last executing test programs:

9.765753589s ago: executing program 3 (id=945):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000800", @ANYRES16=r1, @ANYBLOB="010f2bbd7000fbdbdf2500000000"], 0x14}, 0x1, 0x0, 0x0, 0x2801}, 0x20000008)
r2 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x2c58, 0x0, 0x0, 0x10e}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='oom_score_adj\x00')
read$msr(r5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff11})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
timerfd_create(0x0, 0x0)
r6 = syz_io_uring_setup(0x35ba, &(0x7f0000000080)={0x0, 0x0, 0x400, 0x0, 0x100320}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r9)
sendmsg$NLBL_CIPSOV4_C_ADD(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000009bfb158856a8ce3e378570221326f1001e7a8825cfa65c4c03000000000000009908af308d1509b48288d20d8502e089da9af931e37a58fb5eca7affebee94bfca67d4eab741b8b0a648a1bce0538a52acfdde6a874588b040b105d0a6902e9ce6a29f8f4e4ffdfa2c63e0daf98630a18c8ebcaf0e077e3c7b830193965d58dc", @ANYRES16=r10, @ANYRESHEX=r4], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$DRM_IOCTL_SET_MASTER(r5, 0x641e)
socket$rds(0x15, 0x5, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)
munlockall()
madvise(&(0x7f00005a6000/0x2000)=nil, 0x2000, 0x19)

9.642137027s ago: executing program 4 (id=947):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x80, 0x0, @local, 0x13}, 0x1c)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={0x0})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000000c0)=@mmap={0x1, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "bf631e4b"}})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)

9.51228545s ago: executing program 2 (id=949):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket(0xf, 0x2, 0x5)
unshare(0x400)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040))
ioctl(r3, 0x8b1a, &(0x7f0000000040))
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
accept4$bt_l2cap(r6, 0x0, 0x0, 0x0)
shutdown(r6, 0x1)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000002c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x3, 0x3, 0x47314356, [0x0, 0x8000000], [0x9200, 0x1]}}})
ioctl$VIDIOC_QBUF(r7, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})

8.392800973s ago: executing program 4 (id=951):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020e00001000000000000000000000000300050000000000020000000a0101010000000000000000030006000000000002000002ac1e010100000000000000000800120000400200000000000000000006000000000000000200000000000000ff020000000000000000000000000001000000000000000000000000000000007e0ae7d124ff739f267a08d13d82f7df2d60240f88ba0824fa4fd24368fa2a1f4b9f80cf0e24e14969476b537707e34c5b5c2127f3444446b5edcd41975fee4972345e9b644a1c4ba8b9b9e1493085401e94cbb20e022b793f14875d9c150054596533885093f181ce1b48469d56fe9a272c1cf560"], 0x80}}, 0x0)
mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa)
socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xdaa4, 0x7, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)

7.678091556s ago: executing program 0 (id=954):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032cbd7000fbdbdf2505000000050002002b937f940500060004000000"], 0x24}, 0x1, 0x0, 0x0, 0x80d1}, 0x4008000)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
preadv(r1, &(0x7f0000002240)=[{&(0x7f0000000000)=""/93, 0x5d}], 0x1, 0x0, 0x0)
ioctl$NS_GET_USERNS(r1, 0xb701, 0x0)
ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000140)=""/4096)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0600000004000000ff0f0542783b00000000001837dedde042a0416775636834774475cd28aeff0085d02c84c2b2de709c637f3507f68af590420bf9fe6d583dc47603d1fc076e29276944ea12a341e1ec5604e7046ce9e8438760a9a9f7ed1d6694a16d288398a18b93dbf6f753e0b9b65f28172429814b2011dcb1c9d41d209a53677b3bb2fa2b5ac8d62fdf026b3cb1b80e7695bb8583f8245ed57340b2ab92f449849424a5c1a7e0692351303f593a86343979bc9a1e6f021641d237d2a2ce1f0d0837c967f62b8c905a7a56a7e87257619a4cd4d31bb81d9f5c5bbfdc97b9c171d1c6c0964097d6a94b41d65315be4a95a7f68aff52d9c5a460458db153e5332ce414c6cb5c7faa43bf2eb6899365d8dc22535aacfb5ea788ed6cf10b342bccbaf9ab6b48cb1f312ae6debccf669a6d5100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e000000000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r4, 0x0, &(0x7f0000000200)=""/76}, 0x20)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000001c0)={<r5=>0x0, @remote, @multicast2}, &(0x7f0000000200)=0xc)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
r7 = io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x572e, 0x2, 0x2, 0xfffffffe})
r8 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f0000001f80)={0x2020}, 0x2020)
r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000500), 0x200200, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1, <r10=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r11=>r0, {0x8}}, './file0\x00'})
r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000640)={0x0, 0x8, 0x8}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{0xffffffffffffffff, <r13=>0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x13, 0x25, &(0x7f0000001140)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x4, 0x8d, &(0x7f0000000400)=""/141, 0x41100, 0x10, '\x00', r5, @fallback=0x28, r6, 0x8, &(0x7f0000001140)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, &(0x7f0000000740)=[r9, r10, r11, r12, 0x1, r13, 0xffffffffffffffff], &(0x7f0000000780)=[{0x5, 0x1, 0xb, 0xa}, {0x3, 0x3, 0x8, 0x4}, {0x2, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x556389aa, 0x9}, {0x2, 0x3, 0x0, 0xc}, {0x5, 0x4, 0x5, 0x3}, {0x3, 0x5, 0x9, 0xc}], 0x10, 0x7, @void, @value}, 0x94)
r14 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r14, 0x11b, 0x6, &(0x7f0000000040)=0x100000, 0x4)
getsockopt$XDP_STATISTICS(r14, 0x11b, 0x8, &(0x7f0000000240), &(0x7f0000000280)=0x30)

7.671001776s ago: executing program 1 (id=955):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0x3, 0xe5, '\x00', 0x9})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="c4000000190001000000000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00100001"], 0xc4}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@flushpolicy={0x1c, 0x1d, 0x400, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r6}, 0x10)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r7, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)

7.627175671s ago: executing program 4 (id=956):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[])

7.55252939s ago: executing program 3 (id=957):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000006000000000000000000000071123a000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

5.198909464s ago: executing program 4 (id=958):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
pivot_root(0x0, 0x0)

5.180885028s ago: executing program 3 (id=959):
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$inet6_int(r2, 0x29, 0x6, 0x0, 0x2000000)

5.172616229s ago: executing program 1 (id=960):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x1000000}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)

5.091856963s ago: executing program 0 (id=961):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x80, 0x0, @local, 0x13}, 0x1c)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={0x0})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000000c0)=@mmap={0x1, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "bf631e4b"}})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)

4.848385735s ago: executing program 3 (id=962):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket(0xf, 0x2, 0x5)
unshare(0x400)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040))
ioctl(r3, 0x8b1a, &(0x7f0000000040))
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
accept4$bt_l2cap(r6, 0x0, 0x0, 0x0)
shutdown(r6, 0x1)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000002c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x3, 0x3, 0x47314356, [0x0, 0x8000000], [0x9200, 0x1]}}})
ioctl$VIDIOC_QBUF(r7, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})

4.61956819s ago: executing program 2 (id=963):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x24fc, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3}, &(0x7f0000000180), &(0x7f0000000140))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x54, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000240)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000100)={r2, 0x2})
socket(0x1d, 0x2, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0xfffffffffffff800}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6, 0x0, 0x2}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r10, 0x3b82, &(0x7f00000001c0)={0x18, 0x0, 0x0, 0x0, &(0x7f00000000c0)})

3.71072192s ago: executing program 0 (id=964):
socket$kcm(0xa, 0x5, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000700), 0x141000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x1, 0xffffffff}}}}}, 0x0)

3.632271631s ago: executing program 1 (id=965):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="3401000016008502000000000000000020010000000000000000000000000002e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0x134}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000280)="f33667f00fb01cb8000000000f23d80f21f835c00000600f23f8360f21de64640f79c166baa00066b8000066efc74424009fa00000c74424027a000000c7442406000000000f011424660f38826900b805000000b9724200000f01c166ba400066b8000066ef0f011f", 0x69}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
r4 = dup(r2)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r5, 0xae9a)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=@flushsa={0x14, 0x1c, 0x1, 0x0, 0x0, {0x27}}, 0x14}}, 0x0)

3.577779995s ago: executing program 0 (id=966):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020e00001000000000000000000000000300050000000000020000000a0101010000000000000000030006000000000002000002ac1e010100000000000000000800120000400200000000000000000006000000000000000200000000000000ff020000000000000000000000000001000000000000000000000000000000007e0ae7d124ff739f267a08d13d82f7df2d60240f88ba0824fa4fd24368fa2a1f4b9f80cf0e24e14969476b537707e34c5b5c2127f3444446b5edcd41975fee4972345e9b644a1c4ba8b9b9e1493085401e94cbb20e022b793f14875d9c150054596533885093f181ce1b48469d56fe9a272c1cf560"], 0x80}}, 0x0)
mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xdaa4, 0x7, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)

2.096574233s ago: executing program 2 (id=967):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.632969158s ago: executing program 3 (id=968):
socket(0xa, 0x3, 0x3a)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000300)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000400000014000200fc000000000000000000000000000000140006006272696467655f736c6176655f31000014000300fe88000000000000000000000000000129c42e74ab50cdb1388217734e96ab39b03d786b1197aa48ccf30b80a9357c742323f0dd2daec038bd82d3ced6d2b34e909701a841"], 0x50}}, 0x0)

1.455953046s ago: executing program 0 (id=969):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESHEX=r0, @ANYRES32=0x1, @ANYRESOCT=r0, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=r1, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000004000000000000000000000000000000beea09fcedb4f2340401e388d20b0000000096fcf1803f1a2514f3f1ed0948488efb382bf912ca34e141d0ead782cdba4d2095f37f6f0ef4f42be4"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = io_uring_setup(0xc34, &(0x7f0000000180)={0x0, 0xdd2f, 0x40, 0xffffffff})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400488d8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r3, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000001c0)={0x0, 0xc2, 0x7}, 0x8)
syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/ipc\x00')
close_range(r2, 0xffffffffffffffff, 0x0)

1.432571367s ago: executing program 2 (id=970):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[])

1.232388671s ago: executing program 1 (id=971):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, r1, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4c64}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}]}, 0x58}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x20040600)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0xb001, 0x4, 0x3d0, 0x1f8, 0x0, 0x1f8, 0x2e8, 0x2e8, 0x2e8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @private=0xa010100, @multicast2, 0x7, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x10b, 0x0, 0x2}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)

1.161336532s ago: executing program 2 (id=972):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, 0x0)

1.144205307s ago: executing program 4 (id=973):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'dummy0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'hsr0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x64, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x48, 0x33, @probe_request={{{}, {0x1}, @broadcast, @device_b}, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x1, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x100}, 0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x0)
syz_emit_ethernet(0x10b, &(0x7f0000000480)={@local, @remote, @val={@void, {0x8100, 0x7, 0x0, 0x4}}, {@x25={0x805, {0x1, 0x2, 0xf1, "e0b25327ae17cfd2233d507e5c020fc1ab4791b9fa0fa6a9b24ac0aa61cb3300d9c8a04eceae27396e912adc006b05bb7b8f4e2f163498330f267a150e2fa25338530fde97381ff468988ab767c0568f07d3ecc931c1a3332fc325694a7f5913394b626a6001cf6607204f0577491868044b19df2fdad0616b2ebcc391e943d391631de826c89d10f0c1595c391b9e6260f0c483a19aed472fdfdb0be3eb1ed21f54f171135459d2bfc4060647073a56e0cab953ec7c97c1df073a76b93f0a9c7416ce9b09100d97d0c78d14002d8156d7ac34053ddcf2ec9d89dee072aef83817d62b86750012b9bd71612d6b4ce244127ba63d6f3b"}}}}, &(0x7f0000000100)={0x0, 0x3, [0x15d, 0x269, 0x6d4, 0xd81]})
r8 = syz_open_dev$swradio(&(0x7f0000000200), 0x1, 0x2)
ioctl$VIDIOC_DQBUF(r8, 0xc0585611, &(0x7f0000000340)=@multiplanar_userptr={0x0, 0x9, 0x4, 0x0, 0x3, {}, {0x2, 0x2, 0x95, 0x9, 0xc6, 0x9, "81a1be9a"}, 0x8, 0x2, {&(0x7f00000000c0)=[{0x401, 0x9, {0x0}, 0x80}, {0x5, 0x0, {0x0}, 0x5}]}, 0x2})
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r9, &(0x7f0000001180)={0x2020}, 0x2020)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'dummy0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'hsr0\x00'}) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x64, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x48, 0x33, @probe_request={{{}, {0x1}, @broadcast, @device_b}, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x1, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x100}, 0x14) (async)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x0) (async)
syz_emit_ethernet(0x10b, &(0x7f0000000480)={@local, @remote, @val={@void, {0x8100, 0x7, 0x0, 0x4}}, {@x25={0x805, {0x1, 0x2, 0xf1, "e0b25327ae17cfd2233d507e5c020fc1ab4791b9fa0fa6a9b24ac0aa61cb3300d9c8a04eceae27396e912adc006b05bb7b8f4e2f163498330f267a150e2fa25338530fde97381ff468988ab767c0568f07d3ecc931c1a3332fc325694a7f5913394b626a6001cf6607204f0577491868044b19df2fdad0616b2ebcc391e943d391631de826c89d10f0c1595c391b9e6260f0c483a19aed472fdfdb0be3eb1ed21f54f171135459d2bfc4060647073a56e0cab953ec7c97c1df073a76b93f0a9c7416ce9b09100d97d0c78d14002d8156d7ac34053ddcf2ec9d89dee072aef83817d62b86750012b9bd71612d6b4ce244127ba63d6f3b"}}}}, &(0x7f0000000100)={0x0, 0x3, [0x15d, 0x269, 0x6d4, 0xd81]}) (async)
syz_open_dev$swradio(&(0x7f0000000200), 0x1, 0x2) (async)
ioctl$VIDIOC_DQBUF(r8, 0xc0585611, &(0x7f0000000340)=@multiplanar_userptr={0x0, 0x9, 0x4, 0x0, 0x3, {}, {0x2, 0x2, 0x95, 0x9, 0xc6, 0x9, "81a1be9a"}, 0x8, 0x2, {&(0x7f00000000c0)=[{0x401, 0x9, {0x0}, 0x80}, {0x5, 0x0, {0x0}, 0x5}]}, 0x2}) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
read$FUSE(r9, &(0x7f0000001180)={0x2020}, 0x2020) (async)

425.339132ms ago: executing program 0 (id=974):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x80, 0x0, @local, 0x13}, 0x1c)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={0x0})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "a730b801"}, 0x0, 0x1, {0x0}})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)

380.30678ms ago: executing program 3 (id=975):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x0, 0x10, 0x10, &(0x7f0000000080)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x30)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, &(0x7f0000000080)=0x4, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
io_uring_enter(r4, 0x8aa, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x24040880}, 0x44001)
socket$kcm(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f0000000100)={{@host, 0x4}, 0x1, 0x1, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$TCFLSH(r7, 0x400455c8, 0x2)
ioctl$TIOCSETD(r7, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040))
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000340))
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000240))
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000001c0))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000600)=ANY=[])

297.430414ms ago: executing program 1 (id=976):
socket$kcm(0xa, 0x5, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000700), 0x141000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x1, 0xffffffff}}}}}, 0x0)

296.967813ms ago: executing program 2 (id=977):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xfc, &(0x7f0000000000), &(0x7f0000000080)=0x4)
io_setup(0x3, &(0x7f0000001240))
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000001200)='wg2\x00', 0x4)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
recvfrom$x25(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0x20, &(0x7f00000011c0)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}}, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001280)={<r4=>0x0}, &(0x7f00000012c0)=0xc)
setpriority(0x1, r4, 0x80)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r8, 0x407, 0x0)
write$FUSE_INIT(r8, 0x0, 0x0)
fcntl$setpipe(r8, 0x407, 0x2000000)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

425.689µs ago: executing program 1 (id=978):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket(0xf, 0x2, 0x5)
unshare(0x400)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
writev(r5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r6, 0x8b2a, &(0x7f0000000040))
ioctl(r3, 0x8b1a, &(0x7f0000000040))
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
accept4$bt_l2cap(r7, 0x0, 0x0, 0x0)
shutdown(r7, 0x1)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f00000002c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x3, 0x3, 0x47314356, [0x0, 0x8000000], [0x9200, 0x1]}}})
ioctl$VIDIOC_QBUF(r8, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})

