last executing test programs:

12.872233499s ago: executing program 2 (id=1353):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="b40000000000000069109300000000006300000000000000950000000000000074e37cc3c97540f070402a3ec77080defe8d544d535351398bca5e8c3ec08c7881400e8200778bd7e37d9d0f5855dfaa3f424592d79d1396c6c1396c2b72447edd104171360e4e3b11cd8789557990bdf446a9daab188b34591320cc904edb81b508fa31e7871a7800ccb320b446dbb2839a07bbb017100ed2a703b6135fba19c3be"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
socket$netlink(0x10, 0x3, 0x4)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r2, &(0x7f00000000c0), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000100), 0x4)
setsockopt$sock_int(r2, 0x28, 0x12, 0x0, 0x46)

11.775433981s ago: executing program 2 (id=1356):
r0 = socket$inet(0x2, 0x3, 0x4)
r1 = socket(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x74, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x0, 0x0, 0x0, 0x5000000}}, @TCA_HTB_DIRECT_QLEN={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}}, {0x4}}]}]}, 0x74}}, 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090502eb10"], 0x0) (async)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100000000004032150e0100000000000109022400010000c00009040000010300020009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io(r3, &(0x7f0000000280)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="00291c0000001c098f8204cfb9c300d9e686f3250934e25017f687bf4f81d0b24ded"], 0x0, 0x0, 0x0, 0x0}, 0x0)

10.851728154s ago: executing program 0 (id=1359):
open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x400032, 0x1, 0x20, 0x0, {0x3}, {0x84}, {}, {}, 0x0, 0x0, 0x0, 0xd0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4, 0x0, 0x2})
ioctl$FBIOGETCMAP(r3, 0x4604, &(0x7f0000000380)={0xd07, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$FBIOGETCMAP(r3, 0x4604, &(0x7f0000000380)={0xd07, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x2)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000440)=ANY=[@ANYBLOB="e00000027f000001000000000000000002005b3f213491681dc2957b2b61142aec0ba433132775f43d5ae86e0b944d83e1e7b4a0ae1f955e91b596c24e71a83ef35b8cbf766965bcd851569c091e3f5a665afdb7e45875ab7ac9f070ed231d1e7b1202a53ff1e11f17aed2fe2f98aa6ce24abdefb2f3e53b60d9196a4f2bf24a3b395e"], 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000000000f500000a2c000000060a090400000000000000000200000009000173797a30000800000000020073797a320000000038000000080a05000000000000000000020000000c00034000000000000000420900020073797a32000000000900010073797a3000000000140000000800010000000000000000000a00000ab9043c3bb25adca05468150250583a7b5756d83775fed17e877e2ff6a49d4d8c9402779cd89d21cbc0ac3a2fa7ca6808df3a003876c673929138f8529447ab1ea11300"], 0x8c}}, 0x0)
r4 = syz_io_uring_setup(0x7ee9, &(0x7f00000001c0)={0x0, 0xeaba, 0x0, 0x1, 0x80}, &(0x7f00000003c0), &(0x7f0000000580))
io_uring_register$IORING_REGISTER_PROBE(r4, 0x8, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300) (async)
r5 = socket$packet(0x11, 0xa, 0x300)
r6 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x13, r6, 0x0) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x13, r6, 0x0)
mlockall(0x7) (async)
mlockall(0x7)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10) (async)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'veth1_vlan\x00', 0x20}) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'veth1_vlan\x00', 0x20})
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'gre0\x00', 0x4010}) (async)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'gre0\x00', 0x4010})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094b24610b11342003d9d0102030109021b000100000000090400390009"], 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="e5db029ea53c"})
write$cgroup_devices(r6, &(0x7f0000000a00)=ANY=[@ANYRES8=r4], 0xffdd) (async)
write$cgroup_devices(r6, &(0x7f0000000a00)=ANY=[@ANYRES8=r4], 0xffdd)

9.872811293s ago: executing program 0 (id=1363):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r2, &(0x7f00000008c0)=[{&(0x7f0000000340)='9', 0x1}], 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4)
recvmmsg(r1, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)

9.179266481s ago: executing program 2 (id=1365):
socket$inet(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setreuid(0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018003e00000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000403000000000000000000000902"], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)

7.672130335s ago: executing program 2 (id=1367):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x1d, 0x2, 0x6)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x480000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'veth0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x200801, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x26, 0x0, &(0x7f0000000200)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00000132ae57f60014001a8010000580"], 0x34}}, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r3, &(0x7f00000005c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f00000009c0)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="02002cbd7000fd0253f6556edbdf25070000000c00018008000100", @ANYRES32=0x0, @ANYBLOB="040001807400018014000200776c616e30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="14000200766c616e3000000000000000000000000800030000000000140002006261746164765f736c6176655f300000140002006e72300000000000000000000000000008000100", @ANYRES32=r6, @ANYBLOB="1c000180080003000300000008000300010000000800030003000000", @ANYRESHEX=r7], 0xb4}, 0x1, 0x0, 0x0, 0x8000}, 0x41)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB="fbebbb68f7210b75f6c92bcf9c5a5a615eff54812dbb1508155c45bdc03021dcda961d604f5d6d33174d5b93e1c4eff73b4f6c23429554192bae34374ab5424255b9ff9bdc6edbf18f3d5b1cef45ecf1d137ae40659569bd5ce19b42081daa5bcf5036c699c6dff2fe80773d89d91eaf5c60b29bba25aa80ba9014f0bce170061569539b7f05a354400b69e363c813cf345130bb5d", @ANYRESDEC=r4, @ANYBLOB="cf0404000000fcfffffd120058a2aca5619c2c88a066848eebc37a306ebcde40fc57cbd0e813028a24c0083c", @ANYRESOCT=r8, @ANYRESOCT=r1], 0x2c}, 0x1, 0x0, 0x0, 0x4030}, 0x24000042)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
syz_usb_control_io(r9, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r10 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f00000000c0)={@private2, 0x0, 0x0, 0x103, 0x1}, 0x20)
r11 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
ioctl$EVIOCGKEYCODE_V2(r11, 0x80284504, &(0x7f00000000c0)=""/159)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={<r12=>0x0, @in={{0x2, 0x4e22, @local}}, 0x0, 0x8e3e, 0x7, 0x46ad, 0x8a, 0x9, 0xa}, &(0x7f0000000000)=0x9c)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r12, 0x9, 0x1, 0x7}, 0x10)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x403, 0x3, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

7.621110281s ago: executing program 0 (id=1369):
unshare(0x2040400)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b92b75398fd8506a166c4e5d82", 0xd}, 0x1, 0x0, 0x0, 0x4000}, 0x14048800)
iopl(0x3)
r1 = gettid()
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x128, 0x8, 0x7f02ae, 0x0, 0x200, 0x200, 0x2e8, 0x2e8, 0x200, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x108, 0x128, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x10000, 0x8, 0x126d6, 0x8b12, 0x6, 0x4, 0x3}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @loopback, [0x0, 0x0, 0x0, 0xffffffff], [], 'veth0_to_team\x00', 'netdevsim0\x00', {}, {}, 0x33}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xffffffffffffffff, 0x6, 0x7}, {0x0, 0x85, 0x4}, 0xe, 0x401}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348)
rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0xffffffffffffffff, 0x0, 0x8)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0xc74, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0205647, &(0x7f0000000940)={0xf010000, @pix={0xfffffb71, 0x0, 0x38414762}})
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_FPU(r4, 0x81a0ae8c, &(0x7f0000000200))
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
tkill(r1, 0xb)
r6 = socket(0x2, 0x2, 0x1)
bind$unix(r6, &(0x7f0000000000)=@abs, 0x6e)

7.49236503s ago: executing program 4 (id=1370):
openat$kvm(0xffffffffffffff9c, 0x0, 0x20200, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61129600000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000005d670000000000006507000006000000070500004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe74d599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f71b7eb70c174d885232e522aad0f13b0e5b43d837d040f813d0115387e36f092d9aaafe7afc637d3d107451f4854613cfd43ac63ad6141ddb0311b8c96fef49af414e49be7c23b2e8eb686fbcdd2dab4cbdb02e30e4e1a6c25b2791facac56e4c5dc036c8d80e5c7c206d24603be75850927e02fd4eea168681498d1170478408c43bb90d9df3964b64fee41745f6785419ac8de8788398e3653f34970988866043136ada4771bf8d96eeb0f565d626a3e9089"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0xffffffffffffff74, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

7.335242634s ago: executing program 4 (id=1374):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000f80)={'wlan1\x00', 0x0})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="28000000030801080000000000000000000000000c000480080005400000000005000300840000004aae73"], 0x28}}, 0x0)
r4 = openat2(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x0, 0x0)
ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r5)
openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="050300006000000000"], 0x14}, 0x1, 0x2000000}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r5)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000000a0601020000000000000000000000000900020073797a31000000000500010007000000180007800c00018008000140fffffffe050003"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4000044}, 0x8800)

7.146218187s ago: executing program 3 (id=1375):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockname$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, &(0x7f0000000100)=0x10)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x400000000000000, 0x0, &(0x7f0000000180)={&(0x7f0000002080)=ANY=[], 0x50}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="380100001000010000001000ffdbdf25fe880000000000000000000000000001ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000001000000003c000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000ffffffffffffff7f00000000000600000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000ffffffff0000000002000000af0000000000000048000200656362286369706865725f6e756c6c290000000000000000ebffffffffffffff00"/240], 0x138}}, 0x0)
ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000000280)=@null)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
r7 = epoll_create(0x6)
r8 = dup3(r6, r7, 0x0)
read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020)
getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4)
syz_io_uring_setup(0x634, 0x0, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x4)
ioctl$KVM_X86_SETUP_MCE(r9, 0x4008ae9c, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0300000000000000640012800b0001006970366772650000540002800800150061db0a0008000100", @ANYBLOB="14000700fe8000000000000000000000000000aa08000d005fe1ffff060010004e22000008000500200c000014000600fc"], 0x94}}, 0x0)

5.68309635s ago: executing program 4 (id=1378):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0x20, &(0x7f0000000680)={&(0x7f0000000500)=""/126, 0x7e, <r1=>0x0, &(0x7f00000005c0)=""/160, 0xa0}}, 0x10)
r2 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x8, 0x2, 0x0, "25d2a45036cf02b9cedc89bfd43fb1529cc112949ffdc283facb4607217672bd", 0x4f424752})
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
socket(0x1e, 0x8, 0x10800004)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x7, 0x3, 0x4, 0x0, 0x7})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f00000003c0)={0x1, &(0x7f0000000300)=[{0x200000000006, 0x3, 0x0, 0x7ffc1ffb}]})
socket(0x3, 0x803, 0xa)
socket(0x400000000010, 0x3, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001380)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x0, r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x20, r6, 0x1, 0x70bd2c, 0x0, {{}, {@void, @val={0xc, 0x99, {0x2d032f92, 0x53}}}}}, 0x20}}, 0x4008841)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1, <r8=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x16, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xe}, @jmp={0x5, 0x1, 0x0, 0x5, 0x0, 0x30, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x10}, @jmp={0x5, 0x0, 0x8, 0x6, 0x7, 0x8, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @generic={0xd, 0x1, 0x1, 0x8, 0x6}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}], &(0x7f0000000140)='GPL\x00', 0x5, 0x39, &(0x7f0000000180)=""/57, 0x40f00, 0x4, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x4, 0x4}, 0x8, 0x10, 0x0, 0x0, r1, r7, 0x6, &(0x7f0000000280)=[r8], &(0x7f00000002c0)=[{0x1, 0x5, 0xd, 0x1}, {0x2, 0x3, 0xc, 0x1}, {0x0, 0x2, 0xd, 0x7}, {0x3, 0x3, 0x7, 0xb}, {0x4, 0x1, 0x9, 0x2}, {0x0, 0x2, 0x6}], 0x10, 0x2, @void, @value}, 0x94)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r9, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r9, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x8}, 0x1c)
recvfrom$inet6(r9, 0x0, 0x0, 0x40000061, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)

5.661365412s ago: executing program 0 (id=1379):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={&(0x7f00000005c0)=[r3], 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$DRM_IOCTL_MODE_CURSOR(r5, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1})
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000080)=ANY=[@ANYBLOB='nr_inodes=3,'])
getdents(0xffffffffffffffff, &(0x7f0000000300)=""/189, 0xbd)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f0000003fc0)=[{{&(0x7f00000004c0)=@nfc_llcp, 0x80, &(0x7f0000000940)=[{&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000000280)=""/50, 0x32}, {&(0x7f00000010c0)=""/258, 0x102}, {&(0x7f0000000800)=""/143, 0x8f}, {&(0x7f0000000540)=""/98, 0x62}, {&(0x7f00000008c0)=""/116, 0x74}], 0x6, &(0x7f00000009c0)=""/192, 0xc0}, 0x6}, {{&(0x7f0000000a80)=@x25={0x9, @remote}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000600)=""/38, 0x26}], 0x1}}, {{&(0x7f0000000b40)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000bc0)=""/128, 0x80}, {&(0x7f0000000c40)=""/239, 0xef}, {&(0x7f0000000d40)}, {&(0x7f0000000d80)=""/242, 0xf2}], 0x4, &(0x7f0000000ec0)=""/242, 0xf2}, 0x31cc}, {{&(0x7f0000000fc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003140)=""/102, 0x66}, {&(0x7f0000000d40)=""/4, 0x4}, {&(0x7f00000031c0)=""/101, 0x65}, {&(0x7f0000003240)=""/255, 0xff}, {&(0x7f0000003340)=""/57, 0x39}, {&(0x7f0000003380)=""/196, 0xc4}], 0x6}, 0xff}, {{&(0x7f0000003500)=@l2tp={0x2, 0x0, @loopback}, 0x80, &(0x7f0000003680)=[{&(0x7f0000003580)=""/231, 0xe7}], 0x1, &(0x7f00000036c0)=""/89, 0x59}, 0x2}, {{&(0x7f0000003740)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000003980)=[{&(0x7f00000037c0)=""/203, 0xcb}, {&(0x7f00000038c0)=""/38, 0x26}, {&(0x7f0000003900)=""/121, 0x79}], 0x3}}, {{&(0x7f00000039c0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000003ec0), 0x0, &(0x7f0000003f40)=""/99, 0x63}, 0x6}], 0x7, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="0100000001000000e27f00000100000000000000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000000000000066ec89e8a2808f6ee900000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
dup(r0)

5.510952909s ago: executing program 3 (id=1381):
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x8, <r0=>0xffffffffffffffff})
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000140)={0x5, 0x7, 0x8004, 0x7fff, 0x29b9, 0x7, 0x3, 0x3}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendto$inet(r1, &(0x7f00000001c0)="e55635d3c98639c056ca9ab0e6725cb7007d19515ac112bcaa8c3fed7319c72634527cdf37fcb4c1320b7d5174521fef3f09d3b98741a673b35598e7dee6675727f85b709b547fdaf2786e6e22fc05554411090d51d82ad1c9982e2282540e532da0ff219b90", 0x66, 0x8000, &(0x7f0000000240)={0x2, 0x4e21, @private=0xa010100}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_dccp_int(r2, 0x21, 0xb, 0x0, &(0x7f0000000340))
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'gre0\x00', &(0x7f00000003c0)={'gretap0\x00', <r3=>0x0, 0x7, 0x80, 0x4, 0x5, {{0x16, 0x4, 0x0, 0x32, 0x58, 0x68, 0x0, 0x10, 0x29, 0x0, @multicast1, @loopback, {[@timestamp={0x44, 0x20, 0x66, 0x0, 0x7, [0x8, 0x39c1, 0x3, 0x3f, 0x6, 0x3, 0x40]}, @cipso={0x86, 0x1b, 0x1, [{0x2, 0x9, "8179910adbd085"}, {0x2, 0x1}, {0x7, 0xa, "d9f6043443cd0e92"}]}, @end, @end, @noop, @ra={0x94, 0x4, 0x1}]}}}}})
sendmsg$nl_route_sched_retired(r0, &(0x7f0000000d00)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000cc0)={&(0x7f00000004c0)=@newtfilter={0x9c, 0x2c, 0x100, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x7, 0x3}, {0x9, 0xc}, {0xe, 0xa}}, [@f_tcindex={{0xc}, {0x4c, 0x2, [@TCA_TCINDEX_FALL_THROUGH={0x8, 0x4, 0x1}, @TCA_TCINDEX_ACT={0x38, 0x7, [@m_tunnel_key={0x34, 0x15, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc, 0x7, {0x50fd7dc765a13ae0}}, {0xc, 0x8, {0x3, 0x1}}}}]}, @TCA_TCINDEX_MASK={0x6, 0x2, 0xd}]}}, @f_tcindex={{0xc}, {0x14, 0x2, [@TCA_TCINDEX_SHIFT={0x8, 0x3, 0x1}, @TCA_TCINDEX_SHIFT={0x8, 0x3, 0x54}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40041}, 0x4001)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000dc0)=@assoc_value={0x0, 0x5}, &(0x7f0000000e00)=0x8)
r4 = syz_open_dev$sndctrl(&(0x7f0000000e40), 0x9a9c, 0xc8700)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000e80)={0xd1e, 0x1, 0x1})

5.421243142s ago: executing program 0 (id=1382):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(r1, 0xffffffffffffffbf, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r0)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000)=<r7=>0x0)
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x400, 0x1, 0x1}, &(0x7f0000000080)=<r8=>0x0, &(0x7f0000001540))
syz_io_uring_submit(r8, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r6, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0xff010000, 0x48)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})

5.368271584s ago: executing program 3 (id=1383):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a300000000008000540"], 0x6c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

5.275665324s ago: executing program 3 (id=1384):
openat$kvm(0xffffffffffffff9c, 0x0, 0x20200, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61129600000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000005d670000000000006507000006000000070500004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe74d599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f71b7eb70c174d885232e522aad0f13b0e5b43d837d040f813d0115387e36f092d9aaafe7afc637d3d107451f4854613cfd43ac63ad6141ddb0311b8c96fef49af414e49be7c23b2e8eb686fbcdd2dab4cbdb02e30e4e1a6c25b2791facac56e4c5dc036c8d80e5c7c206d24603be75850927e02fd4eea168681498d1170478408c43bb90d9df3964b64fee41745f6785419ac8de8788398e3653f34970988866043136ada4771bf8d96eeb0f565d626a3e9089"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0xffffffffffffff74, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

