last executing test programs:

13m40.684218046s ago: executing program 4 (id=228):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = accept$netrom(0xffffffffffffffff, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1a00"/11, @ANYBLOB="a0"], 0x20)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x5, @loopback, 0x2}, 0x1c)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000100)=0xfffffffd, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)

13m38.862708693s ago: executing program 4 (id=231):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000200))
sendfile(r0, r1, &(0x7f00000003c0)=0x1, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0)
setsockopt(r3, 0x1, 0x10000000000009, &(0x7f00000000c0)="f5c89e1e53ab84ae67f1ecfdeff83f89f93aa8f260c3", 0x16)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x5, @loopback, 0x2}, 0x1c)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000100)=0xfffffffd, 0x4)
connect$inet(r0, 0x0, 0x0)
sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)

13m37.805798853s ago: executing program 4 (id=237):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_clone3(&(0x7f0000001380)={0x20000100, 0x0, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, {0x2f}, &(0x7f0000000380)=""/4096, 0x1041, &(0x7f0000000100)=""/253, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff], 0x2}, 0x58)
syz_open_procfs(r0, &(0x7f0000001400)='net/psched\x00')
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
socketpair$unix(0x1, 0x2, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000000240)=""/91, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r1, 0x8b1b, &(0x7f0000000040))
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
write$rfkill(r2, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x1}, 0x8)

13m36.587200276s ago: executing program 4 (id=239):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x1)
poll(&(0x7f0000000040)=[{r2, 0x40}], 0x1, 0x7)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@dev, @in6=@initdev}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, &(0x7f0000000080)=0xfffffffffffffffa)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000240)=ANY=[], 0x1b0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@ccm_128={{0x303}, "c10588125a262719", "82ed888afa8bcf92e2c7f2921a00ee85", "cb24b4ad", "7da11be2bda6c0d6"}, 0x28)

13m35.207412504s ago: executing program 4 (id=242):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000100)={0x0, 0xf00, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, 0x1, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x800)

13m35.022760409s ago: executing program 4 (id=244):
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x7fffffe, 0x490, 0xf8, 0xffffffff, 0xffffffff, 0xf8, 0xffffffff, 0x3c0, 0xffffffff, 0xffffffff, 0x3c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd8, 0xf8, 0x60030000, {0x0, 0xff000000}, [@common=@frag={{0x30}, {[0x7, 0x8000], 0x80000000, 0x41, 0x3}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x2, 0x1}, {0x2, 0x4, 0x5}, 0x7, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f0)

13m19.430578964s ago: executing program 32 (id=244):
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x7fffffe, 0x490, 0xf8, 0xffffffff, 0xffffffff, 0xf8, 0xffffffff, 0x3c0, 0xffffffff, 0xffffffff, 0x3c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd8, 0xf8, 0x60030000, {0x0, 0xff000000}, [@common=@frag={{0x30}, {[0x7, 0x8000], 0x80000000, 0x41, 0x3}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x2, 0x1}, {0x2, 0x4, 0x5}, 0x7, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f0)

1m45.457619358s ago: executing program 0 (id=2383):
r0 = socket(0x10, 0x3, 0x0)
getsockopt$netlink(r0, 0x10e, 0x8, 0x0, &(0x7f0000000040))
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x7, 0x1, 0x5, 0x0, 0x0, {0xa, 0x0, 0x9}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x850}, 0x81)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x33}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8f}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x2100, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000200)={0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000240)={<r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x2a, 0x2, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x1c, &(0x7f0000000c40)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffffffc0}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000280)={<r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000002c0)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000300)={<r9=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000380)={<r10=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f00000003c0)={<r11=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r2, 0xc01064c4, &(0x7f0000000500)={&(0x7f0000000400)=[r3, 0x0, r7, r8, r9, 0x0, r10, r11], 0x8})

1m44.761310228s ago: executing program 0 (id=2385):
socket$phonet_pipe(0x23, 0x5, 0x2)
unshare(0x20000400)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957608d766cfff5c3a665bd121a2d89", 0x0, 0x0, {0x4, 0x40000a}, {0xce5, 0x8}, 0x5, [0x3, 0x3, 0x5, 0x6, 0x1000000000000000, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x7, 0x80000000, 0x81, 0x10, 0x522586f, 0xfffffffffffffffb, 0x400000000000001]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00')
getdents64(r0, &(0x7f0000001f00)=""/4111, 0x100f)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0xec, 0x9, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x13}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x80}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_EXPR={0x6c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x5c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_LIMIT_TYPE={0x8}, @NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_LIMIT_TYPE={0x8}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x9}]}}}, @NFTA_SET_DESC={0x24, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb}]}]}]}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0xa}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELTABLE={0x118, 0x2, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x70, 0x6, "a305fe3ca7a00cd6617051004354ccf4e3b4e633dee9d00033ac2358a911b375b8e6eeb67afc99cf68157ed5cb6ddbb5c03a9c1f46dcf259c07ca5aabe18a70f97042a164c5c6d3dd87cee279aa00d9ecb947f28bb2f52cadf5e62c9a75ceed87b8474ca9fb36772243da391"}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_USERDATA={0x75, 0x6, "bac522cdd9dedbdfe931f2d0f9b8e9e9a0a1c643ae2a0eaa7913f14712f51dec0d90731877687f3e5be8db60fa9a2f59dd6acec347182040455c7486437f1ecd0ce83d69084ba2d68ea66f6a323bd501f06fc4cafc18d03b3c0fac81e7aa04ee633b7f8767bb7cbbba7804e729a9c608cd"}]}, @NFT_MSG_NEWCHAIN={0x6c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_CHAIN_HOOK={0x4c, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'ip_vti0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3a8f24c3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x66a6ee26}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1c8c651c}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_HOOK_DEV={0x14, 0x3, 'ipvlan1\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x30, 0x8, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x19}]}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}]}, @NFT_MSG_DELRULE={0x28, 0x8, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELFLOWTABLE={0x190, 0x18, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0xe4, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bridge\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1521}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'vlan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6gretap0\x00'}, {0x14, 0x1, 'bridge_slave_1\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth0_to_hsr\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vcan0\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0x44, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_macvtap\x00'}, {0x14, 0x1, 'batadv0\x00'}, {0x14, 0x1, 'netpci0\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x218, 0xb, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_SET_EXPRESSIONS={0x1f4, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0x19c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x188, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_IMMEDIATE_DATA={0xd0, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa2, 0x1, "af269870acd6109ffaa264206f4060f2f22ab09d108f436b8b763983e0214d7bdcaa2f8d6985967a9d343f8e0b16ccfc935813457aad1e9aa8817d4c73aa6471ebd309b9e0112c14c72c98cac2317aeba06270e36cde8eeb056fb5916f5f68e745f2ecdfbcc1eec6f3ebd8f039fa646b50539ed9fcef15ef01f09bf02842908730fb831c2daf3787134e14c3cfa5177b67933e846c320d48f1422cdc5886"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_IMMEDIATE_DATA={0xac, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x86, 0x1, "07ceefa015de2319253c50c0bad99cadc36eb6d652759cb74df5f0a4afd07ddcd938b2eeab36e7720544087bfe5d4a9c52f413aada9695d532005ddbf9096a76d7787f6f4acb4dc595f164f3442ab652835e8ff5a57e10fa89d8d63b6f4cbaeeddda86b60bffd10b8ef93338a22b6b5c160b8d93ca1b3aec22b0b3b1eda606790bc7"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}}}, {0x38, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0xc, 0x1, 'iprange\x00'}, @NFTA_MATCH_REV={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x38}]}, @NFT_MSG_DELFLOWTABLE={0xf0, 0x18, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x84, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6_vti0\x00'}, {0x14, 0x1, 'veth0_to_hsr\x00'}, {0x14, 0x1, 'sit0\x00'}, {0x14, 0x1, 'lo\x00'}, {0x14, 0x1, 'bond0\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x20, 0x18, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x7dc}, 0x1, 0x0, 0x0, 0x40040b8}, 0x20048080)

1m43.83029287s ago: executing program 0 (id=2388):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x1e, 0x0, 0x0, 0x7995}, 0xffffffffffffffc4, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="5c00000012", 0x5}], 0x1, 0x0, 0x1f, 0x1f00c00e}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000000)={0x5, 0x0, 0x7fff, 0x0, 0x4, 0xfffc})

1m43.570668609s ago: executing program 0 (id=2389):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x8917, &(0x7f0000000000))
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)

1m42.215403312s ago: executing program 0 (id=2392):
r0 = socket$kcm(0x10, 0x2, 0x10)
recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x2020)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x600, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e03002a000b05d25a806c8c6f94f90224fc601100077a0a000312050282c137153e370e0c1180fc0b0c000300", 0x33fe0}], 0x1}, 0x0)

1m41.787570033s ago: executing program 0 (id=2397):
r0 = syz_open_procfs(0x0, &(0x7f0000000bc0)='environ\x00')
preadv(r0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000003c0)={0x0, @remote, @loopback}, &(0x7f0000000400)=0xc) (async)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910000000000000630000ff000000009500680000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x62, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21) (async)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x15d, 0x5, 0x0, {0x0, 0x4}}, 0xfd) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48) (async, rerun: 64)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10) (async)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) (async)
chdir(&(0x7f0000000100)='./file0\x00')
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r6, 0x4b3a, 0xfffffffffffffffe)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
fcntl$lock(r7, 0x5, 0x0)
r8 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r2}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000b0000000b0000000050000002800000004000013090000000001000000070000001000000000df0000060000000a000000b4060041350600000700000000000007000000000a0000000000000803000000010000000000000700000000000000000700000d00000000070000000200a84cf4830000020000000b00000002000000000000009f0000000b000000000000000a0000000300000010000000030000000d000000000000120200000000612e2e007d2bd92061582f0d67d65feecc1e0cc29a049d475af1864b9b0d0b4e7da1c37525045f67753e00bea4721a13595a1100"/252], &(0x7f0000000280)=""/153, 0xcd, 0x99, 0x1, 0x4, 0x10000, @value=r8}, 0x28)

1m25.190167455s ago: executing program 33 (id=2397):
r0 = syz_open_procfs(0x0, &(0x7f0000000bc0)='environ\x00')
preadv(r0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000003c0)={0x0, @remote, @loopback}, &(0x7f0000000400)=0xc) (async)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910000000000000630000ff000000009500680000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x62, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21) (async)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x15d, 0x5, 0x0, {0x0, 0x4}}, 0xfd) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48) (async, rerun: 64)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10) (async)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) (async)
chdir(&(0x7f0000000100)='./file0\x00')
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r6, 0x4b3a, 0xfffffffffffffffe)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
fcntl$lock(r7, 0x5, 0x0)
r8 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r2}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000b0000000b0000000050000002800000004000013090000000001000000070000001000000000df0000060000000a000000b4060041350600000700000000000007000000000a0000000000000803000000010000000000000700000000000000000700000d00000000070000000200a84cf4830000020000000b00000002000000000000009f0000000b000000000000000a0000000300000010000000030000000d000000000000120200000000612e2e007d2bd92061582f0d67d65feecc1e0cc29a049d475af1864b9b0d0b4e7da1c37525045f67753e00bea4721a13595a1100"/252], &(0x7f0000000280)=""/153, 0xcd, 0x99, 0x1, 0x4, 0x10000, @value=r8}, 0x28)

14.674425995s ago: executing program 3 (id=2607):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_io_uring_setup(0x111, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1}, &(0x7f00000029c0)=<r2=>0x0, &(0x7f0000002a00)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f0000000240)=0x9)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r6, &(0x7f0000000000)={0x24, @none={0x0, 0xffff}}, 0x14)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000740), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$sock_ifreq(r6, 0x8995, &(0x7f00000000c0)={'dvmrp1\x00', @ifru_ivalue=0x5})
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x20000)

13.600313075s ago: executing program 2 (id=2609):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000004b680)=""/102400, 0x19000)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)

11.52610714s ago: executing program 5 (id=2613):
unshare(0x20000400)
r0 = socket$igmp6(0xa, 0x3, 0x2)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2}, 0x38)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x7e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e240e2200489078030000000200000088c73b29f267636d01dbe5712c1c941e1cdafbbb43f09c70e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b45e9a1e3c829c8f37273538aea1be9bc31f445bb82ba0d9a87fbdce85ed127ffd8c1b54a70f94dd6c04474677342f12a97a3bc86e9e39ddc956ff46156a56dd18a19796a6f17816889a06ed838e309edb7dbbaa2429c1ae0101a080355cb5b82ba635d3e08f79faf3114456e6030351d76ea218e49966ec833bb80b3289"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r1=>0x0)
prlimit64(r1, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x8916, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b0304bc0000d86e6c1d0002847ea622fb564500004e23e3f58e76110565f450e71b0075e3002500028d459e37000f0000000095a01fad1d51a8e20a64c9f4d4938037e786a6d0bdd700"/93, 0x5d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

10.731504265s ago: executing program 2 (id=2616):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r1, &(0x7f0000000400)={0x2, 0xe20, @empty}, 0x10)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000780)={0x0, 'wg2\x00', 0x3}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r4 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r4, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x10010, r4, 0x8000000)
syz_io_uring_complete(r7)
socket(0x2, 0x80805, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b0000000500000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000008ff000000000000000018110000585fae73fc1f387d60db8ca78a16895c06c247b96db51bd8ddab69066ad02930f442a8bbedcb872453adbf0188aec72b8152e57b95ba24b31dcebc0b446c02c72f54224d9e699d0c592d905ed6e56ceafeed5de8a0bf491757558c06144f3b0fbb5d84bc463bb7d22b65b97ddfdfa39d034a9a39d1e12fce76176f759fb4c0d692833edd9062fbaad0c077ef738fc37161f192e5f2feea8407364b598a2f934a2c81479f8608064a60f529fdd86aa72a6fc82b18110001abcac0f3b9f722f75ef9fcbf4fd57c9f6e055612d7d1c0fae597f21691a4e5965e8b70c1ca636ec184cbd4dc6683e9ffa8dd714c7f7dfead2b1cadb40d766db87f7913f58460f03ff32f802f5ad721ef1e9202bd4edd2ba9ebdb1c7a1e4278047e9f4316647b6041d7d3a7cd7948ee3d6c3f0101136bddc1d7bc161211c1425dc6376d427026bcea37d1337bff1a6dfc456c33dddb12e697f95cf187b585271bf5995e75b4aec8985c4588544bc35a43cc2dfd85650c5638d2f6", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

10.662765131s ago: executing program 5 (id=2617):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000016000000000000000818510000", @ANYRES32=r3, @ANYRESDEC=r1], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
r5 = gettid()
fsmount(r4, 0x0, 0x0)
tkill(r5, 0xb)
mmap$xdp(&(0x7f0000354000/0x3000)=nil, 0x3000, 0x1000008, 0x42032, 0xffffffffffffffff, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet(r6, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, 0x0, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@mangle={'mangle\x00', 0x10, 0x6, 0x5d0, 0x360, 0x290, 0x290, 0xd0, 0x290, 0x500, 0x500, 0x500, 0x500, 0x500, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28, 'HL\x00', 0x0, {0x0, 0xfd}}}, {{@ipv6={@dev, @loopback, [], [], 'pim6reg\x00', 'veth1_macvtap\x00'}, 0x0, 0x180, 0x1c0, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0x0, 0x0, 0xff], [], [], 0x3f89a73c4f305294}}, @common=@dst={{0x48}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xe, 0x32, "fe16ae0c233aecbad824e681d33b3f604e23df7bfdb968a58bfe8d3caaf9"}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x630)

9.555216776s ago: executing program 5 (id=2619):
unshare(0x20000400)
r0 = socket$igmp6(0xa, 0x3, 0x2)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r1}, 0x38)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x7e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e240e2200489078030000000200000088c73b29f267636d01dbe5712c1c941e1cdafbbb43f09c70e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b45e9a1e3c829c8f37273538aea1be9bc31f445bb82ba0d9a87fbdce85ed127ffd8c1b54a70f94dd6c04474677342f12a97a3bc86e9e39ddc956ff46156a56dd18a19796a6f17816889a06ed838e309edb7dbbaa2429c1ae0101a080355cb5b82ba635d3e08f79faf3114456e6030351d76ea218e49966ec833bb80b3289"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r2=>0x0)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
sendmmsg$inet(r5, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x240080e4)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b0304bc0000d86e6c1d0002847ea622fb564500004e23e3f58e76110565f450e71b0075e3002500028d459e37000f0000000095a01fad1d51a8e20a64c9f4d4938037e786a6d0bdd700"/93, 0x5d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

