last executing test programs:

2m45.310405879s ago: executing program 1 (id=4082):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet6(0xa, 0x3, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0xfffd, 0x3, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

2m44.476483095s ago: executing program 1 (id=4086):
r0 = open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x4, 0x0, 0x9}}, 0x28)
sendfile(r1, r0, 0x0, 0x4000000053d2)

2m44.399448483s ago: executing program 1 (id=4087):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r3=>0x0})
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r4, 0x4004743a, &(0x7f0000000300))
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, <r6=>0x0], 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@newtclass={0x50, 0x28, 0x308, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xffff, 0x9}, {0x5, 0xffe0}, {0x10, 0xffff}}, [@tclass_kind_options=@c_red={0x8}, @tclass_kind_options=@c_mqprio={0xb}, @TCA_RATE={0x6, 0x5, {0x5, 0xed}}, @TCA_RATE={0x6, 0x5, {0xf, 0x4}}, @tclass_kind_options=@c_sfb={0x8}]}, 0x50}}, 0x0)
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000380)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0xc0, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x2, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x3, 0x7, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0xff, 0x3, 0x6}}]}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000400)={0xa, 0x6, 0x110, 0x7, 0x89, 0x9b, 0x20, 0x80}, 0x107, &(0x7f00000004c0)={0x5, 0xf, 0x107, 0x3, [@generic={0x94, 0x10, 0x1, "8e726c6fb3b1a05f8fdd56c57c633b4d7f605cd4c8e310732bfa8529bdc492ee43f09dd932b03fcb1d9f865e1f42661e342467160c314f17216a43b1d934be77e6d22a235d938f99780ae7b31fe5a2ce123dd261e1d809405fa562a0032f8808e188ca41a25487062769d26f98ef44b3e02b7c151d87a42535ca447caab3c14fa2e26a901ba2a0d51d3fe88e886f3ab9c8"}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x9, 0x5}, @generic={0x67, 0x10, 0x1, "9ffd1a34b5dac959e0c92a6ef51833d3c26de564c8d266eab145f9c69106a7e4f8014c7566bba568aed3543fc7d7358976144353c7b016d92df91ded0b0f35a47e076e52bfdfe9586aeae38d0f6f952749dcb29c3735f5c18137b72546e69387f6e3a80e"}]}, 0x2, [{0x77, &(0x7f0000000600)=@string={0x77, 0x3, "b92ba56d74289d8fffebfb214bccd3d8b5033e462bb670ddaa06d831f71508ab666440c56384136355bd97953d5ce954e62af616d168a8e97a25d15092ef08026dd7c7043e89a48562bc88da88912bfe645b4f9082f59307e81ed0f6ca477b27307fb9bdda9b4b7e37a52c5e437cc9901e33ff6d4a"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x1c42}}]})
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x0)
r7 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(r7, &(0x7f00000003c0)={&(0x7f0000000080)=@id, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)="bc", 0x1}], 0x1}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x1, 0x7800, 0x800, 0x200, {{0x5, 0x4, 0x1, 0x19, 0x14, 0x68, 0x0, 0x1, 0x29, 0x0, @empty, @empty}}}})
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r8, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x8fff5, 0x7, 0x10001], 0x0, 0x0, 0x3, 0x1}}, 0x40)

2m41.363417486s ago: executing program 1 (id=4104):
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x8}, 0x18)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]})
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040)=0x1008, 0x4)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601})
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000001a40)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x4)
mount$9p_rdma(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x200000, &(0x7f0000000580)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@rq={'rq', 0x3d, 0x1}}, {@sq={'sq', 0x3d, 0x1}}, {@timeout={'timeout', 0x3d, 0x4}}]}})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r7 = socket(0x1e, 0x5, 0x0)
setsockopt$TIPC_IMPORTANCE(r7, 0x10f, 0x7f, &(0x7f0000000e80)=0xffffff68, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@gettaction={0x124, 0x32, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x8ec1}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xca5}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}]}, 0x124}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

2m40.319562718s ago: executing program 1 (id=4111):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x403}, 0x20}, 0x1, 0xffffffea, 0x0, 0x4004}, 0x0)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x541c, &(0x7f0000000080)={0xd, 0x800})
r4 = dup(r3)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
sendfile(r5, r6, 0x0, 0x7ffff000)
lstat(&(0x7f00000002c0)='./file0\x00', 0x0)
utimes(&(0x7f0000000180)='./file0\x00', 0x0) (fail_nth: 11)

2m38.908333022s ago: executing program 1 (id=4123):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0xfffffffc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[], 0x24}}, 0x0)

2m23.723061828s ago: executing program 32 (id=4123):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0xfffffffc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[], 0x24}}, 0x0)

32.012300337s ago: executing program 0 (id=4696):
r0 = socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x11e, &(0x7f0000000cc0)=ANY=[@ANYBLOB="aaaaaa9aaaaa00000000000008004d0001100000000000119078ac141400ac1414aa8659000000000208ea2968e8a3e4010a58c0f87bdb8a34ab01036c010c23002bee26f868971b220712c64049d1b72dcceddd8941fcd2956378000ee8d05948933367e2d7bab2fe0012eb68bff8b97084c3a06cc3ecdeb952159404000000000000000000009c907801000000000000006fdfa0d2001ef10107440a4c77ff11b9843483df40a09d9073e9629a98ff5def6ed2e4ea9bc0eebdd38679c7795a27c7bf3e7d776b600ba8d82d6ba417ff0fedd86fb708441efcf75fe803412dae374281c25df814aa2e34e4f8a70edbe32cfee9b9d5b0b2b171b51f9174963b0ce40ca7e0"], 0x0)
recvmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@nfc, 0x80, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/149, 0x95}], 0x1}, 0x8189}], 0x1, 0x40010020, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r1 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r1}, {r1, 0x22}], 0x2, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x34, r4, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}]}, 0x34}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000180)=[0x0], &(0x7f0000000240)=[0x0], 0x0, 0xc9, 0x0, 0x0, 0x10, &(0x7f0000000780), &(0x7f0000000280), 0x8, 0x2a, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000007c0), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000800)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})

30.809534422s ago: executing program 0 (id=4700):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)={r2, 0x6b, "c4a4dfbdf3f88102e42126303b007da32cece41135c166202688c0e0df26ae5c87455acc83496088820ca107d074dcf2f16150c388485ab5b53d59f9a4011dff985dea91dd5407a8f6c8d3011697dc0b5410a3be5a50e8b5cf2672fd69d4c41c9f3823bd2781afa49556b8"}, &(0x7f0000000000)=0x73)

30.680284326s ago: executing program 0 (id=4701):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140034", @ANYRES16, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000240)="f56ed761e9", 0x5, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) (fail_nth: 7)

29.655198813s ago: executing program 0 (id=4705):
creat(&(0x7f0000000100)='./file0\x00', 0x27a)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xffe)

28.006376286s ago: executing program 0 (id=4709):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00'})
sendmsg$nl_route(r1, 0x0, 0x0)

27.937298424s ago: executing program 0 (id=4710):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
read(r2, &(0x7f0000000080)=""/241, 0xf1)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000200)={r1, 0xca7, 0x3, 0x7})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x80489439, &(0x7f00000003c0))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0x1002, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10)
r8 = openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/kernel/crash_elfcorehdr_size', 0x80000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00"/11], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
finit_module(r8, 0x0, 0x3)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='ntfs3\x00', 0x0, &(0x7f0000000340))
r9 = socket(0x10, 0x400000000080803, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

12.844089676s ago: executing program 33 (id=4710):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
read(r2, &(0x7f0000000080)=""/241, 0xf1)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000200)={r1, 0xca7, 0x3, 0x7})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x80489439, &(0x7f00000003c0))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0x1002, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10)
r8 = openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/kernel/crash_elfcorehdr_size', 0x80000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00"/11], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
finit_module(r8, 0x0, 0x3)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='ntfs3\x00', 0x0, &(0x7f0000000340))
r9 = socket(0x10, 0x400000000080803, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

6.560026374s ago: executing program 4 (id=4836):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000000)={'veth1_to_bridge\x00', @random="020004007f14"})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3b}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4, 0x3}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r3 = memfd_secret(0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000300)={@private0, <r4=>0x0}, &(0x7f0000000340)=0x14)
bind$can_raw(r3, &(0x7f0000000380)={0x1d, r4}, 0x10)
fsopen(0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'sit0\x00'})
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20001)
write$sndseq(r6, &(0x7f0000000200)=[{0x6, 0x1, 0xf, 0x4, @tick=0x1000, {0x7, 0x8}, {0x2, 0x8}, @connect={{0x2, 0x7f}, {0x61, 0xb1}}}, {0x9, 0x89, 0x2, 0x17, @time={0xd380, 0x9}, {0x1, 0x5}, {0x1, 0xb4}, @result={0x8, 0xffffffff}}, {0x7, 0xa, 0xff, 0x6, @tick=0xa, {0x1, 0x8}, {0x10, 0xab}, @result={0x8001, 0x8}}, {0x2, 0x0, 0x4, 0xfd, @tick=0x5, {0xb, 0x83}, {0x1, 0x7}, @raw32={[0x2, 0x5998d3b3, 0x984]}}, {0x9, 0x12, 0x0, 0xd4, @time={0x2, 0x6096}, {0x49, 0x2}, {0x6, 0x5}, @note={0x3, 0x80, 0x4, 0x0, 0x4c5}}, {0xff, 0x81, 0x4, 0x5, @time={0x1}, {0x9, 0x7f}, {0x6, 0xfd}, @raw8={"d00c879fc445d9b9905255cd"}}, {0xc8, 0x7, 0x3, 0x0, @time={0xf, 0xd}, {0xfb, 0x2}, {0x7, 0x7}, @addr={0x7, 0xe}}], 0xc4)
mbind(&(0x7f00004d6000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000140)=0x7, 0xd, 0x3)

5.944124264s ago: executing program 6 (id=4802):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
chown(0x0, 0xffffffffffffffff, 0x0)

5.77149772s ago: executing program 6 (id=4840):
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f00000003c0)={0x1, 0x2, 0x1000, 0x11, &(0x7f0000000600)="d0a0698a802d61a2da2fbf6975c488367e", 0x0, 0x0, 0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$unix(0x1, 0x5, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080), 0x4)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
r3 = accept4$packet(r0, 0x0, &(0x7f00000002c0), 0x800)
mmap(&(0x7f00003e4000/0x2000)=nil, 0x2000, 0x8, 0x8031, r3, 0x4254d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff8500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='afs_folio_dirty\x00', r6, 0x0, 0x632}, 0xa)
msgctl$IPC_RMID(0x0, 0x0)
syz_io_uring_setup(0x825027, &(0x7f0000000440)={0x0, 0x2ce8, 0x80, 0x4, 0x3aa, 0x0, r0}, &(0x7f0000000380), 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)=0x4, 0x4)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r7, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0x8, 0xfc})
sendmmsg$inet6(r1, &(0x7f0000004b40)=[{{&(0x7f0000001140)={0xa, 0x4e24, 0x4, @private1}, 0x1c, &(0x7f0000001d40)=[{&(0x7f00000011c0)="bc", 0x1}], 0x1}}], 0x1, 0x40080)
shutdown(r1, 0x1)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_CLEAR_HALT(r8, 0xc0105502, &(0x7f0000000340)={0x1, 0x1})

4.549073047s ago: executing program 6 (id=4848):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
chown(0x0, 0xffffffffffffffff, 0x0)

4.407512621s ago: executing program 6 (id=4849):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x44094)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3b}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4, 0x3}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r2 = memfd_secret(0x0)
bind$can_raw(r2, &(0x7f0000000380), 0x10)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20001)
sendmsg$nl_route(r3, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000006800010000000000feffffff0a000000000000000600070008000000100008800c000100000000000000000008000500", @ANYRES32=r4], 0x38}}, 0x90)
mbind(&(0x7f00004d6000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000140)=0x7, 0xd, 0x3)

4.369331083s ago: executing program 5 (id=4850):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
socket$packet(0x11, 0x2, 0x300)
setsockopt(r0, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10)
listen(r0, 0x100)

4.298284408s ago: executing program 6 (id=4851):
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x8}, 0x18)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]})
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040)=0x1008, 0x4)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601})
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000001a40)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x4)
mount$9p_rdma(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x200000, &(0x7f0000000580)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@rq={'rq', 0x3d, 0x1}}, {@sq={'sq', 0x3d, 0x1}}, {@timeout={'timeout', 0x3d, 0x4}}]}})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r7 = socket(0x1e, 0x5, 0x0)
setsockopt$TIPC_IMPORTANCE(r7, 0x10f, 0x7f, &(0x7f0000000e80)=0xffffff68, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@gettaction={0x124, 0x32, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x8ec1}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xca5}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}]}, 0x124}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

4.03947123s ago: executing program 5 (id=4852):
r0 = socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x11e, &(0x7f0000000cc0)=ANY=[@ANYBLOB="aaaaaa9aaaaa00000000000008004d0001100000000000119078ac141400ac1414aa8659000000000208ea2968e8a3e4010a58c0f87bdb8a34ab01036c010c23002bee26f868971b220712c64049d1b72dcceddd8941fcd2956378000ee8d05948933367e2d7bab2fe0012eb68bff8b97084c3a06cc3ecdeb952159404000000000000000000009c907801000000000000006fdfa0d2001ef10107440a4c77ff11b9843483df40a09d9073e9629a98ff5def6ed2e4ea9bc0eebdd38679c7795a27c7bf3e7d776b600ba8d82d6ba417ff0fedd86fb708441efcf75fe803412dae374281c25df814aa2e34e4f8a70edbe32cfee9b9d5b0b2b171b51f9174963b0ce40ca7e0"], 0x0)
recvmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@nfc, 0x80, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/149, 0x95}], 0x1}, 0x8189}], 0x1, 0x40010020, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r1 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r1}, {r1, 0x22}], 0x2, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x34, r4, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}]}, 0x34}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000180)=[0x0], &(0x7f0000000240)=[0x0], 0x0, 0xc9, 0x0, 0x0, 0x10, &(0x7f0000000780), &(0x7f0000000280), 0x8, 0x2a, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000007c0), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000800)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})

4.037793933s ago: executing program 4 (id=4853):
r0 = socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x11e, &(0x7f0000000cc0)=ANY=[@ANYBLOB="aaaaaa9aaaaa00000000000008004d0001100000000000119078ac141400ac1414aa8659000000000208ea2968e8a3e4010a58c0f87bdb8a34ab01036c010c23002bee26f868971b220712c64049d1b72dcceddd8941fcd2956378000ee8d05948933367e2d7bab2fe0012eb68bff8b97084c3a06cc3ecdeb952159404000000000000000000009c907801000000000000006fdfa0d2001ef10107440a4c77ff11b9843483df40a09d9073e9629a98ff5def6ed2e4ea9bc0eebdd38679c7795a27c7bf3e7d776b600ba8d82d6ba417ff0fedd86fb708441efcf75fe803412dae374281c25df814aa2e34e4f8a70edbe32cfee9b9d5b0b2b171b51f9174963b0ce40ca7e0"], 0x0)
recvmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@nfc, 0x80, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/149, 0x95}], 0x1}, 0x8189}], 0x1, 0x40010020, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r1 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r1}, {r1, 0x22}], 0x2, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x34, r4, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}]}, 0x34}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2f}, @map_fd={0x18, 0x0, 0x1, 0x0, r5}, @exit={0x95, 0x0, 0xc00}], {0x95, 0x0, 0x7000}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000180)=[0x0], &(0x7f0000000240)=[0x0], 0x0, 0xc9, 0x0, 0x0, 0x10, &(0x7f0000000780), &(0x7f0000000280), 0x8, 0x2a, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000007c0), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000800)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})

3.13424111s ago: executing program 5 (id=4855):
socket$inet(0x2, 0x2000000000003, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x43, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xc0)
flock(0xffffffffffffffff, 0x8)

3.063691533s ago: executing program 4 (id=4857):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x16, 0x0, 0x0, 0x2}]})
syz_open_dev$vim2m(0x0, 0x8, 0x2)
r0 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x2def, 0x600000, 0x0, 0x0, 0x0)

3.008768383s ago: executing program 5 (id=4858):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x6, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040)=0x63f8, 0x4)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0xc7, 0xf01, 0x55e, 0x3, 0x81, 0x4a, "9cd2b5367ed6af6ef36f0563042517314b2829eff041ec92c61600d2c1f6be0a7214ca6eb229149db8ac0ef1875b1f7a39b5f6f0586f31b30de6d7fd160747cfd0c7dfc9b010340602dc39cec7aaef9f9c272d5add2524a82b5e5c76a5be20f0d40d74030386b7904ebca28c097caee80b50bc9a0c6e554898686e056df29800e9373e4a5fe9a778613a8f96673891ba30d725e4a5e27ea69a4b02296648432e5d07709d3287b13f4418b8bd757aaa60bb3f6c4ee32717508a4647e133990004a65f5d4e4fff1d"}}, 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x10e, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

2.955361279s ago: executing program 5 (id=4860):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x54, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x18, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x54}}, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x52, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x6, 0x60, 0x1, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x2, 0x6, 0x0, 0x80, {{0x5}, {0x5, 0x24, 0x0, 0xfff8}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x1, 0xc, 0x81}, [@obex={0x5, 0x24, 0x15, 0x101}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0xff, 0xd, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x37ae62e93bf0565, 0x71, 0x4, 0xa}}}}}]}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})

2.931569328s ago: executing program 3 (id=4861):
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='debugfs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x820028, &(0x7f00000000c0)=ANY=[@ANYRES8])
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0xdd)
setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4)
io_setup(0x3fe, &(0x7f0000000100))
syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0xc00)
migrate_pages(0x0, 0x8, &(0x7f0000000040)=0x1, &(0x7f0000000100)=0x2)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f0000000400000008000000090000000000", @ANYRES32=r4, @ANYRESHEX=r3, @ANYRESOCT=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x48400, 0x0)
r6 = socket(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x7f)
read$dsp(r5, &(0x7f00000011c0)=""/4117, 0x200021d5)

