last executing test programs:

11.695293568s ago: executing program 1 (id=1037):
timer_create(0x0, 0x0, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$lock(r0, 0x410, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r2, 0x2)
r3 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0)
flock(r3, 0x1)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x18, 0x52, 0x1, 0x100, 0x4, {0x2}, [@typed={0x4, 0x1, 0x0, 0x0, @binary}]}, 0x18}}, 0x0)
flock(r3, 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)

11.091471698s ago: executing program 1 (id=1039):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000)

11.007241874s ago: executing program 1 (id=1041):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0xb8, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x7, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x81, 0x7}}, @filter_kind_options=@f_route={{0xa}, {0x80, 0x2, [@TCA_ROUTE4_ACT={0x7c, 0x6, [@m_tunnel_key={0x78, 0x1, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x1, 0x0, 0x2, 0x2}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014)

10.603080987s ago: executing program 1 (id=1044):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000400)=ANY=[@ANYRES16, @ANYRESDEC, @ANYBLOB="6887f8dbcb46d5f3bfb174b610e0635dc5a79934330631e7e1e7c96ad4b85299dfe11e3d9828e582e1a311e45136bacd651b05ac307229b9ef7fb5", @ANYRESDEC, @ANYRES64], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0x5, 0x0, 0x0)
writev(r6, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000001100), r6)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r8, &(0x7f0000005fc0)={0x0, 0x0, &(0x7f0000005f80)={&(0x7f0000000540)=ANY=[@ANYBLOB="8800000041d162a3fb804da446d382c067035cc15250344094dc8cf4ddc618f6d55884fd2c9b06d6d28f91aef46978867c820a96c42eba8f7f93d90b5fff1d94b38f4054e0d578ac8d9d6fea", @ANYRES16=0x0, @ANYBLOB="100027bd7000ffdbdf250e000000700002805d0004009a3459ed1c431bc2e33e879a28297c19bdf9cfb642429d0a48c24ea44a8177ed671085e34c60144c891cd4bec885d2d0f8c891f349e2db4feda2d33839e4f1b823d3ba3d87ea596cf52fabe4d71d5b163c8715d81279f14eaf00000004000400040001000400050004000280"], 0x88}, 0x1, 0x0, 0x0, 0x24000800}, 0x24048081)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000002840)=""/4096, 0x1000}], 0x2}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x488, 0x0, 0xa, 0x148, 0x30c, 0x60, 0x3f4, 0x2a8, 0x2a8, 0x3f4, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0xffffffff, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2a0, 0x30c, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00', {}, {0xff}}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x2, 0xa, [0x100, 0x4e22, 0x4e23, 0x4e23, 0x4e24, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x4e24, 0x4e21, 0x4e22, 0x4e24, 0x4e24, 0x4e22], [0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1]}}]}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x4e4)
syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)

7.748474418s ago: executing program 0 (id=1055):
r0 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000040)={0x0, 0x8, 0x1, [0x3, 0x1, 0x2, 0x6, 0x6], [0x9, 0x9, 0x40, 0xea, 0x1000, 0xf02, 0x3, 0x2, 0xbc, 0xcd, 0x10001, 0x10001, 0x1dc, 0x0, 0x1, 0x7, 0x7, 0x377b, 0x0, 0x157aca6d, 0x2, 0x77c5, 0x9, 0x6, 0x200, 0x1, 0xffffffffffffef00, 0x5, 0x3, 0x6, 0x9, 0x7, 0x3, 0x5d3, 0x9, 0x9000000, 0x8, 0x7, 0x3, 0x7fffffff, 0x1, 0x4c, 0xfffffffffffff000, 0x1, 0x1, 0x1, 0x2, 0x3, 0x81, 0x0, 0x800, 0x5, 0x1, 0x0, 0xe1, 0x565, 0x4f, 0xbd, 0x2, 0x1, 0xff, 0x4, 0xfffffffffffeffff, 0x1, 0x7, 0x2, 0x1, 0x6, 0x6, 0x5, 0x5, 0x12e, 0xb65d, 0x6, 0x6, 0x1, 0xe3f, 0x10001, 0x26, 0x3, 0x1, 0x0, 0x3, 0x8000000000000000, 0x8, 0x7, 0x1, 0x5, 0x3, 0x9, 0x4, 0x2, 0x5, 0xa69, 0x7, 0x4, 0x180, 0x1ff, 0x80000001, 0x4, 0x6, 0x727, 0x3, 0x80000000, 0x0, 0x8, 0xa, 0x7a, 0x2116, 0x2, 0xffffffffffffff09, 0x10, 0x6, 0x3cf1, 0x9, 0x4, 0x8, 0x79e6df42, 0x4, 0x7, 0x8001]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2000, &(0x7f0000000500)={[{@default_permissions}, {@verity_on}, {@workdir={'workdir', 0x3d, './file0'}}, {@nfs_export_on}], [{@obj_user}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x64, 0x34, 0x64, 0x33, 0x38, 0x31, 0x62], 0x2d, [0x30, 0x33, 0x35, 0x39], 0x2d, [0x35, 0xe, 0x62, 0x33], 0x2d, [0x32, 0x38, 0x6, 0x61], 0x2d, [0x35, 0x33, 0x62, 0x63, 0x65, 0x34, 0x37, 0x50]}}}, {@subj_user={'subj_user', 0x3d, '/sys/kernel/debug/bluetooth/6lowpan_enable\x00'}}, {@pcr={'pcr', 0x3d, 0x6}}, {@audit}]})
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000600))
fcntl$getownex(r1, 0x10, &(0x7f0000000640)={0x0, <r3=>0x0})
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, <r5=>r1, {0x3}}, './file0\x00'})
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r5, 0xc038943b, &(0x7f0000000740)={0x3, 0x48, '\x00', 0x1, &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DMA_BUF_SET_NAME_A(r0, 0x40046201, &(0x7f0000000780)='$(\x00')
statx(r5, &(0x7f00000007c0)='./file0\x00', 0x800, 0x200, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000900)={<r8=>0x0, <r9=>0x0, <r10=>0x0}, &(0x7f0000000940)=0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000980)={{0x1, 0x1, 0x18, <r11=>r0, {r6, r10}}, './file0\x00'})
r12 = dup(r0)
write$UHID_GET_REPORT_REPLY(r11, &(0x7f00000009c0)={0xa, {0x9, 0x7, 0x2b}}, 0xa)
r13 = syz_genetlink_get_family_id$batadv(&(0x7f0000000a40), r5)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r11, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, r13, 0x200, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x10)
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), r0)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000bc0)={'wlan1\x00', <r15=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r12, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x2c, r14, 0x2, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000001)
r16 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r17 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_ADD(r16, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x34, r17, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000800)
ioctl$SW_SYNC_IOC_INC(r12, 0x40045701, &(0x7f0000000e00)=0x5)
lstat(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, <r18=>0x0})
r19 = accept4$alg(r11, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(r12, 0x5429, &(0x7f0000001380)=<r20=>0x0)
sendmmsg$unix(r12, &(0x7f0000001640)=[{{&(0x7f0000000e40)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001280)=[{&(0x7f0000000ec0)="6e4ff41f4606833ea9427e7745cd58985b159742b0c6b9a8aa7f30d8703ecd849668f2c3b3bf5c699d3c08590199c7088038f030d48e1fbd533c1d0da91684140dcc1f6be34cbae4ee8bf772a700b76833d354fac8519e175f4afa709cb20c53ea63356571637d2de083d05877995459cff3a2f91846c00a983366ab7b78103bfc8ec07af538c22f74d83566504522f2671e0c1f806703459f1122d9c4", 0x9d}, {&(0x7f0000000f80)="f765bd8c6007f78a12b3acc0865ae37b2e97be955f363e45574a52ea50851bdab87d552b550dc6d30e93c4f9257d42ecc9ede5e076f0d6127493c889270620eaf16c19c2585a80e7a30574c927397b0dda9888ab7b27e14a1c90d812741e361529c294e1cdf206af0bb4df6d0f1432ccc5a0da4311f34ddf499484848f3e856a53d30b1ccecd3bbd8fc6bec3eff98f722010c5", 0x93}, {&(0x7f0000001040)="5e9317bcb1d81543a96b0d64a7d0bec0f6f289b4a3b155bde54ce20dcba5d4965e81a4bb8e699242d0b1053ee6c48fec3a247e0ed241ea57d969c55a2a78b6a15698be2fa8e852f0184158373ebc2da0d2cde89195b9cbc8d9e1e8915bf2b8435a3c482190fcd35a7c124424a8468c47b253b0448d5ae9741f887fcd994a2ffa8e39dd1e696a0c", 0x87}, {&(0x7f0000001100)="2ee9f2ec24268a2277e28bc93ae158df9be03106432c049e5545d793506d1b652b36b4c5e58f5b85ef3d0046d79567857d", 0x31}, {&(0x7f0000001140)="7b4ab53a7927d00a0841c1c480c95f0069e22619073bb976c4a2322952a19d2367b0a3651f8240e415f1569edb6875d9d5f0cb6f2fb691e3e7cffa7c2b2cae349728b7c7648546b822b0174367684d7ead52ab3a13f16631bd4dda634f0aeb2e4a5bf08967dc2033bd0e5a549cd72c11ac58d408c42333d337ebda2bc79c81968b4895e5a4aee6427fb7dc6fd1b71ddd37130bf4d4c788aa8219f8987a4968124b4d5d250a069e3fcf50dde7ad08fd3e3e732748c7409438fd8ac3afe6981e71982b5e119eaa", 0xc6}, {&(0x7f0000001240)="f5c70aebb4320badac276fbdae", 0xd}], 0x6, &(0x7f0000001540)=[@rights={{0x28, 0x1, 0x1, [r11, r5, r11, r5, r1, r12, r12]}}, @cred={{0x18, 0x1, 0x2, {r8, r18, r7}}}, @cred={{0x18, 0x1, 0x2, {r3, r6, r7}}}, @rights={{0x1c, 0x1, 0x1, [r19, r11, r1, r5]}}, @cred={{0x18, 0x1, 0x2, {r20, r6}}}, @cred={{0x18, 0x1, 0x2, {r8, r6}}}, @cred={{0x18, 0x1, 0x2, {r3, r6, r10}}}, @cred={{0x18, 0x1, 0x2, {r3, r9}}}], 0xd4, 0x48000}}], 0x1, 0x30000010)

7.748097655s ago: executing program 0 (id=1056):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x2}, 0x94)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2002)
write$sndseq(r0, &(0x7f0000000080)=[{0xff, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0xfe}, @queue}], 0x38)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000d00)=@raw={'raw\x00', 0x8, 0x3, 0x1e0, 0x0, 0x60, 0xd0e0000, 0x0, 0x100, 0x14c, 0x1d8, 0x1d8, 0x14c, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x98, 0xb8, 0x0, {}, [@common=@unspec=@cpu={{0x28}, {0x9, 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@empty, @empty, 0xffffffff, 0xffffff00, 'veth0_to_bridge\x00', 'caif0\x00', {}, {}, 0x5c, 0x1, 0x6c}, 0x9400, 0x70, 0x94, 0x94}, @common=@unspec=@AUDIT={0x24, 'AUDIT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x23c)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x200, 0x1, 0xc, 0x7, 0x0, 0x100, 0x81, 0x8}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1000000000000200", @ANYRES64=0x0], 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r5)
socket$l2tp6(0xa, 0x2, 0x73)
shutdown(r5, 0x0)
recvmmsg(r5, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
add_key$keyring(&(0x7f0000000280), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)

5.979368629s ago: executing program 1 (id=1058):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="1400000016000b63075a80648c25943b1f3eae25", 0x14}], 0x1}, 0x20000000)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)

4.508763239s ago: executing program 3 (id=1060):
mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x3e)
syz_emit_ethernet(0xb0, &(0x7f0000000340)={@broadcast, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x6, 0xa2, 0x64, 0x0, 0x4, 0x6, 0x0, @multicast1, @loopback}, {{0x4e22, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x9, 0x0, 0x7}, {"f5a95249f8abd89f1b14eb523862ef0dd15023583ccddd13969fcead6ad23b7e8884712bebc3db7d9995683d2eb504681ed0e319d3263ebefc26a844b0fd0963706bb33610c0714bf600aba73229ae9d539e6d966ddfb8965a1ed4be382319186e5035f829435590aa739eb158596b9422dc412722af1e8e58a9"}}}}}}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x11, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000180)={0x1})
r3 = socket$igmp(0x2, 0x3, 0x2)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r4, 0x519, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x67}, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffd, 0x38}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xe2035a0}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x0, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x10}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
sendto$inet(r3, 0x0, 0x0, 0xc000, &(0x7f0000001540)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f7410262e66f36d0f330f09660f3a0cb90000a6752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x31}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x5, 0x40, 0x40, 0x0, 0x3, 0x2004cb, 0x4000000000000000, 0x2, 0x3, 0x0, 0x1, 0x0, 0x2, 0x9, 0x1], 0x80a0000, 0x450})
ioctl$KVM_RUN(r6, 0xae80, 0x10800)
ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000300)={[{0xc9e, 0x8, 0x1, 0x7, 0x5, 0xff, 0x3, 0x7, 0x5, 0x1, 0x1, 0x2, 0xfffffffffffffffd}, {0x3, 0x1, 0x6, 0x0, 0x9, 0x9, 0x7, 0x9, 0x80, 0x2, 0x1, 0x6, 0x1}, {0x7fff, 0x5, 0xcf, 0x9, 0xff, 0x4, 0x30, 0xdf, 0x6, 0x5, 0x1, 0x7, 0x9}], 0xae8})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x300000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "0300", 0x8, 0x2c, 0xff, @remote, @local, {[@routing={0x5c, 0x0, 0x2, 0x4}]}}}}}, 0x0)

3.004647811s ago: executing program 3 (id=1064):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0xf5, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x74}}, 0x0)

2.929909086s ago: executing program 3 (id=1065):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000870000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000081000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x7, 0x0, 0xf000, 0x0, 0x0, 0x0, 0x4}, 0x50)

2.854766672s ago: executing program 3 (id=1066):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000400)=ANY=[@ANYRES16, @ANYRESDEC, @ANYBLOB="6887f8dbcb46d5f3bfb174b610e0635dc5a79934330631e7e1e7c96ad4b85299dfe11e3d9828e582e1a311e45136bacd651b05ac307229b9ef7fb5", @ANYRESDEC, @ANYRES64], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0x5, 0x0, 0x0)
writev(r6, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000001100), r6)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r8, &(0x7f0000005fc0)={0x0, 0x0, &(0x7f0000005f80)={&(0x7f0000000540)=ANY=[@ANYBLOB="8800000041d162a3fb804da446d382c067035cc15250344094dc8cf4ddc618f6d55884fd2c9b06d6d28f91aef46978867c820a96c42eba8f7f93d90b5fff1d94b38f4054e0d578ac8d9d6fea", @ANYRES16=0x0, @ANYBLOB="100027bd7000ffdbdf250e000000700002805d0004009a3459ed1c431bc2e33e879a28297c19bdf9cfb642429d0a48c24ea44a8177ed671085e34c60144c891cd4bec885d2d0f8c891f349e2db4feda2d33839e4f1b823d3ba3d87ea596cf52fabe4d71d5b163c8715d81279f14eaf00000004000400040001000400050004000280"], 0x88}, 0x1, 0x0, 0x0, 0x24000800}, 0x24048081)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000002840)=""/4096, 0x1000}], 0x2}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x488, 0x0, 0xa, 0x148, 0x30c, 0x60, 0x3f4, 0x2a8, 0x2a8, 0x3f4, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0xffffffff, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2a0, 0x30c, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00', {}, {0xff}}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x2, 0xa, [0x100, 0x4e22, 0x4e23, 0x4e23, 0x4e24, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x4e24, 0x4e21, 0x4e22, 0x4e24, 0x4e24, 0x4e22], [0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1]}}]}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x4e4)
syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)

1.498072824s ago: executing program 2 (id=1069):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0x200, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x1, 0x10000, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x6}, 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000003c0)=[@in6={0xa, 0x0, 0xfffffffc, @local}], 0x1c) (fail_nth: 3)

1.295140897s ago: executing program 2 (id=1070):
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x6}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file3\x00', 0x143002, 0x1d4)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x100, r1}, 0x0)

1.209501962s ago: executing program 2 (id=1071):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/timer_list\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001500)=[{&(0x7f00000002c0)=""/4084, 0xff4}], 0x1, 0xf73, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x400, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
signalfd4(r0, &(0x7f0000000000)={[0x2, 0x2899af87]}, 0x8, 0x80800)
setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, 0x0, 0x0)

953.162063ms ago: executing program 3 (id=1072):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
pwritev2(r0, &(0x7f0000000740)=[{&(0x7f0000000100)="3f6c5b761046b0a77db63c34e13408e27fcea6c7605a226d926b187e4d85c6dc144795bcb7eb57aa924187b4915c60848ced868e669e7383365c1b98ccdf87f4db91bf74c981a25caf0102470956f6b38a96d397cb995a13c9f1c474091c01e8c3c09a356e7dac9e7405acd7d332ba3fbb177cd8b2ffba8cc8d01264085fa41b35c651a946b8f2034baaa01bc5c5b1179e2e6e82dc3f059c52451ba5abc1", 0x9e}, {&(0x7f00000003c0)="87348b520f8a493ad8a047181df6537bdb1a05021f46d8199da66dd518ae99529927d7ba3d466263445843914d169d37b43a394b7f72563bb2b3f4d7d82ce7f5fd8465297d841e964f9ebefcab497fd319e92f52", 0x54}, {&(0x7f00000005c0)="f92c1e79acd0f7cdc8d83328244f9958c71163a4241e65d197e16cc0f83b426f50b2e198556fb3093a6c773014485fa3d250498d3c37886f01e28967891c211476b81d48e0d8c0e00a702dc058b1ea7a3379e60ec24f132994e5e71486e475fbd0bc45120c98a1f481eeed303a49c3715c922f20115a81e65ff34d2b6d903525677b13dc5a7a0dcf0d9fefab6f10ac3943b6fa40", 0x94}, {&(0x7f0000000540)="2f3a267f685a2d1298bed1b1df1e89e1fd29af64d0999594571ec52aa9ef8d2142b7d0ee618cd40d6c820d028cd41af19d307be674027c1096e85f739afb383cde82b296fa62d3e85d13dc0ba6", 0x4d}], 0x4, 0x9, 0x1, 0x1c)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
pipe2(&(0x7f0000001440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r5, 0x0, r4, 0x0, 0x6, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x3a, 0x0, "33d080577968b3107694c2858f48c27f17ef54caf822abcfad9399c494d846140482c7e40195d5f034a72c69ed7330f3000f530ff9525fad6b3db9851a4354d70cc3734d319f852c370cbc9e69c75987"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0)
setsockopt$inet_tcp_int(r6, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
read$watch_queue(r3, &(0x7f0000000880)=""/216, 0xd8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
sendmsg$NFNL_MSG_CTHELPER_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010901"], 0x14}}, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0xfffffefc, 0xffdffff8, 0x8, 0x15, "000000000000000000000000000000f30200"})
r7 = syz_open_pts(0xffffffffffffffff, 0x61c0)
pselect6(0x40, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x381, 0x0, 0x0, 0x9e25}, 0x0, 0x0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x13)
mount$bpf(0x0, 0x0, 0x0, 0x5805040, &(0x7f0000000100)=ANY=[@ANYBLOB="7569ce8f", @ANYRESHEX=0x0, @ANYBLOB=',\x00'])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)