8.0372206s ago: executing program 5 (id=2621):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00', @ANYBLOB="00db00000040000020001280"], 0x40}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
listen(0xffffffffffffffff, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000004700)={'team0\x00', <r6=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000003c0)={0x54, r5, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r6}, {0x38, 0x2, 0x0, 0x1, [{0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000401}, 0x4044040)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040), 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000200)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x31]}}}}]})
r8 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1={0xff, 0x4}}, 0x1c)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000), 0x8)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a0"], 0xffd8}}, 0x4000000)

8.010518584s ago: executing program 2 (id=2622):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r2, 0xf21, 0xa6, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000)

6.604343808s ago: executing program 6 (id=2624):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xa2000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x604102, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000003000/0x3000)=nil, 0x3000, &(0x7f0000000000)='pids.current\x00')

6.603454096s ago: executing program 2 (id=2625):
syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0})
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000000c0))
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140), 0x82b00, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vcsa(&(0x7f0000000080), 0xfffffffffffffeff, 0x200242)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r1, &(0x7f0000005740)=[{&(0x7f0000000040)='\n', 0x1}], 0x1)
syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x4f5e, 0x10100, 0x0, 0x10000000}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448e6, &(0x7f00000000c0)="fc")

6.597334712s ago: executing program 1 (id=2626):
r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x38, r0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x8e5bb83264e04179}, 0x4008000)

6.493282733s ago: executing program 5 (id=2627):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000004b680)=""/102400, 0x19000)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)

6.434724672s ago: executing program 3 (id=2628):
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000500)='gadgetfs\x00', 0x14800, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x100)
lseek(r0, 0x20000000003, 0x0)

6.259998742s ago: executing program 1 (id=2629):
unshare(0x68040200)
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f0000004000/0x400000)=nil, 0x400000, 0x0, 0x11, r3, 0x0)
ioctl$EVIOCRMFF(r1, 0x550c, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10)

5.306273718s ago: executing program 6 (id=2630):
r0 = socket(0x2, 0x80805, 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x800808, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, 0x0)

5.207225363s ago: executing program 3 (id=2631):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100000300"/20, @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000000)
clock_gettime(0xfffffffffffffffb, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
dup2(r0, r1)

5.063212628s ago: executing program 6 (id=2632):
unshare(0x20000400)
r0 = socket$igmp6(0xa, 0x3, 0x2)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r1}, 0x38)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x7e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e240e2200489078030000000200000088c73b29f267636d01dbe5712c1c941e1cdafbbb43f09c70e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b45e9a1e3c829c8f37273538aea1be9bc31f445bb82ba0d9a87fbdce85ed127ffd8c1b54a70f94dd6c04474677342f12a97a3bc86e9e39ddc956ff46156a56dd18a19796a6f17816889a06ed838e309edb7dbbaa2429c1ae0101a080355cb5b82ba635d3e08f79faf3114456e6030351d76ea218e49966ec833bb80b3289"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r2=>0x0)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
sendmmsg$inet(r5, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x240080e4)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b0304bc0000d86e6c1d0002847ea622fb564500004e23e3f58e76110565f450e71b0075e3002500028d459e37000f0000000095a01fad1d51a8e20a64c9f4d4938037e786a6d0bdd700"/93, 0x5d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

4.841626372s ago: executing program 1 (id=2633):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000000)=0xffffffff, 0x4)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001a80), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRES16], 0x80}, 0x1, 0x0, 0x0, 0x44084}, 0x4008050)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32=r3, @ANYBLOB="01000000002200001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0x19})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f00000000c0)={0x28, 0x5, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r7, 0x0, <r8=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r8, 0x0, 0x1, 0x0, 0x10000, 0x0, 0x32bf91})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000010000100000000000000000053000000", @ANYRES32=r9, @ANYBLOB="efdd0e4af11f02000a0001"], 0x2c}}, 0x0)
write$FUSE_NOTIFY_DELETE(r1, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa843, 0x0)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000100)={0x0, 0x0, 0x7fd})
syz_io_uring_setup(0x7ea9, &(0x7f0000000080)={0x0, 0x40003, 0x10300, 0x0, 0x3}, &(0x7f0000000200), &(0x7f0000000140))
r11 = socket(0x80000000000000a, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x30162})
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r12, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r12, 0x0)

4.082945733s ago: executing program 3 (id=2634):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000600)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f907, 0x5, '\x00', @string=0x0}})
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000480), 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xf3, &(0x7f0000000000), &(0x7f0000000240)=0x4)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x800, 0x80000001)
sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x2004c000)
socket(0x403ed7a7240cb7e6, 0x4, 0x6)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7dcc91f97e17fd2726c4b70077ad35a1d00eb5b07a2a736a44ece5a7cdb504f1ffa2b0704b7081ea3dac0f2f0684641b60739a11138dd39a4426c613bbe6d1ef37d5964a", @ANYRES16=r6, @ANYBLOB="09020000000000000000010000000500040002000000", @ANYRES64=r3], 0x1c}}, 0x4800)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x1, 0x0, {}, {0x0, 0x0, 0x2}, {}, {}, 0x1, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x12, 0x1ff, 0x13d, 0x5, 0x3, 0x53, 0x202, 0x3, 0x3})
syz_open_dev$sndmidi(&(0x7f0000000040), 0x6, 0x2200)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000080)={0x9, 0x101, 0x1, {0x54be875c, 0xffffff6d, 0x302, 0xd002}})
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xcb24b2e2f8079ef9}, 0x1, 0xf000, 0x0, 0x8c1}, 0x20040)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)

3.995010044s ago: executing program 6 (id=2635):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x8917, &(0x7f0000000000))
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)

3.29328138s ago: executing program 1 (id=2636):
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xf}}, [@NFT_MSG_DELOBJ={0x54, 0x14, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_OBJ_USERDATA={0x38, 0x8, "80f1a08f07d4483301bb0f9adbdd00c14bf50f93765251e5be8e6980884ec75707d4c573f81f38e756ab83f26983628259e93e79"}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x7c}, 0x1, 0x0, 0x0, 0x8041}, 0xc000000)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x3a)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080), 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0x6, 0x0, 0x3, @discrete={0x9}})
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x175)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="142000001000010000000000000000000000000a44000000060a0b840000000000000000020000002400"], 0x6c}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0x4c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

3.285858538s ago: executing program 6 (id=2637):
iopl(0x3)
clock_settime(0x3, 0x0)

3.244244327s ago: executing program 5 (id=2638):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r0 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8915, &(0x7f0000001580)={'syz_tun\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000030000000900000001"], 0x48)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000000)={'syz0\x00', {0x256, 0x62cd, 0x62, 0x1}, 0x35, [0x1200000, 0x5, 0x8d2a, 0x14b, 0x9, 0x4, 0x9, 0x3680000, 0x3f, 0x9, 0x9, 0x7, 0x5, 0xfffffff9, 0x0, 0x2, 0xfffffff9, 0xfff, 0x6, 0x6, 0x0, 0xff, 0x9, 0x8fb, 0x100, 0x0, 0x8001, 0x1, 0x3, 0x0, 0x2, 0x8, 0x1d2, 0xc, 0x6, 0x8, 0x3ff, 0x49, 0x0, 0x4, 0x7fff, 0x10001, 0x80, 0x7551, 0x4, 0x4, 0xffffff51, 0x0, 0x1, 0x5, 0x1, 0x5, 0x4, 0x80000000, 0x40, 0x9, 0x1, 0x3, 0x7f, 0x66, 0x9, 0x1, 0x7fff, 0x2], [0xe, 0x5adc9170, 0x84e, 0x2, 0x7, 0x3, 0x10000, 0x8, 0x2, 0xfffffffd, 0xffffffff, 0x6ce8, 0xf9, 0x6, 0x1, 0x9, 0x3, 0xce84, 0x8, 0xffffff1e, 0x2, 0x6, 0xc, 0x7, 0xd1, 0x7, 0x9, 0x1, 0x1, 0x1, 0x10, 0x0, 0x5, 0x7fff, 0x5, 0xf, 0x9, 0x7, 0xf, 0x9, 0x10000, 0xc9, 0x80000000, 0x6, 0x5, 0x7f, 0x4, 0x6, 0x7, 0x5, 0x1, 0x9, 0x3, 0x8, 0x0, 0x4, 0x5, 0x3ff, 0x7fff, 0x0, 0x1, 0x2af3db6d, 0x1, 0x6], [0x5, 0xb35, 0xde82, 0x81, 0x9, 0x7, 0x17, 0x25b, 0xfffffffd, 0x7f800, 0x5, 0x1, 0x8001, 0x400, 0x3ff, 0x2, 0x9, 0x2, 0x9, 0x5, 0x6, 0x2, 0x2, 0x7, 0xffffffff, 0xfffffffe, 0x3ef, 0xfffff800, 0xff, 0x5, 0x0, 0x8, 0xd, 0x1, 0xfffffffa, 0x6, 0x2, 0x82b, 0x9, 0xbc, 0x1, 0x7, 0x6edf8f7f, 0x5, 0xffff, 0xea, 0x8, 0x4, 0x81, 0x10000, 0xfff, 0xffff, 0x1, 0x101, 0xfffffff9, 0x5, 0x6, 0x3, 0xfffffbff, 0x3, 0x8, 0x81, 0x3, 0x7fff], [0x5, 0xffff8000, 0x3ff, 0x7f, 0xb, 0x5, 0x4, 0x0, 0x5, 0xfff, 0x21c, 0x5, 0x0, 0x200, 0x40a, 0x5, 0x8, 0xfffffffc, 0x5, 0x0, 0x6, 0xffffff31, 0xffffff05, 0x0, 0x1, 0x853, 0x3, 0x2, 0x6, 0x401, 0x9, 0x501, 0x7, 0xfffffffe, 0x627, 0x2, 0xe2, 0x8000, 0x7f, 0xc8c, 0x1, 0x80000000, 0x4, 0x8000000, 0x8, 0x80000000, 0x0, 0x7, 0x1, 0x9f, 0xff, 0x8000, 0xa, 0x0, 0x1, 0x2, 0x8, 0x0, 0x2, 0x9, 0x53edb2e0, 0x1f38, 0x7, 0x3]}, 0x45c)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000005c0)}, 0x20)
syz_usb_connect(0x0, 0x10e, &(0x7f0000000380)=ANY=[@ANYBLOB="120100006a249f08ec1888323a3f010203010902fc0001870000000904e600030e01000006240600011005240008000d240f01000000000000a0010606241a0000000c241b000000000000ff01000424020c9024", @ANYRES16=r2], 0x0)

3.14868248s ago: executing program 2 (id=2639):
unshare(0x20000400)
r0 = socket$igmp6(0xa, 0x3, 0x2)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004001000050000000b00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000400000000"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r1}, 0x38)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x7e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e240e2200489078030000000200000088c73b29f267636d01dbe5712c1c941e1cdafbbb43f09c70e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b45e9a1e3c829c8f37273538aea1be9bc31f445bb82ba0d9a87fbdce85ed127ffd8c1b54a70f94dd6c04474677342f12a97a3bc86e9e39ddc956ff46156a56dd18a19796a6f17816889a06ed838e309edb7dbbaa2429c1ae0101a080355cb5b82ba635d3e08f79faf3114456e6030351d76ea218e49966ec833bb80b3289"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r2=>0x0)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x8916, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b0304bc0000d86e6c1d0002847ea622fb564500004e23e3f58e76110565f450e71b0075e3002500028d459e37000f0000000095a01fad1d51a8e20a64c9f4d4938037e786a6d0bdd700"/93, 0x5d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

2.925137374s ago: executing program 6 (id=2640):
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000440)={0x980929, 0x103})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001b80)={0x6, 0xb, &(0x7f0000001b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000e8e09e9ab702000008000000b70300000000000085000000c800000095"], &(0x7f00000005c0)='syzkaller\x00', 0x4, 0x79, &(0x7f0000000140)=""/121, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0x5, &(0x7f0000000380)={0xee8, 0x8000000000000000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000003b0007010000000000000000017c00000400fc800c00018006000600800a0000080002800400728008000700", @ANYRES32=r0, @ANYBLOB="83c1958dde31c1db881032d549e1223c85e73350abcd048e431f7b3be63b22accf7f33c242830300000000000000625860b413d85ba3eaa34d7db97f1f38bc68225f9705b7cc5a789b6699ff5059453c1de9806df24ddcafed59c98de32368859180647f9231866484fa2a06fded538429c96b36c85e9e58c9fa1116f709d5e190f56e3d77d13b1625e35a1a6e29f27eb2f4a913c698abab4ffd9ee47604ad470c10fc85e87fc3c3f3414307de3c9636e66c8d7700d097d491dae7d44e4cf6f24d50bc4c9c37584b16e29100"/217], 0x34}}, 0xc000)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = socket(0x2, 0x3, 0xff)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010101}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x24040000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x4fed0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @void}, 0x10)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, r2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001300010000000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="01034000000000001400030076657468305f746f5f6261746164760008000d0000000000080029"], 0x44}, 0x1, 0x0, 0x0, 0x4044010}, 0x0)

2.913981117s ago: executing program 3 (id=2641):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xa2000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x604102, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000003000/0x3000)=nil, 0x3000, &(0x7f0000000000)='pids.current\x00')

1.943226944s ago: executing program 1 (id=2642):
syz_open_dev$video(&(0x7f0000000180), 0x3ff, 0x2000)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
inotify_init1(0x0)
r0 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
open(&(0x7f0000000340)='./file0\x00', 0x300, 0x69)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000280000000400"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r6, &(0x7f0000000240)}, 0x20)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000000980)=""/102400, 0x19000)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, &(0x7f0000000180), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)

908.714029ms ago: executing program 3 (id=2643):
unshare(0x68040200)
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f0000004000/0x400000)=nil, 0x400000, 0x0, 0x11, r3, 0x0)
ioctl$EVIOCRMFF(r1, 0x550c, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10)

868.188µs ago: executing program 1 (id=2644):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = inotify_init1(0x0)
fcntl$getownex(r2, 0x10, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6, 0x5, @val=0xe1bc}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000000851000000600000018000000", @ANYRES32, @ANYRESDEC=0x0], &(0x7f0000000000)='GPL\x00', 0x40a, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000001080)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r6, 0x84, 0x19, &(0x7f0000000040)={r8}, 0x8)
write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[], 0x32600)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r9, 0x3b72, &(0x7f0000000180)={0x18, 0x2, 0x0, 0x8})
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x3000001, 0x810, r4, 0x0)
unshare(0x28000600)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r10, &(0x7f0000000b40)=[{&(0x7f0000000280)=@in6={0xa, 0x4e23, 0x4207, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000005c0)="1ef345bcca663c40ca8e3790df459b1dd60d24dff3183e585d321c854db5198dc9126d1d89a57f2e3b8f94c13c00edc3ca", 0x31}, {&(0x7f0000000600)="fdb138d349bcde9735211ec9b11c3e71215261457619df60ca0256c04328d41e1bc4b9484b43948b7e7ea71efed9f7276742e09a", 0x34}, {&(0x7f0000000640)="1a45328cea4577a76f5c8730a45b3e2338589fcd250ab39d111d87694b827477d5edc397364b59c4a5362ce6ab286f2e754c73e54fdaa8982c362408c804030b998d08bc6434709a207ee42c9dfe29828de2e09c58af9c2030684bd644459c0ef59a6de8ece92662a7a4b9e5cc09621f1682d3bc0245c19446dc8de1f2ed46ebd04c29e2599d0d6ba599051767868dab782085733e36f77a6207e5a313baf3c533c17e46eb489a46415517d98dd0134d8769e2ae172f8f35e46c60c13de17f86e7f7d19b0ef8f3f3e87a917093a5be96be7bb67d59ce57649bfde4295b0455d8888e41aa114077c1", 0xe8}], 0x3, &(0x7f0000000780)=[@dstaddrv6={0x20, 0x84, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x9}}, @dstaddrv4={0x18, 0x84, 0x7, @remote}, @prinfo={0x18, 0x84, 0x5, {0x30, 0xe7c}}, @authinfo={0x18, 0x84, 0x6, {0x6}}, @dstaddrv6={0x20, 0x84, 0x8, @empty}], 0xa0, 0x8000}, {&(0x7f0000000880)=@in6={0xa, 0x4e23, 0x0, @private1, 0xdb}, 0x1c, &(0x7f0000000a40)=[{&(0x7f00000008c0)="94feaf0dda4f7228ce6d9507a34ee00a5f736c68a7e57b90ca5e96e11442df93999cfe44b837205720535efb484e25af738442629c6b6b9164f192129eed9c4337f95b555ac8c96cbba24485835f53a838d9ca876d62bc1964884176887036db1a6bcf160ca43d4c5f5a45da67c4d7692f32598347d0cee36fe26bee51505ddd2089ffd569857b980731a79decc9a6ee65580de50b5c16039e90551cacd5cf37b30931625bc477680491a72472c80586348bada34e027b1650607b199bba2178e27ec118cae70c170e9c3a35826ff6599ea66159a1939eb7f40928c85701a346", 0xe0}, {&(0x7f00000009c0)="1916a12f89ccec41e9958cff290ecd6bb575aa7ef7d37077f8daac9b8dc87465955c688d77177247ed640a194b08fc418fa8d5735b43139f21f1e8c6877abbfa9c0c02239fc822fe64061ef57da5b72368903aab972c0e17f53194a7e955a9b1280ec5da9a07b0657862799635706d1e641d", 0x72}], 0x2, &(0x7f0000000a80)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0x1}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x800}}, @dstaddrv6={0x20, 0x84, 0x8, @private0}, @sndinfo={0x20, 0x84, 0x2, {0x400, 0x206, 0x7, 0x3400000, r8}}, @init={0x18, 0x84, 0x0, {0xd, 0x1000, 0x100, 0x4}}, @dstaddrv6={0x20, 0x84, 0x8, @empty}, @init={0x18, 0x84, 0x0, {0x3, 0x3, 0x1, 0x5}}], 0xc0, 0x40}], 0x2, 0x80)
r11 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, r11, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast2}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '\xd8\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010100}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x208000, 0x0)
r12 = socket(0x23, 0x5, 0x0)
r13 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r13, &(0x7f0000000380)=[{{&(0x7f0000000100)={0xa, 0x4e23, 0xe959, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000840)=[@tclass={{0x10, 0x29, 0x43, 0xffff}}], 0x10}}], 0x1, 0x4000000)
r14 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGPGRP(r14, 0x8904, &(0x7f0000000000))
getpeername$packet(r12, 0x0, &(0x7f0000001140))