2.627607439s ago: executing program 6 (id=4862):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4b4, 0xbca1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xff}}}}}]}}]}}, 0x0)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[@ANYBLOB="e800000015000b"], 0xe8}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), r1)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect(0x6, 0x777, &(0x7f0000000740)={{0x12, 0x1, 0x310, 0xf4, 0x10, 0xcb, 0x48, 0x4f2, 0xaff8, 0xd6fa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x765, 0x3, 0x7, 0x1, 0xe0, 0x7, [{{0x9, 0x4, 0xda, 0x7, 0x3, 0x60, 0x27, 0xe5, 0xa7, [@cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "b4417ab564bd"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x0, 0x2, 0xb}, [@obex={0x5, 0x24, 0x15, 0x9}]}, @cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "bd666084"}, {0x5, 0x24, 0x0, 0xfc00}, {0xd, 0x24, 0xf, 0x1, 0x401, 0x2, 0x7, 0x1}, [@mbim={0xc, 0x24, 0x1b, 0x2, 0xffbb, 0xf, 0x95, 0x7, 0x81}, @acm={0x4, 0x24, 0x2, 0xc}, @obex={0x5, 0x24, 0x15, 0x10}, @obex={0x5, 0x24, 0x15, 0x7}, @obex={0x5, 0x24, 0x15, 0x6}]}], [{{0x9, 0x5, 0xf, 0x7, 0x248, 0x4, 0x7, 0x9}}, {{0x9, 0x5, 0x6, 0x4, 0x3ff, 0x4, 0x80, 0x4}}, {{0x9, 0x5, 0xf, 0x0, 0x8, 0xa, 0x8, 0xd, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9, 0x4}]}}]}}, {{0x9, 0x4, 0xf5, 0xda, 0x10, 0x2c, 0xbd, 0xde, 0x0, [@uac_as={[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0xf8, 0x2, 0x0, 0x4, "be2881"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x2, 0x3, 0x6, 0x9, 'L{|'}, @as_header={0x7, 0x24, 0x1, 0x5, 0x4, 0x1}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x5, 0x1, 0x10, 0x9}]}, @cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "f867"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x3}, {0x6, 0x24, 0x1a, 0x2, 0x16}, [@dmm={0x7, 0x24, 0x14, 0x4, 0x7}, @mbim_extended={0x8, 0x24, 0x1c, 0x1, 0x3, 0x9}, @mdlm_detail={0x60, 0x24, 0x13, 0x5, "16d07ba99ac7986999b068b5e404c836807d41b1ee8991d7f330f0fafc68930f8af0e3a15d1709af46d08fc40d2487a063ac225065a42138960bcdfa93d2e8c0e5c4792a8af3c206e65545be2eb39267b1525283037f70ef4d0fd1bb"}]}], [{{0x9, 0x5, 0xc, 0x1, 0x10, 0x9, 0x9, 0x4, [@generic={0xe4, 0x19, "473acb87df52a5e5f8a5d4da9d7fa932d035d0c3b45ce6d78db5aef3f3743b64b7b7a5fda97d9057221587a7007fc15096a38bd704ddbd7b35e15822c686cc08f3791fb401bf6b8abd3c1c90b9e31e6b8139d7d146fe3d5ba9ba066353874e1a54fdb6150d7d3f99718badd39b17560ce6de054e672eff0e32c5f29e45f1e29a41b8f1653cc047be9f6a97deb361702644076e6e31d243bb320f6f0ae47ec8d8853403b997a914626d19bbb742d88c53c157b2ffb79e5f9887307ae26cdac6f695a66d47f17f35ddfa8aeaa179f79b1641d92ada06b3b5057f8b196944023ec59ded"}]}}, {{0x9, 0x5, 0x5, 0x1, 0x20, 0x2, 0x32, 0xe9}}, {{0x9, 0x5, 0x4, 0x4, 0x20, 0x9, 0x7, 0x1}}, {{0x9, 0x5, 0xa, 0xc, 0x400, 0xe, 0xfb, 0xcb, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x81, 0x9}]}}, {{0x9, 0x5, 0xb, 0x0, 0x8, 0x1, 0x2, 0x7, [@generic={0x2b, 0x5, "da127f1a69ea49adec142e559782c9000df5304f291edabd94626b0ab87a91fe59c6bdc2e41bf42441"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0xd, 0x1, 0x7, [@generic={0xa3, 0x4, "c2fadf78c122533a2a6051fa46a1605b83f467f4081cf15c74f339c20580d4d37526fd1aeb23cb000f240f1068effe071a7594479756c524cfecbef2c40c9422f3621c01ea7197f3990acefeca32bcc82753f044a966e8eb3b0771056707dc1a24bbc5f025d5613b01df4212f6228eee9351fd8567b2e74d798ceb34fff500e004d458efd615321d6760859fce9deddf6a5cd44ae6e55517455607c9bd3d5eb4d3"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x2}]}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0x2, 0x9, 0xb3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0xa}, @generic={0x21, 0x11, "15c9db9f6c961fb927efcb0ad6d0dda5809949109fd5b5ab50a55869b4d332"}]}}, {{0x9, 0x5, 0x7, 0x1, 0x5ef, 0xd, 0x2, 0x3, [@generic={0x5f, 0x8, "1357d15ca6eb8ceb8e8fb04ba728a5386f7e2dd27b5d12aaea2a01a45ecab08c2077e18fde0ddf14f7870424aa709a90e13275453212f5760611d77e10083c25e9d17aca0780e359f62d377725f4e572ee4cab86c94384108acda627f2"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x9e}]}}, {{0x9, 0x5, 0x6, 0xc, 0x20, 0x1, 0x6, 0x1, [@generic={0x21, 0x21, "678dca66334abdb53ad24a028119bded52f360abd177a3d0f8a0c7b15d3e02"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x0, 0x7, 0x2, 0x8, [@generic={0xee, 0x1d, "81a63e40efffd3860e39bad5be8bad2f3d803d22d5e58b1a71ba26d48bfc1641db2ccf0f7170a0a107c1166928ad337c60cb16f0524f4efddef3f87d6bc10d374a1ec93fc615efe0ab92498801bc64e522da984e6e1fde64c3a9de9f84014775fc7a02d9df231b96158d996ea1aa57c7bddd88d71946f3cfca431c9c5e194bee7bb57817d7f301fb354257b0ad9a413cf02f2f2b704c923eac8ff973a66b50335142eb4bc4db04eeff1c854bbe2bdd1603a8281cbc63c70e686b5f9e31a357168809e69f6af8edc8eb4491bf38d2e99eb0192f12cc802852cc3e571ca22617e4c53dbdee116f8a00086209ba"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x7, 0xe, 0x7}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x0, 0x4, 0x3}}, {{0x9, 0x5, 0x5, 0x3, 0x200, 0x2, 0x8, 0x2}}, {{0x9, 0x5, 0x6, 0x10, 0x40, 0x2, 0x7, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x7f}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x9}]}}, {{0x9, 0x5, 0x6, 0x10, 0x20, 0x8, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0xfff9}]}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0xa, 0x6, 0x9}}]}}, {{0x9, 0x4, 0x42, 0x6, 0x7, 0x7b, 0xab, 0xbd, 0x5, [], [{{0x9, 0x5, 0xa, 0x10, 0x20, 0x9, 0x2, 0x3b}}, {{0x9, 0x5, 0x1, 0xc, 0x8, 0x34, 0x2, 0x0, [@generic={0x47, 0x1, "b172481f1335f82f9841390e2c2b3868bd2846972ac683c593b1ce3974fd2daae5eea0471fbfad190f4b1aa922f630ba80c34ebf9bad9ec8f974cef3ea04a768d0390b9aa8"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x8}]}}, {{0x9, 0x5, 0xc, 0x10, 0x40, 0x0, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x2800}]}}, {{0x9, 0x5, 0xc, 0x3, 0x10, 0x1, 0x5, 0xe9}}, {{0x9, 0x5, 0x6, 0xc, 0x20, 0xd, 0x7, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x10, 0x8}, @generic={0xf7, 0x22, "5194d7b249cb3988d6a0f028502b4331a42b6b5835b76d8f05d51a4520fee9f12d53e47432196e8476af060e24a4832fa1a443c9909a5e0f108b3495357a40d30876579828b391e20286420f442d1f00d6ee98a049e5ba5bf56292adef0c323b94176f57290a473a4c7c48f210aa6244ba2a21e6bd8b6d53d43f9e7e422560a2a140b0418007b13addbd594f7fb51104cad432f602cc1e656e8f84fe9c7ae02b80652508a28a490f6d70dcea5a45664bd19a477135325fb5201b787cb66da960e0cdac72e9601cd944dd571d65bcf28cd12fdb57bdbd887b860119fac52bd8e437c490d6b00266037abbe17234aada65764a20c36a"}]}}, {{0x9, 0x5, 0xa, 0xb, 0x8, 0x0, 0x0, 0x5d, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x1, 0xfeff}, @generic={0x6e, 0x23, "100d87c42d995d0bce6362694b1c8e7f7b9a0228ed8b6b7565ade606da6eea7d233a3a764528b6116d8d6d47c8eca862aec9bbb9826c8f7deb3f43a47ec9574d1e2648959a6b69640207b81171dab5ad6e2aec9fdb24dc19fd98c55d1f73f62927bd4de2b32d2a329d647455"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x3ff, 0x8, 0x5, 0x23}}]}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0xc, 0x9, 0x0, 0x20, 0xc}, 0x97, &(0x7f0000000140)={0x5, 0xf, 0x97, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x2, "77aadcbcc49acc46acf365cbe0f87ad1"}, @ssp_cap={0x1c, 0x10, 0xa, 0x7, 0x4, 0x1, 0xf000, 0x0, [0xc0c0, 0xff21, 0x60, 0x3f0f]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xf, 0x52, 0x9, 0x6af9}, @generic={0x35, 0x10, 0x1, "cb7934f845a70062fb2a4acbe9ae6f7eb0b5c5d0bcb4535bfb402cb4771c78d43590d31162c3975336ccb6ca3188b227f6da"}, @ptm_cap={0x3}, @ssp_cap={0x20, 0x10, 0xa, 0x6, 0x5, 0x8, 0xf, 0x400, [0xcf, 0xc000, 0x30, 0x1fe7ec0, 0x30]}]}, 0x2, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x31, &(0x7f00000000c0)=@string={0x31, 0x3, "75f9f65e5e034d2ec0780b423b37d21de108ddafaf465ada647bd4288477baab227a7a7d81590947bb17fc753a8008"}}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
fstat(r2, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

2.319568801s ago: executing program 2 (id=4864):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$802154_dgram(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x846)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002640)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c, 0xfff2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x16}]}}]}, 0x3c}}, 0x44050)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=""/6, 0x6}}], 0x15, 0x2107, 0x0)

2.285088776s ago: executing program 2 (id=4865):
socket$key(0xf, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1e, 0x5, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x80)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000100), 0x1, 0x2)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000340)={0xfe}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000c0000000c0000800800", @ANYRES16=r0], 0x20}}, 0x0)

2.224618777s ago: executing program 2 (id=4866):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x38011, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)

1.855508104s ago: executing program 4 (id=4867):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
statx(r0, &(0x7f0000000680)='.\x00', 0x0, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]]}, 0x34}}, 0x40020)
umount2(&(0x7f0000000300)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003c80)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x2000000, 0x0, 0x0, 0xa, "ff00f7000000000000000000af88008300"})
r9 = syz_open_pts(r8, 0x141601)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
write(r9, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r9, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00', r7}, 0x18)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r11=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000002000000000000009500000000000000b75ab9d38558004665b7ce431313292c4b03f79af1640051fb8a497c1f2d649d9fefcdf62fcef3e1377f51a35be4cc8d7b1234700362ee482d8000"/93], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000001060108000000000000000003000009"], 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000000)

1.84182993s ago: executing program 2 (id=4868):
socket$inet(0x2, 0x2000000000003, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x43, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xc0)
flock(0xffffffffffffffff, 0x8)

1.736053597s ago: executing program 3 (id=4869):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{0x2c}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x7c, r2, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x60ba6e9858c920f2)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x6, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040)=0x63f8, 0x4)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c700010f5e05000003000000810000004a009821c80bfcb2ee00009cd2b5367ed6af6ef36f0563042517314b2829eff041ec92c61600d2c1f6be0a7214ca6eb229149db8ac0ef1875b1f7a39b5f6f0586f31b30de6d7fd160747cfd0c7dfc9b010340602dc39cec7aaef9f9c272d5add2524a82b5e5c76a5be20f0d40d74030386b7904ebca28c097caee80b50bc9a0c6e554898686e056df29800e9373e4a5fe9a778613a8f96673891ba30d725e4a5e27ea69a4b02296648432e5d07709d3287b13f4418b8bd757aaa60bb3f6c4ee32717508a4647e13399000414611bec583b2f58c36d13933fa5c4fc71daf412dbd487434b4bb61e096fd86b1f5f726dc78f0446609b855abda165d59c2baa54ab2a57b2507c84dfdb09750a3ab63430ce04cde7e81ffa20afdef83e517f8adc37ade9ae818a53e492028d56544f2839f7c9a6ac17d59fd5a5aa9ad285c8414ecf8fca49484c9baa310080b79207d78dace074b6a6702e60fbb8657e4d00a64b0232b6e8ec99465851edbab592f258e67a454fdff7c3bce33df4de9dccee092a3cc344506bc9bb5c7edbe84acc997de4c7901f071eb83e9c56c3"], 0x1df)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

1.644343008s ago: executing program 2 (id=4870):
ioperm(0x7, 0x5, 0xa)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0)

1.525838587s ago: executing program 3 (id=4871):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
chown(0x0, 0xffffffffffffffff, 0x0)

1.525099216s ago: executing program 2 (id=4872):
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x8}, 0x18)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]})
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040)=0x1008, 0x4)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601})
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000001a40)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x4)
mount$9p_rdma(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x200000, &(0x7f0000000580)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@rq={'rq', 0x3d, 0x1}}, {@sq={'sq', 0x3d, 0x1}}, {@timeout={'timeout', 0x3d, 0x4}}]}})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r7 = socket(0x1e, 0x5, 0x0)
setsockopt$TIPC_IMPORTANCE(r7, 0x10f, 0x7f, &(0x7f0000000e80)=0xffffff68, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@gettaction={0x124, 0x32, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x8ec1}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xca5}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}]}, 0x124}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

1.447650511s ago: executing program 3 (id=4873):
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
epoll_create1(0x0)
syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8008, 0x2f5}, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x0)

1.284482479s ago: executing program 5 (id=4874):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xdc, 0x3f, 0x6e, 0x40, 0x813, 0x1, 0x3a08, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x26, 0x9b}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000a40)={0x84, &(0x7f0000000000)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = timerfd_create(0x9, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r3, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
close_range(r2, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x80c0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'tunl0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x20, 0x10, 0x5, 0x3, {{0x1f, 0x4, 0x0, 0x0, 0x7c, 0x68, 0x0, 0x7, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@timestamp={0x44, 0xc, 0xe1, 0x0, 0x4, [0x5, 0x7]}, @timestamp={0x44, 0x8, 0x47, 0x0, 0x1, [0x20200]}, @timestamp_addr={0x44, 0x4c, 0xc4, 0x1, 0x9, [{@initdev={0xac, 0x1e, 0xfa, 0x0}, 0x1}, {@dev={0xac, 0x14, 0x14, 0x26}, 0x8000}, {@loopback, 0x800}, {@private=0xa010102, 0x8}, {@multicast1, 0x1}, {@broadcast}, {@multicast1, 0x8}, {@loopback, 0x7}, {@empty, 0xf}]}, @timestamp={0x44, 0x8, 0x3c, 0x0, 0xd, [0x101]}]}}}}})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0x20, &(0x7f0000000600)={&(0x7f00000004c0), 0x0, 0x0, &(0x7f0000000500)=""/249, 0xf9}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x43ea}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}]}, &(0x7f00000006c0)='GPL\x00', 0x7ff, 0x6d, &(0x7f0000000700)=""/109, 0x41100, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[0x1, 0xffffffffffffffff], &(0x7f0000000800), 0x10, 0x1, @void, @value}, 0x94)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x541b, 0x0)

991.571112ms ago: executing program 4 (id=4875):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xb)
sendmsg$NFT_BATCH(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
close(r4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffbfefffff0001, 0x2000000000000000, &(0x7f00000000c0))
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'sit0\x00'})
socket$netlink(0x10, 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/bus/input/handlers\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000440)={0x3, [[0x100, 0x3, 0x9, 0x1, 0xffff, 0x6de, 0x101, 0x8], [0x4, 0x5, 0x7ce, 0xaa, 0x3, 0x7, 0xfffffffd, 0x6], [0xffffd032, 0x9, 0x6, 0x2, 0x4, 0xa4, 0x8, 0xfffffff6]], '\x00', [{0x6, 0x280}, {0xd, 0x2, 0x1, 0x0, 0x1}, {0xc7f65112, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x42331fdb, 0x8, 0x1, 0x0, 0x0, 0x1}, {0x4f4683ca, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x8, 0x8, 0x0, 0x1, 0x1}, {0x0, 0xd0, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x100, 0x1}, {0x40, 0x100, 0x1}, {0x9, 0x101, 0x0, 0x0, 0x1, 0x1}, {0xff, 0x4, 0x1, 0x1, 0x1}, {0x4, 0x8, 0x1, 0x1, 0x0, 0x1}], '\x00', 0xfff})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047451, 0x2000000a)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047451, 0x20000015)

903.455894ms ago: executing program 3 (id=4876):
r0 = openat$smackfs_cipso(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000012c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000ba4d7c3f1e6e7c668525a7d4916564fe15a22a3773d3bc2660ff1ea066b464fcb26c83657683b3a4b005a779a0667a2d0d84e5c4df71fb24fdf475bf94ced88eeedf059ee959adc1d0801da69261330c021a287efd93df31152e47afacc79fe58494dd1738b32774f730cc83ff0f16"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timer_create(0x2, &(0x7f0000000000)={0x0, 0x29, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040))
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000040), 0x0}, 0x20)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000080), r6, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {0xb9}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x8}, [{}, {}, {}, {}, {}, {}, {0x401}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7f}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
write$smackfs_cipso(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="5e403a4a30301de5ef11145b180978f23de8c9bb0000ea", @ANYRESOCT=r0], 0x20)

57.201574ms ago: executing program 3 (id=4877):
clock_settime(0xffffffa1, &(0x7f0000000380))
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x18}, 0x2}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4)
sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}, 0xfffffdef}, {{&(0x7f0000000480)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x2, 0x0, &(0x7f0000000580)=""/4096, &(0x7f0000000200)=""/86, &(0x7f0000000140)=""/64, 0xdddd0000})
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
bind$bt_hci(r3, &(0x7f0000000300)={0x1f, 0x0, 0x4}, 0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000259000000000000a480000010000800600000000000000000000000008000a40000000000900010073797a30"], 0x70}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYRES16=r4], 0x7c}}, 0x40080)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14004000100001000000000000000000000000fbe2ba2784651ba88892ec3e1fe20a900000000300000002e000000c00020000000000000000010900"], 0xb8}, 0x1, 0x0, 0x0, 0x20008011}, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
listen(r7, 0x3)