0s ago: executing program 4 (id=979):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020e00001000000000000000000000000300050000000000020000000a0101010000000000000000030006000000000002000002ac1e010100000000000000000800120000400200000000000000000006000000000000000200000000000000ff020000000000000000000000000001000000000000000000000000000000007e0ae7d124ff739f267a08d13d82f7df2d60240f88ba0824fa4fd24368fa2a1f4b9f80cf0e24e14969476b537707e34c5b5c2127f3444446b5edcd41975fee4972345e9b644a1c4ba8b9b9e1493085401e94cbb20e022b793f14875d9c150054596533885093f181ce1b48469d56fe9a272c1cf560"], 0x80}}, 0x0)
mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xdaa4, 0x7, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)

kernel console output (not intermixed with test programs):

410][ T5887] usb 5-1: USB disconnect, device number 5
[  160.593454][ T7090] TCP: request_sock_TCPv6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  160.632223][ T5888] rc_core: IR keymap rc-hauppauge not found
[  160.672960][ T5888] Registered IR keymap rc-empty
[  160.678795][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  160.737458][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  160.768797][ T5888] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  160.786353][ T5888] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input13
[  160.808901][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  160.971416][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  161.802346][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  161.822031][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  161.841878][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  161.882187][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  162.028427][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  162.052211][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  162.071798][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  162.081009][ T7106] netlink: 'syz.4.328': attribute type 4 has an invalid length.
[  162.227325][ T5888] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  163.090699][ T5888] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  163.100120][ T5888] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  163.118108][ T5888] usb 3-1: USB disconnect, device number 11
[  163.233561][   T29] audit: type=1326 audit(1732256278.507:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7117 comm="syz.2.331" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x0
[  163.451962][ T5916] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  163.611878][ T5888] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  163.638780][ T5916] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  163.666416][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.716942][ T5916] usb 1-1: config 0 descriptor??
[  163.911933][ T5888] usb 3-1: Using ep0 maxpacket: 16
[  164.885152][   T12] wlan1: Trigger new scan to find an IBSS to join
[  164.938398][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  165.480519][ T5888] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  165.490615][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.499532][ T5888] usb 3-1: Product: syz
[  165.504132][ T5888] usb 3-1: Manufacturer: syz
[  165.508786][ T5888] usb 3-1: SerialNumber: syz
[  165.516994][ T5888] usb 3-1: config 0 descriptor??
[  165.523099][ T5916] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  165.533573][ T5916] asix 1-1:0.0: probe with driver asix failed with error -32
[  165.544522][ T5888] hub 3-1:0.0: bad descriptor, ignoring hub
[  165.550490][ T5888] hub 3-1:0.0: probe with driver hub failed with error -5
[  165.562396][ T7140] netlink: 'syz.1.338': attribute type 3 has an invalid length.
[  165.570635][ T7140] netlink: 666 bytes leftover after parsing attributes in process `syz.1.338'.
[  165.577398][ T5888] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input14
[  165.810453][ T7148] 
@�: renamed from veth0_vlan (while UP)
[  166.798762][ T5837] Bluetooth: hci3: SCO packet for unknown connection handle 3672
[  167.190614][ T6369] wlan1: Creating new IBSS network, BSSID 3e:d6:aa:5b:b8:7d
[  167.416307][ T7166] netlink: 'syz.3.343': attribute type 4 has an invalid length.
[  167.932255][ T5885] usb 1-1: USB disconnect, device number 7
[  168.432543][    T8] usb 3-1: USB disconnect, device number 12
[  169.788174][ T5885] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  169.971471][ T5885] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  170.077858][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.412223][ T5885] usb 3-1: Product: syz
[  170.416456][ T5885] usb 3-1: Manufacturer: syz
[  170.421081][ T5885] usb 3-1: SerialNumber: syz
[  170.438368][ T5885] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  170.478361][ T5886] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  170.484825][ T7208] netlink: 'syz.4.356': attribute type 4 has an invalid length.
[  170.962231][ T7193] netlink: 132 bytes leftover after parsing attributes in process `syz.2.351'.
[  170.991650][    T8] usb 3-1: USB disconnect, device number 13
[  171.019170][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  171.602485][ T5886] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  171.621788][ T5886] ath9k_htc: Failed to initialize the device
[  171.932315][ T5888] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  172.154812][ T5888] usb 1-1: device descriptor read/64, error -71
[  172.308190][    T8] usb 3-1: ath9k_htc: USB layer deinitialized
[  172.359889][ T7223] FAULT_INJECTION: forcing a failure.
[  172.359889][ T7223] name failslab, interval 1, probability 0, space 0, times 0
[  172.379371][ T7223] CPU: 1 UID: 0 PID: 7223 Comm: syz.4.360 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  172.389661][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  172.399738][ T7223] Call Trace:
[  172.403043][ T7223]  <TASK>
[  172.405989][ T7223]  dump_stack_lvl+0x241/0x360
[  172.410689][ T7223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.415904][ T7223]  ? __pfx__printk+0x10/0x10
[  172.420517][ T7223]  ? __kmalloc_node_noprof+0xb7/0x440
[  172.425912][ T7223]  ? __pfx___might_resched+0x10/0x10
[  172.431225][ T7223]  should_fail_ex+0x3b0/0x4e0
[  172.435928][ T7223]  should_failslab+0xac/0x100
[  172.440613][ T7223]  __kmalloc_node_noprof+0xdf/0x440
[  172.445810][ T7223]  ? __kvmalloc_node_noprof+0x72/0x190
[  172.451262][ T7223]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  172.456724][ T7223]  __kvmalloc_node_noprof+0x72/0x190
[  172.462020][ T7223]  alloc_netdev_mqs+0xa4/0x1080
[  172.466881][ T7223]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  172.472339][ T7223]  ? read_word_at_a_time+0xe/0x20
[  172.477356][ T7223]  ? sized_strscpy+0x8d/0x220
[  172.482031][ T7223]  ip6_tnl_locate+0x607/0x820
[  172.486713][ T7223]  ? __pfx_ip6_tnl_locate+0x10/0x10
[  172.491911][ T7223]  ? __might_fault+0xc6/0x120
[  172.496579][ T7223]  ? ip6_tnl_siocdevprivate+0x9c3/0x1700
[  172.502215][ T7223]  ip6_tnl_siocdevprivate+0x9e9/0x1700
[  172.507682][ T7223]  ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10
[  172.513579][ T7223]  ? trace_contention_end+0x3c/0x120
[  172.518871][ T7223]  ? __pfx_lock_acquire+0x10/0x10
[  172.523889][ T7223]  ? full_name_hash+0x93/0xe0
[  172.528567][ T7223]  dev_ifsioc+0xaec/0xe70
[  172.532897][ T7223]  ? __pfx_dev_ifsioc+0x10/0x10
[  172.537744][ T7223]  ? dev_load+0x21/0x1f0
[  172.541984][ T7223]  dev_ioctl+0x881/0x1340
[  172.546312][ T7223]  sock_ioctl+0x7ef/0x8e0
[  172.550639][ T7223]  ? __pfx_sock_ioctl+0x10/0x10
[  172.555496][ T7223]  ? __pfx_sock_ioctl+0x10/0x10
[  172.560345][ T7223]  __se_sys_ioctl+0xf5/0x170
[  172.564937][ T7223]  do_syscall_64+0xf3/0x230
[  172.569435][ T7223]  ? clear_bhb_loop+0x35/0x90
[  172.574129][ T7223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.580027][ T7223] RIP: 0033:0x7f0d6117e819
[  172.584460][ T7223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.604084][ T7223] RSP: 002b:00007f0d61e93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  172.612506][ T7223] RAX: ffffffffffffffda RBX: 00007f0d61335fa0 RCX: 00007f0d6117e819
[  172.620473][ T7223] RDX: 0000000020000080 RSI: 00000000000089f1 RDI: 0000000000000003
[  172.628440][ T7223] RBP: 00007f0d61e93090 R08: 0000000000000000 R09: 0000000000000000
[  172.636405][ T7223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.644371][ T7223] R13: 0000000000000000 R14: 00007f0d61335fa0 R15: 00007ffe5b59e678
[  172.652348][ T7223]  </TASK>
[  172.690242][   T29] audit: type=1326 audit(1732256287.967:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7224 comm="syz.2.361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x0
[  172.732012][ T5888] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  172.962011][ T5888] usb 1-1: device descriptor read/64, error -71
[  173.112536][ T5888] usb usb1-port1: attempt power cycle
[  173.119698][ T5886] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  173.281862][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  173.290798][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  173.314475][ T5886] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  173.324297][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.336427][ T5886] usb 3-1: Product: syz
[  173.341205][ T5886] usb 3-1: Manufacturer: syz
[  173.547541][ T5886] usb 3-1: SerialNumber: syz
[  173.669699][ T5886] usb 3-1: config 0 descriptor??
[  173.706359][ T5886] hub 3-1:0.0: bad descriptor, ignoring hub
[  173.814161][ T5886] hub 3-1:0.0: probe with driver hub failed with error -5
[  174.083552][ T5886] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input15
[  174.233605][ T5888] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  174.262523][ T5888] usb 1-1: device descriptor read/8, error -71
[  176.793089][ T5916] usb 3-1: USB disconnect, device number 14
[  177.061403][ T7263] netlink: 'syz.3.370': attribute type 4 has an invalid length.
[  178.730494][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.372'.
[  182.562411][ T7293] netlink: 'syz.0.378': attribute type 4 has an invalid length.
[  183.085130][   T29] audit: type=1326 audit(1732256298.367:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7310 comm="syz.4.382" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d6117e819 code=0x0
[  183.421874][ T5886] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  183.592762][ T5886] usb 5-1: Using ep0 maxpacket: 16
[  183.620491][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  183.645971][ T5886] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  183.680835][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.717035][ T5886] usb 5-1: Product: syz
[  183.734138][ T5886] usb 5-1: Manufacturer: syz
[  183.738784][ T5886] usb 5-1: SerialNumber: syz
[  183.986990][ T5886] usb 5-1: config 0 descriptor??
[  184.743308][ T5886] hub 5-1:0.0: bad descriptor, ignoring hub
[  184.749314][ T5886] hub 5-1:0.0: probe with driver hub failed with error -5
[  184.759001][ T5886] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input16
[  185.021041][   T52] wlan1: Trigger new scan to find an IBSS to join
[  185.058176][ T7318] 
@�: renamed from veth0_vlan (while UP)
[  187.260075][ T5886] usb 5-1: USB disconnect, device number 6
[  187.301207][ T7359] netlink: 'syz.1.394': attribute type 4 has an invalid length.
[  188.568099][ T5887] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  189.553763][ T5887] usb 3-1: Using ep0 maxpacket: 8
[  189.574204][ T5887] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  189.584595][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.188955][ T5887] usb 3-1: config 0 descriptor??
[  190.265367][ T6369] wlan1: Trigger new scan to find an IBSS to join
[  191.013288][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  191.247865][ T7395] 
: renamed from bond0 (while UP)
[  191.411619][ T7403] pim6reg: entered allmulticast mode
[  191.422384][ T5888] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  191.446558][ T7402] pim6reg: left allmulticast mode
[  191.584827][ T5888] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.595692][ T5888] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.609955][ T5888] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  191.622656][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.630825][ T5888] usb 5-1: Product: syz
[  191.635128][ T5888] usb 5-1: Manufacturer: syz
[  191.639823][ T5888] usb 5-1: SerialNumber: syz
[  191.658180][   T35] wlan1: Creating new IBSS network, BSSID e6:aa:37:2d:95:62
[  191.667359][ T5888] usb 5-1: bad CDC descriptors
[  191.686273][ T5916] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  191.736460][ T7410] netlink: 'syz.0.411': attribute type 16 has an invalid length.
[  191.744612][ T7410] netlink: 'syz.0.411': attribute type 17 has an invalid length.
[  191.852949][  T970] usb 5-1: USB disconnect, device number 7
[  191.863511][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  191.875043][ T5916] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  191.884368][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=70, SerialNumber=3
[  191.893154][ T5916] usb 4-1: Product: syz
[  191.897673][ T5916] usb 4-1: Manufacturer: syz
[  191.903217][ T5916] usb 4-1: SerialNumber: syz
[  191.910268][ T5916] usb 4-1: config 0 descriptor??
[  192.042471][ T5888] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  192.292506][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  192.299101][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  192.307214][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  192.313804][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  192.316671][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  192.323146][ T7405] tipc: Started in network mode
[  192.335504][ T7405] tipc: Node identity ac1414aa, cluster identity 4711
[  192.350374][ T7405] tipc: Enabled bearer <udp:s>, priority 10
[  192.399078][ T5916] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  192.407899][ T5888] usb 1-1: Using ep0 maxpacket: 16
[  192.427865][ T5916] usb 4-1: setting power ON
[  192.434082][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.445721][ T5916] dvb-usb: bulk message failed: -22 (2/0)
[  192.457254][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.476301][ T5916] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  192.488600][ T5888] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  192.506690][ T5916] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  192.519661][ T5888] usb 1-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  192.565221][ T5887] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  192.582149][ T5916] usb 4-1: media controller created
[  192.602147][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.609591][ T5887] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  192.629621][ T5888] usb 1-1: config 0 descriptor??
[  192.637076][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  192.653735][ T5887] asix 3-1:0.0: probe with driver asix failed with error -71
[  192.729673][ T5916] usb 4-1: selecting invalid altsetting 6
[  192.746729][ T5916] usb 4-1: digital interface selection failed (-22)
[  192.773394][ T5916] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  192.811896][ T5916] usb 4-1: setting power OFF
[  192.827026][ T5916] dvb-usb: bulk message failed: -22 (2/0)
[  192.863438][ T5887] usb 3-1: USB disconnect, device number 15
[  192.889081][ T5916] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  192.906198][ T5916] (NULL device *): no alternate interface
[  193.382584][ T7410] bpf: Bad value for 'uid'
[  193.780468][  T970] tipc: Node number set to 2886997162
[  193.877515][ T5888] nti 0003:0757:0A00.0004: item fetching failed at offset 2/5
[  194.021754][ T5888] nti 0003:0757:0A00.0004: probe with driver nti failed with error -22
[  194.301975][   T52] wlan1: Trigger new scan to find an IBSS to join
[  194.353119][ T5888] usb 1-1: USB disconnect, device number 12
[  194.366497][ T5916] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  194.381030][ T5916] usb 4-1: USB disconnect, device number 9
[  194.483158][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  195.365929][   T52] wlan1: Creating new IBSS network, BSSID 6e:09:55:0d:bd:a9
[  195.493528][ T7449] syz.0.425 uses old SIOCAX25GETINFO
[  195.548851][ T7452] : renamed from ipvlan1
[  195.572463][ T7455] netlink: 'syz.3.426': attribute type 4 has an invalid length.
[  195.658725][   T54] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  195.668845][   T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  195.679220][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  195.689311][   T54] Workqueue: hci3 hci_rx_work
[  195.694034][   T54] Call Trace:
[  195.697317][   T54]  <TASK>
[  195.700273][   T54]  dump_stack_lvl+0x241/0x360
[  195.704948][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.710166][   T54]  ? __pfx__printk+0x10/0x10
[  195.714754][   T54]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  195.720029][   T54]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  195.725603][   T54]  sysfs_create_dir_ns+0x2ce/0x3a0
[  195.730757][   T54]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  195.736434][   T54]  kobject_add_internal+0x435/0x8d0
[  195.741669][   T54]  kobject_add+0x152/0x220
[  195.746118][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  195.751391][   T54]  ? device_add+0x3e7/0xbf0
[  195.755904][   T54]  ? __pfx_kobject_add+0x10/0x10
[  195.760841][   T54]  ? _raw_spin_unlock+0x28/0x50
[  195.765714][   T54]  ? get_device_parent+0x165/0x410