5.196977111s ago: executing program 1 (id=1385):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
msgsnd(0x0, 0x0, 0x4000, 0x0)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0xb49, 'syz1\x00', @null, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='uid_map\x00')
write$binfmt_script(r3, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000027c0)=[{{&(0x7f0000000300)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000380)="eca8061d1940e87b5f72e22023b9720551a04cd64277951ff1884f37bdc4dee7ce89cf5f5fdb2999dd4def35c6a61785986663368748459d7a7f28c8fa085233a13fcabb3e0184a78810f409bfddcaa8c33435ccdea8070cdc5b68ab0c0939d91ae999b740a3f71164", 0x69}, {&(0x7f0000000280)}], 0x2, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x30, 0x1, 0x1, [r5, r1, r1, r1, r0, r1, r1, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [r5, r4, 0xffffffffffffffff, r0, r3, r3, r1]}}, @cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x24, 0x1, 0x1, [r1, r4, r3, 0xffffffffffffffff, r0]}}], 0xc8, 0x20000091}}, {{&(0x7f0000000680)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f0000000700)="c5b9a7931299b17f2b21022dc8ae3a3505c63c9690ece6cc772134d6b4c2ea882204bf74b2d06858d01c4535986a7aa42f5ded01fc39d977de00def234992bb2ec21e90d2d6055b4ad5ca4b3256ada2dca44c914feef61e9525e3777c7675965c2dd73dbd16e413302e6c172c442ed7141742442a8ccfd976e76f7bdc7c7d25d8fae57292ca2affbeba00aa8428f1e385ae8bf6c78fd9fe8d9de22ab32d0130954adcbe8c8ec08f74723bf95f81c2dea6ff857428c54b152d164f1", 0xbb}, {&(0x7f0000000900)="f6ecd88f0dd27cee98f34fcbe0856dfe853b0b8ba4ddc880b69ab9fe7821ae71c51cc7666ce8d574c1fad610dd63da3dddcf0e922e5ef06f0d06c4f7296c217c10554a48391696715858391376d034531e21166423ac44d1d5397deb73e3a2f12f49c9231d36674a9a6439d093506b30360390f2a6342d2f29ffb6a2387d86f10c27303862ec1ba786c91514d86b7f916c63abb4c9328a5e2416341d7ddb84439c597068d1c62e63fc294064dbd52e4e5d4aa3c4560e6ce5472b8ba327bcd14a74104e2dee4e2dd8ce05c9b9d888702340753f969891ac9146279620f94c6e4b552a328ba60a0580d17d5486f53640af89760abd2cb49d1f72b714bdd5f7084d88b6fb0c4e9735e989d882118acd9734a717b1bf4096acc4800335778e8b966f58a2d89cf32f2641e49871bd4007c85409ec3950cb933b389f69b5851e9a44ec8553b50b8f8df87852faa2e2fbb7ea34999d1a429c0ef7d6f34244ffbf15e66f0bab05979eb2d130f4c50b7cab9097f64c0e1f21663835f1162bcea5feee93d473312c8eefc28fded04f9ae563d868a7b91e62fe2050a0517248c3c58fc33f504d321d5347dccb3bdd5037364a4589be79a220acfe62b2152f734a753b909719d7804e623809ded53d1748d0d8c0264ceea36d3b2eea870650ad05a7ac0d229cd52c9629a4c5f20245f4833ad41eb749781f6efca0a5f9666924dc8cfdbd9e99154c547d98fd22de53759ed6309939f6bfca2b204ef7633381f84e7acf5195699236c608e96c395bc06ca34020d01bb5a7b38a97096b2dc62abe77946973d7dc5e5e9904399480442fe68c751a17b672d7f44b0d4d1be1a9cb245e9499e940e121712d281518fd90ca430e25852d136baa1737aa74673287cbadc3849d59025d1314748c093bacf6ebec3cac08d92b70a481c35aeddf329de49546c452845478fd04669c15b6c1f9aaac5c3a95c3165d72639741ff8cada1755b3baa1aec36b90743c53de366ac4d796944ddc6a6c0ce1d6873f596663807d4f4ba814e5eb133731fdcd0274a920ed065c1de132c9e8f0081e0605b2e24171879110016586253a3e9883fc2ce08f58fa989b7612c0bfbe4b810ab8c05e3690ade19c69201e3ad070df8196e7bcf32384ab127024074d5ded2cd5f9a96fe8083568c9c8c8f1c70dfda3f31a10febfe437e446ccaa9226152681cc6b8d6b4f3fb44a4616c23653f28d20099a482056a824e35e861301ee8f8d3306dbec1dd7d9300ba9cb01b9c6c0d83b42ada9ba8171f3c6b048b65ae0b494c65402045734c5fa0715a464dc5b0c4598c52e7e55884978778417b3db9ed16174603ab0c8cb53ceeab1b4f7b33220978fb36f3d0bca16680d7e73bb2e383c727642c751857c278470e43cb597a330049f662b8264409576fda1d59b6066b51d61efc20c89c0556932a50a1527cecc11dd4283c276a026750b05b46a017dcf6c39587a174e33869da1ec448f946e27b331b49b46ada218153aff287b84dd25175492704f6821fe03ef25e3424dc4a0275fc71258d984374079160bb44d894904dd6dfd69b755522200b4229694338ada7e6b4c4dbb407699a1bd4faa61a240a54f34f9008b58762d0c8053af69ab11fbfdc1adaf81d9de93740da6dccd14320981bbd960761d3d596d1d47763410d6ae3519ed4a089a333ec168c72fdbf9da50f67da6ec98f24a8f51b112abc1edb5f433f5b1ba89c56f84a14304863e6de3a4022709d2557884f2a0574413d0ff6973cb46e67220f43afb5f3171df7ca1eb5c3a4e341eac3299f9d342da1ad2f036fb87333b2e1c246b1b3cdbf14b8b0ef4f595ed4b4eac8e05ea3fbcb477d591f1fbb0179ed4ec15da1aeb7e46a08c8634aee28b2afed72af163bd4fe5138ecc1f12e45717197045285a11c058ad3b4dccce2d657a049a4b1bc8508a7b91e977c7e198d98aede9105ffabd86d6e356427f1be5272baa745bee68260add5de542132026e62cb603beed214f7cb45afcc7883ec1e76b0d878a1f376d4cd69893db01d5fc9bdcd8105a5521a039c7e9ac4947586a90a74889485e8d74e82b0d73de86fa5a80c5d74341172dedd7d4249a517ae90b0fe1df8263056b2e7c54ce5d0f461ef6bfc0b463d77c5ba2e90daf0495943fc7dd4b4db6f6ee421103a65e3a88e7842168cc99a6e5bb018deb06a5b9b451bb5bb1e3f3f96fe355dcf1c3b48dbba674b8f51a5718c2f61358b367d2a00214784e7769145113aa5b0f2833ee53cc8ad4150e0d9f4f7c91ef0582db557a33d970f2a65390e9d5be5aff2be5807bf76faa10b137f0b4c0c026de14e47d0fa8e3f13a02f0d9216fbdf1e6f2066b518df5a0c0707dd95c8c6119674e76623b0a6967c2973584d7f1b2dc4722bf021f9ceee7f5e4304491beda884d79011421ecdfef43f9f5842d728c55d5c2d05c1d3723b5c3b6de52890fd2003ac4929cafc473c63f5391413fb97e13ae31774dcfac4d68aaa8bf73a961067978d55911d29f08d7cad01046c19120e968ea6f31cfdb43c959a52753e7ea25bfaae823824804d9ddf1d845558be1750cb2a096c8937fa895b11d7c7dc968f49498e1880222615fa89bb2c77fcf9db5966aacc748c21985efbf34f99a188c0f098c7107b0903f28b522592ca9d1d9666531dfadbe45b13f50b42dd47fb554e0fb26f077708f60ecf5875bffe47ecaab0fd3828cca1f01a49408d8e7dcff0b8a99703da282f1963cd83bfb7f45044df02e694c52052e4a2d4dbed9b0a5d9f04bd4ac9fdfea4fdc5b1c5d7ff8da8fbd873b02c90aea9be9ce78c8cee7dea48d6d39dcacb6269e9c4308ecff5152ae7778081b181277dec2e49abc5c0995001cdabd90528c640557eb1f5015b6370db89863b65f6decece474f563a7a8309116b2d11320d41b8b0723ae69f0fdb0ac4677aaa7d5e5a750df0f346eb7af88a6a30f62e486c5212a0e58a3a592ed0ee0ced41300edbfd501687046686c673b474be9688f684bcbee56594dbcfa72a080f6ce100d32cf323977b35a1deee2c39f8ceaf45038856772a76c8b12a821ddefa8aacdecfaa4f52c25d5a5eaa1a308a774de03b34b653ccc2379e31b71fd38e0995689b1b41bf64f7c7a41e6398abeb1963cf5a14491dc4907cb1ff4127aaa7b985b4b0082204be1af766bcd8560bdab5fd4654ff7361a937feb088bb998094e528f443bd31807b4844d13895ac8bdef1f90df46817a5d82382aa731e1e0d196b2f921e05f64ac00f43fe0f3805a57f5d840e5ecb7638fd9ccd3b8ef593bc5a31d6c9893e37ce142aeccf755485386c07e46a26f3a62956bc4a54e880008ef4214c6bd946bc484cd6777035c5516966fe7384ce85a0f92740a304b1678a328dc78254252eeaa0b97222fa2f2e45e6a9aa6b6690830b517470355b52263447ea514899d94f70128d72b3d2da88f15eb46d43d43bf74fcc7668bde7158b22172a66d0b38a07a94275642132918050c05b4ff92e30ac964ac2578319cab02e35c98280b7ed55ef2e79d78687f4dd8923fff6c83723b7802afbcce950dc7cd69ef78465fa7f7dcb1551c3813e3d163968714d8ec0f71de5609ade16c790ef8afdcfbdf3dfa2ba896a897af85e980f287bad1e29795b1c049a4886c008d50fc5aea057d0343aee7a20f79a8359c77c737d053005739454a1a1b8d95b7b9e6b6ab01fe387651ca81b23158506f519a9195090c1cc2571020dfd9dca876c729029c144ef85afe9c5646ec76e90fa3f2beb9443f9f49487326fa2512cac099a3f094faa102516e3eedd805f65647b47cd1fbeb11b4776e245a182b373fcee2b0858df6ba1af74e316f5a0e3fd6d246edbffd78ce8fc58aa0ec46728daf9fd0238ab58d0c731fa015c9fb9e23e8c25f8b8dc682d9731c6ba76ab6758efa037b176fa671d89a3a707ce07d3ed592748fbf7ad61164465a12f35d098d78861b3f65deac77206b52adb38dd4a586183342b299b7517338d4ef3ecd84dfb062bf7a0bfb9d03532d2d9827e21c2b440ed7de12c1aa0639e9e2434ae4f2457f54a0c1461fd08622d244930c5d51ce9fcaa93104bf648a119f17cce344df44798307a1437b733bcbf53eb2a674ccd0ce1c997a57736a81ec8fee37b60fe620b94a91ff0d2e845c61ac27ed3be0184cd3efb225e1f7775578f7b4b098917343da9b94dfb475b13e0fd8620bd9f8eee582ae332b47d72bedede267efa83101ce187021f8cf80d8c9f0e3d218794af7eda4bd5292b471f54033b2ec17d0cae142a179ade4b2dffc7b976310b152b8838d90cc17ac0a3d5aed5615ede9f579b7d3bab403cd31d0ed7c7e6f8efa8d87845fcf8baf334461d45166c34e6d67283a0a2db7b4de55a5e64f898ea7aa3e31a5125818e1fd42ae2b8c7fe6af69102a91c8f9e90c9f9b8cb1224c9991da1ffc3a1e7d93488224dca6f55f1ee1b6716266ffb00c43b839a48c60594f89337579ed66e3ff7c8893db36451e538af072f019453cdea9ea66b25d600effd38d2f581f5fc8fed719c644fee75cc8e57d3745fb95d28b99a8dc8cf9759def597f325ad2db9449fd2f61597ebd5ad22f823ca9c2cb9e09756c3dd3eb6ae638e10435ff2d78a7181414b778d518693a3c453f73600ab87556f693597c964285111af5a8d0d798f93e1ac6becb1e200ed1350b7ad3babd6fbed831883405084d541f594f87e7ba9d0ae17d2f59abfc43fa2fe6d40a020f6f5bd2cdf9fed0d48663542762c65df2e007305c2c28cfc2a5ea5f04e4a7341c5b94096cf91ff426aa672c599d59675b6e68cc0a619e1568a6ac85272989b29498c2ae50c153c750b1cc95444617ed17e35f0641e105ff992e3eb800fa59add9a379887420de89724bfba2d29f1b6d5404acbcbc10b89749e1332e72119d9eb479b02d39a6cb21b9a15be1ca89149b608bccae5831071b04a5bc3cb4019f5c5e9beb30aad4854ab29984d5f7097a90d82783ccdf9855c7fac46097142c2fd6c3390711433bc546c49127683557c033ea7a9b38fe0aaee59df745b9bc78ecbb733dc8e28077fccae6820aab2dfa506668f08af6af6d7611f7602d0c506b0d9057ec85ca7255f94a9fce5c737adeb1aecf52021054b33a3293b09e342f18b567d790d4ca105897b022d3574d079872380034079e36b7e6761a04945c960161142b6f2baaacf7de1c84f7913a0cab89494e43cc07103522ca8a9f1f23bd8e403594ccb1b4ac38309f7e40d86cf9b60ca1b6bba0bc26afbd5e6021a50bdd6458155650a448397d330530ebbb532aac301b21fd0be509d09c2a30ab67cd543188c4a7b433f642d491606a9de921b6a178734bdb248f0bd129a39e3d9a07d6105eb76f8211ea7f3d0854b7de518fef237be8d5aa52dd564223220faa0e5eae20ed92cf841377c5f7804cd4e77678149f5480f5606d3a4c0f35479d16144744f0b5fe7fee5cb8ca9ac86c4ad874630b8dd3a4a87c013d33577e5284cc139bf6dae96a1416589569c1598cb7b4db93ed0fe05e6105ab9b78db66b7bf041862c7eb533f97cf0c49266abceec37e23fd9c1df92ba13650a8c9f693da508f17780e06bd98b89a169a010f060740fdf3469683ec3315ac0d1dd0c507f335689fed5190fa190d5ab50da536a3d3f8c74e0e9926dbb373cf2caea9d782ababdd60d28ca46ec4b3f49b6cb65da7ecebfd30bc037c1ea0b806ba85d758d43a9e9955ea1c104f4226b553a8bfea5a9bef89e07c96f18da2bc1c3ece0b37d45235fafcc3a18cb2306285c78c742163ecd36b9bc8d7c2cc5e1e8c2", 0x1000}, {&(0x7f0000001900)="d0294e281242a89a3eba32ce0a1080ed149f7e121fc0b40bf819e15f3bb3c512062c320bb6f888f2b64a6edbf8d447908ae32e3ac2448f3b71ed3e4bf5f46a018b6e783fd7e980cd9cb638c29f82c1365964d49c9af466d1841cc3012b5bba69c7cb45ef07a8458a9be510836f0d2fec33133a8acf29256cfb58cfababa7b4d4b31a9c7df22225f4bfbb3d3e", 0x8c}, {&(0x7f00000019c0)="668753ad69ca5a785c3c8fa4d14e8fbc59bbcbde89d13d4000a4b0722af69c99687e417933d176d8e15fdad188ffbbb91d918228c0b20fe4a53a1b36d69bb56ce17e8427b76f64f9028c2060dc7717a486d38cabd9495bde0ff06d4036054784b4e3d053df15e177fe1a7d42d7e7ac15d005ba4883b28e00a60877402528275404a3d6d22cbb2eadc0227278e516fbcd92874e8357b39c22b9f76f12037ee3a7959751aa1724b5eac0b043a41408ce386ac3aadece1fad279d149de57f827153e20559bcefa758327515ab0d3e954343b58bd33635e00e", 0xd7}, {&(0x7f00000007c0)="6b1aa8cdb70567ef8c78cc35386023c4e66cd0974343a6d15c60fbc48f96d4039d9a34350144c96c7f95e93630f324faa5", 0x31}], 0x5, &(0x7f0000001c80)=[@rights={{0x30, 0x1, 0x1, [r3, r1, 0xffffffffffffffff, r5, r3, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {r2}}}, @cred={{0x1c, 0x1, 0x2, {r2}}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, r5]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r3, r4, r5, 0xffffffffffffffff]}}], 0x110, 0x4008010}}, {{&(0x7f0000001dc0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001e40), 0x0, &(0x7f0000001f40)=[@cred={{0x1c}}], 0x20, 0x41000}}, {{&(0x7f0000001f80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002240)=[{&(0x7f0000002000)="7b2324c8c021dd5553228fe1172741cd2ed9a0830738093f03f1d7d6d1d746ee8e8a3ac5b5c5697c3469f253a81b000eea9d8dd414fd950133af67f5a67f93f8f2bbf481badf153b0dad05f9cefdd154933753f95ee46714e32e9b81863427c3e6fbfc8f3942491b0cdd9c65915a52d7451c42267b2f3d29e95685c0debe749660a615427a9e51c987eebd9a97a38d5250226e13017d96f6b5758519af3f1ba21d39d16a78c54bd3f5703e2dab4cb486204491cb9f5ea9f9c1b2584999642fe9c11cb45f74c5ed50beef4ac67b78051a69090aa0fc670ac8", 0xd8}, {&(0x7f00000021c0)="6a341006288e0af087116c8779115037985f412791e11b0c2e744d00e8e73ab3b070e3724f7df9ca076a51826bf8f80699978a17a18fc8d8c33ac4d63c7c12e846fac3a86eb460516a2668ed5a60651cc910865554029cd6d130c1800ed218", 0x5f}], 0x2, &(0x7f0000002280)=[@rights={{0x14, 0x1, 0x1, [r4]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r5, r5]}}, @cred={{0x1c}}], 0x58, 0x10}}, {{&(0x7f0000002300)=@file={0x1, './file0/file0\x00'}, 0x6e, &(0x7f0000002740)=[{&(0x7f0000002380)="3b897d9f742fca12", 0x8}, {&(0x7f00000023c0)="649fd2f0ad381d89e36be4b06433ccc2bf814e7dcba4eb39d444bee7a862e9731585521d4d88665f4e2676a63ebd8820c4a32aa419fc9305bd6678a87fdbaf3080acbb98daf657c9586ed18d1647a90a0d62f7d645b6a02f634ab995a26a1c382b9f45fdc48a272a3b265bc5", 0x6c}, {&(0x7f0000002440)}, {&(0x7f0000002480)="934f154f81dee054302f565e9031e2c6018203be05c91221f9db2ec73ecb5d3df8e6524c24dade7a0dce41b46252b1706fba95918d5258109638869ca733b4e8daec3325522f79c3f9191173b7412c4ff61a24763230c5f8e7104b8c86d765d42576b9eb5182c5f843745030", 0x6c}, {&(0x7f0000002500)="44cb7ef21b053818b7e1be4ad6ef5498c8c7b777180cef5f99b82194ce06e9f3aa803417ae23e0e765d8250e45d566fc8117a3d8a340bb9b", 0x38}, {&(0x7f0000002580)="18be095b7d3433dcdc6cc1f627016892406f91436f3d4cb9f3fa1615f4519a7784ec3098b031b9af06cf2a249145efa1d5d1245023dd15cde2e98d238483a7a00e87e20874b3f948483bc584c5fa7655f12344c0f9c1d05bda1f3799a7e0fc2adbcd9b1a8dd6a759daf9bc16f29e", 0x6e}, {&(0x7f0000002600)="253fe115f5938e3fcc77f4a9a2bcb3168d39ca1be6e154f4e66868471cb506cc993cf1f3808fc611677a29bcc20d19b9403b32160d3005d9", 0x38}, {&(0x7f0000002680)="e354710a3eb48e5801304c2dc2c0547db04964c71e3207dd6c7111a3f5da5a2d6795ea81d15b8adc3a941bf2a14f2b6dfb5025e114faf5a5620cb1cdc60c3150c5bebb185ede33ea59b23843d96e60461e034e06376d2f784b08ec2d5f5ef2e9f34d822ec975ee4b89fd2c277cbeb762b52f4bd43fa0051df297888d9d9b2e5123f09815127b4e9be461769f94f806c6b9d3d3", 0x93}], 0x8, 0x0, 0x0, 0x20000000}}], 0x5, 0x40000)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r3, 0x80045301, &(0x7f0000000000))
msgctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/227)
write$rfkill(r1, &(0x7f0000000080)={0x6000000, 0x1, 0x3, 0x1}, 0x8)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}, {0x8, &(0x7f0000000040)=0x3, 0x2}], 0x2, 0x0, 0x0, 0x0)

5.113321062s ago: executing program 3 (id=1386):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/11, 0xb)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x101040)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="540100001900010000000000000000001d01000008000500000008001e0106000000ff0000b4541ad8a719cce5b93390ffad119a9404ac75b6e76ffc40cd6cfca1e687ae4a5f6c45837f98c5b34fc0d75f81fba1560e84cb329afdcdd828f6be7660e836c8bbbef6bdb946eee07a1baceb6cc5a31bbb9e74ced70674dca9251ebb0a639b0b01dfcd7055ac30cc78c567183410c70697781aea3b8f4b0e24aaa1538cce11f60ceac8341f6a803203a099f0a22d74224299d23fc8db20da8bec380ebbfdaad08cc2aa77cfeb986111181ca1fed46e32d8f1f3dffe14220bf67a40f3eb218081df885b8d8bc945cb2e26931e1b81fc48dacc77ab9fd4f4ef65f5fc185b6277df124525d82654e156682fe19d731de3978f71bb85f85daef3a1513a89bd25911d002353a2ad8f792337b3610a014feea22617c1ecea00001500010000000000000000"], 0x154}}, 0x0)

3.811964259s ago: executing program 0 (id=1387):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x1, 0xfe, 0x1, 0x5, 0x6, 0xfe, 0x4, 0x6, 0xfc, 0x7f, 0x4, 0xe4, 0x10, 0x0, 0x4, 0x3}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x23a041, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x32, 0x8, 0x101, 0x22000000000, 0x4, 0x0, 0x6c, 0xffffffffffffffff, 0x8400000000000, 0x80000000000004, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0x7ff], 0xdddd0000, 0x3c4210})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, 0x0)
ioctl$TIOCGLCKTRMIOS(r5, 0x5456, &(0x7f00000001c0)={0xd5, 0x7, 0x1, 0x4, 0x1, "c2acb8d13de1ed8e9ab5ba72aa912707ebcf6c"})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$TCSETS(r5, 0x40204706, &(0x7f0000000040)={0x4004, 0x7f82fa45, 0x4, 0x0, 0xb, "3eccd8f9d20500005a1a320900"})
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x4)
r6 = openat(0xffffffffffffffff, &(0x7f0000000200)='./cgroup\x00', 0x240, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x430343, 0x0)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r7, 0x8990, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2000000000000042, &(0x7f00000000c0)=[{0x37, 0x0, 0x7d, 0xfffff038}]}, 0xfffffffffffffe43)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
write$binfmt_misc(r8, &(0x7f0000000000), 0xd)
close(r6)

3.811243339s ago: executing program 1 (id=1388):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
fchown(r1, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x100000001, 0x2002)
r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
writev(r4, &(0x7f0000000500)=[{&(0x7f0000000080)="fe1443d038447e1b2b19fa7dd58259bb8142dc67428bd676884880e4", 0x1c}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff0000", @ANYBLOB, @ANYBLOB], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0), 0x10)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00')
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000900)=""/212, 0xd4}], 0x1, 0xa2, 0x0)
move_mount(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', r6, &(0x7f0000000340)='./file0\x00', 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r4, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='ext4_forget\x00', r7, 0x0, 0x4}, 0xffb8)
fgetxattr(0xffffffffffffffff, &(0x7f0000000240)=@known='system.advise\x00', &(0x7f0000000380)=""/21, 0x15)

3.541417023s ago: executing program 3 (id=1389):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140003001000010000000000000000000000000a20000000000a01080000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a32000000000900010073797a300000000014000000020a0b01000000000000000000000000f4000000000a010300000000000000000a0000040900010073797a3000000000c1000600a55d62432ef5e1eec3847bcb2f0aa75b71519be13051157bcf47d59fa8b4410cd79eaa0e90f7b94a46e03f5c14110a2f125c039240da9a6bfc49f1cbbb23e2b8d9bb590d1632a78ba60fedca470bc6bf340ec12404bd5c44a84a37e9ba3231093abda52a9c194529edd3537f527f153a9325a170e98413dae31bdb69599d16e904e9c7dd6def7bebee5f7291270ee35a7b0c602cd610e41e96a5ca1e2fbb46b50537e327cb9a62dce3431ed2bc251ef3142972a04aa6ef87d78be12d8d0000000800024000000001080002400000000130000000120a05000000000000000000050000071c0004800c00044000000001000000010c000140000000000000000218010000060a010100000000000000000500000208000a4000000001fb000740e06b97df9d5adebe1869e7f5f916de2165c31e094e59d58d16ad9b6fbc3de0ac583e31a42d3250e65d6e14696ed173dc186d54d06195ba8c026a3bfa70f5c93fba42cecb2644f687609328dae66416c1da8340628eb660edb38c6ac577cefe188efc734bf36dec18e35b5e4ee3a5be61270f2e00e903d9b5df4cc7e27d3cb7c6c16c684f47d9999e102dca63c4f5f3fcc53186a7df0dae549302763766be5b9581f8034d7117836b218fe78d106a4a4f08d34aa93b79ae9d3ec2ae89d81b20b5369553b7ee7abc21e382dda9a5ec7616bac31dfd1b47908d3fcc10e16d1883d88dd2ba73f3cceb84267ecdc8dad30b7676c771313b32ba00f4010000020a0102000000000000000003000007d8000600daa9a1887b2d0552f3dfc146dc93e9b2bb3b83a8f214ea3c1d5a08e2dda51718ae3147396f82b9a80198bbfc16c8aa7aa8118626fd4b89abdb9acc5f7e4c059f0725434c83a965924140782b4e4cbd9e3ed21ae799720a195d6fdb7dd3758b36030cdab30030a73715374fcd16907fe4df7c0652ab474513f0ac095f9f47f7b8d0dd683255ec6321bdb5797a86687aadfadcc3a39f7622cbfc0ec62429841ac03968f6adcf13328fae283640bfa3d4c57082322f9ee50b185df1bc117fd4a7cb2f4927d7dff9a775524803101024d98fca843e590900010073797a30000000000c0004400000000000000003f0000600d62f90c90b879ee0ef091444d43d7d8cbb4ab9d8bcb9f751916b350dc8c6db7cae9e2ce89136016af270937a657d71f02a71b96cf5ddb864db765c1dce98d53299e80665adcc0615d5a5f9614c0fe75e10f21564f53b695e104db7d41a3b2b13cc08a5c5ec0b51e890da2b2004435059a9602047629cbfa49639f0e7cce0a6731d76ed90b36ce35b4b0b572e63f81d73a663368462f2c9f7e95a220ddd009ff31644590f3dc0f78a2036fd7c3059a81d48a2556dcd906ed46003052d2c83b9af9a30e9a15319d9c86469f8c3801ea89183958ea24893279891612f87e8e4cd3c3d84f3fc105e91f0b68f27273c0000000e0a0108000000000000000001000009080004400000000208000440000000"], 0x520}}, 0x0)
r3 = dup(r1)
r4 = getpid()
sched_setscheduler(r4, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

