last executing test programs:

1m35.248914822s ago: executing program 0 (id=563):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
set_mempolicy(0x6, &(0x7f0000000080)=0x89, 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1m34.601405795s ago: executing program 0 (id=565):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x5}}, './file0\x00'})
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0xa6040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x4, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r5, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000300)={r6, r5, 0x4, r5}, 0x10)

1m33.864125315s ago: executing program 0 (id=568):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0x1, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r1, &(0x7f0000000a80)="3fc31cb495414f056d90b56c1017997841271b8eb183f8b8f96f637fe6c7de0bb241f84c4c0813933d845552e48ab5d9792fe1d5a4957ceeb512a923c973114b7b1d6a3d5246083cec5a90e87bac2707cda394b90a461d2daaafe53ffe38667ab3b46f194a7a037831528f47ac354aa8d2a2108630d92ddca5b477584fefd44a9b57b4126d60e4a321684fb0d2641e74c98361c03bd257f0fe6d34a256d686b2db3531e576503a5c6792826ae1ffc9baef2ed037a09e59452cb3ea8d08cda5879739262181a9d1c1638ca8a5faa909b5a5e4bd772199ac7c870aa4cede6e9a923a3f4bf36c45ec04b5a2067012485dee68fcd77b04e3c4ab35c91e9e4e417e05582b33e808ee84106ccd06b0c4f4f6c1fc4b999a242e7a9e97cd5b54460bd4b87c8382dca85dd014e7e8a0029fc47347c1f51b17aca81c9be5dd4d04de96157545ad64f1b8f904037e74bf4327fbd9f09584e661dd8757725e48e17951338ac8ea6f95ee58489f1e7e9a5d400546e625350aa2a95be7bffcee4ecc76c044721b541ddac003e8c7e506dcdb7922fdab59e851e7af6bf3513261f3405b93331af2cb6efa1904dfa37407ffd93d462794f264b29504720aab678eb18824bc210c4debe6fd02f74d00cc69357f168b1cb779597933caeca30de8d56735f3a066b7acc619e8b524fc35100f7590099823f1e3492534e5a0016f3dc5ae19f1dcffb60043192941b18d5b9945b56c97eecf961e876e3eea735e91a5e8180f5ce79f4e517f1f8f84b2873642f57b275bedfe50c04a6f1deb5c03de22ae70d5c13376d40c3bcd3b4387569473d50c29754e0adef7a75258fe24cd0936fdafd2bf3a7ab019b3b1387ba22d8cc40214b4f191eaabccef06fe46725101988de21a4307e35199662d56efb16e7bfc8143a0b001751deb4b35f27e557fd67cf8afffa5ec34492676528e3af674303e8cf2dbbc07ba3be8965f28045f220d4e23ed3fd876ada147a6d4cce07e7682dcba1df9355a06cadeeffc6d2ddc2429a681e08ece065f6753d00e8ba02ad1472f5124170758bfda803027da24887bec337d4317e6df1fd6cd187a0baa36db5ed7cf4819faf1a6baa52e1450cadf0bd3874c3043756493572d57ae90c0944520f53191bd0905f155f4353c97b01d5e04be4c994906ca88918bff95638931480793c5b5e0e70990653d08124940264c01ca3cf3aa77b6cc0f3622db3a60eca9dd7603036097b3303cad654c4b5caa1ccb23925e68fbfd65a3285071e2a6a44266e9812ee4ba087a2a138e81440297cd0a60d9ce487e4616eb6399b026ab775a8255f0b7f227a0c624deaa5cb36cc14de78f866d6b2cef918325582b4d814dff408be9812d451e5dd2d751487d27c73d72712b8694ba7acc221efbcabc7015a3092f825c59b0cbb1b84fa4b8bdf7947b03a822917fab3b73b2a5ef2a41de042bf0f43357815e0d74113b7fae7e7eb4e142ec88586dd51cfdf3a68c2b174817e0d73dbdcb47ce921c0cb1a68a787d63a12df55c66855e70bc9e1b0e1ef1bbad526f1333dca3e22abc6bdab1337b048ba186cd42dea7bde7c090a8563154face82e54780a98a99474cea97a561c5aebf7e4ec68e126047360282bbccf5d1fee4e15ec09fbaba56f94e26ed986d5d3eaa8264155a56f01830dc8665e0cac4cc592b41df6c03439688240d93b5f1ae4b7881908004c2772da251dfd88fe3d856994d12e9a33b5ffd179b5e722c5672bfd34e98ce6d03c5342870f63804a8382f96423af4b5cb36952f98b86e54ee4811efec1f01de820246e414d82fa233f2b36bc4b98f9bfe4d8766765b4805182ea101117913e1722ff70bafbcb70f4b8efcf437bdfc0a828ec7dce7dce3a2f959f36c4086591d4c9a4d2ef970ddbf322ba34eabd17e1a746edd1d4a3dce42e84379379a86ed574bc3830200898355bcdeb1dfe97856155bd89863a265bfbda7fb3305a1093278c31eef2d9f7a4246352159f3df7380584b1c66398bf6b7f864a5ef5ce89faa5ae9c184de8bd92583fbf78f87b21629cb3b3ef9a8951a8f782a0aeb195bf67dd2177afa63985b306ef0529bf555f79383645a2a5edefe4525db4082726571a4480c365c62bbc3aee40efd1601393819fd52bdcdaf538385ba49aacffca0a314c2fd4a7dac1bfb511e7a99c06b72410fb9d1a9a30c09f3838c569fb401525440fd072b3d19e99cb37352997ba0429d62950fb74e54de860e008c72563a67a8e9839e3c0893ff06d8ad5e696e96766f09b677fc65ffe64915967d2abf1e5154f3109a1faa50d0f02cf883c647a4278eb944d8a9d1f7133c0832d33b939322d501af8231f4955648f2ead4ef1213dddec7febf92b00b3a5021cdbfb284fb21d4d0e6dda98c22d7a604d6e9205342ccfbd287fdcceb4049668a59ff0082310e7f590872f826b9383e71c1cc25d86dffa276265db0c2464e300091349e1119431c86a6e4ac912ce09aca3af6d92463d025115e026230aa89a85b1b424da799664f9270ed6beeaa36b963507e1604fb3d800f170694d3a2b9afb143cdc61242fbf246d230fe4cf4ece1826765ac3902133cf77c5c0442d8775bc80ae6126dca38100b665a43e0be4b178ab639bb0899745c5db4ba346ca04b6e5ac6f670595bb6784e8bb8bee17ad716ec4889319684d8e1eff15e218520ac18f5452724c7591e3b702b74d0b580b3cb4b53c0d030ca511fdf843d490edc7239ebeb43c85c539a37fc13980cc0aa7c171053f962012fcca0ef4555bac7d760a5e9ec1a6357edc8b9531e4b80ceecc9cdbb4737b1df6caa6595b4e00a5bc81ff8fc18bd002b7a77311a39454cde61c0907636b28e92f08dc474d1c24ae51d2398922fe0e5360d037b80fa208740bb84ae2c5713d2d55ab0901acdafe71384c4c5328e5b692f5ff1bb53279200f76cfdea1ea19568bb673a8f76ab2d5b5c2af232075ea7e71f9e74b88504b2b967fe9b2540d707fc14a702510e5e2427f33441d0d1d46108b8a93c891e5bff37e0889b9c8cd460b6dccc9dc6311f355bcbea6d5ba243e73d32e9d819dff61c9b3a6ebd608c47dea3c509f680d17fe3c3259407c1ccd8c6160b98733aa27ec145dd0ee24ae74955b25fd2c2a3ed7410fe0ba7f491ae8e7eb9815383c0b08964ff0b97c78d9e6db362087f7c81fe2bc81c77e128d2008f82cb440242ab1418e6d5a0b21111e2d108cf1408593e30d9ccf55818b2e25e35e83789b3c55daa517b4f6dbcc4276e7b4f33280209d6037dc60cc78a210e082b579503e4d909988cc5d5a14cc33586feb333d62f0167e2b1d85447459cfd7b5240a682ff84c0355a57be883cc4bd6cfd37cc4befc486168766e363f0a6f7418325af967af695c2fbc912d129eda5214fea6504f62a4ca024efd2d99a374ddf5a9b72f9d8bee399621e814fb8ccf0c207ef20404526d0953cfa5f73b2ca866a725a4b6efd1a01e72bc3c48170ab92780593cfaf7ff4d1ef5db32de6287c3c10ddbaae0d154a112fa532f179e3bde0d937bf143e5a3473b10faaea1fb7b0bcd2c6917bbb26bbedad72fc7d9c2bad7426c05fb295952121305162f5b112ecfcfd26996423ae405551c8e68da0d430c2365798e9675553b4a2ff0b4226cd62ad1389dea721f0bb5cf44efd95f89158dd5540dc3702ad496fbe7997219ec044bf4e43ffdeae4e601ca127fdb6b608d513342de0d3970fc3f892f8a43ddbabd556ec4ce36ed94e6b4481370fa79ee79fd34f5455fb09460b116371e2dc9796ee20347cb91ac4f6b17d733325e63fd78455ef75c256da3367358fc6be7bac42ead34f6aef0ebfb4fdabd448f5615d0fd70b5e726f6ef2714f285f0b53b7f8c3417d66d90e4c78ec09122cee9493b682c509117194967aabdb7c316401fddce73f5f23c075f1fd17731469ceaae559dd183d04b16a5785b1a78d6d91352112a4ed7a4cecd76a4a09cfc4a0f1973f03945cd34652d9f836e6522dca62c6f1349465de50b410193ceb16043e07fe17daed5b001ac7ebe7279e71ba88bc6b75772163586cd80b203944595d88a44f38d3b0d22791561313e7088c90f66e1d56ce68ea34491c656a865d6c6d490d4712fa9fd243d23b800b70e2246fc14843d632c0f6a7fea7ea58dfe34fa39d284784285acb751fe7b09049c65e932f4b876c2bdcd500a82f1c45555ff39d8fe68546b871ff56d186363afe833a14333b2b59510407198e832205e9e9061224281e25e0e66962cd513f1343a338a9371cc16e2eedcfa563ace48d6f398e75df4fe651b5a9d7016713e1b53723e70950632e1e97246383b05efdd8559fb28eb83155b792be366580e0bb87ea3edbbe21531f7e6880d06db00101e70e81f781d2fc533fd5f2743e150fc84f73715ec813e8f11ecf8aaa2dc7ac42a70de38c1f2c843a07a124968919cb8aa1b65a6689afea9a014abfadcf4e2aba36c2275dde59dcfbbd2afe2b208ce106ccc0da120f6d55506edf5c4de6cdb1e3a2fc2c3f19bdbfdd3c688a9d4ce7dbdeec0528530d1d354ae6456d191ab91ec65edeaae3ffbb2d023e7401ef092e8903b35418578695342460f18dc8eba3b5f40f896ac7bb4b42e2ca41f1d7576de37f2c4bf4fa69830704b5bbcf079ede876b0409f421abdc5c030045b343be1a2602bec0d66e1d3b9dca93939f7d266c5622a06a35cebc5246c58c2e6f2fc2f51fccf049a5c8119a0be84e7bd33b9c3f8e2c3473f45108adb6e7d5012d89e1df44977c92eafd28e6d4f93026145298ff8b01c666e786c796bece4bfce7c7aedf3103c758b570f9b062a54cac8e9ee276f036d5aa851f067a47299d95a792f3222723f11c145428401fce305290dc7bd49cfa43b7d6df50166c6d2a5c3a5d68adb9980a406de6c7d52834545ecbe30924f3fc18305e86dbb26c6d1d961794aa70cd32ae666a3bda6ed883d1a75e36392593f38a10c186a193dd471e00c4d19a2723c165f2aed989038e19158a3798d6fe573c5e0f9b989892cb8b2d0f874526858e17b4ca678850f764c92edc1bb3ecee366b581db473fe04c0e4830492f64eada2912024a54901f87e9f17903689be451725b5d950b7ed39b931c935e53609ee7fa26fd7ab9d89246e2415c3d0d2ec8ec3d107b5215fdc78cc25afd9fe16b9abe14138e94df0d72bc5dd666f606a770ddc0959670b44282a051a370ae2f41ec2317821148644405a99c6921d651543f4230f327214962724945fa422c6cff28b9dec6eb4159ef338088b3cb506682414ef60a6edcc8c134b1030d678f455fcd5af94b27396e836c54c6db8dd43e7e3d52b04f4d5c44994b76995aecfd27ec21a2c5fb46523d0f4f7e44b267b4eab9e4c0ac6bd9231c79748e1cb819f278380b2dd43418763a8b6cdddb1d09b29a1fe444cedf65eae67447dfaa33d30cc24e175f2eabf70753a09332921d610cc7e9904a2b21a8bec619544da48e008688df6a1c44470aad3ba3bf43e6eec983c8315905983ab64f8577ae6276f6ac8068fed13908292dd243f9a7a435fb84f5725820fcd82ab6db80a431df1510bd69e226097d9cc53fe301cde341354960b467f34adef66eb15668ef1f6416ec7bfa647f4878c9fa11c6f3d7cfb1ec486b9745fcf7e8d6352553add35b1075388247db5475618b7b95b5dc63d76f05ddc6417d6cbed0c853f37929d627eefea03606f37090af91c20092aec89b48699e73eac4e525f156f168a4473e761640ea761d9b65857e515062b78f89dbf7d35294d8331a873aef574a00e3e5b223bfa47e830d412cc", &(0x7f0000001d80)=""/4096}, 0x20)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000440)={[0x6]}, &(0x7f0000000480), 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xa0)
read$nci(0xffffffffffffffff, &(0x7f0000000200)=""/100, 0x64)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r3 = getpgrp(0x0)
prlimit64(r3, 0xfe31fb992765b594, &(0x7f0000000280)={0x5, 0x5}, &(0x7f0000000300))
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x18, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000080)='pkcs7_test\x00', 0x0, &(0x7f0000000200)="3081a3", 0x1001, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r5, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r6, 0x30, 0x0, @ib={0x1b, 0x80, 0x0, {}, 0x5, 0x5}}}, 0x90)

1m33.068758662s ago: executing program 0 (id=569):
syz_usb_connect(0x5, 0x3d, &(0x7f0000000e80)=ANY=[@ANYBLOB="12011001b1fb66101e090300bb350102030109022b0001080540040904ce01026fda0d000705f71f22810b09050c020002010340ff0500030004030509"], 0x0)

1m29.873414839s ago: executing program 0 (id=579):
setresuid(0xee00, 0xee00, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, 0x0, 0x0)

1m29.155534639s ago: executing program 0 (id=581):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x42, &(0x7f0000000040), 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x10, &(0x7f0000000100)="01681adb", 0x4)
prlimit64(0x0, 0x3, &(0x7f0000000300)={0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
mq_notify(r6, &(0x7f0000000180)={0x0, 0x2b, 0x4, @thr={&(0x7f00000000c0)="5bfdcfff013b33fb1c5f", 0x0}})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x30, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_VIA={0x4, 0x12, {0x0, "f1b9a81697008d68a0328c49d2ee"}}]}, 0x30}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000ec0)={'wpan0\x00'})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r7, 0x0, 0x0)
bind$ax25(r0, 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0xa, 0x0, '\x00', [{0x1, 0x5, 0x6, 0x7fff, 0x700000, 0x8001}, {0x3, 0x10, 0x680, 0xf, 0x80000000, 0x5}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xa8, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000a0850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1m13.975460515s ago: executing program 32 (id=581):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x42, &(0x7f0000000040), 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x10, &(0x7f0000000100)="01681adb", 0x4)
prlimit64(0x0, 0x3, &(0x7f0000000300)={0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
mq_notify(r6, &(0x7f0000000180)={0x0, 0x2b, 0x4, @thr={&(0x7f00000000c0)="5bfdcfff013b33fb1c5f", 0x0}})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x30, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_VIA={0x4, 0x12, {0x0, "f1b9a81697008d68a0328c49d2ee"}}]}, 0x30}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000ec0)={'wpan0\x00'})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r7, 0x0, 0x0)
bind$ax25(r0, 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0xa, 0x0, '\x00', [{0x1, 0x5, 0x6, 0x7fff, 0x700000, 0x8001}, {0x3, 0x10, 0x680, 0xf, 0x80000000, 0x5}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xa8, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000a0850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

34.960604906s ago: executing program 3 (id=742):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0x2)
r1 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f0000000180))
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB="2c050000006d6f64653d30303030303030303030060000000000001fb3901a3030302c757325725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
socket$alg(0x26, 0x5, 0x0)
fstat(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = syz_open_dev$video4linux(&(0x7f0000000200), 0x1, 0x0)
ioctl$VIDIOC_TRY_ENCODER_CMD(r6, 0xc0305602, &(0x7f0000000040)={0x0, 0x5, [0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffd]})
setreuid(0x0, r5)
msgctl$IPC_SET(0x0, 0x1, 0x0)
write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0x0, r4, {0x7, 0x1f, 0xd1, 0x5c4da462, 0x200, 0x6e, 0x8, 0x9, 0x0, 0x0, 0x97, 0x7}}, 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r9 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r9)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r10 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r10, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3dc81feeb39c20951af0826f9fde3f3513a77d62acc69b240da290fa3475b823a422b92c85b3d5187f70e237e42327c1e475cb526bd95c2fc147f8c639293f9ed4e009b9a8622e549be8a11a0a286ef8fd40bb0fc323a194644264df39e248363d926f1324ce5d28b22469de77d64862b9571f7322f4b2599b1b9bc2fcec272cfe9d537cc8ecc6db", @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])

34.787934507s ago: executing program 3 (id=743):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @remote}, 0x10)
getdents(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x5422)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0)
close(r2)
r3 = socket$kcm(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000200000000000000000000fe020000000000000000000002000000000000000000000009030000000000"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000fd000000009856f340be3925b12abbf7b9b740ac08d58cd063e275b7452d1e"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r7}, 0x10)
dup3(r3, r0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_RADAR_DETECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x40000)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x6, {{0x2, 0x4e21, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r4, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
ptrace(0x10, r1)
ptrace$pokeuser(0x6, r1, 0x358, 0x800000000000)

34.64954424s ago: executing program 1 (id=745):
r0 = open(&(0x7f0000000280)='.\x00', 0x402002, 0x58) (async)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000800)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000840), 0x4) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) (async)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x4000) (async)
fcntl$notify(r0, 0x402, 0x8000003d) (async, rerun: 32)
r3 = socket$packet(0x11, 0x2, 0x300) (rerun: 32)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6}]}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200000000000000000001780000"], 0x0)
fcntl$setsig(r0, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x120880, 0x0) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x38, r4, 0x101, 0xfffffffe, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x8, 0x51, 0x0, 0x1, [{0x4}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="f7"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x38}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x4a}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
creat(&(0x7f0000002240)='./file1\x00', 0x804000000000040)
syz_clone(0x68886311, 0x0, 0xa, 0x0, 0x0, 0x0)

33.709211277s ago: executing program 4 (id=746):
unshare(0x0)
r0 = socket(0xa, 0x40000000002, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000400000000000000ffffffff2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff00000000"]}, 0x3c0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x820, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file1\x00', 0x0, 0x0)
utimensat(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0x10, 0x1, 'BATMAN_V'}]}}}]}, 0xfd12}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
bind$unix(r6, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r8=>0x0})
r9 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x60, 0x3, 0x8, 0x3, 0x0, 0x0, {0x1, 0x0, 0x3}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6e35}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x200}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x10001}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x4400}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000800}, 0x4040095)
accept(r9, 0x0, 0x0)
r10 = openat$smackfs_change_rule(0xffffff9c, &(0x7f0000002300), 0x2, 0x0)
write$smackfs_change_rule(r10, &(0x7f0000002340)=ANY=[@ANYBLOB="627f74616476301a202126292d207754fb6c205277616c01"], 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf253a00000008000300", @ANYRES32=r8, @ANYRESHEX=r1], 0x30}, 0x1, 0x0, 0x0, 0x20001800}, 0x4094)
r11 = accept$unix(r1, &(0x7f0000000240), &(0x7f0000000040)=0x6e)
r12 = userfaultfd(0x801)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ppoll(&(0x7f0000000180)=[{r12, 0x4047, 0x700}], 0x1, 0x0, 0x0, 0x0)
listen(r11, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f00000001c0)='./file0\x00', 0x8, 0x1)

33.708729164s ago: executing program 3 (id=747):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
unshare(0x2a020400)
r1 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000480)={0x9, 0x0, 0x5, 0x80, 0xfffffffd, 0xfffffffd, "01e60000000000000034dbb39fe6083a", 0xff, 0x0, 0x0, 0x0, 0x1})
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x15f, 0xb2, 0x4000, r2, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

33.669284677s ago: executing program 1 (id=749):
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r1}, 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x34, 0x0, 0x200}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x27)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYRES16], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa00080045010028000000000004907800000000ffffffff33702d4b53954eacee6f7f4fa63357dd7890f963"], 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r6}, &(0x7f0000000800), &(0x7f0000000840)=r7}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xffffffff, [{0x0, 0x3, 0x6}]}, @ptr, @restrict={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000000c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x30, r10, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x7}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x14, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x81}, 0xfa07338ce09de3a5)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wpan1\x00'})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'})

33.548275105s ago: executing program 4 (id=751):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r1, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/211, 0xd3}, 0xc0000000}], 0x1, 0x12141, 0x0)
r2 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003040000002203"]}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0x50, 0x71, 0x10, 0x1a}}, &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket(0x1, 0x803, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x419e}, {r4, 0x6080}], 0x2, 0x0, 0x0, 0x0)
ioctl$UI_GET_VERSION(r4, 0x8004552d, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x101042, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f00000002c0)=0x206646)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000280)=0x8fe)