0s ago: executing program 2 (id=2645):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00', @ANYBLOB="00db00000040000020001280"], 0x40}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000002dc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x168, 0x9, 0x178, 0xb, 0x290, 0x250, 0x250, 0x290, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [0xffffff00], 'veth1_to_team\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x140, 0x178, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}}, @common=@unspec=@physdev={{0x68}, {'ipvlan0\x00', {}, 'ip6_vti0\x00', {}, 0x5, 0xe}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x402, 0x2, 0x6}, {0x3, 0x1}, {0x1, 0x0, 0x3}, 0x9, 0x9}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x96, 'syz1\x00', {0xb8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c40)={0x30, r5, 0x1, 0x0, 0x0, {0x2c}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}}, 0x8040)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000010a01000000000000000000010000000900010073797a300000000040000000160a01000000000000000000050000000900010063797a30000000000900020073797a31000000001400038008000240000000020800014000000000380000001a0a0101000b000000000000010000000900020073797a3000000000090001"], 0xc0}}, 0x0)

kernel console output (not intermixed with test programs):

onfig index 0 descriptor/start: -61
[  729.433112][ T5870] usb 6-1: can't read configurations, error -61
[  729.581583][ T5870] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  730.666727][ T5870] usb 6-1: unable to read config index 0 descriptor/start: -61
[  730.674694][ T5870] usb 6-1: can't read configurations, error -61
[  730.701245][ T5870] usb usb6-port1: unable to enumerate USB device
[  731.291770][    T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  731.313521][T13225] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1932'.
[  731.351659][    T9] usb 1-1: USB disconnect, device number 26
[  731.659040][   T30] audit: type=1326 audit(1742328760.334:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13221 comm="syz.2.1933" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2440f8d169 code=0x0
[  731.722866][  T944] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  732.231465][  T944] usb 6-1: Using ep0 maxpacket: 16
[  732.593929][  T944] usb 6-1: config 7 has an invalid interface number: 46 but max is 0
[  732.611174][  T944] usb 6-1: config 7 has no interface number 0
[  732.617348][  T944] usb 6-1: config 7 interface 46 has no altsetting 0
[  732.631381][    T9] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  732.661853][  T944] usb 6-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  732.691362][  T944] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.699517][  T944] usb 6-1: Product: syz
[  732.791743][  T944] usb 6-1: Manufacturer: syz
[  732.796489][  T944] usb 6-1: SerialNumber: syz
[  732.932374][    T9] usb 1-1: config 0 has an invalid interface number: 131 but max is 0
[  732.951204][    T9] usb 1-1: config 0 has no interface number 0
[  732.957416][    T9] usb 1-1: config 0 interface 131 has no altsetting 0
[  733.001422][    T9] usb 1-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  733.030919][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.060273][    T9] usb 1-1: Product: syz
[  733.075089][    T9] usb 1-1: Manufacturer: syz
[  733.079851][    T9] usb 1-1: SerialNumber: syz
[  733.122023][    T9] usb 1-1: config 0 descriptor??
[  733.281768][T13250] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1937'.
[  733.608688][  T944] usb 6-1: USB disconnect, device number 24
[  735.665351][    T9] usb 1-1: bad CDC descriptors
[  735.713028][    T9] usb 1-1: USB disconnect, device number 27
[  736.266476][T13271] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1942'.
[  737.335491][T13286] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1947'.
[  737.360621][T13286] netlink: 'syz.0.1947': attribute type 1 has an invalid length.
[  737.368870][T13286] netlink: 'syz.0.1947': attribute type 1 has an invalid length.
[  737.379002][T13286] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1947'.
[  738.242094][   T30] audit: type=1800 audit(1742328766.934:102): pid=13288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1949" name="/" dev="9p" ino=2 res=0 errno=0
[  738.351188][ T5870] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  738.361668][    T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  738.512227][ T5870] usb 1-1: Using ep0 maxpacket: 16
[  738.533984][    T9] usb 4-1: Using ep0 maxpacket: 16
[  738.545684][ T5870] usb 1-1: config 7 has an invalid interface number: 46 but max is 0
[  738.567181][    T9] usb 4-1: config 7 has an invalid interface number: 46 but max is 0
[  738.581267][ T5870] usb 1-1: config 7 has no interface number 0
[  738.591337][    T9] usb 4-1: config 7 has no interface number 0
[  738.597607][ T5870] usb 1-1: config 7 interface 46 has no altsetting 0
[  738.605144][    T9] usb 4-1: config 7 interface 46 has no altsetting 0
[  738.624017][    T9] usb 4-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  738.635043][ T5870] usb 1-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  738.647171][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.658944][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.672912][    T9] usb 4-1: Product: syz
[  738.677128][    T9] usb 4-1: Manufacturer: syz
[  738.685739][ T5870] usb 1-1: Product: syz
[  738.692480][ T5870] usb 1-1: Manufacturer: syz
[  738.710348][    T9] usb 4-1: SerialNumber: syz
[  738.718730][ T5870] usb 1-1: SerialNumber: syz
[  740.000824][    T9] usb 4-1: USB disconnect, device number 35
[  740.058349][ T5870] usb 1-1: USB disconnect, device number 28
[  742.198790][T13332] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1961'.
[  742.232494][T13334] FAULT_INJECTION: forcing a failure.
[  742.232494][T13334] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.300949][T13334] CPU: 1 UID: 0 PID: 13334 Comm: syz.0.1963 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  742.300980][T13334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  742.300993][T13334] Call Trace:
[  742.301001][T13334]  <TASK>
[  742.301010][T13334]  dump_stack_lvl+0x241/0x360
[  742.301044][T13334]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.301064][T13334]  ? __pfx__printk+0x10/0x10
[  742.301108][T13334]  should_fail_ex+0x40a/0x550
[  742.301145][T13334]  _copy_to_user+0x31/0xb0
[  742.301175][T13334]  kvm_arch_dev_ioctl+0x572/0xbb0
[  742.301203][T13334]  ? __pfx_kvm_arch_dev_ioctl+0x10/0x10
[  742.301228][T13334]  ? tomoyo_path_number_perm+0x65d/0x770
[  742.301259][T13334]  ? __lock_acquire+0x1397/0x2100
[  742.301288][T13334]  ? tomoyo_path_number_perm+0x209/0x770
[  742.301319][T13334]  ? smack_log+0x10d/0x5c0
[  742.301347][T13334]  ? __pfx_smack_log+0x10/0x10
[  742.301373][T13334]  ? smk_access+0x4ab/0x4e0
[  742.301404][T13334]  kvm_dev_ioctl+0x5b6/0x22d0
[  742.301445][T13334]  ? smack_file_ioctl+0x304/0x3b0
[  742.301477][T13334]  ? __pfx_smack_file_ioctl+0x10/0x10
[  742.301513][T13334]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  742.301548][T13334]  ? __fget_files+0x2a/0x410
[  742.301574][T13334]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  742.301606][T13334]  __se_sys_ioctl+0xf5/0x170
[  742.301637][T13334]  do_syscall_64+0xf3/0x230
[  742.301668][T13334]  ? clear_bhb_loop+0x35/0x90
[  742.301702][T13334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.301728][T13334] RIP: 0033:0x7fe81d78d169
[  742.301747][T13334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.301764][T13334] RSP: 002b:00007fe81e625038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  742.301786][T13334] RAX: ffffffffffffffda RBX: 00007fe81d9a5fa0 RCX: 00007fe81d78d169
[  742.301801][T13334] RDX: 0000400000000080 RSI: 00000000c004ae0a RDI: 0000000000000003
[  742.301815][T13334] RBP: 00007fe81e625090 R08: 0000000000000000 R09: 0000000000000000
[  742.301827][T13334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.301839][T13334] R13: 0000000000000000 R14: 00007fe81d9a5fa0 R15: 00007ffde6806b58
[  742.301869][T13334]  </TASK>
[  745.038973][T13358] ip6t_srh: unknown srh match flags  5294
[  745.405733][T13355] netlink: 'syz.1.1965': attribute type 1 has an invalid length.
[  746.793486][T13371] ip6t_srh: unknown srh match flags  5294
[  747.402946][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  747.933614][T13373] netlink: 'syz.1.1970': attribute type 4 has an invalid length.
[  747.941621][T13373] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1970'.
[  748.355570][T13375] ceph: No mds server is up or the cluster is laggy
[  748.363372][    T9] libceph: connect (1)[c::]:6789 error -101
[  748.391334][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  748.848361][ T5866] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  748.912243][T13391] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.1978'.
[  749.012812][ T5866] usb 1-1: Using ep0 maxpacket: 16
[  749.034979][ T5866] usb 1-1: config 7 has an invalid interface number: 46 but max is 0
[  749.064528][ T5866] usb 1-1: config 7 has no interface number 0
[  749.089091][ T5866] usb 1-1: config 7 interface 46 has no altsetting 0
[  749.127874][ T5866] usb 1-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  749.165999][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.341186][    T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  749.541171][ T5866] usb 1-1: Product: syz
[  749.550091][ T5866] usb 1-1: Manufacturer: syz
[  749.559730][ T5866] usb 1-1: SerialNumber: syz
[  749.671557][    T9] usb 4-1: Using ep0 maxpacket: 8
[  749.683892][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 56832, setting to 1024
[  749.700403][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  749.748302][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  749.771143][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  749.801112][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  749.820560][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.891426][ T5870] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  750.055699][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  750.061384][ T5870] usb 6-1: Using ep0 maxpacket: 16
[  750.077005][    T9] usbtmc 4-1:16.0: can't read capabilities
[  750.090908][ T5870] usb 6-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  750.120541][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.158205][ T5870] usb 6-1: Product: syz
[  750.178355][ T5870] usb 6-1: Manufacturer: syz
[  750.388027][ T5870] usb 6-1: SerialNumber: syz
[  750.397487][ T5870] usb 6-1: config 0 descriptor??
[  751.318383][ T5870] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  751.349309][ T5870] gp8psk: usb in 128 operation failed.
[  751.392291][ T5867] usb 4-1: USB disconnect, device number 36
[  751.421235][ T5870] gp8psk: usb in 137 operation failed.
[  751.448226][ T5866] usb 1-1: USB disconnect, device number 29
[  751.456816][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  751.504378][ T5870] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  751.549534][ T5870] usb 6-1: media controller created
[  751.595582][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  751.648979][ T5870] gp8psk_fe: Frontend revision 1 attached
[  751.670112][ T5870] usb 6-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  751.699223][ T5870] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  751.922183][ T5870] gp8psk: usb in 138 operation failed.
[  752.000908][ T5870] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  752.039681][T13428] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1989'.
[  752.041354][ T5870] gp8psk: found Genpix USB device pID = 201 (hex)
[  752.227193][ T5870] usb 6-1: USB disconnect, device number 25
[  752.390939][T13432] ceph: No mds server is up or the cluster is laggy
[  752.441263][    T9] libceph: connect (1)[c::]:6789 error -101
[  752.447367][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  752.626005][ T5870] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  752.747616][T13438] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.1991'.
[  753.954631][T13463] netlink: 'syz.3.1999': attribute type 4 has an invalid length.
[  754.867338][T13482] nvme_fabrics: missing parameter 'transport=%s'
[  754.913897][T13482] nvme_fabrics: missing parameter 'nqn=%s'
[  755.427318][   T30] audit: type=1800 audit(1742328784.104:103): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2003" name="/" dev="9p" ino=2 res=0 errno=0
[  756.415204][T13471] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2001'.
[  756.482630][T13471] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2001'.
[  758.891527][T13524] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2016'.
[  759.415560][T13528] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2889887472 (184952798208 ns) > initial count (51438777216 ns). Using initial count to start timer.
[  759.963143][ T5870] hid-generic 0003:0003:FFFFFFFD.001D: unknown main item tag 0x0
[  759.982248][ T5870] hid-generic 0003:0003:FFFFFFFD.001D: unknown main item tag 0x0
[  760.045856][   T30] audit: type=1326 audit(1742328788.724:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13533 comm="syz.5.2017" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0cdb78d169 code=0x0
[  760.209255][ T5870] hid-generic 0003:0003:FFFFFFFD.001D: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  760.455970][T13548] ip6t_srh: unknown srh match flags  5294
[  761.733477][T13562] Unsupported ieee802154 address type: 0
[  763.300359][T13561] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2022'.
[  763.374259][T13578] netlink: 'syz.0.2027': attribute type 39 has an invalid length.
[  763.518415][T13561] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2022'.
[  763.556439][T13579] nvme_fabrics: missing parameter 'transport=%s'
[  763.593570][T13583] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  763.723628][T13579] nvme_fabrics: missing parameter 'nqn=%s'
[  764.712792][   T30] audit: type=1326 audit(1742328793.394:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.2.2030" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2440f8d169 code=0x0
[  764.804592][ T5866] hid-generic 0003:0003:FFFFFFFD.001E: unknown main item tag 0x0
[  764.813174][ T5866] hid-generic 0003:0003:FFFFFFFD.001E: unknown main item tag 0x0
[  764.830435][ T5866] hid-generic 0003:0003:FFFFFFFD.001E: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  765.491733][T13615] ip6t_srh: unknown srh match flags  5294
[  767.792689][T13644] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2042'.
[  768.221352][T13632] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2039'.
[  768.274691][T13634] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2039'.
[  770.021226][ T5866] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  770.087153][T13683] FAULT_INJECTION: forcing a failure.
[  770.087153][T13683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  770.159407][T13683] CPU: 0 UID: 0 PID: 13683 Comm: syz.5.2054 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  770.159438][T13683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  770.159451][T13683] Call Trace:
[  770.159458][T13683]  <TASK>
[  770.159466][T13683]  dump_stack_lvl+0x241/0x360
[  770.159496][T13683]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.159517][T13683]  ? __pfx__printk+0x10/0x10
[  770.159550][T13683]  ? __pfx_lock_release+0x10/0x10
[  770.159588][T13683]  should_fail_ex+0x40a/0x550
[  770.159625][T13683]  set_fd_set+0x3a/0xa0
[  770.159656][T13683]  core_sys_select+0x87d/0xa40
[  770.159697][T13683]  ? __pfx_core_sys_select+0x10/0x10
[  770.159732][T13683]  ? ksys_write+0x22a/0x2b0
[  770.159786][T13683]  ? __pfx_set_user_sigmask+0x10/0x10
[  770.159811][T13683]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  770.159843][T13683]  ? __fget_files+0x2a/0x410
[  770.159871][T13683]  __se_sys_pselect6+0x321/0x3e0
[  770.159911][T13683]  ? __pfx___se_sys_pselect6+0x10/0x10
[  770.159943][T13683]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  770.159974][T13683]  ? do_syscall_64+0x100/0x230
[  770.160008][T13683]  ? __x64_sys_pselect6+0x21/0xf0
[  770.160042][T13683]  do_syscall_64+0xf3/0x230
[  770.160073][T13683]  ? clear_bhb_loop+0x35/0x90
[  770.160105][T13683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.160132][T13683] RIP: 0033:0x7f0cdb78d169
[  770.160150][T13683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.160168][T13683] RSP: 002b:00007f0cdc60f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  770.160190][T13683] RAX: ffffffffffffffda RBX: 00007f0cdb9a6080 RCX: 00007f0cdb78d169
[  770.160205][T13683] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: 0000000000000040
[  770.160225][T13683] RBP: 00007f0cdc60f090 R08: 0000000000000000 R09: 0000000000000000
[  770.160238][T13683] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  770.160251][T13683] R13: 0000000000000000 R14: 00007f0cdb9a6080 R15: 00007ffca2375678
[  770.160281][T13683]  </TASK>
[  770.671748][ T5866] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  770.747112][ T5866] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  770.802905][ T5866] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  770.851140][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.912880][ T5866] usb 4-1: config 0 descriptor??
[  771.513207][ T5866] cm6533_jd 0003:0D8C:0022.001F: unknown main item tag 0x0