2.795947014s ago: executing program 4 (id=1390):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$alg(0x26, 0x5, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)=0x70)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
tkill(r1, 0x3b)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f0000000040))
sendmmsg$unix(r3, &(0x7f0000008280)=[{{&(0x7f0000000280)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1000050000000000010000000100000018000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r0, @ANYBLOB="18000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x60, 0x4000}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000480)="c9f99cc9985c36954aa83285333bcf548a2bb37593602d9bf384a4ff1ceceb93c58bbecdf7ce200eb4e66f0c36ecf1748f3124304ee350f3c3e2d50eca34b7da1f36c9473fb27a48198aca23b1d559abc42ccb66cf0d45c61605ad9c4b7a211516792cf9ecdb0e5b08282c762486dadc179625d84db23c04dd534f081900806d2e196195ecd958d5daa80d9765f7ae7475b28af3d302ced09f5e6e63b6cb8839118d7890db9117a4584abadda46e62e0f639774ffdfa884273e7515ceccec058cf219031ac25e2e7c3b7ba0d93e55f73714e1c6ce13af5d351029f0cdc483d434ca07f0a943bfa0db056d53bf338ca4b35", 0xf1}, {&(0x7f0000000d40)="5c7947671596c602c5fd784d7422b71cea6e1f52f7a99dc909fe5bccb950e3568deb823f3756ac67f78a8c6c01afdfd827bb1b6460fb513915836eb09acbaa5da507ef045d742f7cb15dc74884de4f022bbc8e87b16a58e17b9d85102509c85fcf81fff3a108bcd833c60bb5b181799ea884", 0x72}, {&(0x7f0000000640)="21730d4d2466b85b7ec44f4ea1677d2f8dedfdcad30a44c8084bae37e6a0d1ae71e2e8c68890eebfb3293badd71f0e6db3f7ebda811173e03e394544dd0b78cc27135e1112add66c2fca5118214b2e2ef7c0910a380a2100b2632aecd382bbdb7341b6a17416a8c0a168f34bd9f13fb492405d3e71b75da1ca4e2c46c076c7a4acdcf87ddc3dd26b13d1e122a411e38cf3aff1da93f4f4195904493a7af086510be5a9a04624e02fa6589cfa3960b943fc8b75f7886adb6dc8d50394cd", 0xbd}, {&(0x7f0000000780)="5d04f153004f5173867b5a450992424b46afbf41bc7d02b4785e01ec4cd34bfaada0c171d5dc0a60361200176783972b80f8a254f38e4f09c1d261bc05164a9bd48df013021a96e164f60cfed61fce7162208ff938b82c441a4bbc1e6faf1b639f9924eabb489975ed39999287da63b3847fac1c7e63af2489fa68ee2720389838d7a8c1332cd6a0aca4085289a4217e7ac45ed83328c3", 0x97}, {&(0x7f0000000700)="b72c267d54565a6de417e41521b8258ab1dc29d7600f2b7b5ab621e144c2223755cca4afcce8c129a6", 0x29}, {&(0x7f0000000840)="2d102bbe222e15911625121092c406154f5fe3a3ac723a48692e46d053603d74eb2e91a90244c2bd636ea268d277609ef402c0d804c2dd202371fd0a1e5a56fcdc298a35b63e89a006b2366ae03990439bf2f2910f953f1642992181a2f80c07b232a7eaba7b34b3e9e2c0af66beea22502d1852fd6f37b97a40c84a02a0afbf48a0ed17604c3e454ea0483c857aa06f1c45c03d1ec8193b80cac29c361267e852f7ee77f0c40d730d90931c4b81b104cd78c4ef6455200f8bcd0b65fb4aa28e88b9ece9cae9ee1ac14155100b6fcde9dd57194a4d8c2e766242f18712823feb834114e97758", 0xe6}, {&(0x7f0000000940)="e1445838b82129dd2903d4c1987cfa86d1f11341e3460fa1f8eb5de42debb21c80dfad03276760c76b497002ff3a8e5e3e397021a571dc817e2934bccebe697760efd7db8c6a5e759d92bb96d5c77d98d6af580a468d095f966bb324deb31cd4b5b15b489012b49da678b67b77b45045b28e2fe8bd7762aeaec3d3b4b3a623a33548125c36ec00210c37f125356bbb04f5c76a4face2ca52f785b54d36cff0fd77cb3d418b0b8b2d1175f1ac", 0xac}, {&(0x7f0000000a00)="dcaba4398f85c9f1e2a3c01a83275a5c87c67a81ddf2906a9dca56ef643d98586eba31548d205ebc64038bc407ccd8b83a0bc6adb9eed9f2984a8c4ea5d00038b696cf45240e8a63ca424e254823acfde7c46381804b3a6b2f9e8dd107e708af074b7b6942f400bb9ecb629c674872e0ad0a519e30bf46f6342bf2544b0b4e234b5457886f37543d01731051c38ba35b0cd802974955cd342c1aa7e061e24c12c0d1ced3eec0a18b179a284398bfad278dc3510a0f2b28d1cb81cdc07fc88d800596df57b035773fc4c8649be59108cb7657c321f3eed3c6c292527046eefc0f52e9069c729aabd82eb3b53936e7", 0xee}, {&(0x7f0000000b00)="a65d9ae1b04bd7cc13cf8a772b57f361fa81ea989787e7b5b7462c2f35ce07a11316857320c865e4d4", 0x29}, {&(0x7f0000000b40)="c33e9cf6a8481d79e9fa429c44b5116a99f0813a2f6a97137843afe97d5688343e8653f80355c84e69ae21938562ec9ae4154ed8fed254c0c47da6a88b806cee625e2cc7aa619a93e8348c621e157d95145b153f9a67c6ebf4f8cd3362bbc7f18858fdaeb96f4de9d34eceaf2114bd3d39260f65a06462f73c2132951abe5dddf201059efd5f151a8840517541041f39f586f9f3042a068c0fe97fb51a6fe9dc15b933f97fd793ed563ac9c9b7dfb2ee", 0xb0}], 0xa, 0x0, 0x0, 0x4}}, {{&(0x7f0000000cc0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000d40), 0x0, &(0x7f0000000d80), 0x0, 0x200000d5}}, {{&(0x7f0000000dc0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002240)=[{&(0x7f0000000e40)="fe43ea837714a8a8e98357e6e2d13fbba45466ea1c4fd336da47d654f4760299b944f64296a66f32a3bf032f83cbc340965459f4dc3209760e1a9bd3f2fa7d3861da89", 0x43}, {&(0x7f0000000ec0)="69a6039448bfe6f3412b3f8c2452d157b90e7aba2d6dc9d071eff5e649b15dd0bf27c393ca4092097467293cc2c6e6193b6fba8d3e72dca634e68970819feb75e34007818aefe9ca027ee06055f370ef03120b0741a58e456f6e6dfa8ccb884a18b7d6324ef5673d4b1d0853334c6ff5bc0b2bbd3c8ec5fe586cb31bd35698b2ba5ffdf23f7b2b3e0c47113a9599f770edcd28f18c1718453e15b0a2ca6910bc9e04070bbc24f24ff7e30e930840852d3af846bcf5ab4dc2886b0600f1e911edf2c95353acaffd6b7d5237ec16b145096718efd8806739ccd8db2e3fff3e19cf040d6cc13aa57d9bd49d7a6a90cd0fa976f9a9ce16f6917d4cadd82edb41a9937836a643e8a374061003ac82a3ef9a347f3957c6d3e4b58e3b5ea5298766ef160ccb7913abafa8f93b09026e2af99bda26485b02191e38955e3db592ebe3596c7b280a9ea38d4adb7888a64dee284877f5502e69e0b6b6932c9d12c994e2568f0580a8206257e428ad355962f35afeea06dfa95e8a4ba420ad9806dba101fc90097a4965e34cf36663ba63ef3c06ebb270183deff4451a299e21619a7be60f38740d061d78850b1c6f44a1bf8c491e2a2b88e11cc5f01d71268bd064ced20a3c0cede7b1379fab31066cea1e9730941f275864737213b8ad3462199cb76cf731d07558f330f3d77b8dba040b3821b5da3e501d6927c54a569a3c7de9233b3a466f6a61d417429fa4d21728837b00ced7023ad98acafc5da5490e4696051a0342dd69bdaeadb6b6f449e0b20c13a3b6c34ce7124f679f25ab92f54df8b0c0a00a0dca075e319ce9fbd6f5910f87c71663e28942a6719687c814da6330034d72b11df9e57629c6aaf8bf6b29361c6539109d7f3bd68d2c285618a21ca213502bbe12c973739e1d541988d6d5c9a2871b38ffc40788d7c0f2284dec2be58f277bcff37799c7dfdd101da87f81b68debd6124b7f1448c206ca7a8bdd3f2e8a149436e102ba2f122c2e698f2ede03b13dc7c74837aa243ffc9d039db987be752fe24f7f254ba4ef9e52c5f4459cae35aedce4fff867e50b483915913d5cce7448dd53df455cd98d1a154239a9cf8629a868753eb527577f6404270fd9171a6c8cedc0a1568d8639c767daf780fb5d484a246a5bcc413d15e7828ed0781fb24b2d73bad0b8a94df4e53af9480c5fdec6bf691604b6991e55c21a35a9af246d51305b8f9989cc2a49e69d98cbc05c061f9e82f2eb74c0b95bdf55e5566594b19d0b7c46db1693e7853625635f1a11469caf2b52066dcb8c91d7b2b3563d69c0adfbf496600962ab15229c6bb0f439190dd79f702022e1797e95713cbabb481698e37bdc93f49f77a0a72e77afe43f328989ff9b168a61457bb64ddb01960a8005aecdd141929c8e71336300be01a8c3c460e25267bd143fe90ac7f0e656e0179544e751f10516df6a1665a85a32fde918927208dbc06221caab8c3bcd090e9d5833e4756226665ef62a950b94faf8ae4b01ac141905c90099f2749b3d101db2c9407cf5e0b4bf7131ec621048d48357d30007b10bed22d0133f3cd535c5f682190106d881658bb060f466ed4cd232a06d1f085dc973139727a68be7a61157612123e15f5ca8236d6f12d49fc50971a85453cfc82dee66fb86abe1b859ad13c1063cb9381d0eccfd297bd389a9e84df088c35fd71fa2b0d4429deab04514253d678088bc6906990a40298e31a7e4f1647cd2f4185bcfca2da3c9fd471acb875382b448116489feff62cfcfd5b2d65fac0820e7cd95481a744f645bb1eceae637eb3f30d5c90185f41df9276f6f680c6d036c5733d0064ed8e53590f0859a6188fdadc9540b96ef744df8141b6aab0dbfdb20fa2dac0d4aa65b932e33c41bb86dde2d502c3965a9b99eebb869e1d9bf5261a6247bee4899cbba6a02f34da5a3f79fb053e7f767c7afea2881767e054c1f2a8277448ea9bc0a15651c76c664ed9f2d5ae0a9b357f94d5e8e818268a26ea0ab468e3c2b9de53854f2a0a417e4bcbdd5c80e9f81d73b5ae1c1a429c5b88bda816f53bdefb62c21bf44b17d38ce569e21e352f860eccdf9badf35b570a11a45dbea73743129bff4e9950ee4963b958f70f818cf2fefb65063c92d5c612b122302ad074f7e301590d7158326131c970da8fcb647d7f8f42f96ebcf0ca52504f40f8ab051f8aa7a04898f35e12bb87ea5517e48ea27707dee7f14ad40d4c5cceb12fd48dfde6cdb6b2b9bd416b2752c126ea9f13bbf499cbbdabf93ec356ddf7dcec080b8ea4ea593c366dc9ebfc1f0549749f71681042804e11f125d264b8fbb8a11b92fa75a89915b77644f808ca2a4530ff7da6bf507b335aa70b070be1238a0da6ffaaf7d589240d32abe93855538e0283b6ff1eb0f1625b702e9799a3b90bddc791a8da3a74f9a1d96daefbb3aa5db8848d4237a678d162631fe4f6a6ec3be2a411c6b7483f4a045c6dcc6c8023b68bc4acf1c54972f06bd34d3ee08e3eae33fc046be95ea3dfb4481860975ed185fbce6245d4b2d3f0baa9e2c0e610d1fd107d3d5ea87cc36cc809c1420ca636c7498471a5791b5bb2d17c0ddc61c1dfa784597a4b9f29d21b77d5bc70c5b184f9f5a0ead68dd6c3d3afa7086ed1222343255768784d9bdeb1f36707fd71ca5cabdfe964ab96f43c28cead64c07cc2ff4c0ee7cc81cd0dc0d39721098f888d48d695466c4c597ced78a7093cffb8d4c7ec44e3da4e8b59c634663de34cc292bf166f006a95f5936f77df83c0b9752d7b6de05a429b78bb6ca8128aa508f1c92db4111c47182555392771c9415df3bda652753ccd77ee0857cf2339cf8623d0a9b1e9fd3f57464c1e18321c82e7e3568ae81f7f9756d028dec21a7624bb8aac5b9b2f1df411efaf0cbfea06e463e944f6f88b27ad5da8a6ded83bc27d6fb65002e02240033c1b880871602350db63b0f3e56e70c784417869f503bfc57195bac8ef29015c793704301eae4dabdf31e7f1afda6aa8ddd7e6d4353be2084a3841fcb30e99d4e7f790953d7ee4316a5db10b4556e508ef53473cc52c2cc01048571807309d9a4389abe5c22e6b3e45ec473e68ab1334531a002f9725e87454527a0ba27b68afcee84707622da5014a1aba7fab1e6a8f0f804ecf95d5997fbcd88a66fffd61b252edf8f98e99485d09b1ed81cecfa406bcb0be7ae09dc6b14a182e02e751f2d37cc8693ba2762e40db67575aa758d998372ccf702b5ade05bb3d36d48d7bd66eb617c19b2a32491dbe6f33b82952c0c6de5c5498be9957a5e02783a2bf7d1879e5042178314b5ba77416928be5844406ba744ad21ccdddefcd5b87778fba0b728cddb478d5d850feb5ffd468fceb3d7d35d7ead3f466c6ae333e137dfd7e4cb08d80bbe78edf1eb2fe5b0a3f1d303be87d54cb0d6d4740364e00847854c9c88a720aaefa1e4129f921e2280e9c60bad9396d6bb76da7eaebf4076141241985e9c229dde3df4e3e47458675bd20f9e3d0fd6ac7090ad935a2831467564f9473062603bc779e433a69ec7fc7d675d7c9e38f50bedc80afa2c7e586fab417053bf06039ae3711f9dab67a2ee00a57cb2c415ed68e9da1e0696b037e266db9b7c37f9dca9c475fbf1b978ad8b8a4c4d7be71e7618469ada4d7420f878ce7c94599e8ec23858c1a77daa599adcde627ec4a9067ed5be0ab7b1ad1cb44b04465d2c39b5d069263142940c5d313d67f96ff516242a5ac86834bfd0c79625b6f981adf5f5cd4d49abdfb4b3a9788351c09251b9a69245f9423514c8e694e5dea615d337804056d3c7d90981b99ff0479e6d5815ccbfa6493fdce169b9eecab0737adbd24103d9d8a65bb43ca2dec09112b9ec263c1a8fe032fc146788f878328cbbacecbd88e000487ff0a9ff0342facbd249d62596d408193bb035aa24397df0713720d7d2b46710afbede8b43cb5635f2a498f1a6069455cfa6e2f18e42a8275b06aeb39a5edf0cb46f1a385bdedc18c2446d2ffec8a321cf92ed870154fa892269a115fd05b0302e601e0f3fd094bb77d4c5699aaae7629d13924cdb7a0b5382acfc758c1290e66c9bbe639229f67ad4f7afac82c76bdbdf23f0c0309f853eb6d5e078a0440d6b8cc69bb6bbd1a84c268e1bdabb16d833415a13b521b2ae499219ef0ae8aac90df7ef8b0a50bca437ea553fdfc5ed77a0a4b70557721769423f2481e3a80633a6c4eccdc9b6345a7e2752af2fbfb1181e12c6976f84169f68f684f4ff48d908ce23e7444d389b6905907a34c10a39b7d4bd82548a084bc747675bf0f6d08575ed2cdb4253cca42343fb1ecab6ad8e2b428e5d7d1f0157de98ce5140ba8e85448839b41a3b58ea14b8c59916855f0aee8c9f0e974b7ed143d55ff3a6cd6bc54187557530b5847ebc5806c0a19720ebcebb2a5bde777fea12050f36dac9047d1b06ff497a343bdb20870546c2e9de76ecafec024bf646f80591f60bf08b56463d67cd989b9d4bbaecd2b99df45690e7dee8b900e6932f8a4d3ca6c41cde1214d880b0ecb3ad92ff152d0e3b206edfa6b480bfa40c3f5555030263240b0f48ec1eba35b0153794d910d8385649ab3d706e686695b363ef6c2edc2c1c487c7d095cf8d3c66f10f2d5d631bab02a8744411b3de2ecced93217427ed9c7fa7517de0090dd3e3cf47a50ea359f7d28af9d1ac552cf9694311d7d189e1fce5fce90853487f6cbff5cdf936a9884f48d5b4a6fb8409da03c13b38b76d065b1579e655f536d7c490e9b8d799c151f36183ca173df7d378a2055ef016f2d8f2697744b88fc7d7909e62143d62005a9a72781d099d3eaade23a0876e3037c8eb3fa5c47bd82a11f073ba7d42310c8d5643bef54f9680cf9bb209cf146440e3b5ab3f25b41180c49d8102564c446c4116b2eb788f976759343398f289d5297d90ab1ac80708c211c7e089e694bcfd7f913d18dd7b4c7fddd257045d71a17c7ae18cfe9f04bdcfb2e024c6f3497b8546a48f60393563c9e52e67b91c3a11e684baaba13320e4f122c6ef61e96d64f2cd418a6c0628f7ea448e396ae0be3932a5a2060d0b5d0c18a3e9c5f4a6578fc3ff0cefd1f7fa9a4474e8e3a83727ffc611d79f4d634523ddc28e2ee74ae1c91074b9a7361d71c3410f0d1d317e755c104710f2de9c117610b587addecf912456a4b5add450377ca8bdbf729e879226fef56ea61b60714210c9fc71d93f38b9cc915a4385a67364a22b0b752ba7917f970bb7b31a6b49680bd812a70a41bae9e4bcfddf1d4dd2afd4368284f901077c955fbeb353234a40076bf0d77746b482558de9cf48f226d20792368744e976fddc6e3ea9f27d4141b959679c3bc00c3ecd164a26f60d1ce3395fc15967bf982d45e18872609186bd6ed8a06930d91d8cf2ca36b189abae68f0eb639ae4c7399d9b351df27efac814ab4555d1a2a881cbccb81a3cc9e412439271ff2ff4fb79454285b394b7b28dca2770dbd9e2d5948b0b61148003917508f20c8f6bb208cf09a6ace450f8b3fd7ac114f2cc64d67d28a608299bfca03876930a1ecabfb6a11b16538ab296dcb37fec156da53097be4baf3e4e446ab25bf54bfaddbdad01e695b027b6c439eb9baa3c76bbe52e033162d18a7d4b7d31a9413b847a17f5fa68adb2e7167523d5cd9a7774d4e4a9366317c73fc236d05cb078ead58fa16ed586fc5b40bd8f83c4da50e3f805f104872a837b22a1fdaf3203c201450b715b50245d1282c1894cba1eadb7c6d0d3bfa403f46e5ca463eaf038ee16a30c395bcabe470a937551799", 0x1000}, {&(0x7f0000001ec0)="ab8dbed818984371", 0x8}, {&(0x7f0000001f00)="6dffa4747f27dac5a2f1449fe36ae3508dbce91d20672a6c6134e770e8bf71523dded1", 0x23}, {&(0x7f0000001f40)="5d884f62ce78b1fb60cc5b32476762bc8ebf1551f7db1d6e827506721abd7cf4f5e5dbd231fafc0281e26a759bc411a8cc013711746651a23336caa8176f7f4c4f915ec6887745d76cd8ba7afd629b7da19b5089ecaf70a69ceecd1bbaeecb94993fd63a36f41b9e28d4bd79eb7b9f6c32258e7972ebf427894fad55b52764826e7636c4b5d520d25e5ed97519ed142d75768d0978f438da5944325f7397c8bef6d31989606c19f32d5cc68f8aa1f9a23fc15b3063a190a1061eec72f59f2d43a5bd9d4b71099542d1ff7972530305a177a8380105d03c4e452ce43a072bc02c14010d6f88750955bd654a4113bf0916a09d82a3", 0xf4}, {&(0x7f00000005c0)="480d52b05e8b1db31d7cc0e85bb6bbcf0147975b554aa85305faf196e03b9e1df2d14736bdffa5556679671519d77618f53d0c88ead08e6f4ea965b2f36472d1510f1063efedc67d884e81ab9ad4ec319acb51eea5c98facdb7eb1f385b9e68c0afebeb80f382e57206d11d2ca8d826474a8ee95e6455f4b5fbca5ccca4d16", 0x7f}, {&(0x7f00000028c0)="0df367ff1bc0608c3d0cc1559d38e89fc10054ab4159de20f98a23502dd3b2bc788cb4e8ba5dc280b2a86fc904b7a40aff346eadc1095046ac73d4f7b4479ce3ec1a165f347d49b44ca08d84c0c7e530e0239d594143be2001ba3fd00208585b494c9c167a92ef50037cee7d92663f05457ae2b05d9b8e959070ca8548263d6932df166b408b244a7f18bf28347497596b7e34d45acdb65284e9865a9d60a21d5249669a212ab7bb289bfda1994785475fe32b1383c990ad42c4ab47ddaa7e12735c218303d7cd55a4cb5ca35492bca90926738c4c97f4015403d258a9ce150a6ac9bb3c179dfc00385f8d8800ff185d835800ae441559508d30c0348f247b9f593a2d49112389aeb3b798f69cb5f21e95cb6f5cf5009c32be3809a6d77fa25e3a8511fd784390ef945fdbc584639e5bd4e80b01384cbc88082aed4736dc721e0761d0eb4f5d59d9335ce47b94a215b79edae6abf8735384ea41bb2cad95845e1b5cc30a8c66d23793edaf665951b5ad1171b01e84f1c9b305d99cc1dbf03fb41e338f1025d429970e85a8a5de8d599ddcc9a8d56114a4aeaaeb31b356913a26e30d78d6131b28e7b6267a2860bb4d1412f176aa3fdfc8032d32303f7399c1f89a62e9cc8a2b0191b21200f98c098fb81a9e1c4d9705e53ddd1ad5b160b9ddfebdc8308a2de91998b686741a66fc7e7496887dd8b8d78657b6f42e8ecf985b6da72cab05a835ac3a8c2bd6169a098c90b830b0463f4e2f129983450744461aa412fa3d41ae0510ff21acfe862e25004ef90e72429844947f945eef88a1031591e08ecf980c260a749741594567a3ee45e995e43460ac193554bb762367401d22aa05da016c58009190ac9758659634455e700805636a87cbc2b73edc390c0e2e3ac55a6b7c46717b5b75a2a1787ffa3fe98de05119761bd60ae27c5cec7a7046b8f328dc52abc8f14e3870f17a3bc11b4a8167b91ad23c2aa2f5f67c30b9179660af07f13d2f2fcc801bafc2a5b29f07737d13476818c191017d974920c972c19830095dd8bc4f65559d430a26f813497cf19d8a57e43c9e813de1117b081ad0bdfd229e037092aef2b495c8d655e0ba51d23f2fcf39e3eefe3772b3c1181cffedd9b3b41d0da4d4def526999a00ef23cb86868ad8a3066502f405a85544306b18b44a89e09444ccde22e6f087b96099eae03c13ad657798a55875e869e243477f17dff657e95acdececb112d85a5fb2ed1a62cf02088bbeca9a526ed707f46fcb706d8048f3591c2b9e7cc240d867e31746c792b738cf7aa649bcd97eeb9e02a1b9792fae734f4e32ee5d10ff01320e219e9e214fa62fb33209651e87fe9add780d8bf31fed09cf17515c50cee667280811ce8ce206e235a51cdc8bb3e567bd3a028d391b91b0cf16aa2276d67a674e8b40056b717c6afa508650999b601ff656f4c8b0a680cbf2c4fb6542ccc81c2dc234a7627dcb74c0e123f30962984d7a1c3a9fca5bd1ca9600ff31febc50d1369d09274bb9034a82efb3a7875377feacebfb10b473f23bbdec760f6ba4d3b8c6f4958c036167ebfac00cb1b689e22707c596e6e54859a003c37c6e10f2f573fb77305d1f4487fbf35031f4f658f3ff71ac2b5b10d41207ad6bc9208194d856ed7d3eb306c5dc73ee7a1a271ec556694871e6dfd3b8c2ad66bbff8e237c6c30889885edd9dcc8a8a30aa912c5501c24dd14fba00a794f38c05fca61cab4bb44f94e8012ef5da6b8cc86552e955cdc15a2ee627c4ad353823eaa48be550bad25504b1b53a7af3667bab293070ff046c01f41b41c5816396db833c178cad55d7c6977bdade383e2ab6de8bb7896fbe35f7cdcca25e491ad97f4db91e599bc019fc1f82f8107e31d62cc13984852c82f116966a767ff070968a02033becd8066c07b9e89866798b091bdfacd888a73bfa476c317349074f415deae56d4870b699c79da05c6b61e2b479e3b362f2f290ef460d52be57b2ce95cd9e977cb8ef64716caf733b534b3db780aa1707176c5c4446ea1c8c7949a09a95110600baed825ef5428adf98c392f5a53be31e8f806c0b3b09f777b45c236959590bbbbeb1fafcf11f776cba212040e025ab13939d2a82b0f69bc015be3b7c2e36a03186f6ec3bf2ce9b5f43483a2ce298767213c41aab0c609c44b021afe859aa90fa307102355e1bde0d56cfe46eda0c199df00c9703af47703b0cdd08cb2c3bf440b467c630c688eab5707eb74e33c11b81c997f23bfdac385689d9993ed7976360f1fcc2f7e9daa6b13d87b7104b82770cc592ea05d166f67392ce864a355b95f0f54538fec67aa6b79b25be8b4f701a260362059e4b9b47acf2287e8c1489e6d35ec80fa44926afc769f7e776b4b8d91ff1f05f5f402c608e82927ef986581b0db16497d8b39042ecc29fb86036a5dc2179491002db5ea0f9242e6d9331dcf2c41daed7abb2be1fd96c0cdbe2ae6c684b114de1f217b3c5386a0b51ab179cc7b32cd122896a84e1dc2c63856a53cfe9122ddc5d70c3012c888adf630088928168b9ea87133484cf79d27cac3a28f43bbd4f423350069dd5eea4ebb37064c6b226394bc0e69887589f20e7489593919eeda67239205faca0af52a5b6db28e85cf0e2846a4740af6172d17d3004e9f0d7e4500658c4ec051c7c32912e92a387aa03ba2b7aa09d5d31d4abd0f93d28b1032f60b38b30cc831cf500b60f2dd9088e73c1c38c01adce83681b23feab5d5e1e7bffd1c9264aa3ad1fc7ea8e6178b7e4b5e8086c570928b4c6f80d9b8ad9332093b4fd5eef44e5038be411d1164b2c1324a23fd2e7908bbb1c5b06e2e786f54ff5c6ae8e2da9156c778c3a92997135e9212a85bf4e919aff2883a7c2d2553ea3df1f8915797377115b15cd0e1a7b69d0940fa03b52c35de0c55c2dc5184c7ba110e915e5c22d2bfc83d605e5f58334affa6f4a4f347f8dfa800fd53ca3960fda45c363ce71ed34477e5d6c5376cc33c315d482be3beefafbf3f79cd299639f5a70b4fd2f66b7ecf42194716599bf7aeb0855623ba6d0ca02633c270ff8aebd15aa00512f29f80d984eb1b4ac15692cf1b79726e441b9a7388d73b7f432fee48a480bc40f79ade6151d31a462c632b0bf1068b2c9a2f0f164da978f0ad9f3efc4ba58d20e3dce0f9c57957e57d0e66f3425e8edec1559ebacaea1929d108655521696a7ce1e82d828ad34c99307717dc89ebdc652d75458ecd66f73a157525a45eb1189e4ff7b021971bb02a1492a703c5543a751c909b663e3face2d34c0578b59dd2fa316b1744704e3b9b106f53f4fcecfc0b1a8804d056890a1e88461eb7fc138513c66e834c6649b518054306db30716e5ed2906cf0063e1d2c6b746a555e0e23203714d1b7386c36aad5b3bf508046b4c1053fb7756c6ae30ab9e8dfb283a5a88b24244a6a8b75eef9764bf50e35ee5c137b7b140acc925fa4a3fa6f80aa839d05743fe5a569b332a931d1b4bd56ccc761b40191f58f69a71b94cc71a950f16c187b5a80d6da77bc611ae51ade37ee5c382ab8b0fd448288ebb8081f99e94d9742eb8a866d0ad54b0c0762904d913ea12a97bdd064043d13364e0559fe9c86076ecad8af168a4b0fdd52a0f47103de37dd0ee282fd9118f469d7a8c5b03f1429286a6be0d3257f5cbd46860e38c2d89b00743926c80a21bc6a147fc3525067d5dfe6acdecb481a3233b69ca4b1caa56f7afddf1d76d5a0c5e33e582d43cc2803c5f50a0282a2630effd4211174955912d94c6cf2dd0cfb49872e9d6ed15f12a411e3d8fe80b3cdc84362ec33df59784a9cd21d03f36b88c9b933d649996a6b2b43314fbf8cefa25896106637a0def2ae80c363efa4e5e3805c406bc65bc9a69fbdcc32d0d30ed67f00b78b7a212ea715278688faa7099ce7bcec05b6747f3d004ed7aa9234e85fcc4a414ad83b125cbcdb5d86fe0f4446548e3bf5ab35cd4d7e98c5761f22371f83409a7a114a0527b3a29ed9eefdc0033cbc7c919d401690fe1bbaefdb4876e9fd71773e9b070fcdf3eb7e0825aabe3ea92ec6acdb2fa12c557ce8a1bcb19c57baede22b5c4c3e2dcc02542b3aac313f5448a8dc400262e243bf71ad01b49186cada75e55cf397069e2055907140c14e45e24bda99c6116753434564b1632b489759f781916abd5b1ebf99e8a85509bdec518981a430f2de8b100a566a693c20a1cefc39b17a0bd9cafed39e3fc6ca0ccec30b7bbb96af0212e595941b27111b8d560f00bc47a17e67a5fd84a83d3df2e138e9963efec7d732394bd0f3861cf8965d08e114ec63db517cc9ecb55ec748036f45b0ca82beaf61311a432c68c277f08660efb2010294af329a566bae8bdf3b180c0b24613b71402ffc1eafc9757d6456a29770d42e73c828d46aed1fcaffd4b57a96d78455a610df7605763080094bb09056fa6c6d4357ec3ab905c1efb08d09f23b2af8d3459c96da0442c5f8411da7e99d4d44e09ac051a1f4ab92cd85efa2823b959b08c12f088b366496bf1d0c8c6859125b9fac68c77d6c2cbb84e8b3abd9bad4e2d1923b056c78b4f16f3cf0a2ed2e326ed5615889f028cc400a0203df272a7d7da30e9fc008d520e12ad90ba3e41cef51efc1db5f52887128235aa3bbf37dd11b5a468f4b7dfc045b0b063544251d759876117304574fc45e0fe6b1c934517b7f578e1f83cb8978a50020df14d67c51a9756c30259509e8114b43d331f1274b7ca8a1527b656b2a7a850ae0f2a4872d53085099c6b7f7c5b8665d39515c580bef122ec2a0d3669fd67f974a150053d1eae012826d657414bb77d59786a53b8bc7baebdc1c625adc3de173f0288303862f2086e83a6fc90203c834fe9a3886dd63d5dfb57a417d3c217bcaf766e11e43a569fcacae11b1e122d5694cd3394489b488f42951693a1dc9123fd595d73507120f9e958f31a725e631c484997e2e3095511821ca36f1dd5dc6d5dc79c4841e1484412ef5517916e13070bb577d7ee301b9430521c303eb9d70bab39a3d84e88f777806293326510d19f757bfc5c94d687702227e5bc1b8017fb0b5ae03e5cc8659228cf3210b5043b2cfe3ea90921300ab8852c5b9b031f92dd999e231ad6eecfa0f464f000ea8686c6643c989e285f52b3b8ae597ab7de2b1fcbb413270456eca63ab8b8d89c4671e82078fc6cad6909a42439cb092ddd732675bf875583d8e5c6a1e7673ce09671d1c8bfc34a865c2a160b6e4591f9277802d8aa031a85b0bd69e0889e52e9d07214f8072fdb8a2984b79db22b387e2612c2019dc2933b1f6f8dfe1640b6ffb0c79a049c8d1012eda58ac357093736c1d274f6b6d37cc72112f116ac3bee183aae3b5775fb45a1f27d6b44aba2bb610d5ff3dfc24b190da82ae220b828df0be708624668d551266ba22b27d72a2e718c1490a9a44edf83823cacf8b12a72701c2038290dcd980636f94f8e395c941ed7a1cbe72c80780e403c287e7a54e2bd85553d0958c6003c9c8338a5ac44b046ab46ea1aa68e7ff7bfc079f40e1345b098cc862c6ef93adf09dfde9e77615052ec487fd97de0c17744bfdca67d8a699a3281a06984d1fc1d4e52fafe584e19d488e72fd0f2f8462fb6e133a266ddc1ed8f8d4b97ee6f93d986d3a993edcef84041c9f6b6580c6cfa383aacde74197c7425936c4a6bf18b5fb6be2d4fc44bee7addc7f69c9cccc57304e6140e6a5399676355225e9a4f3142f48f1e58cab40fb03ff75db1c587df7ff892382625c6b0cd8e53f4b1036683a456377d77374bdabb9", 0x1000}, {&(0x7f00000020c0)="b93dc35c257658b741ae19c7cd4985cea419721d8e893beb9ac2038485c897e0fc5560f795e7b1c3ed340fdf231dead815ef47eb819d46c8a8aba839c9490f076bd211499240413ab48eea9d1283abc56070323468f2ff291d9ba3ed", 0x5c}, {&(0x7f00000021c0)="70da65ad9cac796e269f9d64c9d402caa89db4cdbb93ba89bbcf0e784b5f7c5e29ac7c2d5507bfee1cda1955102e0eaab74e53079557e3c2e5a9088cd05a86d07ddebc166d8f4ac74a44b36118b2915894ef910c1906f5240375167d925761f789c4b32c8018e8810b4a5a5f97e69931df46", 0x72}], 0x9, &(0x7f00000024c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRESOCT=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES64=r0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYBLOB="cc5dd6dfce5930378fbdded5753e92834fa2f819a44e8240260f26a165aefbf72611bb69060086c457a903da408d0d75b217eafeac76e4e027fbae1cb6a086fdc83857d0d7be502a3002fad08fa32beba8", @ANYRESHEX=r3, @ANYRES32=0xee00, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES16=r1, @ANYBLOB="000000001c00000c000000000000000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRESHEX=r3, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x128, 0x8084}}], 0x4, 0x40d1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000740)=[{0x0}], 0x1}, 0x40010)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0}, 0x68)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
r7 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r7, 0x40045730, &(0x7f0000002780))
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
mmap(&(0x7f0000370000/0x3000)=nil, 0x3000, 0xca98b2d1db863988, 0x4031, 0xffffffffffffffff, 0x0)