33.48939825s ago: executing program 3 (id=752):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x12, 0x0, @fd=r0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x18, 0x8, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 1)

32.559789844s ago: executing program 1 (id=754):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x22, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4000002, 0x100000, 0xea}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff6e, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0xffffffff, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r3, 0x8993, &(0x7f0000000080)={'bond0\x00', 0x0})

31.460763382s ago: executing program 3 (id=755):
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@random="8580f83288e1", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x1, 0x5, 0x1c, 0x67, 0x0, 0x2, 0x2, 0x0, @private=0xa010102, @broadcast}, {0x11, 0x81, 0x0, @remote}}}}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4, 0x0, 0x2000000000}, 0x18)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x4000)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r9 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r9, 0x40044160, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r3, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
setsockopt$inet6_mtu(r5, 0x29, 0x17, 0x0, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r11, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x5})

30.102416029s ago: executing program 3 (id=756):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$hidraw(&(0x7f0000000240), 0x4, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000200)={0x50}, 0x50)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r4, &(0x7f0000002300)={0x2020, 0x0, <r5=>0x0}, 0x206e)
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x0, r5, {{0x2, 0x0, 0x1}}}, 0x28)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_fscache}]}})
mkdirat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x196)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000003d0009000000000000000000040900000400020015000900f463163c2a66215fe66ba731a18dbddcba000000"], 0x30}}, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@lsrr={0x83, 0xb, 0x0, [@dev, @empty]}, @cipso={0x86, 0x32, 0x0, [{0x0, 0x5, "df6116"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x8, "02a20948fd74"}, {0x7, 0xd, "ccf0294e2a3bdb4aa40b24"}]}]}}}}}}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r7, 0x40044160, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000021801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x1c, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x8, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

29.899413493s ago: executing program 4 (id=757):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x535, 0x200)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r4, 0x80dc5521, &(0x7f0000000300)=""/161)
setsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f00000001c0)=']', 0x1)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
getsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000002540)=""/4086, &(0x7f0000000180)=0xff6)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000680))
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6], 0x0, 0x8340})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000700)={0x1, 0x0, @ioapic={0x80a0000, 0x2, 0xad8, 0x1, 0x0, [{0x1a, 0x76, 0x1, '\x00', 0x1}, {0x80, 0x8, 0x0, '\x00', 0x4}, {0xb9, 0x9, 0x0, '\x00', 0x9}, {0xfa, 0x6, 0x5, '\x00', 0x5}, {0xa, 0x1, 0x0, '\x00', 0x7f}, {0x5, 0xe, 0x2b, '\x00', 0x9}, {0x80, 0x3, 0xf, '\x00', 0x6a}, {0x80, 0x40, 0x2}, {0x5, 0x1, 0x99, '\x00', 0x8}, {0x0, 0xf8, 0xf9, '\x00', 0x3}, {0x5, 0x4, 0x4a, '\x00', 0x7}, {0x3, 0x5, 0xf, '\x00', 0x4}, {0x3, 0x9, 0x7, '\x00', 0xc}, {0x6, 0x1, 0x3, '\x00', 0x96}, {0x3, 0xaa, 0x0, '\x00', 0x6}, {0xe6, 0x4, 0x5, '\x00', 0x9}, {0x8d, 0x40, 0x0, '\x00', 0x6}, {0x9, 0x4, 0xf, '\x00', 0xb}, {0x10, 0x74, 0x8, '\x00', 0x4}, {0x8, 0x8, 0x2, '\x00', 0x1}, {0x2a, 0x8, 0x7, '\x00', 0x9}, {0x0, 0x5, 0x8, '\x00', 0x7}, {0x2, 0x1, 0x2, '\x00', 0x5}, {0x6, 0x7f, 0x5, '\x00', 0x4}]}})
setxattr$incfs_id(&(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x4085}, 0x1c)
r6 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x1, 0x1000, 0x1, 0x3bb}, &(0x7f0000000100)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000002c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet(0x2, 0x2, 0x88)
connect$inet(r11, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r9, 0x0, r11, 0x0, 0xe8, 0x0)
write$binfmt_aout(r10, &(0x7f00000000c0)=ANY=[], 0x120)

28.958733347s ago: executing program 1 (id=761):
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x4, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100003000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
signalfd(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
io_uring_setup(0x175c, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r4, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000, 0x0, 0x0)
r5 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe)
r6 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r5, r6, r5}, &(0x7f0000000080)=""/100, 0x64, &(0x7f0000000180)={&(0x7f0000000400)={'xxhash64-generic\x00'}, &(0x7f0000000140)="df", 0x1})
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}])
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r9, &(0x7f0000000380)='./cgroup\x00', r9, &(0x7f00000003c0)='./mnt\x00', 0x0)

27.929301125s ago: executing program 1 (id=762):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='rxrpc_rx_rwind_change\x00', r3, 0x0, 0xa0}, 0x18)
clock_gettime(0x3, &(0x7f0000000480))
mkdir(0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000380))
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x4, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0xe, 0x0, &(0x7f0000000240)="01ba2b58d39e065db21a8652abc1", 0x0, 0x802, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
setsockopt(r2, 0x6d, 0x3, &(0x7f0000000100)="ea13cb10b1affd9c194463071ea46a3af8d31e91469c3ed062a3c6fdc6e4c9ded69fd83de4915483", 0x28)

26.857343892s ago: executing program 4 (id=763):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x7}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_io_uring_setup(0x24fc, &(0x7f0000000400)={0x0, 0x0, 0x10100, 0x3}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000280)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0}})
io_uring_enter(r3, 0x1066, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8", 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0xfc, 0x200000c}, {0x6}]}, 0x10)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r8, &(0x7f0000001540)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0)=""/76, 0x4c}, 0x7ff}], 0x1, 0x832b, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4)
r9 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r9, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000080)="85", 0x1}, {&(0x7f0000000440)="a216c485b09810246e7a960a62884ad1af18ef598afbf50c5f73d09b2ab171599eceeebd", 0x24}], 0x2}}, {{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000005bc0)="ef127fe16909d81c7364f70162ecb1752dfa530c8763844d62246c02d2c141102cedb338f8bea0b003177bb34f37e730874374cc65a51239f0ca2d0204c1ce53f4aa7c0184b8c67007691eb4220cf99650b5cf70ba1ac2a2359e029ab81818a6f03fa0258263d596d8a4715c4682693a0ec13aa0f2174f7d60c9c71fdafe5bd57bf704bb45ceeeda72ddf09eb64eb37f0cadb7955e23bd9167de2426e3c6da7a4cb70b46d71dc80c9c33fc28361bb14d1007418c122ff7007e9ca854952c6bf6d6cdaa190aedf5c5ec7eb47abd2aa219159fc0423212e6d69a0dc97ac9875d211ebe65dfb1abd2ecb105b5e0f17d0e2f4b5dc4ee42e6cd23b010d92d0dfa7ee512213a4f0d9950c7d4fe3b0b9f47048d2a30569db3535df0c911afced39cedef2fadde1c51d56c965a1ff677aeaab2f3f11f2dfce88d", 0x136}, {&(0x7f0000000800)="01aa53d5015febfb0b5dfa07aba124bfdab77d6b265b4545400da52023d8baf8654d584cdbcfd5713c5765d1e87b0fcdef8404cef3e051f630280e0248e16c7e9e9bc9812aa0ab535ccb756852f1947662c15d010baa0b1c1f1e933ceb1dffe58588179994051e8b7f005c6b04c526092de299184c0055749ac7f50406e63993d3825c50b15857249d0c7116682627f4e2fe831fa4a9c1818a261b3918247bc90992414c8e618b6bf5c3c43b65f6a3b5546409fc5cbccfe70329b73b186f1fd046ea52edc73ec4981ee4a44120ec8f8db504bcb8512d3b95137b383df32dff32efa503bbb10c2e9eca028d201aa3e86825bf0f5b72cb1963aba8261c7b4f9cc3ca69cdc41a3a6c073263ab3cd17a5e6d99c97804b8f39e87a9684cb979abeecd5510cd9e308317454f654736ab398d7248906dd507ae525e90cd00befc8dce6633f06e16a67eea974143b8e261af41e457a15b91c8f94ffac4d6920be6fc5940011b974861670e822dca589459676f5f9d80336876a229dd5cf8000000000075b1f5bf922c5e368e8590fd8a39f9a815dc8c5e22089cc71af73a56baf2e7fee9e6e79dcbf177b162a641a6df2c2024e7d217f7c62a6c0d4c6b2fd39f205393d0ba6746645c8608db4be52cbbbb9b56bae71bc786340cd60fc899c9856430f5ed68333563541a8ac6066b465d4b2e5305bfa9e9a765d1250dace7576a0eff", 0x1fe}, {&(0x7f00000005c0)="0ce32eab78ca3c4a7bc73e96c2990c9002babb5c34c1327440eabea6ae3692de3f41d3d9844da1b530df4dd239e13f15a6dda935ca94a167891f42edbfd16936c296e72222691c9fda05000000000000001ddad55470c0ac33967e5b3ec0e1b2a078bab634369f7773cad684cb3e9eed9cbbc67f0000", 0x76}, {&(0x7f00000058c0)="88a3ce3975df7e35c162f50df8ce954c8d90f7a463aad3eab46c5e3ec50637351b95d1100aa00678b243a8543dce691a16f629b6566b9114683a741a2af57ae88d7b85a35c703189f444d05c241d1219bf61b207a8232da194c55ef47e0f49a694052eca37c9e3144cf93c829bd85adf0825f2dfdf8e41f9e8acc41b1e476509ad0878fe201c1508f06cd6f342e07f3e9d5d981ad5cabf05a827dcce37e6100e5018d6da585769d0f42e9d770570f3be3dd36a5171cada02e988a168664d35eb7387c23fb88a675307d4bcaaea73833a61572954344ff23ae70774d70acfefa5a682b987ff43ad5e384c5e4cbccf11fefe3da8f81b04c22883a40492013287ef460f9c80db6b5719837e714cd3a6b4c83b060ef595ba24be42668319e6b2c6fb9ae6ddd373381b10411a3e46bad4d426b91f63c4f05c9737a0c045f135aa4c08b5e078535601beede0dda2c70cbf6c9ed55de68c061ecd9c7d9f50ec7c42b04e05dc61988c30b42efd00ca231b873c2c3fac522f20ab64ab0950ff22bc2eabdc3c59d64b37042c4e6bff15ea42122a648dccac21bfa2a73c242a84fa6f0bea1280eaebf9a641bf82cae48cd272ed3b75184d7593a9405a928830470c97d6b7de102a9ba91509e9bea72aa88df7f40339a72cd9f07a4e9de28b45c8eaaa", 0x1dd}], 0x4}}], 0x2, 0xc880)
sendto$inet6(r9, &(0x7f0000000040)='2', 0x1, 0x0, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000001c00), 0x400000000000159, 0x40840)

26.596963078s ago: executing program 1 (id=764):
syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8100, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071103100000001000000000000000000b3eec818de6c7847473842f89f28a93f36e3efa8364b66a42a497884429332f96f43677b43547278742d"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0xdc, &(0x7f0000000180)=""/220, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_QUERY(0x9, &(0x7f00000005c0)={@fallback, 0x1d, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f0000000400), &(0x7f0000000000)=""/5, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r6, &(0x7f0000000300)='@', 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000340)={r6, &(0x7f0000000400), 0x20000000}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0xd)
socket$inet_smc(0x2b, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, r8, 0x31d, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0)

25.31251662s ago: executing program 4 (id=765):
mount(0x0, &(0x7f0000000280)='./bus\x00', 0x0, 0x0, 0x0) (async)
mount(0x0, &(0x7f0000000280)='./bus\x00', 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
r1 = io_uring_setup(0x15e1, &(0x7f0000000440)={0x0, 0x9bc3, 0x96eb, 0x0, 0x1fb})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, 0x0, 0x0) (async)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, 0x0, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x2)
syz_io_uring_setup(0x231, 0x0, 0x0, &(0x7f0000000100)) (async)
syz_io_uring_setup(0x231, 0x0, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000300)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
io_setup(0x6, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$caif_stream(0x25, 0x1, 0x0)
io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0xf0, 0x300, 0x0, 0x5, 0x0, r4, 0x0}])
socket$alg(0x26, 0x5, 0x0) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) (async)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="963cad22", @ANYRES16=0x0, @ANYBLOB="200022bd7000fbdbdf250000000008000500ac14"], 0x1c}, 0x1, 0x0, 0x0, 0x44010}, 0xc0) (async)
sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="963cad22", @ANYRES16=0x0, @ANYBLOB="200022bd7000fbdbdf250000000008000500ac14"], 0x1c}, 0x1, 0x0, 0x0, 0x44010}, 0xc0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
socket$key(0xf, 0x3, 0x2) (async)
r9 = socket$key(0xf, 0x3, 0x2)
accept(r9, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000004e7d2b5bc800000000000063030000000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x80, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)

25.09864495s ago: executing program 4 (id=767):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan1\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'veth0_to_batadv\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x4}})
socket$inet(0x2, 0x1, 0x0)
msgsnd(0x0, &(0x7f00000001c0)={0x3, "a840576d6ddef3201a32010963d64d69c0531efdbf885d3084f848b96cc444d67bd6a2ce25611372c945a0539f92426f98db45d6"}, 0x3c, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f0000002280)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x0, 0xb, 0x33, 0x0, @rand_addr=0x64010120, @broadcast}, "3297e3ba627aa2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88769ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c93148aa8d2934a15d29cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f68658bcce84"}}, 0xfce)

17.266345829s ago: executing program 2 (id=776):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x3938700}, 0x0)
mknod$loop(&(0x7f0000000200)='./file0\x00', 0x2000, 0x0) (fail_nth: 1)

17.030339032s ago: executing program 2 (id=777):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x338, 0x160, 0xa8, 0xfeffffff, 0x208, 0x0, 0x2a0, 0x2a0, 0xffffffff, 0x2a0, 0x2a0, 0x5, 0x0, {[{{@ip={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'macvlan1\x00', 'veth1\x00'}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @empty}}}}, {{@uncond, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x7}}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@dev, @ipv4=@remote, @port, @icmp_id}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @broadcast, @local, @icmp_id, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000400)={'filter\x00', 0x4}, 0x68)
write$binfmt_script(r1, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x240, 0x0, 0x0, 0x148, 0x0, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast1, 0x0, 0x0, 'macvtap0\x00', 'virt_wifi0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000601, 0x0, &(0x7f00000003c0)={0x63bcfb13, 0x0, 0x1, 0x5})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x338, 0x160, 0xa8, 0xfeffffff, 0x208, 0x0, 0x2a0, 0x2a0, 0xffffffff, 0x2a0, 0x2a0, 0x5, 0x0, {[{{@ip={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'macvlan1\x00', 'veth1\x00'}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @empty}}}}, {{@uncond, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x7}}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@dev, @ipv4=@remote, @port, @icmp_id}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @broadcast, @local, @icmp_id, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) (async)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) (async)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000400)={'filter\x00', 0x4}, 0x68) (async)
write$binfmt_script(r1, &(0x7f0000000000), 0xfea7) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) (async)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x240, 0x0, 0x0, 0x148, 0x0, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast1, 0x0, 0x0, 'macvtap0\x00', 'virt_wifi0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) (async)
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000601, 0x0, &(0x7f00000003c0)={0x63bcfb13, 0x0, 0x1, 0x5}) (async)

16.949328349s ago: executing program 2 (id=778):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='children\x00')
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x20000, 0x9, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

16.928672874s ago: executing program 2 (id=779):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x3, 0x60040)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0x8, <r1=>0x0})
ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f00000002c0)={0xf7b8, r1})
socket(0x1, 0x803, 0x0)
r2 = memfd_secret(0x0)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000340)={0x12, 0x29, &(0x7f0000000300)="0766b4fb74d108c02bc4f7d948c314b7831f1fbc3daa58cf07e57ab3a6749fb0beab7d29939fe207e8"})
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
userfaultfd(0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
getresuid(0x0, 0x0, &(0x7f0000000300))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a30000000000800034000000007"], 0x64}, 0x1, 0x0, 0x0, 0x20048800}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003a40), 0x0, 0x24048880)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
unshare(0x8000000)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r6 = semget$private(0x0, 0x3, 0x0)
semctl$SETALL(r6, 0x0, 0x11, &(0x7f0000000000))
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)

16.379573751s ago: executing program 2 (id=780):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x22, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4000002, 0x100000, 0xea}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff6e, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000003c0)=0x7)
r0 = getpid()
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r3, 0x8993, &(0x7f0000000080)={'bond0\x00', 0x0})

15.027545052s ago: executing program 2 (id=781):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x4, 0x0, @remote}}}, 0x108)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fbdbdf250100000008000100ffffffff2400048005000300010000000500030002000000050007000100000005000300060000000800020002000000"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x14002003ce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000180), 0x103240, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000140)=ANY=[], 0x12f4}}, 0x0)
recvmsg$unix(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f0000000180)=""/103, 0x67}], 0x2}, 0x20032123)

14.997578846s ago: executing program 33 (id=756):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$hidraw(&(0x7f0000000240), 0x4, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000200)={0x50}, 0x50)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r4, &(0x7f0000002300)={0x2020, 0x0, <r5=>0x0}, 0x206e)
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x0, r5, {{0x2, 0x0, 0x1}}}, 0x28)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_fscache}]}})
mkdirat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x196)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000003d0009000000000000000000040900000400020015000900f463163c2a66215fe66ba731a18dbddcba000000"], 0x30}}, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@lsrr={0x83, 0xb, 0x0, [@dev, @empty]}, @cipso={0x86, 0x32, 0x0, [{0x0, 0x5, "df6116"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x8, "02a20948fd74"}, {0x7, 0xd, "ccf0294e2a3bdb4aa40b24"}]}]}}}}}}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r7, 0x40044160, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000021801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x1c, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x8, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

11.50436332s ago: executing program 34 (id=764):
syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8100, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071103100000001000000000000000000b3eec818de6c7847473842f89f28a93f36e3efa8364b66a42a497884429332f96f43677b43547278742d"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0xdc, &(0x7f0000000180)=""/220, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_QUERY(0x9, &(0x7f00000005c0)={@fallback, 0x1d, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f0000000400), &(0x7f0000000000)=""/5, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r6, &(0x7f0000000300)='@', 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000340)={r6, &(0x7f0000000400), 0x20000000}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0xd)
socket$inet_smc(0x2b, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, r8, 0x31d, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0)

10.00001239s ago: executing program 35 (id=767):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan1\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'veth0_to_batadv\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x4}})
socket$inet(0x2, 0x1, 0x0)
msgsnd(0x0, &(0x7f00000001c0)={0x3, "a840576d6ddef3201a32010963d64d69c0531efdbf885d3084f848b96cc444d67bd6a2ce25611372c945a0539f92426f98db45d6"}, 0x3c, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f0000002280)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x0, 0xb, 0x33, 0x0, @rand_addr=0x64010120, @broadcast}, "3297e3ba627aa2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88769ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c93148aa8d2934a15d29cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f68658bcce84"}}, 0xfce)

0s ago: executing program 36 (id=781):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x4, 0x0, @remote}}}, 0x108)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fbdbdf250100000008000100ffffffff2400048005000300010000000500030002000000050007000100000005000300060000000800020002000000"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x14002003ce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000180), 0x103240, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000140)=ANY=[], 0x12f4}}, 0x0)
recvmsg$unix(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f0000000180)=""/103, 0x67}], 0x2}, 0x20032123)

kernel console output (not intermixed with test programs):

