: syz
[  329.577258][    T8] usb 3-1: config 0 descriptor??
[  329.584201][ T8341] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  329.591762][ T8341] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  329.805903][ T8340] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  329.972198][    T8] dm9601 3-1:0.0: probe with driver dm9601 failed with error -71
[  329.998951][    T8] usb 3-1: USB disconnect, device number 19
[  330.290082][ T8367] ip6t_REJECT: ECHOREPLY is not supported
[  331.525128][ T8373] x_tables: duplicate underflow at hook 1
[  334.394433][ T8390] vlan3: entered promiscuous mode
[  334.399601][ T8390] hsr0: entered promiscuous mode
[  334.415470][ T8390] hsr0: left promiscuous mode
[  334.611482][ T8389] xt_CT: No such helper "pptp"
[  334.865419][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  334.874756][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  334.883137][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  334.910410][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  334.918897][ T5833] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  334.926606][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  334.962809][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.991474][   T29] audit: type=1326 audit(1739729390.538:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.050096][   T29] audit: type=1326 audit(1739729390.568:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.077887][   T29] audit: type=1326 audit(1739729390.568:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.130561][   T29] audit: type=1326 audit(1739729390.568:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.163321][   T29] audit: type=1326 audit(1739729390.568:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.193525][   T29] audit: type=1326 audit(1739729390.578:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fde74183da7 code=0x7ffc0000
[  335.217662][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.238684][   T29] audit: type=1326 audit(1739729390.578:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde74128fb9 code=0x7ffc0000
[  335.259949][ T5874] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  335.268639][   T29] audit: type=1326 audit(1739729390.578:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fde7418cde9 code=0x7ffc0000
[  335.290000][    C1] vkms_vblank_simulate: vblank timer overrun
[  335.301733][ T8403] vlan2: entered promiscuous mode
[  335.306842][ T8403] hsr0: entered promiscuous mode
[  335.315169][ T8403] hsr0: left promiscuous mode
[  335.321981][   T29] audit: type=1326 audit(1739729390.578:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fde74183da7 code=0x7ffc0000
[  335.344148][   T29] audit: type=1326 audit(1739729390.578:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8397 comm="syz.1.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde74128fb9 code=0x7ffc0000
[  335.411855][ T8400] xt_CT: No such helper "pptp"
[  335.489290][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.506959][ T5874] usb 5-1: config 1 has an invalid descriptor of length 122, skipping remainder of the config
[  335.527892][ T5874] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  335.576942][ T5874] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  335.601731][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  335.652120][ T5874] usb 5-1: SerialNumber: syz
[  335.723722][ T8413] ip6t_REJECT: ECHOREPLY is not supported
[  335.817618][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.894794][ T5874] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  336.375766][ T8393] chnl_net:caif_netlink_parms(): no params data found
[  336.972994][ T5833] Bluetooth: hci2: command tx timeout
[  337.212407][ T8423] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.695'.
[  337.232239][ T8421] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.695'.
[  337.301337][   T12] vlan3: left promiscuous mode
[  337.402028][   T12] veth0_to_batadv: left promiscuous mode
[  337.408147][   T12] bridge0: port 3(vlan3) entered disabled state
[  337.444294][   T12] bridge_slave_1: left allmulticast mode
[  337.453392][   T12] bridge_slave_1: left promiscuous mode
[  337.464734][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.483679][   T12] bridge_slave_0: left allmulticast mode
[  337.493125][   T12] bridge_slave_0: left promiscuous mode
[  337.500064][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.930299][    T8] usb 5-1: USB disconnect, device number 15
[  338.091212][ T5831] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  338.251037][ T5831] usb 2-1: Using ep0 maxpacket: 32
[  338.268185][ T5831] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  338.289555][ T5831] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  338.311004][ T5831] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  338.331672][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.357533][ T5831] hub 2-1:4.0: USB hub found
[  338.425833][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.451489][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.522943][   T12] bond0 (unregistering): Released all slaves
[  338.566266][ T5831] hub 2-1:4.0: 8 ports detected
[  338.591388][ T5831] hub 2-1:4.0: insufficient power available to use all downstream ports
[  338.781345][ T8393] bridge0: port 1(bridge_slave_0) entered blocking state
[  338.789284][ T5831] hub 2-1:4.0: hub_hub_status failed (err = -71)
[  338.791507][ T8393] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.812796][ T5831] hub 2-1:4.0: config failed, can't get hub status (err -71)
[  338.851710][ T8393] bridge_slave_0: entered allmulticast mode
[  338.868291][ T8393] bridge_slave_0: entered promiscuous mode
[  338.875278][ T5831] usb 2-1: USB disconnect, device number 22
[  339.051020][ T5833] Bluetooth: hci2: command tx timeout
[  339.133160][ T5872] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  339.147655][ T8393] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.156830][ T8393] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.237543][ T8446] cgroup: fork rejected by pids controller in /syz4
[  339.301748][ T5872] usb 1-1: Using ep0 maxpacket: 32
[  339.317687][ T5872] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  339.474036][ T5872] usb 1-1: config 0 interface 0 has no altsetting 0
[  339.589138][ T5872] usb 1-1: New USB device found, idVendor=05c6, idProduct=7000, bcdDevice=c3.fc
[  339.804262][ T8393] bridge_slave_1: entered allmulticast mode
[  339.812429][ T8393] bridge_slave_1: entered promiscuous mode
[  339.949791][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.960037][ T5872] usb 1-1: Product: syz
[  339.977357][ T5872] usb 1-1: Manufacturer: syz
[  339.977380][   T12] hsr_slave_0: left promiscuous mode
[  339.982142][ T5872] usb 1-1: SerialNumber: syz
[  339.984009][ T5872] usb 1-1: config 0 descriptor??