867.76766ms ago: executing program 0 (id=1073):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x44a8c0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
connect$l2tp(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000340)={0x0, 0x7, &(0x7f0000001f00)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYRES16=r0], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4004054)
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="08002bbd7000ffdbdf25010000000000000002410000401000137564703a73797a320000000054352047bfdbda9828e8eb3bc0e95cb760c8e190f9b50c54f5e84e5899a7c62e265e5450fc39a401b8d5b24940bff37ab47ffc90d146e176141179b1c8c2547690b2b324834663fc3cd53b6f41f57675a4f2681f2ee5d740cbb3eac5ddff958f9cf00abb24a5e9"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x80)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0)
r3 = openat$hpet(0xffffff9c, &(0x7f0000000000), 0x103000, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0x6801, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
bind$bt_sco(r3, &(0x7f0000000280), 0x8)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(0xffffffffffffffff, &(0x7f0000000140), 0x0)
getpriority(0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x6008c15}, 0x20000800)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
io_setup(0x4004, &(0x7f0000000240)=<r4=>0x0)
r5 = inotify_init()
io_submit(r4, 0x1, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
inotify_add_watch(r5, &(0x7f00000000c0)='./file0\x00', 0xe4000316)
r6 = fsopen(0x0, 0x0)
fsmount(r6, 0x1, 0x1)

634.158884ms ago: executing program 0 (id=1074):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0xb8, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x7, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x81, 0x7}}, @filter_kind_options=@f_route={{0xa}, {0x80, 0x2, [@TCA_ROUTE4_ACT={0x7c, 0x6, [@m_tunnel_key={0x78, 0x1, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x1, 0x0, 0x2, 0x2}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014)

461.38235ms ago: executing program 0 (id=1075):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000140)={{}, 0xb5a3, 0x9, 0x8})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x19, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c00000004000000040000000800000000000000", @ANYRES32=r0, @ANYBLOB="000000ff0f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
landlock_restrict_self(0xffffffffffffffff, 0xe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5f1000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r2 = userfaultfd(0x80001)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000001000000000000500000a400000000c0a01010000000000f9ff000a0000090900020073797a31000000200900010073797a310000000014000380100000800c0001800600010058"], 0x68}, 0x1, 0x0, 0x0, 0x400c8d4}, 0x40)
close(r5)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000200)={0x3, 0x100})
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = timerfd_create(0x0, 0x800)
timerfd_settime(r7, 0x3, &(0x7f0000000100)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0)
readv(r7, &(0x7f0000000000)=[{&(0x7f00000020c0)=""/4106, 0x8}], 0x8)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_emit_vhci(&(0x7f0000000300)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x1db}, @l2cap_cid_signaling={{0x1d7}, [@l2cap_conf_req={{0x4, 0xa, 0x13}, {0x3, 0xb61, [@l2cap_conf_mtu={0x1, 0x2, 0xf3a}, @l2cap_conf_rfc={0x4, 0x9, {0x0, 0x1, 0xe7, 0x5, 0x5, 0xfffe}}]}}, @l2cap_info_rsp={{0xb, 0x67, 0x1a0}, {0x25, 0x1, "07efc74fda1fcfaf99f2969c574118723596258922b62e4f61bfa4f703f17114ae0fcc60f3e76910fb9161a97ed25c03e5d04d828b287896513c88cde11959cc5a34756d6a8fcdd0e8298d98a59903c4a74a067cb22dd2e0f9bf9c936b17baa0cdfc72afd1b66d28537c7b51286fb5972a33bc041b8d5769fb5c5dda32241f96eb1fc0dfec27455ff147b6ca940f232e57f2ec54c1aae22b886bb3ba8e222add128b6723691cc2fb7c616325aa4c3d8c9eeb11a65046b05374156cf192f268384201f0e2075cd0325d05f26469b018cb0d23fa2de09c5932f5ce97e79a5282c63eda1aad2b1621fdb93fab31c53fa250e26f4e326e663cf33ca7b5358af2e3de4b67ae3cde755611f0a6c6a3ec95c96dfd6b029c1483546726f1651b6279f6725c5c2a2251d6be666593be5b315fbb4e4282011d93b1578db7aab21190f6c235f5bb28d84b0fc383ded439de0a7c5ef94c5e7ec12270ce7bd400bbbcb432449736f046e93f82972535bace8915c5bf2177f33fc3bc33fab99a5e5cdb398fdb2247690e335417cda6e1de8b6f7f452b8666748c3a8febe1c15af562ed"}}, @l2cap_move_chan_req={{0xe, 0x6, 0x3}, {0x4, 0xfa}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x5, 0x2, 0xff, 0x5}}, @l2cap_create_chan_req={{0xc, 0xff, 0x5}, {0x9, 0x6, 0x7}}]}}, 0x1e0)

268.077612ms ago: executing program 2 (id=1076):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000980)={0x8, {"b92775609d12e5f18231d9bafd887278ada38ccf7c38cbca42ee1bfde44b073f2cb38bf09bfb262c9065b78177ee5ea40500a468320b7ff205f6e9af3835c61441afce08720c0159abb21ef6ec96a6fedf7c96328604a895b81d805e5954f33c11d0d1fcd653fb281c4a66326bd5eb203f59110a7a7e3eefeed36731f15207558cbae08d38a84dfd00cd3fa55c2403498a998fc96d98e5fcc7c13e0eeb212ea93f22e66a81d45a0104565ec4bf9aafcec7dd234567698bde2fac1374290c50229f168bef14f2182f7703aff64b64e9548ee57846a65a95e2434096d519bafd8fadac161c5a79b8d626c8ccc875f0b72ef92639ddf07d83428be9898f5d01ff2ad8fb84e835bc5e421706e17845a257992dd1ff580b077ee425fb6a33ea2dbec0892898949fe156534de50e1875f70ffc6d58d62c86f6dab43effda9e9db7c6368318040177afd53480536b612bcbfb8964e9e5592709cd236f8d90e68efbd40b94e3dfb3a52d949560bf82efcc1a08bca0eb5bccf5d914fe28dfe3bbd72f838ac9f78ce3383f6b008ff2c539a3405523796cc328dc9cb0dc173b7998663c129f3bf80f80ab6a58e0d6ae3bcf55a094c3d42dc0b26305eca2c5742fef8c058beaf63bb0ffc2edd7a70971f90645d5ece1f072642a94cc8f2b4665696b4fad2b8e1f583993ec105805f5662f310eec9fe96c43941f66327b7fb780185d806a478114c66223f0db749a9cade99d8418f096562e5d93d7fd40fda72956ec2904aecda0a2a35a2a92efc0c454079ae5018d7ef62f2015bc8420ac10f3f75264401c090da0172c894a1045fe7719c7dc68ae00001aff00cf5579fe0d609fa9f5a823b5b1d94a836b0cfb505449478d6e007381af21b25ceb70f8d7847cbc673bd359356f2bdcf6c71b06a464df615aaa36d3888b6e5fbeefb83171f679a1fd6f695497d348753535def65c8f3532652e0d3af11bd22b968553ff11fe560d942348dda693a52997055f2e08ed2ca69bc47825ca4407452b7e00ddc67a70a3ea584c2b799cd0ff9cd3e1ca90f9860bc69053f7b527af22a62bd20c20c633741a533c96df0c53ae15f4c03380d61545d8f830390e5f370bc98d7cbaa347b02112aad43b8fade11d7285ef2cb7005720a15112593db318e84ab4c07433005b292055e3913b2b0c4b7b8f745b4674ddbc6d421b6e1630467e08aa0c8d9b2e880676c8db6a7770fb0334bc2d979004eed9e54b4c425087b031558be9f0204bbe7c32ba2dc1fdaa47b5523d42c445bd9394325f4bd0c78d455863eda2d044a43f7dfe12706c56a08f6fd76dc4edb2c462dacdc96af3b881b9a19c3f020165ea1f1cc0610218ced5fb85d1c41ae960d08146d9ae2c057e91ee711f71195d56e8d0e77eca4803efc1d0eb7e6ae9016cb840aa472bae70a4e65ff9dc3883bde1cb721e7102a3f332ae3730cd1084b2e3ce0103cabbe7006a0ccd05111be062f9f40604d2dd831a30490f37ceb76423c31540b666e897b62b01110cb23f151b731c6ac3704f7ca07995ecabd55a0dc56999308d370cf4ccfd7ebf2bb2ad0af412c78d3a3cd8899d82dc926a6ee41ea62a4818258b8fb872c0a5cd8eda32fc2b3fba5bdb02e9fa1ae2f22a0a5ce77aaab5755259623348acb72cca5d71d65deed539b4e5f8727c54dd67a572e1adfde7cebcbd065a3db0e4e3719f8f3f2ce6c3fa12640bd075ed20a492cb3c0ca93a5255ae32ac8bc0d584c7ef88587141bcf16edc8ce982ad086174aa6ee5393a77bec2364a2b91b49ed08e5d218fda379c5bf7e55a3d19b07f4543ec5c952eba2fe04c16fdd84d7f3d950f04d9cdb6211095b13adb962713998d930f36640a7149e94f259aa1c94a024e5f388f3bb5ce942b9e34b92b0eb3131052fc01addf9309a614fa273154c34632c829b793d7a7672d8c9d0e4be074a3d4d9502cd52072e08bcb280c65336c1298fcb9e85cf7ea9ec2eeda6a2bcf5fca481fa2c33f14c95eb42b97dafd2c154337cdfbdb74bf1c5cadab109e72ae45c583d7c37845ede632a463b3f5222714e0928524e5ad1dee3a991656c334cf35a82854df74d44c6dc476c8e8ec49571cb73da755c320c7f6995b9d142b6567b882d22e0fa5da95b30602af0170bf48cd7ed0eeba02d1d2db0abc6202b3483d0221f5711ecdf8fc9f244e1f5ac0270784a338c6fc8ef8d431bc94ca6c33be394f970b6b0a89ab91d00a70653280b5455318171f828055d523cf9fd2200d186c124df20f30230ea69fd001e4dede0056bd23b8f7b2f6dee66351ea7187189933f8b678e0ff5985a35b5a4afc8da0d807c8740de0a6553ef101d5d97fd12dde43b68742e10cf1b6145c0d62d82e90d0136716f64a31af757f2ae4d1d0965b4a4ca8b6bccdbaa6b0cfcce1c547db9ed67fa312c20297ef2af2f7db456bf1ed32fab1b1636f188e54913b9564e22e7c4ec388a868cd226e4e064998043023c4ee3352379a30d15f1f0842a04fd0f06d8e99af6539fff86c17b1f3a2dc3b64e66931c5215b37932de47ed0c2d9781f080e86ede6046711ad0d25e3631f618465909df4a448ca91399aa10f831243fd18be7e0ed35efbf362fbec4dc1794cf21b02634eb48dc18e68b9904de291d51c4b9ecd0ae2dc4f31bffe4542fac8e73e1bf7b0d60267a55347249916439e016f5f6518718dc57dbacd0fa6b4f10b84d824c8eca056081d160b60af3aea24ff1972f7284504e77a7147a685a988ac96915a9f84277869f24bdf8e0988d0f9cbf8c7b00e92db7fe5854d7e5836f96d6355267e4b2277eb132f6d0f9dd383a66d7756219f0c49ae1c5875863f30fe833e4c0a2be38cd0c70b9062821865fdc49c0b21f004768a04950c461e3c64f04b5f6f631cd45e333cfd783d59fee397058f30860e7e1257a77f1d404ad3b969d9303c54d8432e163be4dbe5f97aea5a2b074dcebdad55324b9d8eb201903b6a21266e627f7700e1026da1cdf8aef350717bbdb264cfe21ea347c45f3b959b094493896588a1ee0054fa1d2abb9e6a911a22a766227b540fc964334c1c5655ab0e0a352d99b5b07cf8d007655edfb124573d058d691b04b8758b9d6ce0837edabd450c32de09763814179e7fee4556aa6c8a7491b15ca8df6f1be82ac5f25b734280e492fba8c40bbb7e3f0af1dab281f6fb042e2d46c0305892686e5e1172ad02789a559ad7274e2bba0e0e89e24d93d6b2cf1d6db3c4841af9ba06e1adfd36cd5af8556d99ba3357bf3cbc16eb1d2a3727fe45e2bfe62036d3eda33051d92803f67d6380c02f75c7bf0e72d28668ef8b4fcc3c010fe4ef621dfdaeba44318a3b1294fdfb2fdc3ae0fadab87eec50cf8bd56127e429f13d563674a9de0b587482649c97eb7687f36765a82a4f9f0189f29e883803171f9dd95b9eceee2cda67ee0c23f3aca8890f78ec330252aca12a714a5908f1b7d0917a04f357fc2e6610b0d990abffe9eb528746d69cc430401e91aba56c42885f0f85c3630dc3db36f975b2e04aab6c368988764b4fb0a5cbbe06ce20cc1ace9cc94d6f9dc81e99fb97ac1beb917ee0dc0ec99c02b494326bf929680c6fa1942b2e7666d849106a7df602c622a86400743a18dc0dba154de58b8e8d4e7c910537d2336541fc4004d480957a4d9e028c09de921f3494b10285eb5c9861f838a531b3a374c0d5435140d78b9670bc407899e9846f631cea1f357deaaa75b1d15a621937583834b76284565ebc5b70a5f68199bd7377bf7c977531a4beb874db1a8cc3d7434ba2a53af92d90406c46e558496a3a680d9f5f2996fb8e5d6ea36bad8a8b7d19b92cb046fc12a52ffcbdd8d3d574d93f632fec9737aaa4393e194cedea3f4da570923b2ec25a403911c8e797972874b80f806318874504aae07a005ce92f5a8fdcaa2f62ca22fb0b5b89e81f861254ebdb7e4c9d73b8dcb84eca9bf418f125671cf0faeaddd7839ef9becb4a749b495f909d3b6bddc077e7591e50280b30b858e7ff95c7cedb8792bc7bc351368f649cd49f0db3b1d6f930d0e77529db3598a02ebe77fe955c9d2cb5cfacfd294bac5d7ba28240880e3183ecde55fbabf1a8c12b7907084a6da4e8f05871b87a98ed24fb6985908a874cdb1fdc30d56c4858cbe64946e4b5c1395148d0d5c7b270212a6e37e5b829847c5c7c6e55c948ac873816c8e490b4d20e225a6ad248e86a8557d23818011587e80756e0e6ca112baa4ee8423b450cba0f41d12a90d4e052a5f5d0c0313cb7b5f9c97115df073470831286feac3d807551279e8d23896b611b8d922f56d18c3b6c55134d40b8b101164843d7acb2ad23926d634db487479f37fc04e1213b096f83290b3c462b59f95ead6d5379726453725731058a86b294a704a797a46085d4a9a75fd74a601a84fe0165f238094b5df2e4c24fc85237a4d29a55c2f0e2f7bfc4aa9b5763d72ba0b285a78b0c00378bd4542b50deca35c4cdb57c41c6ec94d8faf265815ea88aaefe2e213c6d5a1120029a7922683ab3fe678d60974ccbd012599a498175067b55e4e2ffb188258fb51bed19bde6efb2cc1beb5401e8190d9e7c83d42cc4356120c3be8b899a9d5773444377fcd66763ce9f220d65d9b176b078c7b5ad451c97b895f09875fa2b6948f5660f566e29726fd991b2e52743390ed3bfca093bad14e87bd4b9427553e4326b6912eb20162c8a407a77306fe45d525dd187af3a9ec69545a88f3f0fe3954aa894f1f2d3de53ceb16e2dd16b01b768fd53d2316174b50c2483afd7f96f8381e0043147f7d1726e6fd97fb28facc2281540ae5d43e0445d0cee8b4fadcdb97a5ebe6867a1d87275004223e3f6eac1ae722e727c78eafbee1cb4b4110995c71b6ab76e28d29438ef4bd2cd2ff01e310a50d382ef4b44704c9e954bd796e1276d3e0f6af67e9f5228b3608482f11133c13907cb6fb892e05a8e47655b093286b2876ddb45e43fce4e44bf27111a2424a44f6420a8d142b0bc9a856c544a8f72af02c1978a74f78db9e204277d2e24b0e6a571d46520b6d5faa7ef599676dc1547312e2a9c5123179a404d0cd2438adbcc3ac149f9b63242d7d928bcb2757b9e6c932ffb17831bf06c8b1568c07cc7998f131aaad1f9084ed7e0386cd90eeb7608909ce0f5bbccd5d09ab6b205a886aaf0d7f4527100a8d289b6b3b12c653dcf5595798e62e48b807b5911cfac8ab63d3ca469faaf92fbd1d1226d959d555a3e3406a433fd032b7ea2f3c44c59718e6a70c3ca8fb888ed1836f1b1c406393b7b23ee13224a4183e942e7f4583cb98da1eb17da66cdcda94004ad5aeb9183289c08156557a93aee57ae100a882b489d0a81a4ecee39ed6feecc7c66fc946c2b45273ec98689e28541174afa1db81f1aa1cc4a4c420d91f04d729be2b5b0a2bddacbd3bf2fbb54d283f0e5fcf041b0847a92cb055aefd2b343db59ccd6a66f9afe1f10b1bd20611900e1fae78e9663ec2c163449dc40341bd4865c238b63ece6108ef5237118fa6c772868921e941c48fa49c85aa61ba2d0b551a554f928598cb91659e9e072882d3312042ee32010c38f2d261c29c900ab21c523e851df902000e5d1955ccd8de6c9823f4f3e019e0cc33b87d8d69471b837a326a29c46c8f5104a75f411868afb5c8810706454b2fc6391649d70652a86e0f5307244060a7308ffa97f4207a5401e4146d03ee17b44d70f3688e1d09335dd7463c51b91c110b975381215c1ce255e3a9f4a96ecb29d3696fac1b8d1cd52d1e0ac9500", 0x1000}}, 0x1006)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0x20008000)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB="028000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x0, 0x2b, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x5c93067603d2de2a, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000d0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="6a69c274386d178550cb864bd572", 0x0, 0xffff6340, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0xffffffffffffff9a)
r4 = socket$inet(0x2, 0x4, 0x1)
setsockopt$inet_tcp_int(r4, 0x6, 0x1e, &(0x7f00000004c0)=0x1, 0x4)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000240)={0x2001}, 0x18, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x202000, 0x13b)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000340)={0x2001, r6}, 0x0)
landlock_restrict_self(r5, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4014f50b, &(0x7f00000000c0)={0x0, 0x3, 0x9})
r7 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x5, 0x0)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