2
[   73.434774][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.478198][ T5825] Bluetooth: hci4: command tx timeout
[   73.483982][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.509227][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.557992][ T5825] Bluetooth: hci1: command tx timeout
[   73.558676][ T5826] Bluetooth: hci2: command tx timeout
[   73.568292][ T5825] Bluetooth: hci3: command tx timeout
[   73.628088][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.649208][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.857478][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.899221][ T5873] usb 2-1: USB disconnect, device number 2
[   73.909571][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.357327][ T5902] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.667670][ T5902] usb 1-1: Using ep0 maxpacket: 8
[   74.689153][ T5902] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   74.729565][ T5902] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[   74.764349][ T5902] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.820487][ T5902] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   74.895816][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.974333][ T5902] hub 1-1:1.0: bad descriptor, ignoring hub
[   74.997622][ T5902] hub 1-1:1.0: probe with driver hub failed with error -5
[   75.010895][ T5902] cdc_wdm 1-1:1.0: skipping garbage
[   75.029604][ T5902] cdc_wdm 1-1:1.0: skipping garbage
[   75.035074][ T5902] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[   75.126548][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.180956][ T5930] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.238909][ T5875] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.321097][ T5932] 9pnet_fd: Insufficient options for proto=fd
[   75.328316][ T5902] usb 1-1: USB disconnect, device number 2
[   75.397368][ T5825] Bluetooth: hci0: command tx timeout
[   75.397799][ T5875] usb 5-1: Using ep0 maxpacket: 16
[   75.486730][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.598778][ T5825] Bluetooth: hci4: command tx timeout
[   75.637539][ T5826] Bluetooth: hci3: command tx timeout
[   75.657853][ T5825] Bluetooth: hci2: command tx timeout
[   75.668175][ T5825] Bluetooth: hci1: command tx timeout
[   75.983858][ T5875] usb 5-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00
[   76.012263][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.035784][ T5875] usb 5-1: config 0 descriptor??
[   76.188840][ T5940] fuse: Unknown parameter '0x0000000000000005'
[   76.264522][ T5942] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   76.438913][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   76.560109][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   76.662239][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.764665][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.867119][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[   76.916694][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: unknown main item tag 0x0
[   76.942455][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: unknown main item tag 0x0
[   77.174292][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   77.432787][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: unknown main item tag 0x0
[   77.478679][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: unknown main item tag 0x0
[   77.516262][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: unknown main item tag 0x0
[   77.608367][ T5875] aquacomputer_d5next 0003:0C70:F003.0001: hidraw0: USB HID v0.00 Device [HID 0c70:f003] on usb-dummy_hcd.4-1/input0
[   77.667272][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.078938][ T5875] usb 5-1: USB disconnect, device number 2
[   79.640319][ T5971] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   79.687404][   T51] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   80.603300][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   80.677536][   T51] usb 3-1: Using ep0 maxpacket: 8
[   80.724531][   T51] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   80.750046][   T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[   80.761091][ T5980] FAULT_INJECTION: forcing a failure.
[   80.761091][ T5980] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   80.792618][ T5981] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   80.818442][   T51] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   80.847139][   T51] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   80.858442][ T5980] CPU: 0 UID: 0 PID: 5980 Comm: syz.4.24 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   80.858465][ T5980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   80.858478][ T5980] Call Trace:
[   80.858484][ T5980]  <TASK>
[   80.858491][ T5980]  dump_stack_lvl+0x241/0x360
[   80.858522][ T5980]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.858538][ T5980]  ? __pfx__printk+0x10/0x10
[   80.858561][ T5980]  ? __pfx_lock_release+0x10/0x10
[   80.858588][ T5980]  should_fail_ex+0x40a/0x550
[   80.858611][ T5980]  _copy_from_user+0x2d/0xb0
[   80.858628][ T5980]  do_sock_getsockopt+0x1d1/0x7e0
[   80.858655][ T5980]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   80.858675][ T5980]  ? __fget_files+0x2a/0x410
[   80.858697][ T5980]  ? __fget_files+0x395/0x410
[   80.858713][ T5980]  ? __fget_files+0x2a/0x410
[   80.858738][ T5980]  __x64_sys_getsockopt+0x2a1/0x370
[   80.858765][ T5980]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[   80.858787][ T5980]  ? do_syscall_64+0x100/0x230
[   80.858809][ T5980]  ? do_syscall_64+0xb6/0x230
[   80.858830][ T5980]  do_syscall_64+0xf3/0x230
[   80.858848][ T5980]  ? clear_bhb_loop+0x35/0x90
[   80.858869][ T5980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.858888][ T5980] RIP: 0033:0x7fb11258cd29
[   80.858908][ T5980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.858919][ T5980] RSP: 002b:00007fb11339e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   80.858936][ T5980] RAX: ffffffffffffffda RBX: 00007fb1127a5fa0 RCX: 00007fb11258cd29
[   80.858947][ T5980] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003
[   80.858957][ T5980] RBP: 00007fb11339e090 R08: 0000000020000000 R09: 0000000000000000
[   80.858967][ T5980] R10: 0000000020c35fff R11: 0000000000000246 R12: 0000000000000001
[   80.858977][ T5980] R13: 0000000000000000 R14: 00007fb1127a5fa0 R15: 00007ffdc65eae38
[   80.859002][ T5980]  </TASK>
[   81.073469][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.107965][ T5983] syz.0.26 uses obsolete (PF_INET,SOCK_PACKET)
[   81.150290][   T51] hub 3-1:1.0: bad descriptor, ignoring hub
[   81.192696][   T51] hub 3-1:1.0: probe with driver hub failed with error -5
[   81.213633][   T51] cdc_wdm 3-1:1.0: skipping garbage
[   81.240195][   T51] cdc_wdm 3-1:1.0: skipping garbage
[   81.253872][   T51] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[   81.387252][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.414895][ T5875] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   81.423080][   T51] usb 3-1: USB disconnect, device number 2
[   81.478906][ T5990] syzkaller1: entered promiscuous mode
[   81.491668][ T5992] netlink: 40 bytes leftover after parsing attributes in process `syz.3.31'.
[   81.494315][ T5990] syzkaller1: entered allmulticast mode
[   81.509556][ T5990] FAULT_INJECTION: forcing a failure.
[   81.509556][ T5990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   81.523515][ T5990] CPU: 1 UID: 0 PID: 5990 Comm: syz.4.29 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   81.523537][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   81.523546][ T5990] Call Trace:
[   81.523553][ T5990]  <TASK>
[   81.523559][ T5990]  dump_stack_lvl+0x241/0x360
[   81.523583][ T5990]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.523599][ T5990]  ? __pfx__printk+0x10/0x10
[   81.523622][ T5990]  ? __pfx_lock_release+0x10/0x10
[   81.523643][ T5990]  ? validate_chain+0x11e/0x5920
[   81.523667][ T5990]  should_fail_ex+0x40a/0x550
[   81.523690][ T5990]  _copy_from_iter+0x1e9/0x1c20
[   81.523711][ T5990]  ? unwind_next_frame+0x18e6/0x22d0
[   81.523733][ T5990]  ? mark_lock+0x9a/0x360
[   81.523754][ T5990]  ? __lock_acquire+0x1397/0x2100
[   81.523773][ T5990]  ? __pfx__copy_from_iter+0x10/0x10
[   81.523807][ T5990]  tun_get_user+0x43f/0x48a0
[   81.523840][ T5990]  ? __lock_acquire+0x1397/0x2100
[   81.523865][ T5990]  ? __pfx_tun_get_user+0x10/0x10
[   81.523900][ T5990]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   81.523919][ T5990]  ? tun_get+0x1e/0x2f0
[   81.523939][ T5990]  ? __pfx_lock_release+0x10/0x10
[   81.523969][ T5990]  ? tun_get+0x1e/0x2f0
[   81.524017][ T5990]  ? tun_get+0x27d/0x2f0
[   81.524038][ T5990]  tun_chr_write_iter+0x10d/0x1f0
[   81.524061][ T5990]  vfs_write+0xacf/0xd10
[   81.524079][ T5990]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   81.524098][ T5990]  ? __pfx_vfs_write+0x10/0x10
[   81.524109][ T5990]  ? do_sys_openat2+0x17a/0x1d0
[   81.524128][ T5990]  ? __fget_files+0x2a/0x410
[   81.524148][ T5990]  ? __fget_files+0x2a/0x410
[   81.524176][ T5990]  ksys_write+0x18f/0x2b0
[   81.524192][ T5990]  ? __pfx_ksys_write+0x10/0x10
[   81.524208][ T5990]  ? do_syscall_64+0x100/0x230
[   81.524230][ T5990]  ? do_syscall_64+0xb6/0x230
[   81.524251][ T5990]  do_syscall_64+0xf3/0x230
[   81.524269][ T5990]  ? clear_bhb_loop+0x35/0x90
[   81.524293][ T5990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.524312][ T5990] RIP: 0033:0x7fb11258cd29
[   81.524327][ T5990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.524340][ T5990] RSP: 002b:00007fb11339e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   81.524357][ T5990] RAX: ffffffffffffffda RBX: 00007fb1127a5fa0 RCX: 00007fb11258cd29
[   81.524369][ T5990] RDX: 000000000000fdef RSI: 0000000020000140 RDI: 0000000000000003
[   81.524379][ T5990] RBP: 00007fb11339e090 R08: 0000000000000000 R09: 0000000000000000
[   81.524389][ T5990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.524398][ T5990] R13: 0000000000000000 R14: 00007fb1127a5fa0 R15: 00007ffdc65eae38
[   81.524423][ T5990]  </TASK>
[   81.849422][ T5875] usb 2-1: Using ep0 maxpacket: 8
[   81.856039][ T5875] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.872422][ T5875] usb 2-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[   81.881627][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.902347][ T5875] usb 2-1: config 0 descriptor??
[   82.041690][   T25] cfg80211: failed to load regulatory.db
[   82.727289][ T5875] usb 2-1: USB disconnect, device number 3
[   82.822752][ T5998] trusted_key: syz.3.32 sent an empty control message without MSG_MORE.
[   86.758899][ T6029] netlink: 36 bytes leftover after parsing attributes in process `syz.3.40'.
[   87.387549][ T6036] Illegal XDP return value 1445793296 on prog  (id 9) dev N/A, expect packet loss!
[   88.139168][ T6043] netlink: 'syz.0.43': attribute type 10 has an invalid length.
[   88.162889][ T6043] hsr0: entered promiscuous mode
[   88.186535][ T6043] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[   88.400552][ T6053] mmap: syz.3.42 (6053) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   88.714387][ T6043] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   89.251332][ T6043] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[   89.423342][ T6049] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   89.467313][ T6049] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   89.575224][ T6066] FAULT_INJECTION: forcing a failure.
[   89.575224][ T6066] name failslab, interval 1, probability 0, space 0, times 1
[   89.597621][ T6049] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   89.621268][ T6066] CPU: 0 UID: 0 PID: 6066 Comm: syz.1.49 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   89.621293][ T6066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   89.621302][ T6066] Call Trace:
[   89.621309][ T6066]  <TASK>
[   89.621316][ T6066]  dump_stack_lvl+0x241/0x360
[   89.621341][ T6066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.621356][ T6066]  ? __pfx__printk+0x10/0x10
[   89.621380][ T6066]  ? fs_reclaim_acquire+0x93/0x130
[   89.621397][ T6066]  ? __pfx___might_resched+0x10/0x10
[   89.621420][ T6066]  should_fail_ex+0x40a/0x550
[   89.621442][ T6066]  should_failslab+0xac/0x100
[   89.621463][ T6066]  __kmalloc_noprof+0xdd/0x4c0
[   89.621482][ T6066]  ? tomoyo_encode+0x26f/0x540
[   89.621508][ T6066]  tomoyo_encode+0x26f/0x540
[   89.621535][ T6066]  tomoyo_realpath_from_path+0x59e/0x5e0
[   89.621568][ T6066]  tomoyo_path_number_perm+0x236/0x860
[   89.621588][ T6066]  ? __lock_acquire+0x1397/0x2100
[   89.621609][ T6066]  ? tomoyo_path_number_perm+0x206/0x860
[   89.621631][ T6066]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   89.621689][ T6066]  ? __fget_files+0x2a/0x410
[   89.621712][ T6066]  ? __fget_files+0x2a/0x410
[   89.621736][ T6066]  security_file_ioctl+0xc6/0x2a0
[   89.621759][ T6066]  __se_sys_ioctl+0x46/0x170
[   89.621776][ T6066]  do_syscall_64+0xf3/0x230
[   89.621796][ T6066]  ? clear_bhb_loop+0x35/0x90
[   89.621819][ T6066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.621838][ T6066] RIP: 0033:0x7fb04ed8cd29
[   89.621852][ T6066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.621871][ T6066] RSP: 002b:00007fb04fc88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.621888][ T6066] RAX: ffffffffffffffda RBX: 00007fb04efa5fa0 RCX: 00007fb04ed8cd29
[   89.621900][ T6066] RDX: 0000000020000100 RSI: 0000000040085112 RDI: 0000000000000003
[   89.621910][ T6066] RBP: 00007fb04fc88090 R08: 0000000000000000 R09: 0000000000000000
[   89.621920][ T6066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.621929][ T6066] R13: 0000000000000000 R14: 00007fb04efa5fa0 R15: 00007fffbf590558
[   89.621954][ T6066]  </TASK>
[   89.621972][ T6066] ERROR: Out of memory at tomoyo_realpath_from_path.
[   89.860759][ T6049] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   89.867447][ T6049] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   90.032846][ T6049] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   90.067572][ T6075] netlink: 36 bytes leftover after parsing attributes in process `syz.3.50'.
[   91.121335][ T6049] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   91.178825][ T6049] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   91.271340][ T6049] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   91.388702][ T6049] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   91.394742][ T6049] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   91.446122][ T6049] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   91.469786][ T6049] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   91.477106][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[   91.486257][ T6049] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   91.512082][ T6049] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   91.787330][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   91.802862][   T29] audit: type=1326 audit(1738051639.168:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6086 comm="syz.3.53" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f598758cd29 code=0x0
[   91.823456][    C0] vkms_vblank_simulate: vblank timer overrun
[   91.879408][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[   91.987172][   T25] usb 1-1: Using ep0 maxpacket: 8
[   92.008397][   T25] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   92.067617][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.113577][   T25] usb 1-1: config 0 descriptor??
[   92.373096][   T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[   92.391173][ T6128] netlink: 'syz.1.61': attribute type 10 has an invalid length.
[   92.422160][ T6128] hsr0: entered promiscuous mode
[   92.469820][ T6128] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[   92.503802][ T6128] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   92.784794][ T6128] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[   93.173165][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[   93.407394][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[   93.604679][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[   93.610843][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[   93.923584][ T6140] netlink: 'syz.1.63': attribute type 1 has an invalid length.
[   93.931435][ T6140] netlink: 224 bytes leftover after parsing attributes in process `syz.1.63'.
[   93.959024][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[   95.237138][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[   95.477998][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout
[   95.637808][ T5827] Bluetooth: hci4: command 0x0c1a tx timeout
[   95.644322][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[   95.673411][ T6159] Zero length message leads to an empty skb
[   95.928440][   T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   95.982152][   T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[   96.024653][   T25] asix 1-1:0.0: probe with driver asix failed with error -71
[   96.037551][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[   96.142614][   T25] usb 1-1: USB disconnect, device number 3
[   96.337285][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   96.543720][    T9] usb 2-1: Using ep0 maxpacket: 16
[   96.574770][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   96.636798][ T6178] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[   96.646935][ T5874] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   96.664618][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   96.857297][ T5874] usb 5-1: Using ep0 maxpacket: 16
[   97.391340][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[   97.397606][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.405633][    T9] usb 2-1: Product: syz
[   97.419231][    T9] usb 2-1: Manufacturer: syz
[   97.423876][    T9] usb 2-1: SerialNumber: syz
[   97.435799][    T9] usb 2-1: config 0 descriptor??
[   97.499562][ T5874] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   97.512955][ T5874] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   97.543718][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.556006][    T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   97.567309][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[   97.585793][    T9] em28xx 2-1:0.0: DVB interface 0 found: bulk
[   97.601343][ T5874] usb 5-1: Product: syz
[   97.605625][ T5874] usb 5-1: Manufacturer: syz
[   97.635813][ T5874] usb 5-1: SerialNumber: syz
[   97.652918][ T5874] usb 5-1: config 0 descriptor??
[   97.718037][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[   97.757875][ T5902] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[   97.782602][ T5874] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   97.875139][ T5874] em28xx 5-1:0.0: DVB interface 0 found: bulk
[   98.089258][ T5902] usb 4-1: unable to get BOS descriptor or descriptor too short
[   98.101700][ T5902] usb 4-1: unable to read config index 0 descriptor/start: -71
[   98.115610][ T5902] usb 4-1: can't read configurations, error -71
[   98.295275][    T9] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[   98.519302][ T5874] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[   98.676582][ T6204] dccp_invalid_packet: P.Data Offset(100) too large
[   98.824426][ T6209] netlink: 'syz.0.74': attribute type 10 has an invalid length.
[   98.832635][ T6209] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[   98.847079][ T6209] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   98.860190][ T6209] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[   99.404294][    T9] em28xx 2-1:0.0: writing to i2c device at 0xa0 failed (error=-5)
[   99.467552][    T9] em28xx 2-1:0.0: failed to read eeprom (err=-5)
[   99.507421][    T9] em28xx 2-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[   99.516790][ T6211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.76'.
[   99.583377][   T29] audit: type=1800 audit(1738051646.948:3): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.76" name="/" dev="9p" ino=2 res=0 errno=0
[   99.612722][    T9] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[   99.636167][    T9] em28xx 2-1:0.0: dvb set to bulk mode.
[   99.656149][ T5902] em28xx 2-1:0.0: Binding DVB extension
[   99.666738][ T6211] 9pnet_fd: Insufficient options for proto=fd
[   99.674049][ T6222] netlink: 412 bytes leftover after parsing attributes in process `syz.0.78'.
[   99.685972][    T9] usb 2-1: USB disconnect, device number 4
[   99.707230][    T9] em28xx 2-1:0.0: Disconnecting em28xx
[   99.861397][ T5902] em28xx 2-1:0.0: Registering input extension
[   99.881353][    T9] em28xx 2-1:0.0: Closing input extension
[   99.894599][ T5874] em28xx 5-1:0.0: writing to i2c device at 0xa0 failed (error=-5)
[   99.910549][ T5874] em28xx 5-1:0.0: failed to read eeprom (err=-5)
[   99.937281][ T5874] em28xx 5-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  100.213335][    T9] em28xx 2-1:0.0: Freeing device
[  100.665392][ T5874] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  100.687772][ T5874] em28xx 5-1:0.0: dvb set to bulk mode.
[  100.693431][ T5875] em28xx 5-1:0.0: Binding DVB extension
[  100.741938][ T5874] usb 5-1: USB disconnect, device number 3
[  100.777880][ T5874] em28xx 5-1:0.0: Disconnecting em28xx
[  100.792973][ T6233] netlink: 32 bytes leftover after parsing attributes in process `syz.1.80'.
[  101.028995][ T5875] em28xx 5-1:0.0: Registering input extension
[  101.040882][ T6219] FAULT_INJECTION: forcing a failure.
[  101.040882][ T6219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.104890][ T5874] em28xx 5-1:0.0: Closing input extension
[  101.541183][ T6219] CPU: 1 UID: 0 PID: 6219 Comm: syz.2.77 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  101.541209][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  101.541218][ T6219] Call Trace:
[  101.541223][ T6219]  <TASK>
[  101.541230][ T6219]  dump_stack_lvl+0x241/0x360
[  101.541253][ T6219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.541267][ T6219]  ? __pfx__printk+0x10/0x10
[  101.541291][ T6219]  ? __pfx_lock_release+0x10/0x10
[  101.541317][ T6219]  should_fail_ex+0x40a/0x550
[  101.541339][ T6219]  _copy_from_iter+0x1e9/0x1c20
[  101.541366][ T6219]  ? skb_set_owner_w+0x246/0x380
[  101.541389][ T6219]  ? __pfx__copy_from_iter+0x10/0x10
[  101.541406][ T6219]  ? __pfx__copy_from_iter+0x10/0x10
[  101.541427][ T6219]  ? page_copy_sane+0x154/0x260
[  101.541450][ T6219]  copy_page_from_iter+0x7a/0x100
[  101.541473][ T6219]  skb_copy_datagram_from_iter+0x2d9/0x6a0
[  101.541500][ T6219]  tun_get_user+0x193c/0x48a0
[  101.541534][ T6219]  ? __lock_acquire+0x1397/0x2100
[  101.541559][ T6219]  ? __pfx_tun_get_user+0x10/0x10
[  101.541597][ T6219]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  101.541616][ T6219]  ? tun_get+0x1e/0x2f0
[  101.541700][ T6219]  ? __pfx_lock_release+0x10/0x10
[  101.541733][ T6219]  ? tun_get+0x1e/0x2f0
[  101.541753][ T6219]  ? tun_get+0x27d/0x2f0
[  101.541775][ T6219]  tun_chr_write_iter+0x10d/0x1f0
[  101.541799][ T6219]  vfs_write+0xacf/0xd10
[  101.541823][ T6219]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  101.541845][ T6219]  ? __pfx_vfs_write+0x10/0x10
[  101.541858][ T6219]  ? do_sys_openat2+0x17a/0x1d0
[  101.541881][ T6219]  ? __fget_files+0x2a/0x410
[  101.541903][ T6219]  ? __fget_files+0x2a/0x410
[  101.541930][ T6219]  ksys_write+0x18f/0x2b0
[  101.541947][ T6219]  ? __pfx_ksys_write+0x10/0x10
[  101.541964][ T6219]  ? do_syscall_64+0x100/0x230
[  101.541986][ T6219]  ? do_syscall_64+0xb6/0x230