[  340.058241][   T12] hsr_slave_1: left promiscuous mode
[  340.068496][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  340.106871][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  340.152683][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  340.180660][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  340.247524][   T12] veth0_to_batadv: left allmulticast mode
[  340.254349][   T12] veth1_macvtap: left promiscuous mode
[  340.259919][   T12] veth0_macvtap: left promiscuous mode
[  340.265793][   T12] veth1_vlan: left promiscuous mode
[  340.277801][   T12] veth0_vlan: left promiscuous mode
[  341.124126][ T5833] Bluetooth: hci2: command tx timeout
[  341.458040][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.704'.
[  341.526877][   T12] team0 (unregistering): Port device team_slave_1 removed
[  341.574812][   T12] team0 (unregistering): Port device team_slave_0 removed
[  342.373995][ T5874] usb 1-1: USB disconnect, device number 20
[  342.599677][ T8393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.201495][ T5833] Bluetooth: hci2: command tx timeout
[  343.425282][ T8393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  343.816356][ T8393] team0: Port device team_slave_0 added
[  346.001063][ T8471] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.707'.
[  346.214740][ T8393] team0: Port device team_slave_1 added
[  346.288442][ T8470] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.707'.
[  346.339837][ T8393] batman_adv: batadv0: Adding interface: batadv_slave_0
[  346.361192][ T8393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.411361][ T8393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  346.434486][ T8393] batman_adv: batadv0: Adding interface: batadv_slave_1
[  346.448457][ T8393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.502592][ T8393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.732759][ T8393] hsr_slave_0: entered promiscuous mode
[  347.739148][ T8393] hsr_slave_1: entered promiscuous mode
[  347.761578][ T8393] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  347.779770][ T8393] Cannot create hsr debugfs directory
[  347.946214][ T5135] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  347.957329][ T5135] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  347.968217][ T5135] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  347.976712][ T5135] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  347.985996][ T5135] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  347.994577][ T5135] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  348.712447][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.058659][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.721063][ T5833] Bluetooth: hci3: command tx timeout
[  350.749087][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.012073][ T8393] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  351.040451][ T8393] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  351.093207][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.116509][ T8393] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  351.135609][ T8393] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  351.386301][ T8491] chnl_net:caif_netlink_parms(): no params data found
[  351.394436][ T8520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.719'.
[  351.424165][ T8520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.719'.
[  351.551945][   T12] bridge_slave_1: left allmulticast mode
[  351.557635][   T12] bridge_slave_1: left promiscuous mode
[  351.563598][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.577467][   T12] bridge_slave_0: left allmulticast mode
[  351.583448][   T12] bridge_slave_0: left promiscuous mode
[  351.589369][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.740492][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.756072][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.766129][   T12] bond0 (unregistering): Released all slaves
[  352.800998][ T5833] Bluetooth: hci3: command tx timeout
[  353.312898][ T8529] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  353.515826][ T8491] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.741439][ T8491] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.749231][ T8491] bridge_slave_0: entered allmulticast mode
[  353.759529][ T8491] bridge_slave_0: entered promiscuous mode
[  354.591695][ T8491] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.599153][ T8491] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.608435][ T8491] bridge_slave_1: entered allmulticast mode
[  354.615844][ T8491] bridge_slave_1: entered promiscuous mode
[  354.672612][ T8491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  354.881592][ T5833] Bluetooth: hci3: command tx timeout
[  354.979290][ T8491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.321339][ T8393] 8021q: adding VLAN 0 to HW filter on device bond0
[  355.345029][ T8491] team0: Port device team_slave_0 added
[  355.367550][   T12] hsr_slave_0: left promiscuous mode
[  355.374915][   T12] hsr_slave_1: left promiscuous mode
[  355.380830][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  355.389662][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  355.403863][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  355.432517][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  355.546244][   T12] veth1_macvtap: left promiscuous mode
[  355.568904][   T12] veth0_macvtap: left promiscuous mode
[  355.579719][   T12] veth1_vlan: left promiscuous mode
[  355.590335][   T12] veth0_vlan: left promiscuous mode
[  355.737149][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.730'.
[  355.751084][ T8571] nftables ruleset with unbound chain
[  356.751087][ T5831] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  356.751296][   T12] team0 (unregistering): Port device team_slave_1 removed
[  356.804155][   T12] team0 (unregistering): Port device team_slave_0 removed
[  356.911056][ T5831] usb 3-1: Using ep0 maxpacket: 16
[  356.919499][ T5831] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  356.938897][ T5831] usb 3-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  356.950831][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.959076][ T5831] usb 3-1: Product: syz
[  356.963831][ T5831] usb 3-1: Manufacturer: syz
[  356.968480][ T5831] usb 3-1: SerialNumber: syz
[  356.976705][ T5833] Bluetooth: hci3: command tx timeout
[  356.982752][ T5831] usb 3-1: config 0 descriptor??
[  356.997104][ T5831] pegasus_notetaker 3-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  357.216899][ T5831] usb 3-1: USB disconnect, device number 20
[  357.305654][ T8491] team0: Port device team_slave_1 added
[  357.366774][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.382164][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.409494][ T8491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.438917][ T8393] 8021q: adding VLAN 0 to HW filter on device team0
[  357.450239][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.459322][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.604841][ T8579] netlink: 12 bytes leftover after parsing attributes in process `syz.0.734'.