92.73995ms ago: executing program 2 (id=1077):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@updsa={0x100, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@empty}, {@in6=@empty, 0x0, 0x3c}, @in6=@empty, {}, {0x0, 0x0, 0x8000}, {}, 0x70bd29, 0x0, 0xa, 0x0, 0x0, 0x25}, [@coaddr={0x14, 0xe, @in6=@private2}]}, 0x100}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x40081}, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r4], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x5c}}, 0x0)

82.507061ms ago: executing program 0 (id=1078):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0xb, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x8, 0x0, &(0x7f00000005c0)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x1058, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000600)={0x30, 0x30, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

36.373521ms ago: executing program 1 (id=1079):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x1}, 0xe)
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000880)=""/131, 0x83, 0x10040, &(0x7f0000000e00)={0x2, 0x0, @private}, 0x10)
r1 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0x4240, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
setpriority(0x1, 0xffffffffffffffff, 0x3)
r2 = syz_io_uring_setup(0x62f4, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0xffffffff, 0x1e}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000))
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r1, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$kcm(0xa, 0xf, 0x106)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r5, &(0x7f0000000480)={&(0x7f0000000500)=@xdp={0x2c, 0x7, r4, 0x7}, 0x80, 0x0}, 0x4000011)
mbind(&(0x7f00004c3000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08786eb807e0000000000000000000009fe70ba83a7a66e67a0bae5cfaccbbb81e28d7b568", @ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
io_uring_register$IORING_REGISTER_RING_FDS(r2, 0x14, &(0x7f0000008580)=[{0x3, 0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002a00)=""/132, 0x84}, {&(0x7f0000000800)=""/49, 0x31}, {&(0x7f0000002b00)=""/199, 0xc7}], &(0x7f0000002c40)=[0x9, 0x8000000000000001, 0x40000b, 0x5, 0x8]}, {0x0, 0x0, 0x0, &(0x7f0000003fc0), &(0x7f0000004000)=[0x1, 0x8, 0x5, 0x3]}, {0x4, 0x0, 0x0, &(0x7f0000005300)=[{0x0}, {0x0}, {&(0x7f00000007c0)=""/47, 0x2f}, {&(0x7f0000004300)=""/4096, 0x1000}], &(0x7f0000000980)=[0x5]}, {0x3, 0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000ac0)=""/261, 0x105}, {&(0x7f0000000740)=""/74, 0x4a}], &(0x7f00000009c0)=[0x1, 0x10000000000001, 0x10001, 0x8]}, {0x4, 0x0, 0x0, &(0x7f0000006740)=[{&(0x7f0000006540)=""/23, 0x17}, {&(0x7f0000006580)=""/13, 0xd}, {&(0x7f00000065c0)=""/64, 0x40}, {0x0}], &(0x7f0000000940)=[0x7fc, 0x7ff, 0x2]}, {0x8, 0x0, 0x0, &(0x7f0000006e40)=[{&(0x7f0000006dc0)=""/93, 0x5d}, {&(0x7f00000069c0)=""/23, 0x17}, {&(0x7f0000006a00)=""/241, 0xf1}, {&(0x7f00000068c0)=""/186, 0xba}, {&(0x7f0000000a00)=""/180, 0xb4}, {&(0x7f0000006c80)=""/47, 0x2f}, {&(0x7f0000000c00)=""/241, 0xf1}, {&(0x7f0000006b00)=""/172, 0xac}], &(0x7f0000006f00)}, {0x9, 0x0, 0x0, &(0x7f0000008480)=[{&(0x7f0000000580)=""/263, 0x107}, {&(0x7f0000007040)=""/195, 0xc3}, {&(0x7f0000007140)=""/169, 0xa9}, {&(0x7f0000001640)=""/4103, 0x1007}, {&(0x7f0000000d00)=""/244, 0xf4}, {&(0x7f0000008300)=""/21, 0x15}, {&(0x7f0000008380)=""/89, 0x59}, {&(0x7f0000008400)=""/54, 0x36}, {&(0x7f0000008440)=""/47, 0x2f}], &(0x7f0000008540)=[0x2193, 0x401, 0x41f9]}], 0x7)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000280)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xc, 0x4004, @fd_index=0x3, 0x5, 0x0, 0x0, 0x12})

22.178212ms ago: executing program 3 (id=1080):
syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b3, 0x800, 0x1, 0x2082, 0x0, 0x0}, &(0x7f0000000180), &(0x7f0000000140), &(0x7f0000000100))
writev(0xffffffffffffffff, 0x0, 0x0)
msgget(0x2, 0x624)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
sync()
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
socket(0x400000000010, 0x3, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
r0 = msgget(0x1, 0x240)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x400)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0185649, &(0x7f0000000700)={0x4, 0x1, 0x0, 0xffffffffffffffff, 0x980912, &(0x7f00000006c0)={0x980912, 0x6, '\x00', @value64=0x2}})
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
connect$bt_l2cap(r2, &(0x7f0000001280)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x8000)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r6, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, 0x0, 0x0, 0x4003)
msgctl$IPC_RMID(0x0, 0x0)
msgget(0x3, 0x693)
msgctl$IPC_RMID(r0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140))

0s ago: executing program 2 (id=1081):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
pwritev2(r0, &(0x7f0000000740)=[{&(0x7f0000000100)="3f6c5b761046b0a77db63c34e13408e27fcea6c7605a226d926b187e4d85c6dc144795bcb7eb57aa924187b4915c60848ced868e669e7383365c1b98ccdf87f4db91bf74c981a25caf0102470956f6b38a96d397cb995a13c9f1c474091c01e8c3c09a356e7dac9e7405acd7d332ba3fbb177cd8b2ffba8cc8d01264085fa41b35c651a946b8f2034baaa01bc5c5b1179e2e6e82dc3f059c52451ba5abc1", 0x9e}, {&(0x7f00000003c0)="87348b520f8a493ad8a047181df6537bdb1a05021f46d8199da66dd518ae99529927d7ba3d466263445843914d169d37b43a394b7f72563bb2b3f4d7d82ce7f5fd8465297d841e964f9ebefcab497fd319e92f52", 0x54}, {&(0x7f00000005c0)="f92c1e79acd0f7cdc8d83328244f9958c71163a4241e65d197e16cc0f83b426f50b2e198556fb3093a6c773014485fa3d250498d3c37886f01e28967891c211476b81d48e0d8c0e00a702dc058b1ea7a3379e60ec24f132994e5e71486e475fbd0bc45120c98a1f481eeed303a49c3715c922f20115a81e65ff34d2b6d903525677b13dc5a7a0dcf0d9fefab6f10ac3943b6fa40", 0x94}, {&(0x7f0000000540)="2f3a267f685a2d1298bed1b1df1e89e1fd29af64d0999594571ec52aa9ef8d2142b7d0ee618cd40d6c820d028cd41af19d307be674027c1096e85f739afb383cde82b296fa62d3e85d13dc0ba6", 0x4d}], 0x4, 0x9, 0x1, 0x1c)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
pipe2(&(0x7f0000001440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r5, 0x0, r4, 0x0, 0x6, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x3a, 0x0, "33d080577968b3107694c2858f48c27f17ef54caf822abcfad9399c494d846140482c7e40195d5f034a72c69ed7330f3000f530ff9525fad6b3db9851a4354d70cc3734d319f852c370cbc9e69c75987"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0)
setsockopt$inet_tcp_int(r6, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
read$watch_queue(r3, &(0x7f0000000880)=""/216, 0xd8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
sendmsg$NFNL_MSG_CTHELPER_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010901"], 0x14}}, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0xfffffefc, 0xffdffff8, 0x8, 0x15, "000000000000000000000000000000f30200"})
r7 = syz_open_pts(0xffffffffffffffff, 0x61c0)
pselect6(0x40, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x381, 0x0, 0x0, 0x9e25}, 0x0, 0x0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x13)
mount$bpf(0x0, 0x0, 0x0, 0x5805040, &(0x7f0000000100)=ANY=[@ANYBLOB="7569ce8f", @ANYRESHEX=0x0, @ANYBLOB=',\x00'])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)

kernel console output (not intermixed with test programs):