[  195.770826][   T54]  device_add+0x4e5/0xbf0
[  195.775173][   T54]  hci_conn_add_sysfs+0xe8/0x200
[  195.780139][   T54]  le_conn_complete_evt+0xc9f/0x12e0
[  195.785441][   T54]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  195.791167][   T54]  ? __mutex_unlock_slowpath+0x21e/0x790
[  195.796802][   T54]  ? __pfx___mutex_lock+0x10/0x10
[  195.801838][   T54]  ? skb_pull_data+0x112/0x230
[  195.806628][   T54]  hci_le_conn_complete_evt+0x18c/0x420
[  195.812183][   T54]  hci_event_packet+0xa55/0x1540
[  195.817224][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  195.822518][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  195.827902][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  195.833109][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  195.838306][   T54]  ? kcov_remote_start+0x97/0x7d0
[  195.843338][   T54]  hci_rx_work+0x3f3/0xdb0
[  195.847769][   T54]  ? process_scheduled_works+0x976/0x1850
[  195.853491][   T54]  process_scheduled_works+0xa63/0x1850
[  195.859089][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  195.865075][   T54]  ? assign_work+0x364/0x3d0
[  195.869671][   T54]  worker_thread+0x870/0xd30
[  195.874278][   T54]  ? __kthread_parkme+0x169/0x1d0
[  195.879339][   T54]  ? __pfx_worker_thread+0x10/0x10
[  195.884470][   T54]  kthread+0x2f0/0x390
[  195.888549][   T54]  ? __pfx_worker_thread+0x10/0x10
[  195.893675][   T54]  ? __pfx_kthread+0x10/0x10
[  195.898280][   T54]  ret_from_fork+0x4b/0x80
[  195.902728][   T54]  ? __pfx_kthread+0x10/0x10
[  195.907340][   T54]  ret_from_fork_asm+0x1a/0x30
[  195.912122][   T54]  </TASK>
[  195.915154][    C1] vkms_vblank_simulate: vblank timer overrun
[  195.924135][   T54] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  195.939281][   T54] Bluetooth: hci3: failed to register connection device
[  195.981915][ T5916] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  196.299616][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.532267][ T5916] usb 5-1: New USB device found, idVendor=0c70, idProduct=f001, bcdDevice= 0.00
[  196.636808][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.665945][ T5916] usb 5-1: config 0 descriptor??
[  197.236319][ T6369] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  197.243555][ T5916] aquacomputer_d5next 0003:0C70:F001.0005: hidraw0: USB HID v0.00 Device [HID 0c70:f001] on usb-dummy_hcd.4-1/input0
[  197.510598][ T7479] FAULT_INJECTION: forcing a failure.
[  197.510598][ T7479] name failslab, interval 1, probability 0, space 0, times 0
[  197.551296][ T2145] usb 5-1: USB disconnect, device number 8
[  197.577921][ T7479] CPU: 1 UID: 0 PID: 7479 Comm: syz.3.433 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  197.588253][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  197.598335][ T7479] Call Trace:
[  197.601628][ T7479]  <TASK>
[  197.604585][ T7479]  dump_stack_lvl+0x241/0x360
[  197.609295][ T7479]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.614518][ T7479]  ? __pfx__printk+0x10/0x10
[  197.619143][ T7479]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  197.624637][ T7479]  ? __pfx___might_resched+0x10/0x10
[  197.629958][ T7479]  should_fail_ex+0x3b0/0x4e0
[  197.634666][ T7479]  should_failslab+0xac/0x100
[  197.639374][ T7479]  ? snd_pcm_oss_change_params_locked+0x13f/0x3d60
[  197.645901][ T7479]  __kmalloc_cache_noprof+0x6c/0x2c0
[  197.651258][ T7479]  ? __mutex_trylock_common+0x183/0x2e0
[  197.656834][ T7479]  snd_pcm_oss_change_params_locked+0x13f/0x3d60
[  197.663211][ T7479]  ? __pfx___mutex_trylock_common+0x10/0x10
[  197.669132][ T7479]  ? rcu_is_watching+0x15/0xb0
[  197.673928][ T7479]  ? trace_contention_end+0x3c/0x120
[  197.679239][ T7479]  ? __mutex_lock+0x37f/0xee0
[  197.683939][ T7479]  ? trace_contention_end+0x3c/0x120
[  197.689246][ T7479]  ? __mutex_lock+0x37f/0xee0
[  197.693939][ T7479]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  197.700737][ T7479]  ? __mutex_unlock_slowpath+0x21e/0x790
[  197.706376][ T7479]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  197.712363][ T7479]  snd_pcm_oss_get_active_substream+0x1cc/0x280
[  197.718605][ T7479]  snd_pcm_oss_set_channels+0x23b/0x5c0
[  197.724161][ T7479]  ? __pfx_snd_pcm_oss_set_channels+0x10/0x10
[  197.730225][ T7479]  ? __might_fault+0xaa/0x120
[  197.734915][ T7479]  ? __might_fault+0xc6/0x120
[  197.739618][ T7479]  snd_pcm_oss_ioctl+0xea6/0xff0
[  197.744569][ T7479]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  197.750044][ T7479]  ? __fget_files+0x2a/0x410
[  197.754650][ T7479]  ? __fget_files+0x2a/0x410
[  197.759257][ T7479]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  197.764720][ T7479]  __se_sys_ioctl+0xf5/0x170
[  197.769318][ T7479]  do_syscall_64+0xf3/0x230
[  197.773860][ T7479]  ? clear_bhb_loop+0x35/0x90
[  197.778537][ T7479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.784437][ T7479] RIP: 0033:0x7fde17d7e819
[  197.788851][ T7479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.808470][ T7479] RSP: 002b:00007fde18b78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  197.816899][ T7479] RAX: ffffffffffffffda RBX: 00007fde17f35fa0 RCX: 00007fde17d7e819
[  197.824879][ T7479] RDX: 0000000020000040 RSI: 00000000c0045003 RDI: 0000000000000003
[  197.832866][ T7479] RBP: 00007fde18b78090 R08: 0000000000000000 R09: 0000000000000000
[  197.840850][ T7479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.848823][ T7479] R13: 0000000000000000 R14: 00007fde17f35fa0 R15: 00007ffe075a4de8
[  197.856812][ T7479]  </TASK>
[  197.859993][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.081793][ T5916] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  199.269130][ T5916] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[  199.301929][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  199.381752][ T5916] usb 1-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00
[  200.131766][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.386062][ T7506] FAULT_INJECTION: forcing a failure.
[  200.386062][ T7506] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.403056][ T7506] CPU: 1 UID: 0 PID: 7506 Comm: syz.4.441 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  200.413343][ T7506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  200.423581][ T7506] Call Trace:
[  200.426890][ T7506]  <TASK>
[  200.429914][ T7506]  dump_stack_lvl+0x241/0x360
[  200.434609][ T7506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.439815][ T7506]  ? __pfx__printk+0x10/0x10
[  200.444433][ T7506]  should_fail_ex+0x3b0/0x4e0
[  200.449129][ T7506]  _copy_to_user+0x31/0xb0
[  200.453565][ T7506]  bpf_verifier_vlog+0x31e/0x860
[  200.458522][ T7506]  __btf_verifier_log+0xd5/0x120
[  200.463479][ T7506]  ? bpf_verifier_vlog+0x5e9/0x860
[  200.468599][ T7506]  ? __pfx___btf_verifier_log+0x10/0x10
[  200.474171][ T7506]  ? btf_parse_hdr+0x1e3/0x710
[  200.478958][ T7506]  btf_parse_hdr+0x377/0x710
[  200.483587][ T7506]  btf_new_fd+0x391/0xd30
[  200.487948][ T7506]  ? __pfx_btf_new_fd+0x10/0x10
[  200.492912][ T7506]  ? bpf_btf_load+0xcf/0x1a0
[  200.497529][ T7506]  __sys_bpf+0x6ef/0x810
[  200.501789][ T7506]  ? __pfx___sys_bpf+0x10/0x10
[  200.506585][ T7506]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  200.512583][ T7506]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  200.518926][ T7506]  ? do_syscall_64+0x100/0x230
[  200.523709][ T7506]  __x64_sys_bpf+0x7c/0x90
[  200.528141][ T7506]  do_syscall_64+0xf3/0x230
[  200.532666][ T7506]  ? clear_bhb_loop+0x35/0x90
[  200.537361][ T7506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.543274][ T7506] RIP: 0033:0x7f0d6117e819
[  200.547715][ T7506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.567345][ T7506] RSP: 002b:00007f0d61e93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  200.575782][ T7506] RAX: ffffffffffffffda RBX: 00007f0d61335fa0 RCX: 00007f0d6117e819
[  200.583859][ T7506] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 0000000000000012
[  200.591861][ T7506] RBP: 00007f0d61e93090 R08: 0000000000000000 R09: 0000000000000000
[  200.599871][ T7506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  200.607874][ T7506] R13: 0000000000000000 R14: 00007f0d61335fa0 R15: 00007ffe5b59e678
[  200.615973][ T7506]  </TASK>
[  200.622104][ T5916] usb 1-1: config 0 descriptor??
[  200.706578][ T7502] sp0: Synchronizing with TNC
[  200.786255][ T7511] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  201.033364][ T5916] appletouch 1-1:0.0: Geyser mode initialized.
[  201.070581][ T5916] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input17
[  201.170435][   T29] audit: type=1326 audit(1732256316.447:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  201.640947][   T29] audit: type=1326 audit(1732256316.447:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  201.705283][   T29] audit: type=1326 audit(1732256316.447:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  201.795904][   T29] audit: type=1326 audit(1732256316.447:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  201.851961][   T29] audit: type=1326 audit(1732256316.447:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  201.949018][   T29] audit: type=1326 audit(1732256316.447:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  202.090273][   T29] audit: type=1326 audit(1732256316.447:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  202.185562][ T7529] 
: renamed from bond0 (while UP)
[  202.357957][   T29] audit: type=1326 audit(1732256316.447:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7512 comm="syz.2.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x7ffc0000
[  202.435139][ T5916] usb 1-1: USB disconnect, device number 13
[  202.435265][    C1] appletouch 1-1:0.0: atp_complete: usb_submit_urb failed with result -19
[  202.605172][ T5916] appletouch 1-1:0.0: input: appletouch disconnected
[  202.730275][   T29] audit: type=1326 audit(1732256318.007:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7534 comm="syz.0.449" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd89437e819 code=0x0
[  202.771523][ T7547] FAULT_INJECTION: forcing a failure.
[  202.771523][ T7547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.785564][ T7547] CPU: 0 UID: 0 PID: 7547 Comm: syz.1.453 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  202.795863][ T7547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  202.805925][ T7547] Call Trace:
[  202.809201][ T7547]  <TASK>
[  202.812126][ T7547]  dump_stack_lvl+0x241/0x360
[  202.816812][ T7547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.822005][ T7547]  ? __pfx__printk+0x10/0x10
[  202.826604][ T7547]  ? snprintf+0xda/0x120
[  202.830852][ T7547]  should_fail_ex+0x3b0/0x4e0
[  202.835533][ T7547]  _copy_to_user+0x31/0xb0
[  202.839946][ T7547]  simple_read_from_buffer+0xca/0x150
[  202.845324][ T7547]  proc_fail_nth_read+0x1e9/0x250
[  202.850345][ T7547]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.855905][ T7547]  ? rw_verify_area+0x55e/0x6f0
[  202.860759][ T7547]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.866319][ T7547]  vfs_read+0x1fc/0xb70
[  202.870481][ T7547]  ? __pfx___mutex_lock+0x10/0x10
[  202.875504][ T7547]  ? __pfx_vfs_read+0x10/0x10
[  202.880184][ T7547]  ? __fget_files+0x2a/0x410
[  202.884779][ T7547]  ? __fget_files+0x395/0x410
[  202.889465][ T7547]  ? __fget_files+0x2a/0x410
[  202.894083][ T7547]  ksys_read+0x18f/0x2b0
[  202.898325][ T7547]  ? __pfx_ksys_read+0x10/0x10
[  202.903086][ T7547]  ? do_syscall_64+0x100/0x230
[  202.907871][ T7547]  ? do_syscall_64+0xb6/0x230
[  202.912557][ T7547]  do_syscall_64+0xf3/0x230
[  202.917057][ T7547]  ? clear_bhb_loop+0x35/0x90
[  202.921740][ T7547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.927697][ T7547] RIP: 0033:0x7f5a28f7d25c
[  202.932120][ T7547] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  202.951747][ T7547] RSP: 002b:00007f5a29cb2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  202.960181][ T7547] RAX: ffffffffffffffda RBX: 00007f5a29135fa0 RCX: 00007f5a28f7d25c
[  202.968159][ T7547] RDX: 000000000000000f RSI: 00007f5a29cb20a0 RDI: 0000000000000004
[  202.976130][ T7547] RBP: 00007f5a29cb2090 R08: 0000000000000000 R09: 0000000000000010
[  202.984102][ T7547] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[  202.992074][ T7547] R13: 0000000000000000 R14: 00007f5a29135fa0 R15: 00007ffca1357d58
[  203.000053][ T7547]  </TASK>
[  203.093458][   T67] wlan1: Trigger new scan to find an IBSS to join
[  203.174418][ T5840] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  203.183159][ T5840] Bluetooth: hci4: Injecting HCI hardware error event
[  203.192766][ T5840] Bluetooth: hci4: hardware error 0x00
[  205.504145][ T5887] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  206.441261][ T5840] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  206.541815][ T5887] usb 1-1: Using ep0 maxpacket: 16
[  206.558932][ T5887] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  206.568572][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.582983][ T5887] usb 1-1: Product: syz
[  206.587261][ T5887] usb 1-1: Manufacturer: syz
[  206.592128][ T5887] usb 1-1: SerialNumber: syz
[  206.602201][ T5887] usb 1-1: config 0 descriptor??
[  206.611854][ T5887] visor 1-1:0.0: Sony Clie 3.5 converter detected
[  206.814460][ T7565] netlink: 8 bytes leftover after parsing attributes in process `syz.0.459'.
[  207.642841][ T5887] usb 1-1: Sony Clie 3.5 converter now attached to ttyUSB0
[  207.718014][ T5887] usb 1-1: USB disconnect, device number 14
[  207.729837][ T5887] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0
[  207.758797][ T5887] visor 1-1:0.0: device disconnected
[  208.057621][ T7584] syz.3.464: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  208.076301][ T7584] CPU: 0 UID: 0 PID: 7584 Comm: syz.3.464 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  208.086574][ T7584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  208.096640][ T7584] Call Trace:
[  208.099945][ T7584]  <TASK>
[  208.102901][ T7584]  dump_stack_lvl+0x241/0x360
[  208.107607][ T7584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.112833][ T7584]  ? __pfx__printk+0x10/0x10
[  208.117463][ T7584]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  208.123910][ T7584]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  208.130451][ T7584]  warn_alloc+0x278/0x410
[  208.134811][ T7584]  ? __pfx_warn_alloc+0x10/0x10
[  208.139694][ T7584]  ? translate_table+0x174/0x2260
[  208.144751][ T7584]  ? __get_vm_area_node+0x23d/0x270
[  208.149974][ T7584]  __vmalloc_node_range_noprof+0x691/0x13f0
[  208.155889][ T7584]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  208.161662][ T7584]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  208.168015][ T7584]  ? rcu_is_watching+0x15/0xb0
[  208.170094][ T7603] loop6: detected capacity change from 0 to 524287999
[  208.172789][ T7584]  ? trace_kmalloc+0x1f/0xd0
[  208.172818][ T7584]  ? __kmalloc_node_noprof+0x247/0x440
[  208.172843][ T7584]  ? __kvmalloc_node_noprof+0x72/0x190
[  208.172865][ T7584]  __kvmalloc_node_noprof+0x142/0x190
[  208.172885][ T7584]  ? translate_table+0x174/0x2260
[  208.172908][ T7584]  translate_table+0x174/0x2260
[  208.210438][ T7584]  ? __pfx_translate_table+0x10/0x10
[  208.215750][ T7584]  ? __might_fault+0xaa/0x120
[  208.220453][ T7584]  ? __pfx_lock_release+0x10/0x10
[  208.225510][ T7584]  ? __might_fault+0xaa/0x120
[  208.226268][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.230189][ T7584]  ? __might_fault+0xc6/0x120
[  208.239700][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.244051][ T7584]  ? _copy_from_user+0x99/0xc0
[  208.244087][ T7584]  ? copy_from_sockptr_offset+0x6b/0xb0
[  208.244111][ T7584]  do_ipt_set_ctl+0xe3d/0x1250
[  208.267009][ T7584]  ? __pfx___mutex_trylock_common+0x10/0x10
[  208.272950][ T7584]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  208.278173][ T7584]  ? __pfx_lock_release+0x10/0x10
[  208.283198][ T7584]  ? rcu_is_watching+0x15/0xb0
[  208.287977][ T7584]  ? trace_contention_end+0x3c/0x120
[  208.293281][ T7584]  ? __mutex_unlock_slowpath+0x21e/0x790
[  208.298938][ T7584]  ? __pfx___mutex_lock+0x10/0x10
[  208.303985][ T7584]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  208.310002][ T7584]  nf_setsockopt+0x295/0x2c0
[  208.314630][ T7584]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  208.320581][ T7584]  do_sock_setsockopt+0x3af/0x720
[  208.325640][ T7584]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  208.331215][ T7584]  ? __fget_files+0x395/0x410
[  208.335920][ T7584]  ? __fget_files+0x2a/0x410
[  208.340547][ T7584]  __x64_sys_setsockopt+0x1ee/0x280
[  208.345782][ T7584]  do_syscall_64+0xf3/0x230
[  208.350310][ T7584]  ? clear_bhb_loop+0x35/0x90
[  208.355012][ T7584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.360941][ T7584] RIP: 0033:0x7fde17d7e819
[  208.365466][ T7584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.385094][ T7584] RSP: 002b:00007fde18b78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  208.393538][ T7584] RAX: ffffffffffffffda RBX: 00007fde17f35fa0 RCX: 00007fde17d7e819
[  208.401522][ T7584] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[  208.409485][ T7584] RBP: 00007fde17df175e R08: 0000000000000268 R09: 0000000000000000
[  208.417459][ T7584] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000000
[  208.425448][ T7584] R13: 0000000000000000 R14: 00007fde17f35fa0 R15: 00007ffe075a4de8
[  208.433455][ T7584]  </TASK>
[  208.448667][ T7584] Mem-Info:
[  208.451949][ T7584] active_anon:321 inactive_anon:24044 isolated_anon:0
[  208.451949][ T7584]  active_file:4921 inactive_file:44725 isolated_file:0