[  357.691998][ T8491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.719563][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.726807][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  357.795659][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.803071][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  357.828400][ T8491] hsr_slave_0: entered promiscuous mode
[  357.846792][ T8491] hsr_slave_1: entered promiscuous mode
[  357.859735][ T8491] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  357.885869][ T8491] Cannot create hsr debugfs directory
[  358.004160][   T12] IPVS: stop unused estimator thread 0...
[  358.097067][ T8585] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  358.594449][ T8594] mmap: syz.1.738 (8594) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  359.615207][ T8393] 8021q: adding VLAN 0 to HW filter on device batadv0
[  359.779738][ T8491] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  359.807400][ T8491] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  359.952444][ T8491] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  359.982946][ T8491] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  361.158553][ T8491] 8021q: adding VLAN 0 to HW filter on device bond0
[  361.188402][ T8491] 8021q: adding VLAN 0 to HW filter on device team0
[  362.080203][    T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  362.090255][ T8621] xt_CT: No such helper "pptp"
[  362.103256][ T8622] vlan3: entered promiscuous mode
[  362.108326][ T8622] hsr0: entered promiscuous mode
[  362.115540][ T8622] hsr0: left promiscuous mode
[  362.180582][ T6233] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.187799][ T6233] bridge0: port 1(bridge_slave_0) entered forwarding state
[  362.214117][ T6233] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.221299][ T6233] bridge0: port 2(bridge_slave_1) entered forwarding state
[  362.411188][    T8] usb 3-1: Using ep0 maxpacket: 32
[  362.454175][ T8393] veth0_vlan: entered promiscuous mode
[  362.463396][    T8] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  362.477065][    T8] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  362.501080][    T8] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  362.985833][ T8633] vlan3: entered promiscuous mode
[  362.991171][ T8633] hsr0: entered promiscuous mode
[  363.004905][ T8633] hsr0: left promiscuous mode
[  363.207671][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.219735][    T8] hub 3-1:4.0: USB hub found
[  363.281612][ T8632] xt_CT: No such helper "pptp"
[  363.396451][ T8393] veth1_vlan: entered promiscuous mode
[  363.429253][ T8491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  363.461418][    T8] hub 3-1:4.0: 8 ports detected
[  363.473171][    T8] hub 3-1:4.0: insufficient power available to use all downstream ports
[  363.546409][ T8393] veth0_macvtap: entered promiscuous mode
[  363.665973][    T8] hub 3-1:4.0: hub_hub_status failed (err = -71)
[  363.696174][    T8] hub 3-1:4.0: config failed, can't get hub status (err -71)
[  363.754787][ T8641] netlink: 12 bytes leftover after parsing attributes in process `syz.1.746'.
[  363.766092][ T8393] veth1_macvtap: entered promiscuous mode
[  363.770319][    T8] usb 3-1: USB disconnect, device number 21
[  363.782081][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.793029][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.803546][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.815060][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.827522][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.850705][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.865151][ T8393] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.899629][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.913420][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.928509][ T8393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.951577][ T8393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.962562][ T8393] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.986830][ T8393] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.999688][ T8393] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.009369][ T8393] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.019001][ T8393] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.045095][ T8491] 8021q: adding VLAN 0 to HW filter on device batadv0
[  364.263427][   T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.286257][   T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.344276][   T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.377271][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.550324][ T8491] veth0_vlan: entered promiscuous mode
[  365.600836][ T8491] veth1_vlan: entered promiscuous mode
[  365.658695][ T8491] veth0_macvtap: entered promiscuous mode
[  365.674333][ T8491] veth1_macvtap: entered promiscuous mode
[  365.710161][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.727599][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.745144][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.760165][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.776900][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.787970][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.802338][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.818657][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.839333][ T8491] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.008106][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.022897][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.033259][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.043742][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.053961][ T8491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.068470][ T8491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.319377][ T8491] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.546103][ T8491] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.573870][ T8491] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.600076][ T8491] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.807182][ T8491] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  367.107320][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.128919][ T8689] netlink: 12 bytes leftover after parsing attributes in process `syz.0.754'.
[  367.512811][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.571694][    T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  367.620441][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.630221][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.762026][    T9] usb 3-1: Using ep0 maxpacket: 32
[  367.776193][    T9] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  367.801984][    T9] usb 3-1: config 0 has no interface number 0
[  367.849358][    T9] usb 3-1: config 0 interface 184 has no altsetting 0
[  367.870431][    T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  367.887807][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.896704][    T9] usb 3-1: Product: syz
[  367.929027][    T9] usb 3-1: Manufacturer: syz
[  367.934899][    T9] usb 3-1: SerialNumber: syz
[  367.948961][    T9] usb 3-1: config 0 descriptor??
[  367.958489][    T9] smsc75xx v1.0.0
[  368.335331][ T8700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.759'.