ue: 66
[  206.477115][   T50] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  206.480789][   T50] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  206.484531][   T50] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  206.490813][   T50] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  206.538866][ T5439] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  206.584041][   T50] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  206.589401][   T50] usb 5-1: Product: syz
[  206.590834][   T50] usb 5-1: Manufacturer: syz
[  206.601557][ T7932] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  206.610278][   T50] cdc_wdm 5-1:1.0: skipping garbage
[  206.611972][   T50] cdc_wdm 5-1:1.0: skipping garbage
[  206.621512][   T50] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device
[  206.624067][   T50] cdc_wdm 5-1:1.0: Unknown control protocol
[  206.826852][ T5439] usb 5-1: USB disconnect, device number 18
[  206.925313][ T5834] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  206.949481][ T5834] usb 6-1: device descriptor read/8, error -71
[  207.069393][ T5834] usb usb6-port1: unable to enumerate USB device
[  207.076755][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  207.635198][ T7995] IPVS: set_ctl: invalid protocol: 8 100.1.1.0:20004
[  207.913225][    C2] plantronics 0003:047F:FFFF.0003: usb_submit_urb(ctrl) failed: -1
[  208.177422][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  208.346396][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.579'.
[  208.378138][ T8007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.581'.
[  208.382184][ T8007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.581'.
[  208.514384][ T8013] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22)
[  208.748328][   T24] usb 7-1: USB disconnect, device number 15
[  208.915020][ T8020] FAULT_INJECTION: forcing a failure.
[  208.915020][ T8020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.918990][ T8020] CPU: 2 UID: 0 PID: 8020 Comm: syz.3.586 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  208.919007][ T8020] Tainted: [L]=SOFTLOCKUP
[  208.919010][ T8020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  208.919017][ T8020] Call Trace:
[  208.919021][ T8020]  <TASK>
[  208.919025][ T8020]  dump_stack_lvl+0x100/0x190
[  208.919055][ T8020]  should_fail_ex.cold+0x5/0xa
[  208.919069][ T8020]  _copy_to_user+0x32/0xd0
[  208.919092][ T8020]  bpf_test_finish.isra.0+0x452/0x660
[  208.919111][ T8020]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  208.919126][ T8020]  ? eth_type_trans+0x2e3/0x720
[  208.919141][ T8020]  bpf_prog_test_run_skb+0x248e/0x3540
[  208.919161][ T8020]  ? __fget_files+0x131/0x3d0
[  208.919176][ T8020]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  208.919191][ T8020]  ? fput+0x79/0x100
[  208.919207][ T8020]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  208.919220][ T8020]  __sys_bpf+0x1725/0x4b90
[  208.919232][ T8020]  ? __pfx___sys_bpf+0x10/0x10
[  208.919240][ T8020]  ? get_pid_task+0x106/0x250
[  208.919255][ T8020]  ? proc_fail_nth_write+0x9f/0x220
[  208.919271][ T8020]  ? find_held_lock+0x2b/0x80
[  208.919287][ T8020]  ? find_held_lock+0x2b/0x80
[  208.919300][ T8020]  ? ksys_write+0x190/0x250
[  208.919313][ T8020]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  208.919332][ T8020]  ? __pfx_vfs_write+0x3/0x10
[  208.919350][ T8020]  ? fput+0x79/0x100
[  208.919364][ T8020]  ? ksys_write+0x1ac/0x250
[  208.919377][ T8020]  __ia32_sys_bpf+0x79/0xf0
[  208.919388][ T8020]  ? lockdep_hardirqs_on+0x78/0x100
[  208.919402][ T8020]  __do_fast_syscall_32+0xe7/0x970
[  208.919417][ T8020]  ? lockdep_hardirqs_on+0x78/0x100
[  208.919432][ T8020]  do_fast_syscall_32+0x32/0x70
[  208.919448][ T8020]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  208.919461][ T8020] RIP: 0023:0xf7f05f7c
[  208.919470][ T8020] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  208.919480][ T8020] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  208.919491][ T8020] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000640
[  208.919497][ T8020] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000000
[  208.919503][ T8020] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  208.919509][ T8020] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  208.919515][ T8020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  208.919527][ T8020]  </TASK>
[  209.278083][ T3266] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  209.288739][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  209.310149][   T50] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  209.427834][ T3266] usb 6-1: device descriptor read/64, error -71
[  209.464328][ T8031] dlm: non-version read from control device 113
[  209.472727][   T50] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  209.476477][   T50] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  209.483439][   T50] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  209.491049][   T50] usb 8-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  209.495043][   T50] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.498538][   T50] usb 8-1: Product: syz
[  209.500428][   T50] usb 8-1: Manufacturer: syz
[  209.503249][   T50] usb 8-1: SerialNumber: syz
[  209.519398][   T50] usb 8-1: config 0 descriptor??
[  209.521965][ T8024] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  209.566590][   T50] rc_core: IR keymap rc-streamzap not found
[  209.569257][   T50] Registered IR keymap rc-empty
[  209.575541][   T50] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  209.585944][   T50] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input15
[  209.684233][ T3266] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  209.791009][ T1040] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  209.823110][ T3266] usb 6-1: device descriptor read/64, error -71
[  209.940951][ T3266] usb usb6-port1: attempt power cycle
[  209.962115][ T1040] usb 7-1: Using ep0 maxpacket: 16
[  209.965953][ T1040] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  209.970237][ T1040] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  209.976489][ T1040] usb 7-1: New USB device found, idVendor=2b53, idProduct=0023, bcdDevice= 0.40
[  209.980310][ T1040] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.983608][ T1040] usb 7-1: Product: syz
[  209.985310][ T1040] usb 7-1: Manufacturer: syz
[  209.987214][ T1040] usb 7-1: SerialNumber: syz
[  210.209380][ T8031] netlink: 'syz.2.589': attribute type 1 has an invalid length.
[  210.226092][ T8031] 8021q: adding VLAN 0 to HW filter on device bond3
[  210.244954][ T8031] bond3: (slave geneve2): making interface the new active one
[  210.251811][ T8031] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  210.307324][ T3266] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  210.329459][ T3266] usb 6-1: device descriptor read/8, error -71
[  210.335251][ T1040] usb 7-1: USB disconnect, device number 16
[  210.376212][ T6243] udevd[6243]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.400139][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  210.581808][ T3266] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  210.603730][ T3266] usb 6-1: device descriptor read/8, error -71
[  210.721359][ T3266] usb usb6-port1: unable to enumerate USB device
[  210.958196][ T8042] netlink: 'syz.2.591': attribute type 39 has an invalid length.
[  211.183378][   T62] Bluetooth: hci2: unexpected event for opcode 0x0c1b
[  211.190607][   T50] hid (null): global environment stack underflow
[  211.192318][   T40] kauditd_printk_skb: 22 callbacks suppressed
[  211.192328][   T40] audit: type=1326 audit(1781119912.175:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.201636][   T40] audit: type=1326 audit(1781119912.175:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.206647][   T50] hid-generic 616F:20C2607D:F72986D9.0004: global environment stack underflow
[  211.210157][   T40] audit: type=1326 audit(1781119912.175:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.211598][   T50] hid-generic 616F:20C2607D:F72986D9.0004: item 0 1 1 11 parsing failed
[  211.218740][   T40] audit: type=1326 audit(1781119912.175:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.223579][   T50] hid-generic 616F:20C2607D:F72986D9.0004: probe with driver hid-generic failed with error -22
[  211.227997][   T40] audit: type=1326 audit(1781119912.175:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=11 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.237359][   T40] audit: type=1326 audit(1781119912.175:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.245749][   T40] audit: type=1326 audit(1781119912.175:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.252375][   T40] audit: type=1326 audit(1781119912.175:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.258926][   T40] audit: type=1326 audit(1781119912.175:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.265790][   T40] audit: type=1326 audit(1781119912.175:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8046 comm="syz.2.593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  211.429284][ T3266] kernel write not supported for file /uinput (pid: 3266 comm: kworker/3:2)
[  211.511556][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  211.778733][   T24] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  211.960252][   T24] usb 7-1: Using ep0 maxpacket: 8
[  211.963591][   T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  211.967085][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  211.970523][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  211.974445][   T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  211.978387][   T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  211.981112][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.202935][   T24] usb 7-1: GET_CAPABILITIES returned 0
[  212.205391][   T24] usbtmc 7-1:16.0: can't read capabilities
[  212.279567][ T8057] syzkaller0: entered promiscuous mode
[  212.283818][ T5834] usb 8-1: USB disconnect, device number 16
[  212.286012][ T8057] syzkaller0: entered allmulticast mode
[  212.422573][   T50] usb 7-1: USB disconnect, device number 17
[  212.622912][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  213.744841][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  213.916444][ T8079] wg2 speed is unknown, defaulting to 1000
[  214.220207][ T8083] vivid-000: =================  START STATUS  =================
[  214.222779][ T8083] vivid-000: Test Pattern: 75% Colorbar
[  214.224506][ T8083] vivid-000: Fill Percentage of Frame: 100
[  214.228106][ T8083] vivid-000: Horizontal Movement: No Movement
[  214.230216][ T8083] vivid-000: Vertical Movement: No Movement
[  214.232115][ T8083] vivid-000: OSD Text Mode: All
[  214.233777][ T8083] vivid-000: Show Border: false
[  214.235306][ T8083] vivid-000: Show Square: false
[  214.237333][ T8083] vivid-000: Sensor Flipped Horizontally: false
[  214.239586][ T8083] vivid-000: Sensor Flipped Vertically: false
[  214.241578][ T8083] vivid-000: Insert SAV Code in Image: false
[  214.243518][ T8083] vivid-000: Insert EAV Code in Image: false
[  214.245774][ T8083] vivid-000: Insert Video Guard Band: false
[  214.247956][ T8083] vivid-000: Reduced Framerate: false
[  214.249872][ T8083] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  214.252513][ T8083] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  214.255148][ T8083] vivid-000: Enable Capture Cropping: true
[  214.258640][ T8083] vivid-000: Enable Capture Composing: true
[  214.260650][ T8083] vivid-000: Enable Capture Scaler: true
[  214.262896][ T8083] vivid-000: Timestamp Source: End of Frame
[  214.264858][ T8083] vivid-000: Colorspace: sRGB
[  214.266460][ T8083] vivid-000: Transfer Function: Default
[  214.268235][ T8083] vivid-000: Y'CbCr Encoding: Default
[  214.270481][ T8083] vivid-000: HSV Encoding: Hue 0-179
[  214.272376][ T8083] vivid-000: Quantization: Default
[  214.274171][ T8083] vivid-000: Apply Alpha To Red Only: false
[  214.276227][ T8083] vivid-000: Standard Aspect Ratio: 4x3
[  214.279282][ T8083] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  214.282625][ T8083] vivid-000: DV Timings: 640x480p59 inactive
[  214.284919][ T8083] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  214.287174][ T8083] vivid-000: Maximum EDID Blocks: 2
[  214.288796][ T8083] vivid-000: Limited RGB Range (16-235): false
[  214.290921][ T8083] vivid-000: Rx RGB Quantization Range: Automatic
[  214.292910][ T8083] vivid-000: Power Present: 0x00000001
[  214.294688][ T8083] tpg source WxH: 320x240 (Y'CbCr)
[  214.296256][ T8083] tpg field: 1
[  214.299470][ T8083] tpg crop: (0,0)/320x240
[  214.301122][ T8083] tpg compose: (0,0)/320x240
[  214.302919][ T8083] tpg colorspace: 8
[  214.304107][ T8083] tpg transfer function: 0/0
[  214.305587][ T8083] tpg Y'CbCr encoding: 0/0
[  214.307440][ T8083] tpg quantization: 0/0
[  214.308748][ T8083] tpg RGB range: 0/2
[  214.310190][ T8083] vivid-000: ==================  END STATUS  ==================
[  214.845536][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  215.956851][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  216.495861][ T1040] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  216.641856][ T1040] usb 6-1: device descriptor read/64, error -71
[  216.820824][ T8116] netlink: 19 bytes leftover after parsing attributes in process `syz.3.611'.
[  216.824981][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.611'.
[  216.919100][ T1040] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  217.068274][    C3] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  217.071671][ T1040] usb 6-1: device descriptor read/64, error -71
[  217.137469][ T8127] wg2 speed is unknown, defaulting to 1000
[  217.208843][ T1040] usb usb6-port1: attempt power cycle
[  217.447361][ T5856] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  217.469375][ T5856] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  217.591839][ T1040] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  217.625775][ T1040] usb 6-1: device descriptor read/8, error -71
[  217.892706][ T1040] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  217.914663][ T1040] usb 6-1: device descriptor read/8, error -71
[  218.043313][ T1040] usb usb6-port1: unable to enumerate USB device
[  219.584301][ T8159] netlink: 28 bytes leftover after parsing attributes in process `syz.1.621'.
[  219.763970][ T8159] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.766523][ T8159] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.953844][ T8159] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.959757][ T8159] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.089939][ T8165] program syz.3.623 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  220.096057][ T8165] ata1.00: invalid command format 31
[  220.147071][ T1173] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  220.150426][ T1173] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  220.161018][ T8165] netlink: 132 bytes leftover after parsing attributes in process `syz.3.623'.
[  220.176770][ T1173] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  220.182351][ T1173] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  220.190122][ T8169] syzkaller0: entered promiscuous mode
[  220.196532][ T8169] syzkaller0: entered allmulticast mode
[  220.240376][ T8173] FAULT_INJECTION: forcing a failure.
[  220.240376][ T8173] name failslab, interval 1, probability 0, space 0, times 0
[  220.246006][ T8173] CPU: 3 UID: 0 PID: 8173 Comm: syz.3.626 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  220.246032][ T8173] Tainted: [L]=SOFTLOCKUP
[  220.246038][ T8173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  220.246048][ T8173] Call Trace:
[  220.246054][ T8173]  <TASK>
[  220.246060][ T8173]  dump_stack_lvl+0x100/0x190
[  220.246093][ T8173]  should_fail_ex.cold+0x5/0xa
[  220.246115][ T8173]  should_failslab+0xc2/0x120
[  220.246135][ T8173]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  220.246162][ T8173]  ? mas_preallocate+0x1105/0x14a0
[  220.246183][ T8173]  mas_preallocate+0x1105/0x14a0
[  220.246203][ T8173]  ? __pfx_mas_preallocate+0x10/0x10
[  220.246226][ T8173]  ? anon_vma_name+0x5a/0x250
[  220.246253][ T8173]  __split_vma+0x33d/0xda0
[  220.246281][ T8173]  ? __pfx___split_vma+0x10/0x10
[  220.246312][ T8173]  ? __pfx_mas_prev+0x10/0x10
[  220.246343][ T8173]  vms_gather_munmap_vmas+0x3a5/0x1720
[  220.246374][ T8173]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  220.246407][ T8173]  ? mas_walk+0x6ef/0x9b0
[  220.246443][ T8173]  __mmap_region+0x4aa/0x2dd0
[  220.246472][ T8173]  ? __pfx___mmap_region+0x10/0x10
[  220.246497][ T8173]  ? __pfx___might_resched+0x10/0x10
[  220.246516][ T8173]  ? find_held_lock+0x2b/0x80
[  220.246536][ T8173]  ? process_measurement+0x4c8/0x2350
[  220.246552][ T8173]  ? process_measurement+0x4c8/0x2350
[  220.246578][ T8173]  ? process_measurement+0x1f4/0x2350
[  220.246600][ T8173]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  220.246634][ T8173]  ? __lock_acquire+0x4a5/0x2630
[  220.246672][ T8173]  ? find_held_lock+0x2b/0x80
[  220.246692][ T8173]  ? is_bpf_text_address+0x8a/0x1a0
[  220.246716][ T8173]  ? is_bpf_text_address+0x8a/0x1a0
[  220.246777][ T8173]  mmap_region+0x527/0x620
[  220.246796][ T8173]  ? __pfx_mmap_region+0x10/0x10
[  220.246811][ T8173]  ? mm_get_unmapped_area_vmflags+0xd7/0x130
[  220.246833][ T8173]  ? cap_mmap_addr+0x4b/0x120
[  220.246848][ T8173]  ? bpf_lsm_mmap_addr+0x9/0x30
[  220.246863][ T8173]  ? security_mmap_addr+0x71/0x1e0
[  220.246884][ T8173]  ? __get_unmapped_area+0x255/0x3e0
[  220.246907][ T8173]  do_mmap+0xc63/0x12f0
[  220.246931][ T8173]  ? __pfx_do_mmap+0x10/0x10
[  220.246951][ T8173]  ? __pfx_down_write_killable+0x10/0x10
[  220.246983][ T8173]  vm_mmap_pgoff+0x29e/0x470
[  220.247009][ T8173]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  220.247029][ T8173]  ? __fget_files+0x215/0x3d0
[  220.247068][ T8173]  ? __fget_files+0x21f/0x3d0
[  220.247092][ T8173]  ksys_mmap_pgoff+0x3cb/0x610
[  220.247112][ T8173]  ? fput+0x79/0x100
[  220.247134][ T8173]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  220.247151][ T8173]  ? ksys_write+0x1ac/0x250
[  220.247171][ T8173]  ? rcu_is_watching+0x12/0xc0
[  220.247193][ T8173]  __do_fast_syscall_32+0xe7/0x970
[  220.247216][ T8173]  ? lockdep_hardirqs_on+0x78/0x100
[  220.247241][ T8173]  do_fast_syscall_32+0x32/0x70
[  220.247266][ T8173]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.247287][ T8173] RIP: 0023:0xf7f05f7c
[  220.247301][ T8173] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  220.247316][ T8173] RSP: 002b:00000000f53c650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  220.247332][ T8173] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  220.247342][ T8173] RDX: 000000000000000a RSI: 0000000000028011 RDI: 000000000000000a
[  220.247351][ T8173] RBP: 0000000078d4a000 R08: 0000000000000000 R09: 0000000000000000
[  220.247361][ T8173] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  220.247370][ T8173] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.247392][ T8173]  </TASK>
[  220.310853][ T8174] loop2: detected capacity change from 0 to 7
[  220.386418][ T8174] Dev loop2: unable to read RDB block 7
[  220.389383][ T8174]  loop2: unable to read partition table
[  220.391248][ T8174] loop2: partition table beyond EOD, truncated
[  220.401702][ T8174] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  220.776588][ T5856] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  220.926972][ T8198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.636'.
[  220.991859][ T8198] wg2 speed is unknown, defaulting to 1000
[  221.025612][ T5856] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  221.067280][ T5856] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  221.072445][ T5856] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  221.080465][ T5856] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  221.086992][ T5856] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  221.092600][ T5856] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  221.122381][ T8204] netlink: 'syz.0.636': attribute type 2 has an invalid length.
[  221.138957][ T5856] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  221.143838][ T5856] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  221.148082][ T5856] usb 6-1: Product: syz
[  221.150676][ T5856] usb 6-1: Manufacturer: syz
[  221.238547][ T8183] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  221.265827][ T5856] cdc_wdm 6-1:1.0: skipping garbage
[  221.268885][ T5856] cdc_wdm 6-1:1.0: skipping garbage
[  221.279142][ T5856] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  221.288170][ T5856] cdc_wdm 6-1:1.0: Unknown control protocol
[  221.510197][    C2] wdm_int_callback: 574 callbacks suppressed
[  221.510218][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.515325][    C2] wdm_int_callback: 574 callbacks suppressed
[  221.515343][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.520217][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.522868][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.525289][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.527896][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.530452][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.533044][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.535616][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.538162][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.540735][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.543380][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.545982][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.548384][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.550961][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.553510][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.555834][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.558297][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.560723][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  221.563283][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  221.639308][  T843] usb 6-1: USB disconnect, device number 22
[  221.639478][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  221.642191][ T8183] cdc_wdm 6-1:1.0: Tx URB error: -19
[  222.315140][  T843] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  222.625471][ T1262] wlan0: Trigger new scan to find an IBSS to join
[  223.374787][  T843] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  223.378242][  T843] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  223.382106][  T843] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  223.385347][  T843] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  223.389326][  T843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  223.392824][  T843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  223.398603][  T843] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  223.402370][  T843] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  223.405796][  T843] usb 6-1: Product: syz
[  223.407555][  T843] usb 6-1: Manufacturer: syz
[  223.414416][ T8183] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  223.422952][  T843] cdc_wdm 6-1:1.0: skipping garbage
[  223.425263][  T843] cdc_wdm 6-1:1.0: skipping garbage
[  223.429397][  T843] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  223.814306][  T843] cdc_wdm 6-1:1.0: Unknown control protocol