2.764993909s ago: executing program 1 (id=1391):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockname$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, &(0x7f0000000100)=0x10)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x400000000000000, 0x0, &(0x7f0000000180)={&(0x7f0000002080)=ANY=[], 0x50}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="380100001000010000001000ffdbdf25fe880000000000000000000000000001ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000001000000003c000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000ffffffffffffff7f00000000000600000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000ffffffff0000000002000000af0000000000000048000200656362286369706865725f6e756c6c290000000000000000ebffffffffffffff00"/240], 0x138}}, 0x0)
ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000000280)=@null)
r6 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
r7 = epoll_create(0x6)
r8 = dup3(r6, r7, 0x0)
read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020)
getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4)
syz_io_uring_setup(0x634, 0x0, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x4)
ioctl$KVM_X86_SETUP_MCE(r9, 0x4008ae9c, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="94000000100001040000", @ANYRES32=0x0, @ANYBLOB="0300000000000000640012800b0001006970366772650000540002800800150061db0a0008000100", @ANYBLOB="14000700fe8000000000000000000000000000aa08000d005fe1ffff060010004e22000008000500200c000014000600fc"], 0x94}}, 0x0)

2.582596937s ago: executing program 2 (id=1392):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x49, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01191800000000000000280000002800000006000000040000000100000f02000000040000000000000055f300000000030000000000000f020000007d7000305f002e00"], 0x0, 0x18, 0x0, 0x9, 0x84, 0x0, @void, @value}, 0x28)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
pipe(0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x8, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fadvise64(0xffffffffffffffff, 0xfc, 0x2, 0x3)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5405, 0x0, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r4 = syz_io_uring_setup(0x4aa, &(0x7f0000000140)={0x0, 0xfffffffc, 0x800, 0x10000000, 0x13a}, &(0x7f0000000240), &(0x7f0000000200))
io_uring_enter(r4, 0x2def, 0x2000000, 0x0, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x2004c8a0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0xa, 0x102)
setsockopt$inet6_int(r5, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
open(&(0x7f0000000080)='./bus\x00', 0x40002, 0x0)

1.736059493s ago: executing program 4 (id=1393):
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "510bbfbc037de60b42c8f12982769eb50979775eab68ce47b03edbf375a2a9a561752afff5f359e0a11e9a0112eba844d765eaf2a22a8b193e70c6703d815d4c", 0x20}, 0x48, 0xfffffffffffffffc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000080)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x126b, 0x0, &(0x7f0000000140), &(0x7f0000000780))
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r5, 0x104, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r6 = geteuid()
keyctl$chown(0x4, r0, r6, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x1, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f00000001c0)={0x14, &(0x7f0000000100)={0x20, 0x7, 0x3c, {0x3c, 0x9, "5fe333dd318337e82025489fdc555543ff3b477d316287717fc08fd157edbbfee779a0c91b3015a81017a106fa1743c980c16918847aba67c205"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1409}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000200)={0x40, 0x15, 0xe5, "a5b9e6fb27aa43d39859572b9a8b8e148d9ea757ae1672833684171f113ac3650ab5270536a1ffd1dfd58dc364f33a93ac2fb49f76cab01ee7dc1ed19d12bcdbf7817cc39e7fc391d3cfd9542e844df4e3dc9872a15aa43f1f58a69a3595abb0deb72a87013eb5fe7509a26dbd530d45dee01050ef9e10df4c0f6ae0c8d79ef39a9f782654d047afd71611452bb20d6da61cd754caa00b0e850cef2b4ea9943206f9284bbd8c786b8b1587b026612bd6707eebaf2b6a2784513f8e90658e86269dba56c1aef4df5f91f47cf28f9d88f6250ce73f6cba0a002a9fd5cebf19efc1367175c8db"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0xff}, &(0x7f0000000380)={0x20, 0x81, 0x2, "b1aa"}, &(0x7f00000003c0)={0x20, 0x82, 0x1, "a0"}, &(0x7f0000000400)={0x20, 0x83, 0x2, "3fb2"}, &(0x7f0000000440)={0x20, 0x84, 0x4, "8f6a86b5"}, &(0x7f0000000480)={0x20, 0x85, 0x3, "8b061f"}})
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x64060014)

1.701534985s ago: executing program 1 (id=1394):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a300000000008000540"], 0x6c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

1.515907405s ago: executing program 2 (id=1395):
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x581, 0x20000000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
r1 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'team0\x00', 0x0})
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000001480), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x44090)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001880)={'wg1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="290a00000000fedbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="240003000008000000ffffffffff06000000000000000000000000000000000001000000"], 0x40}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r4}]}, 0x40}}, 0x0)

1.448195265s ago: executing program 1 (id=1396):
openat$kvm(0xffffffffffffff9c, 0x0, 0x20200, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61129600000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000005d670000000000006507000006000000070500004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe74d599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f71b7eb70c174d885232e522aad0f13b0e5b43d837d040f813d0115387e36f092d9aaafe7afc637d3d107451f4854613cfd43ac63ad6141ddb0311b8c96fef49af414e49be7c23b2e8eb686fbcdd2dab4cbdb02e30e4e1a6c25b2791facac56e4c5dc036c8d80e5c7c206d24603be75850927e02fd4eea168681498d1170478408c43bb90d9df3964b64fee41745f6785419ac8de8788398e3653f34970988866043136ada4771bf8d96eeb0f565d626a3e9089"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0xffffffffffffff74, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

860.769µs ago: executing program 1 (id=1397):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x22040010}, 0x8000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
unshare(0x400)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
unshare(0x8040600)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r2, 0x3})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xc58, 0x0, 0x2, r2, 0x6})
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$WPAN_SECURITY(r3, 0x0, 0x1, 0x0, &(0x7f0000000040))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xc0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x39, 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xa, 0x9, 0x0, 0x0, 0x4, 0x9, 0xb0, 0x6, 0xf1, 0x1f, 0xd, 0xff, 0x0, 0x7, 0x2, 0x6, 0x3, 0x1, 0x0, '\x00', 0x2, 0x690})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)

0s ago: executing program 4 (id=1398):
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$netlink(0x10, 0x3, 0xa)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000000c0), 0x0, 0x4000000)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet(0x2, 0x1, 0x100)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

kernel console output (not intermixed with test programs):