[  368.766765][    T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  368.777804][    T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  369.034704][    T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  369.571961][    T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  369.582770][    T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  369.592700][    T9] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  369.606027][    T9] usb 3-1: USB disconnect, device number 22
[  370.070567][ T5903] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  370.230196][ T5903] usb 5-1: device descriptor read/64, error -71
[  370.481544][ T5903] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  370.764485][ T5903] usb 5-1: device descriptor read/64, error -71
[  370.923055][ T5903] usb usb5-port1: attempt power cycle
[  372.255193][ T5903] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  372.504463][ T5903] usb 5-1: device descriptor read/8, error -71
[  372.544834][ T8754] overlayfs: statfs failed on './file0'
[  372.591964][ T8754] FAULT_INJECTION: forcing a failure.
[  372.591964][ T8754] name failslab, interval 1, probability 0, space 0, times 0
[  372.626348][ T8754] CPU: 1 UID: 0 PID: 8754 Comm: syz.5.775 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  372.626376][ T8754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  372.626387][ T8754] Call Trace:
[  372.626393][ T8754]  <TASK>
[  372.626401][ T8754]  dump_stack_lvl+0x241/0x360
[  372.626426][ T8754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.626443][ T8754]  ? __pfx__printk+0x10/0x10
[  372.626468][ T8754]  ? kmem_cache_alloc_noprof+0x48/0x380
[  372.626491][ T8754]  ? __pfx___might_resched+0x10/0x10
[  372.626515][ T8754]  should_fail_ex+0x40a/0x550
[  372.626541][ T8754]  should_failslab+0xac/0x100
[  372.626564][ T8754]  ? getname_flags+0xb7/0x540
[  372.626578][ T8754]  kmem_cache_alloc_noprof+0x70/0x380
[  372.626612][ T8754]  getname_flags+0xb7/0x540
[  372.626632][ T8754]  do_sys_openat2+0xd2/0x1d0
[  372.626651][ T8754]  ? __pfx_do_sys_openat2+0x10/0x10
[  372.626665][ T8754]  ? __fget_files+0x2a/0x410
[  372.626685][ T8754]  ? __fget_files+0x2a/0x410
[  372.626706][ T8754]  __x64_sys_openat+0x247/0x2a0
[  372.626725][ T8754]  ? __pfx___x64_sys_openat+0x10/0x10
[  372.626745][ T8754]  ? do_syscall_64+0x100/0x230
[  372.626768][ T8754]  ? do_syscall_64+0xb6/0x230
[  372.626788][ T8754]  do_syscall_64+0xf3/0x230
[  372.626807][ T8754]  ? clear_bhb_loop+0x35/0x90
[  372.626830][ T8754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.626850][ T8754] RIP: 0033:0x7f9ca1b8cde9
[  372.626865][ T8754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.626879][ T8754] RSP: 002b:00007f9ca2ac5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  372.626897][ T8754] RAX: ffffffffffffffda RBX: 00007f9ca1da5fa0 RCX: 00007f9ca1b8cde9
[  372.626910][ T8754] RDX: 0000000000000000 RSI: 0000400000000540 RDI: ffffffffffffff9c
[  372.626921][ T8754] RBP: 00007f9ca2ac5090 R08: 0000000000000000 R09: 0000000000000000
[  372.626931][ T8754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.626941][ T8754] R13: 0000000000000000 R14: 00007f9ca1da5fa0 R15: 00007ffdc6438fb8
[  372.626967][ T8754]  </TASK>
[  372.879829][ T8759] FAULT_INJECTION: forcing a failure.
[  372.879829][ T8759] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.893654][ T8759] CPU: 1 UID: 0 PID: 8759 Comm: syz.1.777 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  372.893678][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  372.893689][ T8759] Call Trace:
[  372.893695][ T8759]  <TASK>
[  372.893702][ T8759]  dump_stack_lvl+0x241/0x360
[  372.893726][ T8759]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.893743][ T8759]  ? __pfx__printk+0x10/0x10
[  372.893765][ T8759]  ? __pfx_lock_release+0x10/0x10
[  372.893793][ T8759]  should_fail_ex+0x40a/0x550
[  372.893818][ T8759]  _copy_from_user+0x2d/0xb0
[  372.893837][ T8759]  move_addr_to_kernel+0x82/0x150
[  372.893855][ T8759]  copy_msghdr_from_user+0x43e/0x680
[  372.893873][ T8759]  ? __pfx___might_resched+0x10/0x10
[  372.893895][ T8759]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  372.893910][ T8759]  ? __fget_files+0x2a/0x410
[  372.893931][ T8759]  ? __sys_sendmmsg+0x392/0x720
[  372.893952][ T8759]  ? __might_fault+0xaa/0x120
[  372.893975][ T8759]  __sys_sendmmsg+0x32b/0x720
[  372.894005][ T8759]  ? __pfx___sys_sendmmsg+0x10/0x10
[  372.894037][ T8759]  ? __pfx_lock_release+0x10/0x10
[  372.894055][ T8759]  ? kstrtouint_from_user+0x128/0x190
[  372.894099][ T8759]  ? ksys_write+0x22a/0x2b0
[  372.894118][ T8759]  ? __pfx_lock_release+0x10/0x10
[  372.894144][ T8759]  ? sb_end_write+0xe9/0x1c0
[  372.894160][ T8759]  ? vfs_write+0x7fa/0xd10
[  372.894181][ T8759]  ? __mutex_unlock_slowpath+0x227/0x800
[  372.894225][ T8759]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  372.894247][ T8759]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  372.894269][ T8759]  ? do_syscall_64+0x100/0x230
[  372.894290][ T8759]  __x64_sys_sendmmsg+0xa0/0xb0
[  372.894313][ T8759]  do_syscall_64+0xf3/0x230
[  372.894331][ T8759]  ? clear_bhb_loop+0x35/0x90
[  372.894355][ T8759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.894374][ T8759] RIP: 0033:0x7fde7418cde9
[  372.894389][ T8759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.894403][ T8759] RSP: 002b:00007fde71fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  372.894421][ T8759] RAX: ffffffffffffffda RBX: 00007fde743a6080 RCX: 00007fde7418cde9
[  372.894433][ T8759] RDX: 0000000000000299 RSI: 0000400000003dc0 RDI: 0000000000000006
[  372.894444][ T8759] RBP: 00007fde71fd5090 R08: 0000000000000000 R09: 0000000000000000
[  372.894454][ T8759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.894464][ T8759] R13: 0000000000000000 R14: 00007fde743a6080 R15: 00007ffc07453d28
[  372.894489][ T8759]  </TASK>
[  373.302554][ T5872] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  373.447277][ T5831] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  373.504106][ T5872] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  373.526578][ T5872] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  373.536736][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  373.544951][ T5872] usb 1-1: SerialNumber: syz
[  373.871167][ T5831] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  373.880259][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[  373.911192][ T5831] usb 3-1: Product: syz
[  373.915419][ T5831] usb 3-1: Manufacturer: syz
[  373.920033][ T5831] usb 3-1: SerialNumber: syz
[  374.088929][ T5831] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  375.310219][ T5831] vp7045: USB control message 'out' went wrong.