0s ago: executing program 4 (id=4878):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x38011, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)

kernel console output (not intermixed with test programs):

a fully working HSR network
[ 1041.565016][T20846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1041.597958][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1041.605085][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1041.623701][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1041.630831][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1041.728973][T20846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1041.878165][T20846] veth0_vlan: entered promiscuous mode
[ 1041.887221][T20846] veth1_vlan: entered promiscuous mode
[ 1041.911516][T20846] veth0_macvtap: entered promiscuous mode
[ 1041.920738][T20846] veth1_macvtap: entered promiscuous mode
[ 1041.934762][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1041.945575][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1041.955439][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1041.965906][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1041.975779][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1041.986278][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1041.996358][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1042.006952][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.016861][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1042.027368][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.037324][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1042.047790][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.057629][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1042.068126][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.077977][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1042.088512][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.099725][T20846] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1042.121703][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.132301][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.145545][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.162824][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.172739][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.183230][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.193141][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.209127][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.290555][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.334587][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.348696][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.360744][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.383106][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.401785][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.413632][T20846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1042.432041][T20846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1042.448587][T20846] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1042.992746][T20846] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1043.021787][T20846] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1043.030788][ T5827] Bluetooth: hci4: command tx timeout
[ 1043.038788][T20846] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1043.047671][T20846] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1043.555582][ T3436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1043.563441][ T3436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1043.630145][ T3436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1043.640992][ T3436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1043.709461][T21005] lo speed is unknown, defaulting to 1000
[ 1043.856751][T21007] ntfs3: Unknown parameter '€'
[ 1044.116629][T21023] netlink: 892 bytes leftover after parsing attributes in process `syz.4.4225'.
[ 1044.396560][ T5865] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1044.583913][ T5865] usb 3-1: Using ep0 maxpacket: 32
[ 1044.590419][ T5865] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1044.599613][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1044.616562][ T5865] usb 3-1: config 0 descriptor??
[ 1044.962178][ T5865] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1045.125877][ T5827] Bluetooth: hci4: command tx timeout
[ 1045.158438][ T5865] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1045.171867][ T5865] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1045.179125][ T5865] usb 3-1: media controller created
[ 1045.192564][ T5865] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1045.210841][ T5865] az6027: usb out operation failed. (-71)
[ 1045.219637][ T5865] az6027: usb out operation failed. (-71)
[ 1045.226756][ T5865] stb0899_attach: Driver disabled by Kconfig
[ 1045.232795][ T5865] az6027: no front-end attached
[ 1045.232795][ T5865] 
[ 1045.240624][ T5865] az6027: usb out operation failed. (-71)
[ 1045.260541][ T5865] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1045.270086][ T5865] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input178
[ 1045.328865][ T5865] dvb-usb: schedule remote query interval to 400 msecs.
[ 1045.358314][ T5865] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1045.396131][ T5865] usb 3-1: USB disconnect, device number 23
[ 1045.463301][ T5827] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1045.471780][ T5827] Bluetooth: hci1: Injecting HCI hardware error event
[ 1045.478924][ T5827] Bluetooth: hci1: hardware error 0x00
[ 1045.516398][T21044] overlayfs: missing 'lowerdir'
[ 1045.539231][ T5865] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1045.590627][T21046] syzkaller1: entered promiscuous mode
[ 1045.597310][T21046] syzkaller1: entered allmulticast mode
[ 1045.944136][   T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1046.114637][   T25] usb 6-1: Using ep0 maxpacket: 8
[ 1046.130692][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1046.153012][   T25] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC7, changing to 0x87
[ 1046.182383][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1046.254024][   T25] usb 6-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[ 1046.263269][   T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1046.271344][   T25] usb 6-1: Product: syz
[ 1046.275707][   T25] usb 6-1: Manufacturer: syz
[ 1046.280358][   T25] usb 6-1: SerialNumber: syz
[ 1046.287699][   T25] usb 6-1: config 0 descriptor??
[ 1046.298347][   T25] smsusb:smsusb_probe: board id=2, interface number 0
[ 1046.310016][   T25] smsusb:smsusb_probe: Device initialized with return code -19
[ 1046.536618][T21046] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4232'.
[ 1046.593617][   T58] usb 6-1: USB disconnect, device number 2
[ 1046.742722][T21081] overlayfs: missing 'lowerdir'
[ 1047.647542][ T5827] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1047.755096][T21106] FAULT_INJECTION: forcing a failure.
[ 1047.755096][T21106] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1047.755229][T21106] CPU: 1 UID: 0 PID: 21106 Comm: syz.0.4251 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1047.755252][T21106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1047.755263][T21106] Call Trace:
[ 1047.755270][T21106]  <TASK>
[ 1047.755278][T21106]  dump_stack_lvl+0x241/0x360
[ 1047.755304][T21106]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1047.755326][T21106]  ? __wake_up_klogd+0xcc/0x110
[ 1047.755352][T21106]  should_fail_ex+0x3b0/0x4e0
[ 1047.755377][T21106]  _copy_to_user+0x31/0xb0
[ 1047.755401][T21106]  simple_read_from_buffer+0xca/0x150
[ 1047.755425][T21106]  proc_fail_nth_read+0x1e9/0x250
[ 1047.755449][T21106]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1047.755471][T21106]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1047.755491][T21106]  ? vfs_read+0x161/0xb70
[ 1047.755510][T21106]  ? vfs_read+0x1e4/0xb70
[ 1047.755530][T21106]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1047.755554][T21106]  vfs_read+0x1fc/0xb70
[ 1047.755575][T21106]  ? __pfx___mutex_lock+0x10/0x10
[ 1047.755593][T21106]  ? __pfx_vfs_read+0x10/0x10
[ 1047.755605][T21106]  ? __fget_files+0x2a/0x410
[ 1047.755616][T21106]  ? __fget_files+0x395/0x410
[ 1047.755625][T21106]  ? __fget_files+0x2a/0x410
[ 1047.755636][T21106]  ksys_read+0x18f/0x2b0
[ 1047.755649][T21106]  ? __pfx_ksys_read+0x10/0x10
[ 1047.755664][T21106]  ? trace_irq_enable+0x2c/0x120
[ 1047.755676][T21106]  do_syscall_64+0xf3/0x230
[ 1047.755690][T21106]  ? clear_bhb_loop+0x35/0x90
[ 1047.755701][T21106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.755716][T21106] RIP: 0033:0x7f801a98473c
[ 1047.755727][T21106] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1047.755737][T21106] RSP: 002b:00007f801b6fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1047.755751][T21106] RAX: ffffffffffffffda RBX: 00007f801ab75fa0 RCX: 00007f801a98473c
[ 1047.755760][T21106] RDX: 000000000000000f RSI: 00007f801b6fe0a0 RDI: 0000000000000004
[ 1047.755768][T21106] RBP: 00007f801b6fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1047.755775][T21106] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[ 1047.755783][T21106] R13: 0000000000000000 R14: 00007f801ab75fa0 R15: 00007ffcba4caca8
[ 1047.755794][T21106]  </TASK>
[ 1048.693871][  T120] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1048.893892][  T120] usb 5-1: Using ep0 maxpacket: 8
[ 1048.936430][  T120] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1049.033049][  T120] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1049.041285][  T120] usb 5-1: Product: syz
[ 1049.045604][  T120] usb 5-1: Manufacturer: syz
[ 1049.050543][  T120] usb 5-1: SerialNumber: syz
[ 1049.510731][  T120] usb 5-1: config 0 descriptor??
[ 1049.551533][  T120] gspca_main: se401-2.14.0 probing 047d:5003
[ 1049.609466][T21125] netlink: 'syz.3.4257': attribute type 72 has an invalid length.
[ 1049.617802][T21125] netlink: 'syz.3.4257': attribute type 8 has an invalid length.
[ 1049.959716][T21141] bond0: entered promiscuous mode
[ 1049.964889][T21141] bond_slave_0: entered promiscuous mode
[ 1049.970649][T21141] bond_slave_1: entered promiscuous mode
[ 1050.080230][T21150] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4264'.
[ 1050.503218][T21158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4267'.
[ 1050.794137][  T120] usb 5-1: reset high-speed USB device number 122 using dummy_hcd
[ 1051.013973][  T120] usb 5-1: device descriptor read/64, error -32
[ 1051.344011][  T120] usb 5-1: reset high-speed USB device number 122 using dummy_hcd
[ 1051.352170][ T5865] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1051.527393][  T120] usb 5-1: device descriptor read/64, error -32
[ 1051.633889][ T5865] usb 6-1: Using ep0 maxpacket: 16
[ 1051.653113][ T5865] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=36.00
[ 1051.736722][ T5865] usb 6-1: New USB device strings: Mfr=168, Product=81, SerialNumber=40
[ 1051.740843][T21176] FAULT_INJECTION: forcing a failure.
[ 1051.740843][T21176] name failslab, interval 1, probability 0, space 0, times 0
[ 1051.755962][ T5865] usb 6-1: Product: syz
[ 1051.762078][T21176] CPU: 0 UID: 0 PID: 21176 Comm: syz.0.4273 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1051.768281][ T5865] usb 6-1: Manufacturer: syz
[ 1051.772838][T21176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1051.772854][T21176] Call Trace:
[ 1051.772862][T21176]  <TASK>
[ 1051.772871][T21176]  dump_stack_lvl+0x241/0x360
[ 1051.780781][ T5865] usb 6-1: SerialNumber: syz
[ 1051.787473][T21176]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1051.787504][T21176]  ? __pfx__printk+0x10/0x10
[ 1051.793467][ T5865] usb 6-1: config 0 descriptor??
[ 1051.793705][T21176]  ? __pfx___might_resched+0x10/0x10
[ 1051.800287][ T5865] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[ 1051.802928][T21176]  ? lock_release+0xbf/0xa30
[ 1051.802956][T21176]  should_fail_ex+0x3b0/0x4e0
[ 1051.809061][ T5865] usb 6-1: Detected FT4232HA
[ 1051.812710][T21176]  should_failslab+0xac/0x100
[ 1051.848818][T21176]  __kmalloc_cache_noprof+0x70/0x390
[ 1051.854102][T21176]  ? alloc_fs_context+0x63/0x800
[ 1051.859039][T21176]  alloc_fs_context+0x63/0x800
[ 1051.863802][T21176]  ? do_raw_read_unlock+0x3c/0x80
[ 1051.868829][T21176]  ? _raw_read_unlock+0x28/0x50
[ 1051.873670][T21176]  ? get_fs_type+0x3fd/0x480
[ 1051.878254][T21176]  do_new_mount+0x160/0xb40
[ 1051.882755][T21176]  ? __pfx_do_new_mount+0x10/0x10
[ 1051.887778][T21176]  __se_sys_mount+0x2d6/0x3c0
[ 1051.892443][T21176]  ? __pfx___se_sys_mount+0x10/0x10
[ 1051.897632][T21176]  ? rcu_is_watching+0x15/0xb0
[ 1051.902398][T21176]  ? rcu_is_watching+0x15/0xb0
[ 1051.907153][T21176]  ? __x64_sys_mount+0x20/0xc0
[ 1051.911907][T21176]  do_syscall_64+0xf3/0x230
[ 1051.916406][T21176]  ? clear_bhb_loop+0x35/0x90
[ 1051.921074][T21176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1051.926964][T21176] RIP: 0033:0x7f801a985d29
[ 1051.931377][T21176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1051.950974][T21176] RSP: 002b:00007f801b6fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1051.959386][T21176] RAX: ffffffffffffffda RBX: 00007f801ab75fa0 RCX: 00007f801a985d29
[ 1051.967349][T21176] RDX: 00000000200001c0 RSI: 00000000200000c0 RDI: 0000000000000000
[ 1051.975312][T21176] RBP: 00007f801b6fe090 R08: 0000000020000380 R09: 0000000000000000
[ 1051.983270][T21176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1051.991234][T21176] R13: 0000000000000000 R14: 00007f801ab75fa0 R15: 00007ffcba4caca8
[ 1051.999200][T21176]  </TASK>
[ 1052.248138][ T5865] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1052.907414][ T5865] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1052.918392][T21196] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4278'.
[ 1052.953275][ T5865] usb 6-1: USB disconnect, device number 3
[ 1053.222279][  T120] gspca_se401: read req failed req 0x06 error -19
[ 1053.306373][ T5865] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1053.320488][ T5865] ftdi_sio 6-1:0.0: device disconnected
[ 1053.335477][  T120] usb 5-1: USB disconnect, device number 122
[ 1053.999065][T21225] input: syz0 as /devices/virtual/input/input179
[ 1054.626700][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.021125][T21252] binder: 21251:21252 ioctl 8040ae9f 20000000 returned -22
[ 1055.034414][T21252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4289'.
[ 1055.158743][T21251] delete_channel: no stack
[ 1055.551301][T21268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4294'.
[ 1055.964029][ T5865] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[ 1057.100619][ T5865] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1057.110499][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1057.128296][ T5865] usb 5-1: config 0 descriptor??
[ 1057.146630][ T5865] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1057.161222][T21278] input: syz0 as /devices/virtual/input/input180
[ 1057.971171][ T5865] cpia1 5-1:0.0: unexpected state after lo power cmd: d0
[ 1058.286967][T21304] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4306'.
[ 1058.344095][T21304] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4306'.
[ 1059.427388][ T5865] gspca_cpia1: usb_control_msg 01, error -110
[ 1059.433507][ T5865] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[ 1060.035447][ T5865] usb 5-1: USB disconnect, device number 123
[ 1060.452737][   T58] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1060.639164][T21332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4311'.
[ 1060.773870][   T58] usb 6-1: Using ep0 maxpacket: 32
[ 1060.780411][   T58] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 1060.789962][   T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1061.436410][   T58] usb 6-1: config 0 descriptor??
[ 1061.473532][   T58] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 1061.952739][   T29] audit: type=1400 audit(1735418555.657:263): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21328 comm="syz.5.4312"
[ 1061.969370][ T5913] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1062.288009][ T5913] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1062.297240][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1062.305393][ T5913] usb 5-1: Product: syz
[ 1062.309599][ T5913] usb 5-1: Manufacturer: syz
[ 1062.314378][ T5913] usb 5-1: SerialNumber: syz
[ 1062.341474][ T5913] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1062.388046][ T5868] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1062.843913][   T58] gspca_sq930x: reg_w 0105 bf00 failed -71
[ 1062.904133][   T58] sq930x 6-1:0.0: probe with driver sq930x failed with error -71
[ 1062.922397][   T58] usb 6-1: USB disconnect, device number 4
[ 1063.133929][ T5865] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1063.305177][ T5865] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1063.314384][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1063.330691][ T5865] usb 3-1: config 0 descriptor??
[ 1063.349406][ T5865] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1063.424379][ T5868] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1063.432655][ T5868] ath9k_htc: Failed to initialize the device
[ 1063.477074][ T5868] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1063.478396][T21386] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4329'.
[ 1064.134572][ T5865] cpia1 3-1:0.0: unexpected state after lo power cmd: d0
[ 1064.185392][T17068] usb 5-1: USB disconnect, device number 124
[ 1065.826370][ T5865] gspca_cpia1: usb_control_msg 01, error -110
[ 1065.832530][ T5865] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1065.863590][ T5865] usb 3-1: USB disconnect, device number 24
[ 1065.875495][   T29] audit: type=1400 audit(1735418559.607:264): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21390 comm="syz.0.4331" daddr=::ffff:172.20.20.0
[ 1068.057044][T21443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4342'.
[ 1069.417197][T21465] netlink: 'syz.2.4348': attribute type 4 has an invalid length.
[ 1069.425778][T21465] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4348'.
[ 1070.004556][T21470] overlayfs: missing 'workdir'
[ 1070.069508][T21471] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1070.354007][ T5913] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1070.549252][T21484] netlink: 212 bytes leftover after parsing attributes in process `syz.0.4356'.
[ 1070.565469][ T5913] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1070.575448][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1070.591594][ T5913] usb 6-1: config 0 descriptor??
[ 1070.599294][ T5913] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1070.721823][T21484] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4356'.
[ 1070.730832][T21484] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4356'.
[ 1070.739789][T21484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4356'.
[ 1071.189065][   T29] audit: type=1400 audit(1735418564.877:265): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21489 comm="syz.0.4358" daddr=::ffff:172.20.20.0
[ 1071.194602][ T5913] cpia1 6-1:0.0: unexpected state after lo power cmd: 00
[ 1071.846942][T21503] input: syz0 as /devices/virtual/input/input181
[ 1072.224417][ T5913] gspca_cpia1: usb_control_msg 01, error -110
[ 1072.231096][ T5913] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0)
[ 1072.949459][   T25] usb 6-1: USB disconnect, device number 5
[ 1073.479386][T21523] netlink: 84 bytes leftover after parsing attributes in process `syz.5.4366'.
[ 1073.488799][T21523] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4366'.
[ 1075.543558][   T29] audit: type=1400 audit(1735418569.097:266): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21542 comm="syz.2.4372" daddr=::ffff:172.20.20.0
[ 1075.738777][T21552] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1075.794737][T21560] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1077.113474][T21574] netlink: 'syz.3.4376': attribute type 1 has an invalid length.
[ 1077.692305][T21594] xt_l2tp: v2 tid > 0xffff: 262144
[ 1077.718616][T21594] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4386'.
[ 1078.219753][   T29] audit: type=1400 audit(1735418571.947:267): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21597 comm="syz.5.4388" daddr=::ffff:172.20.20.0
[ 1078.996980][   T29] audit: type=1400 audit(1735418572.727:268): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21611 comm="syz.3.4393"