[  771.562650][ T5866] cm6533_jd 0003:0D8C:0022.001F: unknown main item tag 0x0
[  771.601686][ T5866] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.001F/input/input28
[  771.629295][ T5866] cm6533_jd 0003:0D8C:0022.001F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  771.744936][T13705] overlayfs: failed to clone upperpath
[  771.959336][ T5866] hid-generic 0003:0003:FFFFFFFD.0020: unknown main item tag 0x0
[  772.017295][ T5866] hid-generic 0003:0003:FFFFFFFD.0020: unknown main item tag 0x0
[  772.095205][ T5866] hid-generic 0003:0003:FFFFFFFD.0020: hidraw1: USB HID v0.00 Device [syz0] on syz0
[  772.116106][   T26] hid-generic 0003:0003:FFFFFFFD.0021: unknown main item tag 0x0
[  772.141746][   T26] hid-generic 0003:0003:FFFFFFFD.0021: unknown main item tag 0x0
[  772.201800][   T26] hid-generic 0003:0003:FFFFFFFD.0021: hidraw1: USB HID v0.00 Device [syz0] on syz0
[  772.599566][T13717] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2065'.
[  772.839907][   T26] usb 4-1: USB disconnect, device number 37
[  772.892185][   T30] audit: type=1326 audit(1742328802.571:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13720 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  772.942152][   T30] audit: type=1326 audit(1742328802.571:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13720 comm="syz.1.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  775.603214][T13764] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.2078'.
[  776.582026][T13778] nvme_fabrics: missing parameter 'transport=%s'
[  776.593311][T13778] nvme_fabrics: missing parameter 'nqn=%s'
[  777.162565][T13796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2087'.
[  777.271176][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  777.677213][T13797] ceph: No mds server is up or the cluster is laggy
[  777.696042][ T5866] libceph: connect (1)[c::]:6789 error -101
[  777.703660][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  777.781319][    T9] usb 4-1: Using ep0 maxpacket: 32
[  777.809023][    T9] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  777.850068][    T9] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x2 has invalid wMaxPacketSize 0
[  777.885305][    T9] usb 4-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  777.913848][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  777.939735][    T9] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  777.954018][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.116094][    T9] usb 4-1: config 0 descriptor??
[  778.409384][T13814] netlink: 'syz.1.2092': attribute type 1 has an invalid length.
[  778.921685][T13789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.944732][T13789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  779.169896][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  779.187073][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  779.196892][ T5870] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  779.222725][  T944] libceph: connect (1)[c::]:6789 error -101
[  779.228299][    T9] usb 4-1: USB disconnect, device number 38
[  779.250011][  T944] libceph: mon0 (1)[c::]:6789 connect error
[  779.258913][T13829] ceph: No mds server is up or the cluster is laggy
[  779.357164][T13836] FAULT_INJECTION: forcing a failure.
[  779.357164][T13836] name failslab, interval 1, probability 0, space 0, times 0
[  779.370409][ T5870] usb 6-1: Using ep0 maxpacket: 8
[  779.384761][T13836] CPU: 0 UID: 0 PID: 13836 Comm: syz.1.2099 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  779.384792][T13836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  779.384804][T13836] Call Trace:
[  779.384811][T13836]  <TASK>
[  779.384819][T13836]  dump_stack_lvl+0x241/0x360
[  779.384846][T13836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  779.384866][T13836]  ? __pfx__printk+0x10/0x10
[  779.384897][T13836]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  779.384918][T13836]  ? __pfx___might_resched+0x10/0x10
[  779.384947][T13836]  should_fail_ex+0x40a/0x550
[  779.384998][T13836]  should_failslab+0xac/0x100
[  779.385032][T13836]  kmem_cache_alloc_node_noprof+0x77/0x380
[  779.385053][T13836]  ? __alloc_skb+0x1c3/0x440
[  779.385084][T13836]  ? register_lock_class+0x102/0x980
[  779.385116][T13836]  __alloc_skb+0x1c3/0x440
[  779.385146][T13836]  ? __pfx_register_lock_class+0x10/0x10
[  779.385178][T13836]  ? __pfx___alloc_skb+0x10/0x10
[  779.385214][T13836]  ? __lock_acquire+0x1397/0x2100
[  779.385246][T13836]  alloc_skb_with_frags+0xc3/0x820
[  779.385283][T13836]  sock_alloc_send_pskb+0x91a/0xa60
[  779.385326][T13836]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  779.385352][T13836]  ? __pfx_validate_chain+0x10/0x10
[  779.385373][T13836]  ? __pfx_validate_chain+0x10/0x10
[  779.385397][T13836]  ? dev_get_by_index+0x23/0x2d0
[  779.385427][T13836]  packet_sendmsg+0x41b8/0x6c80
[  779.385462][T13836]  ? validate_chain+0x11e/0x5920
[  779.385493][T13836]  ? mark_lock+0x9a/0x360
[  779.385528][T13836]  ? __lock_acquire+0x1397/0x2100
[  779.385573][T13836]  ? smack_socket_sendmsg+0x1c6/0x580
[  779.385598][T13836]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  779.385622][T13836]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[  779.385647][T13836]  ? __pfx_packet_sendmsg+0x10/0x10
[  779.385672][T13836]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  779.385701][T13836]  ? __pfx_lock_release+0x10/0x10
[  779.385729][T13836]  ? __import_iovec+0x582/0x830
[  779.385767][T13836]  ? __pfx_packet_sendmsg+0x10/0x10
[  779.385786][T13836]  __sock_sendmsg+0x221/0x270
[  779.385818][T13836]  ____sys_sendmsg+0x53a/0x860
[  779.385849][T13836]  ? __pfx_____sys_sendmsg+0x10/0x10
[  779.385870][T13836]  ? __fget_files+0x2a/0x410
[  779.385894][T13836]  ? __fget_files+0x2a/0x410
[  779.385924][T13836]  __sys_sendmmsg+0x36a/0x720
[  779.385958][T13836]  ? __pfx___sys_sendmmsg+0x10/0x10
[  779.385993][T13836]  ? __pfx_lock_release+0x10/0x10
[  779.386020][T13836]  ? kstrtouint_from_user+0x128/0x190
[  779.386067][T13836]  ? ksys_write+0x22a/0x2b0
[  779.386093][T13836]  ? __pfx_lock_release+0x10/0x10
[  779.386127][T13836]  ? sb_end_write+0xe9/0x1c0
[  779.386149][T13836]  ? vfs_write+0x7fa/0xd10
[  779.386177][T13836]  ? __mutex_unlock_slowpath+0x227/0x800
[  779.386272][T13836]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  779.386305][T13836]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  779.386336][T13836]  ? do_syscall_64+0x100/0x230
[  779.386372][T13836]  __x64_sys_sendmmsg+0xa0/0xb0
[  779.386398][T13836]  do_syscall_64+0xf3/0x230
[  779.386430][T13836]  ? clear_bhb_loop+0x35/0x90
[  779.386463][T13836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.386501][T13836] RIP: 0033:0x7f2b9cd8d169
[  779.386520][T13836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  779.386538][T13836] RSP: 002b:00007f2b9db67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  779.386560][T13836] RAX: ffffffffffffffda RBX: 00007f2b9cfa5fa0 RCX: 00007f2b9cd8d169
[  779.386575][T13836] RDX: 0000000000000001 RSI: 0000400000000440 RDI: 0000000000000004
[  779.386588][T13836] RBP: 00007f2b9db67090 R08: 0000000000000000 R09: 0000000000000000
[  779.386600][T13836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  779.386612][T13836] R13: 0000000000000000 R14: 00007f2b9cfa5fa0 R15: 00007fffc83e39f8
[  779.386643][T13836]  </TASK>
[  779.386942][ T5870] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  779.773128][ T5870] usb 6-1: config 179 has no interface number 0
[  779.779445][ T5870] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  779.790720][ T5870] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  779.802498][ T5870] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  779.817344][ T5870] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  780.351213][ T5870] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  780.381178][ T5870] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  780.390597][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.451898][T13844] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2101'.
[  780.463151][T13817] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  780.605652][T13852] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2104'.
[  780.615541][T13852] netlink: 'syz.1.2104': attribute type 1 has an invalid length.
[  780.623791][T13852] netlink: 'syz.1.2104': attribute type 1 has an invalid length.
[  780.631795][T13852] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2104'.
[  781.453180][T13817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  781.455446][ T5870] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input29
[  781.491951][T13817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  781.501802][T13859] FAULT_INJECTION: forcing a failure.
[  781.501802][T13859] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  781.514927][T13859] CPU: 0 UID: 0 PID: 13859 Comm: syz.3.2107 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  781.514944][T13859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  781.514952][T13859] Call Trace:
[  781.514957][T13859]  <TASK>
[  781.514962][T13859]  dump_stack_lvl+0x241/0x360
[  781.514982][T13859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  781.514996][T13859]  ? __pfx__printk+0x10/0x10
[  781.515021][T13859]  ? snprintf+0xda/0x120
[  781.515042][T13859]  should_fail_ex+0x40a/0x550
[  781.515065][T13859]  _copy_to_user+0x31/0xb0
[  781.515084][T13859]  simple_read_from_buffer+0xca/0x150
[  781.515108][T13859]  proc_fail_nth_read+0x1e9/0x250
[  781.515123][T13859]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  781.515139][T13859]  ? rw_verify_area+0x243/0x630
[  781.515156][T13859]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  781.515170][T13859]  vfs_read+0x1f8/0xb40
[  781.515187][T13859]  ? fdget_pos+0x254/0x320
[  781.515202][T13859]  ? __pfx___mutex_lock+0x10/0x10
[  781.515223][T13859]  ? __pfx_vfs_read+0x10/0x10
[  781.515244][T13859]  ? do_sys_openat2+0x17a/0x1d0
[  781.515260][T13859]  ? __fget_files+0x2a/0x410
[  781.515275][T13859]  ? __fget_files+0x395/0x410
[  781.515288][T13859]  ? __fget_files+0x2a/0x410
[  781.515307][T13859]  ksys_read+0x18f/0x2b0
[  781.515326][T13859]  ? __pfx_ksys_read+0x10/0x10
[  781.515343][T13859]  ? do_syscall_64+0x100/0x230
[  781.515366][T13859]  ? do_syscall_64+0xb6/0x230
[  781.515388][T13859]  do_syscall_64+0xf3/0x230
[  781.515408][T13859]  ? clear_bhb_loop+0x35/0x90
[  781.515430][T13859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.515448][T13859] RIP: 0033:0x7fd510d8bb7c
[  781.515460][T13859] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  781.515471][T13859] RSP: 002b:00007fd511b6e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  781.515486][T13859] RAX: ffffffffffffffda RBX: 00007fd510fa6080 RCX: 00007fd510d8bb7c
[  781.515496][T13859] RDX: 000000000000000f RSI: 00007fd511b6e0a0 RDI: 000000000000000c
[  781.515504][T13859] RBP: 00007fd511b6e090 R08: 0000000000000000 R09: 0000000000000000
[  781.515512][T13859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  781.515519][T13859] R13: 0000000000000000 R14: 00007fd510fa6080 R15: 00007ffd2bab5dd8
[  781.515539][T13859]  </TASK>
[  782.904320][   T30] audit: type=1800 audit(1742328812.561:108): pid=13860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2105" name="/" dev="9p" ino=2 res=0 errno=0
[  784.701347][    C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  784.701353][   T26] usb 6-1: USB disconnect, device number 26
[  784.716658][    C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  785.611313][   T26] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  785.645103][   T30] audit: type=1326 audit(1742328815.331:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  785.691832][   T30] audit: type=1326 audit(1742328815.331:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  785.758758][T13898] ceph: No mds server is up or the cluster is laggy
[  785.761476][   T30] audit: type=1326 audit(1742328815.331:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  785.766081][ T5870] libceph: connect (1)[c::]:6789 error -101
[  785.787986][   T30] audit: type=1326 audit(1742328815.331:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  786.528464][   T26] usb 6-1: Using ep0 maxpacket: 16
[  786.552903][ T5870] libceph: mon0 (1)[c::]:6789 connect error
[  786.570901][   T26] usb 6-1: config 7 has an invalid interface number: 46 but max is 0
[  786.579804][   T26] usb 6-1: config 7 has no interface number 0
[  786.602078][   T26] usb 6-1: config 7 interface 46 has no altsetting 0
[  786.609842][T13899] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2117'.
[  786.634052][   T30] audit: type=1326 audit(1742328815.331:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  786.657594][   T26] usb 6-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  786.667361][   T30] audit: type=1326 audit(1742328815.331:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe81d78bad0 code=0x7ffc0000
[  786.699601][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.715299][   T26] usb 6-1: Product: syz
[  786.726826][   T26] usb 6-1: Manufacturer: syz
[  786.738963][   T26] usb 6-1: SerialNumber: syz
[  786.743856][   T30] audit: type=1326 audit(1742328815.331:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe81d78e997 code=0x7ffc0000
[  786.743903][   T30] audit: type=1326 audit(1742328815.331:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe81d78d169 code=0x7ffc0000
[  786.854042][   T30] audit: type=1326 audit(1742328815.331:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13900 comm="syz.0.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe81d78e997 code=0x7ffc0000
[  787.037997][T13916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2120'.
[  787.047748][T13916] netlink: 'syz.3.2120': attribute type 1 has an invalid length.
[  787.056077][T13916] netlink: 'syz.3.2120': attribute type 1 has an invalid length.
[  787.064329][T13916] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2120'.
[  787.944709][T13901] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  787.954313][T13901] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  787.967389][T13901] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  787.976982][T13901] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  788.637057][T13938] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2124'.
[  791.221966][   T26] usb 6-1: USB disconnect, device number 27
[  791.832485][T13960] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2131'.
[  791.855199][    T9] libceph: connect (1)[c::]:6789 error -101
[  791.861776][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  791.966593][T13963] ceph: No mds server is up or the cluster is laggy
[  792.125423][    T9] libceph: connect (1)[c::]:6789 error -101
[  792.146017][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  794.126037][T13986] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2137'.
[  794.993321][T13989] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2139'.
[  796.191160][ T5898] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  796.198909][   T26] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  796.313366][T14011] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2146'.
[  796.371153][   T26] usb 6-1: Using ep0 maxpacket: 16
[  796.385061][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  796.422881][   T26] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  796.447682][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.456056][ T5898] usb 2-1: config 7 has an invalid interface number: 46 but max is 0
[  796.479283][ T5898] usb 2-1: config 7 has no interface number 0
[  796.488272][   T26] usb 6-1: Product: syz
[  796.501492][   T26] usb 6-1: Manufacturer: syz
[  796.506226][   T26] usb 6-1: SerialNumber: syz
[  796.516610][ T5898] usb 2-1: config 7 interface 46 has no altsetting 0
[  796.560009][ T5898] usb 2-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  796.605566][   T26] r8152-cfgselector 6-1: Unknown version 0x0000
[  796.612462][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.620485][ T5898] usb 2-1: Product: syz
[  796.632511][   T26] r8152-cfgselector 6-1: config 0 descriptor??
[  796.658714][ T5898] usb 2-1: Manufacturer: syz
[  796.666286][ T5898] usb 2-1: SerialNumber: syz
[  797.051503][T14030] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2149'.
[  797.393937][   T26] r8152-cfgselector 6-1: Unknown version 0x0000
[  797.564686][   T26] r8152-cfgselector 6-1: bad CDC descriptors
[  797.623212][   T26] r8152-cfgselector 6-1: USB disconnect, device number 28
[  798.069744][ T5898] usb 2-1: USB disconnect, device number 33
[  798.177155][T14043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2151'.
[  798.187524][T14043] netlink: 'syz.3.2151': attribute type 1 has an invalid length.
[  798.196379][T14043] netlink: 'syz.3.2151': attribute type 1 has an invalid length.
[  798.204994][T14043] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2151'.
[  798.761818][T14050] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2154'.
[  800.610256][T14075] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2160'.
[  801.196789][ T5898] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  801.273117][T14091] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2167'.
[  801.381557][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  801.607828][    T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  803.363032][ T5898] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  803.363596][    T9] usb 4-1: Using ep0 maxpacket: 16