[  208.451949][ T7584]  unevictable:768 dirty:179 writeback:0
[  208.451949][ T7584]  slab_reclaimable:9955 slab_unreclaimable:98642
[  208.451949][ T7584]  mapped:32868 shmem:20699 pagetables:835
[  208.451949][ T7584]  sec_pagetables:0 bounce:0
[  208.451949][ T7584]  kernel_misc_reclaimable:0
[  208.451949][ T7584]  free:1293547 free_pcp:225 free_cma:0
[  208.512032][ T7584] Node 0 active_anon:1284kB inactive_anon:96076kB active_file:19608kB inactive_file:178900kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131472kB dirty:716kB writeback:0kB shmem:81260kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11312kB pagetables:3340kB sec_pagetables:0kB all_unreclaimable? no
[  208.513296][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.553977][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.568627][ T7584] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  208.599987][ T7584] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  208.628355][ T7584] lowmem_reserve[]: 0 2463 2464 0 0
[  208.646375][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.655653][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.667736][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.677005][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.690752][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.693509][ T7584] Node 0 
[  208.699998][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.706402][ T7584] DMA32 free:1250160kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:1380kB inactive_anon:95244kB active_file:19092kB inactive_file:178848kB unevictable:1536kB writepending:716kB present:3129332kB managed:2550488kB mlocked:0kB bounce:0kB free_pcp:1648kB local_pcp:744kB free_cma:0kB
[  208.722582][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.750075][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.763878][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.773153][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.796977][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.806266][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.820849][ T7603] ldm_validate_partition_table(): Disk read failed.
[  208.828350][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.837705][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.854512][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  208.863749][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  208.878635][ T7603] Dev loop6: unable to read RDB block 0
[  208.885932][ T7603]  loop6: unable to read partition table
[  208.903355][ T7603] loop_reread_partitions: partition scan of loop6 (�����Ǵ�CP'O�Q�=}m�=@4r�(Uk+Z�� 4��>��F�1�������ԙ�1��) failed (rc=-5)
[  208.928243][ T7584] lowmem_reserve[]: 0 0 0 0 0
[  208.937325][ T7584] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:516kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:624kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB
[  208.965352][ T7584] lowmem_reserve[]: 0 0 0 0 0
[  208.973227][ T7584] Node 1 Normal free:3909584kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:136kB local_pcp:136kB free_cma:0kB
[  208.977275][ T7605] ldm_validate_partition_table(): Disk read failed.
[  209.002897][ T7584] lowmem_reserve[]: 0 0 0 0 0
[  209.015878][   T67] wlan1: Trigger new scan to find an IBSS to join
[  209.017030][ T7584] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  209.047115][ T7584] Node 0 DMA32: 2*4kB (ME) 6*8kB (ME) 20*16kB (UE) 6*32kB (E) 7*64kB (UE) 32*128kB (UME) 20*256kB (UME) 12*512kB (UME) 3*1024kB (UME) 3*2048kB (UME) 295*4096kB (M) = 1233912kB
[  209.083943][ T7584] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  209.142448][   T67] wlan1: Trigger new scan to find an IBSS to join
[  209.149357][ T7584] Node 1 Normal: 212*4kB (UM) 56*8kB (UME) 56*16kB (UME) 214*32kB (UME) 106*64kB (UME) 30*128kB (UME) 15*256kB (UME) 10*512kB (UME) 4*1024kB (UM) 1*2048kB (E) 946*4096kB (M) = 3909584kB
[  209.255653][ T7605] Dev loop6: unable to read RDB block 0
[  209.269835][ T7584] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  209.329280][ T7605]  loop6: unable to read partition table
[  209.347654][ T7605] loop_reread_partitions: partition scan of loop6 (�����Ǵ�CP'O�Q�=}m�=@4r�(Uk+Z�� 4��>��F�1�������ԙ�1��) failed (rc=-5)
[  209.385754][ T7584] Node 0 hugepages_total=5 hugepages_free=3 hugepages_surp=3 hugepages_size=2048kB
[  209.456205][ T7584] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  209.572238][ T7584] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  209.626751][ T7584] 72995 total pagecache pages
[  209.651204][ T7584] 0 pages in swap cache
[  209.757453][ T7584] Free swap  = 124564kB
[  209.761678][ T7584] Total swap = 124996kB
[  209.785531][ T5210] ldm_validate_partition_table(): Disk read failed.
[  209.837912][ T7584] 2097051 pages RAM
[  209.853662][ T7584] 0 pages HighMem/MovableOnly
[  209.858452][ T7584] 427641 pages reserved
[  209.865404][ T7584] 0 pages cma reserved
[  209.959047][ T5210] Dev loop6: unable to read RDB block 0
[  209.989760][ T5210]  loop6: unable to read partition table
[  209.992867][ T7618] netlink: 72 bytes leftover after parsing attributes in process `syz.4.474'.
[  210.090295][   T35] wlan1: Trigger new scan to find an IBSS to join
[  211.253349][   T11] wlan1: Creating new IBSS network, BSSID a6:a3:2e:9d:c9:ed
[  212.343316][ T7660] netlink: 'syz.3.486': attribute type 4 has an invalid length.
[  213.521877][ T5886] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  214.051817][   T52] wlan1: Trigger new scan to find an IBSS to join
[  214.312496][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.324727][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.336807][ T5886] usb 4-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  214.346652][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.358329][ T5886] usb 4-1: config 0 descriptor??
[  214.566138][ T7676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.599622][ T7676] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.675281][ T7700] netlink: 'syz.4.498': attribute type 4 has an invalid length.
[  214.822611][ T7676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.838466][ T7678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.839226][ T7676] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.849494][ T7678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.046489][ T5888] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  215.155517][   T35] wlan1: Trigger new scan to find an IBSS to join
[  215.243540][ T5924] wlan1: Creating new IBSS network, BSSID ba:89:b9:75:7a:2a
[  215.511823][ T5888] usb 5-1: Using ep0 maxpacket: 32
[  215.550217][ T7708] netlink: 64 bytes leftover after parsing attributes in process `syz.0.502'.
[  215.653742][ T5888] usb 5-1: config 1 interface 0 altsetting 79 bulk endpoint 0x82 has invalid maxpacket 64
[  215.710100][ T5888] usb 5-1: config 1 interface 0 altsetting 79 bulk endpoint 0x3 has invalid maxpacket 16
[  215.839601][ T7708] futex_wake_op: syz.0.502 tries to shift op by 144; fix this program
[  215.861807][ T5888] usb 5-1: config 1 interface 0 has no altsetting 0
[  216.019109][ T7711] Process accounting resumed
[  216.998853][ T7721] netlink: 48 bytes leftover after parsing attributes in process `syz.1.505'.
[  217.022001][ T5886] usbhid 4-1:0.0: can't add hid device: -71
[  217.028067][ T5886] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  217.049465][ T5886] usb 4-1: USB disconnect, device number 10
[  219.235388][ T5888] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  219.248841][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.295332][ T5888] usb 5-1: Product: а
[  219.317813][ T5888] usb 5-1: Manufacturer: ଉ˛惫⠼慣྅䎣坐蔟ɟͯ◷ꝃ惽儐勍䫂ㄸ쨑ূÖ阀㝒䞄鑀苋跥㚿ད唾녨調輛黇⃕䌵侻๰䱒᪋䵭샀䌣여㑍塧鐽崔ⱆ宅훺亊텅）圀捚⇓㶲ⅈᒯ率
[  219.550365][ T5888] usb 5-1: can't set config #1, error -71
[  220.550412][ T5888] usb 5-1: USB disconnect, device number 9
[  222.401560][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  223.089245][ T7783] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'.
[  223.846732][   T51] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  224.022093][   T51] usb 5-1: Using ep0 maxpacket: 32
[  224.083415][   T51] usb 5-1: config 0 has an invalid descriptor of length 96, skipping remainder of the config
[  224.256527][   T51] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  224.420797][   T51] usb 5-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  224.518683][   T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.529622][   T51] usb 5-1: Product: syz
[  224.540086][   T51] usb 5-1: Manufacturer: syz
[  224.549666][   T51] usb 5-1: SerialNumber: syz
[  224.560544][   T51] usb 5-1: config 0 descriptor??
[  225.041776][   T12] wlan1: Trigger new scan to find an IBSS to join
[  225.296557][   T12] Bluetooth: hci5: Frame reassembly failed (-84)
[  225.600824][ T7785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.625017][ T7785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.052391][   T11] wlan1: Trigger new scan to find an IBSS to join
[  227.436899][   T54] Bluetooth: hci5: command 0xfc11 tx timeout
[  227.446543][ T5840] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  227.917721][ T5916] usb 5-1: USB disconnect, device number 10
[  229.109638][   T11] wlan1: Trigger new scan to find an IBSS to join
[  229.533075][ T7870] overlay: ./file0 is not a directory
[  229.737682][ T7875] FAULT_INJECTION: forcing a failure.
[  229.737682][ T7875] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  229.787520][ T7875] CPU: 0 UID: 0 PID: 7875 Comm: syz.1.550 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  229.797834][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  229.807936][ T7875] Call Trace:
[  229.811235][ T7875]  <TASK>
[  229.814184][ T7875]  dump_stack_lvl+0x241/0x360
[  229.818894][ T7875]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.824110][ T7875]  ? __pfx__printk+0x10/0x10
[  229.828717][ T7875]  should_fail_ex+0x3b0/0x4e0
[  229.833400][ T7875]  prepare_alloc_pages+0x1da/0x5b0
[  229.838521][ T7875]  __alloc_pages_noprof+0x16f/0x710
[  229.843721][ T7875]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  229.849449][ T7875]  ? rcu_is_watching+0x15/0xb0
[  229.854216][ T7875]  alloc_pages_mpol_noprof+0x3e8/0x680
[  229.859684][ T7875]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  229.865671][ T7875]  ? deref_stack_reg+0x17c/0x210
[  229.870603][ T7875]  ? alloc_pages_noprof+0xef/0x170
[  229.875717][ T7875]  pte_alloc_one+0x8f/0x610
[  229.880222][ T7875]  ? __pfx_pte_alloc_one+0x10/0x10
[  229.885347][ T7875]  ? validate_chain+0x11e/0x5920
[  229.890287][ T7875]  ? __pfx_hlock_conflict+0x10/0x10
[  229.895489][ T7875]  ? __pfx_validate_chain+0x10/0x10
[  229.900696][ T7875]  handle_pte_fault+0x2140/0x6820
[  229.905728][ T7875]  ? hlock_conflict+0x59/0x1e0
[  229.910508][ T7875]  ? __pfx_handle_pte_fault+0x10/0x10
[  229.915891][ T7875]  ? __lock_acquire+0x1397/0x2100
[  229.920932][ T7875]  ? __thp_vma_allowable_orders+0x8ff/0x9c0
[  229.926881][ T7875]  ? mt_find+0x2a9/0x920
[  229.931128][ T7875]  ? __pfx_lock_release+0x10/0x10
[  229.936157][ T7875]  handle_mm_fault+0x1053/0x1ad0
[  229.941108][ T7875]  ? __pfx_handle_mm_fault+0x10/0x10
[  229.946400][ T7875]  ? __pfx_find_vma+0x10/0x10
[  229.951169][ T7875]  ? vma_is_secretmem+0xd/0x50
[  229.955952][ T7875]  ? check_vma_flags+0x3ee/0x5a0
[  229.960896][ T7875]  __get_user_pages+0x1c82/0x49e0
[  229.965931][ T7875]  ? add_lock_to_list+0x1e8/0x2f0
[  229.970989][ T7875]  ? __pfx___get_user_pages+0x10/0x10
[  229.976384][ T7875]  get_user_pages_remote+0x31e/0xb60
[  229.981673][ T7875]  ? insn_get_opcode+0xa10/0xe80
[  229.986623][ T7875]  ? __pfx_get_user_pages_remote+0x10/0x10
[  229.992434][ T7875]  uprobe_write_opcode+0x2c8/0x2d80
[  229.997642][ T7875]  ? insn_get_modrm+0x4a2/0x730
[  230.002504][ T7875]  ? insn_get_displacement+0x175/0x9a0
[  230.007980][ T7875]  ? __pfx_uprobe_write_opcode+0x10/0x10
[  230.013621][ T7875]  ? arch_uprobe_analyze_insn+0x132e/0x1a70
[  230.019541][ T7875]  ? up_write+0x1a9/0x590
[  230.023902][ T7875]  install_breakpoint+0x4fc/0x660
[  230.028960][ T7875]  register_for_each_vma+0xa08/0xc50
[  230.034269][ T7875]  uprobe_register+0x811/0x970
[  230.039138][ T7875]  bpf_uprobe_multi_link_attach+0xabe/0xdc0
[  230.045055][ T7875]  ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10
[  230.051477][ T7875]  ? __fget_files+0x395/0x410
[  230.056194][ T7875]  ? bpf_prog_attach_check_attach_type+0x42c/0x4f0
[  230.062694][ T7875]  link_create+0x6d7/0x870
[  230.067117][ T7875]  __sys_bpf+0x4bc/0x810
[  230.071358][ T7875]  ? __pfx___sys_bpf+0x10/0x10
[  230.076133][ T7875]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  230.082115][ T7875]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  230.088611][ T7875]  ? do_syscall_64+0x100/0x230
[  230.093371][ T7875]  __x64_sys_bpf+0x7c/0x90
[  230.097789][ T7875]  do_syscall_64+0xf3/0x230
[  230.102311][ T7875]  ? clear_bhb_loop+0x35/0x90
[  230.106992][ T7875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.112891][ T7875] RIP: 0033:0x7f5a28f7e819
[  230.117310][ T7875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.137091][ T7875] RSP: 002b:00007f5a29cb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  230.145503][ T7875] RAX: ffffffffffffffda RBX: 00007f5a29135fa0 RCX: 00007f5a28f7e819
[  230.153470][ T7875] RDX: 000000000000003c RSI: 00000000200012c0 RDI: 000000000000001c
[  230.161435][ T7875] RBP: 00007f5a29cb2090 R08: 0000000000000000 R09: 0000000000000000
[  230.169399][ T7875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.177371][ T7875] R13: 0000000000000000 R14: 00007f5a29135fa0 R15: 00007ffca1357d58
[  230.185351][ T7875]  </TASK>
[  230.632469][   T12] wlan1: Creating new IBSS network, BSSID 52:9a:71:89:12:ed
[  231.013789][   T67] wlan1: Trigger new scan to find an IBSS to join
[  231.104759][ T7872] netlink: 64 bytes leftover after parsing attributes in process `syz.2.548'.
[  231.143374][ T7889] Bluetooth: MGMT ver 1.23
[  231.938601][ T7895] syz.1.555: attempt to access beyond end of device
[  231.938601][ T7895] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  231.958884][ T5916] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  231.982156][ T7895] XFS (nbd1): SB validate failed with error -5.
[  232.127356][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  232.134565][ T5916] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  232.144615][ T5916] usb 4-1: config 0 has no interface number 0
[  232.162342][ T5916] usb 4-1: config 0 interface 67 altsetting 0 endpoint 0x2 has an invalid bInterval 132, changing to 11
[  232.210007][ T5916] usb 4-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 50599, setting to 1024
[  232.266721][ T5916] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  232.313440][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.335883][ T5916] usb 4-1: Product: syz
[  232.340105][ T5916] usb 4-1: Manufacturer: syz
[  232.387554][ T5916] usb 4-1: SerialNumber: syz
[  232.533964][ T5916] usb 4-1: config 0 descriptor??
[  232.596767][ T7888] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  232.773925][ T5916] smsc95xx v2.0.0
[  232.818365][ T5916] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  233.105880][ T5916] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22
[  233.483841][ T7940] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  233.549640][ T5917] usb 4-1: USB disconnect, device number 11
[  234.375900][ T7946] UBIFS error (pid: 7946): cannot open "/dev/loop3", error -22
[  234.481819][ T5888] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  234.677291][ T5888] usb 5-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  234.741033][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.763893][ T5888] usb 5-1: config 0 descriptor??
[  234.773816][ T5888] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  234.783365][ T5888] dvb_usb_af9015 5-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  235.030968][   T52] wlan1: Trigger new scan to find an IBSS to join
[  235.132079][ T5887] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  235.311852][ T5887] usb 3-1: Using ep0 maxpacket: 8
[  235.336707][ T5887] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  235.375842][ T5887] usb 3-1: config 0 has no interface number 0
[  235.393658][ T5887] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  235.424643][ T5887] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  235.447518][ T5887] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  235.470983][ T5887] usb 3-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0xAF, changing to 0x8F
[  235.507625][ T5887] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  235.539938][ T5887] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  235.573382][ T5887] usb 3-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82
[  235.590453][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.672234][ T5887] usb 3-1: Product: syz
[  235.676650][ T5887] usb 3-1: Manufacturer: syz
[  235.681652][ T5887] usb 3-1: SerialNumber: syz
[  235.724658][ T5887] usb 3-1: config 0 descriptor??
[  235.957685][   T29] audit: type=1800 audit(1732256351.237:98): pid=7962 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.568" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  236.060690][ T7966] netlink: 'syz.0.569': attribute type 11 has an invalid length.
[  236.062090][ T7963] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  236.068612][ T7966] netlink: 224 bytes leftover after parsing attributes in process `syz.0.569'.
[  236.646599][   T35] wlan1: Creating new IBSS network, BSSID 52:60:44:a9:5d:c3