[ 1079.945809][   T58] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[ 1080.424165][   T58] usb 5-1: Using ep0 maxpacket: 32
[ 1080.657575][   T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1080.676000][   T58] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1080.771545][   T58] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1080.780998][   T58] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1080.791664][   T58] usb 5-1: Product: syz
[ 1080.802944][   T58] usb 5-1: Manufacturer: syz
[ 1080.812743][   T58] usb 5-1: SerialNumber: syz
[ 1081.062286][   T58] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input182
[ 1081.164153][   T29] audit: type=1400 audit(1735418574.887:269): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21631 comm="syz.3.4399" daddr=::ffff:172.20.20.0
[ 1081.246560][T21622] FAULT_INJECTION: forcing a failure.
[ 1081.246560][T21622] name failslab, interval 1, probability 0, space 0, times 0
[ 1081.263722][T21622] CPU: 0 UID: 0 PID: 21622 Comm: syz.4.4396 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1081.263891][ T5831] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1081.274482][T21622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1081.274498][T21622] Call Trace:
[ 1081.274506][T21622]  <TASK>
[ 1081.274514][T21622]  dump_stack_lvl+0x241/0x360
[ 1081.274544][T21622]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1081.308125][T21622]  ? __pfx__printk+0x10/0x10
[ 1081.312744][T21622]  ? __pfx___might_resched+0x10/0x10
[ 1081.318044][T21622]  ? lock_release+0xbf/0xa30
[ 1081.322623][T21622]  should_fail_ex+0x3b0/0x4e0
[ 1081.327291][T21622]  should_failslab+0xac/0x100
[ 1081.331956][T21622]  ? getname_flags+0xb7/0x540
[ 1081.336618][T21622]  kmem_cache_alloc_noprof+0x70/0x380
[ 1081.341983][T21622]  getname_flags+0xb7/0x540
[ 1081.346476][T21622]  do_sys_openat2+0xd2/0x1d0
[ 1081.351069][T21622]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1081.356265][T21622]  ? __fget_files+0x2a/0x410
[ 1081.360867][T21622]  ? __fget_files+0x2a/0x410
[ 1081.365460][T21622]  __x64_sys_openat+0x247/0x2a0
[ 1081.370321][T21622]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1081.375703][T21622]  ? rcu_is_watching+0x15/0xb0
[ 1081.380454][T21622]  ? rcu_is_watching+0x15/0xb0
[ 1081.385205][T21622]  do_syscall_64+0xf3/0x230
[ 1081.389696][T21622]  ? clear_bhb_loop+0x35/0x90
[ 1081.394361][T21622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.400246][T21622] RIP: 0033:0x7f522df84690
[ 1081.404647][T21622] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1081.424251][T21622] RSP: 002b:00007f522ed2fb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1081.432670][T21622] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f522df84690
[ 1081.440655][T21622] RDX: 0000000000000000 RSI: 00007f522ed2fc10 RDI: 00000000ffffff9c
[ 1081.448643][T21622] RBP: 00007f522ed2fc10 R08: 0000000000000000 R09: 0000000000000000
[ 1081.456629][T21622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1081.464617][T21622] R13: 0000000000000000 R14: 00007f522e175fa0 R15: 00007ffee53f2568
[ 1081.472610][T21622]  </TASK>
[ 1081.505428][ T5831] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1081.515379][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1081.556584][T21651] FAULT_INJECTION: forcing a failure.
[ 1081.556584][T21651] name failslab, interval 1, probability 0, space 0, times 0
[ 1081.572799][T21651] CPU: 1 UID: 0 PID: 21651 Comm: syz.0.4405 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1081.583591][T21651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1081.593651][T21651] Call Trace:
[ 1081.596926][T21651]  <TASK>
[ 1081.599849][T21651]  dump_stack_lvl+0x241/0x360
[ 1081.604532][T21651]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1081.609723][T21651]  ? __pfx__printk+0x10/0x10
[ 1081.614308][T21651]  ? __pfx___might_resched+0x10/0x10
[ 1081.619593][T21651]  should_fail_ex+0x3b0/0x4e0
[ 1081.624279][T21651]  should_failslab+0xac/0x100
[ 1081.628958][T21651]  __kmalloc_noprof+0xdd/0x4c0
[ 1081.633714][T21651]  ? shmem_initxattrs+0x290/0x450
[ 1081.638735][T21651]  shmem_initxattrs+0x290/0x450
[ 1081.643579][T21651]  security_inode_init_security+0x29c/0x480
[ 1081.649470][T21651]  ? __pfx_shmem_initxattrs+0x10/0x10
[ 1081.654833][T21651]  ? __pfx_security_inode_init_security+0x10/0x10
[ 1081.661240][T21651]  ? shmem_get_inode+0xc37/0xf20
[ 1081.666173][T21651]  shmem_mknod+0x1ff/0x3d0
[ 1081.670589][T21651]  vfs_mknod+0x36d/0x3b0
[ 1081.674846][T21651]  do_mknodat+0x3ec/0x5b0
[ 1081.679169][T21651]  ? __pfx_do_mknodat+0x10/0x10
[ 1081.684009][T21651]  ? getname_flags+0x1e3/0x540
[ 1081.688765][T21651]  __x64_sys_mknod+0x8c/0xa0
[ 1081.693350][T21651]  do_syscall_64+0xf3/0x230
[ 1081.697853][T21651]  ? clear_bhb_loop+0x35/0x90
[ 1081.702525][T21651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.708423][T21651] RIP: 0033:0x7f801a985d29
[ 1081.712831][T21651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1081.732439][T21651] RSP: 002b:00007f801b6fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 1081.740848][T21651] RAX: ffffffffffffffda RBX: 00007f801ab75fa0 RCX: 00007f801a985d29
[ 1081.748817][T21651] RDX: 0000000000000005 RSI: 0000000008001420 RDI: 00000000200000c0
[ 1081.756781][T21651] RBP: 00007f801b6fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1081.764745][T21651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1081.772709][T21651] R13: 0000000000000000 R14: 00007f801ab75fa0 R15: 00007ffcba4caca8
[ 1081.780679][T21651]  </TASK>
[ 1081.803433][ T5831] usb 3-1: config 0 descriptor??
[ 1081.820465][ T5865] usb 5-1: USB disconnect, device number 125
[ 1081.828733][ T5831] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1081.844392][ T5865] appletouch 5-1:1.0: input: appletouch disconnected
[ 1081.895541][T21655] xt_policy: too many policy elements
[ 1081.932366][T21656] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1082.503607][ T5831] cpia1 3-1:0.0: unexpected state after lo power cmd: d0
[ 1082.964878][   T25] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[ 1083.193976][   T25] usb 5-1: Using ep0 maxpacket: 32
[ 1083.200649][   T25] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1083.210006][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.222858][   T25] usb 5-1: config 0 descriptor??
[ 1083.282709][   T29] audit: type=1400 audit(1735418577.007:270): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21681 comm="syz.0.4412" daddr=::ffff:172.20.20.0
[ 1083.432115][   T25] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1083.448764][   T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1083.464961][   T25] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1083.472701][   T25] usb 5-1: media controller created
[ 1083.521240][   T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1083.585057][ T5831] gspca_cpia1: usb_control_msg 01, error -110
[ 1083.592347][ T5831] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1083.624626][ T5831] usb 3-1: USB disconnect, device number 25
[ 1083.643550][   T25] az6027: usb out operation failed. (-71)
[ 1083.665469][   T25] az6027: usb out operation failed. (-71)
[ 1083.672028][   T25] stb0899_attach: Driver disabled by Kconfig
[ 1083.678414][   T25] az6027: no front-end attached
[ 1083.678414][   T25] 
[ 1083.686443][   T25] az6027: usb out operation failed. (-71)
[ 1083.692301][   T25] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1083.713566][   T25] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input183
[ 1083.732536][   T25] dvb-usb: schedule remote query interval to 400 msecs.
[ 1083.739698][   T25] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1083.771393][   T25] usb 5-1: USB disconnect, device number 126
[ 1083.810510][   T25] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1083.946464][T21691] FAULT_INJECTION: forcing a failure.
[ 1083.946464][T21691] name failslab, interval 1, probability 0, space 0, times 0
[ 1083.959230][T21691] CPU: 1 UID: 0 PID: 21691 Comm: syz.2.4414 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1083.969981][T21691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1083.980047][T21691] Call Trace:
[ 1083.983320][T21691]  <TASK>
[ 1083.986237][T21691]  dump_stack_lvl+0x241/0x360
[ 1083.990922][T21691]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1083.996105][T21691]  ? __pfx__printk+0x10/0x10
[ 1084.000693][T21691]  ? __pfx___might_resched+0x10/0x10
[ 1084.005982][T21691]  should_fail_ex+0x3b0/0x4e0
[ 1084.010653][T21691]  should_failslab+0xac/0x100
[ 1084.015322][T21691]  __kmalloc_noprof+0xdd/0x4c0
[ 1084.020074][T21691]  ? pcpu_memcg_post_alloc_hook+0x12a/0x720
[ 1084.025957][T21691]  ? apply_wqattrs_prepare+0xfd/0xef0
[ 1084.031327][T21691]  apply_wqattrs_prepare+0xfd/0xef0
[ 1084.036512][T21691]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1084.042828][T21691]  ? __alloc_workqueue+0xaee/0x1f20
[ 1084.048022][T21691]  ? pcpu_alloc_noprof+0xfb8/0x1760
[ 1084.053222][T21691]  apply_workqueue_attrs_locked+0x63/0x200
[ 1084.059023][T21691]  __alloc_workqueue+0x13f6/0x1f20
[ 1084.064147][T21691]  alloc_workqueue+0xd6/0x210
[ 1084.068835][T21691]  ? hci_register_dev+0xe5/0x8b0
[ 1084.073763][T21691]  ? __pfx_alloc_workqueue+0x10/0x10
[ 1084.079045][T21691]  hci_register_dev+0x20c/0x8b0
[ 1084.083889][T21691]  hci_uart_tty_ioctl+0x821/0x9e0
[ 1084.088900][T21691]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[ 1084.094458][T21691]  tty_ioctl+0x998/0xdc0
[ 1084.098694][T21691]  ? __pfx_tty_ioctl+0x10/0x10
[ 1084.103444][T21691]  __se_sys_ioctl+0xf5/0x170
[ 1084.108022][T21691]  do_syscall_64+0xf3/0x230
[ 1084.112514][T21691]  ? clear_bhb_loop+0x35/0x90
[ 1084.117178][T21691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.123062][T21691] RIP: 0033:0x7f211a185d29
[ 1084.127489][T21691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1084.147095][T21691] RSP: 002b:00007f211afbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1084.155495][T21691] RAX: ffffffffffffffda RBX: 00007f211a376080 RCX: 00007f211a185d29
[ 1084.163451][T21691] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000006
[ 1084.171408][T21691] RBP: 00007f211afbf090 R08: 0000000000000000 R09: 0000000000000000
[ 1084.179363][T21691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1084.187326][T21691] R13: 0000000000000000 R14: 00007f211a376080 R15: 00007fff6ad56108
[ 1084.195290][T21691]  </TASK>
[ 1084.199886][T21691] Bluetooth: Can't register HCI device
[ 1085.169980][T21712] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4420'.
[ 1085.180166][T21712] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4420'.
[ 1085.656193][T21709] FAULT_INJECTION: forcing a failure.
[ 1085.656193][T21709] name failslab, interval 1, probability 0, space 0, times 0
[ 1085.673040][T21709] CPU: 0 UID: 0 PID: 21709 Comm: syz.0.4422 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1085.683874][T21709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1085.693946][T21709] Call Trace:
[ 1085.697235][T21709]  <TASK>
[ 1085.700170][T21709]  dump_stack_lvl+0x241/0x360
[ 1085.704866][T21709]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1085.710083][T21709]  ? __pfx__printk+0x10/0x10
[ 1085.714688][T21709]  ? __pfx___might_resched+0x10/0x10
[ 1085.719996][T21709]  should_fail_ex+0x3b0/0x4e0
[ 1085.724694][T21709]  should_failslab+0xac/0x100
[ 1085.729391][T21709]  ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0
[ 1085.735478][T21709]  kmem_cache_alloc_noprof+0x70/0x380
[ 1085.740874][T21709]  __kvm_mmu_topup_memory_cache+0x1e3/0x6b0
[ 1085.746785][T21709]  kvm_mmu_load+0x115/0x2820
[ 1085.751360][T21709]  ? __mutex_unlock_slowpath+0x21e/0x790
[ 1085.756978][T21709]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1085.762940][T21709]  ? __pfx_kvm_mmu_load+0x10/0x10
[ 1085.767953][T21709]  ? __pfx_lock_release+0x10/0x10
[ 1085.772961][T21709]  ? vmx_flush_tlb_guest+0x331/0x5a0
[ 1085.778247][T21709]  ? vmx_flush_tlb_all+0xc6/0x3b0
[ 1085.783289][T21709]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[ 1085.788931][T21709]  ? seqcount_lockdep_reader_access+0x1cd/0x220
[ 1085.795166][T21709]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 1085.801744][T21709]  ? kvm_apic_has_interrupt+0x9d4/0xa70
[ 1085.807278][T21709]  vcpu_run+0x5c40/0x8a90
[ 1085.811611][T21709]  ? __pfx_vcpu_run+0x10/0x10
[ 1085.816273][T21709]  ? rcu_is_watching+0x15/0xb0
[ 1085.821028][T21709]  ? lock_acquire+0xe3/0x550
[ 1085.825607][T21709]  ? __pfx_lock_acquire+0x10/0x10
[ 1085.830615][T21709]  ? fpu_swap_kvm_fpstate+0x82/0x460
[ 1085.835887][T21709]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1085.841592][T21709]  ? xfd_validate_state+0x6e/0x150
[ 1085.846691][T21709]  ? rcu_is_watching+0x15/0xb0
[ 1085.851444][T21709]  ? rcu_is_watching+0x15/0xb0
[ 1085.856190][T21709]  kvm_arch_vcpu_ioctl_run+0xa76/0x19d0
[ 1085.861727][T21709]  ? kvm_arch_vcpu_ioctl_run+0x1cc/0x19d0
[ 1085.867429][T21709]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1085.873395][T21709]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1085.879277][T21709]  ? lock_release+0xbf/0xa30
[ 1085.883860][T21709]  ? rcu_is_watching+0x15/0xb0
[ 1085.888616][T21709]  ? lock_release+0xbf/0xa30
[ 1085.893189][T21709]  ? __pfx_lock_acquire+0x10/0x10
[ 1085.898194][T21709]  ? kvm_vcpu_ioctl+0x1da/0xea0
[ 1085.903028][T21709]  ? __pfx_lock_release+0x10/0x10
[ 1085.908034][T21709]  ? do_raw_write_lock+0x148/0x4f0
[ 1085.913134][T21709]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1085.918579][T21709]  kvm_vcpu_ioctl+0x920/0xea0
[ 1085.923248][T21709]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1085.928436][T21709]  ? smack_file_ioctl+0x353/0x3a0
[ 1085.933448][T21709]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1085.938808][T21709]  ? fput+0x21b/0x290
[ 1085.942775][T21709]  ? __fget_files+0x2a/0x410
[ 1085.947348][T21709]  ? __fget_files+0x2a/0x410
[ 1085.951922][T21709]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1085.957104][T21709]  __se_sys_ioctl+0xf5/0x170
[ 1085.961677][T21709]  do_syscall_64+0xf3/0x230
[ 1085.966174][T21709]  ? clear_bhb_loop+0x35/0x90
[ 1085.970831][T21709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1085.973893][   T25] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1085.976715][T21709] RIP: 0033:0x7f801a985d29
[ 1085.988645][T21709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1086.008233][T21709] RSP: 002b:00007f801b6fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1086.016632][T21709] RAX: ffffffffffffffda RBX: 00007f801ab75fa0 RCX: 00007f801a985d29
[ 1086.024591][T21709] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1086.032549][T21709] RBP: 00007f801b6fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.040506][T21709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1086.048464][T21709] R13: 0000000000000000 R14: 00007f801ab75fa0 R15: 00007ffcba4caca8
[ 1086.056422][T21709]  </TASK>
[ 1086.260200][   T25] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1086.312052][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1086.410241][   T25] usb 3-1: config 0 descriptor??
[ 1086.447103][   T25] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1086.850107][T21727] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4426'.
[ 1087.550601][   T25] gspca_cpia1: usb_control_msg 05, error -110
[ 1087.556972][   T25] gspca_cpia1: usb_control_msg 01, error -32
[ 1087.563816][   T25] gspca_cpia1: usb_control_msg 01, error -32
[ 1087.570025][   T25] gspca_cpia1: usb_control_msg 01, error -32
[ 1087.576244][   T25] gspca_cpia1: usb_control_msg 01, error -32
[ 1087.582379][   T25] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1088.383988][   T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1088.578828][   T25] usb 6-1: Using ep0 maxpacket: 32
[ 1088.660648][   T25] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1088.671073][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1088.681656][   T25] usb 6-1: config 0 descriptor??
[ 1088.801142][   T29] audit: type=1400 audit(1735418582.527:271): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21737 comm="syz.4.4431" daddr=::ffff:172.20.20.0
[ 1088.983967][   T25] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1089.222794][   T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1089.233786][   T25] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1089.242427][   T25] usb 6-1: media controller created
[ 1089.257791][   T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1089.290066][   T25] az6027: usb out operation failed. (-71)
[ 1089.302108][   T25] az6027: usb out operation failed. (-71)
[ 1089.308065][   T25] stb0899_attach: Driver disabled by Kconfig
[ 1089.314287][   T25] az6027: no front-end attached
[ 1089.314287][   T25] 
[ 1089.330899][   T25] az6027: usb out operation failed. (-71)
[ 1089.337135][   T25] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1089.345486][   T25] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input184
[ 1089.358450][   T25] dvb-usb: schedule remote query interval to 400 msecs.
[ 1089.365724][   T25] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1089.383606][   T25] usb 6-1: USB disconnect, device number 6
[ 1089.405302][   T25] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1090.260644][T21775] binder: BINDER_SET_CONTEXT_MGR already set
[ 1090.266844][T21775] binder: 21774:21775 ioctl 4018620d 20000100 returned -16
[ 1090.272421][T21777] binder: BINDER_SET_CONTEXT_MGR already set
[ 1090.280899][T21777] binder: 21774:21777 ioctl 4018620d 20000040 returned -16
[ 1090.371263][   T58] usb 3-1: USB disconnect, device number 26
[ 1092.506220][   T29] audit: type=1400 audit(1735418586.097:272): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21801 comm="syz.0.4449" daddr=::ffff:172.20.20.0
[ 1092.699184][T21806] tap0: tun_chr_ioctl cmd 1074025692
[ 1092.706644][T21806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4450'.
[ 1092.864862][ T5831] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[ 1093.047406][ T5831] usb 5-1: Using ep0 maxpacket: 8
[ 1093.097152][ T5831] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[ 1093.142735][ T5831] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.210836][ T5831] usb 5-1: Product: syz
[ 1093.223121][ T5831] usb 5-1: Manufacturer: syz
[ 1093.234707][ T5831] usb 5-1: SerialNumber: syz
[ 1093.258471][ T5831] usb 5-1: config 0 descriptor??
[ 1093.467567][ T5831] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[ 1094.040813][T21830] dccp_invalid_packet: P.type (SYNC) not Data || [Data]Ack, while P.X == 0
[ 1094.272599][   T29] audit: type=1107 audit(1735418587.997:273): pid=21831 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='p?€†vãÊ&_q•	¨<ñ,PÊ~1çéîwOBÓ�i•ëÔ¿;Ì'
[ 1094.953990][ T5831] usb write operation failed. (-71)
[ 1094.976882][ T5831] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1094.987348][ T5831] dvbdev: DVB: registering new adapter (Terratec H7)
[ 1094.994097][ T5831] usb 5-1: media controller created
[ 1095.024161][ T5831] usb read operation failed. (-71)
[ 1095.074461][ T5831] usb write operation failed. (-71)
[ 1095.098763][ T5831] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[ 1095.120149][ T5831] usb 5-1: USB disconnect, device number 127
[ 1095.237157][   T29] audit: type=1400 audit(1735418588.937:274): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21840 comm="syz.5.4462" daddr=::ffff:172.20.20.0
[ 1095.593470][T21838] FAULT_INJECTION: forcing a failure.
[ 1095.593470][T21838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1095.604672][T21854] ip6gretap0: entered promiscuous mode
[ 1095.606908][T21838] CPU: 0 UID: 0 PID: 21838 Comm: syz.3.4461 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1095.622730][T21838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1095.632799][T21838] Call Trace:
[ 1095.636093][T21838]  <TASK>
[ 1095.639037][T21838]  dump_stack_lvl+0x241/0x360
[ 1095.643742][T21838]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1095.648964][T21838]  ? __pfx__printk+0x10/0x10
[ 1095.653567][T21838]  ? vfs_write+0x730/0xd30
[ 1095.658008][T21838]  ? __pfx_lock_release+0x10/0x10
[ 1095.663134][T21838]  should_fail_ex+0x3b0/0x4e0
[ 1095.667827][T21838]  _copy_from_user+0x2f/0xc0
[ 1095.672417][T21838]  do_seccomp+0x20b/0xf90
[ 1095.676756][T21838]  ? __pfx_do_seccomp+0x10/0x10
[ 1095.681603][T21838]  ? ksys_write+0x251/0x2b0