[  803.568513][    T9] usb 4-1: config 7 has an invalid interface number: 46 but max is 0
[  803.582246][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.590278][ T5898] usb 2-1: Product: syz
[  803.618513][T14094] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2168'.
[  803.628941][    T9] usb 4-1: config 7 has no interface number 0
[  803.647370][    T9] usb 4-1: config 7 interface 46 has no altsetting 0
[  803.656006][ T5898] usb 2-1: Manufacturer: syz
[  803.675951][    T9] usb 4-1: New USB device found, idVendor=9fdb, idProduct=cfba, bcdDevice=f1.37
[  803.679324][ T5898] usb 2-1: SerialNumber: syz
[  803.695406][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.709983][ T5898] r8152-cfgselector 2-1: Unknown version 0x0000
[  803.714614][    T9] usb 4-1: Product: syz
[  803.716581][ T5898] r8152-cfgselector 2-1: config 0 descriptor??
[  803.723966][    T9] usb 4-1: Manufacturer: syz
[  803.745854][    T9] usb 4-1: SerialNumber: syz
[  804.625703][ T5898] r8152-cfgselector 2-1: Unknown version 0x0000
[  804.759412][ T5898] r8152-cfgselector 2-1: bad CDC descriptors
[  804.945962][ T5898] r8152-cfgselector 2-1: USB disconnect, device number 34
[  805.911116][    T9] usb 4-1: USB disconnect, device number 39
[  807.722136][T14161] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.2186'.
[  807.761782][ T5898] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  808.854760][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  808.881215][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  808.893187][ T5898] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  808.902330][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.910539][ T5898] usb 2-1: Product: syz
[  808.915847][ T5898] usb 2-1: Manufacturer: syz
[  808.920561][ T5898] usb 2-1: SerialNumber: syz
[  809.670626][ T5898] r8152-cfgselector 2-1: Unknown version 0x0000
[  809.676990][ T5898] r8152-cfgselector 2-1: config 0 descriptor??
[  810.192502][ T5898] r8152-cfgselector 2-1: Unknown version 0x0000
[  810.199086][ T5898] r8152-cfgselector 2-1: bad CDC descriptors
[  810.241316][ T5898] r8152-cfgselector 2-1: USB disconnect, device number 35
[  813.001822][ T5870] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  813.424879][ T5870] usb 1-1: config 0 has an invalid interface number: 131 but max is 0
[  813.449071][ T5870] usb 1-1: config 0 has no interface number 0
[  813.475129][ T5870] usb 1-1: config 0 interface 131 has no altsetting 0
[  813.501914][ T5870] usb 1-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  813.710970][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.765710][ T5870] usb 1-1: Product: syz
[  813.774481][ T5870] usb 1-1: Manufacturer: syz
[  813.814034][ T5870] usb 1-1: SerialNumber: syz
[  813.848022][ T5870] usb 1-1: config 0 descriptor??
[  815.431194][    T9] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  815.571254][ T5898] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  815.613569][    T9] usb 2-1: config 0 has an invalid interface number: 131 but max is 0
[  815.629018][    T9] usb 2-1: config 0 has no interface number 0
[  815.725267][ T5898] usb 6-1: config 0 has an invalid interface number: 131 but max is 0
[  815.727460][    T9] usb 2-1: config 0 interface 131 has no altsetting 0
[  815.779979][ T5898] usb 6-1: config 0 has no interface number 0
[  815.783731][    T9] usb 2-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  815.803297][ T5898] usb 6-1: config 0 interface 131 has no altsetting 0
[  815.850170][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.859746][ T5898] usb 6-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  815.876655][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.881692][    T9] usb 2-1: Product: syz
[  815.888621][ T5898] usb 6-1: Product: syz
[  815.888857][    T9] usb 2-1: Manufacturer: syz
[  815.900681][ T5898] usb 6-1: Manufacturer: syz
[  815.955181][ T5898] usb 6-1: SerialNumber: syz
[  816.110390][    T9] usb 2-1: SerialNumber: syz
[  816.246087][ T5898] usb 6-1: config 0 descriptor??
[  816.398452][    T9] usb 2-1: config 0 descriptor??
[  816.404586][ T5870] usb 1-1: bad CDC descriptors
[  816.460417][ T5870] usb 1-1: USB disconnect, device number 30
[  818.128573][T14256] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.2213'.
[  818.232973][    T9] usb 2-1: bad CDC descriptors
[  818.252254][    T9] usb 2-1: USB disconnect, device number 36
[  819.161508][ T5898] usb 6-1: bad CDC descriptors
[  819.181656][T14261] nvme_fabrics: missing parameter 'transport=%s'
[  819.186982][ T5898] usb 6-1: USB disconnect, device number 29
[  819.289990][T14261] nvme_fabrics: missing parameter 'nqn=%s'
[  820.783230][T14289] Unsupported ieee802154 address type: 0
[  821.881220][T14303] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2225'.
[  822.085490][T14303] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2225'.
[  822.388326][T14304] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2226'.
[  822.422313][T14304] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2226'.
[  822.511620][T14310] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.2227'.
[  822.618245][T14312] netlink: 'syz.1.2228': attribute type 3 has an invalid length.
[  822.630193][T14312] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2228'.
[  822.735233][T14317] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  822.891176][   T26] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  823.801460][T14323] netlink: 'syz.3.2230': attribute type 1 has an invalid length.
[  823.976451][   T26] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  823.993770][T14326] 8021q: adding VLAN 0 to HW filter on device bond1
[  824.023231][   T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  824.082994][   T26] usb 2-1: too many endpoints for config 1 interface 1 altsetting 145: 217, using maximum allowed: 30
[  824.083227][T14331] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2235'.
[  824.378605][   T26] usb 2-1: config 1 interface 1 altsetting 145 has 0 endpoint descriptors, different from the interface descriptor's value: 217
[  824.697360][   T26] usb 2-1: config 1 interface 1 has no altsetting 0
[  824.716082][T14340] FAULT_INJECTION: forcing a failure.
[  824.716082][T14340] name failslab, interval 1, probability 0, space 0, times 0
[  824.723553][   T26] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  824.728846][T14340] CPU: 0 UID: 0 PID: 14340 Comm: syz.5.2234 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  824.728884][T14340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  824.728905][T14340] Call Trace:
[  824.728914][T14340]  <TASK>
[  824.728924][T14340]  dump_stack_lvl+0x241/0x360
[  824.728956][T14340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  824.728979][T14340]  ? __pfx__printk+0x10/0x10
[  824.729027][T14340]  should_fail_ex+0x40a/0x550
[  824.729067][T14340]  should_failslab+0xac/0x100
[  824.729103][T14340]  ? skb_clone+0x20c/0x390
[  824.729127][T14340]  kmem_cache_alloc_noprof+0x70/0x380
[  824.729169][T14340]  skb_clone+0x20c/0x390
[  824.729193][T14340]  ? dev_queue_xmit_nit+0x3fe/0xca0
[  824.729230][T14340]  dev_queue_xmit_nit+0x249/0xca0
[  824.729267][T14340]  ? dev_queue_xmit_nit+0x2b/0xca0
[  824.729302][T14340]  ? validate_xmit_skb+0x9f9/0x1040
[  824.729333][T14340]  dev_hard_start_xmit+0x15f/0x7d0
[  824.729360][T14340]  ? __pfx_validate_xmit_skb+0x10/0x10
[  824.729396][T14340]  __dev_queue_xmit+0x1b73/0x3f50
[  824.729421][T14340]  ? kasan_save_track+0x51/0x80
[  824.729473][T14340]  ? ____sys_sendmsg+0x53a/0x860
[  824.729503][T14340]  ? __dev_queue_xmit+0x2f4/0x3f50
[  824.729534][T14340]  ? __pfx___dev_queue_xmit+0x10/0x10
[  824.729578][T14340]  ? __copy_skb_header+0xa7/0x5a0
[  824.729605][T14340]  ? __asan_memcpy+0x40/0x70
[  824.729654][T14340]  ? skb_clone+0x240/0x390
[  824.729683][T14340]  __netlink_deliver_tap+0x561/0x7f0
[  824.729730][T14340]  ? netlink_deliver_tap+0x2e/0x1b0
[  824.729755][T14340]  netlink_deliver_tap+0x19d/0x1b0
[  824.729784][T14340]  netlink_unicast+0x7c4/0x990
[  824.729818][T14340]  ? __pfx_netlink_unicast+0x10/0x10
[  824.729839][T14340]  ? __virt_addr_valid+0x45f/0x530
[  824.729874][T14340]  ? __phys_addr_symbol+0x2f/0x70
[  824.729905][T14340]  ? __check_object_size+0x47a/0x730
[  824.729946][T14340]  netlink_sendmsg+0x8de/0xcb0
[  824.729988][T14340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  824.730030][T14340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  824.730065][T14340]  __sock_sendmsg+0x221/0x270
[  824.730099][T14340]  ____sys_sendmsg+0x53a/0x860
[  824.730134][T14340]  ? __pfx_____sys_sendmsg+0x10/0x10
[  824.730156][T14340]  ? __fget_files+0x2a/0x410
[  824.730184][T14340]  ? __fget_files+0x2a/0x410
[  824.730218][T14340]  __sys_sendmsg+0x269/0x350
[  824.730249][T14340]  ? __pfx___sys_sendmsg+0x10/0x10
[  824.730291][T14340]  ? do_sys_openat2+0x17a/0x1d0
[  824.730348][T14340]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  824.730382][T14340]  ? do_syscall_64+0x100/0x230
[  824.730425][T14340]  ? do_syscall_64+0xb6/0x230
[  824.730468][T14340]  do_syscall_64+0xf3/0x230
[  824.730502][T14340]  ? clear_bhb_loop+0x35/0x90
[  824.730537][T14340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.730567][T14340] RIP: 0033:0x7f0cdb78d169
[  824.730588][T14340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.730606][T14340] RSP: 002b:00007f0cdc630038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  824.730630][T14340] RAX: ffffffffffffffda RBX: 00007f0cdb9a5fa0 RCX: 00007f0cdb78d169
[  824.730652][T14340] RDX: 0000000000000080 RSI: 0000400000000280 RDI: 0000000000000003
[  824.730667][T14340] RBP: 00007f0cdc630090 R08: 0000000000000000 R09: 0000000000000000
[  824.730681][T14340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  824.730694][T14340] R13: 0000000000000000 R14: 00007f0cdb9a5fa0 R15: 00007ffca2375678
[  824.730729][T14340]  </TASK>
[  825.130470][   T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.159618][   T26] usb 2-1: Product: syz
[  825.167400][   T26] usb 2-1: Manufacturer: syz
[  825.217971][   T26] usb 2-1: SerialNumber: syz
[  825.299963][   T26] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22
[  826.112719][ T5870] usb 2-1: USB disconnect, device number 37
[  826.764223][ T5898] usb 2-1: new full-speed USB device number 38 using dummy_hcd
[  826.955024][ T5898] usb 2-1: config 0 has an invalid interface number: 131 but max is 0
[  827.078406][T14373] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2246'.
[  827.143637][ T5898] usb 2-1: config 0 has no interface number 0
[  827.185112][ T5898] usb 2-1: config 0 interface 131 has no altsetting 0
[  827.274481][ T5898] usb 2-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  827.332265][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  827.340897][ T5898] usb 2-1: Product: syz
[  827.346141][ T5898] usb 2-1: Manufacturer: syz
[  827.374724][ T5898] usb 2-1: SerialNumber: syz
[  827.380967][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  827.380983][   T30] audit: type=1800 audit(1742328857.061:121): pid=14365 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2242" name="/" dev="9p" ino=2 res=0 errno=0
[  827.412123][ T5898] usb 2-1: config 0 descriptor??
[  827.949381][T14382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2249'.
[  830.497810][ T5898] usb 2-1: bad CDC descriptors
[  830.544386][ T5898] usb 2-1: USB disconnect, device number 38
[  830.916945][T14408] usb usb8: usbfs: process 14408 (syz.1.2257) did not claim interface 0 before use
[  830.985891][   T30] audit: type=1800 audit(1742328860.671:122): pid=14407 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2258" name="/" dev="9p" ino=2 res=0 errno=0
[  834.367957][T14436] netlink: 197276 bytes leftover after parsing attributes in process `syz.5.2265'.
[  837.478968][T14463] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2273'.
[  837.981160][ T5867] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  838.058917][T14469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'.
[  838.862699][T14469] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2274'.
[  838.923285][ T5867] usb 2-1: Using ep0 maxpacket: 32
[  838.964603][ T5867] usb 2-1: config 0 has an invalid interface number: 78 but max is 0
[  838.988992][ T5867] usb 2-1: config 0 has no interface number 0
[  839.018711][ T5867] usb 2-1: config 0 interface 78 has no altsetting 0
[  839.057468][ T5867] usb 2-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9b.26
[  839.060254][T14478] overlayfs: failed to clone upperpath
[  839.074771][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.132202][ T5867] usb 2-1: Product: syz
[  839.158011][ T5867] usb 2-1: Manufacturer: syz
[  839.199090][ T5867] usb 2-1: SerialNumber: syz
[  839.248249][ T5867] usb 2-1: config 0 descriptor??
[  839.366380][ T5867]  (null): radio-mr800 - initialization failed
[  839.414872][ T5867] radio-mr800 2-1:0.78: probe with driver radio-mr800 failed with error -8
[  839.518000][ T5867] usbhid 2-1:0.78: couldn't find an input interrupt endpoint
[  839.753397][ T5898] usb 2-1: USB disconnect, device number 39
[  839.810411][   T30] audit: type=1800 audit(1742328869.491:123): pid=14476 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2277" name="/" dev="9p" ino=2 res=0 errno=0
[  840.025985][T14492] netlink: 197276 bytes leftover after parsing attributes in process `syz.5.2279'.
[  841.618314][ T5870] libceph: connect (1)[c::]:6789 error -101
[  841.756446][ T5870] libceph: mon0 (1)[c::]:6789 connect error
[  841.921135][T14504] ceph: No mds server is up or the cluster is laggy
[  842.123903][ T5867] libceph: connect (1)[c::]:6789 error -101
[  842.130438][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  842.606462][T14522] ip6t_srh: unknown srh match flags  5294
[  843.655028][T14526] syz.2.2288(14526): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  843.729389][T14526] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2288'.
[  843.759940][T14526] 9pnet: p9_errstr2errno: server reported unknown error ¤ÑÅl0î„&IØü0‚Ñ(|9Ê’{Šøÿ
[  846.924529][T14573] overlayfs: failed to verify upper (442/file0, ino=2420, err=-116)
[  846.933036][T14573] overlayfs: failed to verify index dir 'upper' xattr
[  846.981117][T14573] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  850.884297][T14610] nvme_fabrics: missing parameter 'transport=%s'
[  850.891200][T14610] nvme_fabrics: missing parameter 'nqn=%s'
[  852.498508][   T30] audit: type=1326 audit(1742328882.181:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14631 comm="syz.2.2316" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2440f8d169 code=0x0
[  852.583933][T14651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2318'.
[  854.176089][T14662] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2321'.
[  854.851719][ T5870] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[  854.886887][ T5867] hid-generic 0003:0003:FFFFFFFD.0022: unknown main item tag 0x0
[  854.896557][ T5867] hid-generic 0003:0003:FFFFFFFD.0022: unknown main item tag 0x0
[  854.911302][ T5867] hid-generic 0003:0003:FFFFFFFD.0022: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  855.028792][ T5870] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  855.039692][ T5870] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  855.058972][ T5870] usb 4-1: config 0 has no interface number 0
[  855.065817][ T5870] usb 4-1: config 0 interface 231 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  855.088179][ T5870] usb 4-1: config 0 interface 231 has no altsetting 0
[  855.109259][ T5870] usb 4-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=21.78
[  855.119734][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.133136][ T5870] usb 4-1: Product: syz
[  855.137604][ T5870] usb 4-1: Manufacturer: syz
[  855.145684][ T5870] usb 4-1: SerialNumber: syz
[  855.159250][ T5870] usb 4-1: config 0 descriptor??
[  855.377447][ T5870] asix 4-1:0.231 (unnamed net_device) (uninitialized): invalid hw address, using random
[  855.588798][ T5870] asix 4-1:0.231 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  855.645175][ T5870] asix 4-1:0.231 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  855.682325][ T5870] asix 4-1:0.231: probe with driver asix failed with error -71
[  855.742193][ T5870] usb 4-1: USB disconnect, device number 40
[  855.812423][   T30] audit: type=1326 audit(1742328885.501:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14690 comm="syz.2.2333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2440f8d169 code=0x0
[  856.008889][T14703] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.2335'.
[  858.018161][T14715] loop9: detected capacity change from 0 to 8
[  858.071847][T14715] Dev loop9: unable to read RDB block 8
[  858.077497][T14715]  loop9: unable to read partition table
[  858.127044][T14715] loop9: partition table beyond EOD, truncated
[  858.142125][T14715] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  858.594758][T14735] overlayfs: failed to clone upperpath
[  858.601226][   T26] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  858.611810][T14735] overlayfs: failed to clone upperpath
[  858.871277][   T26] usb 6-1: Using ep0 maxpacket: 8
[  858.883819][   T26] usb 6-1: config 127 has an invalid interface number: 195 but max is 1