[  224.450435][  T843] usb 6-1: USB disconnect, device number 23
[  225.702031][ T8257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.649'.
[  225.752162][ T8275] syzkaller0: entered promiscuous mode
[  225.753935][ T8275] syzkaller0: entered allmulticast mode
[  225.823399][ T8283] wg2 speed is unknown, defaulting to 1000
[  225.896227][   T59] wlan0: Trigger new scan to find an IBSS to join
[  225.902822][ T8287] tmpfs: Unknown parameter 'qsr¬Æfú¶æÒèü³’H{"'
[  226.397640][   T62] Bluetooth: hci2: unexpected event for opcode 0x0406
[  227.134602][ T8276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.490484][ T8334] netlink: 28 bytes leftover after parsing attributes in process `syz.1.664'.
[  229.501125][  T843] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  229.561243][ T8336] syzkaller0: entered promiscuous mode
[  229.563792][ T8336] syzkaller0: entered allmulticast mode
[  230.193385][   T24] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  230.363534][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  230.367312][   T24] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  230.371556][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  230.375745][   T24] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  230.380497][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  230.385428][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  230.391764][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  230.396094][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  230.399390][   T24] usb 8-1: Product: syz
[  230.401259][   T24] usb 8-1: Manufacturer: syz
[  230.406383][ T8341] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  230.413624][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  230.418635][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  230.423022][   T24] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  230.425594][   T24] cdc_wdm 8-1:1.0: Unknown control protocol
[  230.634312][    C2] wdm_int_callback: 390 callbacks suppressed
[  230.634335][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.639532][    C2] wdm_int_callback: 390 callbacks suppressed
[  230.639551][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.645172][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.647980][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.650788][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.653638][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.656520][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.659386][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.662363][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.665157][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.667967][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.670776][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.673604][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.676412][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.679210][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.682035][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.684865][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.687677][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.690105][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  230.692252][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  230.693036][ T3266] usb 8-1: USB disconnect, device number 17
[  230.694573][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  230.757146][   T62] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  230.760907][   T62] Bluetooth: hci2: Injecting HCI hardware error event
[  230.766321][ T5765] Bluetooth: hci2: hardware error 0x00
[  231.049533][ T8345] random: crng reseeded on system resumption
[  231.111060][ T8347] netlink: 'syz.1.669': attribute type 1 has an invalid length.
[  231.114516][ T8347] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  231.163406][   T24] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  231.173980][  T843] usb 5-1: Using ep0 maxpacket: 8
[  231.180728][  T843] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  231.183427][  T843] usb 5-1: config 0 has no interface number 0
[  231.335849][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  231.339272][   T24] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  231.342633][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  231.346246][   T24] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  231.350706][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  231.354904][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  231.362067][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  231.365060][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  231.368159][   T24] usb 8-1: Product: syz
[  231.369653][   T24] usb 8-1: Manufacturer: syz
[  231.373692][ T8341] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  231.379488][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  231.381674][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  231.385903][   T24] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  231.387867][   T24] cdc_wdm 8-1:1.0: Unknown control protocol
[  231.600306][ T3266] usb 8-1: USB disconnect, device number 18
[  232.218004][  T843] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  232.221626][  T843] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  232.225793][  T843] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  232.229246][  T843] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  232.234045][  T843] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  232.237469][  T843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.246553][  T843] usb 5-1: config 0 descriptor??
[  232.249506][  T843] usb 5-1: can't set config #0, error -71
[  232.288034][  T843] usb 5-1: USB disconnect, device number 19
[  232.290963][ T8357] netlink: 12 bytes leftover after parsing attributes in process `syz.0.673'.
[  232.509631][ T3266] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  232.681009][ T3266] usb 8-1: Using ep0 maxpacket: 16
[  232.685446][ T3266] usb 8-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85
[  232.688210][ T3266] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.691805][ T3266] usb 8-1: Product: syz
[  232.693600][ T3266] usb 8-1: Manufacturer: syz
[  232.695537][ T3266] usb 8-1: SerialNumber: syz
[  232.699363][ T3266] usb 8-1: config 0 descriptor??
[  232.704113][ T3266] usb 8-1: selecting invalid altsetting 1
[  232.706560][ T3266] technisat-usb2: could not set alternate setting to 0
[  232.819597][ T6592] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  232.931471][ T3266] technisat-usb2: firmware version: 0.0
[  232.933790][ T3266] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state.
[  232.969042][ T5765] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  232.986640][ T6592] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  232.991106][ T6592] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  232.995214][ T6592] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.367561][ T8355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.370631][ T8355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.383857][ T8355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.387852][ T8355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.406167][ T3266] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  233.411650][ T3266] dvbdev: DVB: registering new adapter (Technisat SkyStar USB HD (DVB-S/S2))
[  233.415460][ T3266] usb 8-1: media controller created
[  233.418605][ T3266] technisat-usb2: i2c-error: out failed 53 = -22
[  233.421508][ T3266] dvb-usb: MAC address reading failed.
[  233.429823][ T3266] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  233.457011][ T3266] DVB: Unable to find symbol stv090x_attach()
[  233.459979][ T3266] dvb-usb: no frontend was attached by 'Technisat SkyStar USB HD (DVB-S/S2)'
[  233.503350][ T3266] rc_core: IR keymap rc-technisat-usb2 not found
[  233.505340][ T3266] Registered IR keymap rc-empty
[  233.507473][ T3266] rc rc0: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0
[  233.511454][ T3266] input: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0/input16
[  233.518545][ T3266] dvb-usb: schedule remote query interval to 100 msecs.
[  233.521256][ T3266] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected.
[  233.527232][ T3266] usb 8-1: USB disconnect, device number 19
[  233.554077][ T3266] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully deinitialized and disconnected.
[  233.779991][ T8379] binder: 8378:8379 ioctl c0306201 80000040 returned -22
[  234.409786][ T8393] netlink: 36 bytes leftover after parsing attributes in process `syz.0.685'.
[  234.872766][ T8403] netlink: 36 bytes leftover after parsing attributes in process `syz.0.686'.
[  234.905463][ T8403] Mount JFS Failure: -5
[  235.370143][ T8408] binder: 8407:8408 ioctl c018620b 0 returned -14
[  235.781835][ T3266] usb 7-1: USB disconnect, device number 18
[  235.824457][   T40] kauditd_printk_skb: 40 callbacks suppressed
[  235.824468][   T40] audit: type=1326 audit(1781119935.242:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.838800][   T40] audit: type=1326 audit(1781119935.242:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.846179][   T40] audit: type=1326 audit(1781119935.252:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.852606][   T40] audit: type=1326 audit(1781119935.252:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.860347][   T40] audit: type=1326 audit(1781119935.252:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.867141][   T40] audit: type=1326 audit(1781119935.252:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.874432][   T40] audit: type=1326 audit(1781119935.252:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.881662][   T40] audit: type=1326 audit(1781119935.252:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.888764][   T40] audit: type=1326 audit(1781119935.252:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  235.895425][   T40] audit: type=1326 audit(1781119935.252:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.2.689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x50000
[  236.158169][ T8422] syzkaller0: entered promiscuous mode
[  236.162147][ T8422] syzkaller0: entered allmulticast mode
[  236.201725][ T8426] wg2 speed is unknown, defaulting to 1000
[  236.433307][ T8430] syz.1.693: vmalloc error: size 1986356271, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  236.441551][ T8430] CPU: 0 UID: 0 PID: 8430 Comm: syz.1.693 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  236.441572][ T8430] Tainted: [L]=SOFTLOCKUP
[  236.441576][ T8430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.441583][ T8430] Call Trace:
[  236.441588][ T8430]  <TASK>
[  236.441593][ T8430]  dump_stack_lvl+0x100/0x190
[  236.441617][ T8430]  warn_alloc.cold+0x95/0x1c1
[  236.441631][ T8430]  ? __pfx_warn_alloc+0x10/0x10
[  236.441659][ T8430]  ? reacquire_held_locks+0xce/0x1e0
[  236.441689][ T8430]  __vmalloc_node_range_noprof+0x136c/0x1630
[  236.441719][ T8430]  ? lock_acquire+0x1b1/0x370
[  236.441745][ T8430]  ? ip_set_sockfn_get+0x18e/0xd20
[  236.441766][ T8430]  ? __lock_acquire+0x4a5/0x2630
[  236.441786][ T8430]  ? trace_contention_end+0x122/0x170
[  236.441798][ T8430]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  236.441813][ T8430]  ? find_held_lock+0x2b/0x80
[  236.441827][ T8430]  ? nf_sockopt_find.isra.0+0x222/0x290
[  236.441847][ T8430]  ? rcu_is_watching+0x12/0xc0
[  236.441862][ T8430]  ? ip_set_sockfn_get+0x18e/0xd20
[  236.441873][ T8430]  __vmalloc_node_noprof+0xad/0xf0
[  236.441905][ T8430]  ? ip_set_sockfn_get+0x18e/0xd20
[  236.441917][ T8430]  ip_set_sockfn_get+0x18e/0xd20
[  236.441944][ T8430]  ? __pfx_ip_set_sockfn_get+0x10/0x10
[  236.441958][ T8430]  ? nf_sockopt_find.isra.0+0x222/0x290
[  236.441975][ T8430]  nf_getsockopt+0x7c/0xe0
[  236.441993][ T8430]  ip_getsockopt+0x192/0x1e0
[  236.442005][ T8430]  ? __pfx_ip_getsockopt+0x10/0x10
[  236.442020][ T8430]  tcp_getsockopt+0xa1/0x110
[  236.442037][ T8430]  smc_getsockopt+0x165/0x390
[  236.442049][ T8430]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  236.442063][ T8430]  ? __pfx_smc_getsockopt+0x10/0x10
[  236.442074][ T8430]  ? aa_sock_opt_perm+0xfe/0x1b0
[  236.442092][ T8430]  ? __pfx_smc_getsockopt+0x10/0x10
[  236.442105][ T8430]  do_sock_getsockopt+0x50a/0x6e0
[  236.442119][ T8430]  ? __lock_acquire+0x4a5/0x2630
[  236.442137][ T8430]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  236.442162][ T8430]  ? find_held_lock+0x2b/0x80
[  236.442188][ T8430]  ? __fget_files+0x21f/0x3d0
[  236.442230][ T8430]  __sys_getsockopt+0x133/0x1d0
[  236.442254][ T8430]  ? __ia32_sys_getsockopt+0xbc/0x160
[  236.442266][ T8430]  __ia32_sys_getsockopt+0xbc/0x160
[  236.442277][ T8430]  ? __do_fast_syscall_32+0x98/0x970
[  236.442294][ T8430]  ? lockdep_hardirqs_on+0x78/0x100
[  236.442309][ T8430]  __do_fast_syscall_32+0xe7/0x970
[  236.442325][ T8430]  ? lockdep_hardirqs_on+0x78/0x100
[  236.442340][ T8430]  do_fast_syscall_32+0x32/0x70
[  236.442356][ T8430]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.442370][ T8430] RIP: 0023:0xf6fdef7c
[  236.442380][ T8430] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  236.442390][ T8430] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  236.442401][ T8430] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  236.442408][ T8430] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000080000040
[  236.442415][ T8430] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.442420][ T8430] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  236.442426][ T8430] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.442441][ T8430]  </TASK>
[  236.443357][ T8433] binder: BINDER_SET_CONTEXT_MGR already set
[  236.450558][ T8430] Mem-Info:
[  236.454318][ T8433] binder: 8432:8433 ioctl 4018620d 80000040 returned -16
[  236.457481][ T8430] active_anon:5673 inactive_anon:336 isolated_anon:0
[  236.457481][ T8430]  active_file:7093 inactive_file:43859 isolated_file:0
[  236.457481][ T8430]  unevictable:1784 dirty:231 writeback:0
[  236.457481][ T8430]  slab_reclaimable:6126 slab_unreclaimable:61037
[  236.457481][ T8430]  mapped:25724 shmem:2195 pagetables:1151
[  236.457481][ T8430]  sec_pagetables:305 bounce:0
[  236.457481][ T8430]  kernel_misc_reclaimable:0
[  236.457481][ T8430]  free:29131 free_pcp:20022 free_cma:0
[  236.568641][ T8430] Node 0 active_anon:60kB inactive_anon:0kB active_file:1024kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8108kB pagetables:1360kB sec_pagetables:1116kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  236.579226][ T8430] Node 1 active_anon:22572kB inactive_anon:1344kB active_file:27348kB inactive_file:175420kB unevictable:3600kB isolated(anon):0kB isolated(file):0kB mapped:102872kB dirty:932kB writeback:0kB shmem:5132kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6324kB pagetables:3224kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  236.590316][ T8430] Node 0 DMA free:2012kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:384kB local_pcp:228kB free_cma:0kB
[  236.599982][ T8430] lowmem_reserve[]: 0 285 285 285 285
[  236.601719][ T8430] Node 0 DMA32 free:16296kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60kB inactive_anon:0kB active_file:1024kB inactive_file:4kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292744kB mlocked:0kB bounce:0kB free_pcp:13692kB local_pcp:2732kB free_cma:0kB
[  236.612058][ T8430] lowmem_reserve[]: 0 0 0 0 0
[  236.613857][ T8430] Node 1 DMA32 free:98184kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22572kB inactive_anon:1344kB active_file:27348kB inactive_file:175420kB unevictable:3600kB writepending:920kB zspages:2020kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:65780kB local_pcp:11592kB free_cma:0kB
[  236.624478][ T8430] lowmem_reserve[]: 0 0 0 0 0
[  236.626027][ T8430] Node 0 DMA: 53*4kB (UM) 1*8kB (U) 2*16kB (M) 7*32kB (UM) 4*64kB (UM) 2*128kB (M) 0*256kB 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2012kB
[  236.631399][ T8430] Node 0 DMA32: 44*4kB (UME) 57*8kB (UE) 27*16kB (UME) 88*32kB (UME) 52*64kB (UME) 25*128kB (UME) 11*256kB (ME) 4*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 16296kB
[  236.638399][ T8430] Node 1 DMA32: 614*4kB (UME) 389*8kB (ME) 356*16kB (UM) 41*32kB (ME) 111*64kB (ME) 81*128kB (ME) 40*256kB (UME) 31*512kB (UME) 25*1024kB (UM) 2*2048kB (M) 3*4096kB (UM) = 98144kB
[  236.643932][ T8430] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  236.647256][ T8430] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  236.651083][ T8430] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  236.655108][ T8430] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  236.659380][ T8430] 53888 total pagecache pages
[  236.661354][ T8430] 774 pages in swap cache
[  236.663247][ T8430] Free swap  = 117684kB
[  236.664972][ T8430] Total swap = 124996kB
[  236.667386][ T8430] 524155 pages RAM
[  236.669177][ T8430] 0 pages HighMem/MovableOnly
[  236.671393][ T8430] 210076 pages reserved
[  236.673059][ T8430] 0 pages cma reserved
[  237.187344][ T8442] syzkaller0: entered promiscuous mode
[  237.189646][ T8442] syzkaller0: entered allmulticast mode
[  237.314472][ T8435] Bluetooth: hci0: Opcode 0x080f failed: -4
[  237.582214][ T8450] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.697'.
[  238.922441][ T8468] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  239.239574][  T843] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  240.086251][  T843] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  240.090553][  T843] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  240.106991][  T843] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  240.120852][  T843] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  240.125828][  T843] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  240.130115][  T843] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  240.146600][  T843] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  240.155931][  T843] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  240.165084][  T843] usb 8-1: Product: syz
[  240.172093][  T843] usb 8-1: Manufacturer: syz
[  240.230284][ T8463] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  240.258807][  T843] cdc_wdm 8-1:1.0: skipping garbage
[  240.271020][  T843] cdc_wdm 8-1:1.0: skipping garbage
[  240.326628][  T843] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  240.329199][  T843] cdc_wdm 8-1:1.0: Unknown control protocol
[  240.622898][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.625704][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.628498][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.631208][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.633990][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.636384][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.639302][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.642222][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.645022][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.647742][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.650513][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.653326][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.656102][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.658844][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.661610][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.664407][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.668022][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.670757][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.673526][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  240.676290][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  240.852116][   T24] usb 8-1: USB disconnect, device number 20
[  240.855308][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  241.125598][ T8487] syzkaller0: entered promiscuous mode
[  241.128002][ T8487] syzkaller0: entered allmulticast mode
[  241.432757][   T24] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  241.500871][ T8494] hmó3)ó: entered promiscuous mode
[  241.551655][ T8493] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  241.607199][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  241.610206][   T24] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  241.615526][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  241.621101][   T24] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  241.629906][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  241.638771][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  241.649129][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  241.653598][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  241.661275][   T24] usb 8-1: Product: syz
[  241.662840][   T24] usb 8-1: Manufacturer: syz
[  241.680834][ T8463] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  241.692839][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  241.695177][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  241.700353][   T24] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  241.706034][   T24] cdc_wdm 8-1:1.0: Unknown control protocol
[  241.911674][   T24] usb 8-1: USB disconnect, device number 21
[  242.509908][ T8516] netlink: 'syz.2.714': attribute type 1 has an invalid length.
[  242.514104][ T8516] netlink: 476 bytes leftover after parsing attributes in process `syz.2.714'.
[  242.517378][ T8516] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.714'.
[  243.189350][ T8523] netlink: 52 bytes leftover after parsing attributes in process `syz.3.717'.
[  245.925841][ T8549] netlink: 'syz.3.726': attribute type 10 has an invalid length.
[  245.933257][ T8549] bond0: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  246.021840][ T8556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.729'.
[  247.006553][   T24] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  247.027579][   T24] hid-generic 0000:0000:0000.0006: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  248.143916][ T8582] syzkaller0: entered promiscuous mode
[  248.145736][ T8582] syzkaller0: entered allmulticast mode
[  248.443321][ T8276] wlan1: Trigger new scan to find an IBSS to join
[  250.307639][ T8604] mmap: syz.0.742 (8604) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  251.360287][ T8624] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  252.414881][ T8639] netlink: 'syz.2.750': attribute type 8 has an invalid length.
[  252.730693][ T8633] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  252.736570][ T8633] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  252.807279][ T8633] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  252.858103][ T8650] syzkaller0: entered promiscuous mode
[  252.859849][ T8650] syzkaller0: entered allmulticast mode
[  252.991381][ T8654] netlink: 20 bytes leftover after parsing attributes in process `syz.2.755'.
[  253.006561][ T8652] syzkaller0: entered promiscuous mode
[  253.008359][ T8652] syzkaller0: entered allmulticast mode
[  253.054124][   T40] kauditd_printk_skb: 3256 callbacks suppressed