nd 0x0406 tx timeout
[  212.510338][ T7399] ceph: Path missing in source
[  213.052522][ T5882] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  213.117459][ T7405] batadv1: entered allmulticast mode
[  213.155348][ T7405] 8021q: adding VLAN 0 to HW filter on device batadv1
[  213.168007][ T7405] bridge0: port 3(batadv1) entered blocking state
[  213.187520][ T7405] bridge0: port 3(batadv1) entered disabled state
[  213.221658][ T5882] usb 1-1: Using ep0 maxpacket: 16
[  213.231389][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  213.247765][ T7405] batadv1: entered promiscuous mode
[  213.262346][ T7405] bridge0: port 3(batadv1) entered blocking state
[  213.269280][ T7405] bridge0: port 3(batadv1) entered forwarding state
[  213.297203][ T5882] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  213.344228][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.358382][ T5882] usb 1-1: Product: syz
[  213.367630][ T5882] usb 1-1: Manufacturer: syz
[  213.376335][ T5882] usb 1-1: SerialNumber: syz
[  213.801738][  T918] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  213.908962][ T5882] usb 1-1: config 0 descriptor??
[  213.968562][ T1331] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  213.976577][ T5882] hub 1-1:0.0: bad descriptor, ignoring hub
[  213.978106][ T1331] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  213.984159][ T5882] hub 1-1:0.0: probe with driver hub failed with error -5
[  214.005842][ T5882] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input18
[  214.119260][  T918] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.157949][  T918] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  214.168589][ T7418] ceph: Path missing in source
[  214.200345][  T918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.216901][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.225724][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.241000][  T918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.275999][  T918] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  214.295956][  T918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  214.469962][  T881] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  215.066060][  T918] usb 5-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  215.131818][  T918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.156245][  T918] usb 5-1: Product: syz
[  215.166511][  T918] usb 5-1: Manufacturer: syz
[  215.178652][  T918] usb 5-1: SerialNumber: syz
[  215.215688][  T918] usb 5-1: config 0 descriptor??
[  215.245702][  T881] usb 3-1: Using ep0 maxpacket: 16
[  215.253386][  T881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  215.269955][  T881] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  215.280400][  T881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.292174][  T881] usb 3-1: Product: syz
[  215.296667][  T881] usb 3-1: Manufacturer: syz
[  215.304446][  T881] usb 3-1: SerialNumber: syz
[  215.360607][  T881] usb 3-1: config 0 descriptor??
[  215.376898][  T881] hub 3-1:0.0: bad descriptor, ignoring hub
[  215.384415][  T881] hub 3-1:0.0: probe with driver hub failed with error -5
[  215.462264][  T881] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input19
[  215.646773][ T7418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.656047][ T7418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.740176][ T7426] netlink: 48 bytes leftover after parsing attributes in process `syz.1.436'.
[  216.236535][ T7433] netlink: 12 bytes leftover after parsing attributes in process `syz.0.437'.
[  216.650575][  T918] usb 5-1: ucan: probing device on interface #0
[  216.657085][  T918] usb 5-1: ucan: invalid endpoint configuration
[  216.677995][  T918] usb 5-1: ucan: probe failed; try to update the device firmware
[  217.546151][  T918] usb 5-1: USB disconnect, device number 8
[  218.726541][  T918] usb 3-1: USB disconnect, device number 10
[  219.700992][ T7459] FAULT_INJECTION: forcing a failure.
[  219.700992][ T7459] name failslab, interval 1, probability 0, space 0, times 0
[  219.944362][ T7459] CPU: 0 UID: 0 PID: 7459 Comm: syz.0.444 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  219.944399][ T7459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.944411][ T7459] Call Trace:
[  219.944418][ T7459]  <TASK>
[  219.944427][ T7459]  dump_stack_lvl+0x241/0x360
[  219.944463][ T7459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.944491][ T7459]  ? __pfx__printk+0x10/0x10
[  219.944523][ T7459]  ? __pfx___might_resched+0x10/0x10
[  219.944552][ T7459]  should_fail_ex+0x424/0x570
[  219.944579][ T7459]  should_failslab+0xac/0x100
[  219.944602][ T7459]  __kmalloc_noprof+0xdf/0x4d0
[  219.944622][ T7459]  ? tomoyo_encode+0x26f/0x540
[  219.944647][ T7459]  tomoyo_encode+0x26f/0x540
[  219.944673][ T7459]  tomoyo_realpath_from_path+0x59e/0x5e0
[  219.944707][ T7459]  tomoyo_mount_permission+0x3cb/0xbd0
[  219.944746][ T7459]  ? tomoyo_mount_permission+0x29d/0xbd0
[  219.944779][ T7459]  ? __pfx___schedule+0x10/0x10
[  219.944801][ T7459]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  219.944851][ T7459]  ? trace_irq_disable+0x3b/0x120
[  219.944882][ T7459]  ? preempt_schedule_irq+0x145/0x1c0
[  219.944934][ T7459]  security_sb_mount+0xe0/0x2f0
[  219.944960][ T7459]  path_mount+0xb9/0xfa0
[  219.944982][ T7459]  ? kmem_cache_free+0x197/0x410
[  219.945001][ T7459]  ? user_path_at+0x44/0x60
[  219.945035][ T7459]  __se_sys_mount+0x38c/0x400
[  219.945065][ T7459]  ? __pfx___se_sys_mount+0x10/0x10
[  219.945090][ T7459]  ? __x64_sys_mount+0x3a/0xc0
[  219.945113][ T7459]  ? __x64_sys_mount+0x20/0xc0
[  219.945139][ T7459]  do_syscall_64+0xf3/0x230
[  219.945164][ T7459]  ? clear_bhb_loop+0x45/0xa0
[  219.945188][ T7459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.945208][ T7459] RIP: 0033:0x7efc5838e169
[  219.945225][ T7459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.945240][ T7459] RSP: 002b:00007efc592a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  219.945262][ T7459] RAX: ffffffffffffffda RBX: 00007efc585b6080 RCX: 00007efc5838e169
[  219.945276][ T7459] RDX: 0000200000000200 RSI: 00002000000001c0 RDI: 0000000000000000
[  219.945289][ T7459] RBP: 00007efc592a1090 R08: 0000200000000000 R09: 0000000000000000
[  219.945302][ T7459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.945313][ T7459] R13: 0000000000000000 R14: 00007efc585b6080 R15: 00007ffc44bdfe98
[  219.945348][ T7459]  </TASK>
[  219.945456][ T7459] ERROR: Out of memory at tomoyo_realpath_from_path.
[  220.138431][    C0] vkms_vblank_simulate: vblank timer overrun
[  220.224135][ T7463] 9pnet_fd: Insufficient options for proto=fd
[  220.377068][ T7466] ceph: Path missing in source
[  220.893103][ T5882] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  221.575429][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  221.649659][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  221.708194][ T5882] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  221.757452][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.840125][ T5882] usb 5-1: Product: syz
[  221.904428][ T5882] usb 5-1: Manufacturer: syz
[  221.957489][ T5882] usb 5-1: SerialNumber: syz
[  222.031946][ T7478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.451'.
[  222.043161][ T7478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.451'.
[  222.062895][ T5882] usb 5-1: config 0 descriptor??
[  222.178777][    T9] usb 1-1: USB disconnect, device number 12
[  222.210606][ T5882] hub 5-1:0.0: bad descriptor, ignoring hub
[  222.224051][ T5882] hub 5-1:0.0: probe with driver hub failed with error -5
[  222.239773][ T5882] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20
[  222.378624][ T7478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.451'.
[  222.388505][ T7478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.451'.
[  222.497210][ T7466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.557519][ T7466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.578074][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  223.578090][   T30] audit: type=1326 audit(1744803314.242:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7500 comm="syz.1.457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6608f8e169 code=0x0
[  224.515779][ T5848] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  225.815599][ T7532] ceph: Path missing in source
[  226.722523][ T7516] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  226.752457][   T10] IPVS: starting estimator thread 0...
[  226.759590][    T9] IPVS: starting estimator thread 0...
[  226.869148][ T7537] IPVS: using max 28 ests per chain, 67200 per kthread
[  226.911381][ T7538] IPVS: using max 28 ests per chain, 67200 per kthread
[  227.111509][   T52] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  227.748815][ T7549] Invalid ELF header type: 0 != 1
[  227.984688][   T52] usb 3-1: Using ep0 maxpacket: 16
[  228.007606][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  228.029458][   T52] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  228.039380][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.047777][   T52] usb 3-1: Product: syz
[  228.778034][ T7556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.471'.
[  229.032406][   T52] usb 3-1: Manufacturer: syz
[  229.037076][   T52] usb 3-1: SerialNumber: syz
[  229.449160][   T52] usb 3-1: config 0 descriptor??
[  229.500197][   T52] usb 3-1: can't set config #0, error -71
[  229.806606][   T52] usb 3-1: USB disconnect, device number 11
[  231.156957][ T5879] usb 5-1: USB disconnect, device number 9
[  231.202011][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  231.505241][ T7592] pimreg: entered allmulticast mode
[  231.561872][   T10] usb 2-1: Using ep0 maxpacket: 32
[  231.570071][   T10] usb 2-1: New USB device found, idVendor=04ca, idProduct=0111, bcdDevice=6d.c8
[  231.583784][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.633279][   T10] usb 2-1: config 0 descriptor??
[  231.815251][ T7595] netlink: 'syz.2.485': attribute type 21 has an invalid length.
[  231.823206][ T7595] netlink: 156 bytes leftover after parsing attributes in process `syz.2.485'.
[  231.874834][ T5879] usb 2-1: USB disconnect, device number 15
[  232.015805][ T7603] sctp: [Deprecated]: syz.0.488 (pid 7603) Use of int in max_burst socket option.
[  232.015805][ T7603] Use struct sctp_assoc_value instead
[  233.240253][   T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  233.360602][ T7607] netlink: 28 bytes leftover after parsing attributes in process `syz.4.487'.
[  233.775336][ T7614] ceph: Path missing in source
[  234.011316][   T10] usb 3-1: Using ep0 maxpacket: 8
[  234.018042][   T10] usb 3-1: config 64 has an invalid interface number: 203 but max is 0
[  234.026487][   T10] usb 3-1: config 64 has no interface number 0
[  234.032756][   T10] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=54.91
[  234.041943][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.392574][ T7617] netlink: 16 bytes leftover after parsing attributes in process `syz.1.491'.
[  234.401632][ T7618] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  234.501343][ T5879] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  234.504190][   T10] imon 3-1:64.203: unable to register, err -19
[  234.751638][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  234.789946][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  234.814173][ T5879] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  234.853956][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.331323][ T5879] usb 5-1: Product: syz
[  235.340327][ T5879] usb 5-1: Manufacturer: syz
[  235.349455][ T5879] usb 5-1: SerialNumber: syz
[  235.367103][ T5879] usb 5-1: config 0 descriptor??
[  235.386834][ T5879] hub 5-1:0.0: bad descriptor, ignoring hub
[  235.574218][ T5879] hub 5-1:0.0: probe with driver hub failed with error -5
[  235.600811][ T7614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.609867][ T7614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.959374][ T7630] netlink: 12 bytes leftover after parsing attributes in process `syz.1.493'.
[  236.023529][ T5879] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input21
[  236.041067][   T10] usb 3-1: USB disconnect, device number 12
[  236.125362][ T5879] usb 5-1: USB disconnect, device number 10
[  236.348682][ T7639] netlink: 8 bytes leftover after parsing attributes in process `syz.3.497'.
[  236.382597][ T7641] futex_wake_op: syz.1.498 tries to shift op by 32; fix this program
[  236.468497][ T7643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.499'.
[  236.531299][   T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  236.681362][   T10] usb 3-1: Using ep0 maxpacket: 8
[  236.688790][   T10] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  236.702302][   T10] usb 3-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  236.717146][   T10] usb 3-1: config 0 has no interface number 0
[  236.724665][   T10] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 55, changing to 9
[  236.739906][   T10] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 8496, setting to 1024
[  236.756275][   T10] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  236.771030][   T10] usb 3-1: config 0 interface 52 has no altsetting 0
[  236.791423][   T10] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  236.805351][   T10] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  236.814106][   T10] usb 3-1: Manufacturer: syz
[  236.830016][   T10] usb 3-1: config 0 descriptor??
[  237.104428][ T7651] sctp: [Deprecated]: syz.0.502 (pid 7651) Use of int in max_burst socket option.
[  237.104428][ T7651] Use struct sctp_assoc_value instead
[  237.269362][   T10] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input22
[  237.363593][   T10] usb 3-1: USB disconnect, device number 13
[  237.363650][    C0] synaptics_usb 3-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  237.641621][ T5879] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  237.901535][ T5879] usb 2-1: Using ep0 maxpacket: 32
[  237.925924][ T5879] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[  237.941545][ T5879] usb 2-1: config 0 has no interface number 0
[  237.950367][ T5879] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  237.969226][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.979755][ T5879] usb 2-1: Product: syz
[  237.984401][ T5879] usb 2-1: Manufacturer: syz
[  237.989447][ T5879] usb 2-1: SerialNumber: syz
[  238.018092][ T5879] usb 2-1: config 0 descriptor??
[  239.012480][ T7648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.022036][ T7648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.145729][ T7678] ceph: Path missing in source
[  239.741309][ T5882] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  239.901586][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  239.911214][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  239.923843][ T5882] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  239.943220][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.001289][ T5882] usb 5-1: Product: syz
[  240.005707][ T5882] usb 5-1: Manufacturer: syz
[  240.010370][ T5882] usb 5-1: SerialNumber: syz
[  240.045025][ T5882] usb 5-1: config 0 descriptor??
[  240.072803][ T5882] hub 5-1:0.0: bad descriptor, ignoring hub
[  240.079669][ T5882] hub 5-1:0.0: probe with driver hub failed with error -5
[  240.107103][ T5882] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input23
[  240.691617][ T7678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.700396][ T7678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.884419][ T5879] usb 2-1: USB disconnect, device number 16
[  241.133915][   T10] usb 5-1: USB disconnect, device number 11
[  241.299394][ T7567] udevd[7567]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  241.822833][ T7712] sctp: [Deprecated]: syz.1.519 (pid 7712) Use of int in max_burst socket option.
[  241.822833][ T7712] Use struct sctp_assoc_value instead
[  244.196880][ T7741] netlink: 'syz.0.528': attribute type 1 has an invalid length.
[  244.209132][ T7741] netlink: 224 bytes leftover after parsing attributes in process `syz.0.528'.
[  247.961301][ T5848] Bluetooth: hci0: command 0x0401 tx timeout
[  248.765076][ T7766] sctp: [Deprecated]: syz.3.535 (pid 7766) Use of int in max_burst socket option.
[  248.765076][ T7766] Use struct sctp_assoc_value instead
[  249.968236][ T7778] tipc: Started in network mode
[  249.973588][ T7778] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  249.983185][ T7778] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  249.992089][ T7778] tipc: Enabled bearer <udp:syz1>, priority 0
[  251.001019][   T10] tipc: Node number set to 1
[  252.011972][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.543'.
[  252.377304][ T7792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.543'.
[  252.412549][ T7792] netlink: 'syz.4.543': attribute type 14 has an invalid length.
[  252.817212][ T7811] sctp: [Deprecated]: syz.0.550 (pid 7811) Use of int in max_burst socket option.
[  252.817212][ T7811] Use struct sctp_assoc_value instead
[  254.471619][   T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  254.631467][   T10] usb 3-1: Using ep0 maxpacket: 16
[  254.666557][ T7844] netlink: 32 bytes leftover after parsing attributes in process `syz.4.558'.
[  254.704161][   T10] usb 3-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  254.727079][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.745474][   T10] usb 3-1: Product: syz
[  254.756557][   T10] usb 3-1: Manufacturer: syz
[  254.770454][   T10] usb 3-1: SerialNumber: syz
[  254.800754][   T10] usb 3-1: config 0 descriptor??
[  254.848903][   T10] as10x_usb: device has been detected
[  254.868880][   T10] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  254.924827][   T10] usb 3-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  254.989548][   T10] as10x_usb: error during firmware upload part1
[  255.004038][   T10] Registered device Sky IT Digital Key (green led)
[  255.069741][ T7853] netlink: 165 bytes leftover after parsing attributes in process `syz.4.562'.
[  255.760699][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.779452][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  258.944197][ T7875] sctp: [Deprecated]: syz.1.566 (pid 7875) Use of int in max_burst socket option.
[  258.944197][ T7875] Use struct sctp_assoc_value instead
[  261.235429][ T7894] IPv6: Can't replace route, no match found
[  261.661607][   T24] usb 3-1: USB disconnect, device number 14
[  261.950964][ T7912] netlink: 16 bytes leftover after parsing attributes in process `syz.3.575'.
[  261.959990][ T7912] netlink: 64 bytes leftover after parsing attributes in process `syz.3.575'.
[  262.232689][   T24] Unregistered device Sky IT Digital Key (green led)
[  262.272949][ T7916] netlink: 12 bytes leftover after parsing attributes in process `syz.4.576'.
[  262.297072][   T24] as10x_usb: device has been disconnected
[  263.050301][ T7917] netlink: 'syz.2.577': attribute type 1 has an invalid length.
[  263.058141][ T7917] netlink: 224 bytes leftover after parsing attributes in process `syz.2.577'.
[  263.120564][ T7923] sctp: [Deprecated]: syz.1.580 (pid 7923) Use of int in max_burst socket option.
[  263.120564][ T7923] Use struct sctp_assoc_value instead
[  263.310361][ T7921] overlayfs: conflicting options: verity=require,redirect_dir=follow
[  263.366847][ T7928] pimreg: left allmulticast mode
[  264.164888][ T5909] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  264.328371][ T5909] usb 5-1: Using ep0 maxpacket: 32
[  265.285786][ T5909] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  265.295054][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.303495][ T5909] usb 5-1: Product: syz
[  265.307679][ T5909] usb 5-1: Manufacturer: syz
[  265.312732][ T5909] usb 5-1: SerialNumber: syz
[  265.339039][ T5909] usb 5-1: config 0 descriptor??
[  265.364395][ T5909] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  265.585761][ T7960] netlink: 'syz.1.592': attribute type 1 has an invalid length.
[  265.593600][ T7960] netlink: 224 bytes leftover after parsing attributes in process `syz.1.592'.
[  265.682920][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.593'.
[  265.692824][ T7964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.593'.
[  265.904205][ T5909] gspca_stk1135: reg_w 0x3 err -71
[  265.910409][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  265.928334][ T5909] gspca_stk1135: Sensor write failed
[  266.012548][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.594'.
[  266.617450][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.624089][ T5909] gspca_stk1135: Sensor write failed
[  266.629436][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.638192][ T5909] gspca_stk1135: Sensor read failed
[  266.720467][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.731512][ T5909] gspca_stk1135: Sensor read failed
[  266.740123][ T5909] gspca_stk1135: Detected sensor type unknown (0x0)
[  266.747945][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.754539][ T5909] gspca_stk1135: Sensor read failed
[  266.759816][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.766812][ T5909] gspca_stk1135: Sensor read failed
[  266.772401][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.778758][ T5909] gspca_stk1135: Sensor write failed
[  266.793517][ T5909] gspca_stk1135: serial bus timeout: status=0x00
[  266.816362][ T5909] gspca_stk1135: Sensor write failed
[  266.830315][ T5909] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  266.873774][ T5909] usb 5-1: USB disconnect, device number 12
[  266.915878][ T7973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.595'.
[  267.145805][ T7980] ipt_ECN: cannot use operation on non-tcp rule
[  267.156645][ T7981] sctp: [Deprecated]: syz.1.599 (pid 7981) Use of int in max_burst socket option.
[  267.156645][ T7981] Use struct sctp_assoc_value instead
[  267.161884][ T7973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.595'.
[  268.149192][ T7980] overlayfs: failed to clone upperpath
[  268.475665][ T7983] FAULT_INJECTION: forcing a failure.
[  268.475665][ T7983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.549160][ T7983] CPU: 0 UID: 0 PID: 7983 Comm: syz.2.595 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  268.549188][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  268.549200][ T7983] Call Trace:
[  268.549207][ T7983]  <TASK>
[  268.549215][ T7983]  dump_stack_lvl+0x241/0x360
[  268.549256][ T7983]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.549280][ T7983]  ? __pfx__printk+0x10/0x10
[  268.549317][ T7983]  should_fail_ex+0x424/0x570
[  268.549341][ T7983]  _copy_from_user+0x2d/0xb0
[  268.549369][ T7983]  copy_msghdr_from_user+0xb3/0x580
[  268.549401][ T7983]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  268.549423][ T7983]  ? __fget_files+0x2a/0x420
[  268.549448][ T7983]  ? __fget_files+0x2a/0x420
[  268.549477][ T7983]  __sys_sendmsg+0x20a/0x360
[  268.549502][ T7983]  ? __pfx___sys_sendmsg+0x10/0x10
[  268.549572][ T7983]  ? do_syscall_64+0xb6/0x230
[  268.549598][ T7983]  do_syscall_64+0xf3/0x230
[  268.549621][ T7983]  ? clear_bhb_loop+0x45/0xa0
[  268.549642][ T7983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.549660][ T7983] RIP: 0033:0x7fc16498e169
[  268.549677][ T7983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.549692][ T7983] RSP: 002b:00007fc16584f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.549712][ T7983] RAX: ffffffffffffffda RBX: 00007fc164bb6080 RCX: 00007fc16498e169
[  268.549729][ T7983] RDX: 0000000024040084 RSI: 0000200000006040 RDI: 0000000000000004
[  268.549741][ T7983] RBP: 00007fc16584f090 R08: 0000000000000000 R09: 0000000000000000
[  268.549753][ T7983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.549764][ T7983] R13: 0000000000000000 R14: 00007fc164bb6080 R15: 00007ffc4bec2f08
[  268.549812][ T7983]  </TASK>
[  269.988305][ T7997] overlayfs: statfs failed on './file0'
[  270.321586][ T5909] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  270.487144][ T8032] ceph: Path missing in source
[  270.521858][ T5909] usb 3-1: Using ep0 maxpacket: 32
[  270.530626][ T5909] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  270.549711][ T5909] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  270.558575][ T5909] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  270.568052][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  270.579202][ T5909] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  270.589304][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  270.621409][ T5909] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  270.640066][ T5909] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  270.655147][ T5909] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  270.688646][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.702136][ T5909] usb 3-1: config 0 descriptor??
[  270.708069][ T8015] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  270.718399][ T5909] usblp0: Disabling reads from problematic bidirectional printer
[  270.775252][ T5879] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  270.941517][ T5879] usb 2-1: Using ep0 maxpacket: 16
[  270.995799][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  271.024472][ T5879] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  271.041685][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.060457][ T5879] usb 2-1: Product: syz
[  271.072603][ T5879] usb 2-1: Manufacturer: syz
[  271.087787][ T5879] usb 2-1: SerialNumber: syz
[  271.112208][ T5879] usb 2-1: config 0 descriptor??
[  271.148367][   T30] audit: type=1326 audit(1744803361.792:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.193045][ T5879] hub 2-1:0.0: bad descriptor, ignoring hub
[  271.199013][ T5879] hub 2-1:0.0: probe with driver hub failed with error -5
[  271.230411][ T5879] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input24
[  271.240379][   T30] audit: type=1326 audit(1744803361.792:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.301281][   T30] audit: type=1326 audit(1744803361.792:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.377821][   T30] audit: type=1326 audit(1744803361.792:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.455409][ T8032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.472055][ T8032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.536173][   T30] audit: type=1326 audit(1744803361.792:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.632971][   T30] audit: type=1326 audit(1744803361.802:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.819346][   T30] audit: type=1326 audit(1744803361.802:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  271.843959][ T5909] usblp 3-1:0.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  271.869451][ T5909] usb 3-1: USB disconnect, device number 15
[  272.214450][   T30] audit: type=1326 audit(1744803361.802:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  272.242280][ T5909] usblp0: removed
[  273.239021][   T30] audit: type=1326 audit(1744803361.802:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  273.262479][ T8056] netlink: 'syz.4.620': attribute type 1 has an invalid length.
[  273.272017][ T8056] netlink: 224 bytes leftover after parsing attributes in process `syz.4.620'.
[  273.771793][   T30] audit: type=1326 audit(1744803361.802:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.3.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe803b8e169 code=0x7ffc0000
[  273.831340][ T5880] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  274.535718][ T5880] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  274.600185][   T24] usb 2-1: USB disconnect, device number 17
[  274.611274][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  274.704541][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.842091][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.881329][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  274.923227][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  275.337347][ T5880] usb 1-1: string descriptor 0 read error: -71
[  276.241474][ T5880] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  276.250670][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.362659][ T5880] usb 1-1: config 0 descriptor??
[  276.386583][ T5880] usb 1-1: can't set config #0, error -71
[  276.420516][ T5880] usb 1-1: USB disconnect, device number 13
[  276.888894][ T8104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.631'.
[  278.478464][ T8119] ceph: Path missing in source