[  859.748656][   T26] usb 6-1: config 127 has an invalid interface number: 242 but max is 1
[  859.779466][   T26] usb 6-1: config 127 has no interface number 0
[  859.786469][   T26] usb 6-1: config 127 has no interface number 1
[  859.793191][   T26] usb 6-1: config 127 interface 242 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  859.804533][   T26] usb 6-1: config 127 interface 195 has no altsetting 0
[  859.811933][   T26] usb 6-1: config 127 interface 242 has no altsetting 0
[  859.992896][   T26] usb 6-1: New USB device found, idVendor=1415, idProduct=2000, bcdDevice=3e.d0
[  860.003622][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.011865][   T26] usb 6-1: Product: syz
[  860.016155][   T26] usb 6-1: Manufacturer: syz
[  860.020873][   T26] usb 6-1: SerialNumber: syz
[  861.340213][   T30] audit: type=1326 audit(1742328891.001:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14751 comm="syz.0.2352" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe81d78d169 code=0x0
[  861.528862][   T26] usb 6-1: USB disconnect, device number 30
[  862.163621][T14777] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  862.441717][ T5870] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  862.621129][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  862.662552][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  862.731136][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 25960, setting to 1024
[  862.758577][ T5870] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  862.840001][ T5870] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  863.363003][ T5870] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  863.372241][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  863.380381][ T5870] usb 4-1: SerialNumber: syz
[  863.404696][T14777] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  863.415243][ T5870] cdc_acm 4-1:1.0: skipping garbage
[  863.624627][ T5870] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  863.648403][ T5870] usb 4-1: USB disconnect, device number 41
[  863.857321][T14788] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  863.870090][T14788] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  863.894691][T14788] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  863.921412][T14788] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  863.941878][T14788] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  863.950656][T14788] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  864.025172][ T5136] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  864.033847][ T5136] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  864.042768][ T5136] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  864.059517][ T5136] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  864.069239][ T5136] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  864.077545][ T5136] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  864.801387][ T5898] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  864.930486][T14797] FAULT_INJECTION: forcing a failure.
[  864.930486][T14797] name failslab, interval 1, probability 0, space 0, times 0
[  864.943312][T14797] CPU: 1 UID: 0 PID: 14797 Comm: syz.5.2363 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  864.943331][T14797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  864.943341][T14797] Call Trace:
[  864.943346][T14797]  <TASK>
[  864.943351][T14797]  dump_stack_lvl+0x241/0x360
[  864.943373][T14797]  ? __pfx_dump_stack_lvl+0x10/0x10
[  864.943389][T14797]  ? __pfx__printk+0x10/0x10
[  864.943420][T14797]  should_fail_ex+0x40a/0x550
[  864.943447][T14797]  should_failslab+0xac/0x100
[  864.943471][T14797]  ? skb_clone+0x20c/0x390
[  864.943488][T14797]  kmem_cache_alloc_noprof+0x70/0x380
[  864.943516][T14797]  skb_clone+0x20c/0x390
[  864.943531][T14797]  ? dev_queue_xmit_nit+0x3fe/0xca0
[  864.943557][T14797]  dev_queue_xmit_nit+0x249/0xca0
[  864.943581][T14797]  ? dev_queue_xmit_nit+0x2b/0xca0
[  864.943605][T14797]  ? validate_xmit_skb+0x9f9/0x1040
[  864.943625][T14797]  dev_hard_start_xmit+0x15f/0x7d0
[  864.943642][T14797]  ? __pfx_validate_xmit_skb+0x10/0x10
[  864.943666][T14797]  __dev_queue_xmit+0x1b73/0x3f50
[  864.943683][T14797]  ? kasan_save_track+0x51/0x80
[  864.943706][T14797]  ? ____sys_sendmsg+0x53a/0x860
[  864.943726][T14797]  ? __dev_queue_xmit+0x2f4/0x3f50
[  864.943746][T14797]  ? __pfx___dev_queue_xmit+0x10/0x10
[  864.943775][T14797]  ? __copy_skb_header+0xa7/0x5a0
[  864.943793][T14797]  ? __asan_memcpy+0x40/0x70
[  864.943824][T14797]  ? skb_clone+0x240/0x390
[  864.943843][T14797]  __netlink_deliver_tap+0x561/0x7f0
[  864.943870][T14797]  ? netlink_deliver_tap+0x2e/0x1b0
[  864.943887][T14797]  netlink_deliver_tap+0x19d/0x1b0
[  864.943906][T14797]  netlink_unicast+0x7c4/0x990
[  864.943928][T14797]  ? __pfx_netlink_unicast+0x10/0x10
[  864.943949][T14797]  ? __virt_addr_valid+0x45f/0x530
[  864.943982][T14797]  ? __phys_addr_symbol+0x2f/0x70
[  864.944011][T14797]  ? __check_object_size+0x47a/0x730
[  864.944048][T14797]  netlink_sendmsg+0x8de/0xcb0
[  864.944082][T14797]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.944110][T14797]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.944126][T14797]  __sock_sendmsg+0x221/0x270
[  864.944149][T14797]  ____sys_sendmsg+0x53a/0x860
[  864.944171][T14797]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.944185][T14797]  ? __fget_files+0x2a/0x410
[  864.944204][T14797]  ? __fget_files+0x2a/0x410
[  864.944233][T14797]  __sys_sendmsg+0x269/0x350
[  864.944253][T14797]  ? __pfx___sys_sendmsg+0x10/0x10
[  864.944279][T14797]  ? do_sys_openat2+0x17a/0x1d0
[  864.944315][T14797]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  864.944337][T14797]  ? do_syscall_64+0x100/0x230
[  864.944363][T14797]  ? do_syscall_64+0xb6/0x230
[  864.944388][T14797]  do_syscall_64+0xf3/0x230
[  864.944410][T14797]  ? clear_bhb_loop+0x35/0x90
[  864.944434][T14797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.944455][T14797] RIP: 0033:0x7f0cdb78d169
[  864.944469][T14797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.944481][T14797] RSP: 002b:00007f0cdc630038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  864.944497][T14797] RAX: ffffffffffffffda RBX: 00007f0cdb9a5fa0 RCX: 00007f0cdb78d169
[  864.944508][T14797] RDX: 0000000000000080 RSI: 00004000000002c0 RDI: 0000000000000005
[  864.944518][T14797] RBP: 00007f0cdc630090 R08: 0000000000000000 R09: 0000000000000000
[  864.944527][T14797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  864.944536][T14797] R13: 0000000000000000 R14: 00007f0cdb9a5fa0 R15: 00007ffca2375678
[  864.944558][T14797]  </TASK>
[  865.401132][ T5898] usb 1-1: Using ep0 maxpacket: 8
[  865.408863][ T5898] usb 1-1: config 127 has an invalid interface number: 195 but max is 1
[  865.418708][ T5898] usb 1-1: config 127 has an invalid interface number: 242 but max is 1
[  865.427215][ T5898] usb 1-1: config 127 has no interface number 0
[  865.434364][ T5898] usb 1-1: config 127 has no interface number 1
[  865.440712][ T5898] usb 1-1: config 127 interface 242 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  865.453254][ T5898] usb 1-1: config 127 interface 195 has no altsetting 0
[  865.460243][ T5898] usb 1-1: config 127 interface 242 has no altsetting 0
[  865.470089][ T5898] usb 1-1: New USB device found, idVendor=1415, idProduct=2000, bcdDevice=3e.d0
[  865.479834][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.487895][ T5898] usb 1-1: Product: syz
[  865.492110][ T5898] usb 1-1: Manufacturer: syz
[  865.496704][ T5898] usb 1-1: SerialNumber: syz
[  865.916945][T14787] chnl_net:caif_netlink_parms(): no params data found
[  865.951312][   T30] audit: type=1800 audit(1742328895.631:127): pid=14799 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2365" name="/" dev="9p" ino=2 res=0 errno=0
[  866.023211][    T9] hid-generic 0003:0003:FFFFFFFD.0023: unknown main item tag 0x0
[  866.027028][   T26] hid-generic 0003:0003:FFFFFFFD.0024: unknown main item tag 0x0
[  866.038124][    T9] hid-generic 0003:0003:FFFFFFFD.0023: unknown main item tag 0x0
[  866.057813][    T9] hid-generic 0003:0003:FFFFFFFD.0023: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  866.080215][   T26] hid-generic 0003:0003:FFFFFFFD.0024: unknown main item tag 0x0
[  866.131590][ T5136] Bluetooth: hci5: command tx timeout
[  866.208988][   T26] hid-generic 0003:0003:FFFFFFFD.0024: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  866.472479][T14787] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.479775][T14787] bridge0: port 1(bridge_slave_0) entered disabled state
[  866.499495][T14787] bridge_slave_0: entered allmulticast mode
[  866.509440][T14787] bridge_slave_0: entered promiscuous mode
[  866.520436][T14787] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.537115][T14787] bridge0: port 2(bridge_slave_1) entered disabled state
[  866.559407][T14787] bridge_slave_1: entered allmulticast mode
[  866.740128][T14819] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2369'.
[  866.835139][T14787] bridge_slave_1: entered promiscuous mode
[  867.333283][ T5898] usb 1-1: USB disconnect, device number 31
[  867.365723][T14787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  867.397611][T14787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  867.886461][T14831] ip6t_srh: unknown srh match flags  5294
[  868.490186][ T5136] Bluetooth: hci5: command tx timeout
[  869.138702][T14787] team0: Port device team_slave_0 added
[  869.178151][T14787] team0: Port device team_slave_1 added
[  869.317027][T14842] Invalid ELF header len 8
[  869.378131][T14787] batman_adv: batadv0: Adding interface: batadv_slave_0
[  869.410943][T14787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  869.451715][T14787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  869.476088][T14787] batman_adv: batadv0: Adding interface: batadv_slave_1
[  869.490376][T14787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  869.528311][T14787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  869.653840][T14787] hsr_slave_0: entered promiscuous mode
[  869.677792][T14787] hsr_slave_1: entered promiscuous mode
[  869.700950][T14787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  869.718823][T14787] Cannot create hsr debugfs directory
[  869.944656][T14851] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2377'.
[  870.294117][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  870.700151][ T5136] Bluetooth: hci5: command tx timeout
[  871.032023][T14856] netlink: 'syz.0.2378': attribute type 1 has an invalid length.
[  871.333777][T14865] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.2381'.
[  871.698632][T14873] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2382'.
[  872.805370][ T5136] Bluetooth: hci5: command tx timeout
[  873.014640][T14787] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  873.054390][T14885] Unsupported ieee802154 address type: 0
[  873.186926][   T26] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  873.267749][T14787] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  873.351488][   T26] usb 6-1: Using ep0 maxpacket: 16
[  873.368654][   T26] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  873.392062][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  873.400132][   T26] usb 6-1: Product: syz
[  873.411094][T14896] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  873.429574][   T26] usb 6-1: Manufacturer: syz
[  873.450326][   T26] usb 6-1: SerialNumber: syz
[  873.538984][   T26] r8152-cfgselector 6-1: Unknown version 0x0000
[  873.546002][   T26] r8152-cfgselector 6-1: config 0 descriptor??
[  873.620739][T14787] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  874.346915][T14903] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2391'.
[  874.523602][   T26] r8152-cfgselector 6-1: Unknown version 0x0010
[  874.530044][   T26] r8152-cfgselector 6-1: bad CDC descriptors
[  874.566511][   T26] r8152-cfgselector 6-1: USB disconnect, device number 31
[  874.605222][T14787] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  874.633438][T14908] netlink: 'syz.3.2390': attribute type 1 has an invalid length.
[  874.833039][T14913] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.2392'.
[  874.864953][T14917] FAULT_INJECTION: forcing a failure.
[  874.864953][T14917] name failslab, interval 1, probability 0, space 0, times 0
[  874.903306][T14917] CPU: 0 UID: 0 PID: 14917 Comm: syz.1.2393 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  874.903334][T14917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  874.903346][T14917] Call Trace:
[  874.903353][T14917]  <TASK>
[  874.903361][T14917]  dump_stack_lvl+0x241/0x360
[  874.903395][T14917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.903411][T14917]  ? __pfx__printk+0x10/0x10
[  874.903436][T14917]  ? fs_reclaim_acquire+0x93/0x130
[  874.903457][T14917]  ? __pfx___might_resched+0x10/0x10
[  874.903480][T14917]  should_fail_ex+0x40a/0x550
[  874.903508][T14917]  should_failslab+0xac/0x100
[  874.903533][T14917]  __kmalloc_noprof+0xdd/0x4c0
[  874.903549][T14917]  ? tomoyo_encode+0x26f/0x540
[  874.903571][T14917]  tomoyo_encode+0x26f/0x540
[  874.903593][T14917]  tomoyo_realpath_from_path+0x59e/0x5e0
[  874.903622][T14917]  tomoyo_path_number_perm+0x239/0x770
[  874.903646][T14917]  ? __lock_acquire+0x1397/0x2100
[  874.903671][T14917]  ? tomoyo_path_number_perm+0x209/0x770
[  874.903696][T14917]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  874.903771][T14917]  ? __fget_files+0x2a/0x410
[  874.903792][T14917]  ? __fget_files+0x2a/0x410
[  874.903814][T14917]  security_file_ioctl+0xc6/0x2a0
[  874.903853][T14917]  __se_sys_ioctl+0x46/0x170
[  874.903876][T14917]  do_syscall_64+0xf3/0x230
[  874.903920][T14917]  ? clear_bhb_loop+0x35/0x90
[  874.903946][T14917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.903969][T14917] RIP: 0033:0x7f2b9cd8d169
[  874.903986][T14917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.904001][T14917] RSP: 002b:00007f2b9db67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  874.904022][T14917] RAX: ffffffffffffffda RBX: 00007f2b9cfa5fa0 RCX: 00007f2b9cd8d169
[  874.904034][T14917] RDX: 0000400000000080 RSI: 00000000c0405602 RDI: 0000000000000003
[  874.904057][T14917] RBP: 00007f2b9db67090 R08: 0000000000000000 R09: 0000000000000000
[  874.904068][T14917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.904078][T14917] R13: 0000000000000000 R14: 00007f2b9cfa5fa0 R15: 00007fffc83e39f8
[  874.904103][T14917]  </TASK>
[  874.904133][T14917] ERROR: Out of memory at tomoyo_realpath_from_path.
[  874.971383][   T30] audit: type=1800 audit(1742328904.651:128): pid=14920 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2395" name="/" dev="9p" ino=2 res=0 errno=0
[  875.743363][T14927] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2396'.
[  876.271080][T14787] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  876.615608][T14934] ceph: No mds server is up or the cluster is laggy
[  876.671485][    T9] libceph: connect (1)[c::]:6789 error -101
[  876.781107][T14787] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  876.821501][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  876.915731][T14787] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  876.955293][T14787] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  877.233914][T14787] 8021q: adding VLAN 0 to HW filter on device bond0
[  877.279702][T14787] 8021q: adding VLAN 0 to HW filter on device team0
[  877.318132][T11276] bridge0: port 1(bridge_slave_0) entered blocking state
[  877.325340][T11276] bridge0: port 1(bridge_slave_0) entered forwarding state
[  877.845226][   T30] audit: type=1800 audit(1742328907.521:129): pid=14939 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2399" name="/" dev="9p" ino=2 res=0 errno=0
[  877.899868][T11276] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.908389][T11276] bridge0: port 2(bridge_slave_1) entered forwarding state
[  878.355622][T14947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2401'.
[  878.844905][T14787] 8021q: adding VLAN 0 to HW filter on device batadv0
[  878.894535][T14955] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2403'.
[  878.943441][T14787] veth0_vlan: entered promiscuous mode
[  879.000585][T14787] veth1_vlan: entered promiscuous mode
[  879.064481][T14787] veth0_macvtap: entered promiscuous mode
[  879.129384][T14787] veth1_macvtap: entered promiscuous mode
[  879.894441][T14972] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2408'.
[  880.002526][T14787] batman_adv: batadv0: Interface activated: batadv_slave_0
[  880.203982][T14787] batman_adv: batadv0: Interface activated: batadv_slave_1
[  880.235205][T14787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  880.281150][T14787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  880.289931][T14787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  880.299128][T14787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  880.515900][ T5945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.561140][ T5945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  880.668364][T10574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.692476][T10574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  880.767972][  T839] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  881.245409][  T839] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  881.351297][  T839] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.359828][  T839] usb 4-1: Product: syz