[ 1095.686102][T21838]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1095.692422][T21838]  ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0
[ 1095.698664][T21838]  ? syscall_user_dispatch+0x4e/0x90
[ 1095.703946][T21838]  do_syscall_64+0xf3/0x230
[ 1095.708447][T21838]  ? clear_bhb_loop+0x35/0x90
[ 1095.713117][T21838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.719009][T21838] RIP: 0033:0x7f2d8d985d29
[ 1095.723414][T21838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1095.743016][T21838] RSP: 002b:00007f2d8e7e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000013d
[ 1095.751422][T21838] RAX: ffffffffffffffda RBX: 00007f2d8db75fa0 RCX: 00007f2d8d985d29
[ 1095.759393][T21838] RDX: 0000000020000400 RSI: 0000000000000000 RDI: 0000000000000001
[ 1095.767364][T21838] RBP: 00007f2d8e7e2090 R08: 0000000000000000 R09: 0000000000000000
[ 1095.775327][T21838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1095.783289][T21838] R13: 0000000000000000 R14: 00007f2d8db75fa0 R15: 00007ffdeb89d228
[ 1095.791263][T21838]  </TASK>
[ 1095.806023][T21854] batadv_slave_0: entered promiscuous mode
[ 1095.827786][T21854] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1095.838373][T21854] Cannot create hsr debugfs directory
[ 1095.903590][T21861] dccp_invalid_packet: P.Data Offset(0) too small
[ 1096.040243][   T29] audit: type=1400 audit(1735418589.767:275): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21864 comm="syz.3.4472" daddr=::ffff:172.20.20.0
[ 1096.135871][ T5868] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1096.194031][ T5865] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1096.363998][ T5865] usb 6-1: Using ep0 maxpacket: 32
[ 1096.372233][ T5865] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1096.373967][ T5868] usb 5-1: Using ep0 maxpacket: 8
[ 1096.389396][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.428611][ T5865] usb 6-1: config 0 descriptor??
[ 1096.442256][ T5868] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1096.451522][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1096.459593][ T5868] usb 5-1: Product: syz
[ 1096.463764][ T5868] usb 5-1: Manufacturer: syz
[ 1096.468756][ T5868] usb 5-1: SerialNumber: syz
[ 1096.491567][ T5868] usb 5-1: config 0 descriptor??
[ 1096.499352][ T5868] gspca_main: se401-2.14.0 probing 047d:5003
[ 1096.507760][T21879] overlayfs: missing 'lowerdir'
[ 1096.657398][ T5865] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1096.684530][ T5865] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1096.696183][ T5865] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1096.703528][ T5865] usb 6-1: media controller created
[ 1096.906388][ T5865] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1097.244563][ T5865] az6027: usb out operation failed. (-71)
[ 1097.267266][ T5865] az6027: usb out operation failed. (-71)
[ 1097.273134][ T5865] stb0899_attach: Driver disabled by Kconfig
[ 1097.279448][ T5865] az6027: no front-end attached
[ 1097.279448][ T5865] 
[ 1097.287732][ T5865] az6027: usb out operation failed. (-71)
[ 1097.293473][ T5865] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1097.301769][ T5865] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input185
[ 1097.314449][ T5865] dvb-usb: schedule remote query interval to 400 msecs.
[ 1097.321412][ T5865] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1097.337511][ T5865] usb 6-1: USB disconnect, device number 7
[ 1097.361787][ T5865] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1097.535231][T21893] xt_l2tp: v2 tid > 0xffff: 262144
[ 1097.545404][T21893] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4479'.
[ 1097.673900][T13077] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1097.714176][ T5868] usb 5-1: reset high-speed USB device number 2 using dummy_hcd
[ 1097.857339][T13077] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1097.879900][ T5868] usb 5-1: device descriptor read/64, error -32
[ 1097.885624][T13077] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1098.028564][T13077] usb 3-1: config 0 descriptor??
[ 1098.114263][T13077] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1098.372758][T21901] dccp_invalid_packet: P.Data Offset(0) too small
[ 1098.464344][ T5868] usb 5-1: reset high-speed USB device number 2 using dummy_hcd
[ 1098.542249][T13077] cpia1 3-1:0.0: unexpected state after lo power cmd: d0
[ 1098.593909][ T5868] usb 5-1: device descriptor read/64, error -32
[ 1099.118457][ T5868] usb 5-1: reset high-speed USB device number 2 using dummy_hcd
[ 1099.385135][ T5868] usb 5-1: device not accepting address 2, error -71
[ 1099.482643][T21922] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4490'.
[ 1099.497476][T21922] sp0: Synchronizing with TNC
[ 1099.608746][T13077] gspca_cpia1: usb_control_msg 01, error -110
[ 1099.614916][T13077] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1099.917918][T13077] usb 3-1: USB disconnect, device number 27
[ 1100.334674][ T5868] gspca_se401: read req failed req 0x06 error -19
[ 1100.343141][ T5868] usb 5-1: USB disconnect, device number 2
[ 1100.458348][T21938] xt_l2tp: v2 tid > 0xffff: 262144
[ 1100.483235][T21938] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4494'.
[ 1100.515259][T21941] dccp_invalid_packet: P.Data Offset(0) too small
[ 1101.194166][T13077] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1101.384611][T13077] usb 5-1: Using ep0 maxpacket: 8
[ 1101.537388][T13077] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1101.547352][T13077] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.555475][T13077] usb 5-1: Product: syz
[ 1101.559658][T13077] usb 5-1: Manufacturer: syz
[ 1101.565920][T13077] usb 5-1: SerialNumber: syz
[ 1101.575486][T13077] usb 5-1: config 0 descriptor??
[ 1101.582652][T13077] gspca_main: se401-2.14.0 probing 047d:5003
[ 1102.429531][   T29] audit: type=1400 audit(1735418596.157:276): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=21962 comm="syz.5.4504" daddr=::ffff:172.20.20.0
[ 1102.944406][T13077] usb 5-1: reset high-speed USB device number 3 using dummy_hcd
[ 1103.009987][T21980] dccp_invalid_packet: P.Data Offset(0) too small
[ 1103.084108][T13077] usb 5-1: device descriptor read/64, error -32
[ 1103.333920][T13077] usb 5-1: reset high-speed USB device number 3 using dummy_hcd
[ 1104.414561][T21990] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4511'.
[ 1104.829897][T21991] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4509'.
[ 1104.839284][T21991] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4509'.
[ 1105.202868][T13077] usb 5-1: device descriptor read/64, error -32
[ 1105.681375][T22004] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4515'.
[ 1105.787864][T22013] xt_l2tp: v2 tid > 0xffff: 262144
[ 1105.846886][T22013] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4512'.
[ 1106.250221][T13077] gspca_se401: read req failed req 0x06 error -19
[ 1106.277119][T13077] usb 5-1: USB disconnect, device number 3
[ 1106.636112][T22018] input: syz0 as /devices/virtual/input/input187
[ 1106.970351][T22031] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4520'.
[ 1106.979494][T22031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4520'.
[ 1108.377026][T22048] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4525'.
[ 1109.284393][T22058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4528'.
[ 1109.450674][T22060] lo speed is unknown, defaulting to 1000
[ 1110.784028][T13077] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1110.927264][T22082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4534'.
[ 1110.936420][T22082] netlink: 220 bytes leftover after parsing attributes in process `syz.4.4534'.
[ 1111.384412][T13077] usb 3-1: Using ep0 maxpacket: 8
[ 1111.399933][T13077] usb 3-1: config 162 has an invalid interface number: 246 but max is 1
[ 1111.408925][T13077] usb 3-1: config 162 has an invalid interface number: 245 but max is 1
[ 1111.417352][T13077] usb 3-1: config 162 has no interface number 0
[ 1111.424122][T13077] usb 3-1: config 162 has no interface number 1
[ 1111.431298][T13077] usb 3-1: config 162 interface 246 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1111.444511][T13077] usb 3-1: config 162 interface 245 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[ 1111.455492][T13077] usb 3-1: config 162 interface 245 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1111.467515][T13077] usb 3-1: config 162 interface 245 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[ 1111.479084][T13077] usb 3-1: config 162 interface 245 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[ 1111.489473][T13077] usb 3-1: config 162 interface 245 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 1111.502746][T13077] usb 3-1: config 162 interface 246 has no altsetting 0
[ 1111.509892][T13077] usb 3-1: config 162 interface 245 has no altsetting 0
[ 1111.531527][T13077] usb 3-1: New USB device found, idVendor=8087, idProduct=0a5a, bcdDevice=5f.2c
[ 1111.541913][T13077] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1111.550272][T13077] usb 3-1: Product: syz
[ 1111.564618][T13077] usb 3-1: Manufacturer: syz
[ 1111.573652][T13077] usb 3-1: SerialNumber: syz
[ 1111.790603][T22076] netlink: 188 bytes leftover after parsing attributes in process `syz.2.4533'.
[ 1111.812140][T22076] netlink: 'syz.2.4533': attribute type 1 has an invalid length.
[ 1111.954068][T13077] Bluetooth: failed to set interface 0, alt 0 -22
[ 1112.221221][T22102] netlink: 312 bytes leftover after parsing attributes in process `syz.5.4539'.
[ 1112.682710][T13077] btusb 3-1:162.245: probe with driver btusb failed with error -22
[ 1112.710799][T13077] usb 3-1: USB disconnect, device number 28
[ 1112.831967][T22108] Cannot find add_set index 0 as target
[ 1112.858563][T22110] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4543'.
[ 1113.094312][ T5865] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1113.333963][ T5865] usb 5-1: Using ep0 maxpacket: 32
[ 1113.343879][ T5865] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[ 1113.352069][ T5865] usb 5-1: config 0 has no interface number 0
[ 1113.404483][ T5865] usb 5-1: config 0 interface 184 has no altsetting 0
[ 1113.449187][ T5865] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1113.469004][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.517725][ T5865] usb 5-1: Product: syz
[ 1113.542339][ T5865] usb 5-1: Manufacturer: syz
[ 1113.562561][ T5865] usb 5-1: SerialNumber: syz
[ 1113.581832][ T5865] usb 5-1: config 0 descriptor??
[ 1113.605393][ T5865] smsc75xx v1.0.0
[ 1114.213122][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1114.272426][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1114.316709][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1114.348338][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[ 1114.393883][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1114.433844][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[ 1114.463764][ T5865] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[ 1114.675223][T22132] 9pnet_fd: Insufficient options for proto=fd
[ 1115.108780][T22138] input: syz0 as /devices/virtual/input/input188
[ 1115.956942][T22153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4557'.
[ 1116.133610][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.912920][   T29] audit: type=1400 audit(1735418610.627:277): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22165 comm="syz.2.4561" daddr=::ffff:172.20.20.0
[ 1116.943411][T22171] input: syz0 as /devices/virtual/input/input189
[ 1117.205706][T22174] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20004
[ 1117.332992][ T5868] usb 5-1: USB disconnect, device number 4
[ 1119.343231][T22199] kvm: kvm [22198]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xff0000000072
[ 1119.366587][T22199] kvm: kvm [22198]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xff0000000072
[ 1119.378559][T22199] kvm: kvm [22198]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xff0000000072
[ 1119.682941][   T29] audit: type=1400 audit(1735418613.397:278): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22206 comm="syz.2.4573" daddr=::ffff:172.20.20.0
[ 1119.882445][T22214] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1121.649661][T22232] netlink: 376 bytes leftover after parsing attributes in process `syz.2.4579'.
[ 1123.584228][   T25] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1123.745177][   T25] usb 3-1: Using ep0 maxpacket: 32
[ 1123.755330][   T25] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1123.769335][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1123.794135][   T25] usb 3-1: config 0 descriptor??
[ 1124.518231][   T25] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1124.528248][   T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1124.539111][   T25] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1124.552467][   T25] usb 3-1: media controller created
[ 1124.567858][   T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1124.683942][T22272] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1124.915065][   T25] az6027: usb out operation failed. (-71)
[ 1124.922926][T22281] netlink: 'syz.5.4593': attribute type 1 has an invalid length.
[ 1124.926325][   T25] az6027: usb out operation failed. (-71)
[ 1124.937664][   T25] stb0899_attach: Driver disabled by Kconfig
[ 1124.985281][   T25] az6027: no front-end attached
[ 1124.985281][   T25] 
[ 1125.473359][   T25] az6027: usb out operation failed. (-71)
[ 1125.479492][   T25] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1125.487561][   T25] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input190
[ 1125.519520][T22289] fuse: Bad value for 'fd'
[ 1125.938301][   T25] dvb-usb: schedule remote query interval to 400 msecs.
[ 1125.945763][   T25] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1125.991750][   T25] usb 3-1: USB disconnect, device number 29
[ 1126.275155][T22307] netlink: 376 bytes leftover after parsing attributes in process `syz.5.4596'.
[ 1126.961685][T22309] input: syz0 as /devices/virtual/input/input191
[ 1127.028524][   T25] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1128.324266][T22326] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1128.326875][T22329] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1128.330799][T22326] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1128.399390][T22326] vhci_hcd vhci_hcd.0: Device attached
[ 1128.427457][T22331] vhci_hcd: connection closed
[ 1128.427730][T16156] vhci_hcd: stop threads
[ 1128.436690][T16156] vhci_hcd: release socket
[ 1128.443156][T16156] vhci_hcd: disconnect device
[ 1128.543953][ T5913] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1128.724687][ T5913] usb 6-1: Using ep0 maxpacket: 32
[ 1128.742097][ T5913] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1128.759638][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.799723][ T5913] usb 6-1: config 0 descriptor??
[ 1129.632196][ T5913] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1129.655176][ T5913] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1129.724529][ T5913] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1129.733438][ T5913] usb 6-1: media controller created
[ 1129.748609][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1129.860957][ T5913] az6027: usb out operation failed. (-71)
[ 1129.876725][ T5913] az6027: usb out operation failed. (-71)
[ 1129.882558][ T5913] stb0899_attach: Driver disabled by Kconfig
[ 1129.888766][ T5913] az6027: no front-end attached
[ 1129.888766][ T5913] 
[ 1129.897860][ T5913] az6027: usb out operation failed. (-71)
[ 1129.903607][ T5913] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1129.911757][ T5913] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input192
[ 1129.941229][ T5913] dvb-usb: schedule remote query interval to 400 msecs.
[ 1129.948452][ T5913] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1129.957981][T22360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4614'.
[ 1129.983348][T22360] sp0: Synchronizing with TNC
[ 1129.990015][ T5913] usb 6-1: USB disconnect, device number 8
[ 1130.016139][ T5913] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1130.309005][   T29] audit: type=1326 audit(1735418624.037:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.342638][   T29] audit: type=1326 audit(1735418624.037:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.365330][   T29] audit: type=1326 audit(1735418624.037:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.392679][   T29] audit: type=1326 audit(1735418624.037:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.414815][   T29] audit: type=1326 audit(1735418624.037:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.446499][   T29] audit: type=1326 audit(1735418624.037:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.468432][   T29] audit: type=1326 audit(1735418624.037:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.490221][   T29] audit: type=1326 audit(1735418624.037:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.511914][   T29] audit: type=1326 audit(1735418624.037:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f522df85d29 code=0x7ffc0000
[ 1130.533577][   T29] audit: type=1326 audit(1735418624.047:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.4.4616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f522df7cce7 code=0x7ffc0000
[ 1130.917952][T22374] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1130.993463][T22380] netlink: 'syz.0.4619': attribute type 3 has an invalid length.
[ 1132.534461][ T5831] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1132.623969][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[ 1132.684966][ T5831] usb 5-1: Using ep0 maxpacket: 32
[ 1132.702624][ T5831] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1132.722023][ T5831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.772158][ T5831] usb 5-1: config 0 descriptor??
[ 1133.204073][ T5865] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1133.328049][ T5831] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1133.384447][ T5831] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1133.430635][ T5831] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1133.458147][ T5831] usb 5-1: media controller created
[ 1133.477830][ T5831] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1133.515256][ T5865] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1133.592512][ T5831] az6027: usb out operation failed. (-71)
[ 1133.598584][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.606870][ T5831] az6027: usb out operation failed. (-71)
[ 1133.612609][ T5831] stb0899_attach: Driver disabled by Kconfig
[ 1133.619067][ T5831] az6027: no front-end attached
[ 1133.619067][ T5831] 
[ 1133.626910][ T5865] usb 3-1: config 0 descriptor??
[ 1133.639972][ T5865] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1133.656063][ T5831] az6027: usb out operation failed. (-71)
[ 1133.661854][ T5831] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1133.671136][ T5831] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input193
[ 1133.684576][ T5831] dvb-usb: schedule remote query interval to 400 msecs.
[ 1133.691635][ T5831] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1134.042346][ T5831] usb 5-1: USB disconnect, device number 5
[ 1134.091626][ T5831] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1134.620939][ T5865] cpia1 3-1:0.0: unexpected state after lo power cmd: d0
[ 1135.033958][ T5868] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[ 1135.475161][ T5868] usb 5-1: config 0 has an invalid interface number: 80 but max is 0
[ 1135.491499][ T5868] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 1135.500339][ T5868] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1135.510426][ T5868] usb 5-1: config 0 has no interface number 0
[ 1135.516768][ T5868] usb 5-1: config 0 interface 80 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1135.527585][ T5868] usb 5-1: config 0 interface 80 altsetting 0 endpoint 0x9 has invalid maxpacket 1024, setting to 1023
[ 1135.538820][ T5868] usb 5-1: config 0 interface 80 altsetting 0 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[ 1135.549774][ T5868] usb 5-1: New USB device found, idVendor=22b8, idProduct=4224, bcdDevice=2b.2d
[ 1135.558878][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.568670][ T5868] usb 5-1: config 0 descriptor??
[ 1135.664502][ T5865] gspca_cpia1: usb_control_msg 01, error -110