[  101.542008][ T6219]  do_syscall_64+0xf3/0x230
[  101.542026][ T6219]  ? clear_bhb_loop+0x35/0x90
[  101.542049][ T6219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.542068][ T6219] RIP: 0033:0x7f884238b7df
[  101.542083][ T6219] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  101.542094][ T6219] RSP: 002b:00007f8843193000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  101.542110][ T6219] RAX: ffffffffffffffda RBX: 00007f88425a5fa0 RCX: 00007f884238b7df
[  101.542121][ T6219] RDX: 000000000000fdef RSI: 0000000020000440 RDI: 00000000000000c8
[  101.542130][ T6219] RBP: 00007f8843193090 R08: 0000000000000000 R09: 0000000000000000
[  101.542140][ T6219] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000002
[  101.542149][ T6219] R13: 0000000000000000 R14: 00007f88425a5fa0 R15: 00007ffd109584b8
[  101.542174][ T6219]  </TASK>
[  101.544143][ T5874] em28xx 5-1:0.0: Freeing device
[  102.034233][ T6253] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  102.423912][ T6262] overlayfs: missing 'lowerdir'
[  102.618039][ T6271] dccp_invalid_packet: P.Data Offset(100) too large
[  102.771506][ T6271] netlink: 'syz.3.88': attribute type 10 has an invalid length.
[  102.780345][ T6271] hsr0: entered promiscuous mode
[  102.786688][ T6271] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  102.796918][ T6271] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  102.809486][ T6271] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  106.010683][ T6312] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  106.875003][ T6295] sg_read: process 62 (syz.2.92) changed security contexts after opening file descriptor, this is not allowed.
[  107.417625][ T5874] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  107.748864][ T5874] usb 5-1: config 0 has an invalid interface number: 133 but max is 0
[  107.767085][ T5874] usb 5-1: config 0 has no interface number 0
[  107.775305][ T5874] usb 5-1: New USB device found, idVendor=15a9, idProduct=0015, bcdDevice=9e.3c
[  107.787104][   T25] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  108.130014][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.140181][ T5874] usb 5-1: Product: syz
[  108.144382][ T5874] usb 5-1: Manufacturer: syz
[  108.149576][ T5874] usb 5-1: SerialNumber: syz
[  108.158024][ T5874] usb 5-1: config 0 descriptor??
[  108.293695][   T25] usb 1-1: Using ep0 maxpacket: 32
[  108.302577][   T25] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  108.313859][   T25] usb 1-1: config 0 has no interface number 0
[  108.327813][   T25] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  108.464091][ T5874] usb 5-1: USB disconnect, device number 4
[  108.474155][   T25] usb 1-1: New USB device found, idVendor=0664, idProduct=0309, bcdDevice=a4.e3
[  108.484625][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.494732][   T25] usb 1-1: config 0 descriptor??
[  108.534332][ T6360] netlink: 34 bytes leftover after parsing attributes in process `syz.1.104'.
[  109.590521][ T5902] usb 1-1: USB disconnect, device number 4
[  109.658389][ T6367] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  109.836162][ T6372] Bluetooth: MGMT ver 1.23
[  111.877894][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout
[  111.884018][ T5826] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  112.127171][ T5902] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  112.234231][ T6410] netlink: 'syz.2.114': attribute type 1 has an invalid length.
[  112.257076][ T6410] netlink: 224 bytes leftover after parsing attributes in process `syz.2.114'.
[  112.575088][ T6413] 9pnet_fd: Insufficient options for proto=fd
[  112.686221][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[  113.428758][ T5902] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.439056][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  113.455173][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  113.467055][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  113.478010][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  113.499223][ T5902] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  113.534949][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  113.610455][ T6416] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  113.632488][ T5902] usb 4-1: Product: syz
[  113.641522][ T5902] usb 4-1: Manufacturer: syz
[  113.663525][ T5902] usb 4-1: SerialNumber: syz
[  113.687083][ T5902] usb 4-1: config 0 descriptor??
[  114.049106][ T5902] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  114.056084][ T5902] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  114.897187][ T5902] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  114.904809][ T5902] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  114.922463][ T5902] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  114.957851][ T5902] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  115.600798][ T6444] netlink: 24 bytes leftover after parsing attributes in process `syz.4.124'.
[  116.643319][ T5902] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -110
[  116.662982][ T5902] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  116.943140][ T5871] usb 4-1: USB disconnect, device number 4
[  118.853675][ T6466] netlink: 'syz.1.130': attribute type 1 has an invalid length.
[  119.111580][ T6471] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  120.540868][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.132'.
[  120.565984][ T6481] Process accounting resumed
[  123.108217][ T6500] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  124.358661][   T51] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  124.387299][   T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  124.617304][   T51] usb 3-1: Using ep0 maxpacket: 8
[  124.658593][   T51] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  124.671657][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.682831][   T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  124.694814][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.717076][   T51] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.727426][ T6481] Process accounting resumed
[  124.747100][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  124.765497][   T51] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  124.791721][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.799875][   T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  124.827539][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.837732][   T51] hub 3-1:1.0: bad descriptor, ignoring hub
[  124.843687][   T51] hub 3-1:1.0: probe with driver hub failed with error -5
[  124.856505][   T25] usb 4-1: config 0 descriptor??
[  124.865998][   T51] cdc_wdm 3-1:1.0: skipping garbage
[  124.873466][   T51] cdc_wdm 3-1:1.0: skipping garbage
[  124.895759][   T51] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[  124.917439][ T5871] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  125.217687][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 255, changing to 11
[  125.238939][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 59391, setting to 1024
[  125.251632][ T5871] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  125.264634][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.317787][ T5871] usb 1-1: config 0 descriptor??
[  125.328773][ T6511] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  125.503199][   T25] plantronics 0003:047F:FFFF.0002: unbalanced collection at end of report description
[  125.520345][   T25] plantronics 0003:047F:FFFF.0002: parse failed
[  125.528020][   T25] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22
[  125.637918][ T5871] ath6kl: Failed to submit usb control message: -71
[  125.644673][ T5871] ath6kl: unable to send the bmi data to the device: -71
[  125.659526][ T5871] ath6kl: Unable to send get target info: -71
[  125.668213][ T5902] usb 4-1: USB disconnect, device number 5
[  125.668959][ T5871] ath6kl: Failed to init ath6kl core: -71
[  125.684523][ T5871] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  125.700822][ T5871] usb 1-1: USB disconnect, device number 5
[  125.712804][    T8] usb 3-1: USB disconnect, device number 3
[  127.317307][ T5902] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  127.487107][ T5902] usb 4-1: device descriptor read/64, error -71
[  128.257153][ T5902] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  128.428981][ T5902] usb 4-1: device descriptor read/64, error -71
[  128.599316][ T5902] usb usb4-port1: attempt power cycle
[  129.711815][ T5902] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  129.824364][ T6564] netlink: 60 bytes leftover after parsing attributes in process `syz.0.156'.
[  130.944960][ T5902] usb 4-1: device descriptor read/8, error -71
[  131.720078][ T6576] netlink: 76 bytes leftover after parsing attributes in process `syz.3.160'.
[  131.729055][ T6576] netlink: 76 bytes leftover after parsing attributes in process `syz.3.160'.
[  131.739307][ T6576] netlink: 44 bytes leftover after parsing attributes in process `syz.3.160'.
[  132.237393][ T5902] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  132.293410][ T5902] usb 4-1: Using ep0 maxpacket: 8
[  132.312446][ T5902] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  132.338367][ T5902] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  132.373315][ T5902] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  132.424454][ T5902] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  132.494265][ T5902] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  133.162564][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.185578][ T5902] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  133.392291][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.967256][ T5902] usb 4-1: usb_control_msg returned -32
[  133.973023][ T5902] usbtmc 4-1:16.0: can't read capabilities
[  135.388005][ T6614] netlink: 60 bytes leftover after parsing attributes in process `syz.2.168'.
[  135.781310][   T25] usb 4-1: USB disconnect, device number 9
[  144.881551][ T6691] netlink: 'syz.1.188': attribute type 1 has an invalid length.
[  145.278493][ T6691] 8021q: adding VLAN 0 to HW filter on device bond1
[  145.544956][ T6695] bond1: (slave veth3): Enslaving as an active interface with a down link
[  145.777832][ T6704] bond0: entered promiscuous mode
[  145.784405][ T6704] bond0: entered allmulticast mode
[  146.458047][ T6708] netlink: 'syz.0.193': attribute type 1 has an invalid length.
[  146.550555][ T6708] 8021q: adding VLAN 0 to HW filter on device bond1
[  146.636023][ T6711] bond1: (slave veth3): Enslaving as an active interface with a down link
[  149.032066][ T6739] input: syz0 as /devices/virtual/input/input7
[  149.327294][ T5871] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  149.940042][ T5871] usb 4-1: config 4 has an invalid interface number: 144 but max is 2
[  150.110739][ T5871] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  150.135345][ T5871] usb 4-1: config 4 has 1 interface, different from the descriptor's value: 3
[  150.970059][ T5871] usb 4-1: config 4 has no interface number 0
[  150.976211][ T5871] usb 4-1: too many endpoints for config 4 interface 144 altsetting 72: 164, using maximum allowed: 30
[  150.987423][ T5871] usb 4-1: config 4 interface 144 altsetting 72 has 0 endpoint descriptors, different from the interface descriptor's value: 164
[  151.000851][ T5871] usb 4-1: config 4 interface 144 has no altsetting 0
[  151.038658][ T5871] usb 4-1: New USB device found, idVendor=17cc, idProduct=0d8d, bcdDevice=84.b2
[  151.057047][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.065082][ T5871] usb 4-1: Product: syz
[  151.069649][ T5871] usb 4-1: Manufacturer: syz
[  151.074265][ T5871] usb 4-1: SerialNumber: syz
[  151.387828][ T6758] netlink: 20 bytes leftover after parsing attributes in process `syz.1.207'.
[  151.398211][ T6758] netlink: 20 bytes leftover after parsing attributes in process `syz.1.207'.
[  152.740545][ T5871] snd-usb-caiaq 4-1:4.144: can't set alt interface.
[  152.897069][ T5871] usb 4-1: unable to init card! (ret=-5)
[  152.903688][ T5871] snd-usb-caiaq 4-1:4.144: probe with driver snd-usb-caiaq failed with error -5
[  153.752551][ T5871] usb 4-1: USB disconnect, device number 10
[  163.398479][ T6856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.231'.
[  164.627456][ T6860] netlink: 'syz.2.233': attribute type 27 has an invalid length.
[  164.743007][ T6861] PKCS7: Unknown OID: [5] 0.0
[  164.887264][ T6861] PKCS7: Only support pkcs7_signedData type
[  165.038463][ T6860] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.048981][ T6860] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.412216][ T6870] sctp: [Deprecated]: syz.3.235 (pid 6870) Use of struct sctp_assoc_value in delayed_ack socket option.
[  165.412216][ T6870] Use struct sctp_sack_info instead
[  166.063418][ T6875] netlink: 'syz.4.236': attribute type 27 has an invalid length.
[  166.152821][ T6876] PKCS7: Unknown OID: [5] 0.0
[  166.157638][ T6876] PKCS7: Only support pkcs7_signedData type
[  168.386621][ T6860] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  168.460238][ T6860] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  168.864041][ T6900] =======================================================
[  168.864041][ T6900] WARNING: The mand mount option has been deprecated and
[  168.864041][ T6900]          and is ignored by this kernel. Remove the mand
[  168.864041][ T6900]          option from the mount to silence this warning.
[  168.864041][ T6900] =======================================================
[  169.548124][ T6860] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.747147][ T6860] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.756029][ T6860] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  170.121840][ T6860] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  171.302063][ T6923] FAULT_INJECTION: forcing a failure.
[  171.302063][ T6923] name failslab, interval 1, probability 0, space 0, times 0
[  171.315524][ T6923] CPU: 0 UID: 0 PID: 6923 Comm: syz.3.247 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  171.315541][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  171.315548][ T6923] Call Trace:
[  171.315552][ T6923]  <TASK>
[  171.315557][ T6923]  dump_stack_lvl+0x241/0x360
[  171.315580][ T6923]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.315592][ T6923]  ? __pfx__printk+0x10/0x10
[  171.315610][ T6923]  ? fs_reclaim_acquire+0x93/0x130
[  171.315619][ T6923]  ? __pfx___might_resched+0x10/0x10
[  171.315634][ T6923]  should_fail_ex+0x40a/0x550
[  171.315648][ T6923]  should_failslab+0xac/0x100
[  171.315662][ T6923]  __kmalloc_noprof+0xdd/0x4c0
[  171.315675][ T6923]  ? tomoyo_encode+0x26f/0x540
[  171.315694][ T6923]  tomoyo_encode+0x26f/0x540
[  171.315713][ T6923]  tomoyo_realpath_from_path+0x59e/0x5e0
[  171.315732][ T6923]  tomoyo_path_number_perm+0x236/0x860
[  171.315745][ T6923]  ? __lock_acquire+0x1397/0x2100
[  171.315759][ T6923]  ? tomoyo_path_number_perm+0x206/0x860
[  171.315774][ T6923]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  171.315810][ T6923]  ? __fget_files+0x2a/0x410
[  171.315824][ T6923]  ? __fget_files+0x2a/0x410
[  171.315840][ T6923]  security_file_ioctl+0xc6/0x2a0
[  171.315856][ T6923]  __se_sys_ioctl+0x46/0x170
[  171.315866][ T6923]  do_syscall_64+0xf3/0x230
[  171.315883][ T6923]  ? clear_bhb_loop+0x35/0x90
[  171.315900][ T6923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.315913][ T6923] RIP: 0033:0x7f598758cd29
[  171.315923][ T6923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.315931][ T6923] RSP: 002b:00007f598844c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  171.315950][ T6923] RAX: ffffffffffffffda RBX: 00007f59877a5fa0 RCX: 00007f598758cd29
[  171.315958][ T6923] RDX: 0000000020000140 RSI: 00000000c0185500 RDI: 0000000000000003
[  171.315964][ T6923] RBP: 00007f598844c090 R08: 0000000000000000 R09: 0000000000000000
[  171.315970][ T6923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.315976][ T6923] R13: 0000000000000000 R14: 00007f59877a5fa0 R15: 00007ffd700492a8
[  171.315991][ T6923]  </TASK>
[  171.316058][ T6923] ERROR: Out of memory at tomoyo_realpath_from_path.
[  171.541390][ T6875] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.550194][ T6875] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.557155][ T6923] usb usb1: check_ctrlrecip: process 6923 (syz.3.247) requesting ep 01 but needs 81
[  171.606500][ T6923] usb usb1: usbfs: process 6923 (syz.3.247) did not claim interface 0 before use
[  171.756429][ T6927] netlink: 104 bytes leftover after parsing attributes in process `syz.3.249'.
[  171.793948][ T6875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  171.814755][ T6927] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  171.823243][ T6875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  171.868906][ T6927] /dev/nullb0: Can't open blockdev
[  173.024511][ T6875] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.097039][ T6875] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.125330][ T6875] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.134849][ T6875] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.741499][ T6940] netlink: 36 bytes leftover after parsing attributes in process `syz.0.254'.
[  177.452724][ T6975] fuse: Unknown parameter 'rootmole'
[  181.020140][   T29] audit: type=1804 audit(2000000024.979:4): pid=7002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.269" name="/newroot/53/bus/file1" dev="overlay" ino=310 res=1 errno=0
[  181.864502][ T6874] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  182.341507][ T6874] usb 3-1: Using ep0 maxpacket: 16
[  182.352395][ T6874] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  182.369201][ T6874] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  182.389026][ T6874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.399504][ T6874] usb 3-1: Product: syz
[  182.407129][ T6874] usb 3-1: Manufacturer: syz
[  182.411999][ T6874] usb 3-1: SerialNumber: syz
[  182.427582][ T6874] usb 3-1: config 0 descriptor??
[  182.449828][ T6874] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  182.460025][ T6874] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  183.253922][ T7022] IPVS: length: 213 != 8
[  183.528885][ T6874] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  183.767076][    T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  183.941084][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.958620][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.981573][    T8] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  184.008859][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.099673][    T8] usb 5-1: config 0 descriptor??
[  184.260033][ T6874] em28xx 3-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=54)
[  184.277480][ T6874] em28xx 3-1:0.0: board has no eeprom
[  184.854191][    T8] usbhid 5-1:0.0: can't add hid device: -71
[  184.872457][    T8] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  184.907377][ T6874] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  184.925776][    T8] usb 5-1: USB disconnect, device number 5
[  184.935006][ T6874] em28xx 3-1:0.0: dvb set to bulk mode.
[  184.955352][ T6873] em28xx 3-1:0.0: Binding DVB extension
[  184.969200][ T6874] usb 3-1: USB disconnect, device number 4
[  184.986665][ T6874] em28xx 3-1:0.0: Disconnecting em28xx
[  185.014592][ T6873] em28xx 3-1:0.0: Registering input extension
[  185.043670][ T6874] em28xx 3-1:0.0: Closing input extension
[  185.495049][ T6874] em28xx 3-1:0.0: Freeing device
[  186.606700][ T7051] FAULT_INJECTION: forcing a failure.
[  186.606700][ T7051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.623778][ T7051] CPU: 0 UID: 0 PID: 7051 Comm: syz.4.284 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  186.623802][ T7051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  186.623808][ T7051] Call Trace:
[  186.623812][ T7051]  <TASK>
[  186.623818][ T7051]  dump_stack_lvl+0x241/0x360
[  186.623833][ T7051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.623842][ T7051]  ? __pfx__printk+0x10/0x10
[  186.623857][ T7051]  ? __pfx_lock_release+0x10/0x10
[  186.623873][ T7051]  should_fail_ex+0x40a/0x550
[  186.623887][ T7051]  _copy_from_iter+0x1e9/0x1c20
[  186.623901][ T7051]  ? __virt_addr_valid+0x183/0x530
[  186.623919][ T7051]  ? __alloc_skb+0x28f/0x440
[  186.623931][ T7051]  ? __pfx__copy_from_iter+0x10/0x10
[  186.623945][ T7051]  ? __virt_addr_valid+0x183/0x530
[  186.623957][ T7051]  ? __virt_addr_valid+0x183/0x530
[  186.623968][ T7051]  ? __virt_addr_valid+0x45f/0x530
[  186.623981][ T7051]  ? __phys_addr_symbol+0x2f/0x70
[  186.623993][ T7051]  ? __check_object_size+0x47a/0x730
[  186.624007][ T7051]  netlink_sendmsg+0x73d/0xcb0
[  186.624026][ T7051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.624045][ T7051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  186.624058][ T7051]  __sock_sendmsg+0x221/0x270
[  186.624070][ T7051]  ____sys_sendmsg+0x52a/0x7e0
[  186.624087][ T7051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  186.624100][ T7051]  ? __fget_files+0x2a/0x410
[  186.624114][ T7051]  ? __fget_files+0x2a/0x410
[  186.624130][ T7051]  __sys_sendmsg+0x269/0x350
[  186.624145][ T7051]  ? __pfx___sys_sendmsg+0x10/0x10
[  186.624164][ T7051]  ? do_sys_openat2+0x17a/0x1d0
[  186.624188][ T7051]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  186.624201][ T7051]  ? do_syscall_64+0x100/0x230
[  186.624214][ T7051]  ? do_syscall_64+0xb6/0x230
[  186.624227][ T7051]  do_syscall_64+0xf3/0x230
[  186.624238][ T7051]  ? clear_bhb_loop+0x35/0x90
[  186.624253][ T7051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.624265][ T7051] RIP: 0033:0x7fb11258cd29
[  186.624275][ T7051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.624282][ T7051] RSP: 002b:00007fb11339e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.624293][ T7051] RAX: ffffffffffffffda RBX: 00007fb1127a5fa0 RCX: 00007fb11258cd29
[  186.624299][ T7051] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004
[  186.624304][ T7051] RBP: 00007fb11339e090 R08: 0000000000000000 R09: 0000000000000000
[  186.624310][ T7051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.624315][ T7051] R13: 0000000000000000 R14: 00007fb1127a5fa0 R15: 00007ffdc65eae38
[  186.624329][ T7051]  </TASK>
[  186.879936][    C0] vkms_vblank_simulate: vblank timer overrun
[  189.741651][ T7083] netlink: 'syz.1.295': attribute type 27 has an invalid length.
[  189.855069][ T7084] PKCS7: Unknown OID: [5] 0.0
[  189.860119][ T7084] PKCS7: Only support pkcs7_signedData type
[  190.260331][ T7083] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.267815][ T7083] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.638738][ T5903] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  190.917035][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  190.993172][ T7101] netlink: 60 bytes leftover after parsing attributes in process `syz.2.301'.
[  191.681992][ T5903] usb 5-1: config 0 has no interfaces?
[  191.697469][ T5903] usb 5-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[  191.706989][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.724633][ T5903] usb 5-1: config 0 descriptor??
[  191.803007][ T7083] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.959895][ T7083] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.724260][ T7083] hsr0: left promiscuous mode
[  192.765731][    T9] usb 5-1: USB disconnect, device number 6