[  253.054142][   T40] audit: type=1326 audit(1781119951.357:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.060210][ T8657] syz.2.755 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  253.065428][   T40] audit: type=1326 audit(1781119951.357:3427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.076554][   T40] audit: type=1326 audit(1781119951.357:3428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.083805][   T40] audit: type=1326 audit(1781119951.366:3429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.090952][   T40] audit: type=1326 audit(1781119951.385:3430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.106507][   T40] audit: type=1326 audit(1781119951.413:3431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.119528][   T40] audit: type=1326 audit(1781119951.422:3432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.119553][   T40] audit: type=1326 audit(1781119951.422:3433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.119574][   T40] audit: type=1326 audit(1781119951.422:3434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.119594][   T40] audit: type=1326 audit(1781119951.422:3435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.2.755" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef7c code=0x7ffc0000
[  253.233105][ T8659] netlink: 8 bytes leftover after parsing attributes in process `syz.1.756'.
[  253.700343][ T8266] wlan1: Trigger new scan to find an IBSS to join
[  254.349168][ T5765] Bluetooth: hci3: command 0x0c1a tx timeout
[  254.599747][ T6243] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  254.780497][ T8276] wlan1: Creating new IBSS network, BSSID 46:b2:04:2a:71:7d
[  254.933413][ T5856] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  254.944256][ T5856] hid-generic 0000:0000:0000.0007: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  255.478201][ T5765] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  255.481297][ T8694] netlink: 9 bytes leftover after parsing attributes in process `syz.0.764'.
[  255.543197][ T8699] syzkaller0: entered promiscuous mode
[  255.545520][ T8699] syzkaller0: entered allmulticast mode
[  255.693820][ T8707] netlink: 16 bytes leftover after parsing attributes in process `syz.2.768'.
[  255.698600][ T8707] netlink: 396 bytes leftover after parsing attributes in process `syz.2.768'.
[  255.973004][ T8705] wg2 speed is unknown, defaulting to 1000
[  256.157422][ T8703] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  256.478254][ T8726] ucma_write: process 521 (syz.2.772) changed security contexts after opening file descriptor, this is not allowed.
[  256.537429][ T8726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.772'.
[  256.575724][ T5765] Bluetooth: hci3: command 0x0c1a tx timeout
[  256.819224][ T8736] input: syz1 as /devices/virtual/input/input17
[  257.210298][ T8742] netlink: 36 bytes leftover after parsing attributes in process `syz.0.778'.
[  257.218360][ T8742] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  257.221001][ T8742] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  257.225440][ T8742] vhci_hcd vhci_hcd.0: Device attached
[  257.237169][ T8742] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  257.571020][  T843] usb 38-1: SetAddress Request (2) to port 0
[  257.578303][  T843] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  258.138953][ T8744] vhci_hcd: connection reset by peer
[  258.149382][ T8276] vhci_hcd vhci_hcd.0: stop threads
[  258.165529][ T8276] vhci_hcd vhci_hcd.0: release socket
[  258.172083][ T8276] vhci_hcd vhci_hcd.0: disconnect device
[  258.242464][ T8742] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  258.304941][ T8763] syzkaller0: entered promiscuous mode
[  258.306879][ T8763] syzkaller0: entered allmulticast mode
[  258.786722][ T5765] Bluetooth: hci3: command 0x0c1a tx timeout
[  259.601122][   T24] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  259.612002][ T8788] random: crng reseeded on system resumption
[  259.622524][   T24] hid-generic 0000:0000:0000.0008: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  259.897341][ T8800] fuse: Unknown parameter 'user_id00000000000000000000'
[  260.173828][ T8781] wg2 speed is unknown, defaulting to 1000
[  262.632670][ T8828] netlink: 'syz.3.795': attribute type 12 has an invalid length.
[  263.061260][  T843] usb 38-1: device descriptor read/8, error -110
[  263.409088][ T8851] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  263.429051][ T8853] netlink: 4 bytes leftover after parsing attributes in process `syz.0.804'.
[  263.478285][  T843] usb usb38-port1: attempt power cycle
[  263.716802][ T8859] netlink: 28 bytes leftover after parsing attributes in process `syz.3.806'.
[  264.131397][  T843] usb usb38-port1: unable to enumerate USB device
[  264.324287][ T8864] FAULT_INJECTION: forcing a failure.
[  264.324287][ T8864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.343724][ T8864] CPU: 2 UID: 0 PID: 8864 Comm: syz.1.808 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  264.343742][ T8864] Tainted: [L]=SOFTLOCKUP
[  264.343746][ T8864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  264.343752][ T8864] Call Trace:
[  264.343756][ T8864]  <TASK>
[  264.343760][ T8864]  dump_stack_lvl+0x100/0x190
[  264.343804][ T8864]  should_fail_ex.cold+0x5/0xa
[  264.343835][ T8864]  _copy_from_iter+0x1f4/0x1690
[  264.343859][ T8864]  ? __pfx__copy_from_iter+0x10/0x10
[  264.343874][ T8864]  ? rcu_is_watching+0x12/0xc0
[  264.343887][ T8864]  ? trace_kmem_cache_alloc+0xd5/0x100
[  264.343899][ T8864]  ? __kasan_slab_alloc+0x89/0x90
[  264.343911][ T8864]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  264.343927][ T8864]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  264.343943][ T8864]  copy_page_from_iter+0x238/0x300
[  264.343960][ T8864]  skb_copy_datagram_from_iter+0x399/0x720
[  264.343982][ T8864]  skb_copy_datagram_from_iter_full+0xf6/0x190
[  264.343998][ T8864]  ? __pfx_skb_copy_datagram_from_iter_full+0x10/0x10
[  264.344017][ T8864]  ? find_held_lock+0x2b/0x80
[  264.344032][ T8864]  virtio_transport_alloc_skb+0x8de/0x1400
[  264.344049][ T8864]  ? __pfx_virtio_transport_alloc_skb+0x10/0x10
[  264.344061][ T8864]  ? queue_work_on+0x11b/0x1e0
[  264.344071][ T8864]  ? lockdep_hardirqs_on+0x78/0x100
[  264.344086][ T8864]  ? queue_work_on+0x141/0x1e0
[  264.344097][ T8864]  virtio_transport_send_pkt_info+0x595/0x10d0
[  264.344114][ T8864]  virtio_transport_stream_enqueue+0xd7/0x130
[  264.344127][ T8864]  ? __pfx_virtio_transport_stream_enqueue+0x10/0x10
[  264.344140][ T8864]  ? _raw_spin_lock_irqsave+0x52/0x60
[  264.344155][ T8864]  ? mark_held_locks+0x40/0x70
[  264.344171][ T8864]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  264.344186][ T8864]  vsock_connectible_sendmsg+0xebf/0x12b0
[  264.344202][ T8864]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  264.344214][ T8864]  ? __pfx_aa_sk_perm+0x10/0x10
[  264.344228][ T8864]  ? __pfx_woken_wake_function+0x10/0x10
[  264.344242][ T8864]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  264.344255][ T8864]  __sys_sendto+0x468/0x4b0
[  264.344271][ T8864]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  264.344284][ T8864]  ? __pfx___sys_sendto+0x10/0x10
[  264.344303][ T8864]  ? __fget_files+0x215/0x3d0
[  264.344316][ T8864]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  264.344365][ T8864]  ? fput+0x79/0x100
[  264.344383][ T8864]  ? ksys_write+0x1ac/0x250
[  264.344396][ T8864]  __ia32_sys_sendto+0xdd/0x1b0
[  264.344412][ T8864]  ? __do_fast_syscall_32+0x98/0x970
[  264.344428][ T8864]  ? lockdep_hardirqs_on+0x78/0x100
[  264.344442][ T8864]  __do_fast_syscall_32+0xe7/0x970
[  264.344457][ T8864]  ? lockdep_hardirqs_on+0x78/0x100
[  264.344472][ T8864]  do_fast_syscall_32+0x32/0x70
[  264.344488][ T8864]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  264.344503][ T8864] RIP: 0023:0xf6fdef7c
[  264.344512][ T8864] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  264.344522][ T8864] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000171
[  264.344533][ T8864] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000600
[  264.344539][ T8864] RDX: 00000000fffffcaa RSI: 00000000000408c4 RDI: 0000000000000000
[  264.344546][ T8864] RBP: 00000000ffffff10 R08: 0000000000000000 R09: 0000000000000000
[  264.344551][ T8864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.344557][ T8864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  264.344570][ T8864]  </TASK>
[  264.769545][ T8875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.810'.
[  264.830985][ T8877] netlink: 'syz.0.811': attribute type 12 has an invalid length.
[  264.843533][ T8878] batadv_slave_1: entered promiscuous mode
[  264.916486][ T8878] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  266.462631][ T8888] netlink: 'syz.2.815': attribute type 1 has an invalid length.
[  266.535582][ T8891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.815'.
[  266.551785][ T8874] batadv_slave_1: left promiscuous mode
[  266.582967][ T8888] 8021q: adding VLAN 0 to HW filter on device bond4
[  266.637753][ T8895] syzkaller0: entered promiscuous mode
[  266.639851][ T8895] syzkaller0: entered allmulticast mode
[  266.657217][ T8897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.818'.
[  266.661031][ T8897] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode
[  266.870744][  T843] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  266.886296][  T843] hid-generic 0000:0000:0000.0009: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  267.788155][ T8921] netlink: 5252 bytes leftover after parsing attributes in process `syz.1.823'.
[  268.028417][ T8931] netlink: 5252 bytes leftover after parsing attributes in process `syz.2.829'.
[  268.036663][ T8931] block nbd0: not configured, cannot reconfigure
[  268.078350][ T8933] netlink: 5252 bytes leftover after parsing attributes in process `syz.2.830'.
[  268.253576][ T8942] netlink: 72 bytes leftover after parsing attributes in process `syz.2.832'.
[  268.757437][ T8944] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  268.809186][ T8951] FAULT_INJECTION: forcing a failure.
[  268.809186][ T8951] name failslab, interval 1, probability 0, space 0, times 0
[  268.814459][ T8951] CPU: 3 UID: 0 PID: 8951 Comm: syz.3.835 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  268.814500][ T8951] Tainted: [L]=SOFTLOCKUP
[  268.814506][ T8951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  268.814516][ T8951] Call Trace:
[  268.814522][ T8951]  <TASK>
[  268.814528][ T8951]  dump_stack_lvl+0x100/0x190
[  268.814562][ T8951]  should_fail_ex.cold+0x5/0xa
[  268.814585][ T8951]  should_failslab+0xc2/0x120
[  268.814606][ T8951]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  268.814632][ T8951]  ? security_file_alloc+0x34/0x2c0
[  268.814656][ T8951]  ? trace_kmem_cache_alloc+0xd5/0x100
[  268.814681][ T8951]  security_file_alloc+0x34/0x2c0
[  268.814704][ T8951]  init_file+0x95/0x480
[  268.814728][ T8951]  alloc_empty_file+0x79/0x1c0
[  268.814754][ T8951]  alloc_file_pseudo+0x13a/0x230
[  268.814780][ T8951]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  268.814811][ T8951]  __shmem_file_setup+0x205/0x460
[  268.814836][ T8951]  ? __pfx___shmem_file_setup+0x10/0x10
[  268.814862][ T8951]  ? __rwlock_init+0x37/0x150
[  268.814885][ T8951]  drm_gem_object_init+0x180/0x1b0
[  268.814912][ T8951]  ? __pfx_drm_gem_object_init+0x10/0x10
[  268.814952][ T8951]  __drm_gem_shmem_create+0x107/0x410
[  268.814978][ T8951]  drm_gem_shmem_dumb_create+0x7e/0x150
[  268.815004][ T8951]  drm_mode_create_dumb+0x272/0x300
[  268.815030][ T8951]  drm_mode_create_dumb_ioctl+0x24/0xe0
[  268.815054][ T8951]  drm_ioctl_kernel+0x1f3/0x3e0
[  268.815074][ T8951]  ? __pfx_drm_mode_create_dumb_ioctl+0x10/0x10
[  268.815098][ T8951]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  268.815126][ T8951]  drm_ioctl+0x5e6/0xc60
[  268.815149][ T8951]  ? __pfx_drm_mode_create_dumb_ioctl+0x10/0x10
[  268.815175][ T8951]  ? __pfx_drm_ioctl+0x10/0x10
[  268.815212][ T8951]  drm_compat_ioctl+0x386/0x4c0
[  268.815240][ T8951]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  268.815265][ T8951]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  268.815291][ T8951]  __do_fast_syscall_32+0xe7/0x970
[  268.815316][ T8951]  ? lockdep_hardirqs_on+0x78/0x100
[  268.815342][ T8951]  do_fast_syscall_32+0x32/0x70
[  268.815368][ T8951]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.815390][ T8951] RIP: 0023:0xf7f05f7c
[  268.815404][ T8951] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  268.815420][ T8951] RSP: 002b:00000000f53a550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  268.815438][ T8951] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c02064b2
[  268.815450][ T8951] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  268.815460][ T8951] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  268.815470][ T8951] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  268.815480][ T8951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  268.815502][ T8951]  </TASK>
[  269.012591][  T843] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  269.591135][ T5856] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  269.745511][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  269.761157][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  269.802324][ T5856] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  269.814002][ T5856] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  269.819001][ T5856] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  269.824977][ T5856] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  269.828582][ T5856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.954125][  T843] hid-generic 0000:0000:0000.000A: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  269.955790][ T5856] usbtmc 5-1:16.0: bulk endpoints not found
[  270.016194][ T8964] fido_id[8964]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  270.458912][ T5863] libceph: connect (1)[c::]:6789 error -101
[  270.467334][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  270.576683][ T8970] ceph: No mds server is up or the cluster is laggy
[  271.093409][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.842'.
[  271.098054][ T8979] support for the xor transformation has been removed.
[  271.145545][ T8981] syz_tun: entered allmulticast mode
[  271.161924][ T8978] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  271.204614][ T8980] syz_tun: left allmulticast mode
[  271.474940][ T8991] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1634559090 (3269118180 ns) > initial count (688128 ns). Using initial count to start timer.
[  272.242454][ T9007] dlm: no locking on control device
qemu-system-x86_64: warning: 9p: degraded performance: a reasonable high msize should be chosen on client/guest side (chosen msize is <= 8192). See https://wiki.qemu.org/Documentation/9psetup#msize for details.
[  272.255454][ T9007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.853'.
[  272.259412][ T9007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.853'.
[  272.263144][ T9007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.853'.
[  272.443432][  T843] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  272.454810][ T9009] random: crng reseeded on system resumption
[  272.499882][   T50] usb 5-1: USB disconnect, device number 20
[  272.622815][  T843] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  272.626981][  T843] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  272.631755][  T843] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  272.635987][  T843] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  272.640656][  T843] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  272.645423][  T843] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  272.665971][  T843] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  272.670448][  T843] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  272.674076][  T843] usb 8-1: Product: syz
[  272.675841][  T843] usb 8-1: Manufacturer: syz
[  272.709379][ T9013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'.
[  272.716081][ T9005] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  272.748333][  T843] cdc_wdm 8-1:1.0: skipping garbage
[  272.751157][  T843] cdc_wdm 8-1:1.0: skipping garbage
[  272.759984][  T843] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  272.763200][  T843] cdc_wdm 8-1:1.0: Unknown control protocol
[  272.956530][    C2] wdm_int_callback: 740 callbacks suppressed
[  272.956553][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.961628][    C2] wdm_int_callback: 740 callbacks suppressed
[  272.961645][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.966519][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.968968][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.972113][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.974562][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.978710][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.981401][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.984194][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.986947][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.989703][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.992455][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  272.995193][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  272.997922][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  273.000710][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  273.003538][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  273.006270][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  273.008921][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  273.011647][    C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  273.014180][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  273.092634][ T5841] usb 8-1: USB disconnect, device number 22
[  273.095170][    C2] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  273.258538][ T9029] syzkaller0: entered promiscuous mode
[  273.260819][ T9029] syzkaller0: entered allmulticast mode
[  273.279330][ T9030] tipc: Started in network mode
[  273.281009][ T9030] tipc: Node identity 9a067d1faff7, cluster identity 4711
[  273.283415][ T9030] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  273.285821][ T9029] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  273.291697][ T9028] tipc: Resetting bearer <eth:syzkaller0>
[  273.303946][ T9028] tipc: Disabling bearer <eth:syzkaller0>
[  273.576218][ T6592] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  273.730462][ T3266] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  273.735146][ T3266] hid-generic 0000:0000:0000.000B: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  273.742220][ T6592] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  273.749354][ T6592] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  273.753601][ T6592] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  273.758945][ T6592] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  273.766079][ T6592] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  273.773826][ T6592] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  273.781854][ T6592] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  273.785599][ T6592] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  273.788801][ T6592] usb 8-1: Product: syz
[  273.791101][ T6592] usb 8-1: Manufacturer: syz
[  273.800089][ T9005] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  273.805902][ T6592] cdc_wdm 8-1:1.0: skipping garbage
[  273.809722][ T6592] cdc_wdm 8-1:1.0: skipping garbage
[  273.813618][ T6592] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  273.816621][ T6592] cdc_wdm 8-1:1.0: Unknown control protocol
[  274.028236][ T6592] usb 8-1: USB disconnect, device number 23
[  274.081746][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  274.086933][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  274.098083][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  274.102619][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  274.105417][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.866'.
[  275.172658][ T9066] netlink: 'syz.3.869': attribute type 10 has an invalid length.
[  275.177937][ T9066] dummy0: entered promiscuous mode
[  275.181573][ T9066] bridge0: port 1(dummy0) entered blocking state
[  275.183858][ T9066] bridge0: port 1(dummy0) entered disabled state
[  275.186056][ T9066] dummy0: entered allmulticast mode
[  276.197755][ T9078] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.200057][ T9078] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.222138][ T9078] A link change request failed with some changes committed already. Interface batadv1 may have been left with an inconsistent configuration, please check.
[  276.231176][ T1042] wg2 speed is unknown, defaulting to 1000
[  276.497171][ T9088] netlink: 'syz.2.875': attribute type 1 has an invalid length.
[  276.499585][ T9088] netlink: 'syz.2.875': attribute type 1 has an invalid length.
[  276.650263][ T9091] __nla_validate_parse: 2 callbacks suppressed
[  276.650282][ T9091] netlink: 36 bytes leftover after parsing attributes in process `syz.2.876'.
[  277.968873][ T6592] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  277.984112][ T6592] hid-generic 0000:0000:0000.000C: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  278.076765][ T9102] netlink: 16 bytes leftover after parsing attributes in process `syz.3.879'.
[  278.502425][ T5841] usb 8-1: new full-speed USB device number 24 using dummy_hcd
[  278.541705][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.544383][ T9120] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.665355][ T5841] usb 8-1: not running at top speed; connect to a high speed hub
[  278.670329][ T5841] usb 8-1: config 3 has an invalid interface number: 9 but max is 1
[  278.675170][ T5841] usb 8-1: config 3 has an invalid descriptor of length 64, skipping remainder of the config
[  278.680851][ T5841] usb 8-1: config 3 has 1 interface, different from the descriptor's value: 2
[  278.687159][ T5841] usb 8-1: config 3 has no interface number 0
[  278.691109][ T5841] usb 8-1: config 3 interface 9 has no altsetting 0
[  278.709724][ T5841] usb 8-1: New USB device found, idVendor=20f4, idProduct=624d, bcdDevice=17.50
[  278.714368][ T5841] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.719743][ T5841] usb 8-1: Product: syz
[  278.722245][ T9120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.725381][ T5841] usb 8-1: Manufacturer: syz
[  278.728395][ T5841] usb 8-1: SerialNumber: syz
[  278.989845][   T24] wg2 speed is unknown, defaulting to 1000
[  278.992980][   T24] syz2: Port: 1 Link DOWN
[  278.996465][   T24] wg2 speed is unknown, defaulting to 1000
[  279.133693][ T9123] binder: BINDER_SET_CONTEXT_MGR already set
[  279.136691][ T9123] binder: 9116:9123 ioctl 4018620d 80000100 returned -16
[  279.219868][ T8276] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  279.224226][ T8276] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  279.228602][ T8276] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  279.235314][ T8276] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  279.517234][ T9130] netlink: 'syz.2.887': attribute type 9 has an invalid length.
[  279.521214][ T9130] netlink: 191164 bytes leftover after parsing attributes in process `syz.2.887'.
[  279.688972][ T9134] syz_tun: entered allmulticast mode
[  279.694259][ T9136] netlink: 'syz.0.886': attribute type 2 has an invalid length.
[  279.713491][ T9136] ‚#{6c: entered promiscuous mode
[  279.726612][ T9116] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  279.793667][ T9136] netlink: 'syz.0.886': attribute type 2 has an invalid length.