[  375.338181][ T5872] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  375.341308][ T5831] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  375.388138][ T5831] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  375.549711][ T5872] usb 1-1: USB disconnect, device number 21
[  375.579680][ T5831] usb 3-1: USB disconnect, device number 23
[  378.804865][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.811425][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.956145][ T8819] Bluetooth: MGMT ver 1.23
[  378.978385][ T8819] sctp: [Deprecated]: syz.0.796 (pid 8819) Use of int in max_burst socket option deprecated.
[  378.978385][ T8819] Use struct sctp_assoc_value instead
[  379.256822][ T8822] sp0: Synchronizing with TNC
[  379.897955][ T8836] netlink: 'syz.0.802': attribute type 39 has an invalid length.
[  379.906708][ T5831] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  381.033603][ T5831] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  381.689230][ T5831] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  381.706408][ T5831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  381.718000][ T5831] usb 5-1: SerialNumber: syz
[  382.967495][ T5831] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  383.060032][ T5831] usb 5-1: USB disconnect, device number 20
[  383.149631][ T8870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.810'.
[  383.158995][ T8870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.810'.
[  383.173510][ T8870] bridge0: entered promiscuous mode
[  383.198646][ T8870] bridge0: left promiscuous mode
[  383.771673][ T5831] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  384.931990][ T5831] usb 3-1: Using ep0 maxpacket: 32
[  385.737033][ T5831] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  385.796118][ T5831] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  385.868456][ T5831] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  386.587508][ T8905] netlink: 'syz.1.819': attribute type 10 has an invalid length.
[  386.637699][ T8905] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.645412][ T8905] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.651008][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  386.671013][ T5831] usb 3-1: Product: syz
[  386.675358][ T5831] usb 3-1: Manufacturer: syz
[  386.680010][ T5831] usb 3-1: SerialNumber: syz
[  386.699073][ T5831] usb 3-1: can't set config #1, error -71
[  386.709313][ T8905] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.716579][ T8905] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.725504][ T8905] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.732791][ T8905] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.751231][ T5831] usb 3-1: USB disconnect, device number 24
[  386.842600][ T8905] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  387.909443][ T8912] syz.2.822 (8912): drop_caches: 2
[  388.201990][ T8491] syz-executor (8491) used greatest stack depth: 18952 bytes left
[  388.423474][ T1154] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.643759][ T1154] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.718321][ T8923] FAULT_INJECTION: forcing a failure.
[  388.718321][ T8923] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.766408][ T8923] CPU: 1 UID: 0 PID: 8923 Comm: syz.1.826 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  388.766436][ T8923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  388.766447][ T8923] Call Trace:
[  388.766453][ T8923]  <TASK>
[  388.766460][ T8923]  dump_stack_lvl+0x241/0x360
[  388.766488][ T8923]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.766504][ T8923]  ? __pfx__printk+0x10/0x10
[  388.766533][ T8923]  ? snprintf+0xda/0x120
[  388.766557][ T8923]  should_fail_ex+0x40a/0x550
[  388.766583][ T8923]  _copy_to_user+0x31/0xb0
[  388.766604][ T8923]  simple_read_from_buffer+0xca/0x150
[  388.766631][ T8923]  proc_fail_nth_read+0x1e9/0x250
[  388.766664][ T8923]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  388.766689][ T8923]  ? rw_verify_area+0x243/0x630
[  388.766707][ T8923]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  388.766732][ T8923]  vfs_read+0x1f8/0xb40
[  388.766752][ T8923]  ? fdget_pos+0x254/0x320
[  388.766769][ T8923]  ? __pfx___mutex_lock+0x10/0x10
[  388.766788][ T8923]  ? __pfx_vfs_read+0x10/0x10
[  388.766810][ T8923]  ? __fget_files+0x2a/0x410
[  388.766828][ T8923]  ? __fget_files+0x395/0x410
[  388.766842][ T8923]  ? __fget_files+0x2a/0x410
[  388.766867][ T8923]  ksys_read+0x18f/0x2b0
[  388.766888][ T8923]  ? __pfx_ksys_read+0x10/0x10
[  388.766906][ T8923]  ? do_syscall_64+0x100/0x230
[  388.766928][ T8923]  ? do_syscall_64+0xb6/0x230
[  388.766949][ T8923]  do_syscall_64+0xf3/0x230
[  388.766967][ T8923]  ? clear_bhb_loop+0x35/0x90
[  388.766990][ T8923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.767011][ T8923] RIP: 0033:0x7fde7418b7fc