[  192.818427][ T7083] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  192.837994][ T7083] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  192.852112][ T7083] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  192.861657][ T7083] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.157667][ T7113] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  194.549331][ T7132] atomic_op ffff88805b3d4198 conn xmit_atomic 0000000000000000
[  194.602674][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  194.722409][ T6869] IPVS: starting estimator thread 0...
[  194.818847][ T7135] IPVS: using max 21 ests per chain, 50400 per kthread
[  195.643778][ T7128] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  195.893573][ T7146] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  197.022172][ T7164] FAULT_INJECTION: forcing a failure.
[  197.022172][ T7164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  197.056206][ T7164] CPU: 1 UID: 0 PID: 7164 Comm: syz.3.319 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  197.056241][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  197.056251][ T7164] Call Trace:
[  197.056257][ T7164]  <TASK>
[  197.056264][ T7164]  dump_stack_lvl+0x241/0x360
[  197.056285][ T7164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.056300][ T7164]  ? __pfx__printk+0x10/0x10
[  197.056321][ T7164]  ? __pfx_lock_release+0x10/0x10
[  197.056346][ T7164]  should_fail_ex+0x40a/0x550
[  197.056369][ T7164]  _copy_from_user+0x2d/0xb0
[  197.056386][ T7164]  copy_msghdr_from_user+0xae/0x680
[  197.056410][ T7164]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  197.056423][ T7164]  ? __fget_files+0x2a/0x410
[  197.056438][ T7164]  ? __fget_files+0x2a/0x410
[  197.056453][ T7164]  __sys_sendmsg+0x209/0x350
[  197.056470][ T7164]  ? __pfx___sys_sendmsg+0x10/0x10
[  197.056491][ T7164]  ? do_sys_openat2+0x17a/0x1d0
[  197.056515][ T7164]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  197.056527][ T7164]  ? do_syscall_64+0x100/0x230
[  197.056541][ T7164]  ? do_syscall_64+0xb6/0x230
[  197.056554][ T7164]  do_syscall_64+0xf3/0x230
[  197.056565][ T7164]  ? clear_bhb_loop+0x35/0x90
[  197.056579][ T7164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.056591][ T7164] RIP: 0033:0x7f598758cd29
[  197.056600][ T7164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.056607][ T7164] RSP: 002b:00007f598844c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  197.056619][ T7164] RAX: ffffffffffffffda RBX: 00007f59877a5fa0 RCX: 00007f598758cd29
[  197.056625][ T7164] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004
[  197.056631][ T7164] RBP: 00007f598844c090 R08: 0000000000000000 R09: 0000000000000000
[  197.056636][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.056641][ T7164] R13: 0000000000000000 R14: 00007f59877a5fa0 R15: 00007ffd700492a8
[  197.056654][ T7164]  </TASK>
[  197.371797][ T7163] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  197.436188][ T5903] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  198.247175][ T5903] usb 3-1: Using ep0 maxpacket: 8
[  198.254063][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.277267][ T5903] usb 3-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[  198.286692][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.332136][ T5903] usb 3-1: config 0 descriptor??
[  198.377852][ T5903] cdc_acm 3-1:0.0: Zero length descriptor references
[  198.384649][ T5903] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  198.497298][   T51] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  198.687594][   T51] usb 5-1: device descriptor read/64, error -71
[  198.732063][ T5910] usb 3-1: USB disconnect, device number 5
[  198.967265][   T51] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  199.151595][   T51] usb 5-1: device descriptor read/64, error -71
[  199.279176][   T51] usb usb5-port1: attempt power cycle
[  199.799598][ T7197] netlink: 36 bytes leftover after parsing attributes in process `syz.2.330'.
[  200.532894][   T51] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  200.568195][   T51] usb 5-1: device descriptor read/8, error -71
[  201.051367][   T51] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  201.275681][   T51] usb 5-1: device descriptor read/8, error -71
[  201.398950][   T51] usb usb5-port1: unable to enumerate USB device
[  202.347196][ T7215] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  207.285155][ T7258] usb usb8: usbfs: process 7258 (syz.1.346) did not claim interface 0 before use
[  207.432975][ T7263] netlink: 'syz.0.347': attribute type 13 has an invalid length.
[  208.126379][ T7268] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  208.827318][ T6869] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  209.348319][ T6869] usb 3-1: Using ep0 maxpacket: 16
[  209.355521][ T6869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  209.368453][ T6869] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  209.377967][ T6869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.386132][ T6869] usb 3-1: Product: syz
[  209.390651][ T6869] usb 3-1: Manufacturer: syz
[  209.395391][ T6869] usb 3-1: SerialNumber: syz
[  209.508036][ T6869] usb 3-1: config 0 descriptor??
[  209.544606][ T6869] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  210.029229][ T6869] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  210.987522][ T6869] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  211.328049][ T5910] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  211.504733][ T7309] netlink: 16 bytes leftover after parsing attributes in process `syz.0.360'.
[  211.612475][ T7314] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  211.648241][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.666452][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.685840][ T5910] usb 4-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  211.702900][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.723763][ T5910] usb 4-1: config 0 descriptor??
[  212.208959][ T6869] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  212.367032][ T6869] em28xx 3-1:0.0: board has no eeprom
[  212.424845][ T7324] syz_tun: entered allmulticast mode
[  213.097121][ T6869] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  213.138012][ T6869] em28xx 3-1:0.0: dvb set to bulk mode.
[  213.161212][ T7324] syz_tun: left allmulticast mode
[  213.187689][ T6888] em28xx 3-1:0.0: Binding DVB extension
[  213.220671][ T6869] usb 3-1: USB disconnect, device number 6
[  213.250698][ T6869] em28xx 3-1:0.0: Disconnecting em28xx
[  213.263098][    T9] IPVS: starting estimator thread 0...
[  213.327892][ T6888] em28xx 3-1:0.0: Registering input extension
[  213.336462][ T5910] usbhid 4-1:0.0: can't add hid device: -71
[  213.342866][ T5910] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  213.353087][ T5910] usb 4-1: USB disconnect, device number 11
[  214.223080][ T6869] em28xx 3-1:0.0: Closing input extension
[  214.242740][ T6869] em28xx 3-1:0.0: Freeing device
[  214.267438][ T7337] IPVS: using max 20 ests per chain, 48000 per kthread
[  215.310119][ T6888] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  215.390567][ T7353] openvswitch: netlink: Key 24 has unexpected len 28 expected 4
[  215.497107][ T6888] usb 5-1: device descriptor read/64, error -71
[  215.908743][ T6888] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  216.090237][ T6888] usb 5-1: device descriptor read/64, error -71
[  216.237060][ T6888] usb usb5-port1: attempt power cycle
[  216.745497][ T6888] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  216.950447][ T6888] usb 5-1: device descriptor read/8, error -71
[  217.441900][ T6888] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  217.484835][ T6888] usb 5-1: device descriptor read/8, error -71
[  217.738892][ T6888] usb usb5-port1: unable to enumerate USB device
[  224.698347][ T7432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.716892][ T7432] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.607108][ T6869] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  226.358889][ T6869] usb 3-1: Invalid ep0 maxpacket: 64
[  226.522702][ T6869] usb 3-1: new low-speed USB device number 8 using dummy_hcd
[  227.177399][ T5910] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  227.569349][ T6869] usb 3-1: Invalid ep0 maxpacket: 64
[  227.575091][ T6869] usb usb3-port1: attempt power cycle
[  227.608047][ T5910] usb 1-1: Using ep0 maxpacket: 8
[  227.622676][ T5910] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  227.648101][ T5910] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  227.657807][ T5910] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.667782][ T5910] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  227.677063][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.692448][ T5910] hub 1-1:1.0: bad descriptor, ignoring hub
[  227.700799][ T5910] hub 1-1:1.0: probe with driver hub failed with error -5
[  227.738686][ T5910] cdc_wdm 1-1:1.0: skipping garbage
[  227.743948][ T5910] cdc_wdm 1-1:1.0: skipping garbage
[  227.770043][ T5910] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  228.007422][ T7441] kexec: Could not allocate control_code_buffer
[  228.108395][ T7459] FAULT_INJECTION: forcing a failure.
[  228.108395][ T7459] name failslab, interval 1, probability 0, space 0, times 0
[  228.121570][ T7459] CPU: 0 UID: 0 PID: 7459 Comm: syz.3.401 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  228.121600][ T7459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  228.121610][ T7459] Call Trace:
[  228.121617][ T7459]  <TASK>
[  228.121624][ T7459]  dump_stack_lvl+0x241/0x360
[  228.121649][ T7459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.121666][ T7459]  ? __pfx__printk+0x10/0x10
[  228.121690][ T7459]  ? kmem_cache_alloc_noprof+0x48/0x380
[  228.121712][ T7459]  ? __pfx___might_resched+0x10/0x10
[  228.121735][ T7459]  should_fail_ex+0x40a/0x550
[  228.121757][ T7459]  should_failslab+0xac/0x100
[  228.121777][ T7459]  ? getname_flags+0xb7/0x540
[  228.121795][ T7459]  kmem_cache_alloc_noprof+0x70/0x380
[  228.121820][ T7459]  getname_flags+0xb7/0x540
[  228.121846][ T7459]  do_sys_openat2+0xd2/0x1d0
[  228.121863][ T7459]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  228.121885][ T7459]  ? __pfx_do_sys_openat2+0x10/0x10
[  228.121905][ T7459]  ? __fget_files+0x2a/0x410
[  228.121942][ T7459]  __x64_sys_creat+0x123/0x170
[  228.121962][ T7459]  ? __pfx___x64_sys_creat+0x10/0x10
[  228.121991][ T7459]  ? do_syscall_64+0x100/0x230
[  228.122014][ T7459]  ? do_syscall_64+0xb6/0x230
[  228.122036][ T7459]  do_syscall_64+0xf3/0x230
[  228.122055][ T7459]  ? clear_bhb_loop+0x35/0x90
[  228.122078][ T7459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.122098][ T7459] RIP: 0033:0x7f598758cd29
[  228.122115][ T7459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.122127][ T7459] RSP: 002b:00007f598840a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  228.122145][ T7459] RAX: ffffffffffffffda RBX: 00007f59877a6160 RCX: 00007f598758cd29
[  228.122157][ T7459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300
[  228.122167][ T7459] RBP: 00007f598840a090 R08: 0000000000000000 R09: 0000000000000000
[  228.122176][ T7459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.122186][ T7459] R13: 0000000000000000 R14: 00007f59877a6160 R15: 00007ffd700492a8
[  228.122211][ T7459]  </TASK>
[  228.788373][ T5910] usb 1-1: USB disconnect, device number 6
[  228.908179][ T7461] netlink: 36 bytes leftover after parsing attributes in process `syz.1.402'.
[  231.845806][ T5903] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  231.997121][ T5903] usb 3-1: device descriptor read/64, error -71
[  233.139730][ T5903] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  233.337078][ T5903] usb 3-1: device descriptor read/64, error -71
[  233.977850][ T5903] usb usb3-port1: attempt power cycle
[  233.997257][    T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  234.009601][ T7511] FAULT_INJECTION: forcing a failure.
[  234.009601][ T7511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.132048][ T7511] CPU: 1 UID: 0 PID: 7511 Comm: syz.1.413 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  234.132074][ T7511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  234.132083][ T7511] Call Trace:
[  234.132089][ T7511]  <TASK>
[  234.132096][ T7511]  dump_stack_lvl+0x241/0x360
[  234.132122][ T7511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.132138][ T7511]  ? __pfx__printk+0x10/0x10
[  234.132165][ T7511]  ? snprintf+0xda/0x120
[  234.132184][ T7511]  should_fail_ex+0x40a/0x550
[  234.132207][ T7511]  _copy_to_user+0x31/0xb0
[  234.132225][ T7511]  simple_read_from_buffer+0xca/0x150
[  234.132248][ T7511]  proc_fail_nth_read+0x1e9/0x250
[  234.132270][ T7511]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.132291][ T7511]  ? rw_verify_area+0x243/0x630
[  234.132313][ T7511]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.132332][ T7511]  vfs_read+0x1f8/0xb40
[  234.132356][ T7511]  ? fdget_pos+0x254/0x320
[  234.132376][ T7511]  ? __pfx___mutex_lock+0x10/0x10
[  234.132396][ T7511]  ? __pfx_vfs_read+0x10/0x10
[  234.132421][ T7511]  ? __fget_files+0x2a/0x410
[  234.132442][ T7511]  ? __fget_files+0x395/0x410
[  234.132460][ T7511]  ? __fget_files+0x2a/0x410
[  234.132488][ T7511]  ksys_read+0x18f/0x2b0
[  234.132505][ T7511]  ? __pfx_ksys_read+0x10/0x10
[  234.132521][ T7511]  ? do_syscall_64+0x100/0x230
[  234.132543][ T7511]  ? do_syscall_64+0xb6/0x230
[  234.132565][ T7511]  do_syscall_64+0xf3/0x230
[  234.132584][ T7511]  ? clear_bhb_loop+0x35/0x90
[  234.132607][ T7511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.132626][ T7511] RIP: 0033:0x7fb04ed8b73c
[  234.132642][ T7511] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  234.132654][ T7511] RSP: 002b:00007fb04fc88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  234.132671][ T7511] RAX: ffffffffffffffda RBX: 00007fb04efa5fa0 RCX: 00007fb04ed8b73c
[  234.132683][ T7511] RDX: 000000000000000f RSI: 00007fb04fc880a0 RDI: 0000000000000004
[  234.132693][ T7511] RBP: 00007fb04fc88090 R08: 0000000000000000 R09: 0000000000000014
[  234.132702][ T7511] R10: 0000000000044010 R11: 0000000000000246 R12: 0000000000000001
[  234.132712][ T7511] R13: 0000000000000000 R14: 00007fb04efa5fa0 R15: 00007fffbf590558
[  234.132739][ T7511]  </TASK>
[  235.027109][    T9] usb 5-1: Using ep0 maxpacket: 16
[  235.035557][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  235.156353][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  235.208296][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  235.214043][ T7517] netlink: 28 bytes leftover after parsing attributes in process `syz.3.414'.
[  235.233166][ T7517] netlink: 28 bytes leftover after parsing attributes in process `syz.3.414'.
[  235.643705][    T9] usb 5-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=94.47
[  235.908092][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.916141][    T9] usb 5-1: Product: syz
[  235.916226][ T5827] Bluetooth: hci4: command 0x0c1a tx timeout
[  236.185333][    T9] usb 5-1: Manufacturer: syz
[  236.392785][    T9] usb 5-1: SerialNumber: syz
[  236.406221][    T9] usb 5-1: config 0 descriptor??
[  236.411986][    T9] usb 5-1: can't set config #0, error -71
[  236.418696][    T9] usb 5-1: USB disconnect, device number 15
[  237.552558][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  237.684843][ T6888] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  237.773924][    T9] usb 5-1: Using ep0 maxpacket: 32
[  237.843767][ T6888] usb 2-1: device descriptor read/64, error -71
[  237.936757][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  238.009876][    T9] usb 5-1: config index 0 descriptor too short (expected 28690, got 18)
[  238.052997][    T9] usb 5-1: config 0 has too many interfaces: 240, using maximum allowed: 32
[  238.384730][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 240
[  238.394411][    T9] usb 5-1: config 0 has no interface number 0
[  238.414186][ T6888] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  238.454756][    T9] usb 5-1: config 0 interface 187 has no altsetting 0
[  238.486775][    T9] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  238.507075][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.537164][    T9] usb 5-1: Product: syz
[  238.541391][    T9] usb 5-1: Manufacturer: syz
[  238.546029][    T9] usb 5-1: SerialNumber: syz
[  238.587094][ T6888] usb 2-1: device descriptor read/64, error -71
[  238.598685][    T9] usb 5-1: config 0 descriptor??
[  238.717536][ T6888] usb usb2-port1: attempt power cycle
[  239.058344][ T6888] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  239.129537][ T6888] usb 2-1: device descriptor read/8, error -71
[  239.218479][    T9] usb 5-1: Cannot retrieve CPort count: -110
[  239.224853][    T9] usb 5-1: Cannot retrieve CPort count: -110
[  239.243401][    T9] es2_ap_driver 5-1:0.187: probe with driver es2_ap_driver failed with error -110
[  239.378178][    T9] usb 5-1: USB disconnect, device number 16
[  239.407204][ T6888] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  239.428483][ T6888] usb 2-1: device descriptor read/8, error -71
[  239.537359][ T6888] usb usb2-port1: unable to enumerate USB device
[  239.687627][ T5910] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  239.867202][ T5910] usb 3-1: Using ep0 maxpacket: 8
[  239.923414][ T5910] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  240.028375][ T5910] usb 3-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[  240.118484][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.244749][ T5910] usb 3-1: config 0 descriptor??
[  240.267126][ T7573] netlink: 40 bytes leftover after parsing attributes in process `syz.1.431'.
[  240.330223][ T5910] cdc_acm 3-1:0.0: skipping garbage
[  240.650768][ T5910] usb 3-1: USB disconnect, device number 13
[  242.979532][ T7593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.035022][ T7593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.187307][ T5910] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  243.527333][ T5910] usb 4-1: Using ep0 maxpacket: 16
[  243.983524][ T5910] usb 4-1: config 0 has an invalid interface number: 142 but max is 0
[  244.012782][ T5910] usb 4-1: config 0 has an invalid descriptor of length 159, skipping remainder of the config
[  244.032420][ T5910] usb 4-1: config 0 has no interface number 0
[  244.038886][ T5910] usb 4-1: config 0 interface 142 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  244.055399][ T5910] usb 4-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=91.0d
[  244.067176][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.085532][ T5910] usb 4-1: Product: syz
[  244.093181][ T5910] usb 4-1: Manufacturer: syz
[  244.102052][ T5910] usb 4-1: SerialNumber: syz
[  244.118363][ T5910] usb 4-1: config 0 descriptor??
[  244.332081][ T5910] s2255 4-1:0.142: Could not find bulk-in endpoint
[  244.371516][ T5910] Sensoray 2255 driver load failed: 0xfffffff4
[  244.641358][ T5910] s2255 4-1:0.142: probe with driver s2255 failed with error -12
[  244.687524][ T5910] usb 4-1: USB disconnect, device number 12
[  245.296762][ T7623] capability: warning: `syz.3.444' uses deprecated v2 capabilities in a way that may be insecure
[  245.409679][ T7623] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  245.416966][ T7623] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  245.582614][ T7623] vhci_hcd vhci_hcd.0: Device attached
[  246.437692][    T9] vhci_hcd: vhci_device speed not set
[  246.557260][ T5870] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  246.587200][    T9] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  247.619838][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  247.808534][ T5870] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  247.854591][ T5870] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  247.886489][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.910221][ T5870] usb 4-1: Product: syz
[  247.914413][ T5870] usb 4-1: Manufacturer: syz
[  247.927300][ T5870] usb 4-1: SerialNumber: syz
[  247.943181][ T5870] usb 4-1: config 0 descriptor??
[  247.959150][ T5870] visor 4-1:0.0: Sony Clie 3.5 converter detected
[  248.160813][ T6888] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  248.554350][ T5870] usb 4-1: clie_3_5_startup: get interface number failed: -71
[  248.557238][ T7631] vhci_hcd: connection reset by peer
[  248.569663][ T5870] visor 4-1:0.0: probe with driver visor failed with error -71
[  248.603089][ T5936] vhci_hcd: stop threads
[  248.619346][ T5870] usb 4-1: USB disconnect, device number 13
[  248.622022][ T5936] vhci_hcd: release socket
[  248.650488][ T5936] vhci_hcd: disconnect device
[  248.689023][ T6888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.727034][ T6888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.732164][ T7657] evm: overlay not supported
[  248.752641][ T6888] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  248.786709][ T6888] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  248.802116][   T29] audit: type=1804 audit(2000000092.759:5): pid=7660 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.453" name="/newroot/90/bus/bus" dev="overlay" ino=499 res=1 errno=0
[  248.846050][ T6888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.867369][ T6888] usb 3-1: config 0 descriptor??
[  249.530931][ T6888] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  249.577461][ T6888] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  250.485349][ T6888] IPVS: starting estimator thread 0...
[  250.768023][ T5870] usb 3-1: USB disconnect, device number 14
[  250.774753][ T7673] IPVS: using max 26 ests per chain, 62400 per kthread
[  250.977938][ T7677] process 'syz.4.460' launched '/dev/fd/3' with NULL argv: empty string added
[  251.797077][    T9] vhci_hcd: vhci_device speed not set
[  252.787290][ T5910] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  253.077576][ T5910] usb 1-1: Using ep0 maxpacket: 32
[  253.091432][ T5910] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.233688][ T5910] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  253.331063][ T5910] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  253.456088][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.799277][ T5910] usb 1-1: Product: syz
[  253.817487][ T5910] usb 1-1: Manufacturer: syz
[  253.843803][ T5910] usb 1-1: SerialNumber: syz
[  253.971404][ T5910] usb 1-1: config 0 descriptor??
[  253.986023][ T5910] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  254.050120][ T5910] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  255.917784][   T51] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  256.068300][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  256.307607][   T51] usb 2-1: Using ep0 maxpacket: 8
[  256.321796][   T51] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  256.340920][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  256.360963][   T51] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  256.381915][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  256.394260][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  256.413137][   T51] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  256.420927][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  256.494182][   T51] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  256.690401][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  256.939569][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  257.167265][   T51] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  257.192513][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  257.236581][ T7739] FAULT_INJECTION: forcing a failure.