[  279.798978][ T9136] ‚#{6c: left promiscuous mode
[  279.828982][ T5841] usb 8-1: USB disconnect, device number 24
[  280.409975][ T9127] syz_tun: left allmulticast mode
[  280.582224][ T9148] /dev/nullb0: Can't open blockdev
[  280.596815][ T1042] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  280.647382][ T9152] bond1: option arp_validate: invalid value (18446744073709551615)
[  280.653314][ T9152] bond1 (unregistering): Released all slaves
[  280.758840][ T1042] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.765815][ T1042] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.771298][ T1042] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  280.777515][ T1042] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  280.781580][ T1042] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.786435][ T1042] usb 8-1: config 0 descriptor??
[  280.922716][  T843] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  281.102133][  T843] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  281.105045][  T843] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  281.108575][  T843] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  281.116143][  T843] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  281.120272][  T843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  281.125625][  T843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  281.137014][  T843] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  281.140262][  T843] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  281.143671][  T843] usb 6-1: Product: syz
[  281.145217][  T843] usb 6-1: Manufacturer: syz
[  281.231447][ T9147] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  281.245029][  T843] cdc_wdm 6-1:1.0: skipping garbage
[  281.246854][  T843] cdc_wdm 6-1:1.0: skipping garbage
[  281.254247][  T843] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  281.257616][  T843] cdc_wdm 6-1:1.0: Unknown control protocol
[  281.465816][    C3] wdm_int_callback: 375 callbacks suppressed
[  281.465841][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.469813][    C3] wdm_int_callback: 375 callbacks suppressed
[  281.469823][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.474047][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.476103][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.478174][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.480215][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.482339][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.484356][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.486519][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.488542][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.490589][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.492867][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.495029][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.497059][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.499123][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.501139][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.503279][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.505247][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.507445][    C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  281.509939][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  281.680661][ T3266] usb 6-1: USB disconnect, device number 24
[  281.682697][    C3] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  281.685446][ T9147] cdc_wdm 6-1:1.0: Tx URB error: -19
[  281.968660][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.970931][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.973247][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.975707][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.978016][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.980446][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.982788][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.985179][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.987574][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.989860][ T1042] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  281.999453][ T1042] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  282.949588][ T9174] fuse: Bad value for 'fd'
[  283.172168][ T3266] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  283.333932][ T3266] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  283.336500][ T3266] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  283.339395][ T3266] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  283.342018][ T3266] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  283.345405][ T3266] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  283.348892][ T3266] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  283.353845][ T3266] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  283.356895][ T3266] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  283.360100][ T3266] usb 6-1: Product: syz
[  283.361619][ T3266] usb 6-1: Manufacturer: syz
[  283.365146][ T9147] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  283.368390][ T3266] cdc_wdm 6-1:1.0: skipping garbage
[  283.370270][ T3266] cdc_wdm 6-1:1.0: skipping garbage
[  283.373328][ T3266] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  283.375486][ T3266] cdc_wdm 6-1:1.0: Unknown control protocol
[  283.586372][ T5841] usb 6-1: USB disconnect, device number 25
[  283.994704][ T9185] xt_bpf: check failed: parse error
[  284.165106][ T9191] x_tables: duplicate underflow at hook 3
[  284.465181][   T24] usb 8-1: reset high-speed USB device number 25 using dummy_hcd
[  284.471023][   T24] usb 8-1: device reset changed ep0 maxpacket size!
[  284.474987][  T843] usb 8-1: USB disconnect, device number 25
[  284.913409][ T9202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.907'.
[  285.501734][  T843] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  285.505034][ T9214] netlink: 'syz.1.911': attribute type 61 has an invalid length.
[  285.511558][   T40] kauditd_printk_skb: 222 callbacks suppressed
[  285.511568][   T40] audit: type=1326 audit(1781119981.733:3658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.523609][   T40] audit: type=1326 audit(1781119981.742:3659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.533835][   T40] audit: type=1326 audit(1781119981.742:3660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.543633][   T40] audit: type=1326 audit(1781119981.742:3661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.543680][   T40] audit: type=1326 audit(1781119981.742:3662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.550637][   T40] audit: type=1326 audit(1781119981.742:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.550676][   T40] audit: type=1326 audit(1781119981.742:3664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.550717][   T40] audit: type=1326 audit(1781119981.742:3665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.550752][   T40] audit: type=1326 audit(1781119981.742:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.550784][   T40] audit: type=1326 audit(1781119981.742:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.911" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  285.672675][  T843] usb 8-1: Using ep0 maxpacket: 16
[  285.762530][ T9220] netlink: 64 bytes leftover after parsing attributes in process `syz.3.903'.
[  286.396752][ T9236] netlink: 'syz.1.917': attribute type 3 has an invalid length.
[  286.826833][   T59] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  286.880485][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  286.945293][ T9238] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  286.985335][ T9241] netlink: 72 bytes leftover after parsing attributes in process `syz.0.919'.
[  287.269213][  T843] usb 8-1: unable to get BOS descriptor or descriptor too short
[  287.283364][  T843] usb 8-1: unable to read config index 0 descriptor/start: -71
[  287.292398][  T843] usb 8-1: can't read configurations, error -71
[  287.299237][ T9248] dummy0: left allmulticast mode
[  287.302377][ T9248] bridge0: port 1(dummy0) entered disabled state
[  287.330692][ T9248] bond0: (slave veth0_to_bond): Releasing backup interface
[  287.345537][ T9248] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  287.477290][ T9257] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  287.803879][ T9258] devpts: Unknown parameter 'smaps'
[  288.221691][ T9269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.925'.
[  288.405331][ T9271] loop7: detected capacity change from 0 to 16384
[  288.467527][ T9274] netlink: 4 bytes leftover after parsing attributes in process `syz.1.928'.
[  288.529924][ T9278] batadv_slave_1: entered promiscuous mode
[  288.548563][ T9278] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  288.625072][ T9279] netlink: 13 bytes leftover after parsing attributes in process `syz.3.926'.
[  288.976099][ T1042] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  289.427928][ T9272] batadv_slave_1: left promiscuous mode
[  289.451567][ T9286] overlayfs: overlapping lowerdir path
[  289.464508][ T9279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.926'.
[  289.510958][ T9288] netlink: 72 bytes leftover after parsing attributes in process `syz.2.930'.
[  289.514847][ T9288] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  289.516104][ T9288] 
@0Ù: renamed from bond_slave_1
[  289.565474][ T9291] usb usb1: selecting invalid altsetting -4
[  289.596438][ T9276] loop7: detected capacity change from 16384 to 0
[  289.637807][ T1042] usb 8-1: unable to get BOS descriptor or descriptor too short
[  289.721463][ T1042] usb 8-1: unable to read config index 0 descriptor/start: -71
[  289.724308][ T1042] usb 8-1: can't read configurations, error -71
[  289.850925][ T5848] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  290.023266][ T5848] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  290.027589][ T5848] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  290.030655][ T5848] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  290.034328][ T5848] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.039903][ T9290] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  290.044321][ T5848] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  290.273771][ T9290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.280741][ T9290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.294278][ T5848] usb 6-1: USB disconnect, device number 26
[  291.928963][ T9325] fuse: Bad value for 'user_id'
[  291.931086][ T9325] fuse: Bad value for 'user_id'
[  293.038325][ T9342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.944'.
[  293.111487][ T9344] batadv_slave_1: entered promiscuous mode
[  293.933949][ T9341] batadv_slave_1: left promiscuous mode
[  293.999467][ T9357] binder: BINDER_SET_CONTEXT_MGR already set
[  294.001337][ T9357] binder: 9356:9357 ioctl 4018620d 80000240 returned -16
[  294.005141][ T9357] binder: BINDER_SET_CONTEXT_MGR already set
[  294.007000][ T9357] binder: 9356:9357 ioctl 4018620d 80000040 returned -16
[  294.010836][ T9357] binder: 9356:9357 ioctl c0306201 0 returned -14
[  294.331066][ T9363] netlink: 4 bytes leftover after parsing attributes in process `syz.2.949'.
[  294.578400][ T9368] netlink: 'syz.3.951': attribute type 1 has an invalid length.
[  294.589857][ T9368] 8021q: adding VLAN 0 to HW filter on device bond3
[  294.604700][ T9368] bond3: (slave geneve3): making interface the new active one
[  294.611361][ T9368] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  294.948169][ T5848] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  295.140502][ T5848] usb 8-1: Using ep0 maxpacket: 8
[  295.294716][ T5848] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  295.404404][ T5848] usb 8-1: config 179 has no interface number 0
[  295.406400][ T5848] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  295.409785][ T5848] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  295.414481][ T5848] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  295.417856][ T5848] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  295.421430][ T5848] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  295.425363][ T5848] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  295.428115][ T5848] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.429483][ T9383] netlink: 'syz.0.955': attribute type 4 has an invalid length.
[  295.435008][ T9372] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  295.437567][ T9383] netlink: 'syz.0.955': attribute type 4 has an invalid length.
[  295.451239][ T9383] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration
[  295.455187][ T9383] ipt_ECN: cannot use operation on non-tcp rule
[  295.706936][   T39] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  295.867161][   T39] usb 5-1: Using ep0 maxpacket: 32
[  295.870499][   T39] usb 5-1: unable to get BOS descriptor or descriptor too short
[  295.873822][   T39] usb 5-1: config 8 has an invalid interface number: 188 but max is 0
[  295.876448][   T39] usb 5-1: config 8 has no interface number 0
[  295.878676][   T39] usb 5-1: too many endpoints for config 8 interface 188 altsetting 149: 64, using maximum allowed: 30
[  295.882331][   T39] usb 5-1: config 8 interface 188 altsetting 149 has 0 endpoint descriptors, different from the interface descriptor's value: 64
[  295.886368][   T39] usb 5-1: config 8 interface 188 has no altsetting 0
[  295.890894][   T39] usb 5-1: string descriptor 0 read error: -22
[  295.892977][   T39] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e
[  295.895780][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.902578][   T39] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state.
[  295.905334][   T39] dw2102: su3000_power_ctrl: 1, initialized 0
[  295.907465][   T39] dvb-usb: bulk message failed: -22 (2/0)
[  295.912789][   T39] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  295.917030][   T39] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3)
[  295.919674][   T39] usb 5-1: media controller created
[  295.921566][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.924989][   T39] dw2102: i2c transfer failed.
[  295.927581][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.929423][   T39] dw2102: i2c transfer failed.
[  295.930957][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.933177][   T39] dw2102: i2c transfer failed.
[  295.934690][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.936475][   T39] dw2102: i2c transfer failed.
[  295.937938][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.939662][   T39] dw2102: i2c transfer failed.
[  295.941175][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  295.943085][   T39] dw2102: i2c transfer failed.
[  295.946930][   T39] dvb-usb: MAC address: 02:02:02:02:02:02
[  295.956308][   T39] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  295.969426][   T39] dvb-usb: bulk message failed: -22 (3/0)
[  295.974727][   T39] dw2102: command 0x0e transfer failed.
[  295.984779][   T39] dvb-usb: bulk message failed: -22 (3/0)
[  295.988924][   T39] dw2102: command 0x0e transfer failed.
[  296.034815][ T9372] wg2 speed is unknown, defaulting to 1000
[  296.417542][   T39] dvb-usb: bulk message failed: -22 (3/0)
[  296.420504][   T39] dw2102: command 0x0e transfer failed.
[  296.572490][ T5848] usb 8-1: USB disconnect, device number 30
[  296.575118][    C0] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  296.575158][    C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  297.057213][   T39] dvb-usb: bulk message failed: -22 (3/0)
[  297.059381][   T39] dw2102: command 0x0e transfer failed.
[  297.061067][   T39] dvb-usb: bulk message failed: -22 (1/0)
[  297.062811][   T39] dw2102: command 0x51 transfer failed.
[  297.066963][ T9383] dw2102: i2c wr: len=67 is too big!
[  297.066963][ T9383] 
[  297.093919][   T39] DVB: Unable to find symbol ds3000_attach()
[  297.095697][   T39] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3'
[  297.138897][   T39] rc_core: IR keymap rc-su3000 not found
[  297.140604][   T39] Registered IR keymap rc-empty
[  297.143544][   T39] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0
[  297.149227][   T39] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input18
[  297.158922][   T39] dvb-usb: schedule remote query interval to 150 msecs.
[  297.161997][   T39] dw2102: su3000_power_ctrl: 0, initialized 1
[  297.164544][   T39] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected.
[  297.172871][   T39] usb 5-1: USB disconnect, device number 21
[  297.227032][ T9401] binder: BINDER_SET_CONTEXT_MGR already set
[  297.230817][ T9401] binder: 9400:9401 ioctl 4018620d 80000240 returned -16
[  297.240716][ T9401] binder: BINDER_SET_CONTEXT_MGR already set
[  297.243824][ T9401] binder: 9400:9401 ioctl 4018620d 80000040 returned -16
[  297.249349][ T9401] binder: 9400:9401 ioctl c0306201 0 returned -14
[  297.260926][   T39] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully deinitialized and disconnected.
[  297.427628][ T9402] trusted_key: encrypted_key: master key parameter 'defañŠ#,ser:syz' is invalid
[  297.473041][ T9402] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  297.706145][ T9407] serio: Serial port ptm0
[  297.946366][ T9406] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  297.973598][ T9413] could not allocate digest TFM handle md5
[  298.034072][ T9413] wg2 speed is unknown, defaulting to 1000
[  298.849703][ T9425] netlink: 64 bytes leftover after parsing attributes in process `syz.3.965'.
[  298.955503][ T9429] wg2 speed is unknown, defaulting to 1000
[  299.306270][ T9439] binder: 9438:9439 ioctl c0306201 0 returned -14
[  299.872503][ T9446] netlink: 4 bytes leftover after parsing attributes in process `syz.1.973'.
[  299.935995][ T9447] batadv_slave_1: entered promiscuous mode
[  299.941972][ T9447] trusted_key: encrypted_key: insufficient parameters specified
[  299.950219][ T9447] trusted_key: encrypted_key: insufficient parameters specified
[  299.971119][ T9449] RDS: rds_bind could not find a transport for ::ffff:172.20.20.27, load rds_tcp or rds_rdma?
[  300.388016][ T9451] netlink: 56 bytes leftover after parsing attributes in process `syz.3.974'.
[  300.426301][ T9451] (syz.3.974,9451,3):ocfs2_get_sector:1714 ERROR: status = -5
[  300.430496][ T9451] (syz.3.974,9451,3):ocfs2_sb_probe:753 ERROR: status = -5
[  300.433024][ T9451] (syz.3.974,9451,3):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  300.435777][ T9451] (syz.3.974,9451,3):ocfs2_fill_super:1177 ERROR: status = -5
[  300.461555][ T9451] netlink: 'syz.3.974': attribute type 10 has an invalid length.
[  300.465718][ T9451] 8021q: adding VLAN 0 to HW filter on device bond0
[  300.468775][ T9451] team0: Port device bond0 added
[  300.493075][ T9451] capability: warning: `syz.3.974' uses 32-bit capabilities (legacy support in use)
[  300.638139][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.977'.
[  300.702485][ T9458] batadv_slave_1: entered promiscuous mode
[  300.769984][ T9445] batadv_slave_1: left promiscuous mode
[  300.846886][ T9458] trusted_key: encrypted_key: insufficient parameters specified
[  300.866580][ T9458] trusted_key: encrypted_key: insufficient parameters specified
[  301.062505][ T6592] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  301.180549][ T9454] batadv_slave_1: left promiscuous mode
[  301.277053][ T6592] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  301.285000][ T6592] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  301.293728][ T6592] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  301.299975][ T6592] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.373246][ T9465] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  301.385418][   T40] kauditd_printk_skb: 562 callbacks suppressed
[  301.385428][   T40] audit: type=1326 audit(1781119996.593:4230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.400620][   T40] audit: type=1326 audit(1781119996.602:4231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.410554][   T40] audit: type=1326 audit(1781119996.602:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.421673][   T40] audit: type=1326 audit(1781119996.602:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.429549][   T40] audit: type=1326 audit(1781119996.612:4234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.439580][   T40] audit: type=1326 audit(1781119996.612:4235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.449201][   T40] audit: type=1326 audit(1781119996.612:4236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.457964][   T40] audit: type=1326 audit(1781119996.621:4237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.467595][   T40] audit: type=1326 audit(1781119996.621:4238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.497148][   T40] audit: type=1326 audit(1781119996.687:4240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.3.979" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05f7c code=0x7ffc0000
[  301.529732][ T6592] usb 6-1: usb_control_msg returned -32
[  301.529756][ T6592] usbtmc 6-1:16.0: can't read capabilities
[  301.539845][ T6592] usb 6-1: USB disconnect, device number 27
[  301.677856][ T9468] can0: slcan on ttyS3.
[  302.544701][ T9480] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  303.324154][ T9463] can0 (unregistered): slcan off ttyS3.
[  304.888547][ T9583] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  305.662047][ T9600] netlink: 'syz.3.999': attribute type 5 has an invalid length.
[  305.662071][ T9600] netlink: 16 bytes leftover after parsing attributes in process `syz.3.999'.
[  305.718775][ T9603] tmpfs: Unknown parameter 'mæ9ƒ#pol'
[  306.018956][ T3266] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  306.179242][ T3266] usb 8-1: Using ep0 maxpacket: 8
[  306.183220][ T3266] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  306.188059][ T3266] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  306.193777][ T3266] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  306.198138][ T3266] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  306.204893][ T3266] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  306.212119][ T3266] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  306.215477][ T3266] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.448816][ T9603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  306.457276][ T9603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  306.476682][ T3266] usb 8-1: usb_control_msg returned -71
[  306.486985][ T3266] usbtmc 8-1:16.0: can't read capabilities
[  306.503822][ T3266] usb 8-1: USB disconnect, device number 31
[  306.717110][ T9629] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  306.898717][ T9614] netlink: 'syz.2.1001': attribute type 4 has an invalid length.
[  306.902666][ T9614] netlink: 'syz.2.1001': attribute type 4 has an invalid length.
[  306.906251][ T9614] netlink: 'syz.2.1001': attribute type 4 has an invalid length.
[  306.912170][ T9614] netlink: 'syz.2.1001': attribute type 4 has an invalid length.
[  307.002293][   T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  307.165186][   T24] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  307.168068][   T24] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  307.171223][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  307.174142][   T24] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  307.177828][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  307.181140][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  307.186746][   T24] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  307.189641][   T24] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  307.192110][   T24] usb 6-1: Product: syz