[  881.387673][  T839] usb 4-1: Manufacturer: syz
[  881.398788][  T839] usb 4-1: SerialNumber: syz
[  881.457115][  T839] usb 4-1: config 0 descriptor??
[  881.542864][ T5136] Bluetooth: hci2: urb ffff88803471e800 submission failed (2)
[  881.591722][T14964] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2406'.
[  881.637125][T14964] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2406'.
[  881.751703][ T5898] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  881.915240][ T5898] usb 3-1: config 0 has an invalid interface number: 131 but max is 0
[  882.015955][ T5898] usb 3-1: config 0 has no interface number 0
[  882.105492][ T5898] usb 3-1: config 0 interface 131 has no altsetting 0
[  882.191756][ T5898] usb 3-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  882.211218][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.219423][ T5898] usb 3-1: Product: syz
[  882.228817][ T5898] usb 3-1: Manufacturer: syz
[  882.234104][ T5898] usb 3-1: SerialNumber: syz
[  882.249063][ T5898] usb 3-1: config 0 descriptor??
[  882.284598][   T26] usb 4-1: USB disconnect, device number 42
[  882.399579][T15000] Invalid source name
[  882.718482][T15002] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2413'.
[  884.543981][T15011] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.2416'.
[  884.992792][ T5898] usb 3-1: bad CDC descriptors
[  885.038982][ T5898] usb 3-1: USB disconnect, device number 13
[  885.863900][T15018] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2419'.
[  886.478891][  T839] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  887.334036][  T839] usb 2-1: config 0 has an invalid interface number: 131 but max is 0
[  887.342361][  T839] usb 2-1: config 0 has no interface number 0
[  887.348483][  T839] usb 2-1: config 0 interface 131 has no altsetting 0
[  887.502740][  T839] usb 2-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  887.531048][  T839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.571154][  T839] usb 2-1: Product: syz
[  887.581402][  T839] usb 2-1: Manufacturer: syz
[  887.595580][  T839] usb 2-1: SerialNumber: syz
[  887.632961][  T839] usb 2-1: config 0 descriptor??
[  889.062729][    T9] hid-generic 0003:0003:FFFFFFFD.0025: unknown main item tag 0x0
[  889.082562][    T9] hid-generic 0003:0003:FFFFFFFD.0025: unknown main item tag 0x0
[  889.097880][    T9] hid-generic 0003:0003:FFFFFFFD.0025: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  889.531226][ T5898] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  889.705905][ T5898] usb 4-1: config 0 has an invalid interface number: 131 but max is 0
[  889.724499][ T5898] usb 4-1: config 0 has no interface number 0
[  889.742302][ T5898] usb 4-1: config 0 interface 131 has no altsetting 0
[  889.764529][ T5898] usb 4-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  889.779281][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.790648][ T5898] usb 4-1: Product: syz
[  889.800720][ T5898] usb 4-1: Manufacturer: syz
[  889.883826][  T839] usb 2-1: bad CDC descriptors
[  889.908960][  T839] usb 2-1: USB disconnect, device number 40
[  889.923843][   T30] audit: type=1326 audit(1742328919.601:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15057 comm="syz.5.2432" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0cdb78d169 code=0x0
[  889.970918][ T5898] usb 4-1: SerialNumber: syz
[  889.999631][ T5898] usb 4-1: config 0 descriptor??
[  890.121631][T15067] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2433'.
[  892.743650][ T5898] usb 4-1: bad CDC descriptors
[  892.783341][ T5898] usb 4-1: USB disconnect, device number 43
[  892.863766][T15081] FAULT_INJECTION: forcing a failure.
[  892.863766][T15081] name failslab, interval 1, probability 0, space 0, times 0
[  892.876594][T15081] CPU: 0 UID: 0 PID: 15081 Comm: syz.1.2437 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  892.876614][T15081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  892.876624][T15081] Call Trace:
[  892.876630][T15081]  <TASK>
[  892.876636][T15081]  dump_stack_lvl+0x241/0x360
[  892.876658][T15081]  ? __pfx_dump_stack_lvl+0x10/0x10
[  892.876673][T15081]  ? __pfx__printk+0x10/0x10
[  892.876704][T15081]  should_fail_ex+0x40a/0x550
[  892.876731][T15081]  should_failslab+0xac/0x100
[  892.876755][T15081]  ? skb_clone+0x20c/0x390
[  892.876772][T15081]  kmem_cache_alloc_noprof+0x70/0x380
[  892.876801][T15081]  skb_clone+0x20c/0x390
[  892.876817][T15081]  ? dev_queue_xmit_nit+0x3fe/0xca0
[  892.876842][T15081]  dev_queue_xmit_nit+0x249/0xca0
[  892.876867][T15081]  ? dev_queue_xmit_nit+0x2b/0xca0
[  892.876891][T15081]  ? validate_xmit_skb+0x9f9/0x1040
[  892.876912][T15081]  dev_hard_start_xmit+0x15f/0x7d0
[  892.876929][T15081]  ? __pfx_validate_xmit_skb+0x10/0x10
[  892.876953][T15081]  __dev_queue_xmit+0x1b73/0x3f50
[  892.876970][T15081]  ? kasan_save_track+0x51/0x80
[  892.876994][T15081]  ? ____sys_sendmsg+0x53a/0x860
[  892.877016][T15081]  ? __dev_queue_xmit+0x2f4/0x3f50
[  892.877036][T15081]  ? __pfx___dev_queue_xmit+0x10/0x10
[  892.877065][T15081]  ? __copy_skb_header+0xa7/0x5a0
[  892.877083][T15081]  ? __asan_memcpy+0x40/0x70
[  892.877114][T15081]  ? skb_clone+0x240/0x390
[  892.877134][T15081]  __netlink_deliver_tap+0x561/0x7f0
[  892.877161][T15081]  ? netlink_deliver_tap+0x2e/0x1b0
[  892.877178][T15081]  netlink_deliver_tap+0x19d/0x1b0
[  892.877197][T15081]  netlink_unicast+0x7c4/0x990
[  892.877219][T15081]  ? __pfx_netlink_unicast+0x10/0x10
[  892.877233][T15081]  ? __virt_addr_valid+0x45f/0x530
[  892.877256][T15081]  ? __phys_addr_symbol+0x2f/0x70
[  892.877278][T15081]  ? __check_object_size+0x47a/0x730
[  892.877306][T15081]  netlink_sendmsg+0x8de/0xcb0
[  892.877333][T15081]  ? __pfx_netlink_sendmsg+0x10/0x10
[  892.877361][T15081]  ? __pfx_netlink_sendmsg+0x10/0x10
[  892.877378][T15081]  __sock_sendmsg+0x221/0x270
[  892.877400][T15081]  ____sys_sendmsg+0x53a/0x860
[  892.877423][T15081]  ? __pfx_____sys_sendmsg+0x10/0x10
[  892.877438][T15081]  ? __fget_files+0x2a/0x410
[  892.877456][T15081]  ? __fget_files+0x2a/0x410
[  892.877478][T15081]  __sys_sendmsg+0x269/0x350
[  892.877504][T15081]  ? __pfx___sys_sendmsg+0x10/0x10
[  892.877530][T15081]  ? do_sys_openat2+0x17a/0x1d0
[  892.877566][T15081]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  892.877589][T15081]  ? do_syscall_64+0x100/0x230
[  892.877614][T15081]  ? do_syscall_64+0xb6/0x230
[  892.877638][T15081]  do_syscall_64+0xf3/0x230
[  892.877661][T15081]  ? clear_bhb_loop+0x35/0x90
[  892.877685][T15081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  892.877706][T15081] RIP: 0033:0x7f2b9cd8d169
[  892.877720][T15081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  892.877732][T15081] RSP: 002b:00007f2b9db67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  892.877749][T15081] RAX: ffffffffffffffda RBX: 00007f2b9cfa5fa0 RCX: 00007f2b9cd8d169
[  892.877760][T15081] RDX: 0000000000000010 RSI: 0000400000000a00 RDI: 0000000000000003
[  892.877769][T15081] RBP: 00007f2b9db67090 R08: 0000000000000000 R09: 0000000000000000
[  892.877778][T15081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  892.877799][T15081] R13: 0000000000000000 R14: 00007f2b9cfa5fa0 R15: 00007fffc83e39f8
[  892.877821][T15081]  </TASK>
[  893.213481][    C0] vkms_vblank_simulate: vblank timer overrun
[  894.120312][T14788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  894.133527][T14788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  894.142522][T14788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  894.157033][T14788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  894.167429][T14788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  894.174703][ T5898] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  894.183320][T14788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  894.361754][ T5898] usb 3-1: Using ep0 maxpacket: 16
[  894.388263][ T5898] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  894.399061][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.503071][ T5898] usb 3-1: config 0 descriptor??
[  894.586701][T15105] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2444'.
[  894.595001][ T5898] gspca_main: sonixj-2.14.0 probing 0471:0327
[  896.221998][ T5898] gspca_sonixj: reg_w1 err -110
[  896.324146][T14788] Bluetooth: hci2: command tx timeout
[  896.344820][ T5898] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  896.439528][ T5898] usb 3-1: USB disconnect, device number 14
[  896.647309][T15099] chnl_net:caif_netlink_parms(): no params data found
[  896.954653][T15124] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  897.132556][T15124] afs: Unknown parameter 'dyp–×|ÍXü:n²$`n'
[  897.317096][T15099] bridge0: port 1(bridge_slave_0) entered blocking state
[  897.356718][T15099] bridge0: port 1(bridge_slave_0) entered disabled state
[  897.411359][T15099] bridge_slave_0: entered allmulticast mode
[  897.462603][T15099] bridge_slave_0: entered promiscuous mode
[  897.510076][T15099] bridge0: port 2(bridge_slave_1) entered blocking state
[  897.586986][T15099] bridge0: port 2(bridge_slave_1) entered disabled state
[  897.594824][T15099] bridge_slave_1: entered allmulticast mode
[  897.602132][T15099] bridge_slave_1: entered promiscuous mode
[  897.611957][T15136] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2453'.
[  897.669963][T15136] netlink: 'syz.5.2453': attribute type 1 has an invalid length.
[  897.967292][T15148] FAULT_INJECTION: forcing a failure.
[  897.967292][T15148] name failslab, interval 1, probability 0, space 0, times 0
[  897.980646][T15148] CPU: 1 UID: 0 PID: 15148 Comm: syz.1.2454 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  897.980674][T15148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  897.980687][T15148] Call Trace:
[  897.980694][T15148]  <TASK>
[  897.980703][T15148]  dump_stack_lvl+0x241/0x360
[  897.980733][T15148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.980755][T15148]  ? __pfx__printk+0x10/0x10
[  897.980790][T15148]  ? __kmalloc_noprof+0xb5/0x4c0
[  897.980812][T15148]  ? __pfx___might_resched+0x10/0x10
[  897.980838][T15148]  ? vb2_core_reqbufs+0x8f2/0x17c0
[  897.980868][T15148]  should_fail_ex+0x40a/0x550
[  897.980905][T15148]  should_failslab+0xac/0x100
[  897.980939][T15148]  __kmalloc_noprof+0xdd/0x4c0
[  897.980982][T15148]  ? vb2_core_reqbufs+0x953/0x17c0
[  897.981010][T15148]  vb2_core_reqbufs+0x953/0x17c0
[  897.981045][T15148]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  897.981081][T15148]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  897.981128][T15148]  v4l2_m2m_ioctl_reqbufs+0x14b/0x230
[  897.981158][T15148]  __video_do_ioctl+0xc23/0xdd0
[  897.981194][T15148]  ? __pfx___video_do_ioctl+0x10/0x10
[  897.981216][T15148]  ? smack_log+0x10d/0x5c0
[  897.981244][T15148]  ? __might_fault+0xaa/0x120
[  897.981277][T15148]  video_usercopy+0x903/0x11e0
[  897.981309][T15148]  ? __pfx___video_do_ioctl+0x10/0x10
[  897.981333][T15148]  ? __pfx_video_usercopy+0x10/0x10
[  897.981354][T15148]  ? smack_file_ioctl+0x304/0x3b0
[  897.981396][T15148]  ? __fget_files+0x2a/0x410
[  897.981422][T15148]  ? __fget_files+0x2a/0x410
[  897.981446][T15148]  v4l2_ioctl+0x189/0x1e0
[  897.981466][T15148]  ? __pfx_v4l2_ioctl+0x10/0x10
[  897.981489][T15148]  __se_sys_ioctl+0xf5/0x170
[  897.981519][T15148]  do_syscall_64+0xf3/0x230
[  897.981550][T15148]  ? clear_bhb_loop+0x35/0x90
[  897.981583][T15148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.981610][T15148] RIP: 0033:0x7f2b9cd8d169
[  897.981628][T15148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.981645][T15148] RSP: 002b:00007f2b9db25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  897.981667][T15148] RAX: ffffffffffffffda RBX: 00007f2b9cfa6160 RCX: 00007f2b9cd8d169
[  897.981700][T15148] RDX: 00004000000000c0 RSI: 00000000c0145608 RDI: 0000000000000009
[  897.981715][T15148] RBP: 00007f2b9db25090 R08: 0000000000000000 R09: 0000000000000000
[  897.981728][T15148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  897.981741][T15148] R13: 0000000000000000 R14: 00007f2b9cfa6160 R15: 00007fffc83e39f8
[  897.981787][T15148]  </TASK>
[  898.450506][T14788] Bluetooth: hci2: command tx timeout
[  898.469214][T15136] 8021q: adding VLAN 0 to HW filter on device bond1
[  898.491387][  T839] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  898.523642][T15099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  898.566200][T15099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  899.011238][  T839] usb 6-1: Using ep0 maxpacket: 32
[  899.018033][T15138] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2456'.
[  899.032177][  T839] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  899.051316][    T9] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  899.061239][  T839] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  899.074554][  T839] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  899.238419][  T839] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.256506][  T839] usb 6-1: Product: syz
[  899.280001][  T839] usb 6-1: Manufacturer: syz
[  899.347498][  T839] usb 6-1: SerialNumber: syz
[  899.370660][    T9] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid maxpacket 1792, setting to 1024
[  899.485805][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  899.634907][    T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[  899.780268][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.860610][  T839] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[  899.915902][    T9] usb 4-1: Product: syz
[  899.920126][    T9] usb 4-1: Manufacturer: syz
[  899.927614][  T839] usb 6-1: 2:1 : invalid channels 0
[  899.936703][T15156] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2458'.
[  899.946205][    T9] usb 4-1: SerialNumber: syz
[  899.962836][    T9] usb 4-1: config 0 descriptor??
[  899.980408][T15147] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  900.004148][  T839] usb 6-1: USB disconnect, device number 32
[  900.052490][    T9] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected
[  900.082984][T15099] team0: Port device team_slave_0 added
[  900.093995][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[  900.119017][T15099] team0: Port device team_slave_1 added
[  900.132482][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[  900.160748][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  900.172877][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  900.180673][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[  900.189506][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[  900.202182][    T9] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  900.223206][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[  900.259989][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[  900.271973][T15099] batman_adv: batadv0: Adding interface: batadv_slave_0
[  900.274067][T14860] udevd[14860]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  900.278948][T15099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.278980][T15099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  900.303657][T15099] batman_adv: batadv0: Adding interface: batadv_slave_1
[  900.321432][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[  900.349388][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86
[  900.369221][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6
[  900.386615][T15099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.399924][    T9] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  900.421900][T15099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  900.451376][    T9] usb 4-1: USB disconnect, device number 44
[  900.531202][T14788] Bluetooth: hci2: command tx timeout
[  900.537697][    T9] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  900.576952][    T9] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  900.590413][    T9] keyspan 4-1:0.0: device disconnected
[  900.731631][T15099] hsr_slave_0: entered promiscuous mode
[  900.748150][T15099] hsr_slave_1: entered promiscuous mode
[  900.771727][T15099] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  900.804713][T15099] Cannot create hsr debugfs directory
[  901.495783][T15184] ip6t_srh: unknown srh match flags  5294
[  902.355108][T15187] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2467'.
[  902.605200][T14788] Bluetooth: hci2: command tx timeout
[  904.367432][T15099] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  904.378369][T15201] overlayfs: failed to resolve './file0': -2
[  904.808666][T15099] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  905.691644][T15099] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  905.867605][T15099] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  905.881673][T15212] overlayfs: failed to resolve './file0': -2
[  906.129474][T15099] 8021q: adding VLAN 0 to HW filter on device bond0
[  906.231452][T15099] 8021q: adding VLAN 0 to HW filter on device team0
[  906.310672][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state
[  906.312580][T15214] 9pnet_fd: Insufficient options for proto=fd
[  906.317884][ T7687] bridge0: port 1(bridge_slave_0) entered forwarding state
[  906.380248][ T7687] bridge0: port 2(bridge_slave_1) entered blocking state
[  906.387446][ T7687] bridge0: port 2(bridge_slave_1) entered forwarding state
[  907.044701][T15099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  907.779106][T15226] misc userio: Invalid payload size