[  236.995670][ T5886] usb 5-1: USB disconnect, device number 11
[  237.003968][ T5887] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 2 is not bulk.
[  237.013875][ T5887] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  237.230232][ T5887] usb 3-1: USB disconnect, device number 16
[  238.033106][   T29] audit: type=1326 audit(1732256353.317:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7975 comm="syz.4.573" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d6117e819 code=0x0
[  240.172527][ T8004] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  240.624798][ T5888] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  240.902217][ T5888] usb 4-1: Using ep0 maxpacket: 8
[  241.918982][ T5888] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  242.191782][ T5888] usb 4-1: config 179 has no interface number 0
[  242.198408][ T5888] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  242.259078][ T5888] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  242.341234][ T5888] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  242.366086][ T5888] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  242.388696][ T5888] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  242.430818][ T5888] usb 4-1: config 179 interface 65 has no altsetting 0
[  242.440337][ T5888] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  242.471875][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.510678][ T5888] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input19
[  242.550815][ T8043] netlink: 48 bytes leftover after parsing attributes in process `syz.4.588'.
[  242.560140][ T5886] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  242.604603][ T5195] input input19: unable to receive magic message: -110
[  242.644721][ T5195] input input19: unable to receive magic message: -32
[  242.704323][ T5195] input input19: unable to receive magic message: -32
[  242.712503][ T5886] usb 1-1: Using ep0 maxpacket: 8
[  242.713188][ T5195] input input19: unable to receive magic message: -32
[  242.726801][ T5886] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  242.841171][ T5886] usb 1-1: config 0 has no interface number 0
[  242.847732][ T5886] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  242.857496][ T5886] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  242.895943][ T5886] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  242.918250][ T5886] usb 1-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0xAF, changing to 0x8F
[  242.920070][ T8046] syzkaller0: tun_chr_ioctl cmd 1074025680
[  242.933822][ T5887] usb 4-1: USB disconnect, device number 12
[  242.936034][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  242.950074][ T5887] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  242.985830][ T5886] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  243.017422][ T5886] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  243.057476][ T5886] usb 1-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82
[  243.070873][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.086471][ T5886] usb 1-1: Product: syz
[  243.101633][ T5886] usb 1-1: Manufacturer: syz
[  243.114230][ T5886] usb 1-1: SerialNumber: syz
[  243.131185][ T5886] usb 1-1: config 0 descriptor??
[  243.306423][ T8038] netlink: 64 bytes leftover after parsing attributes in process `syz.1.587'.
[  243.401297][   T29] audit: type=1800 audit(1732256358.677:100): pid=8039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.585" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0
[  243.482944][ T5886] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 2 is not bulk.
[  243.505413][ T5886] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  243.558622][ T5886] usb 1-1: USB disconnect, device number 15
[  244.291848][ T5886] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  245.001612][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  245.142168][ T5886] usb 2-1: device descriptor read/64, error -32
[  246.103591][   T52] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  246.138027][ T5886] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  246.405864][ T8106] syzkaller1: entered promiscuous mode
[  246.418479][ T8106] syzkaller1: entered allmulticast mode
[  246.424303][ T8110] netlink: 48 bytes leftover after parsing attributes in process `syz.4.602'.
[  246.434111][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  246.442993][ T8110] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.450817][ T8110] FAULT_INJECTION: forcing a failure.
[  246.450817][ T8110] name failslab, interval 1, probability 0, space 0, times 0
[  246.456885][ T5886] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  246.463895][ T8110] CPU: 0 UID: 0 PID: 8110 Comm: syz.4.602 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  246.463952][ T8110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  246.463964][ T8110] Call Trace:
[  246.463973][ T8110]  <TASK>
[  246.463981][ T8110]  dump_stack_lvl+0x241/0x360
[  246.464008][ T8110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.464026][ T8110]  ? __pfx__printk+0x10/0x10
[  246.464054][ T8110]  ? __pfx_lock_release+0x10/0x10
[  246.464073][ T8110]  ? switchdev_handle_fdb_event_to_device+0x3e/0x70
[  246.485280][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  246.485798][ T8110]  should_fail_ex+0x3b0/0x4e0
[  246.485838][ T8110]  should_failslab+0xac/0x100
[  246.548540][ T8110]  ? __alloc_skb+0x1c3/0x440
[  246.553140][ T8110]  kmem_cache_alloc_node_noprof+0x71/0x320
[  246.558954][ T8110]  ? br_switchdev_fdb_notify+0x43d/0x530
[  246.564594][ T8110]  __alloc_skb+0x1c3/0x440
[  246.569010][ T8110]  ? __pfx_br_switchdev_fdb_notify+0x10/0x10
[  246.575014][ T8110]  ? __pfx___alloc_skb+0x10/0x10
[  246.579962][ T8110]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  246.585964][ T8110]  fdb_notify+0xa8/0x170
[  246.590225][ T8110]  fdb_delete+0xf49/0x1210
[  246.594670][ T8110]  ? fdb_delete+0x3b0/0x1210
[  246.599264][ T8110]  ? __pfx_fdb_delete+0x10/0x10
[  246.604113][ T8110]  ? __timer_delete+0xdf/0x380
[  246.608881][ T8110]  ? br_fdb_delete_by_port+0x3c/0x310
[  246.614254][ T8110]  br_fdb_delete_by_port+0x150/0x310
[  246.619542][ T8110]  br_stp_disable_port+0x11b/0x1c0
[  246.624662][ T8110]  br_stp_disable_bridge+0x81/0x150
[  246.629855][ T8110]  ? __pfx_br_dev_stop+0x10/0x10
[  246.634790][ T8110]  br_dev_stop+0x2c/0x180
[  246.639124][ T8110]  ? __pfx_br_dev_stop+0x10/0x10
[  246.644093][ T8110]  __dev_close_many+0x219/0x300
[  246.648948][ T8110]  ? __pfx___dev_close_many+0x10/0x10
[  246.654323][ T8110]  ? dev_set_rx_mode+0x233/0x2e0
[  246.659260][ T8110]  __dev_change_flags+0x30e/0x6f0
[  246.664305][ T8110]  ? __pfx___dev_change_flags+0x10/0x10
[  246.669849][ T8110]  ? validate_linkmsg+0x828/0xa40
[  246.674872][ T8110]  ? do_raw_spin_unlock+0x13c/0x8b0
[  246.680073][ T8110]  ? __pfx_validate_linkmsg+0x10/0x10
[  246.685445][ T8110]  dev_change_flags+0x8b/0x1a0
[  246.690213][ T8110]  do_setlink+0xc90/0x4210
[  246.694656][ T8110]  ? mark_lock+0x9a/0x360
[  246.698991][ T8110]  ? __pfx_do_setlink+0x10/0x10
[  246.703848][ T8110]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  246.709832][ T8110]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  246.716159][ T8110]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  246.722057][ T8110]  ? lockdep_hardirqs_on+0x99/0x150
[  246.727261][ T8110]  ? br_stp_set_enabled+0x12c/0x5f0
[  246.732458][ T8110]  ? br_changelink+0x137d/0x1840
[  246.737405][ T8110]  ? __pfx_br_changelink+0x10/0x10
[  246.742534][ T8110]  ? rtnl_newlink+0xd04/0x24f0
[  246.747300][ T8110]  ? __pfx___mutex_lock+0x10/0x10
[  246.752335][ T8110]  ? cap_capable+0x1b4/0x250
[  246.756933][ T8110]  ? safesetid_security_capable+0xb2/0x1d0
[  246.762758][ T8110]  ? ns_capable+0x8a/0xf0
[  246.767102][ T8110]  ? rtnl_link_get_net_capable+0x168/0x340
[  246.772918][ T8110]  rtnl_newlink+0x171c/0x24f0
[  246.777613][ T8110]  ? __pfx_rtnl_newlink+0x10/0x10
[  246.782640][ T8110]  ? __pfx_validate_chain+0x10/0x10
[  246.787847][ T8110]  ? kasan_quarantine_put+0xdc/0x230
[  246.793130][ T8110]  ? lockdep_hardirqs_on+0x99/0x150
[  246.798341][ T8110]  ? kmem_cache_free_bulk+0x2ea/0x530
[  246.803736][ T8110]  ? kfree_skb_list_reason+0x6c7/0x750
[  246.809201][ T8110]  ? skb_release_data+0x2b5/0x8a0
[  246.814234][ T8110]  ? mark_lock+0x9a/0x360
[  246.818573][ T8110]  ? __lock_acquire+0x1397/0x2100
[  246.823617][ T8110]  ? __pfx_lock_release+0x10/0x10
[  246.828636][ T8110]  ? cap_capable+0x1b4/0x250
[  246.833230][ T8110]  ? __pfx_rtnl_newlink+0x10/0x10
[  246.838256][ T8110]  rtnetlink_rcv_msg+0x791/0xcf0
[  246.843194][ T8110]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  246.848327][ T8110]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  246.853789][ T8110]  ? ref_tracker_free+0x643/0x7e0
[  246.858824][ T8110]  netlink_rcv_skb+0x1e3/0x430
[  246.863587][ T8110]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  246.869045][ T8110]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  246.874346][ T8110]  ? netlink_deliver_tap+0x2e/0x1b0
[  246.879539][ T8110]  netlink_unicast+0x7f6/0x990
[  246.884306][ T8110]  ? __pfx_netlink_unicast+0x10/0x10
[  246.889581][ T8110]  ? __virt_addr_valid+0x183/0x530
[  246.894691][ T8110]  ? __check_object_size+0x48e/0x900
[  246.900073][ T8110]  netlink_sendmsg+0x8e4/0xcb0
[  246.904849][ T8110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.910140][ T8110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.915418][ T8110]  __sock_sendmsg+0x221/0x270
[  246.920098][ T8110]  ____sys_sendmsg+0x52a/0x7e0
[  246.924870][ T8110]  ? __pfx_____sys_sendmsg+0x10/0x10
[  246.930158][ T8110]  ? __fget_files+0x2a/0x410
[  246.934753][ T8110]  ? __fget_files+0x2a/0x410
[  246.939378][ T8110]  __sys_sendmsg+0x269/0x350
[  246.943964][ T8110]  ? __pfx_lock_release+0x10/0x10
[  246.948989][ T8110]  ? __pfx___sys_sendmsg+0x10/0x10
[  246.954107][ T8110]  ? __pfx_vfs_write+0x10/0x10
[  246.958972][ T8110]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  246.965295][ T8110]  ? do_syscall_64+0x100/0x230
[  246.970074][ T8110]  ? do_syscall_64+0xb6/0x230
[  246.974747][ T8110]  do_syscall_64+0xf3/0x230
[  246.979247][ T8110]  ? clear_bhb_loop+0x35/0x90
[  246.983925][ T8110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.989819][ T8110] RIP: 0033:0x7f0d6117e819
[  246.994234][ T8110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.013863][ T8110] RSP: 002b:00007f0d61e93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.022281][ T8110] RAX: ffffffffffffffda RBX: 00007f0d61335fa0 RCX: 00007f0d6117e819
[  247.030515][ T8110] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  247.038484][ T8110] RBP: 00007f0d61e93090 R08: 0000000000000000 R09: 0000000000000000
[  247.046459][ T8110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  247.054512][ T8110] R13: 0000000000000000 R14: 00007f0d61335fa0 R15: 00007ffe5b59e678
[  247.062499][ T8110]  </TASK>
[  247.065531][    C0] vkms_vblank_simulate: vblank timer overrun
[  247.074113][ T8110] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.083807][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  247.095492][ T5886] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  247.104899][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.122899][ T5886] usb 2-1: config 0 descriptor??
[  247.182033][ T5886] usb 2-1: can't set config #0, error -71
[  247.247160][ T5886] usb 2-1: USB disconnect, device number 11
[  251.215162][ T8165] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.614'.
[  251.288475][ T8158] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.614'.
[  252.176184][ T8176] syz.1.613: attempt to access beyond end of device
[  252.176184][ T8176] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  252.206967][ T8179] netlink: 64 bytes leftover after parsing attributes in process `syz.0.616'.
[  252.223515][ T8173] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  252.244169][ T8176] SQUASHFS error: Failed to read block 0x0: -5
[  252.250425][ T8176] unable to read squashfs_super_block
[  252.701809][ T5916] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  253.132009][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  253.141042][ T5916] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  253.171890][ T5916] usb 5-1: config 0 has no interface number 0
[  253.178072][ T5916] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  254.824319][ T5916] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  254.916007][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.930052][ T5916] usb 5-1: Product: syz
[  254.935668][ T5916] usb 5-1: Manufacturer: syz
[  254.949665][ T5916] usb 5-1: SerialNumber: syz
[  254.991438][ T5916] usb 5-1: config 0 descriptor??
[  256.231923][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  256.275466][   T29] audit: type=1326 audit(1732256371.557:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.0.624" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd89437e819 code=0x0
[  256.450455][ T5916] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input20
[  256.656230][ T8191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  256.676377][ T8191] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  256.690847][ T5916] usb 5-1: USB disconnect, device number 12
[  256.952047][ T2145] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  257.158960][ T2145] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  257.207570][ T2145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.267802][ T2145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.324340][ T2145] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  257.385955][ T2145] usb 1-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  257.398072][ T2145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.467073][ T2145] usb 1-1: config 0 descriptor??
[  258.978655][ T2145] usbhid 1-1:0.0: can't add hid device: -71
[  258.985315][ T2145] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  259.002014][ T2145] usb 1-1: USB disconnect, device number 16
[  259.013081][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  259.043934][ T8249] trusted_key: syz.2.640 sent an empty control message without MSG_MORE.
[  259.982478][ T8264] netlink: 'syz.1.642': attribute type 4 has an invalid length.
[  261.429903][   T35] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  262.663249][   T35] wlan1: Trigger new scan to find an IBSS to join
[  265.455616][   T12] wlan1: Creating new IBSS network, BSSID e2:e1:ed:9e:3a:84
[  265.990885][ T8308] netlink: 28 bytes leftover after parsing attributes in process `syz.3.654'.
[  266.001041][ T8308] netlink: 28 bytes leftover after parsing attributes in process `syz.3.654'.
[  267.328999][ T8328] netlink: 'syz.2.657': attribute type 4 has an invalid length.
[  267.350492][   T29] audit: type=1326 audit(1732256382.627:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8329 comm="syz.1.658" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a28f7e819 code=0x0
[  267.841877][ T2145] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  268.721918][ T2145] usb 2-1: Using ep0 maxpacket: 16
[  268.741943][ T2145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  268.808059][ T2145] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  269.020139][ T2145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.743529][ T2145] usb 2-1: Product: syz
[  269.749319][ T2145] usb 2-1: Manufacturer: syz
[  269.754104][ T2145] usb 2-1: SerialNumber: syz
[  269.784943][ T2145] usb 2-1: config 0 descriptor??
[  269.853011][ T5917] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  270.015644][ T5917] usb 5-1: device descriptor read/64, error -71
[  270.032663][ T2145] hub 2-1:0.0: bad descriptor, ignoring hub
[  270.038735][ T2145] hub 2-1:0.0: probe with driver hub failed with error -5
[  270.048796][ T2145] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input21
[  270.066410][ T8336] netlink: 64 bytes leftover after parsing attributes in process `syz.3.659'.
[  270.321891][ T5917] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  270.325217][ T8366] 
@�: renamed from veth0_vlan (while UP)
[  270.491163][ T5916] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  271.134215][ T5917] usb 5-1: device descriptor read/64, error -71
[  271.221844][ T5916] usb 1-1: Using ep0 maxpacket: 32
[  271.229917][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.249926][ T5916] usb 1-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01
[  271.259729][ T5917] usb usb5-port1: attempt power cycle
[  271.275847][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.289653][ T5916] usb 1-1: Product: syz
[  271.295525][ T5916] usb 1-1: Manufacturer: syz
[  271.300649][ T5916] usb 1-1: SerialNumber: syz
[  271.315182][ T5916] usb 1-1: config 0 descriptor??
[  272.297641][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  272.381941][ T5917] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  272.522714][ T2145] usb 2-1: USB disconnect, device number 12
[  272.574956][ T8385] netlink: 'syz.3.671': attribute type 4 has an invalid length.
[  272.722872][ T5917] usb 5-1: device not accepting address 15, error -71
[  274.370184][ T8403] Cannot find del_set index 3 as target
[  276.032044][ T2145] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  276.057667][ T7101] wlan1: Trigger new scan to find an IBSS to join
[  276.178011][ T2145] usb 2-1: device descriptor read/64, error -71
[  276.738477][ T2145] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  276.871995][ T2145] usb 2-1: device descriptor read/64, error -71