[  307.193388][   T24] usb 6-1: Manufacturer: syz
[  307.197260][ T9631] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  307.200673][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  307.202305][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  307.204743][   T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  307.206612][   T24] cdc_wdm 6-1:1.0: Unknown control protocol
[  307.410931][   T40] kauditd_printk_skb: 334 callbacks suppressed
[  307.410941][   T40] audit: type=1326 audit(1781120002.227:4574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.426138][    C2] wdm_int_callback: 877 callbacks suppressed
[  307.426150][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.430040][    C2] wdm_int_callback: 877 callbacks suppressed
[  307.430048][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.433907][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.435869][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.437890][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.439898][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.441962][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.443988][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.446041][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.448072][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.450152][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.452198][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.454290][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.456316][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.458366][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.460385][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.462511][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.464528][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.466565][    C2] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  307.468638][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  307.477120][   T40] audit: type=1326 audit(1781120002.236:4575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.484945][   T40] audit: type=1326 audit(1781120002.236:4576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.491511][   T40] audit: type=1326 audit(1781120002.236:4577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.498480][   T40] audit: type=1326 audit(1781120002.236:4578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.505325][   T40] audit: type=1326 audit(1781120002.236:4579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.512052][   T40] audit: type=1326 audit(1781120002.236:4580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.518854][   T40] audit: type=1326 audit(1781120002.236:4581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.525933][   T40] audit: type=1326 audit(1781120002.236:4582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.535333][   T40] audit: type=1326 audit(1781120002.236:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9638 comm="syz.0.1009" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf706ef7c code=0x7ffc0000
[  307.590911][   T24] usb 6-1: USB disconnect, device number 28
[  307.592859][    C2] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  307.595556][ T9631] cdc_wdm 6-1:1.0: Tx URB error: -19
[  308.466050][   T24] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  308.631742][   T24] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  308.635436][   T24] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  308.639960][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  308.643624][   T24] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  308.649249][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  308.653813][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  308.660049][   T24] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  308.663818][   T24] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  308.667141][   T24] usb 6-1: Product: syz
[  308.668817][   T24] usb 6-1: Manufacturer: syz
[  308.677402][ T9631] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  308.684670][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  308.687211][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  308.691521][   T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  308.694210][   T24] cdc_wdm 6-1:1.0: Unknown control protocol
[  308.912034][   T24] usb 6-1: USB disconnect, device number 29
[  308.950651][ T9656] netlink: 'syz.0.1011': attribute type 1 has an invalid length.
[  308.964936][ T9656] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1011'.
[  309.037318][ T9660] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  309.039885][ T9660] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  309.045821][ T9660] vhci_hcd vhci_hcd.0: Device attached
[  309.056824][ T9661] vhci_hcd: connection closed
[  309.057527][ T1173] vhci_hcd vhci_hcd.0: stop threads
[  309.063117][ T1173] vhci_hcd vhci_hcd.0: release socket
[  309.064903][ T1173] vhci_hcd vhci_hcd.0: disconnect device
[  309.476679][ T9668] binder: 9667:9668 ioctl 8933 80000900 returned -22
[  309.480085][ T9668] binder: BINDER_SET_CONTEXT_MGR already set
[  309.483261][ T9668] binder: 9667:9668 ioctl 4018620d 80000240 returned -16
[  309.488823][ T9668] binder: BINDER_SET_CONTEXT_MGR already set
[  309.491363][ T9668] binder: 9667:9668 ioctl 4018620d 80000040 returned -16
[  310.535514][ T9697] comedi comedi0: Minor 7 could not be opened
[  310.628446][ T9702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1025'.
[  310.718801][ T9704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1027'.
[  310.780244][ T9705] batadv_slave_1: entered promiscuous mode
[  310.787967][ T9705] trusted_key: encrypted_key: insufficient parameters specified
[  310.792290][ T9705] trusted_key: encrypted_key: insufficient parameters specified
[  311.092426][ T3266] hid_parser_main: 5 callbacks suppressed
[  311.092445][ T3266] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  311.107612][ T3266] hid-generic 0000:0000:0000.000E: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  311.460933][ T9716] overlayfs: failed to resolve './file0': -2
[  311.655764][ T9703] batadv_slave_1: left promiscuous mode
[  311.697093][ T9723] wg2 speed is unknown, defaulting to 1000
[  311.722674][ T9725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1033'.
[  311.731812][ T9726] FAULT_INJECTION: forcing a failure.
[  311.731812][ T9726] name failslab, interval 1, probability 0, space 0, times 0
[  311.739109][ T9726] CPU: 3 UID: 0 PID: 9726 Comm: syz.2.1034 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  311.739126][ T9726] Tainted: [L]=SOFTLOCKUP
[  311.739130][ T9726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  311.739136][ T9726] Call Trace:
[  311.739140][ T9726]  <TASK>
[  311.739144][ T9726]  dump_stack_lvl+0x100/0x190
[  311.739167][ T9726]  should_fail_ex.cold+0x5/0xa
[  311.739181][ T9726]  ? tomoyo_encode2+0xfb/0x3c0
[  311.739195][ T9726]  should_failslab+0xc2/0x120
[  311.739209][ T9726]  __kmalloc_noprof+0xe0/0x850
[  311.739228][ T9726]  tomoyo_encode2+0xfb/0x3c0
[  311.739245][ T9726]  tomoyo_encode+0x29/0x50
[  311.739259][ T9726]  tomoyo_realpath_from_path+0x18c/0x690
[  311.739279][ T9726]  tomoyo_path_number_perm+0x23c/0x580
[  311.739313][ T9726]  ? tomoyo_path_number_perm+0x22e/0x580
[  311.739327][ T9726]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  311.739340][ T9726]  ? get_pid_task+0x106/0x250
[  311.739368][ T9726]  ? find_held_lock+0x2b/0x80
[  311.739380][ T9726]  ? __fget_files+0x215/0x3d0
[  311.739392][ T9726]  ? hook_file_ioctl_common+0x149/0x410
[  311.739404][ T9726]  ? __fget_files+0x215/0x3d0
[  311.739418][ T9726]  ? __fget_files+0x21f/0x3d0
[  311.739432][ T9726]  security_file_ioctl_compat+0xd3/0x230
[  311.739447][ T9726]  __ia32_compat_sys_ioctl+0xc2/0x360
[  311.739460][ T9726]  __do_fast_syscall_32+0xe7/0x970
[  311.739476][ T9726]  ? lockdep_hardirqs_on+0x78/0x100
[  311.739492][ T9726]  do_fast_syscall_32+0x32/0x70
[  311.739507][ T9726]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  311.739521][ T9726] RIP: 0023:0xf6feef7c
[  311.739529][ T9726] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  311.739540][ T9726] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  311.739551][ T9726] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c048aeca
[  311.739557][ T9726] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  311.739563][ T9726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  311.739569][ T9726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  311.739575][ T9726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  311.739588][ T9726]  </TASK>
[  311.739714][ T9726] ERROR: Out of memory at tomoyo_realpath_from_path.
[  311.773523][ T9725] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1033'.
[  311.864355][ T5848] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  312.033392][ T5848] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  312.036444][ T5848] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  312.042438][ T5848] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  312.050912][ T5848] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  312.060177][ T5848] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  312.067321][ T5848] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  312.083838][ T5848] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  312.090344][ T5848] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  312.097543][ T5848] usb 8-1: Product: syz
[  312.100290][ T5848] usb 8-1: Manufacturer: syz
[  312.129592][ T9701] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  312.141120][ T5848] cdc_wdm 8-1:1.0: skipping garbage
[  312.143154][ T5848] cdc_wdm 8-1:1.0: skipping garbage
[  312.156055][ T5848] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  312.158453][ T5848] cdc_wdm 8-1:1.0: Unknown control protocol
[  312.628793][    C0] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  312.630284][ T3266] usb 8-1: USB disconnect, device number 32
[  312.801250][ T9748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1040'.
[  312.811694][ T9752] IPVS: set_ctl: invalid protocol: 135 10.1.1.2:20004
[  312.895486][ T9755] batadv_slave_1: entered promiscuous mode
[  312.904333][ T9755] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  313.186730][ T9756] Mount JFS Failure: -5
[  313.460368][ T9747] batadv_slave_1: left promiscuous mode
[  313.892456][ T3266] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[  314.301190][ T3266] usb 8-1: device not accepting address 33, error -71
[  315.811135][ T9784] syzkaller0: entered promiscuous mode
[  315.813469][ T9784] syzkaller0: entered allmulticast mode
[  315.818873][ T9784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1051'.
[  315.874505][ T9790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1054'.
[  315.947570][ T9791] batadv_slave_1: entered promiscuous mode
[  315.970382][ T9791] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  318.993986][ T9789] batadv_slave_1: left promiscuous mode
[  319.537633][ T9810] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  320.338315][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  320.341795][ T8260] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  321.079941][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1068'.
[  321.278443][ T9835] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  322.282823][ T9839] FAULT_INJECTION: forcing a failure.
[  322.282823][ T9839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.292664][ T9839] CPU: 0 UID: 0 PID: 9839 Comm: syz.2.1069 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  322.292683][ T9839] Tainted: [L]=SOFTLOCKUP
[  322.292686][ T9839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  322.292693][ T9839] Call Trace:
[  322.292697][ T9839]  <TASK>
[  322.292702][ T9839]  dump_stack_lvl+0x100/0x190
[  322.292724][ T9839]  should_fail_ex.cold+0x5/0xa
[  322.292738][ T9839]  _copy_to_user+0x32/0xd0
[  322.292754][ T9839]  simple_read_from_buffer+0xcb/0x170
[  322.292769][ T9839]  proc_fail_nth_read+0x1af/0x230
[  322.292786][ T9839]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  322.292804][ T9839]  ? rw_verify_area+0xce/0x6d0
[  322.292814][ T9839]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  322.292830][ T9839]  vfs_read+0x1e4/0xb30
[  322.292844][ T9839]  ? __pfx_vfs_read+0x10/0x10
[  322.292855][ T9839]  ? find_held_lock+0x2b/0x80
[  322.292868][ T9839]  ? __fget_files+0x215/0x3d0
[  322.292883][ T9839]  ? __fget_files+0x21f/0x3d0
[  322.292898][ T9839]  ksys_read+0x12a/0x250
[  322.292910][ T9839]  ? __pfx_ksys_read+0x10/0x10
[  322.292921][ T9839]  ? rcu_is_watching+0x12/0xc0
[  322.292934][ T9839]  ? rcu_is_watching+0x12/0xc0
[  322.292947][ T9839]  do_int80_emulation+0x14b/0x720
[  322.292965][ T9839]  asm_int80_emulation+0x1a/0x20
[  322.292976][ T9839] RIP: 0023:0xf71261ab
[  322.292985][ T9839] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  322.293000][ T9839] RSP: 002b:00000000f53dd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  322.293011][ T9839] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53dd5d0
[  322.293017][ T9839] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  322.293023][ T9839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  322.293029][ T9839] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  322.293035][ T9839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  322.293048][ T9839]  </TASK>
[  323.795242][ T9871] siw: device registration error -23
[  323.806860][ T9871] smc: removing ib device syz2
[  323.823643][ T9871] smbdirect: ib_dev[syz2] removed
[  324.279666][ T9871] ------------[ cut here ]------------
[  324.281574][ T9871] !xa_empty(&pool->xa)
[  324.281581][ T9871] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x46/0x60, CPU#1: syz.1.1079/9871
[  324.286395][ T9871] Modules linked in:
[  324.288186][ T9871] CPU: 1 UID: 0 PID: 9871 Comm: syz.1.1079 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  324.294082][ T9871] Tainted: [L]=SOFTLOCKUP
[  324.295908][ T9871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  324.300023][ T9871] RIP: 0010:rxe_pool_cleanup+0x46/0x60
[  324.302281][ T9871] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 29 48 83 bb 80 00 00 00 00 75 0b e8 76 e7 52 f9 5b c3 cc cc cc cc e8 6b e7 52 f9 90 <0f> 0b 90 e8 62 e7 52 f9 5b c3 cc cc cc cc e8 17 d4 bf f9 eb d0 0f
[  324.310133][ T9871] RSP: 0000:ffffc9000777f150 EFLAGS: 00010246
[  324.312235][ T9871] RAX: 0000000000080000 RBX: ffff88804dc61398 RCX: ffffc90031a01000
[  324.314737][ T9871] RDX: 0000000000080000 RSI: ffffffff88b515f5 RDI: ffff88804dc61418
[  324.317275][ T9871] RBP: ffffffff88b371e0 R08: 0000000000000005 R09: 0000000000000001
[  324.319982][ T9871] R10: 0000000000000002 R11: 0000000000000000 R12: ffff88804dc60698
[  324.322697][ T9871] R13: ffff88804dc5ffe0 R14: ffff88804dc5ffe0 R15: ffff88804dc610f8
[  324.325281][ T9871] FS:  0000000000000000(0000) GS:ffff88809728e000(0063) knlGS:00000000f53cdb40
[  324.327975][ T9871] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  324.330134][ T9871] CR2: 00000000800015c0 CR3: 000000007618b000 CR4: 0000000000352ef0
[  324.333382][ T9871] Call Trace:
[  324.334842][ T9871]  <TASK>
[  324.336140][ T9871]  rxe_dealloc+0x25/0xc0
[  324.337862][ T9871]  ib_dealloc_device+0x49/0x230
[  324.339840][ T9871]  __ib_unregister_device+0x396/0x480
[  324.342070][ T9871]  ib_unregister_device_and_put+0x5a/0x80
[  324.344377][ T9871]  nldev_dellink+0x308/0x430
[  324.346350][ T9871]  ? __pfx_nldev_dellink+0x10/0x10
[  324.348107][ T9871]  ? rcu_is_watching+0x12/0xc0
[  324.349606][ T9871]  ? apparmor_capable+0x1d7/0x4d0
[  324.351389][ T9871]  ? bpf_lsm_capable+0x9/0x10
[  324.352979][ T9871]  ? security_capable+0x80/0x260
[  324.354624][ T9871]  ? ns_capable+0xd2/0xf0
[  324.356482][ T9871]  ? __pfx_nldev_dellink+0x10/0x10
[  324.358143][ T9871]  rdma_nl_rcv_msg+0x392/0x6f0
[  324.359895][ T9871]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  324.361894][ T9871]  ? __lock_acquire+0x4a5/0x2630
[  324.363956][ T9871]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  324.366518][ T9871]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  324.369263][ T9871]  ? netlink_deliver_tap+0x1ae/0xcc0
[  324.371447][ T9871]  netlink_unicast+0x585/0x850
[  324.373447][ T9871]  ? __pfx_netlink_unicast+0x10/0x10
[  324.375620][ T9871]  netlink_sendmsg+0x8b0/0xda0
[  324.377631][ T9871]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.379780][ T9871]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  324.382083][ T9871]  ____sys_sendmsg+0x9e1/0xb70
[  324.384041][ T9871]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.386163][ T9871]  ? __pfx_____sys_sendmsg+0x10/0x10
[  324.388395][ T9871]  ? __pfx___futex_wait+0x10/0x10
[  324.390454][ T9871]  ? __pfx_futex_wake_mark+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  324.392637][ T9871]  ___sys_sendmsg+0x190/0x1e0
[  324.394719][ T9871]  ? __pfx____sys_sendmsg+0x10/0x10
[  324.396880][ T9871]  ? find_held_lock+0x2b/0x80
[  324.398820][ T9871]  __sys_sendmsg+0x170/0x220
[  324.400776][ T9871]  ? __pfx___sys_sendmsg+0x10/0x10
[  324.402865][ T9871]  ? rcu_is_watching+0x12/0xc0
[  324.404791][ T9871]  __do_fast_syscall_32+0xe7/0x970
[  324.406836][ T9871]  ? lockdep_hardirqs_on+0x78/0x100
[  324.408923][ T9871]  do_fast_syscall_32+0x32/0x70
[  324.410972][ T9871]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.413562][ T9871] RIP: 0023:0xf6fdef7c
[  324.415240][ T9871] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  324.422911][ T9871] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  324.426266][ T9871] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800002c0
[  324.429501][ T9871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  324.432818][ T9871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.436027][ T9871] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  324.439229][ T9871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.442780][ T9871]  </TASK>
[  324.444075][ T9871] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  324.446992][ T9871] CPU: 1 UID: 0 PID: 9871 Comm: syz.1.1079 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  324.451314][ T9871] Tainted: [L]=SOFTLOCKUP
[  324.453073][ T9871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  324.457086][ T9871] Call Trace:
[  324.458486][ T9871]  <TASK>
[  324.459706][ T9871]  dump_stack_lvl+0x100/0x190
[  324.461630][ T9871]  vpanic+0x552/0x970
[  324.463258][ T9871]  ? __pfx_vpanic+0x10/0x10
[  324.465115][ T9871]  panic+0xd1/0xe0
[  324.466677][ T9871]  ? __pfx_panic+0x10/0x10
[  324.468554][ T9871]  check_panic_on_warn.cold+0x19/0x34
[  324.470765][ T9871]  ? rxe_pool_cleanup+0x46/0x60
[  324.472777][ T9871]  __warn.cold+0x191/0x328
[  324.474620][ T9871]  __report_bug+0x296/0x3d0
[  324.476512][ T9871]  ? rxe_pool_cleanup+0x46/0x60
[  324.478504][ T9871]  ? __pfx___report_bug+0x10/0x10
[  324.480576][ T9871]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  324.482960][ T9871]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[  324.485327][ T9871]  ? __flush_workqueue+0x426/0x1200
[  324.487428][ T9871]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  324.489705][ T9871]  ? rxe_pool_cleanup+0x46/0x60
[  324.491683][ T9871]  report_bug+0xb2/0x220
[  324.493431][ T9871]  ? rxe_pool_cleanup+0x46/0x60
[  324.495403][ T9871]  handle_bug+0x16a/0x2a0
[  324.497169][ T9871]  exc_invalid_op+0x17/0x50
[  324.498992][ T9871]  asm_exc_invalid_op+0x1a/0x20
[  324.501008][ T9871] RIP: 0010:rxe_pool_cleanup+0x46/0x60
[  324.503253][ T9871] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 29 48 83 bb 80 00 00 00 00 75 0b e8 76 e7 52 f9 5b c3 cc cc cc cc e8 6b e7 52 f9 90 <0f> 0b 90 e8 62 e7 52 f9 5b c3 cc cc cc cc e8 17 d4 bf f9 eb d0 0f
[  324.510959][ T9871] RSP: 0000:ffffc9000777f150 EFLAGS: 00010246
[  324.513439][ T9871] RAX: 0000000000080000 RBX: ffff88804dc61398 RCX: ffffc90031a01000
[  324.516613][ T9871] RDX: 0000000000080000 RSI: ffffffff88b515f5 RDI: ffff88804dc61418
[  324.519728][ T9871] RBP: ffffffff88b371e0 R08: 0000000000000005 R09: 0000000000000001
[  324.522920][ T9871] R10: 0000000000000002 R11: 0000000000000000 R12: ffff88804dc60698
[  324.526162][ T9871] R13: ffff88804dc5ffe0 R14: ffff88804dc5ffe0 R15: ffff88804dc610f8
[  324.529412][ T9871]  ? __pfx_rxe_dealloc+0x10/0x10
[  324.531498][ T9871]  ? rxe_pool_cleanup+0x45/0x60
[  324.533524][ T9871]  rxe_dealloc+0x25/0xc0
[  324.535255][ T9871]  ib_dealloc_device+0x49/0x230
[  324.537273][ T9871]  __ib_unregister_device+0x396/0x480
[  324.539451][ T9871]  ib_unregister_device_and_put+0x5a/0x80
[  324.541808][ T9871]  nldev_dellink+0x308/0x430
[  324.543732][ T9871]  ? __pfx_nldev_dellink+0x10/0x10
[  324.545902][ T9871]  ? rcu_is_watching+0x12/0xc0
[  324.547880][ T9871]  ? apparmor_capable+0x1d7/0x4d0
[  324.549927][ T9871]  ? bpf_lsm_capable+0x9/0x10
[  324.551938][ T9871]  ? security_capable+0x80/0x260
[  324.553947][ T9871]  ? ns_capable+0xd2/0xf0
[  324.555712][ T9871]  ? __pfx_nldev_dellink+0x10/0x10
[  324.557783][ T9871]  rdma_nl_rcv_msg+0x392/0x6f0
[  324.559736][ T9871]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  324.561923][ T9871]  ? __lock_acquire+0x4a5/0x2630
[  324.563970][ T9871]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  324.566589][ T9871]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  324.569409][ T9871]  ? netlink_deliver_tap+0x1ae/0xcc0
[  324.571595][ T9871]  netlink_unicast+0x585/0x850
[  324.573535][ T9871]  ? __pfx_netlink_unicast+0x10/0x10
[  324.575743][ T9871]  netlink_sendmsg+0x8b0/0xda0
[  324.577697][ T9871]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.579876][ T9871]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  324.582204][ T9871]  ____sys_sendmsg+0x9e1/0xb70
[  324.584193][ T9871]  ? __pfx_netlink_sendmsg+0x10/0x10
[  324.586351][ T9871]  ? __pfx_____sys_sendmsg+0x10/0x10
[  324.588489][ T9871]  ? __pfx___futex_wait+0x10/0x10
[  324.590541][ T9871]  ? __pfx_futex_wake_mark+0x10/0x10
[  324.592741][ T9871]  ___sys_sendmsg+0x190/0x1e0
[  324.594690][ T9871]  ? __pfx____sys_sendmsg+0x10/0x10
[  324.596852][ T9871]  ? find_held_lock+0x2b/0x80
[  324.598809][ T9871]  __sys_sendmsg+0x170/0x220
[  324.600760][ T9871]  ? __pfx___sys_sendmsg+0x10/0x10
[  324.602942][ T9871]  ? rcu_is_watching+0x12/0xc0
[  324.604985][ T9871]  __do_fast_syscall_32+0xe7/0x970
[  324.607089][ T9871]  ? lockdep_hardirqs_on+0x78/0x100
[  324.609259][ T9871]  do_fast_syscall_32+0x32/0x70
[  324.611293][ T9871]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.613921][ T9871] RIP: 0023:0xf6fdef7c
[  324.615616][ T9871] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  324.622625][ T9871] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  324.625288][ T9871] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800002c0
[  324.628071][ T9871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  324.631170][ T9871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.634344][ T9871] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  324.637522][ T9871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.640770][ T9871]  </TASK>
[  324.642812][ T9871] Kernel Offset: disabled
[  324.644595][ T9871] Rebooting in 86400 seconds..