[  257.236581][ T7739] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.246812][ T5870] usb 1-1: USB disconnect, device number 7
[  257.255961][ T7739] CPU: 0 UID: 0 PID: 7739 Comm: syz.2.480 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  257.255983][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  257.255991][ T7739] Call Trace:
[  257.255997][ T7739]  <TASK>
[  257.256003][ T7739]  dump_stack_lvl+0x241/0x360
[  257.256029][ T7739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.256044][ T7739]  ? __pfx__printk+0x10/0x10
[  257.256085][ T7739]  ? __pfx_lock_release+0x10/0x10
[  257.256113][ T7739]  should_fail_ex+0x40a/0x550
[  257.256136][ T7739]  _copy_from_user+0x2d/0xb0
[  257.256153][ T7739]  copy_msghdr_from_user+0xae/0x680
[  257.256178][ T7739]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  257.256194][ T7739]  ? __fget_files+0x2a/0x410
[  257.256215][ T7739]  ? __fget_files+0x2a/0x410
[  257.256240][ T7739]  __sys_recvmsg+0x200/0x390
[  257.256267][ T7739]  ? __pfx___sys_recvmsg+0x10/0x10
[  257.256295][ T7739]  ? fput+0x2d/0x290
[  257.256316][ T7739]  ? fput+0x3a/0x290
[  257.256352][ T7739]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  257.256373][ T7739]  ? do_syscall_64+0x100/0x230
[  257.256394][ T7739]  ? do_syscall_64+0xb6/0x230
[  257.256415][ T7739]  do_syscall_64+0xf3/0x230
[  257.256434][ T7739]  ? clear_bhb_loop+0x35/0x90
[  257.256457][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.256477][ T7739] RIP: 0033:0x7f884238cd29
[  257.256492][ T7739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.256505][ T7739] RSP: 002b:00007f8843111038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  257.256523][ T7739] RAX: ffffffffffffffda RBX: 00007f88425a6080 RCX: 00007f884238cd29
[  257.256535][ T7739] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000005
[  257.256544][ T7739] RBP: 00007f8843111090 R08: 0000000000000000 R09: 0000000000000000
[  257.256553][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.256562][ T7739] R13: 0000000000000000 R14: 00007f88425a6080 R15: 00007ffd109584b8
[  257.256585][ T7739]  </TASK>
[  257.872776][   T51] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  258.198700][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  258.256744][   T51] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  259.291001][   T51] usb 2-1: string descriptor 0 read error: -71
[  259.322808][   T51] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  259.607759][   T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.785347][   T51] usb 2-1: can't set config #168, error -71
[  260.133896][   T51] usb 2-1: USB disconnect, device number 9
[  261.006843][ T7752] netlink: 'syz.1.484': attribute type 27 has an invalid length.
[  261.033645][ T7752] PKCS7: Unknown OID: [5] 0.0
[  261.038583][ T7752] PKCS7: Only support pkcs7_signedData type
[  262.008904][ T7784] xt_CT: You must specify a L4 protocol and not use inversions on it
[  262.009491][ T7783] xt_CT: You must specify a L4 protocol and not use inversions on it
[  262.160727][ T7789] overlayfs: overlapping lowerdir path
[  262.245306][ T7790] overlayfs: missing 'lowerdir'
[  264.973115][ T7815] FAULT_INJECTION: forcing a failure.
[  264.973115][ T7815] name failslab, interval 1, probability 0, space 0, times 0
[  265.194135][ T7815] CPU: 0 UID: 0 PID: 7815 Comm: syz.1.501 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  265.194154][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  265.194161][ T7815] Call Trace:
[  265.194164][ T7815]  <TASK>
[  265.194169][ T7815]  dump_stack_lvl+0x241/0x360
[  265.194186][ T7815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.194195][ T7815]  ? __pfx__printk+0x10/0x10
[  265.194210][ T7815]  ? __kmalloc_cache_noprof+0x48/0x390
[  265.194229][ T7815]  ? __pfx___might_resched+0x10/0x10
[  265.194239][ T7815]  ? dev_prep_valid_name+0x916/0xa40
[  265.194252][ T7815]  should_fail_ex+0x40a/0x550
[  265.194266][ T7815]  should_failslab+0xac/0x100
[  265.194279][ T7815]  __kmalloc_cache_noprof+0x70/0x390
[  265.194290][ T7815]  ? register_netdevice+0x59c/0x1b10
[  265.194306][ T7815]  register_netdevice+0x59c/0x1b10
[  265.194321][ T7815]  ? __pfx_lock_acquire+0x10/0x10
[  265.194333][ T7815]  ? net_generic+0x1f/0x240
[  265.194349][ T7815]  ? ip_tunnel_find+0x53b/0x610
[  265.194362][ T7815]  ? __pfx_register_netdevice+0x10/0x10
[  265.194377][ T7815]  ? __pfx_ip_tunnel_find+0x10/0x10
[  265.194391][ T7815]  ? ip_tunnel_newlink+0x274/0x940
[  265.194408][ T7815]  ip_tunnel_newlink+0x29d/0x940
[  265.194425][ T7815]  ? __pfx_ip_tunnel_newlink+0x10/0x10
[  265.194442][ T7815]  ? ip_tunnel_netlink_parms+0x3c2/0x590
[  265.194453][ T7815]  ipip_newlink+0x265/0x340
[  265.194461][ T7815]  ? sized_strscpy+0x9a/0x2b0
[  265.194477][ T7815]  ? __pfx_ipip_newlink+0x10/0x10
[  265.194486][ T7815]  ? alloc_netdev_mqs+0xde1/0x1110
[  265.194504][ T7815]  ? rtnl_create_link+0x91c/0xc20
[  265.194518][ T7815]  ? __pfx_ipip_newlink+0x10/0x10
[  265.194528][ T7815]  rtnl_newlink_create+0x2ee/0xa40
[  265.194544][ T7815]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  265.194558][ T7815]  ? ns_capable+0x8a/0xf0
[  265.194570][ T7815]  rtnl_newlink+0x1c7e/0x2210
[  265.194588][ T7815]  ? __pfx_rtnl_newlink+0x10/0x10
[  265.194597][ T7815]  ? __pfx_validate_chain+0x10/0x10
[  265.194621][ T7815]  ? validate_chain+0x11e/0x5920
[  265.194634][ T7815]  ? __pfx_lock_acquire+0x10/0x10
[  265.194647][ T7815]  ? __pfx_lock_release+0x10/0x10
[  265.194660][ T7815]  ? __pfx_validate_chain+0x10/0x10
[  265.194674][ T7815]  ? mark_lock+0x9a/0x360
[  265.194689][ T7815]  ? __lock_acquire+0x1397/0x2100
[  265.194716][ T7815]  ? __pfx_lock_release+0x10/0x10
[  265.194735][ T7815]  ? __pfx_rtnl_newlink+0x10/0x10
[  265.194746][ T7815]  rtnetlink_rcv_msg+0x791/0xcf0
[  265.194755][ T7815]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  265.194765][ T7815]  ? __lock_acquire+0x1397/0x2100
[  265.194777][ T7815]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  265.194795][ T7815]  netlink_rcv_skb+0x1e3/0x430
[  265.194809][ T7815]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  265.194820][ T7815]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  265.194844][ T7815]  ? netlink_deliver_tap+0x2e/0x1b0
[  265.194859][ T7815]  netlink_unicast+0x7f6/0x990
[  265.194875][ T7815]  ? __pfx_netlink_unicast+0x10/0x10
[  265.194885][ T7815]  ? __virt_addr_valid+0x45f/0x530
[  265.194899][ T7815]  ? __phys_addr_symbol+0x2f/0x70
[  265.194911][ T7815]  ? __check_object_size+0x47a/0x730
[  265.194925][ T7815]  netlink_sendmsg+0x8e4/0xcb0
[  265.194945][ T7815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  265.194964][ T7815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  265.194977][ T7815]  __sock_sendmsg+0x221/0x270
[  265.194989][ T7815]  ____sys_sendmsg+0x52a/0x7e0
[  265.195007][ T7815]  ? __pfx_____sys_sendmsg+0x10/0x10
[  265.195019][ T7815]  ? __fget_files+0x2a/0x410
[  265.195033][ T7815]  ? __fget_files+0x2a/0x410
[  265.195049][ T7815]  __sys_sendmsg+0x269/0x350
[  265.195065][ T7815]  ? __pfx___sys_sendmsg+0x10/0x10
[  265.195085][ T7815]  ? do_sys_openat2+0x17a/0x1d0
[  265.195111][ T7815]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  265.195124][ T7815]  ? do_syscall_64+0x100/0x230
[  265.195137][ T7815]  ? do_syscall_64+0xb6/0x230
[  265.195150][ T7815]  do_syscall_64+0xf3/0x230
[  265.195161][ T7815]  ? clear_bhb_loop+0x35/0x90
[  265.195177][ T7815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.195189][ T7815] RIP: 0033:0x7fb04ed8cd29
[  265.195198][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.195205][ T7815] RSP: 002b:00007fb04fc88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  265.195216][ T7815] RAX: ffffffffffffffda RBX: 00007fb04efa5fa0 RCX: 00007fb04ed8cd29
[  265.195228][ T7815] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  265.195234][ T7815] RBP: 00007fb04fc88090 R08: 0000000000000000 R09: 0000000000000000
[  265.195239][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  265.195244][ T7815] R13: 0000000000000000 R14: 00007fb04efa5fa0 R15: 00007fffbf590558
[  265.195259][ T7815]  </TASK>
[  265.653514][    C0] vkms_vblank_simulate: vblank timer overrun
[  265.835725][ T7823] netlink: 'syz.4.502': attribute type 27 has an invalid length.
[  265.850346][ T7823] PKCS7: Unknown OID: [5] 0.0
[  265.855114][ T7823] PKCS7: Only support pkcs7_signedData type
[  266.948078][ T7835] netlink: 252 bytes leftover after parsing attributes in process `syz.1.507'.
[  266.957391][ T7835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.507'.
[  268.928828][ T5903] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  269.222192][ T7840] kvm: pic: non byte write
[  269.267042][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  269.288137][ T5903] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  269.319772][ T5903] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  269.339188][ T5903] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.877477][ T5903] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  269.886618][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.961409][ T5903] usb 5-1: can't set config #1, error -71
[  270.216532][ T5903] usb 5-1: USB disconnect, device number 17
[  273.896431][ T7895] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  273.902997][ T7895] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  274.481644][ T7895] vhci_hcd vhci_hcd.0: Device attached
[  274.630434][ T7896] vhci_hcd: connection closed
[  274.652218][ T5936] vhci_hcd: stop threads
[  274.690092][ T5936] vhci_hcd: release socket
[  274.696244][ T5936] vhci_hcd: disconnect device
[  275.207573][   T51] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  275.218899][ T5910] usb 38-1: enqueue for inactive port 0
[  275.400076][   T51] usb 2-1: Using ep0 maxpacket: 8
[  275.441040][   T51] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  275.507336][   T51] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  275.553891][   T51] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.626515][   T51] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  275.702056][   T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.785215][   T51] hub 2-1:1.0: bad descriptor, ignoring hub
[  275.805487][ T5910] usb usb38-port1: attempt power cycle
[  275.831523][   T51] hub 2-1:1.0: probe with driver hub failed with error -5
[  275.859757][   T51] cdc_wdm 2-1:1.0: skipping garbage
[  275.887233][   T51] cdc_wdm 2-1:1.0: skipping garbage
[  275.897133][   T51] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  275.997323][ T7916] bridge0: port 3(bond0) entered blocking state
[  276.037233][ T7916] bridge0: port 3(bond0) entered disabled state
[  276.212007][ T5826] Bluetooth: hci3: unexpected event for opcode 0x041c
[  276.831747][ T5870] usb 2-1: USB disconnect, device number 10
[  276.879882][ T7922] netlink: 'syz.0.531': attribute type 27 has an invalid length.
[  276.913520][ T7916] bond0: entered allmulticast mode
[  277.059091][ T7916] bond_slave_0: entered allmulticast mode
[  277.121918][ T5910] usb usb38-port1: unable to enumerate USB device
[  277.257365][ T7916] bond_slave_1: entered allmulticast mode
[  277.540931][ T7916] bond0: entered promiscuous mode
[  277.602063][ T7916] bond_slave_0: entered promiscuous mode
[  277.631453][ T7916] bond_slave_1: entered promiscuous mode
[  277.716648][ T7916] bridge0: port 3(bond0) entered blocking state
[  277.723162][ T7916] bridge0: port 3(bond0) entered forwarding state
[  278.578420][ T7922] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.586051][ T7922] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.766761][ T7922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.790146][ T7922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.849812][ T7922] hsr0: left promiscuous mode
[  280.784712][ T7922] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  280.812439][ T7922] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  280.823495][ T7922] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  280.841248][ T7922] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  282.407821][ T7942] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  282.426366][ T7942] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  282.436448][ T7942] bond0 (unregistering): Released all slaves
[  283.917455][   T51] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  284.111211][   T51] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  284.251124][ T7997] atomic_op ffff88805b636998 conn xmit_atomic 0000000000000000
[  284.281028][   T51] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  284.537040][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  284.566429][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  284.583619][ T8003] netlink: 32 bytes leftover after parsing attributes in process `syz.1.554'.
[  284.627469][   T51] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  284.645332][   T51] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  284.664936][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  284.700254][   T51] usb 3-1: Product: syz
[  284.703064][ T5936] Bluetooth: hci5: Frame reassembly failed (-84)
[  284.704575][   T51] usb 3-1: Manufacturer: syz
[  284.704607][   T51] usb 3-1: SerialNumber: syz
[  284.718075][   T51] usb 3-1: config 0 descriptor??
[  284.745058][ T8005] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  284.944322][   T51] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  284.954999][   T51] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  285.487266][   T51] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110
[  285.511612][   T51] radio-si470x 3-1:0.0: si470x_get_scratch: si470x_get_report returned -110
[  285.522443][   T51] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[  286.380905][ T8029] netlink: 36 bytes leftover after parsing attributes in process `syz.4.559'.
[  286.892903][ T5827] Bluetooth: hci5: command 0x1003 tx timeout
[  286.925992][ T5826] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  287.139726][ T8036] warning: `syz.4.562' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  287.863257][ T8040] 9pnet: Could not find request transport: fd0x0000000000000005
[  288.738839][ T8055] netlink: 'syz.0.568': attribute type 27 has an invalid length.
[  289.255153][ T8058] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  289.284137][ T8058] atomic_op ffff888078c3d998 conn xmit_atomic 0000000000000000
[  289.548495][ T5903] usb 3-1: USB disconnect, device number 15
[  289.667366][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  289.907197][    T9] usb 1-1: Using ep0 maxpacket: 16
[  289.914436][    T9] usb 1-1: config 8 has an invalid interface number: 206 but max is 0
[  289.933492][    T9] usb 1-1: config 8 has an invalid descriptor of length 255, skipping remainder of the config
[  289.977509][    T9] usb 1-1: config 8 has no interface number 0
[  290.024872][    T9] usb 1-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[  290.843893][    T9] usb 1-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[  290.862585][    T9] usb 1-1: config 8 interface 206 has no altsetting 0
[  290.872463][    T9] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  290.885153][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.966392][    T9] usb 1-1: Product: syz
[  291.021353][    T9] usb 1-1: Manufacturer: syz
[  291.151536][    T9] usb 1-1: SerialNumber: syz
[  291.151800][ T8076] overlay: ./bus is not a directory
[  291.393757][    T9] garmin_gps 1-1:8.206: Garmin GPS usb/tty converter detected
[  292.217708][    T9] usb 1-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[  292.283612][    T9] usb 1-1: USB disconnect, device number 8
[  292.320226][    T9] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[  292.358458][    T9] garmin_gps 1-1:8.206: device disconnected
[  293.484586][ T8101] sock: sock_set_timeout: `syz.0.581' (pid 8101) tries to set negative timeout
[  293.908987][ T8106] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  293.920129][ T8106] atomic_op ffff8880292ed198 conn xmit_atomic 0000000000000000
[  294.010335][ T8111] netlink: 16 bytes leftover after parsing attributes in process `syz.0.581'.
[  294.108454][ T8114] input: syz0 as /devices/virtual/input/input10
[  294.299618][ T8117] netlink: 'syz.2.585': attribute type 1 has an invalid length.
[  294.309366][ T8117] netlink: 92 bytes leftover after parsing attributes in process `syz.2.585'.
[  295.999104][ T8123] FAULT_INJECTION: forcing a failure.
[  295.999104][ T8123] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.027483][ T8123] CPU: 1 UID: 0 PID: 8123 Comm: syz.1.588 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  296.027511][ T8123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  296.027520][ T8123] Call Trace:
[  296.027526][ T8123]  <TASK>
[  296.027533][ T8123]  dump_stack_lvl+0x241/0x360
[  296.027558][ T8123]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.027574][ T8123]  ? __pfx__printk+0x10/0x10
[  296.027595][ T8123]  ? tomoyo_path_number_perm+0x6f9/0x860
[  296.027613][ T8123]  ? __pfx_lock_release+0x10/0x10
[  296.027633][ T8123]  ? tomoyo_path_number_perm+0x206/0x860
[  296.027657][ T8123]  should_fail_ex+0x40a/0x550
[  296.027679][ T8123]  _copy_from_user+0x2d/0xb0
[  296.027697][ T8123]  video_usercopy+0x378/0x1180
[  296.027722][ T8123]  ? __pfx___video_do_ioctl+0x10/0x10
[  296.027738][ T8123]  ? __pfx_video_usercopy+0x10/0x10
[  296.027752][ T8123]  ? smack_file_ioctl+0x29e/0x3a0
[  296.027782][ T8123]  ? __fget_files+0x2a/0x410
[  296.027805][ T8123]  ? __fget_files+0x2a/0x410
[  296.027826][ T8123]  v4l2_ioctl+0x189/0x1e0
[  296.027864][ T8123]  ? __pfx_v4l2_ioctl+0x10/0x10
[  296.027887][ T8123]  __se_sys_ioctl+0xf5/0x170
[  296.027905][ T8123]  do_syscall_64+0xf3/0x230
[  296.027925][ T8123]  ? clear_bhb_loop+0x35/0x90
[  296.027948][ T8123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.027968][ T8123] RIP: 0033:0x7fb04ed8cd29
[  296.027984][ T8123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.027996][ T8123] RSP: 002b:00007fb04fc88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.028015][ T8123] RAX: ffffffffffffffda RBX: 00007fb04efa5fa0 RCX: 00007fb04ed8cd29
[  296.028026][ T8123] RDX: 0000000020000000 RSI: 000000004014563c RDI: 000000000000000b
[  296.028037][ T8123] RBP: 00007fb04fc88090 R08: 0000000000000000 R09: 0000000000000000
[  296.028047][ T8123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.028056][ T8123] R13: 0000000000000000 R14: 00007fb04efa5fa0 R15: 00007fffbf590558
[  296.028082][ T8123]  </TASK>
[  296.028782][ T8123] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  296.277104][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[  296.285138][    T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  296.397057][    T9] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  296.520233][ T8130] kvm: pic: level sensitive irq not supported
[  296.520487][ T8130] kvm: pic: non byte read
[  298.217859][ T8137] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  298.424378][ T8151] xt_CT: You must specify a L4 protocol and not use inversions on it
[  299.077222][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[  299.110233][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  299.193254][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  300.657606][   T51] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  300.878350][   T51] usb 5-1: Using ep0 maxpacket: 16
[  301.023107][   T51] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  301.035350][   T51] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  301.044402][   T51] usb 5-1: Product: syz
[  301.072700][   T51] usb 5-1: Manufacturer: syz
[  301.081777][   T51] usb 5-1: SerialNumber: syz
[  301.098249][ T5870] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  301.112578][   T51] usb 5-1: config 0 descriptor??
[  301.237251][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  301.237263][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  301.267524][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  301.272890][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  301.277315][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  301.306121][ T5870] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  301.316443][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.325814][ T5870] usb 4-1: Product: syz
[  301.347044][ T5870] usb 4-1: Manufacturer: syz
[  301.351797][ T5870] usb 4-1: SerialNumber: syz
[  301.365108][ T5870] usb 4-1: config 0 descriptor??
[  301.381822][ T5870] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  301.397417][ T5870] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  302.509885][ T5870] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  302.649140][ T8195] xt_CT: You must specify a L4 protocol and not use inversions on it
[  302.957261][   T51] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  303.192766][   T51] usb 2-1: config 0 has no interfaces?
[  303.225315][   T51] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83
[  303.239064][   T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.249135][   T51] usb 2-1: Product: syz
[  303.253970][   T51] usb 2-1: Manufacturer: syz
[  303.260732][   T51] usb 2-1: SerialNumber: syz
[  303.299621][   T51] usb 2-1: config 0 descriptor??
[  303.317217][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  303.449373][ T5870] em28xx 4-1:0.0: write to i2c device at 0xa0 failed with unknown error (status=1)
[  303.503343][ T5870] em28xx 4-1:0.0: failed to read eeprom (err=-5)
[  303.581139][    T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  303.588101][    T9] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  303.598947][ T5870] em28xx 4-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  303.607997][ T8196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.637221][ T6869] usb 5-1: USB disconnect, device number 18
[  303.737595][ T8196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.788689][ T6888] usb 2-1: USB disconnect, device number 11
[  303.807103][ T5870] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  303.831348][ T5870] em28xx 4-1:0.0: dvb set to bulk mode.
[  303.848472][   T51] em28xx 4-1:0.0: Binding DVB extension
[  303.863203][ T5870] usb 4-1: USB disconnect, device number 14
[  303.893540][ T5870] em28xx 4-1:0.0: Disconnecting em28xx
[  304.499466][   T51] em28xx 4-1:0.0: Registering input extension
[  304.520252][ T5870] em28xx 4-1:0.0: Closing input extension
[  304.575248][ T5870] em28xx 4-1:0.0: Freeing device
[  304.583544][ T8215] netlink: 24 bytes leftover after parsing attributes in process `syz.1.614'.
[  305.778160][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[  306.493177][    T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  306.516754][    T9] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  308.471827][ T8254] FAULT_INJECTION: forcing a failure.
[  308.471827][ T8254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.501869][ T8254] CPU: 0 UID: 0 PID: 8254 Comm: syz.2.626 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  308.501898][ T8254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  308.501919][ T8254] Call Trace:
[  308.501926][ T8254]  <TASK>
[  308.501933][ T8254]  dump_stack_lvl+0x241/0x360
[  308.501958][ T8254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.501974][ T8254]  ? __pfx__printk+0x10/0x10
[  308.501997][ T8254]  ? __pfx_lock_release+0x10/0x10
[  308.502020][ T8254]  ? preempt_count_add+0x93/0x190
[  308.502040][ T8254]  should_fail_ex+0x40a/0x550