[ 1135.670838][ T5865] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1135.788054][T22446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.804235][T22446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1136.508451][ T5865] usb 3-1: USB disconnect, device number 30
[ 1136.613996][T22471] syz.4.4641 (22471): /proc/22445/oom_adj is deprecated, please use /proc/22445/oom_score_adj instead.
[ 1137.983086][T22485] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4649'.
[ 1138.885882][ T5865] usb 5-1: USB disconnect, device number 6
[ 1139.004013][ T5868] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1139.304941][T22500] input: syz0 as /devices/virtual/input/input194
[ 1139.382570][T22507] cgroup: Bad value for 'name'
[ 1139.413934][   T25] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1139.434983][ T5868] usb 3-1: Using ep0 maxpacket: 32
[ 1139.442317][ T5868] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1139.458061][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.483401][ T5868] usb 3-1: config 0 descriptor??
[ 1139.503557][ T5868] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1139.583919][   T25] usb 6-1: Using ep0 maxpacket: 32
[ 1139.604633][   T25] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1139.614466][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.641432][   T25] usb 6-1: config 0 descriptor??
[ 1139.850568][   T25] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1139.880859][   T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1139.998563][   T25] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1140.005913][   T25] usb 6-1: media controller created
[ 1140.334766][T22521] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4661'.
[ 1140.711829][ T5868] gspca_vc032x: reg_w err -71
[ 1140.714422][   T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1140.716585][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.730189][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.735682][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.740978][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.746294][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.752028][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.757538][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.762826][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.768197][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.773491][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.778847][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.784190][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.789480][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.794826][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.800116][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.805449][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.811845][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.817293][ T5868] gspca_vc032x: I2c Bus Busy Wait 00
[ 1140.822604][ T5868] gspca_vc032x: Unknown sensor...
[ 1140.827716][ T5868] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[ 1140.887599][ T5868] usb 3-1: USB disconnect, device number 31
[ 1140.984891][   T25] az6027: usb out operation failed. (-71)
[ 1140.992502][   T25] az6027: usb out operation failed. (-71)
[ 1140.998579][   T25] stb0899_attach: Driver disabled by Kconfig
[ 1141.009156][   T25] az6027: no front-end attached
[ 1141.009156][   T25] 
[ 1141.049001][   T25] az6027: usb out operation failed. (-71)
[ 1141.059598][   T25] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1141.072906][   T25] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input195
[ 1141.087535][   T25] dvb-usb: schedule remote query interval to 400 msecs.
[ 1141.095423][   T25] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1141.109302][T22525] kvm: kvm [22524]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x56e00000000
[ 1141.117618][   T25] usb 6-1: USB disconnect, device number 9
[ 1141.158012][   T25] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1141.321590][T22540] input: syz0 as /devices/virtual/input/input196
[ 1143.486260][   T29] kauditd_printk_skb: 240 callbacks suppressed
[ 1143.486279][   T29] audit: type=1400 audit(1735418637.217:529): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22580 comm="syz.5.4678" daddr=::ffff:172.20.20.0
[ 1143.665965][T22592] input: syz0 as /devices/virtual/input/input197
[ 1143.683996][ T5865] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[ 1143.834300][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[ 1143.901101][ T5865] usb 3-1: config 0 has an invalid interface number: 74 but max is 0
[ 1143.904341][ T5867] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1143.910292][ T5865] usb 3-1: config 0 has no interface number 0
[ 1143.993633][ T5865] usb 3-1: config 0 interface 74 has no altsetting 0
[ 1144.085457][ T5865] usb 3-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=f6.7d
[ 1144.094873][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1144.103557][ T5865] usb 3-1: Product: syz
[ 1144.108642][ T5865] usb 3-1: Manufacturer: syz
[ 1144.113298][ T5865] usb 3-1: SerialNumber: syz
[ 1144.127898][ T5865] usb 3-1: config 0 descriptor??
[ 1144.138167][ T5865] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state.
[ 1144.153871][ T5865] usb 3-1: setting power ON
[ 1144.163926][ T5865] dvb-usb: bulk message failed: -22 (2/0)
[ 1144.178792][ T5865] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1144.203016][ T5865] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19)
[ 1144.223532][ T5865] dvb_usb_cxusb 3-1:0.74: probe with driver dvb_usb_cxusb failed with error -22
[ 1144.324049][ T5867] usb 5-1: Using ep0 maxpacket: 32
[ 1144.330769][ T5867] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1144.339895][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1144.364210][ T5867] usb 5-1: config 0 descriptor??
[ 1144.532202][ T5865] usb 3-1: USB disconnect, device number 32
[ 1144.560998][   T29] audit: type=1400 audit(1735418638.287:530): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22599 comm="syz.3.4685" daddr=::ffff:172.20.20.0
[ 1144.627227][ T5867] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1144.653388][ T5867] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1144.681302][ T5867] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1144.699479][ T5867] usb 5-1: media controller created
[ 1144.722631][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1144.850235][ T5867] az6027: usb out operation failed. (-71)
[ 1144.859482][ T5867] az6027: usb out operation failed. (-71)
[ 1144.874970][ T5867] stb0899_attach: Driver disabled by Kconfig
[ 1144.888219][ T5867] az6027: no front-end attached
[ 1144.888219][ T5867] 
[ 1144.896250][ T5867] az6027: usb out operation failed. (-71)
[ 1144.902290][ T5867] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1144.916211][ T5867] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input198
[ 1144.929046][ T5867] dvb-usb: schedule remote query interval to 400 msecs.
[ 1144.936104][ T5867] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1144.961625][ T5867] usb 5-1: USB disconnect, device number 7
[ 1145.010319][ T5867] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1145.630458][T22627] binder: 22626:22627 ioctl c0306201 0 returned -14
[ 1146.246343][T22632] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4692'.
[ 1146.255519][T22632] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4692'.
[ 1146.378898][ T5867] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1146.675625][ T5867] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[ 1146.684726][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.692689][ T5867] usb 6-1: Product: syz
[ 1146.696895][ T5867] usb 6-1: Manufacturer: syz
[ 1146.701493][ T5867] usb 6-1: SerialNumber: syz
[ 1146.758409][ T5867] r8152-cfgselector 6-1: Unknown version 0x0000
[ 1146.764993][ T5867] r8152-cfgselector 6-1: config 0 descriptor??
[ 1147.789404][ T5867] r8152-cfgselector 6-1: USB disconnect, device number 10
[ 1147.887740][T22649] binder: BINDER_SET_CONTEXT_MGR already set
[ 1147.893760][T22649] binder: 22648:22649 ioctl 4018620d 20000040 returned -16
[ 1148.272529][   T29] audit: type=1400 audit(1735418641.967:531): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22660 comm="syz.4.4699" daddr=::ffff:172.20.20.0
[ 1148.508833][T22679] FAULT_INJECTION: forcing a failure.
[ 1148.508833][T22679] name failslab, interval 1, probability 0, space 0, times 0
[ 1148.521569][T22679] CPU: 1 UID: 0 PID: 22679 Comm: syz.0.4701 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1148.532344][T22679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1148.542406][T22679] Call Trace:
[ 1148.545691][T22679]  <TASK>
[ 1148.548626][T22679]  dump_stack_lvl+0x241/0x360
[ 1148.553320][T22679]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1148.558532][T22679]  ? __pfx__printk+0x10/0x10
[ 1148.563130][T22679]  ? __pfx___might_resched+0x10/0x10
[ 1148.568435][T22679]  should_fail_ex+0x3b0/0x4e0
[ 1148.573128][T22679]  should_failslab+0xac/0x100
[ 1148.577823][T22679]  __kmalloc_cache_noprof+0x70/0x390
[ 1148.583115][T22679]  ? mpi_alloc+0x52/0x140
[ 1148.587458][T22679]  mpi_alloc+0x52/0x140
[ 1148.591622][T22679]  mpi_read_raw_data+0x169/0x970
[ 1148.596580][T22679]  ? crypto_dh_decode_key+0x362/0x690
[ 1148.601969][T22679]  dh_set_secret+0x1e6/0x460
[ 1148.606571][T22679]  ? __pfx_dh_set_secret+0x10/0x10
[ 1148.611692][T22679]  ? crypto_create_tfm_node+0x1fb/0x3d0
[ 1148.617249][T22679]  ? crypto_alloc_tfm_node+0x332/0x360
[ 1148.622720][T22679]  __keyctl_dh_compute+0x64c/0xf50
[ 1148.627848][T22679]  ? rcu_is_watching+0x15/0xb0
[ 1148.632625][T22679]  ? lock_release+0xbf/0xa30
[ 1148.637225][T22679]  ? __pfx___keyctl_dh_compute+0x10/0x10
[ 1148.642869][T22679]  ? lock_release+0xbf/0xa30
[ 1148.647464][T22679]  ? __pfx_lock_release+0x10/0x10
[ 1148.652496][T22679]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1148.658836][T22679]  ? rcu_is_watching+0x15/0xb0
[ 1148.663627][T22679]  ? __schedule+0x1803/0x4be0
[ 1148.668323][T22679]  keyctl_dh_compute+0x107/0x160
[ 1148.673278][T22679]  ? __pfx_keyctl_dh_compute+0x10/0x10
[ 1148.678762][T22679]  ? __pfx___schedule+0x10/0x10
[ 1148.683653][T22679]  ? vfs_write+0x730/0xd30
[ 1148.688077][T22679]  __se_sys_keyctl+0x3f3/0x910
[ 1148.692862][T22679]  ? __pfx___se_sys_keyctl+0x10/0x10
[ 1148.698201][T22679]  ? rcu_is_watching+0x15/0xb0
[ 1148.702983][T22679]  ? trace_irq_disable+0x3b/0x120
[ 1148.708022][T22679]  ? preempt_schedule_irq+0x144/0x1c0
[ 1148.713409][T22679]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1148.719133][T22679]  ? __fget_files+0x2a/0x410
[ 1148.723717][T22679]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1148.730065][T22679]  ? rcu_is_watching+0x15/0xb0
[ 1148.734850][T22679]  ? trace_irq_enable+0x2c/0x120
[ 1148.739790][T22679]  ? __x64_sys_keyctl+0x20/0xc0
[ 1148.744634][T22679]  do_syscall_64+0xf3/0x230
[ 1148.749149][T22679]  ? clear_bhb_loop+0x35/0x90
[ 1148.753819][T22679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1148.759741][T22679] RIP: 0033:0x7f801a985d29
[ 1148.764159][T22679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1148.783769][T22679] RSP: 002b:00007f80187f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1148.792200][T22679] RAX: ffffffffffffffda RBX: 00007f801ab76160 RCX: 00007f801a985d29
[ 1148.800168][T22679] RDX: 00000000200000c0 RSI: 0000000020000140 RDI: 0000000000000017
[ 1148.808156][T22679] RBP: 00007f80187f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1148.816115][T22679] R10: fffffffffffffe4f R11: 0000000000000246 R12: 0000000000000001
[ 1148.824076][T22679] R13: 0000000000000000 R14: 00007f801ab76160 R15: 00007ffcba4caca8
[ 1148.832041][T22679]  </TASK>
[ 1150.115831][T22691] netlink: 376 bytes leftover after parsing attributes in process `syz.5.4704'.
[ 1151.306928][T22727] ntfs3(nullb0): Primary boot signature is not NTFS.
[ 1151.313734][T22727] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[ 1151.323310][T22727] bridge0: port 3(erspan0) entered blocking state
[ 1151.329807][T22727] bridge0: port 3(erspan0) entered disabled state
[ 1151.333864][ T5831] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1151.336435][T22727] erspan0: entered allmulticast mode
[ 1151.349680][T22727] erspan0: entered promiscuous mode
[ 1151.355813][T22727] bridge0: port 3(erspan0) entered blocking state
[ 1151.362275][T22727] bridge0: port 3(erspan0) entered forwarding state
[ 1151.912803][ T5831] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1151.927337][ T5831] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1151.937536][ T5831] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[ 1151.953081][ T5831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.971864][ T5831] usb 6-1: config 0 descriptor??
[ 1152.437424][ T5831] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[ 1152.444370][ T5831] arvo 0003:1E7D:30D4.000D: unknown main item tag 0x0
[ 1152.453128][ T5831] arvo 0003:1E7D:30D4.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.5-1/input0
[ 1153.822523][T22784] pimreg3: entered allmulticast mode
[ 1153.861777][T22786] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1153.931639][   T29] audit: type=1800 audit(1735418647.657:532): pid=22787 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.4730" name="file1" dev="overlay" ino=2064 res=0 errno=0
[ 1153.951868][ T5831] arvo 0003:1E7D:30D4.000D: couldn't init struct arvo_device
[ 1153.959332][ T5831] arvo 0003:1E7D:30D4.000D: couldn't install keyboard
[ 1153.967243][ T5831] arvo 0003:1E7D:30D4.000D: probe with driver arvo failed with error -71
[ 1153.996383][ T5831] usb 6-1: USB disconnect, device number 11
[ 1154.104147][T22794] FAULT_INJECTION: forcing a failure.
[ 1154.104147][T22794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1154.127295][T22794] CPU: 1 UID: 0 PID: 22794 Comm: syz.4.4733 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1154.138100][T22794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1154.148169][T22794] Call Trace:
[ 1154.151454][T22794]  <TASK>
[ 1154.154396][T22794]  dump_stack_lvl+0x241/0x360
[ 1154.159096][T22794]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1154.164309][T22794]  ? __pfx__printk+0x10/0x10
[ 1154.168913][T22794]  ? ip_mroute_setsockopt+0x15b/0x1190
[ 1154.174390][T22794]  ? __pfx___mutex_lock+0x10/0x10
[ 1154.179431][T22794]  should_fail_ex+0x3b0/0x4e0
[ 1154.184120][T22794]  _copy_from_user+0x2f/0xc0
[ 1154.188699][T22794]  copy_from_sockptr+0x62/0xa0
[ 1154.193452][T22794]  ip_mroute_setsockopt+0x6b0/0x1190
[ 1154.198726][T22794]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[ 1154.204440][T22794]  ? rcu_is_watching+0x15/0xb0
[ 1154.209190][T22794]  ? lock_release+0xbf/0xa30
[ 1154.213764][T22794]  do_ip_setsockopt+0x129f/0x3cd0
[ 1154.218778][T22794]  ? rcu_is_watching+0x15/0xb0
[ 1154.223531][T22794]  ? __pfx_do_ip_setsockopt+0x10/0x10
[ 1154.228904][T22794]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1154.234527][T22794]  ? trace_contention_end+0x3c/0x120
[ 1154.239797][T22794]  ? __pfx_lock_release+0x10/0x10
[ 1154.244807][T22794]  ? rcu_is_watching+0x15/0xb0
[ 1154.249554][T22794]  ? lock_release+0xbf/0xa30
[ 1154.254128][T22794]  ip_setsockopt+0x63/0x100
[ 1154.258615][T22794]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1154.264496][T22794]  do_sock_setsockopt+0x3af/0x720
[ 1154.269513][T22794]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1154.275047][T22794]  ? __fget_files+0x395/0x410
[ 1154.279705][T22794]  ? __fget_files+0x2a/0x410
[ 1154.284292][T22794]  __x64_sys_setsockopt+0x1ee/0x280
[ 1154.289495][T22794]  do_syscall_64+0xf3/0x230
[ 1154.293987][T22794]  ? clear_bhb_loop+0x35/0x90
[ 1154.298644][T22794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.304523][T22794] RIP: 0033:0x7f522df85d29
[ 1154.308918][T22794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1154.328514][T22794] RSP: 002b:00007f522ed30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1154.336919][T22794] RAX: ffffffffffffffda RBX: 00007f522e175fa0 RCX: 00007f522df85d29
[ 1154.344875][T22794] RDX: 00000000000000ca RSI: 0000000000000000 RDI: 0000000000000006
[ 1154.352829][T22794] RBP: 00007f522ed30090 R08: 0000000000000010 R09: 0000000000000000
[ 1154.360783][T22794] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[ 1154.368738][T22794] R13: 0000000000000000 R14: 00007f522e175fa0 R15: 00007ffee53f2568
[ 1154.376697][T22794]  </TASK>
[ 1155.005750][ T5834] Bluetooth: hci6: sending frame failed (-49)
[ 1155.011936][ T5827] Bluetooth: hci6: Opcode 0x1003 failed: -49
[ 1155.143869][ T5831] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1155.293862][ T5831] usb 3-1: Using ep0 maxpacket: 32
[ 1155.304930][ T5831] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 1155.314343][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.334588][ T5831] usb 3-1: config 0 descriptor??
[ 1155.432724][ T5831] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 1155.734475][   T29] audit: type=1400 audit(1735418649.457:533): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22805 comm="syz.2.4738"
[ 1155.838258][T22839] FAULT_INJECTION: forcing a failure.
[ 1155.838258][T22839] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1155.851758][T22839] CPU: 1 UID: 0 PID: 22839 Comm: syz.4.4749 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1155.862538][T22839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1155.872591][T22839] Call Trace:
[ 1155.875852][T22839]  <TASK>
[ 1155.878764][T22839]  dump_stack_lvl+0x241/0x360
[ 1155.883428][T22839]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1155.888606][T22839]  ? __pfx__printk+0x10/0x10
[ 1155.893178][T22839]  ? try_to_wake_up+0x959/0x1470
[ 1155.898095][T22839]  should_fail_ex+0x3b0/0x4e0
[ 1155.902770][T22839]  prepare_alloc_pages+0x1da/0x5b0
[ 1155.907890][T22839]  __alloc_pages_noprof+0x16f/0x710
[ 1155.913083][T22839]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 1155.918797][T22839]  ? wake_up_q+0xdc/0x120
[ 1155.923122][T22839]  ? rcu_is_watching+0x15/0xb0
[ 1155.927879][T22839]  alloc_pages_mpol_noprof+0x3e8/0x680
[ 1155.933340][T22839]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 1155.939313][T22839]  ? xas_start+0x3f8/0x7b0
[ 1155.943719][T22839]  ? xas_load+0x24/0x5c0
[ 1155.947958][T22839]  ? xas_load+0x59b/0x5c0
[ 1155.952278][T22839]  folio_alloc_noprof+0x128/0x180
[ 1155.957295][T22839]  filemap_alloc_folio_noprof+0xdf/0x500
[ 1155.962926][T22839]  ? filemap_get_entry+0x123/0x3b0
[ 1155.968034][T22839]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[ 1155.974266][T22839]  ? do_sync_mmap_readahead+0x3b5/0x970
[ 1155.979800][T22839]  ? __pfx_down_read+0x10/0x10
[ 1155.984556][T22839]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[ 1155.990437][T22839]  ? count_memcg_event_mm+0x90/0x420
[ 1155.995709][T22839]  __filemap_get_folio+0x41f/0x940
[ 1156.000818][T22839]  filemap_fault+0xb78/0x1490
[ 1156.005485][T22839]  ? lock_release+0xbf/0xa30
[ 1156.010062][T22839]  ? __pfx_filemap_fault+0x10/0x10
[ 1156.015167][T22839]  ? ___pte_offset_map+0x2c4/0x380
[ 1156.020268][T22839]  ? __pfx_lock_release+0x10/0x10
[ 1156.025280][T22839]  ? lock_release+0xbf/0xa30
[ 1156.029857][T22839]  ? __update_load_avg_se+0x6cf/0xb50
[ 1156.035224][T22839]  __do_fault+0x135/0x390
[ 1156.039542][T22839]  handle_pte_fault+0xfcf/0x5ed0
[ 1156.044474][T22839]  ? rcu_is_watching+0x15/0xb0
[ 1156.049230][T22839]  ? lock_acquire+0xe3/0x550
[ 1156.053813][T22839]  ? __pfx_handle_pte_fault+0x10/0x10
[ 1156.059196][T22839]  ? rcu_is_watching+0x15/0xb0
[ 1156.063977][T22839]  ? do_raw_spin_lock+0x14f/0x370
[ 1156.069007][T22839]  ? kvm_sched_clock_read+0x11/0x20
[ 1156.074204][T22839]  ? xfd_validate_state+0x6e/0x150
[ 1156.079312][T22839]  ? rcu_is_watching+0x15/0xb0
[ 1156.084067][T22839]  ? lock_release+0xbf/0xa30
[ 1156.088649][T22839]  ? __pfx_lock_acquire+0x10/0x10
[ 1156.093660][T22839]  ? sched_clock_cpu+0x76/0x490
[ 1156.098505][T22839]  ? __pfx_lock_release+0x10/0x10
[ 1156.103522][T22839]  handle_mm_fault+0x1053/0x1ad0
[ 1156.108461][T22839]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1156.113734][T22839]  ? __mutex_trylock_common+0x183/0x2e0
[ 1156.119280][T22839]  ? lock_mm_and_find_vma+0x9c/0x2f0
[ 1156.124561][T22839]  exc_page_fault+0x2b9/0x8b0
[ 1156.129236][T22839]  ? __pfx___might_resched+0x10/0x10
[ 1156.134517][T22839]  asm_exc_page_fault+0x26/0x30
[ 1156.139360][T22839] RIP: 0010:rep_movs_alternative+0x4a/0x70