[  277.641958][ T5916] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  277.645637][ T2145] usb usb2-port1: attempt power cycle
[  277.745308][ T5886] usb 1-1: USB disconnect, device number 17
[  278.062232][ T5916] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  278.271998][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  278.305239][ T5916] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  278.359573][ T5916] usb 5-1: config 0 has no interface number 0
[  278.407306][ T5916] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  278.513120][ T5916] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  278.634421][ T5916] usb 5-1: config 0 interface 2 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  278.666655][ T2145] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  278.701001][ T5916] usb 5-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0xAF, changing to 0x8F
[  278.702207][ T2145] usb 2-1: device descriptor read/8, error -71
[  278.724119][ T5916] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  278.734672][ T5916] usb 5-1: config 0 interface 2 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  278.754972][ T5916] usb 5-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82
[  278.764369][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.772726][ T5916] usb 5-1: Product: syz
[  278.777075][ T5916] usb 5-1: Manufacturer: syz
[  278.781834][ T5916] usb 5-1: SerialNumber: syz
[  278.803777][ T5916] usb 5-1: config 0 descriptor??
[  279.052906][ T7101] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  279.770942][   T29] audit: type=1800 audit(1732256395.047:103): pid=8432 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.686" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  281.022866][   T11] wlan1: Trigger new scan to find an IBSS to join
[  281.030080][   T11] wlan1: Trigger new scan to find an IBSS to join
[  281.133044][ T5916] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 2 is not bulk.
[  281.142871][ T5916] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  281.192169][ T5916] usb 5-1: USB disconnect, device number 17
[  283.076118][ T8491] netlink: 'syz.4.703': attribute type 4 has an invalid length.
[  283.932970][ T8497] netlink: 64 bytes leftover after parsing attributes in process `syz.3.705'.
[  286.102013][ T5924] wlan1: Creating new IBSS network, BSSID ee:b9:6a:40:25:e6
[  287.010408][ T8523] FAULT_INJECTION: forcing a failure.
[  287.010408][ T8523] name failslab, interval 1, probability 0, space 0, times 0
[  287.092787][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  287.093541][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  287.193674][ T8523] CPU: 1 UID: 0 PID: 8523 Comm: syz.4.711 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  287.193716][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  287.193728][ T8523] Call Trace:
[  287.193735][ T8523]  <TASK>
[  287.193744][ T8523]  dump_stack_lvl+0x241/0x360
[  287.193771][ T8523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.193789][ T8523]  ? __pfx__printk+0x10/0x10
[  287.193814][ T8523]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  287.193842][ T8523]  ? __pfx___might_resched+0x10/0x10
[  287.193872][ T8523]  should_fail_ex+0x3b0/0x4e0
[  287.193904][ T8523]  should_failslab+0xac/0x100
[  287.193928][ T8523]  ? __alloc_skb+0x1c3/0x440
[  287.193950][ T8523]  kmem_cache_alloc_node_noprof+0x71/0x320
[  287.193980][ T8523]  __alloc_skb+0x1c3/0x440
[  287.194005][ T8523]  ? __pfx___alloc_skb+0x10/0x10
[  287.194028][ T8523]  ? netlink_autobind+0xd6/0x2f0
[  287.194049][ T8523]  ? netlink_autobind+0x2b0/0x2f0
[  287.194074][ T8523]  netlink_sendmsg+0x638/0xcb0
[  287.194106][ T8523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.194138][ T8523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.194158][ T8523]  __sock_sendmsg+0x221/0x270
[  287.194185][ T8523]  ____sys_sendmsg+0x52a/0x7e0
[  287.194215][ T8523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.194235][ T8523]  ? __fget_files+0x2a/0x410
[  287.194263][ T8523]  ? __fget_files+0x2a/0x410
[  287.194296][ T8523]  __sys_sendmsg+0x269/0x350
[  287.194322][ T8523]  ? __pfx___sys_sendmsg+0x10/0x10
[  287.194369][ T8523]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  287.194414][ T8523]  do_syscall_64+0xf3/0x230
[  287.194432][ T8523]  ? clear_bhb_loop+0x35/0x90
[  287.194451][ T8523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.194478][ T8523] RIP: 0033:0x7f0d6117e819
[  287.194495][ T8523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.194510][ T8523] RSP: 002b:00007f0d5eff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.194531][ T8523] RAX: ffffffffffffffda RBX: 00007f0d61336080 RCX: 00007f0d6117e819
[  287.194545][ T8523] RDX: 0000000000000080 RSI: 00000000200002c0 RDI: 0000000000000003
[  287.194556][ T8523] RBP: 00007f0d5eff6090 R08: 0000000000000000 R09: 0000000000000000
[  287.194567][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.194578][ T8523] R13: 0000000000000000 R14: 00007f0d61336080 R15: 00007ffe5b59e678
[  287.194604][ T8523]  </TASK>
[  287.505641][ T8528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.714'.
[  287.558629][ T8526] batman_adv: batadv1: Adding interface: netdevsim0
[  287.558651][ T8526] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.558806][ T8526] batman_adv: batadv1: Interface activated: netdevsim0
[  287.865217][ T8538] netlink: 'syz.1.718': attribute type 16 has an invalid length.
[  287.865242][ T8538] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.718'.
[  288.024985][ T5887] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  288.176472][   T52] wlan1: Creating new IBSS network, BSSID 62:62:69:fc:63:3d
[  288.192193][ T5887] usb 4-1: Using ep0 maxpacket: 16
[  288.200461][ T5887] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  288.200765][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.231965][ T5887] usb 4-1: config 0 descriptor??
[  288.258669][ T5887] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  288.572084][ T5887] usb 4-1: Detected FT232B
[  288.829027][ T8522] tty tty28: ldisc open failed (-12), clearing slot 27
[  288.840687][ T8540] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  288.879106][ T8552] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  288.986141][ T5887] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  288.994852][ T5887] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  289.011242][ T5887] usb 4-1: USB disconnect, device number 13
[  289.020865][ T5887] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  289.030764][ T5887] ftdi_sio 4-1:0.0: device disconnected
[  290.233049][ T5924] wlan1: Trigger new scan to find an IBSS to join
[  293.772281][   T11] wlan1: Creating new IBSS network, BSSID 9e:6e:30:ed:6d:10
[  294.105234][ T8617] 9pnet_fd: Insufficient options for proto=fd
[  295.252004][ T5887] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  296.211881][ T5887] usb 4-1: Using ep0 maxpacket: 8
[  296.220004][ T5887] usb 4-1: config 1 has an invalid interface number: 167 but max is 0
[  296.231195][ T5887] usb 4-1: config 1 has no interface number 0
[  296.237877][ T5887] usb 4-1: config 1 interface 167 has no altsetting 0
[  296.256905][ T5887] usb 4-1: New USB device found, idVendor=2040, idProduct=6502, bcdDevice=5e.f6
[  296.274431][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.330402][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.0.751'.
[  296.341239][ T5887] usb 4-1: Product: syz
[  296.368634][ T5887] usb 4-1: Manufacturer: syz
[  296.392244][ T5887] usb 4-1: SerialNumber: syz
[  296.410019][ T5887] hub 4-1:1.167: bad descriptor, ignoring hub
[  296.410052][ T5887] hub 4-1:1.167: probe with driver hub failed with error -5
[  296.415082][ T5887] em28xx 4-1:1.167: New device syz syz @ 480 Mbps (2040:6502, interface 167, class 167)
[  296.415123][ T5887] em28xx 4-1:1.167: Video interface 167 found:
[  296.463577][ T8647] warn_alloc: 1 callbacks suppressed
[  296.463597][ T8647] syz.0.751: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  296.463793][ T8647] CPU: 0 UID: 0 PID: 8647 Comm: syz.0.751 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  296.463807][ T8647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  296.463815][ T8647] Call Trace:
[  296.463820][ T8647]  <TASK>
[  296.463825][ T8647]  dump_stack_lvl+0x241/0x360
[  296.463843][ T8647]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.463864][ T8647]  ? __pfx__printk+0x10/0x10
[  296.463897][ T8647]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  296.463922][ T8647]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  296.463949][ T8647]  warn_alloc+0x278/0x410
[  296.463962][ T8647]  ? stack_depot_save_flags+0x29/0x830
[  296.463978][ T8647]  ? __vmalloc_node_range_noprof+0x106/0x13f0
[  296.463990][ T8647]  ? __pfx_warn_alloc+0x10/0x10
[  296.464005][ T8647]  ? kasan_save_track+0x3f/0x80
[  296.464027][ T8647]  ? __kasan_kmalloc+0x98/0xb0
[  296.464051][ T8647]  ? xsk_setsockopt+0x598/0x950
[  296.464072][ T8647]  ? do_sock_setsockopt+0x3af/0x720
[  296.464093][ T8647]  ? __x64_sys_setsockopt+0x1ee/0x280
[  296.464109][ T8647]  ? do_syscall_64+0xf3/0x230
[  296.464118][ T8647]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.464143][ T8647]  __vmalloc_node_range_noprof+0x126/0x13f0
[  296.464184][ T8647]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  296.464212][ T8647]  ? __kasan_kmalloc+0x98/0xb0
[  296.464234][ T8647]  ? xskq_create+0x54/0x170
[  296.464258][ T8647]  vmalloc_user_noprof+0x74/0x80
[  296.464270][ T8647]  ? xskq_create+0xb6/0x170
[  296.464282][ T8647]  xskq_create+0xb6/0x170
[  296.464296][ T8647]  xsk_init_queue+0xa1/0x100
[  296.464312][ T8647]  xsk_setsockopt+0x598/0x950
[  296.464338][ T8647]  ? __pfx_xsk_setsockopt+0x10/0x10
[  296.464367][ T8647]  ? __pfx_lock_acquire+0x10/0x10
[  296.464387][ T8647]  ? __fget_files+0x2a/0x410
[  296.464412][ T8647]  ? __pfx_xsk_setsockopt+0x10/0x10
[  296.464424][ T8647]  do_sock_setsockopt+0x3af/0x720
[  296.464439][ T8647]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  296.464453][ T8647]  ? __fget_files+0x395/0x410
[  296.464474][ T8647]  ? __fget_files+0x2a/0x410
[  296.464509][ T8647]  __x64_sys_setsockopt+0x1ee/0x280
[  296.464547][ T8647]  do_syscall_64+0xf3/0x230
[  296.464564][ T8647]  ? clear_bhb_loop+0x35/0x90
[  296.464577][ T8647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.464592][ T8647] RIP: 0033:0x7fd89437e819
[  296.464604][ T8647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.464617][ T8647] RSP: 002b:00007fd89518b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  296.464640][ T8647] RAX: ffffffffffffffda RBX: 00007fd894536080 RCX: 00007fd89437e819
[  296.464656][ T8647] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  296.464669][ T8647] RBP: 00007fd8943f175e R08: 0000000000000020 R09: 0000000000000000
[  296.464683][ T8647] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  296.464697][ T8647] R13: 0000000000000000 R14: 00007fd894536080 R15: 00007fff19798db8
[  296.464721][ T8647]  </TASK>
[  296.469490][ T8647] Mem-Info:
[  296.469505][ T8647] active_anon:347 inactive_anon:26786 isolated_anon:0
[  296.469505][ T8647]  active_file:4986 inactive_file:46964 isolated_file:0
[  296.469505][ T8647]  unevictable:768 dirty:52 writeback:0
[  296.469505][ T8647]  slab_reclaimable:10153 slab_unreclaimable:99034
[  296.469505][ T8647]  mapped:38794 shmem:23389 pagetables:905
[  296.469505][ T8647]  sec_pagetables:0 bounce:0
[  296.469505][ T8647]  kernel_misc_reclaimable:0
[  296.469505][ T8647]  free:1304017 free_pcp:348 free_cma:0
[  296.469562][ T8647] Node 0 active_anon:1388kB inactive_anon:107144kB active_file:19868kB inactive_file:187856kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:155176kB dirty:208kB writeback:0kB shmem:92020kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11440kB pagetables:3620kB sec_pagetables:0kB all_unreclaimable? no
[  296.469616][ T8647] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  296.469647][ T8647] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  296.469684][ T8647] lowmem_reserve[]: 0 2463 2464 0 0
[  296.469732][ T8647] Node 0 DMA32 free:1291124kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:1384kB inactive_anon:107112kB active_file:19352kB inactive_file:187804kB unevictable:1536kB writepending:208kB present:3129332kB managed:2550488kB mlocked:0kB bounce:0kB free_pcp:1268kB local_pcp:192kB free_cma:0kB
[  296.469784][ T8647] lowmem_reserve[]: 0 0 0 0 0
[  296.469808][ T8647] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:516kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:624kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB
[  296.469846][ T8647] lowmem_reserve[]: 0 0 0 0 0
[  296.469892][ T8647] Node 1 Normal free:3909584kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:104kB free_cma:0kB
[  296.469940][ T8647] lowmem_reserve[]: 0 0 0 0 0
[  296.469964][ T8647] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  296.470106][ T8647] Node 0 DMA32: 560*4kB (UME) 261*8kB (UME) 45*16kB (UE) 80*32kB (U) 167*64kB (UME) 174*128kB (UME) 93*256kB (UM) 60*512kB (UME) 36*1024kB (UME) 6*2048kB (UME) 280*4096kB (UM) = 1291128kB
[  296.470267][ T8647] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  296.470373][ T8647] Node 1 Normal: 210*4kB (UM) 55*8kB (UME) 55*16kB (UME) 215*32kB (UME) 106*64kB (UME) 30*128kB (UME) 15*256kB (UME) 10*512kB (UME) 4*1024kB (UM) 1*2048kB (E) 946*4096kB (M) = 3909584kB
[  296.471894][ T8647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  296.471934][ T8647] Node 0 hugepages_total=6 hugepages_free=3 hugepages_surp=4 hugepages_size=2048kB
[  296.471952][ T8647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  296.471970][ T8647] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  296.471988][ T8647] 75339 total pagecache pages
[  296.472021][ T8647] 0 pages in swap cache
[  296.472030][ T8647] Free swap  = 124564kB
[  296.472040][ T8647] Total swap = 124996kB
[  296.472049][ T8647] 2097051 pages RAM
[  296.472096][ T8647] 0 pages HighMem/MovableOnly
[  296.472105][ T8647] 427641 pages reserved
[  296.472114][ T8647] 0 pages cma reserved
[  296.496293][ T8655] netlink: 'syz.2.752': attribute type 4 has an invalid length.
[  296.672250][ T5887] em28xx 4-1:1.167: unknown em28xx chip ID (0)
[  297.542504][ T5887] em28xx 4-1:1.167: reading from i2c device at 0xa0 failed (error=-5)
[  297.542636][ T5887] em28xx 4-1:1.167: board has no eeprom
[  297.579921][ T8667] vlan2: entered promiscuous mode
[  297.579952][ T8667] syz_tun: entered promiscuous mode
[  297.611886][ T5887] em28xx 4-1:1.167: Identified as Hauppauge WinTV HVR 900 (R2) (card=18)
[  297.611919][ T5887] em28xx 4-1:1.167: analog set to bulk mode.
[  297.612755][ T5886] em28xx 4-1:1.167: Registering V4L2 extension
[  297.617834][ T5887] usb 4-1: USB disconnect, device number 14
[  297.618477][ T5887] em28xx 4-1:1.167: Disconnecting em28xx
[  298.003934][ T5886] em28xx 4-1:1.167: Config register raw data: 0xffffffed
[  298.011338][ T5886] em28xx 4-1:1.167: AC97 chip type couldn't be determined
[  298.018533][ T5886] em28xx 4-1:1.167: No AC97 audio processor
[  298.024507][ T5886] em28xx 4-1:1.167: em28xx_v4l2_init: Error while setting audio - error [-19]!
[  298.033714][ T5886] em28xx 4-1:1.167: Binding DVB extension
[  298.040074][ T5886] em28xx 4-1:1.167: no endpoint for DVB mode and transfer type 0
[  298.049073][ T5886] em28xx 4-1:1.167: failed to pre-allocate USB transfer buffers for DVB.
[  298.057601][ T5886] em28xx 4-1:1.167: Registering input extension
[  298.066421][ T5887] em28xx 4-1:1.167: Closing input extension
[  298.128993][ T5887] em28xx 4-1:1.167: Freeing device
[  298.621915][   T29] audit: type=1800 audit(1732256413.877:104): pid=8686 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.757" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  298.658049][   T29] audit: type=1326 audit(1732256413.937:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8702 comm="syz.0.761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd89437e819 code=0x0
[  298.680142][ T2145] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  298.991953][ T2145] usb 2-1: Using ep0 maxpacket: 16
[  298.998676][ T2145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.010001][ T2145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.020752][ T2145] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  299.033966][ T2145] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  299.044361][ T2145] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.063596][ T2145] usb 2-1: config 0 descriptor??
[  300.350350][    T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  300.360628][ T8717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.369368][ T8717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.380346][ T5916] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  300.424804][ T2145] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  300.435822][ T2145] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input23
[  300.610218][ T2145] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  300.701974][    T8] usb 4-1: Using ep0 maxpacket: 32
[  300.707349][ T5916] usb 1-1: Using ep0 maxpacket: 16
[  300.716506][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  300.726479][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  300.733617][    T8] usb 4-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice= 1.8e
[  300.757043][ T5916] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  300.800685][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.819699][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.864497][ T5916] usb 1-1: Product: syz