[  308.502062][ T8254]  _copy_from_user+0x2d/0xb0
[  308.502080][ T8254]  userfaultfd_ioctl+0xcc6/0x6840
[  308.502103][ T8254]  ? __kernel_text_address+0xd/0x40
[  308.502135][ T8254]  ? arch_stack_walk+0xfd/0x150
[  308.502166][ T8254]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  308.502187][ T8254]  ? stack_trace_save+0x118/0x1d0
[  308.502207][ T8254]  ? __pfx_stack_trace_save+0x10/0x10
[  308.502225][ T8254]  ? stack_depot_save_flags+0x37/0x940
[  308.502250][ T8254]  ? kasan_save_track+0x51/0x80
[  308.502265][ T8254]  ? kasan_save_track+0x3f/0x80
[  308.502278][ T8254]  ? kasan_save_free_info+0x40/0x50
[  308.502297][ T8254]  ? __kasan_slab_free+0x59/0x70
[  308.502312][ T8254]  ? kfree+0x196/0x430
[  308.502328][ T8254]  ? tomoyo_path_number_perm+0x679/0x860
[  308.502348][ T8254]  ? security_file_ioctl+0xc6/0x2a0
[  308.502367][ T8254]  ? __se_sys_ioctl+0x46/0x170
[  308.502380][ T8254]  ? do_syscall_64+0xf3/0x230
[  308.502398][ T8254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.502423][ T8254]  ? do_vfs_ioctl+0xf07/0x2e40
[  308.502443][ T8254]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  308.502461][ T8254]  ? mark_lock+0x9a/0x360
[  308.502494][ T8254]  ? tomoyo_path_number_perm+0x206/0x860
[  308.502513][ T8254]  ? __pfx_lock_release+0x10/0x10
[  308.502536][ T8254]  ? tomoyo_path_number_perm+0x679/0x860
[  308.502558][ T8254]  ? tomoyo_path_number_perm+0x679/0x860
[  308.502581][ T8254]  ? tomoyo_path_number_perm+0x6f9/0x860
[  308.502599][ T8254]  ? __lock_acquire+0x1397/0x2100
[  308.502619][ T8254]  ? tomoyo_path_number_perm+0x206/0x860
[  308.502639][ T8254]  ? smack_log+0x10d/0x5c0
[  308.502660][ T8254]  ? __pfx_smack_log+0x10/0x10
[  308.502677][ T8254]  ? smk_access+0x4ab/0x4e0
[  308.502698][ T8254]  ? smk_tskacc+0x300/0x370
[  308.502719][ T8254]  ? smack_file_ioctl+0x2f7/0x3a0
[  308.502740][ T8254]  ? __pfx_smack_file_ioctl+0x10/0x10
[  308.502768][ T8254]  ? __fget_files+0x2a/0x410
[  308.502790][ T8254]  ? __fget_files+0x2a/0x410
[  308.502814][ T8254]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  308.502838][ T8254]  __se_sys_ioctl+0xf5/0x170
[  308.502855][ T8254]  do_syscall_64+0xf3/0x230
[  308.502874][ T8254]  ? clear_bhb_loop+0x35/0x90
[  308.502896][ T8254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.502915][ T8254] RIP: 0033:0x7f884238cd29
[  308.502930][ T8254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.502943][ T8254] RSP: 002b:00007f8843172038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  308.502962][ T8254] RAX: ffffffffffffffda RBX: 00007f88425a6080 RCX: 00007f884238cd29
[  308.502974][ T8254] RDX: 0000000020000100 RSI: 00000000c018aa06 RDI: 0000000000000005
[  308.502984][ T8254] RBP: 00007f8843172090 R08: 0000000000000000 R09: 0000000000000000
[  308.502994][ T8254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.503004][ T8254] R13: 0000000000000000 R14: 00007f88425a6080 R15: 00007ffd109584b8
[  308.503029][ T8254]  </TASK>
[  308.994457][ T8250] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  309.287832][ T8250] kvm: pic: level sensitive irq not supported
[  309.287948][ T8250] kvm: pic: non byte read
[  309.486776][ T5870] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  309.637287][ T5870] usb 2-1: Using ep0 maxpacket: 16
[  309.664046][ T5870] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  309.682660][ T5870] usb 2-1: config 0 has no interface number 0
[  309.902459][ T5870] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  310.206256][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.217550][ T5870] usb 2-1: Product: syz
[  310.221895][ T5870] usb 2-1: Manufacturer: syz
[  310.226555][ T5870] usb 2-1: SerialNumber: syz
[  310.239729][ T5870] usb 2-1: config 0 descriptor??
[  310.255957][ T5870] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  311.574744][ T5870] gspca_spca1528: reg_w err -110
[  311.937106][ T5870] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110
[  311.989243][ T5870] usb 2-1: USB disconnect, device number 12
[  313.130203][ T8305] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  313.143309][ T6888] IPVS: starting estimator thread 0...
[  313.257178][ T8318] IPVS: using max 38 ests per chain, 91200 per kthread
[  313.415691][ T8328] xt_CT: You must specify a L4 protocol and not use inversions on it
[  313.462980][ T8331] syzkaller1: entered promiscuous mode
[  313.490049][ T8331] syzkaller1: entered allmulticast mode
[  314.438561][ T8341] xt_CT: You must specify a L4 protocol and not use inversions on it
[  314.497274][ T8346] syzkaller1: entered promiscuous mode
[  314.503555][ T8346] syzkaller1: entered allmulticast mode
[  316.180461][ T8364] xt_CT: You must specify a L4 protocol and not use inversions on it
[  316.199450][ T8364] syzkaller1: entered promiscuous mode
[  316.206777][ T8364] syzkaller1: entered allmulticast mode
[  316.601033][ T8375] syz.4.663 (8375): drop_caches: 4
[  316.627375][ T8375] FAULT_INJECTION: forcing a failure.
[  316.627375][ T8375] name failslab, interval 1, probability 0, space 0, times 0
[  316.662797][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.4.663 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  316.662824][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  316.662835][ T8375] Call Trace:
[  316.662841][ T8375]  <TASK>
[  316.662849][ T8375]  dump_stack_lvl+0x241/0x360
[  316.662874][ T8375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.662891][ T8375]  ? __pfx__printk+0x10/0x10
[  316.662915][ T8375]  ? __kmalloc_cache_noprof+0x48/0x390
[  316.662937][ T8375]  ? __pfx___might_resched+0x10/0x10
[  316.662961][ T8375]  should_fail_ex+0x40a/0x550
[  316.662984][ T8375]  should_failslab+0xac/0x100
[  316.663006][ T8375]  __kmalloc_cache_noprof+0x70/0x390
[  316.663025][ T8375]  ? show_partition_start+0x72/0x180
[  316.663046][ T8375]  ? set_page_refcounted+0x77/0x160
[  316.663072][ T8375]  show_partition_start+0x72/0x180
[  316.663098][ T8375]  seq_read_iter+0x3cc/0xd70
[  316.663134][ T8375]  proc_reg_read_iter+0x1c2/0x290
[  316.663159][ T8375]  copy_splice_read+0x637/0xb40
[  316.663185][ T8375]  ? __pfx_copy_splice_read+0x10/0x10
[  316.663201][ T8375]  ? rcu_read_lock_any_held+0xb7/0x160
[  316.663231][ T8375]  ? file_end_write+0x15b/0x250
[  316.663250][ T8375]  ? direct_splice_actor+0x128/0x220
[  316.663267][ T8375]  ? __pfx_copy_splice_read+0x10/0x10
[  316.663286][ T8375]  splice_direct_to_actor+0x4af/0xc80
[  316.663323][ T8375]  ? __pfx_direct_splice_actor+0x10/0x10
[  316.663346][ T8375]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  316.663366][ T8375]  ? __fget_files+0x2a/0x410
[  316.663386][ T8375]  ? __pfx_lock_release+0x10/0x10
[  316.663409][ T8375]  do_splice_direct+0x289/0x3e0
[  316.663437][ T8375]  ? __pfx_do_splice_direct+0x10/0x10
[  316.663455][ T8375]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  316.663478][ T8375]  ? rw_verify_area+0x243/0x630
[  316.663504][ T8375]  do_sendfile+0x564/0x8a0
[  316.663533][ T8375]  ? __pfx_do_sendfile+0x10/0x10
[  316.663556][ T8375]  ? __might_fault+0xaa/0x120
[  316.663586][ T8375]  __se_sys_sendfile64+0x100/0x1e0
[  316.663609][ T8375]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  316.663630][ T8375]  ? do_syscall_64+0x100/0x230
[  316.663653][ T8375]  ? do_syscall_64+0xb6/0x230
[  316.663676][ T8375]  do_syscall_64+0xf3/0x230
[  316.663695][ T8375]  ? clear_bhb_loop+0x35/0x90
[  316.663720][ T8375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.663740][ T8375] RIP: 0033:0x7fb11258cd29
[  316.663755][ T8375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.663770][ T8375] RSP: 002b:00007fb11339e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  316.663789][ T8375] RAX: ffffffffffffffda RBX: 00007fb1127a5fa0 RCX: 00007fb11258cd29
[  316.663801][ T8375] RDX: 0000000020002080 RSI: 0000000000000003 RDI: 0000000000000004
[  316.663811][ T8375] RBP: 00007fb11339e090 R08: 0000000000000000 R09: 0000000000000000
[  316.663822][ T8375] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000002
[  316.663832][ T8375] R13: 0000000000000000 R14: 00007fb1127a5fa0 R15: 00007ffdc65eae38
[  316.663859][ T8375]  </TASK>
[  317.367110][ T6869] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  317.380739][ T8381] netlink: 'syz.1.665': attribute type 1 has an invalid length.
[  317.395805][ T8381] 8021q: adding VLAN 0 to HW filter on device bond2
[  317.481893][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  317.501086][ T8381] bond2: (slave bridge1): Enslaving as an active interface with a down link
[  317.517237][ T6869] usb 3-1: device descriptor read/64, error -71
[  317.837348][ T6869] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  318.601369][ T5870] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  318.677299][ T6869] usb 3-1: device descriptor read/64, error -71
[  318.757125][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  318.782819][ T5870] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  318.800172][ T6869] usb usb3-port1: attempt power cycle
[  318.816040][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  318.825316][ T5870] usb 4-1: Product: syz
[  318.836564][ T5870] usb 4-1: Manufacturer: syz
[  318.846788][ T5870] usb 4-1: SerialNumber: syz
[  318.856695][ T5870] usb 4-1: config 0 descriptor??
[  319.102169][ T8401] xt_CT: You must specify a L4 protocol and not use inversions on it
[  319.147180][ T6869] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  319.168018][ T6869] usb 3-1: device descriptor read/8, error -71
[  319.172523][ T5870] usb 4-1: USB disconnect, device number 15
[  319.182679][ T8401] syzkaller1: entered promiscuous mode
[  319.207799][ T8401] syzkaller1: entered allmulticast mode
[  319.468417][ T6869] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  319.799096][ T6869] usb 3-1: device descriptor read/8, error -71
[  320.041483][ T6869] usb usb3-port1: unable to enumerate USB device
[  320.128757][ T8410] xt_CT: You must specify a L4 protocol and not use inversions on it
[  320.596500][ T6869] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  320.827110][ T6869] usb 3-1: Using ep0 maxpacket: 8
[  320.921082][ T6869] usb 3-1: unable to get BOS descriptor or descriptor too short
[  321.771687][ T6869] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  321.789685][ T6869] usb 3-1: config 1 has no interface number 1
[  321.797246][ T6869] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  321.819045][ T6869] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  321.834415][ T6869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.860900][ T6869] usb 3-1: Product: syz
[  321.870055][ T6869] usb 3-1: Manufacturer: syz
[  321.879408][ T6869] usb 3-1: SerialNumber: syz
[  322.186751][ T8417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  322.267505][ T8417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  323.757465][ T6872] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  323.957367][ T6869] usb 3-1: 2:1 : sample bitwidth 128 in over sample bytes 1
[  323.964725][ T6869] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  324.037125][ T6872] usb 4-1: Using ep0 maxpacket: 16
[  324.052703][ T6869] usb 3-1: USB disconnect, device number 20
[  324.060198][ T6872] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  324.077283][ T6872] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  324.091316][ T6872] usb 4-1: Product: syz
[  324.104527][ T6872] usb 4-1: Manufacturer: syz
[  324.139786][ T6872] usb 4-1: SerialNumber: syz
[  324.207997][ T6872] usb 4-1: config 0 descriptor??
[  324.210034][ T8457] xt_cgroup: invalid path, errno=-2
[  324.645399][ T5870] usb 4-1: USB disconnect, device number 16
[  327.227814][ T8486] atomic_op ffff88805866d998 conn xmit_atomic 0000000000000000
[  327.500184][ T8493] netlink: 24 bytes leftover after parsing attributes in process `syz.3.693'.
[  330.837102][ T6888] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  331.068430][ T6888] usb 2-1: Using ep0 maxpacket: 16
[  331.150537][ T6888] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  331.167055][ T6888] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  331.175185][ T6888] usb 2-1: Product: syz
[  331.194232][ T6888] usb 2-1: Manufacturer: syz
[  331.199759][ T6888] usb 2-1: SerialNumber: syz
[  331.209537][ T6888] usb 2-1: config 0 descriptor??
[  331.848313][ T5870] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  332.118387][   T51] usb 2-1: USB disconnect, device number 13
[  332.137120][ T5870] usb 3-1: Using ep0 maxpacket: 16
[  332.155992][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.177234][ T5870] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  332.384633][ T5870] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  332.394103][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.404241][ T5870] usb 3-1: config 0 descriptor??
[  333.389040][ T5870] microsoft 0003:045E:07DA.0004: item fetching failed at offset 31/34
[  333.402090][ T5870] microsoft 0003:045E:07DA.0004: parse failed
[  333.408440][ T5870] microsoft 0003:045E:07DA.0004: probe with driver microsoft failed with error -22
[  335.767917][ T8557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  335.977400][ T8557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.016634][ T8557] tipc: Started in network mode
[  336.036414][ T8557] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711
[  336.060524][ T8557] tipc: Enabled bearer <eth:batadv0>, priority 0
[  336.086424][ T8557] netlink: 'syz.2.706': attribute type 2 has an invalid length.
[  336.109766][ T8565] netlink: 96 bytes leftover after parsing attributes in process `syz.1.715'.
[  336.158406][ T8566] tipc: Started in network mode
[  336.168365][ T8566] tipc: Node identity ac14140f, cluster identity 4711
[  336.195498][ T8566] tipc: New replicast peer: 255.255.255.255
[  336.344599][ T8566] tipc: Enabled bearer <udp:syz2>, priority 10
[  336.507297][ T6888] usb 3-1: USB disconnect, device number 21
[  337.460136][ T5870] tipc: Node number set to 2886997007
[  337.702694][ T6888] tipc: Node number set to 8432298
[  338.037159][ T5870] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  338.187847][ T5870] usb 3-1: too many configurations: 190, using maximum allowed: 8
[  338.252356][ T5870] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  338.283406][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.295145][ T5870] usb 3-1: Product: syz
[  338.317204][ T5870] usb 3-1: Manufacturer: syz
[  338.337104][ T5870] usb 3-1: SerialNumber: syz
[  338.358533][ T5870] usb 3-1: config 0 descriptor??
[  338.369493][ T5870] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  338.576071][ T8585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.585057][ T8585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  338.593728][   T51] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  338.598409][ T6888] usb 3-1: USB disconnect, device number 22
[  339.687174][   T51] usb 2-1: Using ep0 maxpacket: 16
[  339.698216][   T51] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  339.709431][   T51] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  339.718929][   T51] usb 2-1: Product: syz
[  339.723278][   T51] usb 2-1: Manufacturer: syz
[  339.728523][   T51] usb 2-1: SerialNumber: syz
[  339.735245][   T51] usb 2-1: config 0 descriptor??
[  340.352462][ T6888] usb 2-1: USB disconnect, device number 14
[  340.367736][ T8609] atomic_op ffff8880794d7998 conn xmit_atomic 0000000000000000
[  340.416099][ T8606] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  342.471701][ T8616] sctp: failed to load transform for md5: -2
[  345.093547][ T6888] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  345.277766][ T6888] usb 4-1: Using ep0 maxpacket: 8
[  345.290089][ T6888] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  345.309215][ T6888] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  345.331986][ T6888] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  345.516090][ T6888] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  346.307038][ T6888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.331432][ T6888] hub 4-1:1.0: bad descriptor, ignoring hub
[  346.365202][ T6888] hub 4-1:1.0: probe with driver hub failed with error -5
[  346.414284][ T6888] cdc_wdm 4-1:1.0: skipping garbage
[  346.439706][ T6888] cdc_wdm 4-1:1.0: skipping garbage
[  346.445043][ T6888] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  346.673491][ T6872] usb 4-1: USB disconnect, device number 17
[  346.918503][ T6888] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  347.535511][ T8665] fuse: Unknown parameter ''
[  347.607183][ T6888] usb 3-1: Using ep0 maxpacket: 16
[  347.619585][ T6888] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  347.657189][ T6888] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  347.689578][ T6888] usb 3-1: Product: syz
[  347.693927][ T6888] usb 3-1: Manufacturer: syz
[  347.719085][ T6888] usb 3-1: SerialNumber: syz
[  347.732981][ T6888] usb 3-1: config 0 descriptor??
[  348.029724][   T51] usb 3-1: USB disconnect, device number 23
[  348.787289][ T8689] netlink: 20 bytes leftover after parsing attributes in process `syz.4.746'.
[  349.187299][   T51] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  349.385471][   T51] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.515271][   T51] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  349.658084][   T51] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  349.764816][   T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  349.785543][   T51] usb 5-1: SerialNumber: syz
[  349.886687][ T8708] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  350.060472][   T51] usb 5-1: 0:2 : does not exist
[  352.438824][ T8725] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  352.447162][ T8725] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  352.492382][ T6888] usb 5-1: USB disconnect, device number 19
[  353.017090][ T6888] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  353.177461][ T6888] usb 5-1: Using ep0 maxpacket: 16
[  353.204843][ T6888] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  353.227094][ T6888] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  353.238382][ T8732] capability: warning: `syz.2.759' uses 32-bit capabilities (legacy support in use)
[  353.255049][ T6888] usb 5-1: Product: syz
[  353.269602][ T6888] usb 5-1: Manufacturer: syz
[  353.274267][ T6888] usb 5-1: SerialNumber: syz
[  353.313808][ T6888] usb 5-1: config 0 descriptor??
[  353.581486][ T8740] netlink: 'syz.1.761': attribute type 3 has an invalid length.
[  353.589279][ T8740] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.761'.
[  353.963041][ T6888] usb 5-1: USB disconnect, device number 20
[  357.527478][ T8781] syzkaller1: entered promiscuous mode
[  357.533269][ T8781] syzkaller1: entered allmulticast mode
[  357.887255][   T51] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  358.037177][   T51] usb 3-1: Using ep0 maxpacket: 16
[  358.044823][   T51] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.056436][   T51] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  358.065625][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.075111][   T51] usb 3-1: config 0 descriptor??
[  358.751246][   T51] usbhid 3-1:0.0: can't add hid device: -71
[  358.762248][   T51] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  358.775246][   T51] usb 3-1: USB disconnect, device number 24
[  361.307259][   T51] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  361.467191][   T51] usb 3-1: Using ep0 maxpacket: 16
[  361.476039][   T51] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  361.485372][   T51] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  361.493538][   T51] usb 3-1: Product: syz
[  361.497808][   T51] usb 3-1: Manufacturer: syz
[  361.502417][   T51] usb 3-1: SerialNumber: syz
[  361.509494][   T51] usb 3-1: config 0 descriptor??
[  361.736175][ T6872] usb 3-1: USB disconnect, device number 25
[  365.172126][ T8815] FAULT_INJECTION: forcing a failure.
[  365.172126][ T8815] name failslab, interval 1, probability 0, space 0, times 0
[  365.184913][ T8815] CPU: 0 UID: 0 PID: 8815 Comm: syz.2.776 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  365.184935][ T8815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  365.184946][ T8815] Call Trace:
[  365.184954][ T8815]  <TASK>
[  365.184962][ T8815]  dump_stack_lvl+0x241/0x360
[  365.184985][ T8815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.184998][ T8815]  ? __pfx__printk+0x10/0x10
[  365.185013][ T8815]  ? kmem_cache_alloc_noprof+0x48/0x380
[  365.185027][ T8815]  ? __pfx___might_resched+0x10/0x10
[  365.185037][ T8815]  ? __fget_files+0x2a/0x410
[  365.185052][ T8815]  should_fail_ex+0x40a/0x550
[  365.185065][ T8815]  should_failslab+0xac/0x100
[  365.185078][ T8815]  ? getname_flags+0xb7/0x540
[  365.185089][ T8815]  kmem_cache_alloc_noprof+0x70/0x380
[  365.185103][ T8815]  getname_flags+0xb7/0x540
[  365.185117][ T8815]  __x64_sys_mknod+0x79/0xa0
[  365.185126][ T8815]  do_syscall_64+0xf3/0x230
[  365.185139][ T8815]  ? clear_bhb_loop+0x35/0x90
[  365.185155][ T8815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.185167][ T8815] RIP: 0033:0x7f884238cd29
[  365.185177][ T8815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.185184][ T8815] RSP: 002b:00007f8843193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  365.185195][ T8815] RAX: ffffffffffffffda RBX: 00007f88425a5fa0 RCX: 00007f884238cd29
[  365.185202][ T8815] RDX: 0000000000000704 RSI: 0000000000002000 RDI: 0000000020000200
[  365.185208][ T8815] RBP: 00007f8843193090 R08: 0000000000000000 R09: 0000000000000000
[  365.185214][ T8815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.185219][ T8815] R13: 0000000000000000 R14: 00007f88425a5fa0 R15: 00007ffd109584b8
[  365.185233][ T8815]  </TASK>
[  365.447847][ T8821] input: syz0 as /devices/virtual/input/input14
[  365.611981][ T8825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.779'.
[  378.928453][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  440.358930][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  452.517981][   T30] INFO: task kworker/0:1:9 blocked for more than 143 seconds.
[  452.525514][   T30]       Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  452.533921][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.542798][   T30] task:kworker/0:1     state:D stack:19216 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
[  452.554986][   T30] Workqueue: events rfkill_op_handler
[  452.560539][   T30] Call Trace:
[  452.563854][   T30]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  452.566803][   T30]  __schedule+0x18bc/0x4c40
[  452.571668][   T30]  ? __pfx___schedule+0x10/0x10
[  452.576575][   T30]  ? __pfx_lock_release+0x10/0x10
[  452.583970][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  452.590062][   T30]  ? kthread_data+0x52/0xd0
[  452.597338][   T30]  ? schedule+0x90/0x320
[  452.602837][   T30]  ? wq_worker_sleeping+0x66/0x240
[  452.617016][   T30]  ? schedule+0x90/0x320
[  452.621317][   T30]  schedule+0x14b/0x320
[  452.625498][   T30]  schedule_preempt_disabled+0x13/0x30
[  452.635230][   T30]  __mutex_lock+0x817/0x1010
[  452.639939][   T30]  ? __mutex_lock+0x602/0x1010
[  452.644733][   T30]  ? nfc_rfkill_set_block+0x50/0x310
[  452.650123][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  452.655196][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  452.660463][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  452.666498][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  452.672995][   T30]  ? kobject_uevent_env+0x54d/0x8e0