[ 1156.145158][T22839] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[ 1156.164753][T22839] RSP: 0018:ffffc9000c6479e8 EFLAGS: 00050202
[ 1156.170813][T22839] RAX: ffffffff84ba7501 RBX: 00000000200014d0 RCX: 0000000000000050
[ 1156.178776][T22839] RDX: 0000000000000000 RSI: ffff888022ac4390 RDI: 0000000020001480
[ 1156.186737][T22839] RBP: ffffc9000c647ec8 R08: ffff888022ac43df R09: 1ffff1100455887b
[ 1156.194702][T22839] R10: dffffc0000000000 R11: ffffed100455887c R12: 0000000000000050
[ 1156.202662][T22839] R13: 00007ffffffff000 R14: ffff888022ac4390 R15: 0000000020001480
[ 1156.210630][T22839]  ? _copy_from_user+0x41/0xc0
[ 1156.215394][T22839]  _copy_to_user+0x8b/0xb0
[ 1156.219800][T22839]  cec_ioctl+0x17d4/0x3380
[ 1156.224209][T22839]  ? rcu_is_watching+0x15/0xb0
[ 1156.228966][T22839]  ? __pfx_cec_ioctl+0x10/0x10
[ 1156.233718][T22839]  ? lock_release+0xbf/0xa30
[ 1156.238296][T22839]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1156.244613][T22839]  ? __pfx_lock_release+0x10/0x10
[ 1156.249629][T22839]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1156.255698][T22839]  ? tomoyo_path_number_perm+0x679/0x860
[ 1156.261325][T22839]  ? tomoyo_path_number_perm+0x679/0x860
[ 1156.266943][T22839]  ? tomoyo_path_number_perm+0x6f9/0x860
[ 1156.272564][T22839]  ? tomoyo_path_number_perm+0x206/0x860
[ 1156.278191][T22839]  ? smack_log+0x123/0x540
[ 1156.282604][T22839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1156.288574][T22839]  ? __pfx_smack_log+0x10/0x10
[ 1156.293334][T22839]  ? smk_access+0x4ab/0x4e0
[ 1156.297830][T22839]  ? smk_tskacc+0x300/0x370
[ 1156.302328][T22839]  ? smack_file_ioctl+0x2f7/0x3a0
[ 1156.307338][T22839]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1156.312708][T22839]  ? __fget_files+0x2a/0x410
[ 1156.317290][T22839]  ? __fget_files+0x2a/0x410
[ 1156.321866][T22839]  ? __pfx_cec_ioctl+0x10/0x10
[ 1156.326623][T22839]  __se_sys_ioctl+0xf5/0x170
[ 1156.331202][T22839]  do_syscall_64+0xf3/0x230
[ 1156.335696][T22839]  ? clear_bhb_loop+0x35/0x90
[ 1156.340359][T22839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1156.346241][T22839] RIP: 0033:0x7f522df85d29
[ 1156.350643][T22839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1156.370237][T22839] RSP: 002b:00007f522ed30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1156.378646][T22839] RAX: ffffffffffffffda RBX: 00007f522e175fa0 RCX: 00007f522df85d29
[ 1156.386610][T22839] RDX: 0000000020001480 RSI: 00000000c0506107 RDI: 0000000000000007
[ 1156.394570][T22839] RBP: 00007f522ed30090 R08: 0000000000000000 R09: 0000000000000000
[ 1156.402532][T22839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1156.410488][T22839] R13: 0000000000000000 R14: 00007f522e175fa0 R15: 00007ffee53f2568
[ 1156.418453][T22839]  </TASK>
[ 1156.763074][T22855] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1156.793327][T22845] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4751'.
[ 1156.884269][ T5831] gspca_sq930x: reg_w 0105 bf00 failed -71
[ 1156.944380][ T5831] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[ 1156.964201][ T5831] usb 3-1: USB disconnect, device number 33
[ 1157.053899][ T5913] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1157.213931][ T5913] usb 6-1: Using ep0 maxpacket: 16
[ 1157.221381][ T5913] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.234556][ T5913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1157.245743][ T5913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1157.261740][ T5913] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1157.271695][ T5913] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1157.285592][ T5913] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1157.295654][ T5913] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1157.303704][ T5913] usb 6-1: Manufacturer: syz
[ 1157.310300][ T5913] usb 6-1: config 0 descriptor??
[ 1158.395317][ T5913] rc_core: IR keymap rc-hauppauge not found
[ 1158.401478][ T5913] Registered IR keymap rc-empty
[ 1158.435833][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.474028][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.507554][ T5913] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1158.532174][ T5913] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input199
[ 1158.546526][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.566410][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.593978][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.622048][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.822794][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.886362][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1158.913965][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1159.064510][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1159.166235][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1159.184179][ T5913] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1159.204666][ T5913] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1159.213967][ T5913] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1159.243716][ T5913] usb 6-1: USB disconnect, device number 12
[ 1159.372805][T22896] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1159.954002][   T29] audit: type=1400 audit(1735418653.517:534): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22904 comm="syz.4.4768" daddr=::ffff:172.20.20.0
[ 1160.394688][T22912] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4769'.
[ 1160.564519][   T29] audit: type=1400 audit(1735418654.297:535): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22913 comm="syz.4.4771" daddr=::ffff:172.20.20.0
[ 1160.827553][T22924] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4774'.
[ 1162.045061][T22934] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1162.704142][   T29] audit: type=1400 audit(1735418656.387:536): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22945 comm="syz.3.4781" daddr=::ffff:172.20.20.0
[ 1163.270305][   T29] audit: type=1400 audit(1735418656.997:537): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22958 comm="syz.3.4786" daddr=::ffff:172.20.20.0
[ 1163.732212][T22967] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1164.081761][T22980] FAULT_INJECTION: forcing a failure.
[ 1164.081761][T22980] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1164.125775][T22980] CPU: 1 UID: 0 PID: 22980 Comm: syz.4.4791 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1164.136577][T22980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1164.146642][T22980] Call Trace:
[ 1164.149932][T22980]  <TASK>
[ 1164.152853][T22980]  dump_stack_lvl+0x241/0x360
[ 1164.157526][T22980]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1164.162735][T22980]  ? __pfx__printk+0x10/0x10
[ 1164.167322][T22980]  ? __pfx_lock_release+0x10/0x10
[ 1164.172341][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.177102][T22980]  should_fail_ex+0x3b0/0x4e0
[ 1164.181779][T22980]  _copy_to_iter+0x1f8/0x1c50
[ 1164.186461][T22980]  ? __pfx_lock_release+0x10/0x10
[ 1164.191482][T22980]  ? __pfx_sk_busy_loop_end+0x10/0x10
[ 1164.196855][T22980]  ? __pfx__copy_to_iter+0x10/0x10
[ 1164.201962][T22980]  ? __virt_addr_valid+0x183/0x530
[ 1164.207067][T22980]  ? __virt_addr_valid+0x183/0x530
[ 1164.212167][T22980]  ? __virt_addr_valid+0x45f/0x530
[ 1164.217269][T22980]  ? __check_object_size+0x47a/0x730
[ 1164.222552][T22980]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1164.228704][T22980]  __skb_datagram_iter+0x107/0x900
[ 1164.233815][T22980]  ? unwind_get_return_address+0x4d/0x90
[ 1164.239447][T22980]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1164.245069][T22980]  ? _parse_integer_limit+0x1b5/0x200
[ 1164.250450][T22980]  skb_copy_datagram_iter+0xd1/0x250
[ 1164.255738][T22980]  netlink_recvmsg+0x2d0/0x11d0
[ 1164.260589][T22980]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1164.265870][T22980]  ? get_pid_task+0x23/0x1f0
[ 1164.270454][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.275211][T22980]  ? get_pid_task+0x23/0x1f0
[ 1164.279792][T22980]  ? lock_release+0xbf/0xa30
[ 1164.284378][T22980]  ? __pfx_lock_acquire+0x10/0x10
[ 1164.289409][T22980]  ? __pfx_lock_release+0x10/0x10
[ 1164.294434][T22980]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[ 1164.299722][T22980]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1164.305001][T22980]  sock_recvmsg+0x22f/0x280
[ 1164.309503][T22980]  sock_read_iter+0x2c4/0x3d0
[ 1164.314176][T22980]  ? __pfx_sock_read_iter+0x10/0x10
[ 1164.319376][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.324144][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.328899][T22980]  ? bpf_lsm_file_permission+0x9/0x10
[ 1164.334266][T22980]  ? security_file_permission+0x74/0x280
[ 1164.339907][T22980]  vfs_read+0x991/0xb70
[ 1164.344066][T22980]  ? __pfx_vfs_read+0x10/0x10
[ 1164.348821][T22980]  ? __fget_files+0x2a/0x410
[ 1164.353400][T22980]  ? __fget_files+0x2a/0x410
[ 1164.357980][T22980]  ksys_read+0x18f/0x2b0
[ 1164.362220][T22980]  ? __pfx_ksys_read+0x10/0x10
[ 1164.366987][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.371749][T22980]  ? rcu_is_watching+0x15/0xb0
[ 1164.376511][T22980]  do_syscall_64+0xf3/0x230
[ 1164.381023][T22980]  ? clear_bhb_loop+0x35/0x90
[ 1164.385697][T22980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1164.391584][T22980] RIP: 0033:0x7f522df85d29
[ 1164.395993][T22980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1164.415613][T22980] RSP: 002b:00007f522ed30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1164.424024][T22980] RAX: ffffffffffffffda RBX: 00007f522e175fa0 RCX: 00007f522df85d29
[ 1164.431988][T22980] RDX: 00000000000000eb RSI: 0000000020000240 RDI: 0000000000000004
[ 1164.439951][T22980] RBP: 00007f522ed30090 R08: 0000000000000000 R09: 0000000000000000
[ 1164.447911][T22980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1164.455873][T22980] R13: 0000000000000000 R14: 00007f522e175fa0 R15: 00007ffee53f2568
[ 1164.463847][T22980]  </TASK>
[ 1165.378063][   T29] audit: type=1400 audit(1735418659.107:538): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=22988 comm="syz.4.4794" daddr=::ffff:172.20.20.0
[ 1165.802345][T23011] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1165.824052][ T5868] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1166.046075][ T5868] usb 3-1: Using ep0 maxpacket: 16
[ 1166.061174][ T5868] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1166.073416][ T5868] usb 3-1: can't read configurations, error -61
[ 1166.214293][ T5868] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1166.374308][ T5913] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[ 1166.469331][ T5868] usb 3-1: Using ep0 maxpacket: 16
[ 1166.571373][ T5868] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1166.582896][ T5913] usb 5-1: config 0 has an invalid interface number: 109 but max is 0
[ 1166.593860][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1166.604066][ T5868] usb 3-1: can't read configurations, error -61
[ 1166.612629][ T5913] usb 5-1: config 0 has no interface number 0
[ 1166.618884][ T5913] usb 5-1: config 0 interface 109 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[ 1166.630070][ T5913] usb 5-1: config 0 interface 109 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[ 1166.669910][ T5868] usb usb3-port1: attempt power cycle
[ 1166.676873][ T5913] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e
[ 1166.680642][ T5834] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1166.686223][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.698477][ T5834] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1166.708090][ T5913] usb 5-1: Product: syz
[ 1166.709123][ T5834] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1166.720970][ T5834] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1166.723354][ T5913] usb 5-1: Manufacturer: syz
[ 1166.736082][ T5913] usb 5-1: SerialNumber: syz
[ 1166.743934][ T5834] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1166.750317][ T5913] usb 5-1: config 0 descriptor??
[ 1166.751273][ T5834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1166.765748][T23019] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1166.803161][T23026] lo speed is unknown, defaulting to 1000
[ 1167.212392][ T5868] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1167.234442][ T5868] usb 3-1: Using ep0 maxpacket: 16
[ 1167.241932][ T5868] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1167.249720][ T5868] usb 3-1: can't read configurations, error -61
[ 1167.259053][T23026] chnl_net:caif_netlink_parms(): no params data found
[ 1167.382425][T23026] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1167.389820][ T5868] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1167.406972][T23026] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1167.414607][T23026] bridge_slave_0: entered allmulticast mode
[ 1167.421636][T23026] bridge_slave_0: entered promiscuous mode
[ 1167.428228][ T5868] usb 3-1: Using ep0 maxpacket: 16
[ 1167.435820][ T5868] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1167.443575][ T5868] usb 3-1: can't read configurations, error -61
[ 1167.451417][T23026] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1167.458734][ T5868] usb usb3-port1: unable to enumerate USB device
[ 1167.461524][T23026] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1167.475807][T23026] bridge_slave_1: entered allmulticast mode
[ 1167.484317][T23026] bridge_slave_1: entered promiscuous mode
[ 1167.514523][T23026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1167.531708][   T29] audit: type=1400 audit(1735418661.257:539): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=23046 comm="syz.3.4811" daddr=::ffff:172.20.20.0
[ 1167.533023][T23026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1167.577341][T23026] team0: Port device team_slave_0 added
[ 1167.621680][T23026] team0: Port device team_slave_1 added
[ 1167.667393][T23026] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1167.688488][ T5913] ath6kl: Failed to submit usb control message: -71
[ 1167.701804][T23026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1167.727735][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1167.743392][ T5913] ath6kl: unable to send the bmi data to the device: -71
[ 1167.766362][T23026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1167.787496][T23026] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1167.808434][T23026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1167.863000][T23054] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1167.888952][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1168.138612][ T5913] ath6kl: Unable to send get target info: -71
[ 1168.149627][ T5913] ath6kl: Failed to init ath6kl core: -71
[ 1168.160653][T23026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1168.173586][ T5913] ath6kl_usb 5-1:0.109: probe with driver ath6kl_usb failed with error -71
[ 1168.212924][ T5913] usb 5-1: USB disconnect, device number 8
[ 1168.312386][T23026] hsr_slave_0: entered promiscuous mode
[ 1168.364886][T23026] hsr_slave_1: entered promiscuous mode
[ 1168.371094][T23026] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1168.383212][T23026] Cannot create hsr debugfs directory
[ 1168.863997][ T5834] Bluetooth: hci6: command tx timeout
[ 1168.888435][T23060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4814'.
[ 1169.782833][T23026] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1169.798485][T23026] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1169.817780][T23026] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1169.827429][T23026] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1169.951869][T23026] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1169.978972][T23026] 8021q: adding VLAN 0 to HW filter on device team0
[ 1169.997929][ T3538] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1170.005026][ T3538] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1170.034612][T23026] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1170.047153][T23026] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1170.096488][T17126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1170.103616][T17126] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1170.316506][T23089] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1170.373590][T23087] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1170.676789][T23026] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1170.801472][T23107] FAULT_INJECTION: forcing a failure.
[ 1170.801472][T23107] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.814425][T23107] CPU: 0 UID: 0 PID: 23107 Comm: syz.4.4828 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1170.825172][T23107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1170.835208][T23107] Call Trace:
[ 1170.838470][T23107]  <TASK>
[ 1170.841383][T23107]  dump_stack_lvl+0x241/0x360
[ 1170.846051][T23107]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1170.851241][T23107]  ? __pfx__printk+0x10/0x10
[ 1170.855821][T23107]  ? __pfx___might_resched+0x10/0x10
[ 1170.861095][T23107]  ? lock_release+0xbf/0xa30
[ 1170.865669][T23107]  should_fail_ex+0x3b0/0x4e0
[ 1170.870337][T23107]  should_failslab+0xac/0x100
[ 1170.875012][T23107]  __kmalloc_cache_noprof+0x70/0x390
[ 1170.880282][T23107]  ? proc_self_get_link+0xe0/0x170
[ 1170.885380][T23107]  proc_self_get_link+0xe0/0x170
[ 1170.890300][T23107]  ? __pfx_proc_self_get_link+0x10/0x10
[ 1170.895828][T23107]  pick_link+0x631/0xd50
[ 1170.900055][T23107]  step_into+0xca9/0x1080
[ 1170.904382][T23107]  ? __d_lookup+0x706/0x7b0
[ 1170.908905][T23107]  ? __pfx_step_into+0x10/0x10
[ 1170.913673][T23107]  ? lookup_fast+0xb5/0x4a0
[ 1170.918159][T23107]  ? bpf_lsm_inode_permission+0x9/0x10
[ 1170.923595][T23107]  ? security_inode_permission+0xbc/0x320
[ 1170.929295][T23107]  link_path_walk+0x7b7/0xea0
[ 1170.933959][T23107]  path_openat+0x266/0x3590
[ 1170.938442][T23107]  ? __pfx_stack_trace_save+0x10/0x10
[ 1170.943801][T23107]  ? stack_depot_save_flags+0x37/0x940
[ 1170.949250][T23107]  ? __pfx_path_openat+0x10/0x10
[ 1170.954168][T23107]  ? __virt_addr_valid+0x183/0x530
[ 1170.959259][T23107]  ? rcu_is_watching+0x15/0xb0
[ 1170.964004][T23107]  ? __virt_addr_valid+0x183/0x530
[ 1170.969095][T23107]  do_filp_open+0x27f/0x4e0
[ 1170.973577][T23107]  ? __pfx_do_filp_open+0x10/0x10
[ 1170.978582][T23107]  ? do_raw_spin_lock+0x14f/0x370
[ 1170.983594][T23107]  do_sys_openat2+0x13e/0x1d0
[ 1170.988249][T23107]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1170.993424][T23107]  ? __fget_files+0x2a/0x410
[ 1170.997991][T23107]  ? __fget_files+0x2a/0x410
[ 1171.002560][T23107]  __x64_sys_openat+0x247/0x2a0
[ 1171.007388][T23107]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1171.012736][T23107]  ? rcu_is_watching+0x15/0xb0
[ 1171.017484][T23107]  ? rcu_is_watching+0x15/0xb0
[ 1171.022233][T23107]  do_syscall_64+0xf3/0x230
[ 1171.026718][T23107]  ? clear_bhb_loop+0x35/0x90
[ 1171.031372][T23107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1171.037247][T23107] RIP: 0033:0x7f522df84690
[ 1171.041646][T23107] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1171.061231][T23107] RSP: 002b:00007f522ed2ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1171.069625][T23107] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f522df84690
[ 1171.077578][T23107] RDX: 0000000000000002 RSI: 00007f522ed2ffa0 RDI: 00000000ffffff9c
[ 1171.085530][T23107] RBP: 00007f522ed2ffa0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.093481][T23107] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1171.101435][T23107] R13: 0000000000000000 R14: 00007f522e175fa0 R15: 00007ffee53f2568
[ 1171.109391][T23107]  </TASK>
[ 1171.119497][ T5834] Bluetooth: hci6: command tx timeout
[ 1171.173893][ T5913] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1171.308145][T23026] veth0_vlan: entered promiscuous mode
[ 1171.339491][ T5913] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[ 1171.344185][T23026] veth1_vlan: entered promiscuous mode
[ 1171.380208][T23125] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1171.383727][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1171.541777][ T5913] usb 6-1: Product: syz
[ 1171.576846][ T5868] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1171.759261][ T5913] usb 6-1: Manufacturer: syz
[ 1171.775893][ T5913] usb 6-1: SerialNumber: syz
[ 1171.856570][T23026] veth0_macvtap: entered promiscuous mode
[ 1171.856936][ T5913] usb 6-1: config 0 descriptor??
[ 1171.954722][T23026] veth1_macvtap: entered promiscuous mode