[  388.767026][ T8923] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  388.767039][ T8923] RSP: 002b:00007fde71ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  388.767058][ T8923] RAX: ffffffffffffffda RBX: 00007fde743a5fa0 RCX: 00007fde7418b7fc
[  388.767070][ T8923] RDX: 000000000000000f RSI: 00007fde71ff60a0 RDI: 0000000000000004
[  388.767081][ T8923] RBP: 00007fde71ff6090 R08: 0000000000000000 R09: 0000000000000000
[  388.767092][ T8923] R10: 0000400000000100 R11: 0000000000000246 R12: 0000000000000001
[  388.767102][ T8923] R13: 0000000000000000 R14: 00007fde743a5fa0 R15: 00007ffc07453d28
[  388.767129][ T8923]  </TASK>
[  389.781729][ T1154] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.974222][ T1154] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.009512][ T5135] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  391.028644][ T5135] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  391.029576][ T5135] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  391.693573][ T5135] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  391.717106][ T5135] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  391.718354][ T5135] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  391.942739][ T5818] cgroup: fork rejected by pids controller in /syz1
[  392.935178][ T5818] bond0: (slave syz_tun): Releasing backup interface
[  393.031161][ T1154] bridge_slave_1: left allmulticast mode
[  393.036872][ T1154] bridge_slave_1: left promiscuous mode
[  393.086610][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.105976][ T1154] bridge_slave_0: left allmulticast mode
[  393.114342][ T1154] bridge_slave_0: left promiscuous mode
[  393.122091][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.500414][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.512500][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.525809][ T1154] bond0 (unregistering): Released all slaves
[  393.613208][ T8937] chnl_net:caif_netlink_parms(): no params data found
[  393.685895][ T8937] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.695163][ T8937] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.702825][ T8937] bridge_slave_0: entered allmulticast mode
[  393.710028][ T8937] bridge_slave_0: entered promiscuous mode
[  393.722653][ T8937] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.730051][ T8937] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.737836][ T8937] bridge_slave_1: entered allmulticast mode
[  393.744664][ T8937] bridge_slave_1: entered promiscuous mode
[  393.789906][ T8937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.803153][ T8937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  393.837907][ T1154] hsr_slave_0: left promiscuous mode
[  393.847202][ T1154] hsr_slave_1: left promiscuous mode
[  393.853391][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  393.860847][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0
[  393.868988][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  393.876703][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  393.895399][ T1154] veth1_macvtap: left promiscuous mode
[  393.901525][ T1154] veth0_macvtap: left promiscuous mode
[  393.907154][ T1154] veth1_vlan: left promiscuous mode
[  393.914549][ T1154] veth0_vlan: left promiscuous mode
[  394.091240][ T5833] Bluetooth: hci3: command tx timeout
[  394.305715][ T1154] team0 (unregistering): Port device team_slave_1 removed
[  394.355383][ T1154] team0 (unregistering): Port device team_slave_0 removed
[  394.744832][ T8937] team0: Port device team_slave_0 added
[  394.755269][ T8937] team0: Port device team_slave_1 added
[  394.788900][ T8937] batman_adv: batadv0: Adding interface: batadv_slave_0
[  394.796139][ T8937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.822965][ T8937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  394.837586][ T8937] batman_adv: batadv0: Adding interface: batadv_slave_1
[  394.844869][ T8937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.871182][ T8937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  394.946192][ T8937] hsr_slave_0: entered promiscuous mode
[  394.952756][ T8937] hsr_slave_1: entered promiscuous mode
[  394.958683][ T8937] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  394.966620][ T8937] Cannot create hsr debugfs directory
[  395.156285][ T6233] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.243683][ T6233] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.298718][ T8937] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  395.307996][ T8937] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  395.345285][ T6233] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.357301][ T8937] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  395.366975][ T8937] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  395.399187][ T6233] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.452449][ T8937] 8021q: adding VLAN 0 to HW filter on device bond0
[  395.479065][ T8937] 8021q: adding VLAN 0 to HW filter on device team0