[  300.875384][    T8] usb 4-1: config 0 descriptor??
[  300.917708][ T5916] usb 1-1: Manufacturer: syz
[  300.927530][    T8] usb 4-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state
[  301.011658][ T8724] 9pnet_fd: Insufficient options for proto=fd
[  301.212382][ T5916] usb 1-1: SerialNumber: syz
[  301.461014][ T8724] netlink: 8 bytes leftover after parsing attributes in process `syz.4.765'.
[  301.672543][ T2145] usb 2-1: reset high-speed USB device number 17 using dummy_hcd
[  301.703408][ T5916] usb 1-1: config 0 descriptor??
[  301.713506][    T8] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  301.736047][ T5916] usb 1-1: can't set config #0, error -71
[  301.750528][    T8] dvbdev: DVB: registering new adapter (HCW 126xxx)
[  301.761222][ T5916] usb 1-1: USB disconnect, device number 18
[  301.783992][    T8] usb 4-1: media controller created
[  301.838358][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  301.879385][    T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  301.895556][    T8] error writing reg: 0xff, val: 0x00
[  301.930818][    T8] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  301.976710][ T8737] netlink: 'syz.0.766': attribute type 4 has an invalid length.
[  303.115339][ T5886] usb 4-1: USB disconnect, device number 15
[  303.468302][ T8761] FAULT_INJECTION: forcing a failure.
[  303.468302][ T8761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  303.481912][ T8761] CPU: 0 UID: 0 PID: 8761 Comm: syz.1.775 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  303.492189][ T8761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  303.502259][ T8761] Call Trace:
[  303.505568][ T8761]  <TASK>
[  303.508503][ T8761]  dump_stack_lvl+0x241/0x360
[  303.513191][ T8761]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.518388][ T8761]  ? __pfx__printk+0x10/0x10
[  303.522984][ T8761]  ? snprintf+0xda/0x120
[  303.527234][ T8761]  should_fail_ex+0x3b0/0x4e0
[  303.531924][ T8761]  _copy_to_user+0x31/0xb0
[  303.536339][ T8761]  simple_read_from_buffer+0xca/0x150
[  303.541717][ T8761]  proc_fail_nth_read+0x1e9/0x250
[  303.546838][ T8761]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.552498][ T8761]  ? rw_verify_area+0x55e/0x6f0
[  303.557345][ T8761]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.562891][ T8761]  vfs_read+0x1fc/0xb70
[  303.567048][ T8761]  ? __pfx___mutex_lock+0x10/0x10
[  303.572068][ T8761]  ? __pfx_vfs_read+0x10/0x10
[  303.576753][ T8761]  ? __fget_files+0x2a/0x410
[  303.581355][ T8761]  ? __fget_files+0x395/0x410
[  303.586030][ T8761]  ? __fget_files+0x2a/0x410
[  303.590629][ T8761]  ksys_read+0x18f/0x2b0
[  303.594870][ T8761]  ? __pfx_ksys_read+0x10/0x10
[  303.599628][ T8761]  ? do_syscall_64+0x100/0x230
[  303.604389][ T8761]  ? do_syscall_64+0xb6/0x230
[  303.609060][ T8761]  do_syscall_64+0xf3/0x230
[  303.613558][ T8761]  ? clear_bhb_loop+0x35/0x90
[  303.618229][ T8761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.624121][ T8761] RIP: 0033:0x7f5a28f7d25c
[  303.628534][ T8761] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  303.648658][ T8761] RSP: 002b:00007f5a29cb2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  303.657072][ T8761] RAX: ffffffffffffffda RBX: 00007f5a29135fa0 RCX: 00007f5a28f7d25c
[  303.665043][ T8761] RDX: 000000000000000f RSI: 00007f5a29cb20a0 RDI: 0000000000000004
[  303.673006][ T8761] RBP: 00007f5a29cb2090 R08: 0000000000000000 R09: 0000000000000000
[  303.680969][ T8761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.688935][ T8761] R13: 0000000000000000 R14: 00007f5a29135fa0 R15: 00007ffca1357d58
[  303.696915][ T8761]  </TASK>
[  303.715864][ T5887] usb 2-1: USB disconnect, device number 17
[  304.348153][ T5887] libceph: connect (1)[c::]:6789 error -101
[  304.381334][ T5887] libceph: mon0 (1)[c::]:6789 connect error
[  304.413688][ T8771] ceph: No mds server is up or the cluster is laggy
[  304.442519][ T5887] libceph: connect (1)[c::]:6789 error -101
[  304.487462][ T5887] libceph: mon0 (1)[c::]:6789 connect error
[  305.882116][    T8] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  306.042906][    T8] usb 2-1: device descriptor read/64, error -71
[  306.095002][ T8797] IPv6: NLM_F_REPLACE set, but no existing node found!
[  306.142488][ T8797] netlink: 'syz.4.785': attribute type 4 has an invalid length.
[  306.172046][ T8797] netlink: 'syz.4.785': attribute type 4 has an invalid length.
[  306.304053][    T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  306.602567][    T8] usb 2-1: device descriptor read/64, error -71
[  306.712126][    T8] usb usb2-port1: attempt power cycle
[  307.061852][    T8] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  307.096355][    T8] usb 2-1: device descriptor read/8, error -71
[  307.817933][    T8] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  307.887294][    T8] usb 2-1: device descriptor read/8, error -71
[  308.012030][    T8] usb usb2-port1: unable to enumerate USB device
[  308.245187][ T8816] overlayfs: overlapping lowerdir path
[  308.346631][    T8] IPVS: starting estimator thread 0...
[  308.363752][ T8825] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  308.372222][ T8825] tipc: Enabled bearer <udp:s>, priority 10
[  308.501880][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  308.511985][ T8827] IPVS: using max 21 ests per chain, 50400 per kthread
[  308.771962][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  308.781906][    T8] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  308.943669][    T8] usb 1-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  308.955825][ T5917] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  308.965130][    T8] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  308.977002][    T8] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  308.990401][    T8] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  308.999999][    T8] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  309.008457][    T8] usb 1-1: Manufacturer: syz
[  309.013551][    T8] usb 1-1: SerialNumber: syz
[  309.102515][ T5916] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  309.157666][ T5917] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  309.169246][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.179303][ T5917] usb 4-1: Product: syz
[  309.184314][ T5917] usb 4-1: Manufacturer: syz
[  309.190665][ T5917] usb 4-1: SerialNumber: syz
[  309.198277][ T5917] usb 4-1: config 0 descriptor??
[  309.271960][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  309.301819][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  309.422794][ T5917] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  309.598736][ T5916] usb 2-1: unable to get BOS descriptor or descriptor too short
[  309.616054][ T5916] usb 2-1: unable to read config index 0 descriptor/start: -71
[  309.626020][ T5916] usb 2-1: can't read configurations, error -71
[  310.294175][ T8846] netlink: 28 bytes leftover after parsing attributes in process `syz.4.797'.
[  310.371806][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  310.463541][ T5917] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  310.636176][ T8849] netlink: 'syz.1.798': attribute type 4 has an invalid length.
[  311.411818][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  311.489324][   T67] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  311.580152][    T8] yealink 1-1:36.0: invalid payload size 0, expected 16
[  311.612352][    T8] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input24
[  311.667060][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.674364][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.681538][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.688685][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.695825][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.710722][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.719222][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.729858][    C0] yealink 1-1:36.0: urb_ctl_callback - urb status -71
[  311.736671][    C0] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  311.782825][ T5916] usb 4-1: USB disconnect, device number 16
[  311.820997][ T8866] Invalid option length (1048261) for dns_resolver key
[  311.824810][    T8] usb 1-1: USB disconnect, device number 19
[  312.167483][ T8855] netlink: 'syz.4.800': attribute type 29 has an invalid length.
[  312.193167][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.4.800'.
[  312.451810][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  312.467016][ T8883] netlink: 288 bytes leftover after parsing attributes in process `syz.2.808'.
[  313.429218][ T8888] netlink: 'syz.4.809': attribute type 4 has an invalid length.
[  313.491986][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  313.666261][ T8891] FAULT_INJECTION: forcing a failure.
[  313.666261][ T8891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.766240][ T8891] CPU: 0 UID: 0 PID: 8891 Comm: syz.2.810 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  313.776571][ T8891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  313.786663][ T8891] Call Trace:
[  313.789966][ T8891]  <TASK>
[  313.792914][ T8891]  dump_stack_lvl+0x241/0x360
[  313.797624][ T8891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.802848][ T8891]  ? __pfx__printk+0x10/0x10
[  313.807474][ T8891]  ? snprintf+0xda/0x120
[  313.811745][ T8891]  should_fail_ex+0x3b0/0x4e0
[  313.816455][ T8891]  _copy_to_user+0x31/0xb0
[  313.820901][ T8891]  simple_read_from_buffer+0xca/0x150
[  313.826303][ T8891]  proc_fail_nth_read+0x1e9/0x250
[  313.831363][ T8891]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  313.837115][ T8891]  ? rw_verify_area+0x568/0x6f0
[  313.841996][ T8891]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  313.847585][ T8891]  vfs_read+0x1fc/0xb70
[  313.851773][ T8891]  ? __pfx_vfs_read+0x10/0x10
[  313.856478][ T8891]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  313.862484][ T8891]  ? put_files_struct+0x23d/0x310
[  313.867549][ T8891]  ksys_read+0x18f/0x2b0
[  313.871829][ T8891]  ? __pfx_ksys_read+0x10/0x10
[  313.876618][ T8891]  ? do_syscall_64+0x100/0x230
[  313.881405][ T8891]  ? do_syscall_64+0xb6/0x230
[  313.886102][ T8891]  do_syscall_64+0xf3/0x230
[  313.890626][ T8891]  ? clear_bhb_loop+0x35/0x90
[  313.895340][ T8891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.901267][ T8891] RIP: 0033:0x7f33bdf7d25c
[  313.905706][ T8891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  313.925333][ T8891] RSP: 002b:00007f33bed1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  313.933786][ T8891] RAX: ffffffffffffffda RBX: 00007f33be135fa0 RCX: 00007f33bdf7d25c
[  313.941871][ T8891] RDX: 000000000000000f RSI: 00007f33bed1f0a0 RDI: 0000000000000004
[  313.949868][ T8891] RBP: 00007f33bed1f090 R08: 0000000000000000 R09: 0000000000000000
[  313.957951][ T8891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.965952][ T8891] R13: 0000000000000000 R14: 00007f33be135fa0 R15: 00007ffc93c9cbf8
[  313.973959][ T8891]  </TASK>
[  314.183481][   T35] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  314.350482][ T5916] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  314.531797][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  314.611913][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  314.635433][ T5916] usb 3-1: New USB device found, idVendor=17cc, idProduct=1020, bcdDevice=b4.bf
[  314.650749][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.666742][ T5916] usb 3-1: Product: syz
[  314.677646][ T5916] usb 3-1: Manufacturer: syz
[  314.690917][ T5916] usb 3-1: SerialNumber: syz
[  314.710200][ T5916] usb 3-1: config 0 descriptor??
[  314.959878][ T8909] Dead loop on virtual device ip6_vti0, fix it urgently!
[  315.571833][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  315.706232][ T8909] syz.1.818 (8909) used greatest stack depth: 19024 bytes left
[  315.761839][ T5916] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -71
[  315.861899][ T5916] usb 3-1: USB disconnect, device number 17
[  315.950429][ T8924] netlink: 'syz.0.819': attribute type 4 has an invalid length.
[  316.033514][ T8905] netlink: 64 bytes leftover after parsing attributes in process `syz.4.816'.
[  316.611841][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  316.654172][ T5916] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  316.828498][ T8922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.651803][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  318.358399][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  318.691843][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  319.037715][ T5916] usb 4-1: Using ep0 maxpacket: 16
[  319.731862][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  319.914737][ T5916] usb 4-1: device descriptor read/all, error -71
[  320.771804][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  321.299411][ T5840] Bluetooth: hci2: Malformed HCI Event: 0x22
[  321.811827][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  321.845930][ T8974] netlink: 64 bytes leftover after parsing attributes in process `syz.3.834'.
[  321.876134][ T5886] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  322.361844][ T5886] usb 1-1: Using ep0 maxpacket: 16
[  322.370881][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  322.381031][ T5886] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  322.393025][ T5886] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  322.402337][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.410369][ T5886] usb 1-1: Product: syz
[  322.415326][ T5886] usb 1-1: Manufacturer: syz
[  322.420053][ T5886] usb 1-1: SerialNumber: syz
[  322.436071][ T5886] usb 1-1: config 0 descriptor??
[  322.647985][ T5886] usb 1-1: Cannot retrieve CPort count: 0
[  322.671618][ T5886] usb 1-1: Cannot retrieve CPort count: -5
[  322.681243][ T5886] es2_ap_driver 1-1:0.0: probe with driver es2_ap_driver failed with error -5
[  322.772152][ T2145] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  322.851799][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  322.901959][ T5886] usb 1-1: USB disconnect, device number 20
[  323.075143][ T2145] usb 4-1: device descriptor read/64, error -71
[  323.311995][ T2145] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  323.491989][ T2145] usb 4-1: device descriptor read/64, error -71
[  323.602786][ T2145] usb usb4-port1: attempt power cycle
[  323.891833][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  324.931802][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  324.956058][ T2145] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  324.982899][ T2145] usb 4-1: device descriptor read/8, error -71
[  325.221923][ T2145] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  325.300503][ T2145] usb 4-1: device descriptor read/8, error -71
[  325.402247][ T9027] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  325.432305][ T2145] usb usb4-port1: unable to enumerate USB device
[  325.522541][ T9027] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  325.971815][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  327.011822][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  327.054946][ T9062] mmap: syz.3.858 (9062) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  327.392581][ T9065] syz.4.859 (9065) used greatest stack depth: 19000 bytes left
[  327.431518][ T9067] tmpfs: Bad value for 'mpol'
[  327.512967][ T9062] netlink: 'syz.3.858': attribute type 13 has an invalid length.
[  328.051804][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  328.135276][    T8] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  329.091795][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  329.326805][    T8] usb 5-1: Using ep0 maxpacket: 32
[  329.405479][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.478012][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.653310][    T8] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  329.711455][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.744261][    T8] usb 5-1: config 0 descriptor??
[  330.131813][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  330.313184][ T9074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.323337][ T9074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  330.339784][    T8] usbhid 5-1:0.0: can't add hid device: -71
[  330.346053][    T8] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  330.363961][    T8] usb 5-1: USB disconnect, device number 18
[  330.410090][ T9088] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  330.426109][ T9088] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  330.619600][ T9090] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[  330.782504][ T9099] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  330.854550][ T9104] netlink: 60 bytes leftover after parsing attributes in process `syz.0.871'.
[  330.868461][ T9104] futex_wake_op: syz.0.871 tries to shift op by 32; fix this program
[  331.171799][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  331.270372][ T2145] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  331.451934][ T2145] usb 4-1: Using ep0 maxpacket: 16
[  331.473557][ T2145] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  331.485330][ T2145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.759559][ T2145] usb 4-1: config 0 descriptor??
[  332.016063][ T2145] gspca_main: sonixj-2.14.0 probing 0471:0327
[  332.053096][   T11] wlan1: Trigger new scan to find an IBSS to join