[  280.241339][   T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  280.513450][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  280.554881][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  280.613923][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.639830][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.674184][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  280.901660][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  280.914695][   T24] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  280.924455][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.941243][   T24] usb 2-1: Product: syz
[  280.945440][   T24] usb 2-1: Manufacturer: syz
[  280.950063][   T24] usb 2-1: SerialNumber: syz
[  281.007245][   T24] usb 2-1: config 0 descriptor??
[  282.402407][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  282.402436][   T30] audit: type=1326 audit(1744803373.062:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  282.613967][   T30] audit: type=1326 audit(1744803373.092:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.146105][   T30] audit: type=1326 audit(1744803373.112:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.167516][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.174077][   T30] audit: type=1326 audit(1744803373.112:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.195695][   T30] audit: type=1326 audit(1744803373.112:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.217295][   T30] audit: type=1326 audit(1744803373.122:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.261305][   T30] audit: type=1326 audit(1744803373.122:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.261394][   T24] usb 2-1: ucan: probing device on interface #0
[  283.322720][ T8172] ceph: Path missing in source
[  283.349638][   T30] audit: type=1326 audit(1744803373.122:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.388649][   T24] usb 2-1: ucan: invalid endpoint configuration
[  283.411225][   T24] usb 2-1: ucan: probe failed; try to update the device firmware
[  283.446541][   T30] audit: type=1326 audit(1744803373.132:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  283.485351][   T24] usb 2-1: USB disconnect, device number 18
[  283.611057][   T30] audit: type=1326 audit(1744803373.132:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8166 comm="syz.2.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16498e169 code=0x7ffc0000
[  284.161394][ T5909] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  284.301374][ T5909] usb 5-1: device descriptor read/64, error -71
[  284.691402][ T5909] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  284.841450][ T5909] usb 5-1: device descriptor read/64, error -71
[  285.391764][ T8197] netlink: 'syz.0.661': attribute type 1 has an invalid length.
[  285.400553][ T5909] usb usb5-port1: attempt power cycle
[  285.411659][ T8197] netlink: 224 bytes leftover after parsing attributes in process `syz.0.661'.
[  286.351272][ T5909] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  286.381938][ T5909] usb 5-1: device descriptor read/8, error -71
[  286.552203][ T5880] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  286.622164][ T5909] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  286.723453][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.738824][ T5880] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  286.759607][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.779515][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.793269][ T5880] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  286.807688][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  286.825998][ T5880] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  286.845867][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.851494][ T5909] usb 5-1: device not accepting address 16, error -71
[  286.857995][ T5880] usb 2-1: Product: syz
[  286.868928][ T5909] usb usb5-port1: unable to enumerate USB device
[  286.870961][ T5880] usb 2-1: Manufacturer: syz
[  286.880047][ T5880] usb 2-1: SerialNumber: syz
[  286.909481][ T5880] usb 2-1: config 0 descriptor??
[  286.983857][ T8218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.668'.
[  288.813797][ T5880] usb 2-1: ucan: probing device on interface #0
[  288.820118][ T5880] usb 2-1: ucan: invalid endpoint configuration
[  288.997519][ T5880] usb 2-1: ucan: probe failed; try to update the device firmware
[  289.065822][ T5880] usb 2-1: USB disconnect, device number 19
[  291.597904][ T5882] IPVS: starting estimator thread 0...
[  291.736935][ T8279] IPVS: using max 44 ests per chain, 105600 per kthread
[  292.004229][ T5882] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  292.256038][ T5882] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  292.266591][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  292.304704][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.335001][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.363230][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  292.425280][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  292.502292][ T5882] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  292.525427][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.564894][ T5882] usb 1-1: Product: syz
[  292.571649][ T5882] usb 1-1: Manufacturer: syz
[  292.588790][ T5882] usb 1-1: SerialNumber: syz
[  292.609268][ T5882] usb 1-1: config 0 descriptor??
[  292.758833][ T8295] netlink: 'syz.1.691': attribute type 1 has an invalid length.
[  292.785202][ T8295] netlink: 224 bytes leftover after parsing attributes in process `syz.1.691'.
[  293.903705][ T5882] usb 1-1: ucan: probing device on interface #0
[  293.910011][ T5882] usb 1-1: ucan: invalid endpoint configuration
[  293.919443][ T5882] usb 1-1: ucan: probe failed; try to update the device firmware
[  293.951666][ T5882] usb 1-1: USB disconnect, device number 14
[  296.174840][ T8331] cifs: Unknown parameter 'mode'
[  297.073048][ T8338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.703'.
[  297.077025][ T8333] ceph: Path missing in source
[  297.194852][ T8339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.702'.
[  297.351415][ T5882] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  298.373101][ T5882] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  298.382563][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.407108][ T5882] usb 1-1: config 0 descriptor??
[  298.978914][ T8352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.020914][ T8352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.352166][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.710'.
[  300.760916][   T24] usb 1-1: USB disconnect, device number 15
[  302.237671][ T8382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.716'.
[  302.724937][ T8386] ceph: Path missing in source
[  303.161414][ T5880] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  303.332141][ T5880] usb 2-1: Using ep0 maxpacket: 32
[  303.845082][ T5880] usb 2-1: New USB device found, idVendor=13d3, idProduct=3211, bcdDevice=cb.d7
[  303.854382][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[  303.866046][ T5880] usb 2-1: Product: syz
[  303.879106][ T5880] usb 2-1: Manufacturer: syz
[  303.889118][ T5880] usb 2-1: SerialNumber: syz
[  303.898568][ T5880] usb 2-1: config 0 descriptor??
[  303.908773][ T5880] dvb-usb: found a 'Pinnacle PCTV 310e' in cold state, will try to load a firmware
[  303.948766][ T5880] dvb-usb: did not find the firmware file '(null)' (status -22). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  304.185998][ T8401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.724'.
[  304.947337][ T8405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.725'.
[  305.941618][ T5882] usb 2-1: USB disconnect, device number 20
[  307.093898][ T8430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.730'.
[  307.820091][ T8439] netlink: 16 bytes leftover after parsing attributes in process `syz.4.733'.
[  307.829433][ T8439] netlink: 64 bytes leftover after parsing attributes in process `syz.4.733'.
[  308.818966][ T8446] netlink: 16 bytes leftover after parsing attributes in process `syz.1.735'.
[  308.828005][ T8446] netlink: 72 bytes leftover after parsing attributes in process `syz.1.735'.
[  308.985015][ T8451] sctp: [Deprecated]: syz.0.739 (pid 8451) Use of int in max_burst socket option.
[  308.985015][ T8451] Use struct sctp_assoc_value instead
[  309.156058][ T8455] netlink: 'syz.4.738': attribute type 13 has an invalid length.
[  310.510211][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.559996][ T8455] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  312.826753][ T8483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.747'.
[  313.062338][ T8485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.746'.
[  313.671304][ T5882] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  313.959984][ T8497] netlink: 16 bytes leftover after parsing attributes in process `syz.3.748'.
[  313.969208][ T8497] netlink: 64 bytes leftover after parsing attributes in process `syz.3.748'.
[  314.755908][ T5882] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  315.131229][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.232323][ T5882] usb 5-1: config 0 descriptor??
[  315.476726][ T8503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.751'.
[  315.486189][ T8503] netlink: 56 bytes leftover after parsing attributes in process `syz.3.751'.
[  315.854721][ T8509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  315.884312][ T8509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.167977][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.174527][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.284695][ T8520] sctp: [Deprecated]: syz.0.756 (pid 8520) Use of int in max_burst socket option.
[  317.284695][ T8520] Use struct sctp_assoc_value instead
[  318.153537][ T5880] usb 5-1: USB disconnect, device number 17
[  318.172131][ T8525] netlink: 'syz.2.757': attribute type 1 has an invalid length.
[  318.179852][ T8525] netlink: 224 bytes leftover after parsing attributes in process `syz.2.757'.
[  320.270758][ T8544] netlink: 16 bytes leftover after parsing attributes in process `syz.4.761'.
[  320.279903][ T8544] netlink: 64 bytes leftover after parsing attributes in process `syz.4.761'.
[  321.088939][ T8549] netlink: 16 bytes leftover after parsing attributes in process `syz.0.764'.
[  321.098077][ T8549] netlink: 'syz.0.764': attribute type 11 has an invalid length.
[  321.105977][ T8549] netlink: 56 bytes leftover after parsing attributes in process `syz.0.764'.
[  322.258597][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.767'.
[  322.827527][ T8567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.770'.
[  323.201620][ T5882] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  323.483287][ T5882] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  323.550782][ T8574] netlink: 'syz.4.772': attribute type 1 has an invalid length.
[  323.558593][ T8574] netlink: 224 bytes leftover after parsing attributes in process `syz.4.772'.
[  323.581409][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.206966][ T5882] usb 2-1: config 0 descriptor??
[  324.399140][ T8586] sctp: [Deprecated]: syz.4.774 (pid 8586) Use of int in max_burst socket option.
[  324.399140][ T8586] Use struct sctp_assoc_value instead
[  324.968711][ T8595] netlink: 16 bytes leftover after parsing attributes in process `syz.2.776'.
[  324.977916][ T8595] netlink: 64 bytes leftover after parsing attributes in process `syz.2.776'.
[  325.355765][ T8596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.575606][ T8596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.935900][ T8604] netlink: 12 bytes leftover after parsing attributes in process `syz.3.779'.
[  326.767395][ T5882] usb 2-1: USB disconnect, device number 21
[  329.230285][ T8637] netlink: 16 bytes leftover after parsing attributes in process `syz.2.788'.
[  329.239573][ T8637] netlink: 64 bytes leftover after parsing attributes in process `syz.2.788'.
[  330.097477][ T8645] netlink: 4 bytes leftover after parsing attributes in process `syz.3.791'.
[  330.160173][ T8642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.790'.
[  330.428569][ T8657] sctp: [Deprecated]: syz.0.795 (pid 8657) Use of int in max_burst socket option.
[  330.428569][ T8657] Use struct sctp_assoc_value instead
[  333.886980][ T8683] netlink: 16 bytes leftover after parsing attributes in process `syz.3.803'.
[  333.896090][ T8683] netlink: 64 bytes leftover after parsing attributes in process `syz.3.803'.
[  335.033017][ T8689] netlink: 12 bytes leftover after parsing attributes in process `syz.3.805'.
[  335.430893][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.809'.
[  335.721571][ T5882] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  335.831767][ T5909] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  336.157440][ T5909] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  336.174661][ T5882] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  336.201483][ T5909] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  336.220057][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.239368][ T5882] usb 3-1: config 0 descriptor??
[  336.252402][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.288696][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.320789][ T5909] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  336.358954][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  336.412780][ T5909] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  336.422064][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.430356][ T5909] usb 1-1: Product: syz
[  336.441406][ T5909] usb 1-1: Manufacturer: syz
[  336.450105][ T5909] usb 1-1: SerialNumber: syz
[  336.485428][ T5909] usb 1-1: config 0 descriptor??
[  337.518548][ T8712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  337.559341][ T8712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  337.749472][ T8715] netlink: 'syz.4.813': attribute type 1 has an invalid length.
[  337.757516][ T8715] netlink: 224 bytes leftover after parsing attributes in process `syz.4.813'.
[  338.156750][ T8718] sctp: [Deprecated]: syz.3.814 (pid 8718) Use of int in max_burst socket option.
[  338.156750][ T8718] Use struct sctp_assoc_value instead
[  338.373749][ T5909] usb 1-1: ucan: probing device on interface #0
[  338.381109][ T5909] usb 1-1: ucan: invalid endpoint configuration
[  338.941051][ T5909] usb 1-1: ucan: probe failed; try to update the device firmware
[  338.959130][ T5909] usb 1-1: USB disconnect, device number 16
[  339.064042][ T8725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.816'.
[  339.222924][   T24] usb 3-1: USB disconnect, device number 16
[  339.387047][ T8733] netlink: 16 bytes leftover after parsing attributes in process `syz.1.815'.
[  339.396197][ T8733] netlink: 64 bytes leftover after parsing attributes in process `syz.1.815'.
[  342.207673][ T8763] netlink: 12 bytes leftover after parsing attributes in process `syz.0.828'.
[  342.411224][ T5882] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  342.552962][ T8769] netlink: 16 bytes leftover after parsing attributes in process `syz.0.830'.
[  342.562166][ T8769] netlink: 64 bytes leftover after parsing attributes in process `syz.0.830'.
[  343.042321][ T5882] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  343.064984][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  343.089137][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.113958][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.271778][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  343.284145][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  343.771776][ T5882] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  343.780968][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.789463][ T5882] usb 2-1: Product: syz
[  343.794098][ T5882] usb 2-1: Manufacturer: syz
[  343.798728][ T5882] usb 2-1: SerialNumber: syz
[  343.811881][ T5882] usb 2-1: config 0 descriptor??
[  343.917429][ T8776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.832'.
[  344.228835][ T8786] sctp: [Deprecated]: syz.2.837 (pid 8786) Use of int in max_burst socket option.
[  344.228835][ T8786] Use struct sctp_assoc_value instead
[  345.545979][ T5882] usb 2-1: ucan: probing device on interface #0
[  345.583586][ T5882] usb 2-1: ucan: invalid endpoint configuration
[  345.607355][ T5882] usb 2-1: ucan: probe failed; try to update the device firmware
[  345.642990][ T5882] usb 2-1: USB disconnect, device number 22
[  346.193417][ T8810] netlink: 16 bytes leftover after parsing attributes in process `syz.4.841'.
[  346.202438][ T8810] netlink: 64 bytes leftover after parsing attributes in process `syz.4.841'.
[  346.471994][ T8812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.842'.
[  347.992197][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.849'.
[  348.390665][ T5879] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  348.799996][ T5879] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  348.819861][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.846712][ T5879] usb 5-1: config 0 descriptor??
[  349.641373][ T8853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.854'.
[  349.650705][ T8853] netlink: 64 bytes leftover after parsing attributes in process `syz.0.854'.
[  349.991342][ T8839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  350.018838][ T8839] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  350.529151][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.0.856'.
[  351.383220][   T24] usb 5-1: USB disconnect, device number 18
[  351.418844][ T8868] sctp: [Deprecated]: syz.0.858 (pid 8868) Use of int in max_burst socket option.
[  351.418844][ T8868] Use struct sctp_assoc_value instead
[  353.959081][ T8894] sctp: [Deprecated]: syz.2.866 (pid 8894) Use of int in max_burst socket option.
[  353.959081][ T8894] Use struct sctp_assoc_value instead
[  354.013779][ T8895] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'.
[  357.055502][ T8910] netlink: 12 bytes leftover after parsing attributes in process `syz.0.869'.
[  358.471436][   T52] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  358.846641][   T52] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.861447][   T52] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  358.873116][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.884705][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.901855][   T52] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  358.931700][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  359.246320][   T52] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  359.455613][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.479959][   T52] usb 1-1: Product: syz
[  359.486679][ T8936] sctp: [Deprecated]: syz.1.877 (pid 8936) Use of int in max_burst socket option.
[  359.486679][ T8936] Use struct sctp_assoc_value instead
[  359.718883][   T52] usb 1-1: Manufacturer: syz
[  359.732405][   T52] usb 1-1: SerialNumber: syz
[  359.853143][ T8941] netlink: 12 bytes leftover after parsing attributes in process `syz.2.878'.
[  360.252257][   T52] usb 1-1: config 0 descriptor??
[  361.728010][   T52] usb 1-1: ucan: probing device on interface #0
[  361.740359][   T52] usb 1-1: ucan: invalid endpoint configuration
[  361.760546][   T52] usb 1-1: ucan: probe failed; try to update the device firmware
[  361.882833][   T52] usb 1-1: USB disconnect, device number 17
[  362.121939][ T8959] netlink: 12 bytes leftover after parsing attributes in process `syz.2.881'.
[  362.862594][ T8961] netlink: 'syz.4.884': attribute type 1 has an invalid length.
[  362.876435][ T8961] netlink: 224 bytes leftover after parsing attributes in process `syz.4.884'.
[  364.751595][ T5882] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  364.943513][ T5882] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.966020][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  364.978610][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.995131][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.012995][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  365.033073][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  365.050894][ T5882] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  365.078079][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.116154][ T5882] usb 2-1: Product: syz
[  365.141073][ T5882] usb 2-1: Manufacturer: syz
[  365.164354][ T5882] usb 2-1: SerialNumber: syz
[  365.185586][ T5882] usb 2-1: config 0 descriptor??
[  365.411611][ T8988] netlink: 12 bytes leftover after parsing attributes in process `syz.0.893'.
[  366.813509][ T8999] netlink: 12 bytes leftover after parsing attributes in process `syz.3.896'.
[  367.419043][ T5882] usb 2-1: ucan: probing device on interface #0
[  367.448981][ T5882] usb 2-1: ucan: invalid endpoint configuration
[  367.459786][ T5882] usb 2-1: ucan: probe failed; try to update the device firmware
[  367.495059][ T5882] usb 2-1: USB disconnect, device number 23
[  367.582835][ T9006] sctp: [Deprecated]: syz.2.897 (pid 9006) Use of int in max_burst socket option.
[  367.582835][ T9006] Use struct sctp_assoc_value instead
[  369.954336][ T9027] netlink: 12 bytes leftover after parsing attributes in process `syz.4.904'.
[  373.328579][ T9047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.910'.
[  373.919591][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.912'.
[  375.846346][ T9063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.915'.
[  376.316630][ T9069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.916'.
[  377.080326][ T9073] sctp: [Deprecated]: syz.3.918 (pid 9073) Use of int in max_burst socket option.
[  377.080326][ T9073] Use struct sctp_assoc_value instead
[  378.667943][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.674427][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.816941][ T9089] netlink: 12 bytes leftover after parsing attributes in process `syz.4.922'.
[  381.766033][ T9108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.926'.
[  384.381300][ T9133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.934'.
[  386.372030][ T9145] netlink: 'syz.2.936': attribute type 1 has an invalid length.
[  386.406462][ T9145] netlink: 224 bytes leftover after parsing attributes in process `syz.2.936'.
[  386.988346][ T9147] sctp: [Deprecated]: syz.1.938 (pid 9147) Use of int in max_burst socket option.
[  386.988346][ T9147] Use struct sctp_assoc_value instead
[  388.050415][ T9156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.941'.
[  388.162873][ T9157] netlink: 116 bytes leftover after parsing attributes in process `syz.2.940'.
[  388.749523][ T9159] sctp: [Deprecated]: syz.3.942 (pid 9159) Use of int in max_burst socket option.
[  388.749523][ T9159] Use struct sctp_assoc_value instead
[  390.764812][ T9175] netlink: 12 bytes leftover after parsing attributes in process `syz.3.946'.
[  392.690592][ T9191] netlink: 'syz.2.950': attribute type 1 has an invalid length.
[  392.706866][ T9191] netlink: 224 bytes leftover after parsing attributes in process `syz.2.950'.
[  392.916983][ T9193] netlink: 12 bytes leftover after parsing attributes in process `syz.4.952'.
[  393.556484][   T62] Bluetooth: hci5: Frame reassembly failed (-84)
[  393.582694][ T9199] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  393.771449][ T9204] sctp: [Deprecated]: syz.2.957 (pid 9204) Use of int in max_burst socket option.
[  393.771449][ T9204] Use struct sctp_assoc_value instead
[  394.020223][ T9207] netlink: 116 bytes leftover after parsing attributes in process `syz.1.953'.
[  394.619132][ T9199] 9pnet_fd: Insufficient options for proto=fd
[  394.867206][ T9217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.959'.
[  395.561327][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  395.581927][ T5848] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  397.231251][ T9242] netlink: 'syz.0.967': attribute type 1 has an invalid length.
[  397.239088][ T9242] netlink: 224 bytes leftover after parsing attributes in process `syz.0.967'.
[  398.510885][ T9257] netlink: 116 bytes leftover after parsing attributes in process `syz.0.971'.
[  399.762855][ T9263] netlink: 12 bytes leftover after parsing attributes in process `syz.1.975'.
[  399.792994][ T9261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.973'.
[  401.703152][ T9285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.980'.
[  402.810829][ T9299] netlink: 116 bytes leftover after parsing attributes in process `syz.1.983'.
[  403.913399][ T9306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.987'.
[  404.196793][ T9313] netlink: 12 bytes leftover after parsing attributes in process `syz.4.988'.
[  404.281982][ T9315] netlink: 12 bytes leftover after parsing attributes in process `syz.2.990'.
[  406.879324][ T9335] netlink: 116 bytes leftover after parsing attributes in process `syz.2.996'.
[  407.418944][ T9337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.997'.
[  407.901738][   T10] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  408.655413][   T10] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  408.675951][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.700133][   T10] usb 1-1: config 0 descriptor??
[  409.484740][ T9358] sctp: [Deprecated]: syz.3.1003 (pid 9358) Use of int in max_burst socket option.
[  409.484740][ T9358] Use struct sctp_assoc_value instead
[  409.679628][ T9361] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1002'.
[  410.842895][ T9365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.864240][ T9365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.977115][   T10] usb 1-1: USB disconnect, device number 18
[  412.578281][ T9385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1010'.
[  412.674660][ T9387] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1009'.
[  414.492112][ T5882] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  414.951398][ T5882] usb 5-1: unable to get BOS descriptor or descriptor too short
[  415.015921][ T5882] usb 5-1: config 1 interface 1 has no altsetting 0
[  415.121167][ T5882] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  415.183042][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.248807][ T5882] usb 5-1: Product: syz
[  415.320622][ T5882] usb 5-1: Manufacturer: syz
[  415.405323][ T9409] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1020'.
[  415.417644][ T5882] usb 5-1: SerialNumber: syz
[  415.603150][ T9413] ntfs3: Bad value for 'gid'
[  415.608053][ T9413] ntfs3: Bad value for 'gid'
[  415.661300][   T10] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  415.872434][ T5882] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  415.928263][ T5882] usb 5-1: USB disconnect, device number 19
[  415.981687][  T978] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  416.003446][   T10] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  416.044574][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.068301][   T10] usb 2-1: config 0 descriptor??
[  416.182928][  T978] usb 3-1: config 29 has an invalid descriptor of length 0, skipping remainder of the config
[  416.247167][ T9340] udevd[9340]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  416.283947][  T978] usb 3-1: New USB device found, idVendor=22b8, idProduct=4b48, bcdDevice=3f.f0
[  416.303815][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.319523][  T978] usb 3-1: Product: syz
[  416.326678][  T978] usb 3-1: Manufacturer: syz
[  416.334385][ T9421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1024'.
[  416.351714][  T978] usb 3-1: SerialNumber: syz
[  416.644220][  T978] qmi_wwan 3-1:29.0: skipping garbage
[  416.652015][ T9425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.738161][ T9426] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1025'.
[  416.747284][ T9426] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1025'.
[  417.239192][  T978] qmi_wwan 3-1:29.0: probe with driver qmi_wwan failed with error -22
[  417.249714][ T9425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.356142][  T978] usb 3-1: USB disconnect, device number 17
[  418.556365][   T52] usb 2-1: USB disconnect, device number 24
[  419.158324][ T9457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1035'.
[  419.465156][ T9461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1036'.
[  419.477246][ T9461] FAULT_INJECTION: forcing a failure.
[  419.477246][ T9461] name failslab, interval 1, probability 0, space 0, times 0
[  419.490651][ T9461] CPU: 0 UID: 0 PID: 9461 Comm: syz.1.1036 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  419.490681][ T9461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  419.490702][ T9461] Call Trace:
[  419.490709][ T9461]  <TASK>
[  419.490715][ T9461]  dump_stack_lvl+0x241/0x360
[  419.490742][ T9461]  ? __pfx_dump_stack_lvl+0x10/0x10
[  419.490768][ T9461]  ? __wake_up_klogd+0xcc/0x110
[  419.490794][ T9461]  should_fail_ex+0x424/0x570
[  419.490813][ T9461]  should_failslab+0xac/0x100
[  419.490830][ T9461]  kmem_cache_alloc_noprof+0x78/0x390