[  395.505345][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  395.512519][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  395.525729][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  395.532874][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  395.576060][ T6233] bridge_slave_1: left allmulticast mode
[  395.583180][ T6233] bridge_slave_1: left promiscuous mode
[  395.588869][ T6233] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.597317][ T6233] bridge_slave_0: left allmulticast mode
[  395.603338][ T6233] bridge_slave_0: left promiscuous mode
[  395.608952][ T6233] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.621582][   T35] 
[  395.622599][ T6233] ------------[ cut here ]------------
[  395.624114][   T35] =============================
[  395.629546][ T6233] DEBUG_LOCKS_WARN_ON(1)
[  395.634454][ T6233] WARNING: CPU: 1 PID: 6233 at kernel/locking/lockdep.c:234 __lock_acquire+0x564/0x2100
[  395.634479][   T35] WARNING: suspicious RCU usage
[  395.634490][   T35] 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0 Not tainted
[  395.638696][ T6233] Modules linked in:
[  395.648449][   T35] -----------------------------
[  395.653221][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: kworker/u8:15 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  395.653240][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  395.653251][ T6233] Workqueue: netns cleanup_net
[  395.653272][ T6233] RIP: 0010:__lock_acquire+0x564/0x2100
[  395.653293][ T6233] Code: 00 00 83 3d 81 2d 9f 0e 00 75 23 90 48 c7 c7 e0 a2 2a 8c 48 c7 c6 e0 a5 2a 8c e8 07 c2 e4 ff 48 ba 00 00 00 00 00 fc ff df 90 <0f> 0b 90 90 90 31 db 48 81 c3 c4 00 00 00 48 89 d8 48 c1 e8 03 0f
[  395.653307][ T6233] RSP: 0018:ffffc9000c3f7350 EFLAGS: 00010046
[  395.653321][ T6233] RAX: 496e164656bad200 RBX: 0000000000000fd4 RCX: ffff888059fb9e00
[  395.653331][ T6233] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  395.653342][ T6233] RBP: 00000000000c0fd4 R08: ffffffff81817d42 R09: 1ffff110170e519a
[  395.653353][ T6233] R10: dffffc0000000000 R11: ffffed10170e519b R12: ffff888059fba8d4
[  395.653364][ T6233] R13: 0000000000000014 R14: 1ffff1100b3f7536 R15: ffff888059fba9b0
[  395.653375][ T6233] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  395.653389][ T6233] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  395.653400][ T6233] CR2: 00007fb311cd7d60 CR3: 0000000035dee000 CR4: 00000000003526f0
[  395.653415][ T6233] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  395.653426][ T6233] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  395.653437][ T6233] Call Trace:
[  395.653443][ T6233]  <TASK>
[  395.653451][ T6233]  ? __warn+0x165/0x4d0
[  395.653471][ T6233]  ? __lock_acquire+0x564/0x2100
[  395.653492][ T6233]  ? report_bug+0x2b3/0x500
[  395.653508][ T6233]  ? __lock_acquire+0x564/0x2100
[  395.653529][ T6233]  ? handle_bug+0x60/0x90
[  395.653548][ T6233]  ? exc_invalid_op+0x1a/0x50
[  395.653566][ T6233]  ? asm_exc_invalid_op+0x1a/0x20
[  395.653588][ T6233]  ? __warn_printk+0x292/0x360
[  395.660666][   T35] net/sched/sch_generic.c:1285 suspicious rcu_dereference_protected() usage!
[  395.664538][ T6233]  ? __lock_acquire+0x564/0x2100
[  395.664565][ T6233]  lock_acquire+0x1ed/0x550
[  395.664583][ T6233]  ? down+0x39/0xc0
[  395.664601][ T6233]  ? __pfx_lock_acquire+0x10/0x10
[  395.664624][ T6233]  _raw_spin_lock_irqsave+0xd5/0x120
[  395.664645][ T6233]  ? down+0x39/0xc0
[  395.664660][ T6233]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  395.664683][ T6233]  down+0x39/0xc0
[  395.664699][ T6233]  __dev_close_many+0x106/0x350
[  395.664716][ T6233]  ? __pfx___dev_close_many+0x10/0x10
[  395.664735][ T6233]  ? mark_lock+0x9a/0x360
[  395.664756][ T6233]  dev_close_many+0x24e/0x4c0
[  395.664775][ T6233]  ? __pfx_dev_close_many+0x10/0x10
[  395.664795][ T6233]  unregister_netdevice_many_notify+0x52d/0x1f10
[  395.664823][ T6233]  ? net_generic+0x1f/0x240
[  395.664841][ T6233]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  395.669676][   T35] 
[  395.669676][   T35] other info that might help us debug this:
[  395.669676][   T35] 
[  395.680574][ T6233]  ? unregister_netdevice_queue+0x26b/0x370
[  395.680597][ T6233]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  395.680621][ T6233]  ? nexthop_net_exit_batch_rtnl+0x100/0x150
[  395.680643][ T6233]  cleanup_net+0x76d/0xd60
[  395.680664][ T6233]  ? __pfx_cleanup_net+0x10/0x10
[  395.690761][   T35] 
[  395.690761][   T35] rcu_scheduler_active = 2, debug_locks = 1
[  395.695436][ T6233]  ? process_scheduled_works+0x9c6/0x18e0
[  395.695458][ T6233]  process_scheduled_works+0xabe/0x18e0
[  395.700989][   T35] 8 locks held by kworker/u8:2/35:
[  395.720558][ T6233]  ? __pfx_process_scheduled_works+0x10/0x10
[  395.720582][ T6233]  ? assign_work+0x364/0x3d0
[  395.720599][ T6233]  worker_thread+0x870/0xd30
[  395.726688][   T35]  #0: 
[  395.734590][ T6233]  ? __kthread_parkme+0x169/0x1d0
[  395.734615][ T6233]  ? __pfx_worker_thread+0x10/0x10
[  395.742604][   T35] ffff88806350e948