[  452.678284][   T30]  nfc_rfkill_set_block+0x50/0x310
[  452.683428][   T30]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  452.689239][   T30]  rfkill_set_block+0x1f1/0x440
[  452.694129][   T30]  ? process_scheduled_works+0x976/0x1840
[  452.699948][   T30]  rfkill_epo+0x84/0x180
[  452.704227][   T30]  rfkill_op_handler+0x121/0x280
[  452.709376][   T30]  process_scheduled_works+0xa66/0x1840
[  452.714962][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  452.720983][   T30]  ? assign_work+0x364/0x3d0
[  452.725583][   T30]  worker_thread+0x870/0xd30
[  452.730252][   T30]  ? __kthread_parkme+0x169/0x1d0
[  452.735311][   T30]  ? __pfx_worker_thread+0x10/0x10
[  452.740456][   T30]  kthread+0x7a9/0x920
[  452.744523][   T30]  ? __pfx_kthread+0x10/0x10
[  452.749231][   T30]  ? __pfx_worker_thread+0x10/0x10
[  452.754363][   T30]  ? __pfx_kthread+0x10/0x10
[  452.759021][   T30]  ? __pfx_kthread+0x10/0x10
[  452.763627][   T30]  ? __pfx_kthread+0x10/0x10
[  452.768261][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  452.773475][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  452.778721][   T30]  ? __pfx_kthread+0x10/0x10
[  452.783329][   T30]  ret_from_fork+0x4b/0x80
[  452.787842][   T30]  ? __pfx_kthread+0x10/0x10
[  452.792449][   T30]  ret_from_fork_asm+0x1a/0x30
[  452.797288][   T30]  </TASK>
[  452.800436][   T30] INFO: task kworker/0:6:5903 blocked for more than 143 seconds.
[  452.808363][   T30]       Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  452.815657][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.824391][   T30] task:kworker/0:6     state:D stack:23440 pid:5903  tgid:5903  ppid:2      task_flags:0x4208060 flags:0x00004000
[  452.836510][   T30] Workqueue: events rfkill_global_led_trigger_worker
[  452.843313][   T30] Call Trace:
[  452.846587][   T30]  <TASK>
[  452.849587][   T30]  __schedule+0x18bc/0x4c40
[  452.854120][   T30]  ? __pfx___schedule+0x10/0x10
[  452.859032][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  452.865049][   T30]  ? __pfx_lock_release+0x10/0x10
[  452.870106][   T30]  ? kick_pool+0x45c/0x620
[  452.874540][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  452.879818][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  452.885081][   T30]  ? schedule+0x90/0x320
[  452.889367][   T30]  schedule+0x14b/0x320
[  452.893526][   T30]  schedule_preempt_disabled+0x13/0x30
[  452.899026][   T30]  __mutex_lock+0x817/0x1010
[  452.903632][   T30]  ? __mutex_lock+0x602/0x1010
[  452.908465][   T30]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  452.914809][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  452.919884][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  452.925868][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  452.932239][   T30]  ? process_scheduled_works+0x976/0x1840
[  452.938000][   T30]  rfkill_global_led_trigger_worker+0x27/0xd0
[  452.944111][   T30]  process_scheduled_works+0xa66/0x1840
[  452.949736][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  452.955711][   T30]  ? assign_work+0x364/0x3d0
[  452.960334][   T30]  worker_thread+0x870/0xd30
[  452.964942][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  452.970896][   T30]  ? __kthread_parkme+0x169/0x1d0
[  452.975952][   T30]  ? __pfx_worker_thread+0x10/0x10
[  452.981237][   T30]  kthread+0x7a9/0x920
[  452.985332][   T30]  ? __pfx_kthread+0x10/0x10
[  452.989984][   T30]  ? __pfx_worker_thread+0x10/0x10
[  452.995103][   T30]  ? __pfx_kthread+0x10/0x10
[  452.999783][   T30]  ? __pfx_kthread+0x10/0x10
[  453.004388][   T30]  ? __pfx_kthread+0x10/0x10
[  453.008998][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.014183][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  453.019455][   T30]  ? __pfx_kthread+0x10/0x10
[  453.024065][   T30]  ret_from_fork+0x4b/0x80
[  453.028540][   T30]  ? __pfx_kthread+0x10/0x10
[  453.033150][   T30]  ret_from_fork_asm+0x1a/0x30
[  453.037982][   T30]  </TASK>
[  453.041052][   T30] INFO: task syz.0.581:8099 blocked for more than 143 seconds.
[  453.048969][   T30]       Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  453.056260][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  453.065043][   T30] task:syz.0.581       state:D stack:24128 pid:8099  tgid:8099  ppid:5821   task_flags:0x400040 flags:0x00004004
[  453.077267][   T30] Call Trace:
[  453.080571][   T30]  <TASK>
[  453.083524][   T30]  __schedule+0x18bc/0x4c40
[  453.088120][   T30]  ? __pfx___schedule+0x10/0x10
[  453.092996][   T30]  ? __pfx_lock_release+0x10/0x10
[  453.098072][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  453.103967][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  453.110380][   T30]  ? schedule+0x90/0x320
[  453.114634][   T30]  schedule+0x14b/0x320
[  453.119126][   T30]  schedule_preempt_disabled+0x13/0x30
[  453.124987][   T30]  __mutex_lock+0x817/0x1010
[  453.129649][   T30]  ? __mutex_lock+0x602/0x1010
[  453.134420][   T30]  ? rfkill_unregister+0xd0/0x230
[  453.139498][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  453.144539][   T30]  ? __pfx_device_del+0x10/0x10
[  453.149411][   T30]  rfkill_unregister+0xd0/0x230
[  453.154262][   T30]  nfc_unregister_device+0x96/0x2a0
[  453.159559][   T30]  virtual_ncidev_close+0x56/0x90
[  453.164609][   T30]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  453.170419][   T30]  __fput+0x3e9/0x9f0
[  453.174453][   T30]  task_work_run+0x24f/0x310
[  453.179152][   T30]  ? _raw_spin_unlock+0x28/0x50
[  453.184031][   T30]  ? __pfx_task_work_run+0x10/0x10
[  453.189234][   T30]  ? syscall_exit_to_user_mode+0xa3/0x340
[  453.195048][   T30]  syscall_exit_to_user_mode+0x13f/0x340
[  453.200739][   T30]  do_syscall_64+0x100/0x230
[  453.205372][   T30]  ? clear_bhb_loop+0x35/0x90
[  453.210181][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.216096][   T30] RIP: 0033:0x7f907af8cd29
[  453.220638][   T30] RSP: 002b:00007ffda29ebc78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  453.229122][   T30] RAX: 0000000000000000 RBX: 00007f907b1a7ba0 RCX: 00007f907af8cd29
[  453.237244][   T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  453.245292][   T30] RBP: 00007f907b1a7ba0 R08: 0000000000000220 R09: 00007ffda29ebf6f
[  453.253412][   T30] R10: 00007f907b1a7ac0 R11: 0000000000000246 R12: 0000000000047d17
[  453.261428][   T30] R13: 00007f907b1a6160 R14: 0000000000000032 R15: ffffffffffffffff
[  453.269477][   T30]  </TASK>
[  453.272519][   T30] INFO: task syz-executor:8261 blocked for more than 144 seconds.
[  453.281047][   T30]       Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  453.288435][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  453.297194][   T30] task:syz-executor    state:D stack:25304 pid:8261  tgid:8261  ppid:1      task_flags:0x400040 flags:0x00000000
[  453.309219][   T30] Call Trace:
[  453.312497][   T30]  <TASK>
[  453.315420][   T30]  __schedule+0x18bc/0x4c40
[  453.319962][   T30]  ? __pfx___schedule+0x10/0x10
[  453.324947][   T30]  ? __pfx_lock_release+0x10/0x10
[  453.330066][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  453.335986][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  453.341920][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  453.348272][   T30]  ? schedule+0x90/0x320
[  453.352511][   T30]  schedule+0x14b/0x320
[  453.356677][   T30]  schedule_preempt_disabled+0x13/0x30
[  453.362198][   T30]  __mutex_lock+0x817/0x1010
[  453.366806][   T30]  ? __mutex_lock+0x602/0x1010
[  453.371600][   T30]  ? rfkill_register+0x34/0x8c0
[  453.376445][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  453.381497][   T30]  ? __init_waitqueue_head+0xae/0x150
[  453.386869][   T30]  ? device_initialize+0x266/0x460
[  453.392047][   T30]  rfkill_register+0x34/0x8c0
[  453.396729][   T30]  hci_register_dev+0x407/0x8b0
[  453.401634][   T30]  vhci_create_device+0x35b/0x6a0
[  453.406686][   T30]  vhci_write+0x3cf/0x490
[  453.411082][   T30]  vfs_write+0xacf/0xd10
[  453.415321][   T30]  ? __pfx_vhci_write+0x10/0x10
[  453.420228][   T30]  ? __pfx_vfs_write+0x10/0x10
[  453.425102][   T30]  ksys_write+0x18f/0x2b0
[  453.429450][   T30]  ? __pfx_ksys_write+0x10/0x10
[  453.434301][   T30]  ? exc_page_fault+0x590/0x8b0
[  453.439218][   T30]  ? do_syscall_64+0xb6/0x230
[  453.444016][   T30]  do_syscall_64+0xf3/0x230
[  453.448590][   T30]  ? clear_bhb_loop+0x35/0x90
[  453.453291][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.459218][   T30] RIP: 0033:0x7f94b0d8b7a0
[  453.463626][   T30] RSP: 002b:00007ffc4f0e9358 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  453.472074][   T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f94b0d8b7a0
[  453.481357][   T30] RDX: 0000000000000002 RSI: 00007ffc4f0e936a RDI: 00000000000000ca
[  453.489780][   T30] RBP: 00007f94b0fa6738 R08: 0000000000000000 R09: 00007f94b1add6c0
[  453.497904][   T30] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  453.505889][   T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  453.513993][   T30]  </TASK>
[  453.517227][   T30] 
[  453.517227][   T30] Showing all locks held in the system:
[  453.524947][   T30] 4 locks held by kworker/0:1/9:
[  453.529991][   T30]  #0: ffff88801ac80d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  453.541268][   T30]  #1: ffffc900000e7c60 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  453.552359][   T30]  #2: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4f/0x180
[  453.561999][   T30]  #3: ffff88805e1d2100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x310
[  453.571821][   T30] 2 locks held by kworker/u8:1/12:
[  453.576936][   T30]  #0: ffff8880b863e798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  453.587074][   T30]  #1: ffff8880b8728948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x387/0x7a0
[  453.598646][   T30] 1 lock held by khungtaskd/30:
[  453.603501][   T30]  #0: ffffffff8e939ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  453.613516][   T30] 2 locks held by getty/5581:
[  453.618451][   T30]  #0: ffff8880350aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  453.628345][   T30]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00
[  453.638608][   T30] 3 locks held by kworker/0:6/5903:
[  453.643810][   T30]  #0: ffff88801ac80d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  453.654976][   T30]  #1: ffffc90004d4fc60 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  453.668559][   T30]  #2: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  453.679974][   T30] 2 locks held by kworker/u8:10/6033:
[  453.685378][   T30]  #0: ffff8880b863e798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  453.695362][   T30]  #1: ffff8880b8628948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x387/0x7a0
[  453.706838][   T30] 2 locks held by syz.0.581/8099:
[  453.711989][   T30]  #0: ffff88805e1d2100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  453.721903][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd0/0x230
[  453.732096][   T30] 2 locks held by syz-executor/8261:
[  453.737407][   T30]  #0: ffff888031c10118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.747515][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.757665][   T30] 3 locks held by syz.3.756/8725:
[  453.762712][   T30]  #0: ffffffff8fd15430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  453.771013][   T30]  #1: ffffffff8fd152e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x121/0xec0
[  453.780058][   T30]  #2: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.790049][   T30] 2 locks held by syz.1.764/8762:
[  453.795072][   T30]  #0: ffffffff8fd15430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  453.803317][   T30]  #1: ffffffff8fd152e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x121/0xec0
[  453.812450][   T30] 2 locks held by syz.4.767/8778:
[  453.817618][   T30]  #0: ffffffff8fd15430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  453.825902][   T30]  #1: ffffffff8fd152e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x121/0xec0
[  453.834930][   T30] 2 locks held by syz.2.781/8833:
[  453.840008][   T30]  #0: ffffffff8fd15430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  453.848302][   T30]  #1: ffffffff8fd152e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x121/0xec0
[  453.857433][   T30] 2 locks held by syz-executor/8837:
[  453.862736][   T30]  #0: ffff888032f0c918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.873034][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.883494][   T30] 2 locks held by syz-executor/8839:
[  453.888858][   T30]  #0: ffff888031555918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.899017][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.909055][   T30] 2 locks held by syz-executor/8841:
[  453.914351][   T30]  #0: ffff88807faa3918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.924401][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.934406][   T30] 2 locks held by syz-executor/8843:
[  453.939726][   T30]  #0: ffff888078d43918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.949806][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.959949][   T30] 2 locks held by syz-executor/8845:
[  453.965239][   T30]  #0: ffff888079ef9118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  453.975296][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  453.985369][   T30] 2 locks held by syz-executor/8847:
[  453.990776][   T30]  #0: ffff88805b025918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  454.000882][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  454.010909][   T30] 2 locks held by syz-executor/8849:
[  454.016197][   T30]  #0: ffff88805b49d918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  454.026282][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  454.036250][   T30] 2 locks held by syz-executor/8851:
[  454.041576][   T30]  #0: ffff888029fd4918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  454.051838][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  454.061796][   T30] 2 locks held by syz-executor/8853:
[  454.067117][   T30]  #0: ffff8880306f1918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  454.077231][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  454.087618][   T30] 2 locks held by syz-executor/8855:
[  454.092931][   T30]  #0: ffff88807d04b118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6a0
[  454.103014][   T30]  #1: ffffffff8ff874c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x34/0x8c0
[  454.113024][   T30] 
[  454.115353][   T30] =============================================
[  454.115353][   T30] 
[  454.123970][   T30] NMI backtrace for cpu 1
[  454.123983][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  454.124007][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  454.124017][   T30] Call Trace:
[  454.124024][   T30]  <TASK>
[  454.124031][   T30]  dump_stack_lvl+0x241/0x360
[  454.124055][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.124071][   T30]  ? __pfx__printk+0x10/0x10
[  454.124104][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  454.124121][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  454.124146][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  454.124161][   T30]  ? irqentry_exit+0x63/0x90
[  454.124178][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  454.124206][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  454.124225][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  454.124245][   T30]  watchdog+0x1058/0x10a0
[  454.124265][   T30]  ? watchdog+0x1ea/0x10a0
[  454.124288][   T30]  ? __pfx_watchdog+0x10/0x10
[  454.124307][   T30]  kthread+0x7a9/0x920
[  454.124325][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124346][   T30]  ? __pfx_watchdog+0x10/0x10
[  454.124365][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124382][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124404][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124421][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  454.124438][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  454.124455][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124475][   T30]  ret_from_fork+0x4b/0x80
[  454.124492][   T30]  ? __pfx_kthread+0x10/0x10
[  454.124511][   T30]  ret_from_fork_asm+0x1a/0x30
[  454.124541][   T30]  </TASK>
[  454.124548][   T30] Sending NMI from CPU 1 to CPUs 0:
[  454.286717][    C0] NMI backtrace for cpu 0
[  454.286732][    C0] CPU: 0 UID: 0 PID: 6033 Comm: kworker/u8:10 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  454.286750][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  454.286768][    C0] Workqueue: events_unbound toggle_allocation_gate
[  454.286797][    C0] RIP: 0010:rcu_is_watching+0x3a/0xb0
[  454.286822][    C0] Code: e8 6b d1 47 0a 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 50 db 2f 8e 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 <74> 08 4c 89 f7 e8 dc 43 7e 00 48 c7 c3 58 79 03 00 49 03 1e 48 89
[  454.286835][    C0] RSP: 0018:ffffc9000b36f5e8 EFLAGS: 00000246
[  454.286848][    C0] RAX: 1ffffffff1c5fb6a RBX: 0000000000000000 RCX: ffffffff81b32fcc
[  454.286860][    C0] RDX: ffff88807e7e5a00 RSI: ffffffff8c5f6940 RDI: ffffffff8c5f6900
[  454.286871][    C0] RBP: 0000000000000001 R08: ffffffff81b32ff2 R09: 1ffffffff2034c6e
[  454.286883][    C0] R10: dffffc0000000000 R11: fffffbfff2034c6f R12: ffff8880b8744600
[  454.286894][    C0] R13: ffff8880b863f980 R14: ffffffff8e2fdb50 R15: dffffc0000000000
[  454.286906][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  454.286919][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.286938][    C0] CR2: 000055ec7e795f50 CR3: 000000000e738000 CR4: 00000000003526f0
[  454.286960][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  454.286967][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  454.286975][    C0] Call Trace:
[  454.286984][    C0]  <NMI>
[  454.286991][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  454.287009][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  454.287030][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  454.287045][    C0]  ? nmi_handle+0x2a/0x5a0
[  454.287074][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  454.287090][    C0]  ? nmi_handle+0x14f/0x5a0
[  454.287111][    C0]  ? nmi_handle+0x2a/0x5a0
[  454.287131][    C0]  ? rcu_is_watching+0x3a/0xb0
[  454.287153][    C0]  ? default_do_nmi+0x63/0x160
[  454.287175][    C0]  ? exc_nmi+0x123/0x1f0
[  454.287198][    C0]  ? end_repeat_nmi+0xf/0x53
[  454.287221][    C0]  ? trace_csd_queue_cpu+0x82/0x210
[  454.287242][    C0]  ? trace_csd_queue_cpu+0x5c/0x210
[  454.287264][    C0]  ? rcu_is_watching+0x3a/0xb0
[  454.287287][    C0]  ? rcu_is_watching+0x3a/0xb0
[  454.287309][    C0]  ? rcu_is_watching+0x3a/0xb0
[  454.287332][    C0]  </NMI>
[  454.287337][    C0]  <TASK>
[  454.287342][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  454.287356][    C0]  trace_csd_queue_cpu+0x8c/0x210
[  454.287379][    C0]  smp_call_function_many_cond+0x896/0x2d30
[  454.287404][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[  454.287426][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  454.287441][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[  454.287465][    C0]  ? __pfx___text_poke+0x10/0x10
[  454.287486][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[  454.287507][    C0]  ? perf_event_text_poke+0x258/0x330
[  454.287528][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  454.287550][    C0]  ? __pfx_perf_event_text_poke+0x10/0x10
[  454.287569][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[  454.287595][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  454.287610][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  454.287632][    C0]  text_poke_bp_batch+0x9ef/0xb30
[  454.287652][    C0]  ? kmem_cache_alloc_bulk_noprof+0x157/0x7c0
[  454.287673][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  454.287691][    C0]  ? arch_jump_label_transform_queue+0x9b/0x100
[  454.287711][    C0]  ? process_scheduled_works+0x976/0x1840
[  454.287728][    C0]  text_poke_finish+0x30/0x50
[  454.287742][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  454.287759][    C0]  static_key_disable_cpuslocked+0xd2/0x1c0
[  454.287777][    C0]  static_key_disable+0x1a/0x20
[  454.287790][    C0]  toggle_allocation_gate+0x1bf/0x260
[  454.287808][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  454.287826][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  454.287852][    C0]  process_scheduled_works+0xa66/0x1840
[  454.287881][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  454.287902][    C0]  ? assign_work+0x364/0x3d0
[  454.287920][    C0]  worker_thread+0x870/0xd30
[  454.287947][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  454.287966][    C0]  ? __kthread_parkme+0x169/0x1d0
[  454.287985][    C0]  ? __pfx_worker_thread+0x10/0x10
[  454.288002][    C0]  kthread+0x7a9/0x920
[  454.288021][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288041][    C0]  ? __pfx_worker_thread+0x10/0x10
[  454.288058][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288076][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288096][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288114][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  454.288130][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  454.288147][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288166][    C0]  ret_from_fork+0x4b/0x80
[  454.288183][    C0]  ? __pfx_kthread+0x10/0x10
[  454.288203][    C0]  ret_from_fork_asm+0x1a/0x30
[  454.288227][    C0]  </TASK>
[  454.288870][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  454.288883][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  454.288901][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  454.288911][   T30] Call Trace:
[  454.288919][   T30]  <TASK>
[  454.288926][   T30]  dump_stack_lvl+0x241/0x360
[  454.288947][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.288964][   T30]  ? __pfx__printk+0x10/0x10
[  454.288983][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  454.289010][   T30]  ? vscnprintf+0x5d/0x90
[  454.289028][   T30]  panic+0x349/0x880
[  454.289050][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  454.289069][   T30]  ? __pfx_panic+0x10/0x10
[  454.289087][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  454.289111][   T30]  ? __irq_work_queue_local+0x137/0x410
[  454.289132][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  454.289153][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  454.289169][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  454.289197][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  454.289217][   T30]  watchdog+0x1097/0x10a0
[  454.289238][   T30]  ? watchdog+0x1ea/0x10a0
[  454.289261][   T30]  ? __pfx_watchdog+0x10/0x10
[  454.289280][   T30]  kthread+0x7a9/0x920
[  454.289298][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289319][   T30]  ? __pfx_watchdog+0x10/0x10
[  454.289338][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289356][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289378][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289396][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  454.289412][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  454.289431][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289451][   T30]  ret_from_fork+0x4b/0x80
[  454.289468][   T30]  ? __pfx_kthread+0x10/0x10
[  454.289488][   T30]  ret_from_fork_asm+0x1a/0x30
[  454.289518][   T30]  </TASK>
[  454.937319][   T30] Kernel Offset: disabled
[  454.941634][   T30] Rebooting in 86400 seconds..