[  419.490845][ T9461]  ? skb_clone+0x20c/0x390
[  419.490865][ T9461]  skb_clone+0x20c/0x390
[  419.490885][ T9461]  __netlink_deliver_tap+0x3c4/0x7f0
[  419.490915][ T9461]  ? netlink_deliver_tap+0x2e/0x1b0
[  419.490935][ T9461]  netlink_deliver_tap+0x19d/0x1b0
[  419.490957][ T9461]  netlink_sendskb+0x68/0x140
[  419.490990][ T9461]  netlink_unicast+0x39f/0x9a0
[  419.491025][ T9461]  ? __asan_memcpy+0x40/0x70
[  419.491057][ T9461]  ? __pfx_netlink_unicast+0x10/0x10
[  419.491113][ T9461]  netlink_rcv_skb+0x296/0x480
[  419.491140][ T9461]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  419.491161][ T9461]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  419.491200][ T9461]  ? safesetid_security_capable+0xb2/0x1d0
[  419.491227][ T9461]  ? bpf_lsm_capable+0x9/0x10
[  419.491246][ T9461]  ? security_capable+0x7e/0x2d0
[  419.491269][ T9461]  nfnetlink_rcv+0x296/0x28f0
[  419.491291][ T9461]  ? __dev_queue_xmit+0x2f9/0x3f60
[  419.491311][ T9461]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  419.491342][ T9461]  ? __dev_queue_xmit+0x2f9/0x3f60
[  419.491362][ T9461]  ? __dev_queue_xmit+0x2f9/0x3f60
[  419.491384][ T9461]  ? __dev_queue_xmit+0x1780/0x3f60
[  419.491402][ T9461]  ? kasan_save_track+0x3f/0x80
[  419.491423][ T9461]  ? __kasan_slab_alloc+0x66/0x80
[  419.491452][ T9461]  ? do_syscall_64+0xf3/0x230
[  419.491476][ T9461]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  419.491493][ T9461]  ? __dev_queue_xmit+0x2f9/0x3f60
[  419.491516][ T9461]  ? __pfx___dev_queue_xmit+0x10/0x10
[  419.491551][ T9461]  ? ref_tracker_free+0x63e/0x7e0
[  419.491571][ T9461]  ? __asan_memcpy+0x40/0x70
[  419.491591][ T9461]  ? __pfx_ref_tracker_free+0x10/0x10
[  419.491609][ T9461]  ? __skb_clone+0x5c/0x6d0
[  419.491641][ T9461]  ? skb_clone+0x240/0x390
[  419.491671][ T9461]  ? netlink_deliver_tap+0x2e/0x1b0
[  419.491698][ T9461]  ? netlink_deliver_tap+0x2e/0x1b0
[  419.491725][ T9461]  netlink_unicast+0x7f8/0x9a0
[  419.491755][ T9461]  ? __pfx_netlink_unicast+0x10/0x10
[  419.491777][ T9461]  ? skb_put+0x114/0x1f0
[  419.491792][ T9461]  netlink_sendmsg+0x8c3/0xcd0
[  419.491825][ T9461]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.491842][ T9461]  ? lockdep_hardirqs_on+0x9d/0x150
[  419.491866][ T9461]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.491883][ T9461]  __sock_sendmsg+0x221/0x270
[  419.491919][ T9461]  ____sys_sendmsg+0x523/0x860
[  419.491940][ T9461]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.491952][ T9461]  ? __fget_files+0x2a/0x420
[  419.491971][ T9461]  ? __fget_files+0x2a/0x420
[  419.491992][ T9461]  __sys_sendmsg+0x271/0x360
[  419.492010][ T9461]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.492061][ T9461]  ? do_syscall_64+0xb6/0x230
[  419.492092][ T9461]  do_syscall_64+0xf3/0x230
[  419.492117][ T9461]  ? clear_bhb_loop+0x45/0xa0
[  419.492139][ T9461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.492166][ T9461] RIP: 0033:0x7f6608f8e169
[  419.492185][ T9461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.492196][ T9461] RSP: 002b:00007f6606dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.492211][ T9461] RAX: ffffffffffffffda RBX: 00007f66091b6080 RCX: 00007f6608f8e169
[  419.492221][ T9461] RDX: 0000000000000800 RSI: 0000200000000380 RDI: 0000000000000003
[  419.492230][ T9461] RBP: 00007f6606dd5090 R08: 0000000000000000 R09: 0000000000000000
[  419.492238][ T9461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.492246][ T9461] R13: 0000000000000000 R14: 00007f66091b6080 R15: 00007ffe545cb038
[  419.492266][ T9461]  </TASK>
[  420.838689][ T9469] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1037'.
[  420.847843][ T9469] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1037'.
[  421.760754][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1041'.
[  422.031546][   T52] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  422.197926][ T9487] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1043'.
[  422.413662][   T52] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  422.428011][   T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.440374][ T9490] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1046'.
[  422.451278][ T5882] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  422.459778][   T52] usb 3-1: config 0 descriptor??
[  422.651259][ T5882] usb 2-1: Using ep0 maxpacket: 16
[  422.668323][ T5882] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  422.700876][ T5882] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  422.838828][ T5882] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  422.854819][ T5882] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  423.063687][ T9501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.101710][ T9501] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.158793][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  423.167345][ T5882] usb 2-1: SerialNumber: syz
[  423.500845][ T9507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1051'.
[  423.509976][ T9507] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1051'.
[  425.052588][   T52] usb 3-1: USB disconnect, device number 18
[  425.091616][  T994] Bluetooth: hci5: Frame reassembly failed (-84)
[  425.104509][ T5882] usb 2-1: USB disconnect, device number 25
[  425.145210][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1056'.
[  425.265704][ T9524] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1057'.
[  425.504915][ T9532] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1060'.
[  425.768208][ T9533] netlink: 'syz.4.1058': attribute type 1 has an invalid length.
[  427.021351][ T9546] __nla_validate_parse: 1 callbacks suppressed
[  427.021392][ T9546] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1064'.
[  427.037028][ T9546] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1064'.
[  427.167773][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  427.174548][ T5848] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  429.855635][ T9567] netlink: 'syz.4.1069': attribute type 4 has an invalid length.
[  430.035474][ T9568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1071'.
[  431.153114][ T9572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'.
[  431.407792][ T9578] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1075'.
[  431.417032][ T9578] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1075'.
[  432.085149][ T9579] netlink: 'syz.0.1073': attribute type 1 has an invalid length.
[  432.093415][ T9579] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1073'.
[  435.107216][ T9617] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1086'.
[  435.116481][ T9617] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1086'.
[  436.107778][ T9616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1087'.
[  437.860906][ T9633] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1092'.
[  438.344992][ T9633] netem: unknown loss type 13
[  438.382220][ T9633] netem: change failed
[  439.832546][ T9671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1099'.
[  439.841671][ T9671] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1099'.
[  440.419604][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.426381][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.607139][ T9661] ubi31: attaching mtd0
[  440.615907][ T9661] ubi31: scanning is finished
[  440.620638][ T9661] ubi31: empty MTD device detected
[  440.629478][ T5880] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  440.645573][ T9673] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1102'.
[  440.671573][   T10] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  440.727968][ T9661] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  440.735807][ T9661] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  440.743194][ T9661] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  440.750249][ T9661] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  440.757805][ T9661] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  440.764726][ T9661] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  440.772873][ T9661] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1991534460
[  440.783006][ T9661] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  440.794549][ T9679] ubi31: background thread "ubi_bgt31d" started, PID 9679
[  440.802567][ T9681] netdevsim netdevsim0: Firmware load for '..' refused, path contains '..' component
[  440.832166][   T10] usb 5-1: Using ep0 maxpacket: 8
[  440.850343][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  440.868958][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  440.895703][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  440.934957][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  440.966925][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  441.012890][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  441.048186][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  441.071252][ T5880] usb 3-1: device descriptor read/64, error -71
[  441.321478][ T5880] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  441.521523][ T5880] usb 3-1: device descriptor read/64, error -71
[  441.612007][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  441.677617][ T9687] netlink: 'syz.1.1106': attribute type 2 has an invalid length.
[  441.733447][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  441.752358][ T5880] usb usb3-port1: attempt power cycle
[  441.758430][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  441.792990][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  441.800398][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  441.816800][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  442.043583][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  442.055093][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  442.070191][   T10] usb 5-1: string descriptor 0 read error: -22
[  442.076646][   T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  442.086014][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.798215][   T10] usb 5-1: can't set config #168, error -71
[  443.806585][   T10] usb 5-1: USB disconnect, device number 20
[  445.042969][ T9720] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1112'.
[  445.052239][ T9720] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1112'.
[  445.715658][ T9722] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'.
[  446.029248][ T9728] netlink: 'syz.2.1116': attribute type 4 has an invalid length.
[  446.060556][ T9732] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  446.061897][ T9728] netlink: 'syz.2.1116': attribute type 4 has an invalid length.
[  446.413087][   T10] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  447.918985][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.961605][ T5882] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  447.991634][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  448.020073][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  448.083114][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  448.094515][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  448.106783][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  448.117204][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  448.137427][   T10] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  448.316953][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.326360][ T5882] usb 3-1: config 0 has an invalid interface number: 110 but max is 3
[  449.029689][   T10] usb 2-1: Product: syz
[  449.047666][ T5882] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  449.059663][   T10] usb 2-1: Manufacturer: syz
[  449.065453][   T10] usb 2-1: SerialNumber: syz
[  449.071457][ T5882] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 4
[  449.084130][   T10] usb 2-1: config 0 descriptor??
[  449.095723][ T5882] usb 3-1: config 0 has no interface number 0
[  449.138583][ T5882] usb 3-1: config 0 interface 110 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 8
[  449.152392][   T10] usb 2-1: ucan: probing device on interface #0
[  449.177063][   T10] usb 2-1: ucan: invalid endpoint configuration
[  449.184293][ T5882] usb 3-1: config 0 interface 110 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  449.208491][   T10] usb 2-1: ucan: probe failed; try to update the device firmware
[  449.216725][ T5882] usb 3-1: config 0 interface 110 has no altsetting 0
[  449.241478][   T10] usb 2-1: USB disconnect, device number 26
[  449.255213][ T5882] usb 3-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=a4.3f
[  449.312572][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.335778][ T5882] usb 3-1: Product: syz
[  449.342383][ T5882] usb 3-1: Manufacturer: syz
[  449.350208][ T5882] usb 3-1: SerialNumber: syz
[  449.363937][ T5882] usb 3-1: config 0 descriptor??
[  449.370545][ T9753] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  449.562064][ T5882] legousbtower 3-1:0.110: interrupt endpoints not found
[  450.315796][ T5882] usb 3-1: USB disconnect, device number 22
[  450.668011][ T9777] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1127'.
[  450.677229][ T9777] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1127'.
[  451.433357][ T9780] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1129'.
[  451.512248][ T9784] team_slave_0: entered promiscuous mode
[  451.518346][ T9784] team_slave_1: entered promiscuous mode
[  451.664638][ T9786] fuse: Bad value for 'fd'
[  451.665253][ T9784] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  451.709721][ T9784] team0: Device macvtap1 is already an upper device of the team interface
[  453.569654][ T9784] team_slave_0: left promiscuous mode
[  453.575262][ T9784] team_slave_1: left promiscuous mode
[  453.941534][ T5882] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  454.379676][ T5882] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  454.650602][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  454.663031][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.674250][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.684480][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  454.746953][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  454.786371][ T5882] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  454.790067][ T5882] usb 5-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  454.839468][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.860333][ T5882] usb 5-1: Product: syz
[  454.870508][ T5882] usb 5-1: Manufacturer: syz
[  454.880671][ T5882] usb 5-1: SerialNumber: syz
[  454.892334][ T5882] usb 5-1: config 0 descriptor??
[  455.151239][  T978] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  456.263177][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.274241][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.298848][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  456.313420][  T978] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  456.543941][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.666574][ T5882] usb 5-1: ucan: probing device on interface #0
[  456.898157][ T5882] usb 5-1: ucan: invalid endpoint configuration
[  457.101476][ T5882] usb 5-1: ucan: probe failed; try to update the device firmware
[  457.122878][  T978] usb 1-1: config 0 descriptor??
[  457.151633][ T5882] usb 5-1: USB disconnect, device number 21
[  458.247812][  T978] usbhid 1-1:0.0: can't add hid device: -71
[  458.291458][  T978] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  458.407225][  T978] usb 1-1: USB disconnect, device number 19
[  458.563304][ T9845] netlink: 'syz.4.1149': attribute type 10 has an invalid length.
[  458.773474][ T9845] batman_adv: batadv0: Adding interface: team0
[  458.779791][ T9845] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.805286][ T9845] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  460.881760][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  460.881784][   T30] audit: type=1326 audit(1744803551.542:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  461.045511][   T30] audit: type=1326 audit(1744803551.542:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  461.067411][   T30] audit: type=1326 audit(1744803551.552:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  461.188639][   T30] audit: type=1326 audit(1744803551.552:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  461.576040][ T9885] netlink: 'syz.3.1160': attribute type 11 has an invalid length.
[  462.325106][   T30] audit: type=1326 audit(1744803551.552:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9878 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efc583c0a25 code=0x7ffc0000
[  462.347014][  T978] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  462.366984][   T30] audit: type=1326 audit(1744803551.592:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  462.431175][   T30] audit: type=1326 audit(1744803551.772:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9878 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  462.513375][   T30] audit: type=1326 audit(1744803551.792:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  462.544340][ T9897] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1157'.
[  462.568666][   T30] audit: type=1326 audit(1744803551.792:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5838e169 code=0x7ffc0000
[  462.621563][   T30] audit: type=1326 audit(1744803551.832:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9873 comm="syz.0.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc5838cad0 code=0x7ffc0000
[  462.644572][ T9895] xt_bpf: check failed: parse error
[  462.846612][  T978] usb 1-1: Using ep0 maxpacket: 32
[  463.273353][  T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  463.330274][  T978] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  463.339317][  T978] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  463.353025][  T978] usb 1-1: config 0 interface 0 has no altsetting 1
[  463.371756][  T978] usb 1-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57
[  463.390976][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.400830][  T978] usb 1-1: Product: syz
[  463.405460][  T978] usb 1-1: Manufacturer: syz
[  463.410081][  T978] usb 1-1: SerialNumber: syz
[  463.421508][   T52] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  463.434288][  T978] usb 1-1: config 0 descriptor??
[  463.455080][  T978] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  463.487785][  T978] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  463.534307][ T9708] udevd[9708]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  463.562513][   T52] usb 5-1: device descriptor read/64, error -71
[  463.776545][  T978] usb 1-1: USB disconnect, device number 20
[  464.404026][ T9918] loop9: detected capacity change from 0 to 7
[  464.410611][ T9918] buffer_io_error: 7 callbacks suppressed
[  464.410624][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.424395][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.432342][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.440227][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.448529][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.456461][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.464394][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.472255][ T9918] ldm_validate_partition_table(): Disk read failed.
[  464.478895][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.486817][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.494744][ T9918] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.502750][ T9918] Dev loop9: unable to read RDB block 0
[  464.508609][ T9918]  loop9: unable to read partition table
[  464.514456][ T9918] loop9: partition table beyond EOD, truncated
[  464.520633][ T9918] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dƤ����ݡ�����
[  464.520633][ T9918] 
U�������) failed (rc=-5)
[  464.612711][   T52] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  464.831825][   T52] usb 5-1: device descriptor read/64, error -71
[  465.004871][   T52] usb usb5-port1: attempt power cycle
[  465.501835][   T52] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  465.553322][   T52] usb 5-1: device descriptor read/8, error -71
[  465.871575][   T52] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  465.951336][   T52] usb 5-1: device descriptor read/8, error -71
[  466.251033][   T52] usb usb5-port1: unable to enumerate USB device
[  466.778546][ T9942] trusted_key: encrypted_key: master key parameter 'if#��"R�_' is invalid
[  466.898143][ T9942] trusted_key: encrypted_key: master key parameter 'truste' is invalid
[  466.908904][ T9942] trusted_key: encrypted_key: master key parameter 'truste' is invalid
[  466.948837][ T5909] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  467.164073][ T5909] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  467.429597][ T9951] sock: sock_timestamping_bind_phc: sock not bind to device
[  468.281359][ T5909] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  468.654938][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.677058][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.849286][ T5909] usb 2-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  468.876772][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.910608][ T5909] usb 2-1: config 0 descriptor??
[  469.231554][   T52] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  469.411887][   T52] usb 5-1: Using ep0 maxpacket: 16
[  469.504124][   T52] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  469.589780][   T52] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  469.770679][   T52] usb 5-1: Product: syz
[  469.844404][   T52] usb 5-1: Manufacturer: syz
[  469.856712][ T5909] waltop 0003:172F:0034.0004: item fetching failed at offset 5/7
[  469.864769][   T52] usb 5-1: SerialNumber: syz
[  469.927052][   T52] usb 5-1: config 0 descriptor??
[  469.982856][ T5909] waltop 0003:172F:0034.0004: probe with driver waltop failed with error -22
[  470.004289][ T5909] usb 2-1: USB disconnect, device number 27
[  470.186642][   T10] usb 5-1: USB disconnect, device number 26
[  470.203672][ T9984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1189'.
[  470.240209][ T9658] udevd[9658]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  471.608993][T10003] FAULT_INJECTION: forcing a failure.
[  471.608993][T10003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.714728][T10003] CPU: 0 UID: 0 PID: 10003 Comm: syz.4.1195 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  471.714758][T10003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  471.714770][T10003] Call Trace:
[  471.714778][T10003]  <TASK>
[  471.714787][T10003]  dump_stack_lvl+0x241/0x360
[  471.714824][T10003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.714850][T10003]  ? __pfx__printk+0x10/0x10
[  471.714897][T10003]  should_fail_ex+0x424/0x570
[  471.714922][T10003]  _copy_from_user+0x2d/0xb0
[  471.714952][T10003]  copy_from_sockptr_offset+0x60/0xb0
[  471.714982][T10003]  do_ipt_set_ctl+0xbe4/0x1260
[  471.715014][T10003]  ? __pfx___mutex_trylock_common+0x10/0x10
[  471.715039][T10003]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  471.715080][T10003]  ? __mutex_unlock_slowpath+0x229/0x800
[  471.715115][T10003]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  471.715146][T10003]  ? ksys_write+0x24e/0x2d0
[  471.715181][T10003]  nf_setsockopt+0x295/0x2c0
[  471.715215][T10003]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  471.715243][T10003]  do_sock_setsockopt+0x3b1/0x710
[  471.715269][T10003]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  471.715287][T10003]  ? __fget_files+0x2a/0x420
[  471.715313][T10003]  ? __fget_files+0x39d/0x420
[  471.715334][T10003]  ? __fget_files+0x2a/0x420
[  471.715363][T10003]  __x64_sys_setsockopt+0x1ee/0x280
[  471.715391][T10003]  do_syscall_64+0xf3/0x230
[  471.715415][T10003]  ? clear_bhb_loop+0x45/0xa0
[  471.715438][T10003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.715457][T10003] RIP: 0033:0x7f9051f8e169
[  471.715475][T10003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.715491][T10003] RSP: 002b:00007f9052dc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  471.715512][T10003] RAX: ffffffffffffffda RBX: 00007f90521b5fa0 RCX: 00007f9051f8e169
[  471.715526][T10003] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000004
[  471.715549][T10003] RBP: 00007f9052dc4090 R08: 0000000000000268 R09: 0000000000000000
[  471.715560][T10003] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.715572][T10003] R13: 0000000000000000 R14: 00007f90521b5fa0 R15: 00007ffc8123b8d8
[  471.715598][T10003]  </TASK>
[  472.723374][T10016] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem
[  472.776540][T10018] ip6gre2: entered allmulticast mode
[  473.717994][T10030] sctp: [Deprecated]: syz.3.1202 (pid 10030) Use of int in max_burst socket option.
[  473.717994][T10030] Use struct sctp_assoc_value instead
[  477.238064][T10050] netlink: 'syz.2.1207': attribute type 10 has an invalid length.
[  477.451228][   T52] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  477.644946][   T52] usb 2-1: Using ep0 maxpacket: 16
[  477.680310][   T52] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  477.705562][   T52] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  477.739948][   T52] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  477.762149][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.774521][   T52] usb 2-1: Product: syz
[  477.779038][   T52] usb 2-1: Manufacturer: syz
[  477.784433][   T52] usb 2-1: SerialNumber: syz
[  477.835725][   T52] usb 2-1: config 0 descriptor??
[  477.959009][   T52] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  478.021520][   T52] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  478.291568][   T10] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  478.670362][   T52] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  478.687357][   T52] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  478.725008][   T10] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  478.761768][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.775242][   T10] usb 3-1: Product: syz
[  478.782699][   T10] usb 3-1: Manufacturer: syz
[  478.787819][   T10] usb 3-1: SerialNumber: syz
[  478.975992][   T10] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  478.998064][ T5909] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  479.562802][  T978] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  479.671161][   T52] em28xx 2-1:0.0: AC97 command still being executed: not handled properly!
[  479.741457][   T52] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[  479.791671][  T978] usb 1-1: Using ep0 maxpacket: 32
[  479.837104][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  479.883752][T10075] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  479.911514][T10075] CIFS: Unable to determine destination address
[  479.922335][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  479.924841][   T52] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  479.932344][  T978] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  479.932370][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.964401][   T52] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  479.993770][  T978] usb 1-1: config 0 descriptor??
[  479.997216][   T52] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  480.029340][   T52] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  480.423554][   T52] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  480.444624][   T52] usb 2-1: USB disconnect, device number 28
[  480.459661][T10078] sctp: [Deprecated]: syz.3.1215 (pid 10078) Use of int in max_burst socket option.
[  480.459661][T10078] Use struct sctp_assoc_value instead
[  480.761587][ T5909] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  480.856315][ T5909] ath9k_htc: Failed to initialize the device
[  481.257799][  T978] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  481.395706][ T5909] usb 3-1: ath9k_htc: USB layer deinitialized
[  482.024459][T10062] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1210'.
[  482.044001][ T5909] usb 1-1: USB disconnect, device number 21
[  482.109959][   T52] usb 3-1: USB disconnect, device number 23
[  482.765311][T10093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1218'.
[  482.890069][   T30] kauditd_printk_skb: 65 callbacks suppressed
[  482.890091][   T30] audit: type=1326 audit(1744803573.552:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10098 comm="syz.2.1220" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc16498e169 code=0x0
[  482.939669][   T30] audit: type=1326 audit(1744803573.602:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10098 comm="syz.2.1220" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc16498e169 code=0x0