[  395.750519][ T6233]  kthread+0x7a9/0x920
[  395.758803][   T35]  (
[  395.766419][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766446][ T6233]  ? __pfx_worker_thread+0x10/0x10
[  395.766464][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766480][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766499][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766517][ T6233]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.766532][ T6233]  ? lockdep_hardirqs_on+0x99/0x150
[  395.766548][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766565][ T6233]  ret_from_fork+0x4b/0x80
[  395.766583][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.766603][ T6233]  ret_from_fork_asm+0x1a/0x30
[  395.766626][ T6233]  </TASK>
[  395.766652][ T6233] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  395.766664][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: kworker/u8:15 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0
[  395.766684][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  395.766695][ T6233] Workqueue: netns cleanup_net
[  395.766715][ T6233] Call Trace:
[  395.766722][ T6233]  <TASK>
[  395.766729][ T6233]  dump_stack_lvl+0x241/0x360
[  395.766746][ T6233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.766761][ T6233]  ? __pfx__printk+0x10/0x10
[  395.766785][ T6233]  ? vscnprintf+0x5d/0x90
[  395.766807][ T6233]  panic+0x349/0x880
[  395.766827][ T6233]  ? __warn+0x174/0x4d0
[  395.766853][ T6233]  ? __pfx_panic+0x10/0x10
[  395.766876][ T6233]  ? ret_from_fork_asm+0x1a/0x30
[  395.766895][ T6233]  __warn+0x344/0x4d0
[  395.766913][ T6233]  ? __lock_acquire+0x564/0x2100
[  395.766935][ T6233]  report_bug+0x2b3/0x500
[  395.766951][ T6233]  ? __lock_acquire+0x564/0x2100
[  395.766972][ T6233]  handle_bug+0x60/0x90
[  395.766991][ T6233]  exc_invalid_op+0x1a/0x50
[  395.767009][ T6233]  asm_exc_invalid_op+0x1a/0x20
[  395.767030][ T6233] RIP: 0010:__lock_acquire+0x564/0x2100
[  395.767050][ T6233] Code: 00 00 83 3d 81 2d 9f 0e 00 75 23 90 48 c7 c7 e0 a2 2a 8c 48 c7 c6 e0 a5 2a 8c e8 07 c2 e4 ff 48 ba 00 00 00 00 00 fc ff df 90 <0f> 0b 90 90 90 31 db 48 81 c3 c4 00 00 00 48 89 d8 48 c1 e8 03 0f
[  395.767065][ T6233] RSP: 0018:ffffc9000c3f7350 EFLAGS: 00010046
[  395.767079][ T6233] RAX: 496e164656bad200 RBX: 0000000000000fd4 RCX: ffff888059fb9e00
[  395.767090][ T6233] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  395.767102][ T6233] RBP: 00000000000c0fd4 R08: ffffffff81817d42 R09: 1ffff110170e519a
[  395.767113][ T6233] R10: dffffc0000000000 R11: ffffed10170e519b R12: ffff888059fba8d4
[  395.767126][ T6233] R13: 0000000000000014 R14: 1ffff1100b3f7536 R15: ffff888059fba9b0
[  395.767140][ T6233]  ? __warn_printk+0x292/0x360
[  395.767170][ T6233]  lock_acquire+0x1ed/0x550
[  395.767188][ T6233]  ? down+0x39/0xc0
[  395.767208][ T6233]  ? __pfx_lock_acquire+0x10/0x10
[  395.767235][ T6233]  _raw_spin_lock_irqsave+0xd5/0x120
[  395.767256][ T6233]  ? down+0x39/0xc0
[  395.767271][ T6233]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  395.767298][ T6233]  down+0x39/0xc0
[  395.767315][ T6233]  __dev_close_many+0x106/0x350
[  395.767334][ T6233]  ? __pfx___dev_close_many+0x10/0x10
[  395.767352][ T6233]  ? mark_lock+0x9a/0x360
[  395.767373][ T6233]  dev_close_many+0x24e/0x4c0
[  395.767391][ T6233]  ? __pfx_dev_close_many+0x10/0x10
[  395.767411][ T6233]  unregister_netdevice_many_notify+0x52d/0x1f10
[  395.767439][ T6233]  ? net_generic+0x1f/0x240
[  395.767457][ T6233]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  395.767481][ T6233]  ? unregister_netdevice_queue+0x26b/0x370
[  395.767503][ T6233]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  395.767528][ T6233]  ? nexthop_net_exit_batch_rtnl+0x100/0x150
[  395.767552][ T6233]  cleanup_net+0x76d/0xd60
[  395.767572][ T6233]  ? __pfx_cleanup_net+0x10/0x10
[  395.767593][ T6233]  ? process_scheduled_works+0x9c6/0x18e0
[  395.767611][ T6233]  process_scheduled_works+0xabe/0x18e0
[  395.767638][ T6233]  ? __pfx_process_scheduled_works+0x10/0x10
[  395.767658][ T6233]  ? assign_work+0x364/0x3d0
[  395.767676][ T6233]  worker_thread+0x870/0xd30
[  395.767699][ T6233]  ? __kthread_parkme+0x169/0x1d0
[  395.767719][ T6233]  ? __pfx_worker_thread+0x10/0x10
[  395.767737][ T6233]  kthread+0x7a9/0x920
[  395.767755][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767775][ T6233]  ? __pfx_worker_thread+0x10/0x10
[  395.767793][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767812][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767832][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767858][ T6233]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.767873][ T6233]  ? lockdep_hardirqs_on+0x99/0x150
[  395.767888][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767908][ T6233]  ret_from_fork+0x4b/0x80
[  395.767926][ T6233]  ? __pfx_kthread+0x10/0x10
[  395.767945][ T6233]  ret_from_fork_asm+0x1a/0x30
[  395.767967][ T6233]  </TASK>
[  395.775849][ T6233] Kernel Offset: disabled