[ 1171.963854][ T5868] usb 3-1: Using ep0 maxpacket: 8
[ 1171.970474][ T5868] usb 3-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=14.ec
[ 1171.971091][T23129] overlayfs: missing 'workdir'
[ 1171.993890][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.001177][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.026300][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.028144][ T5868] usb 3-1: config 0 descriptor??
[ 1172.036186][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.052328][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.062215][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.073027][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.093261][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.109097][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.154458][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.171681][ T5913] usb 6-1: ignoring: probably an ADSL modem
[ 1172.179773][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.181486][ T5868] ttusb_dec_send_command: command bulk message failed: error -22
[ 1172.200765][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.202764][ T5868] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22
[ 1172.233316][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.248102][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.258674][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.271340][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.282448][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.295580][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1172.308915][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.322932][T23026] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1172.353101][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.370029][ T5913] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1172.381632][T23120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1172.386888][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.400876][ T5913] usb 6-1: USB disconnect, device number 13
[ 1172.406618][T23120] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1172.421266][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.440455][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.443097][   T25] usb 3-1: USB disconnect, device number 38
[ 1172.468439][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.505694][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.524094][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.544948][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.566704][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.582512][   T29] audit: type=1400 audit(1735418666.307:540): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=23132 comm="syz.4.4836" daddr=::ffff:172.20.20.0
[ 1172.594016][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.624204][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.635852][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.649755][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.661116][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.671295][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.682227][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.692343][T23026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1172.703622][T23026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1172.746456][T23026] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1172.756522][T23026] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1172.765298][T23026] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1172.774312][T23026] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1172.783030][T23026] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1172.831738][ T6003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1172.844927][ T6003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1172.882215][ T6003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1172.892912][ T6003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1173.007480][T23141] tipc: Started in network mode
[ 1173.026857][T23141] tipc: Node identity 0040000000000000002da57107000001, cluster identity 4711
[ 1173.060773][T23141] tipc: Enabling of bearer <udp:sy> rejected, failed to enable media
[ 1173.135757][T23145] xt_l2tp: v2 tid > 0xffff: 262144
[ 1173.184074][ T5834] Bluetooth: hci6: command tx timeout
[ 1173.190234][T23145] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4839'.
[ 1173.415184][T23153] FAULT_INJECTION: forcing a failure.
[ 1173.415184][T23153] name failslab, interval 1, probability 0, space 0, times 0
[ 1173.436416][T23153] CPU: 0 UID: 0 PID: 23153 Comm: syz.2.4841 Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1173.447205][T23153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1173.457269][T23153] Call Trace:
[ 1173.460557][T23153]  <TASK>
[ 1173.463495][T23153]  dump_stack_lvl+0x241/0x360
[ 1173.468191][T23153]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1173.473406][T23153]  ? __pfx__printk+0x10/0x10
[ 1173.478015][T23153]  ? __pfx___might_resched+0x10/0x10
[ 1173.483312][T23153]  ? qrtr_node_enqueue+0x15e/0x13c0
[ 1173.488541][T23153]  should_fail_ex+0x3b0/0x4e0
[ 1173.493240][T23153]  should_failslab+0xac/0x100
[ 1173.497932][T23153]  __kmalloc_cache_noprof+0x70/0x390
[ 1173.503230][T23153]  ? qrtr_node_enqueue+0x22e/0x13c0
[ 1173.508444][T23153]  qrtr_node_enqueue+0x22e/0x13c0
[ 1173.513491][T23153]  ? __copy_skb_header+0x437/0x5b0
[ 1173.518615][T23153]  ? __asan_memcpy+0x40/0x70
[ 1173.523219][T23153]  ? __copy_skb_header+0x437/0x5b0
[ 1173.528351][T23153]  ? __pfx_qrtr_node_enqueue+0x10/0x10
[ 1173.533822][T23153]  ? __pskb_copy_fclone+0x9a1/0x10c0
[ 1173.539120][T23153]  ? skb_set_owner_w+0x246/0x380
[ 1173.544072][T23153]  qrtr_bcast_enqueue+0x135/0x1c0
[ 1173.549118][T23153]  qrtr_sendmsg+0x806/0xc30
[ 1173.553638][T23153]  ? __pfx_qrtr_bcast_enqueue+0x10/0x10
[ 1173.559203][T23153]  ? __pfx_qrtr_sendmsg+0x10/0x10
[ 1173.564242][T23153]  ? __pfx_lock_acquire+0x10/0x10
[ 1173.569280][T23153]  ? __pfx_qrtr_sendmsg+0x10/0x10
[ 1173.574322][T23153]  __sock_sendmsg+0x221/0x270
[ 1173.579021][T23153]  sock_write_iter+0x2d7/0x3f0
[ 1173.583805][T23153]  ? __pfx_sock_write_iter+0x10/0x10
[ 1173.589098][T23153]  ? rcu_is_watching+0x15/0xb0
[ 1173.593880][T23153]  ? rcu_is_watching+0x15/0xb0
[ 1173.598656][T23153]  ? bpf_lsm_file_permission+0x9/0x10
[ 1173.604042][T23153]  ? security_file_permission+0x74/0x280
[ 1173.609684][T23153]  vfs_write+0xaeb/0xd30
[ 1173.613941][T23153]  ? __pfx_sock_write_iter+0x10/0x10
[ 1173.619241][T23153]  ? __pfx_vfs_write+0x10/0x10
[ 1173.624015][T23153]  ? __fget_files+0x2a/0x410
[ 1173.628612][T23153]  ? __fget_files+0x2a/0x410
[ 1173.633213][T23153]  ksys_write+0x18f/0x2b0
[ 1173.637555][T23153]  ? __pfx_ksys_write+0x10/0x10
[ 1173.642416][T23153]  ? rcu_is_watching+0x15/0xb0
[ 1173.647190][T23153]  ? rcu_is_watching+0x15/0xb0
[ 1173.651966][T23153]  do_syscall_64+0xf3/0x230
[ 1173.656483][T23153]  ? clear_bhb_loop+0x35/0x90
[ 1173.661166][T23153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.667075][T23153] RIP: 0033:0x7f211a185d29
[ 1173.671499][T23153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1173.691118][T23153] RSP: 002b:00007f211afe0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1173.699547][T23153] RAX: ffffffffffffffda RBX: 00007f211a375fa0 RCX: 00007f211a185d29
[ 1173.707529][T23153] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[ 1173.715509][T23153] RBP: 00007f211afe0090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.723485][T23153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1173.731462][T23153] R13: 0000000000000000 R14: 00007f211a375fa0 R15: 00007fff6ad56108
[ 1173.739449][T23153]  </TASK>
[ 1173.934029][T23159] nfs4: Unknown parameter '
dev/cpu/#/msr'
[ 1174.212769][T23164] input: syz0 as /devices/virtual/input/input200
[ 1174.339957][T23166] netlink: 'syz.3.4843': attribute type 1 has an invalid length.
[ 1174.454046][ T5913] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1174.583693][   T29] audit: type=1400 audit(1735418668.307:541): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=23171 comm="syz.6.4849" daddr=::ffff:172.20.20.0
[ 1174.676327][ T5913] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1174.689212][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.741550][ T5913] usb 3-1: config 0 descriptor??
[ 1174.794677][ T5913] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1175.336950][ T5834] Bluetooth: hci6: command tx timeout
[ 1175.595924][ T5913] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[ 1175.858210][T23189] tipc: Trying to set illegal importance in message
[ 1175.881281][   T29] audit: type=1326 audit(1735418669.607:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23195 comm="syz.4.4857" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f522df85d29 code=0x0
[ 1176.214018][   T58] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1176.469844][ T5913] gspca_cpia1: usb_control_msg 01, error -71
[ 1176.482096][ T5913] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[ 1176.528939][   T58] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1176.542287][ T5913] usb 3-1: USB disconnect, device number 39
[ 1176.554541][   T58] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1176.564704][   T58] usb 6-1: config 1 interface 0 altsetting 9 endpoint 0x3 has invalid maxpacket 1381, setting to 1024
[ 1176.575830][   T58] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1176.585792][   T58] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1176.594950][   T58] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1176.604064][   T58] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1176.612612][   T58] usb 6-1: Product: syz
[ 1176.620740][   T58] usb 6-1: Manufacturer: syz
[ 1176.633889][   T58] usb 6-1: SerialNumber: syz
[ 1176.650598][T23206] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1176.652961][T23222] netlink: 'syz.2.4865': attribute type 11 has an invalid length.
[ 1176.667623][T23206] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1176.743990][T13077] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1176.987850][   T58] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[ 1177.083917][T13077] usb 7-1: Using ep0 maxpacket: 16
[ 1177.093392][T23231] syz.4.4867[23231] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1177.093450][T23231] syz.4.4867[23231] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1177.105848][T13077] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1177.111541][   T58] usb 6-1: USB disconnect, device number 14
[ 1177.125664][T13077] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1177.165465][T13077] usb 7-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00
[ 1177.176910][T23231] syz.4.4867[23231] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1177.177404][T13077] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.242333][T13077] usb 7-1: config 0 descriptor??
[ 1177.251791][T23235] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1177.269464][T23235] overlayfs: failed to set xattr on upper
[ 1177.287374][T23235] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1177.294524][T23235] overlayfs: ...falling back to index=off.
[ 1177.300395][T23235] overlayfs: ...falling back to uuid=null.
[ 1177.307109][T23235] overlayfs: ...falling back to xino=off.
[ 1177.467895][T23216] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4862'.
[ 1177.507828][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.713180][T13077] cypress 0003:04B4:BCA1.000E: unknown main item tag 0x0
[ 1177.724449][T13077] cypress 0003:04B4:BCA1.000E: unknown main item tag 0x0
[ 1177.732410][T23245] vlan1: entered promiscuous mode
[ 1177.750781][T13077] cypress 0003:04B4:BCA1.000E: unknown main item tag 0x0
[ 1177.762774][T23245] bridge0: entered promiscuous mode
[ 1177.781842][T23245] bridge0: port 4(vlan1) entered blocking state
[ 1177.790012][T13077] cypress 0003:04B4:BCA1.000E: unknown main item tag 0x0
[ 1177.804632][T23245] bridge0: port 4(vlan1) entered disabled state
[ 1177.810461][T13077] cypress 0003:04B4:BCA1.000E: unknown main item tag 0x0
[ 1177.818476][T23245] vlan1: entered allmulticast mode
[ 1177.837525][T13077] cypress 0003:04B4:BCA1.000E: hidraw0: USB HID v0.00 Device [HID 04b4:bca1] on usb-dummy_hcd.6-1/input0
[ 1177.858976][T23245] bridge0: entered allmulticast mode
[ 1177.874900][T23245] vlan1: left allmulticast mode
[ 1177.889336][T23245] bridge0: left allmulticast mode
[ 1177.894940][T23245] bridge0: left promiscuous mode
[ 1177.928425][T13077] usb 7-1: USB disconnect, device number 2
[ 1177.993857][   T25] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1178.874782][   T30] INFO: task syz-executor:16001 blocked for more than 144 seconds.
[ 1178.882726][   T30]       Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1178.892732][T23254] tipc: Trying to set illegal importance in message
[ 1178.899427][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1178.927553][   T30] task:syz-executor    state:D stack:20944 pid:16001 tgid:16001 ppid:1      flags:0x00004006
[ 1178.928939][   T25] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1178.950496][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.953753][   T30] Call Trace:
[ 1178.962821][   T25] usb 6-1: config 0 descriptor??
[ 1178.966300][   T30]  <TASK>
[ 1178.971007][   T30]  __schedule+0x17fb/0x4be0
[ 1178.972713][   T25] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1178.976643][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1178.986910][   T30]  ? lock_release+0xbf/0xa30
[ 1178.991575][   T30]  ? __pfx___schedule+0x10/0x10
[ 1178.996522][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.001475][   T30]  ? lock_release+0xbf/0xa30
[ 1179.007208][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1179.012782][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.042919][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1179.058392][   T30]  ? schedule+0x90/0x320
[ 1179.062707][   T30]  schedule+0x14b/0x320
[ 1179.083921][   T30]  io_schedule+0x8d/0x110
[ 1179.093938][   T30]  ? folio_wait_bit_common+0x850/0xee0
[ 1179.109914][   T30]  folio_wait_bit_common+0x839/0xee0
[ 1179.123956][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[ 1179.143413][   T30]  ? find_get_entries+0x7c9/0x900
[ 1179.157733][   T30]  ? __pfx_wake_page_function+0x10/0x10
[ 1179.174550][   T30]  ? __pfx___might_resched+0x10/0x10
[ 1179.280524][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.287360][   T30]  folio_wait_writeback+0xb0/0x100
[ 1179.292719][   T30]  truncate_inode_pages_range+0xc90/0x10e0
[ 1179.326413][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1179.331743][   T30]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1179.338323][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1179.343644][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.348676][   T30]  v9fs_evict_inode+0x1fd/0x360
[ 1179.353746][   T30]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1179.359472][   T30]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[ 1179.382498][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1179.388232][   T30]  ? _raw_spin_unlock+0x28/0x50
[ 1179.393643][   T30]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1179.399363][   T30]  evict+0x4e8/0x9a0
[ 1179.403861][   T30]  ? __pfx_evict+0x10/0x10
[ 1179.408646][   T30]  ? iput+0x713/0xa50
[ 1179.413579][   T30]  __dentry_kill+0x20d/0x630
[ 1179.415877][   T25] cpia1 6-1:0.0: unexpected state after lo power cmd: 00
[ 1179.432468][   T30]  ? dput+0x37/0x2b0
[ 1179.436690][   T30]  dput+0x19f/0x2b0
[ 1179.444105][   T30]  shrink_dcache_for_umount+0xb4/0x180
[ 1179.451954][   T30]  generic_shutdown_super+0x6a/0x2d0
[ 1179.463647][   T30]  kill_anon_super+0x3b/0x70
[ 1179.470608][   T30]  v9fs_kill_super+0x4c/0x90
[ 1179.480979][   T30]  deactivate_locked_super+0xc4/0x130
[ 1179.488543][   T30]  cleanup_mnt+0x41f/0x4b0
[ 1179.493372][   T30]  task_work_run+0x24f/0x310
[ 1179.498409][   T30]  ? __pfx_task_work_run+0x10/0x10
[ 1179.503904][   T30]  ? __x64_sys_umount+0x123/0x170
[ 1179.509191][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.516385][   T30]  syscall_exit_to_user_mode+0x13f/0x340
[ 1179.522262][   T30]  do_syscall_64+0x100/0x230
[ 1179.527193][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1179.532029][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.538339][   T30] RIP: 0033:0x7f0027787057
[ 1179.542921][   T30] RSP: 002b:00007ffdc0742068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1179.551763][   T30] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0027787057
[ 1179.559992][   T30] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdc0742120
[ 1179.569957][   T30] RBP: 00007ffdc0742120 R08: 0000000000000000 R09: 0000000000000000
[ 1179.579441][   T30] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdc07431a0
[ 1179.592411][   T30] R13: 00007f00278018f4 R14: 00007ffdc07431e0 R15: 00000000000000f8
[ 1179.602107][   T30]  </TASK>
[ 1179.612042][   T30] INFO: lockdep is turned off.
[ 1179.696376][   T30] NMI backtrace for cpu 0
[ 1179.700736][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1179.711225][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1179.721285][   T30] Call Trace:
[ 1179.724557][   T30]  <TASK>
[ 1179.727483][   T30]  dump_stack_lvl+0x241/0x360
[ 1179.732175][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1179.737380][   T30]  ? __pfx__printk+0x10/0x10
[ 1179.741964][   T30]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[ 1179.748893][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1179.753836][   T30]  ? rcu_is_watching+0x15/0xb0
[ 1179.758611][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1179.764065][   T30]  ? nmi_trigger_cpumask_backtrace+0x26/0x320
[ 1179.770136][   T30]  ? queued_write_lock_slowpath+0x390/0x44a
[ 1179.776030][   T30]  ? nmi_trigger_cpumask_backtrace+0x26/0x320
[ 1179.782112][   T30]  ? preempt_count_add+0xbd/0x190
[ 1179.787148][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1179.793130][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1179.799105][   T30]  watchdog+0xff6/0x1040
[ 1179.803347][   T30]  ? watchdog+0x1ea/0x1040
[ 1179.807761][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1179.812431][   T30]  kthread+0x2f0/0x390
[ 1179.816503][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1179.821174][   T30]  ? __pfx_kthread+0x10/0x10
[ 1179.825768][   T30]  ret_from_fork+0x4b/0x80
[ 1179.830179][   T30]  ? __pfx_kthread+0x10/0x10
[ 1179.834769][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1179.839521][   T30]  </TASK>
[ 1179.843165][   T30] Sending NMI from CPU 0 to CPUs 1:
[ 1179.848684][    C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30
[ 1179.887996][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1179.894869][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc4-syzkaller-00071-gfd0584d220fe #0
[ 1179.905373][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1179.915415][   T30] Call Trace:
[ 1179.918685][   T30]  <TASK>
[ 1179.921602][   T30]  dump_stack_lvl+0x241/0x360
[ 1179.926274][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1179.931465][   T30]  ? __pfx__printk+0x10/0x10
[ 1179.936042][   T30]  ? vscnprintf+0x5d/0x90
[ 1179.940362][   T30]  panic+0x349/0x880
[ 1179.944243][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1179.950384][   T30]  ? __pfx_panic+0x10/0x10
[ 1179.954791][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1179.960179][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1179.965711][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1179.971074][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1179.977214][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1179.983351][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1179.989495][   T30]  watchdog+0x1035/0x1040
[ 1179.993823][   T30]  ? watchdog+0x1ea/0x1040
[ 1179.998240][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1180.002904][   T30]  kthread+0x2f0/0x390
[ 1180.006961][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1180.011625][   T30]  ? __pfx_kthread+0x10/0x10
[ 1180.016199][   T30]  ret_from_fork+0x4b/0x80
[ 1180.020600][   T30]  ? __pfx_kthread+0x10/0x10
[ 1180.025177][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1180.029938][   T30]  </TASK>
[ 1180.033087][   T30] Kernel Offset: disabled
[ 1180.037403][   T30] Rebooting in 86400 seconds..