[  332.211893][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  333.112282][ T2145] gspca_sonixj: reg_r err -110
[  333.117248][ T2145] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  333.251808][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  334.291804][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  334.398278][ T2145] usb 4-1: USB disconnect, device number 23
[  334.543273][ T9139] netlink: 'syz.1.882': attribute type 4 has an invalid length.
[  335.331793][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  336.371800][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  337.411877][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  338.451862][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  338.580002][    T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  339.453705][    T8] usb 3-1: Using ep0 maxpacket: 16
[  339.486079][    T8] usb 3-1: device descriptor read/all, error -71
[  339.491806][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  339.695251][ T9181] netlink: 'syz.3.894': attribute type 4 has an invalid length.
[  340.531792][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  341.097832][   T12] wlan1: Trigger new scan to find an IBSS to join
[  341.571818][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  342.611822][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  342.822822][ T9211] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  343.132957][ T2145] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  343.322365][ T2145] usb 3-1: Using ep0 maxpacket: 32
[  343.471993][ T2145] usb 3-1: New USB device found, idVendor=0413, idProduct=6029, bcdDevice=b2.3d
[  343.481180][ T2145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.533664][ T2145] usb 3-1: Product: syz
[  343.558372][ T2145] usb 3-1: Manufacturer: syz
[  343.568526][ T2145] usb 3-1: SerialNumber: syz
[  343.651831][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  343.680710][    T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  343.706952][ T2145] usb 3-1: config 0 descriptor??
[  343.901826][    T8] usb 5-1: Using ep0 maxpacket: 16
[  343.909359][    T8] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  343.918581][    T8] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  343.927687][    T8] usb 5-1: config 1 has no interface number 1
[  344.043138][    T8] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  344.056611][    T8] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  344.070376][    T8] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  344.080015][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.092780][    T8] usb 5-1: Product: syz
[  344.094843][ T2145] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  344.105882][ T2145] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  344.118261][ T2145] usb 3-1: USB disconnect, device number 20
[  344.131101][    T8] usb 5-1: Manufacturer: syz
[  344.149384][    T8] usb 5-1: SerialNumber: syz
[  344.691796][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  344.835144][ T9232] netlink: 'syz.2.906': attribute type 64 has an invalid length.
[  344.866708][ T9232] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  344.919130][ T9232] sg_write: data in/out 23515/14 bytes for SCSI command 0x0-- guessing data in;
[  344.919130][ T9232]    program syz.2.906 not setting count and/or reply_len properly
[  344.983615][ T9237] netlink: 'syz.1.907': attribute type 4 has an invalid length.
[  345.065001][ T9213] netlink: 16 bytes leftover after parsing attributes in process `syz.4.902'.
[  345.143872][    T8] usb 5-1: 2:1 : no UAC_FORMAT_TYPE desc
[  345.162168][    T8] usb 5-1: USB disconnect, device number 19
[  345.731806][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  345.735867][ T8959] udevd[8959]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  346.771926][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  347.011969][ T5924] wlan1: Trigger new scan to find an IBSS to join
[  347.802969][ T9275] lo speed is unknown, defaulting to 1000
[  347.811833][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  347.885110][ T9278] syz_tun: entered allmulticast mode
[  347.965239][   T29] audit: type=1326 audit(1732256463.227:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9274 comm="syz.2.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33bdf7e819 code=0x0
[  348.071906][ T5924] wlan1: Trigger new scan to find an IBSS to join
[  348.199388][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  348.545810][ T9270] syz_tun: left allmulticast mode
[  348.851847][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  349.891822][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  350.538470][ T3502] wlan1: Trigger new scan to find an IBSS to join
[  350.931793][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  351.971802][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  352.294564][   T12] wlan1: Creating new IBSS network, BSSID aa:bd:16:80:dc:81
[  352.310569][ T5925] wlan1: Trigger new scan to find an IBSS to join
[  353.011815][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  353.092263][   T35] wlan1: Trigger new scan to find an IBSS to join
[  353.309167][ T9352] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  353.324614][ T9352] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  353.402825][   T11] wlan1: Creating new IBSS network, BSSID 42:43:16:9b:0c:65
[  353.772003][ T2145] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  353.923520][ T2145] usb 3-1: config 0 has an invalid interface number: 110 but max is 0
[  353.931861][ T2145] usb 3-1: config 0 has no interface number 0
[  353.938167][ T2145] usb 3-1: config 0 interface 110 altsetting 0 endpoint 0xD has invalid maxpacket 40068, setting to 64
[  353.961850][ T2145] usb 3-1: config 0 interface 110 altsetting 0 endpoint 0xC has invalid maxpacket 512, setting to 64
[  353.980289][ T2145] usb 3-1: config 0 interface 110 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  354.027762][ T2145] usb 3-1: config 0 interface 110 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[  354.051865][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  354.114911][ T2145] usb 3-1: config 0 interface 110 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  354.184397][ T2145] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=17.65
[  354.246959][ T2145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.268893][ T2145] usb 3-1: config 0 descriptor??
[  354.278958][ T9355] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  354.343044][ T2145] adutux 3-1:0.110: ADU100  now attached to /dev/usb/adutux0
[  354.653702][ T9355] netlink: 20 bytes leftover after parsing attributes in process `syz.2.936'.
[  355.091957][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  355.099691][   T35] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  355.201195][ T2145] usb 3-1: USB disconnect, device number 21
[  356.131803][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  356.531810][ T9382] ALSA: seq fatal error: cannot create timer (-22)
[  357.171852][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  357.622626][ T9401] 9pnet_fd: Insufficient options for proto=fd
[  357.978905][ T9407] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  358.055597][   T11] wlan1: Trigger new scan to find an IBSS to join
[  358.211839][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  358.441066][ T9407] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  359.251809][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  360.291909][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  361.331821][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  361.778911][   T12] wlan1: Trigger new scan to find an IBSS to join
[  361.783825][ T7101] wlan1: Trigger new scan to find an IBSS to join
[  362.052107][   T11] wlan1: Trigger new scan to find an IBSS to join
[  362.234668][ T9442] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  362.259150][ T9442] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  362.371814][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  363.354262][ T9457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.965'.
[  363.412626][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  364.451808][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  364.827634][ T9459] kvm: emulating exchange as write
[  365.329087][   T12] wlan1: Creating new IBSS network, BSSID ee:f4:88:f3:0c:56
[  365.380790][ T7101] wlan1: Creating new IBSS network, BSSID aa:c1:89:8a:b0:56
[  365.491859][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  365.732520][ T9475] netlink: 'syz.0.969': attribute type 4 has an invalid length.
[  366.531818][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  366.639046][ T9482] dummy0: entered promiscuous mode
[  366.691931][ T9482] macsec1: entered allmulticast mode
[  366.697290][ T9482] dummy0: entered allmulticast mode
[  366.812650][ T9482] dummy0: left allmulticast mode
[  366.817719][ T9482] dummy0: left promiscuous mode
[  367.571825][    C1] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  367.619811][ T9504] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  367.643902][ T9504] vimc vimc.0: subdev_call error Scaler
[  367.649769][ T9504] ------------[ cut here ]------------
[  367.655468][ T9504] WARNING: CPU: 0 PID: 9504 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x222/0x280
[  367.666395][ T9504] Modules linked in:
[  367.670291][ T9504] CPU: 0 UID: 0 PID: 9504 Comm: syz.0.974 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  367.680864][ T9504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  367.691098][ T9504] RIP: 0010:call_s_stream+0x222/0x280
[  367.696515][ T9504] Code: 42 1a fa 48 8b 7d 00 48 c7 c6 a0 a2 cb 8c 89 da e8 53 9b e3 03 48 bd 00 00 00 00 00 fc ff df e9 06 ff ff ff e8 5f b4 b2 f9 90 <0f> 0b 90 e9 de fe ff ff 89 e9 80 e1 07 38 c1 0f 8c 09 fe ff ff 48
[  367.716388][ T9504] RSP: 0018:ffffc900053df980 EFLAGS: 00010283
[  367.722558][ T9504] RAX: ffffffff87e24e31 RBX: 0000000000000000 RCX: 0000000000080000
[  367.730871][ T9504] RDX: ffffc900113a4000 RSI: 00000000000093e9 RDI: 00000000000093ea
[  367.739016][ T9504] RBP: 0000000000000000 R08: ffffffff87e24c78 R09: fffffbfff1cfa898
[  367.748766][ T9504] R10: dffffc0000000000 R11: ffffffff87e24c10 R12: ffff88802a45b020
[  367.756880][ T9504] R13: 0000000000000000 R14: 1ffff1100548b633 R15: 0000000000000000
[  367.764976][ T9504] FS:  00007fd8951496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  367.774024][ T9504] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  367.780671][ T9504] CR2: 00007fd8951ac990 CR3: 0000000078d9e000 CR4: 00000000003526f0
[  367.788714][ T9504] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  367.796786][ T9504] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  367.804840][ T9504] Call Trace:
[  367.808199][ T9504]  <TASK>
[  367.811164][ T9504]  ? __warn+0x168/0x4e0
[  367.815410][ T9504]  ? call_s_stream+0x222/0x280
[  367.820195][ T9504]  ? report_bug+0x2b3/0x500
[  367.824751][ T9504]  ? call_s_stream+0x222/0x280
[  367.829571][ T9504]  ? handle_bug+0x60/0x90
[  367.834072][ T9504]  ? exc_invalid_op+0x1a/0x50
[  367.838861][ T9504]  ? asm_exc_invalid_op+0x1a/0x20
[  367.843928][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  367.849049][ T9504]  ? call_s_stream+0x68/0x280
[  367.853781][ T9504]  ? call_s_stream+0x221/0x280
[  367.858559][ T9504]  ? call_s_stream+0x222/0x280
[  367.863377][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  367.868592][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  367.873745][ T9504]  vimc_streamer_pipeline_terminate+0x219/0x360
[  367.880020][ T9504]  vimc_streamer_s_stream+0x69f/0x800
[  367.885461][ T9504]  vimc_capture_start_streaming+0x230/0x440
[  367.891380][ T9504]  ? __pfx_vimc_capture_start_streaming+0x10/0x10
[  367.897933][ T9504]  vb2_start_streaming+0x129/0x440
[  367.903127][ T9504]  vb2_core_streamon+0x2b5/0x4c0
[  367.908105][ T9504]  __video_do_ioctl+0xc23/0xdd0
[  367.913021][ T9504]  ? __pfx___video_do_ioctl+0x10/0x10
[  367.918407][ T9504]  ? smack_log+0x123/0x540
[  367.923142][ T9504]  ? __might_fault+0xc6/0x120
[  367.927843][ T9504]  video_usercopy+0x89b/0x1180
[  367.932654][ T9504]  ? __pfx___video_do_ioctl+0x10/0x10
[  367.938203][ T9504]  ? __pfx_video_usercopy+0x10/0x10
[  367.943535][ T9504]  ? smack_file_ioctl+0x29e/0x3a0
[  367.948676][ T9504]  ? __rcu_read_unlock+0xa1/0x110
[  367.953737][ T9504]  ? __fget_files+0x2a/0x410
[  367.958343][ T9504]  ? __fget_files+0x2a/0x410
[  367.963055][ T9504]  v4l2_ioctl+0x189/0x1e0
[  367.967397][ T9504]  ? __pfx_v4l2_ioctl+0x10/0x10
[  367.972371][ T9504]  __se_sys_ioctl+0xf5/0x170
[  367.977156][ T9504]  do_syscall_64+0xf3/0x230
[  367.981688][ T9504]  ? clear_bhb_loop+0x35/0x90
[  367.986456][ T9504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.992409][ T9504] RIP: 0033:0x7fd89437e819
[  367.996948][ T9504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.016616][ T9504] RSP: 002b:00007fd895149038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.025086][ T9504] RAX: ffffffffffffffda RBX: 00007fd894536240 RCX: 00007fd89437e819
[  368.033130][ T9504] RDX: 0000000020000000 RSI: 0000000040045612 RDI: 0000000000000006
[  368.041216][ T9504] RBP: 00007fd8943f175e R08: 0000000000000000 R09: 0000000000000000
[  368.049356][ T9504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  368.057545][ T9504] R13: 0000000000000001 R14: 00007fd894536240 R15: 00007fff19798db8
[  368.065686][ T9504]  </TASK>
[  368.068761][ T9504] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  368.076072][ T9504] CPU: 0 UID: 0 PID: 9504 Comm: syz.0.974 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  368.086339][ T9504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  368.096385][ T9504] Call Trace:
[  368.099658][ T9504]  <TASK>
[  368.102580][ T9504]  dump_stack_lvl+0x241/0x360
[  368.107248][ T9504]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.112449][ T9504]  ? __pfx__printk+0x10/0x10
[  368.117049][ T9504]  ? vscnprintf+0x5d/0x90
[  368.121389][ T9504]  panic+0x349/0x880
[  368.125281][ T9504]  ? __warn+0x177/0x4e0
[  368.129428][ T9504]  ? __pfx_panic+0x10/0x10
[  368.133938][ T9504]  __warn+0x34b/0x4e0
[  368.137911][ T9504]  ? call_s_stream+0x222/0x280
[  368.142756][ T9504]  report_bug+0x2b3/0x500
[  368.147083][ T9504]  ? call_s_stream+0x222/0x280
[  368.151852][ T9504]  handle_bug+0x60/0x90
[  368.156028][ T9504]  exc_invalid_op+0x1a/0x50
[  368.160524][ T9504]  asm_exc_invalid_op+0x1a/0x20
[  368.165366][ T9504] RIP: 0010:call_s_stream+0x222/0x280
[  368.170731][ T9504] Code: 42 1a fa 48 8b 7d 00 48 c7 c6 a0 a2 cb 8c 89 da e8 53 9b e3 03 48 bd 00 00 00 00 00 fc ff df e9 06 ff ff ff e8 5f b4 b2 f9 90 <0f> 0b 90 e9 de fe ff ff 89 e9 80 e1 07 38 c1 0f 8c 09 fe ff ff 48
[  368.190333][ T9504] RSP: 0018:ffffc900053df980 EFLAGS: 00010283
[  368.196425][ T9504] RAX: ffffffff87e24e31 RBX: 0000000000000000 RCX: 0000000000080000
[  368.204391][ T9504] RDX: ffffc900113a4000 RSI: 00000000000093e9 RDI: 00000000000093ea
[  368.212368][ T9504] RBP: 0000000000000000 R08: ffffffff87e24c78 R09: fffffbfff1cfa898
[  368.220344][ T9504] R10: dffffc0000000000 R11: ffffffff87e24c10 R12: ffff88802a45b020
[  368.228323][ T9504] R13: 0000000000000000 R14: 1ffff1100548b633 R15: 0000000000000000
[  368.236294][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  368.241409][ T9504]  ? call_s_stream+0x68/0x280
[  368.246084][ T9504]  ? call_s_stream+0x221/0x280
[  368.250856][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  368.255960][ T9504]  ? __pfx_call_s_stream+0x10/0x10
[  368.261145][ T9504]  vimc_streamer_pipeline_terminate+0x219/0x360
[  368.267385][ T9504]  vimc_streamer_s_stream+0x69f/0x800
[  368.272790][ T9504]  vimc_capture_start_streaming+0x230/0x440
[  368.278693][ T9504]  ? __pfx_vimc_capture_start_streaming+0x10/0x10
[  368.285105][ T9504]  vb2_start_streaming+0x129/0x440
[  368.290216][ T9504]  vb2_core_streamon+0x2b5/0x4c0
[  368.295156][ T9504]  __video_do_ioctl+0xc23/0xdd0
[  368.300034][ T9504]  ? __pfx___video_do_ioctl+0x10/0x10
[  368.305398][ T9504]  ? smack_log+0x123/0x540
[  368.309809][ T9504]  ? __might_fault+0xc6/0x120
[  368.314478][ T9504]  video_usercopy+0x89b/0x1180
[  368.319693][ T9504]  ? __pfx___video_do_ioctl+0x10/0x10
[  368.325080][ T9504]  ? __pfx_video_usercopy+0x10/0x10
[  368.330273][ T9504]  ? smack_file_ioctl+0x29e/0x3a0
[  368.335296][ T9504]  ? __rcu_read_unlock+0xa1/0x110
[  368.340308][ T9504]  ? __fget_files+0x2a/0x410
[  368.344922][ T9504]  ? __fget_files+0x2a/0x410
[  368.349535][ T9504]  v4l2_ioctl+0x189/0x1e0
[  368.353945][ T9504]  ? __pfx_v4l2_ioctl+0x10/0x10
[  368.358794][ T9504]  __se_sys_ioctl+0xf5/0x170
[  368.363395][ T9504]  do_syscall_64+0xf3/0x230
[  368.367911][ T9504]  ? clear_bhb_loop+0x35/0x90
[  368.372579][ T9504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.378558][ T9504] RIP: 0033:0x7fd89437e819
[  368.382978][ T9504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.402687][ T9504] RSP: 002b:00007fd895149038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.411101][ T9504] RAX: ffffffffffffffda RBX: 00007fd894536240 RCX: 00007fd89437e819
[  368.419064][ T9504] RDX: 0000000020000000 RSI: 0000000040045612 RDI: 0000000000000006
[  368.427045][ T9504] RBP: 00007fd8943f175e R08: 0000000000000000 R09: 0000000000000000
[  368.435013][ T9504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  368.442988][ T9504] R13: 0000000000000001 R14: 00007fd894536240 R15: 00007fff19798db8
[  368.450963][ T9504]  </TASK>
[  368.454241][ T9504] Kernel Offset: disabled
[  368.458714][ T9504] Rebooting in 86400 seconds..