[  482.967291][   T30] audit: type=1326 audit(1744803573.602:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10098 comm="syz.2.1220" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc16498e169 code=0x0
[  483.022508][ T5909] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  483.181216][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  483.195046][ T5909] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  483.239065][ T5909] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  484.051757][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.059814][ T5909] usb 2-1: Product: syz
[  484.090634][ T5909] usb 2-1: Manufacturer: syz
[  484.104051][ T5909] usb 2-1: SerialNumber: syz
[  484.115891][ T5909] usb 2-1: config 0 descriptor??
[  484.125032][ T5909] hub 2-1:0.0: bad descriptor, ignoring hub
[  484.245069][ T5909] hub 2-1:0.0: probe with driver hub failed with error -5
[  484.362732][T10128] overlayfs: missing 'lowerdir'
[  484.623448][   T52] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  485.239701][T10095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.251487][T10095] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.532883][   T52] usb 1-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  485.553584][   T52] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  485.556461][    T9] usb 2-1: USB disconnect, device number 29
[  485.591506][   T52] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 196
[  485.608340][   T52] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  485.619566][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.187070][T10145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1236'.
[  486.231219][T10145] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1236'.
[  486.264687][   T52] usb 1-1: config 0 descriptor??
[  486.330212][   T52] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  486.386285][T10152] sctp: [Deprecated]: syz.4.1238 (pid 10152) Use of int in max_burst socket option.
[  486.386285][T10152] Use struct sctp_assoc_value instead
[  486.998049][T10154] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1239'.
[  487.041351][T10159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1240'.
[  487.070087][T10159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1240'.
[  487.165540][T10164] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1241'.
[  487.651913][ T5909] usb 1-1: USB disconnect, device number 22
[  488.355364][ T5838] Bluetooth: hci4: command 0x0406 tx timeout
[  488.976980][T10196] netlink: 'syz.2.1249': attribute type 1 has an invalid length.
[  489.184864][T10196] 8021q: adding VLAN 0 to HW filter on device bond1
[  490.504547][T10213] �: renamed from pim6reg1
[  491.575597][T10211] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1255'.
[  491.989666][T10230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1258'.
[  492.233637][    T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  492.481602][    T9] usb 5-1: Using ep0 maxpacket: 8
[  492.488776][    T9] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.515713][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  492.598651][    T9] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  492.635795][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.686525][    T9] usb 5-1: config 0 descriptor??
[  493.760439][    T9] steelseries 0003:1038:12B6.0006: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.4-1/input0
[  493.922083][T10239] ALSA: mixer_oss: invalid OSS volume ''
[  495.066939][    T9] usb 5-1: reset high-speed USB device number 27 using dummy_hcd
[  496.130795][T10273] netlink: 'syz.0.1269': attribute type 10 has an invalid length.
[  496.506593][  T978] usb 5-1: USB disconnect, device number 27
[  496.557680][T10273] batman_adv: batadv0: Adding interface: team0
[  496.605066][T10273] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.651837][T10273] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  497.296044][ T5880] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  498.319631][ T5880] usb 5-1: config 0 has no interfaces?
[  498.333341][ T5880] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=91.6f
[  498.356062][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.462411][ T5880] usb 5-1: config 0 descriptor??
[  498.670920][    T9] usb 5-1: USB disconnect, device number 28
[  498.788106][T10306] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  499.071461][    T9] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  499.168946][T10309] tty tty22: ldisc open failed (-12), clearing slot 21
[  499.272812][    T9] usb 5-1: config 0 has no interfaces?
[  499.295695][    T9] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=91.6f
[  499.330896][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.407848][    T9] usb 5-1: config 0 descriptor??
[  499.881997][    T9] usb 5-1: USB disconnect, device number 29
[  500.159661][T10326] futex_wake_op: syz.1.1284 tries to shift op by 35; fix this program
[  500.172807][T10326] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1284'.
[  501.485294][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.718336][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.750382][T10334] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1287'.
[  502.498098][T10342] loop1: detected capacity change from 0 to 63
[  502.520471][    C0] blk_print_req_error: 7 callbacks suppressed
[  502.520495][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.535816][    C0] buffer_io_error: 4 callbacks suppressed
[  502.535830][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.615232][    C1] I/O error, dev loop1, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 7 prio class 0
[  502.642089][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.651345][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.659745][    C1] I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.669187][    C1] Buffer I/O error on dev loop1, logical block 2, async page read
[  502.677159][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.686400][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.763229][    C0] I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.772535][    C0] Buffer I/O error on dev loop1, logical block 2, async page read
[  502.780473][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.789644][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.800969][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.810198][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.818982][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.828134][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.837059][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  502.846282][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.854899][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  502.863098][T10342] ldm_validate_partition_table(): Disk read failed.
[  502.903366][T10342] Dev loop1: unable to read RDB block 0
[  502.912749][T10342]  loop1: unable to read partition table
[  502.918534][T10342] loop_reread_partitions: partition scan of loop1 (3�����) failed (rc=-5)
[  502.932441][T10351] netlink: 304 bytes leftover after parsing attributes in process `syz.3.1291'.
[  503.017771][T10353] FAULT_INJECTION: forcing a failure.
[  503.017771][T10353] name failslab, interval 1, probability 0, space 0, times 0
[  503.103934][T10353] CPU: 0 UID: 0 PID: 10353 Comm: syz.4.1292 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  503.103962][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  503.103975][T10353] Call Trace:
[  503.103982][T10353]  <TASK>
[  503.103990][T10353]  dump_stack_lvl+0x241/0x360
[  503.104024][T10353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  503.104050][T10353]  ? __pfx__printk+0x10/0x10
[  503.104079][T10353]  ? __pfx___might_resched+0x10/0x10
[  503.104106][T10353]  should_fail_ex+0x424/0x570
[  503.104131][T10353]  should_failslab+0xac/0x100
[  503.104152][T10353]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  503.104174][T10353]  ? __alloc_skb+0x1c2/0x480
[  503.104196][T10353]  __alloc_skb+0x1c2/0x480
[  503.104214][T10353]  ? ip_generic_getfrag+0x1bf/0x320
[  503.104238][T10353]  ? __pfx___alloc_skb+0x10/0x10
[  503.104253][T10353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.104284][T10353]  __ip6_append_data+0x2d15/0x41b0
[  503.104331][T10353]  ? __pfx_raw6_getfrag+0x10/0x10
[  503.104373][T10353]  ? __pfx___ip6_append_data+0x10/0x10
[  503.104411][T10353]  ? ip6_setup_cork+0xaaf/0x11c0
[  503.104445][T10353]  ip6_append_data+0x25f/0x380
[  503.104477][T10353]  ? __pfx_raw6_getfrag+0x10/0x10
[  503.104499][T10353]  rawv6_sendmsg+0x1855/0x23c0
[  503.104544][T10353]  ? __lock_acquire+0xad5/0xd80
[  503.104564][T10353]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  503.104600][T10353]  ? smack_socket_sendmsg+0x184/0x580
[  503.104634][T10353]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  503.104665][T10353]  ? tomoyo_socket_sendmsg_permission+0x285/0x420
[  503.104701][T10353]  ? sock_rps_record_flow+0x1a/0x410
[  503.104725][T10353]  ? inet_sendmsg+0x330/0x390
[  503.104750][T10353]  __sock_sendmsg+0x1a6/0x270
[  503.104779][T10353]  sock_write_iter+0x2d9/0x3f0
[  503.104806][T10353]  ? __pfx_sock_write_iter+0x10/0x10
[  503.104852][T10353]  do_iter_readv_writev+0x71f/0x9d0
[  503.104888][T10353]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  503.104923][T10353]  ? bpf_lsm_file_permission+0x9/0x10
[  503.104944][T10353]  ? rw_verify_area+0x246/0x630
[  503.104973][T10353]  vfs_writev+0x38d/0xbc0
[  503.104994][T10353]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  503.105022][T10353]  ? vfs_write+0xb29/0xd10
[  503.105050][T10353]  ? __lock_acquire+0xad5/0xd80
[  503.105069][T10353]  ? __pfx_vfs_writev+0x10/0x10
[  503.105111][T10353]  ? __fget_files+0x2a/0x420
[  503.105135][T10353]  ? __fget_files+0x39d/0x420
[  503.105155][T10353]  ? __fget_files+0x2a/0x420
[  503.105186][T10353]  do_writev+0x1b8/0x360
[  503.105213][T10353]  ? __pfx_do_writev+0x10/0x10
[  503.105240][T10353]  ? do_syscall_64+0xb6/0x230
[  503.105267][T10353]  do_syscall_64+0xf3/0x230
[  503.105291][T10353]  ? clear_bhb_loop+0x45/0xa0
[  503.105314][T10353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.105333][T10353] RIP: 0033:0x7f9051f8e169
[  503.105349][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  503.105365][T10353] RSP: 002b:00007f9052dc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  503.105387][T10353] RAX: ffffffffffffffda RBX: 00007f90521b5fa0 RCX: 00007f9051f8e169
[  503.105407][T10353] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  503.105418][T10353] RBP: 00007f9052dc4090 R08: 0000000000000000 R09: 0000000000000000
[  503.105430][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  503.105442][T10353] R13: 0000000000000000 R14: 00007f90521b5fa0 R15: 00007ffc8123b8d8
[  503.105472][T10353]  </TASK>
[  503.449385][    C0] vkms_vblank_simulate: vblank timer overrun
[  503.459731][T10357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1294'.
[  505.532225][T10392] sctp: [Deprecated]: syz.3.1305 (pid 10392) Use of int in max_burst socket option.
[  505.532225][T10392] Use struct sctp_assoc_value instead
[  505.619496][T10398] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  506.498289][T10409] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1310'.
[  507.887331][T10422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1314'.
[  507.921324][T10430] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1316'.
[  508.555636][T10451] capability: warning: `syz.1.1318' uses 32-bit capabilities (legacy support in use)
[  509.685578][T10459] FAULT_INJECTION: forcing a failure.
[  509.685578][T10459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  509.749355][T10459] CPU: 0 UID: 0 PID: 10459 Comm: syz.4.1324 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  509.749384][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  509.749395][T10459] Call Trace:
[  509.749402][T10459]  <TASK>
[  509.749410][T10459]  dump_stack_lvl+0x241/0x360
[  509.749444][T10459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.749468][T10459]  ? __pfx__printk+0x10/0x10
[  509.749502][T10459]  should_fail_ex+0x424/0x570
[  509.749527][T10459]  _copy_to_user+0x31/0xb0
[  509.749555][T10459]  simple_read_from_buffer+0xc4/0x170
[  509.749579][T10459]  proc_fail_nth_read+0x1ef/0x260
[  509.749606][T10459]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  509.749631][T10459]  ? rw_verify_area+0x246/0x630
[  509.749659][T10459]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  509.749684][T10459]  vfs_read+0x21f/0xb90
[  509.749730][T10459]  ? __pfx___mutex_lock+0x10/0x10
[  509.749757][T10459]  ? __pfx_vfs_read+0x10/0x10
[  509.749787][T10459]  ? __fget_files+0x2a/0x420
[  509.749810][T10459]  ? __fget_files+0x39d/0x420
[  509.749831][T10459]  ? __fget_files+0x2a/0x420
[  509.749867][T10459]  ksys_read+0x19d/0x2d0
[  509.749914][T10459]  ? __pfx_ksys_read+0x10/0x10
[  509.749968][T10459]  ? do_syscall_64+0xb6/0x230
[  509.749998][T10459]  do_syscall_64+0xf3/0x230
[  509.750025][T10459]  ? clear_bhb_loop+0x45/0xa0
[  509.750050][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.750070][T10459] RIP: 0033:0x7f9051f8cb7c
[  509.750090][T10459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  509.750107][T10459] RSP: 002b:00007f9052dc4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  509.750130][T10459] RAX: ffffffffffffffda RBX: 00007f90521b5fa0 RCX: 00007f9051f8cb7c
[  509.750145][T10459] RDX: 000000000000000f RSI: 00007f9052dc40a0 RDI: 0000000000000004
[  509.750158][T10459] RBP: 00007f9052dc4090 R08: 0000000000000000 R09: 0000000000000000
[  509.750171][T10459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  509.750183][T10459] R13: 0000000000000000 R14: 00007f90521b5fa0 R15: 00007ffc8123b8d8
[  509.750216][T10459]  </TASK>
[  513.371184][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  513.464005][T10491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1333'.
[  514.361474][    T9] usb 5-1: Using ep0 maxpacket: 8
[  514.368435][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.379389][    T9] usb 5-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  514.400864][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.597649][    T9] usb 5-1: config 0 descriptor??
[  514.710765][T10499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1336'.
[  514.741180][T10499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1336'.
[  514.833315][T10499] ipvlan0: entered promiscuous mode
[  514.852957][T10499] ipvlan0: left promiscuous mode
[  515.412808][    T9] holtek 0003:1241:5015.0007: unknown main item tag 0x0
[  515.420348][    T9] holtek 0003:1241:5015.0007: item fetching failed at offset 3/5
[  515.449675][T10502] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1337'.
[  515.464909][    T9] holtek 0003:1241:5015.0007: parse failed
[  515.477416][    T9] holtek 0003:1241:5015.0007: probe with driver holtek failed with error -22
[  516.369265][T10512] sp0: Synchronizing with TNC
[  516.573281][T10524] sch_tbf: peakrate 4 is lower than or equals to rate 11294731968500527568 !
[  516.588509][T10523] fuse: Bad value for 'group_id'
[  516.617692][T10523] fuse: Bad value for 'group_id'
[  517.407388][   T52] usb 5-1: USB disconnect, device number 30
[  517.591337][T10537] netlink: 'syz.2.1343': attribute type 4 has an invalid length.
[  517.663382][T10540] hsr0: entered promiscuous mode
[  517.668998][T10540] vlan2: entered promiscuous mode
[  518.021326][   T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  518.191208][   T24] usb 2-1: Using ep0 maxpacket: 16
[  518.222369][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  518.247167][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.286271][   T24] usb 2-1: Product: syz
[  518.313586][   T24] usb 2-1: Manufacturer: syz
[  518.435563][   T24] usb 2-1: SerialNumber: syz
[  518.746503][   T24] r8152-cfgselector 2-1: Unknown version 0x0000
[  518.781153][   T24] r8152-cfgselector 2-1: config 0 descriptor??
[  519.181804][T10562] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1350'.
[  519.354686][    T9] r8152-cfgselector 2-1: USB disconnect, device number 30
[  520.369074][T10580] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1357'.
[  520.549055][T10584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.578350][T10584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.781586][  T881] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  520.805365][   T24] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  520.971586][  T881] usb 2-1: Using ep0 maxpacket: 32
[  521.069601][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  521.093957][  T881] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  521.105745][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  521.125977][  T881] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  521.141383][T10578] nbd4: detected capacity change from 0 to 67108884
[  521.143243][   T24] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  521.173860][T10594] block nbd4: Send control failed (result -89)
[  521.190346][  T881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  521.194246][T10594] block nbd4: Request send failed, requeueing
[  521.215971][  T881] usb 2-1: config 1 has no interface number 0
[  521.222243][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.251231][  T881] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  521.261630][ T5848] block nbd4: Receive control failed (result -32)
[  521.264463][   T24] usb 3-1: config 0 descriptor??
[  521.281109][  T881] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  521.294642][   T11] block nbd4: Dead connection, failed to find a fallback
[  521.302219][   T11] block nbd4: shutting down sockets
[  521.307579][   T11] blk_print_req_error: 10 callbacks suppressed
[  521.307592][   T11] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.327791][   T11] buffer_io_error: 9 callbacks suppressed
[  521.327804][   T11] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.356306][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.366322][  T881] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  521.383895][T10596] netlink: 'syz.0.1359': attribute type 4 has an invalid length.
[  521.401779][  T881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.431324][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.456686][  T881] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  521.479053][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.489760][T10596] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1359'.
[  521.502105][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.523036][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.533546][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.538951][   T24] razer 0003:1532:010E.0008: item fetching failed at offset 3/5
[  521.556503][   T24] razer 0003:1532:010E.0008: probe with driver razer failed with error -22
[  521.570523][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.600204][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.629382][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.667249][  T881] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  521.684883][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.709186][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.724654][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.734052][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.750141][  T881] usb 3-1: USB disconnect, device number 24
[  521.762572][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.775504][T10594] ldm_validate_partition_table(): Disk read failed.
[  521.782960][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.794637][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.804360][T10594] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  521.827329][T10594] Buffer I/O error on dev nbd4, logical block 0, async page read
[  521.841350][T10594] Dev nbd4: unable to read RDB block 0
[  521.848000][T10594]  nbd4: unable to read partition table
[  521.861640][T10594] erofs (device nbd4): cannot read erofs superblock
[  521.870762][ T9708] ldm_validate_partition_table(): Disk read failed.
[  521.909183][ T9708] Dev nbd4: unable to read RDB block 0
[  521.921013][ T9708]  nbd4: unable to read partition table
[  521.943242][ T9708] ldm_validate_partition_table(): Disk read failed.
[  521.955795][ T9708] Dev nbd4: unable to read RDB block 0
[  521.968575][ T9708]  nbd4: unable to read partition table
[  522.170818][  T978] usb 2-1: USB disconnect, device number 31
[  522.189261][  T978] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  523.482805][T10615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1364'.
[  524.450719][T10618] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1366'.
[  524.630550][T10626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1367'.
[  524.652819][T10623] ieee802154 phy0 wpan0: encryption failed: -22
[  524.660999][T10623] Cannot find del_set index 0 as target
[  524.907485][T10633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1373'.
[  524.929158][T10633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1373'.
[  525.031190][   T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  526.032882][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  526.044375][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  526.055211][   T24] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  526.064604][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.578302][   T24] usb 3-1: config 0 descriptor??
[  527.915249][   T24] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0
[  528.236727][   T24] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0
[  528.254278][   T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0009/input/input27
[  528.280968][   T24] cm6533_jd 0003:0D8C:0022.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  529.553921][T10690] atomic_op ffff88807eded198 conn xmit_atomic 0000000000000000
[  529.768803][T10696] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1391'.
[  530.516206][T10706] sctp: [Deprecated]: syz.4.1393 (pid 10706) Use of int in max_burst socket option.
[  530.516206][T10706] Use struct sctp_assoc_value instead
[  531.351027][ T5909] usb 3-1: USB disconnect, device number 25
[  532.329656][T10721] 
[  532.332035][T10721] ======================================================
[  532.339081][T10721] WARNING: possible circular locking dependency detected
[  532.346091][T10721] 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 Not tainted
[  532.353198][T10721] ------------------------------------------------------
[  532.360199][T10721] syz.4.1398/10721 is trying to acquire lock:
[  532.366251][T10721] ffff88802aa20aa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_switch_to_fallback+0x35/0xda0
[  532.376959][T10721] 
[  532.376959][T10721] but task is already holding lock:
[  532.384312][T10721] ffff88802aa20258 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x55/0x530
[  532.393097][T10721] 
[  532.393097][T10721] which lock already depends on the new lock.
[  532.393097][T10721] 
[  532.403509][T10721] 
[  532.403509][T10721] the existing dependency chain (in reverse order) is:
[  532.412506][T10721] 
[  532.412506][T10721] -> #2 (sk_lock-AF_INET){+.+.}-{0:0}:
[  532.420142][T10721]        lock_acquire+0x116/0x2f0
[  532.425158][T10721]        lock_sock_nested+0x48/0x100
[  532.430451][T10721]        do_ip_setsockopt+0x17e9/0x39c0
[  532.436038][T10721]        ip_setsockopt+0x63/0x100
[  532.441092][T10721]        do_sock_setsockopt+0x3b1/0x710
[  532.446644][T10721]        __x64_sys_setsockopt+0x1ee/0x280
[  532.452352][T10721]        do_syscall_64+0xf3/0x230
[  532.457368][T10721]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.463776][T10721] 
[  532.463776][T10721] -> #1 (rtnl_mutex){+.+.}-{4:4}:
[  532.471085][T10721]        lock_acquire+0x116/0x2f0
[  532.476116][T10721]        __mutex_lock+0x1a5/0x10c0
[  532.481222][T10721]        do_ipv6_setsockopt+0xa9a/0x3680
[  532.486857][T10721]        ipv6_setsockopt+0x5d/0x170
[  532.492066][T10721]        smc_setsockopt+0x25c/0xd50
[  532.497268][T10721]        do_sock_setsockopt+0x3b1/0x710
[  532.502827][T10721]        __x64_sys_setsockopt+0x1ee/0x280
[  532.508535][T10721]        do_syscall_64+0xf3/0x230
[  532.513554][T10721]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.519965][T10721] 
[  532.519965][T10721] -> #0 (&smc->clcsock_release_lock){+.+.}-{4:4}:
[  532.528571][T10721]        validate_chain+0xa69/0x24e0
[  532.533867][T10721]        __lock_acquire+0xad5/0xd80
[  532.539091][T10721]        lock_acquire+0x116/0x2f0
[  532.544110][T10721]        __mutex_lock+0x1a5/0x10c0
[  532.549220][T10721]        smc_switch_to_fallback+0x35/0xda0
[  532.555021][T10721]        smc_sendmsg+0x11f/0x530
[  532.559967][T10721]        __sock_sendmsg+0x221/0x270
[  532.565185][T10721]        __sys_sendto+0x365/0x4c0
[  532.570199][T10721]        __x64_sys_sendto+0xde/0x100
[  532.575475][T10721]        do_syscall_64+0xf3/0x230
[  532.580494][T10721]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.586904][T10721] 
[  532.586904][T10721] other info that might help us debug this:
[  532.586904][T10721] 
[  532.597119][T10721] Chain exists of:
[  532.597119][T10721]   &smc->clcsock_release_lock --> rtnl_mutex --> sk_lock-AF_INET
[  532.597119][T10721] 
[  532.610675][T10721]  Possible unsafe locking scenario:
[  532.610675][T10721] 
[  532.618116][T10721]        CPU0                    CPU1
[  532.623486][T10721]        ----                    ----
[  532.628836][T10721]   lock(sk_lock-AF_INET);
[  532.633248][T10721]                                lock(rtnl_mutex);
[  532.639765][T10721]                                lock(sk_lock-AF_INET);
[  532.646707][T10721]   lock(&smc->clcsock_release_lock);
[  532.652092][T10721] 
[  532.652092][T10721]  *** DEADLOCK ***
[  532.652092][T10721] 
[  532.660234][T10721] 1 lock held by syz.4.1398/10721:
[  532.665333][T10721]  #0: ffff88802aa20258 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x55/0x530
[  532.674556][T10721] 
[  532.674556][T10721] stack backtrace:
[  532.680467][T10721] CPU: 0 UID: 0 PID: 10721 Comm: syz.4.1398 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
[  532.680487][T10721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  532.680497][T10721] Call Trace:
[  532.680504][T10721]  <TASK>
[  532.680511][T10721]  dump_stack_lvl+0x241/0x360
[  532.680536][T10721]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.680556][T10721]  ? __pfx__printk+0x10/0x10
[  532.680577][T10721]  ? print_lock+0x171/0x1a0
[  532.680595][T10721]  print_circular_bug+0x2e1/0x300
[  532.680616][T10721]  check_noncircular+0x142/0x160
[  532.680637][T10721]  validate_chain+0xa69/0x24e0
[  532.680660][T10721]  ? look_up_lock_class+0x7b/0x170
[  532.680680][T10721]  ? register_lock_class+0x54/0x330
[  532.680696][T10721]  __lock_acquire+0xad5/0xd80
[  532.680713][T10721]  lock_acquire+0x116/0x2f0
[  532.680726][T10721]  ? smc_switch_to_fallback+0x35/0xda0
[  532.680748][T10721]  __mutex_lock+0x1a5/0x10c0
[  532.680766][T10721]  ? smc_switch_to_fallback+0x35/0xda0
[  532.680784][T10721]  ? futex_wait_queue+0x31/0x1f0
[  532.680798][T10721]  ? futex_unqueue+0xcb/0xf0
[  532.680820][T10721]  ? smc_switch_to_fallback+0x35/0xda0
[  532.680837][T10721]  ? __pfx___mutex_lock+0x10/0x10
[  532.680859][T10721]  ? __local_bh_enable_ip+0x168/0x200
[  532.680882][T10721]  ? lockdep_hardirqs_on+0x9d/0x150
[  532.680900][T10721]  ? __local_bh_enable_ip+0x168/0x200
[  532.680925][T10721]  smc_switch_to_fallback+0x35/0xda0
[  532.680941][T10721]  ? do_raw_spin_unlock+0x13c/0x8b0
[  532.680966][T10721]  smc_sendmsg+0x11f/0x530
[  532.680983][T10721]  ? __pfx_smc_sendmsg+0x10/0x10
[  532.681010][T10721]  __sock_sendmsg+0x221/0x270
[  532.681032][T10721]  __sys_sendto+0x365/0x4c0
[  532.681070][T10721]  ? __pfx___sys_sendto+0x10/0x10
[  532.681086][T10721]  ? do_futex+0x37c/0x5a0
[  532.681122][T10721]  __x64_sys_sendto+0xde/0x100
[  532.681139][T10721]  do_syscall_64+0xf3/0x230
[  532.681159][T10721]  ? clear_bhb_loop+0x45/0xa0
[  532.681174][T10721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.681187][T10721] RIP: 0033:0x7f9051f8e169
[  532.681198][T10721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.681210][T10721] RSP: 002b:00007f9052dc4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  532.681223][T10721] RAX: ffffffffffffffda RBX: 00007f90521b5fa0 RCX: 00007f9051f8e169
[  532.681233][T10721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
[  532.681240][T10721] RBP: 00007f9052010a68 R08: 0000200000e68000 R09: 0000000000000010
[  532.681248][T10721] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000000
[  532.681257][T10721] R13: 0000000000000000 R14: 00007f90521b5fa0 R15: 00007ffc8123b8d8
[  532.681271][T10721]  </TASK>