[  907.967318][T15234] ip6t_srh: unknown srh match flags  5294
[  908.376769][T15099] 8021q: adding VLAN 0 to HW filter on device batadv0
[  909.617665][T15099] veth0_vlan: entered promiscuous mode
[  909.634989][T15099] veth1_vlan: entered promiscuous mode
[  909.776058][T15247] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2480'.
[  910.397359][T15260] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2484'.
[  910.411288][T15099] veth0_macvtap: entered promiscuous mode
[  910.526909][   T10] hid-generic 0003:0003:FFFFFFFD.0026: unknown main item tag 0x0
[  910.536085][T15099] veth1_macvtap: entered promiscuous mode
[  910.581165][   T10] hid-generic 0003:0003:FFFFFFFD.0026: unknown main item tag 0x0
[  910.584058][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  910.621467][   T10] hid-generic 0003:0003:FFFFFFFD.0026: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  910.656822][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.672202][T15260] evm: overlay not supported
[  910.695655][T15099] batman_adv: batadv0: Interface activated: batadv_slave_0
[  910.766433][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  910.804213][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.829390][T15099] batman_adv: batadv0: Interface activated: batadv_slave_1
[  910.837981][T15099] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  910.838075][T15099] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  910.838108][T15099] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  910.838140][T15099] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  911.419208][T10638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.603140][T10638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.672193][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.705057][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  913.138212][T15287] ip6t_srh: unknown srh match flags  5294
[  914.581849][ T5898] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  916.349841][T15307] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2495'.
[  916.750526][ T5898] usb 2-1: device descriptor read/all, error -71
[  916.982896][   T26] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  917.310441][   T26] usb 4-1: Using ep0 maxpacket: 32
[  917.455459][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  917.591951][T15315] ceph: No mds server is up or the cluster is laggy
[  917.626129][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  917.626417][   T10] libceph: connect (1)[c::]:6789 error -101
[  917.757294][   T26] usb 4-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  917.779175][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  917.835792][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.887519][   T26] usb 4-1: config 0 descriptor??
[  918.562827][T15308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  918.586347][T15308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  919.132904][T15308] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  919.393385][   T26] usbhid 4-1:0.0: can't add hid device: -71
[  919.468157][   T26] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  919.922767][   T26] usb 4-1: USB disconnect, device number 45
[  920.132667][T15335] loop7: detected capacity change from 0 to 16384
[  920.696172][T15346] ip6t_srh: unknown srh match flags  5294
[  921.104378][T15335] loop7: detected capacity change from 16384 to 16383
[  923.704700][T15370] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2510'.
[  924.917235][T15386] lo speed is unknown, defaulting to 1000
[  924.926563][T15386] lo speed is unknown, defaulting to 1000
[  924.934230][T15386] lo speed is unknown, defaulting to 1000
[  925.046912][T15386] infiniband s
z1: set down
[  925.051799][T15386] infiniband s
z1: added lo
[  925.126639][T15389] »»»»»»: renamed from lo
[  925.256499][T15386] RDS/IB: s
z1: added
[  925.261173][T15386] smc: adding ib device s
z1 with port count 1
[  925.267467][T15386] smc:    ib device s
z1 port 1 has pnetid 
[  925.314966][T14262] »»»»»» speed is unknown, defaulting to 1000
[  925.314990][T15352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2508'.
[  925.437680][T15357] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2508'.
[  925.471346][ T5866] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  925.708963][ T5866] usb 4-1: unable to get BOS descriptor or descriptor too short
[  925.766118][T15386] »»»»»» speed is unknown, defaulting to 1000
[  925.784602][ T5898] »»»»»» speed is unknown, defaulting to 1000
[  925.791614][ T5866] usb 4-1: not running at top speed; connect to a high speed hub
[  925.866945][T15386] »»»»»» speed is unknown, defaulting to 1000
[  925.941540][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.012124][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.083430][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.152803][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.224148][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.294460][T15386] »»»»»» speed is unknown, defaulting to 1000
[  926.366336][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.369881][ T5866] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  926.373618][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.383723][ T5866] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  926.391262][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.400548][ T5866] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  926.411555][T15387] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  926.420298][ T5866] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  926.435175][T15387] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  926.472533][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.479484][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.486397][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.493567][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.500300][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.507392][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.514458][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.521774][T15387] »»»»»» speed is unknown, defaulting to 1000
[  926.603772][ T5866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.619484][ T5866] usb 4-1: Product: syz
[  926.624107][ T5866] usb 4-1: Manufacturer: syz
[  926.642422][ T5866] usb 4-1: SerialNumber: syz
[  926.747725][   T30] audit: type=1326 audit(1742328956.431:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15393 comm="syz.6.2518" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d5498d169 code=0x0
[  928.195309][ T5866] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  928.246286][ T5866] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  928.283978][ T5866] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  928.679256][ T5866] usb 4-1: USB disconnect, device number 46
[  929.154473][T15419] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2524'.
[  929.243632][T15164] udevd[15164]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  929.541198][T14981] usb 4-1: new full-speed USB device number 47 using dummy_hcd
[  929.712824][T14981] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  929.729738][T14981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 10
[  929.765284][T14981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8704, setting to 64
[  929.806081][T14981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 65535, setting to 64
[  929.850330][T14981] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  929.894944][T14981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  929.922894][T14981] usb 4-1: Product: syz
[  929.927129][T14981] usb 4-1: Manufacturer: syz
[  930.765364][T14981] usb 4-1: SerialNumber: syz
[  930.818162][T14981] usb 4-1: config 0 descriptor??
[  931.059242][T15435] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2530'.
[  931.091450][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.121199][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.122041][T15430] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2530'.
[  931.143837][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.167793][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.184481][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.227147][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.257949][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.290074][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.347969][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.399725][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.499124][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.542937][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.569146][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.587059][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.609892][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.660478][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.682317][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.724231][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.731718][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  931.747605][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.756131][T14981] iforce 4-1:0.0: usb_submit_urb failed: -71
[  931.766389][T14981] input input37: Timeout waiting for response from device.
[  931.791352][T14981] usb 4-1: USB disconnect, device number 47
[  932.361746][T15472] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2542'.
[  936.357925][T15507] netlink: 136 bytes leftover after parsing attributes in process `syz.6.2551'.
[  936.378476][T15507] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  937.242085][T15515] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2555'.
[  937.440227][T15518] »»»»»» speed is unknown, defaulting to 1000
[  937.483160][ T5866] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  937.684926][ T5866] usb 2-1: config 0 has an invalid interface number: 131 but max is 0
[  937.716427][ T5866] usb 2-1: config 0 has no interface number 0
[  937.763722][ T5866] usb 2-1: config 0 interface 131 has no altsetting 0
[  937.820821][ T5866] usb 2-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  937.858332][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.899944][ T5866] usb 2-1: Product: syz
[  937.928195][ T5866] usb 2-1: Manufacturer: syz
[  937.950669][ T5866] usb 2-1: SerialNumber: syz
[  938.098219][ T5866] usb 2-1: config 0 descriptor??
[  938.215122][T15496] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2549'.
[  938.225018][T15496] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2549'.
[  939.698456][T15518] »»»»»» speed is unknown, defaulting to 1000
[  940.768999][ T5866] usb 2-1: bad CDC descriptors
[  940.800587][ T5866] usb 2-1: USB disconnect, device number 43
[  941.245601][T15545] 9pnet: Could not find request transport: f9
[  941.281415][ T5866] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  941.451324][ T5866] usb 2-1: Using ep0 maxpacket: 16
[  941.472269][ T5866] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  941.488662][T15556] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2567'.
[  941.500450][ T5866] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  941.533202][ T5866] usb 2-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  941.591628][ T5866] usb 2-1: config 0 interface 0 has no altsetting 0
[  941.627892][ T5866] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  941.679330][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.730064][ T5866] usb 2-1: config 0 descriptor??
[  942.559958][T15565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  942.580449][T15565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  942.898585][ T5866] input: HID 0458:5010 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5010.0027/input/input38
[  943.020743][ T5866] kye 0003:0458:5010.0027: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0
[  943.531201][T14262] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  943.743467][T14262] usb 6-1: config 0 has an invalid interface number: 131 but max is 0
[  943.753832][T14262] usb 6-1: config 0 has no interface number 0
[  943.760123][T14262] usb 6-1: config 0 interface 131 has no altsetting 0
[  943.794435][T14262] usb 6-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  943.837969][T14262] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.060605][T14262] usb 6-1: Product: syz
[  944.568643][    C1] kye 0003:0458:5010.0027: usb_submit_urb(ctrl) failed: -1
[  944.896791][T14262] usb 6-1: Manufacturer: syz
[  944.961981][    T9] usb 2-1: reset high-speed USB device number 44 using dummy_hcd
[  945.171810][T14262] usb 6-1: SerialNumber: syz
[  945.197913][T14262] usb 6-1: config 0 descriptor??
[  945.292807][   T30] audit: type=1326 audit(1742328974.971:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  945.712457][   T30] audit: type=1326 audit(1742328974.971:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  945.734777][   T30] audit: type=1326 audit(1742328974.971:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  946.741417][   T30] audit: type=1326 audit(1742328974.971:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  947.032718][T14981] usb 2-1: USB disconnect, device number 44
[  947.075772][   T30] audit: type=1326 audit(1742328974.971:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  947.284115][   T30] audit: type=1326 audit(1742328974.971:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  947.348252][   T30] audit: type=1326 audit(1742328974.971:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  947.387612][   T30] audit: type=1326 audit(1742328974.971:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  947.545865][   T30] audit: type=1326 audit(1742328974.971:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b9cd8bad0 code=0x7ffc0000
[  947.636170][   T30] audit: type=1326 audit(1742328974.971:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.1.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9cd8d169 code=0x7ffc0000
[  948.922674][T14262] usb 6-1: bad CDC descriptors
[  948.950412][T14262] usb 6-1: USB disconnect, device number 33
[  948.982646][T15609] ip6t_srh: unknown srh match flags  5294
[  950.521339][T15630] fuse: Bad value for 'fd'
[  952.110463][T15646] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2589'.
[  953.142272][   T10] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  953.343378][   T10] usb 3-1: config 0 has an invalid interface number: 131 but max is 0
[  953.367080][   T10] usb 3-1: config 0 has no interface number 0
[  953.377576][   T10] usb 3-1: config 0 interface 131 has no altsetting 0
[  953.408095][   T10] usb 3-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  953.436547][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.448384][   T10] usb 3-1: Product: syz
[  953.453954][   T10] usb 3-1: Manufacturer: syz
[  953.458852][   T10] usb 3-1: SerialNumber: syz
[  953.469443][   T10] usb 3-1: config 0 descriptor??
[  954.670641][T15658] ip6t_srh: unknown srh match flags  5294
[  957.134044][   T10] usb 3-1: bad CDC descriptors
[  957.165371][   T10] usb 3-1: USB disconnect, device number 15
[  958.090048][T15675] nvme_fabrics: missing parameter 'transport=%s'
[  958.123285][T15675] nvme_fabrics: missing parameter 'nqn=%s'
[  959.580008][T15692] FAULT_INJECTION: forcing a failure.
[  959.580008][T15692] name failslab, interval 1, probability 0, space 0, times 0
[  959.608963][T15692] CPU: 0 UID: 0 PID: 15692 Comm: syz.2.2603 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[  959.608996][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  959.609011][T15692] Call Trace:
[  959.609019][T15692]  <TASK>
[  959.609030][T15692]  dump_stack_lvl+0x241/0x360
[  959.609054][T15692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  959.609070][T15692]  ? __pfx__printk+0x10/0x10
[  959.609102][T15692]  should_fail_ex+0x40a/0x550
[  959.609128][T15692]  should_failslab+0xac/0x100
[  959.609152][T15692]  ? skb_clone+0x20c/0x390
[  959.609170][T15692]  kmem_cache_alloc_noprof+0x70/0x380
[  959.609198][T15692]  skb_clone+0x20c/0x390
[  959.609218][T15692]  __netlink_deliver_tap+0x3c4/0x7f0
[  959.609244][T15692]  ? netlink_deliver_tap+0x2e/0x1b0
[  959.609261][T15692]  netlink_deliver_tap+0x19d/0x1b0
[  959.609279][T15692]  netlink_unicast+0x7c4/0x990
[  959.609301][T15692]  ? __pfx_netlink_unicast+0x10/0x10
[  959.609315][T15692]  ? __virt_addr_valid+0x45f/0x530
[  959.609338][T15692]  ? __phys_addr_symbol+0x2f/0x70
[  959.609363][T15692]  ? __check_object_size+0x47a/0x730
[  959.609389][T15692]  netlink_sendmsg+0x8de/0xcb0
[  959.609416][T15692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  959.609447][T15692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  959.609465][T15692]  __sock_sendmsg+0x221/0x270
[  959.609487][T15692]  ____sys_sendmsg+0x53a/0x860
[  959.609509][T15692]  ? __pfx_____sys_sendmsg+0x10/0x10
[  959.609524][T15692]  ? __fget_files+0x2a/0x410
[  959.609542][T15692]  ? __fget_files+0x2a/0x410
[  959.609563][T15692]  __sys_sendmsg+0x269/0x350
[  959.609583][T15692]  ? __pfx___sys_sendmsg+0x10/0x10
[  959.609608][T15692]  ? do_sys_openat2+0x17a/0x1d0
[  959.609642][T15692]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  959.609664][T15692]  ? do_syscall_64+0x100/0x230
[  959.609689][T15692]  ? do_syscall_64+0xb6/0x230
[  959.609713][T15692]  do_syscall_64+0xf3/0x230
[  959.609735][T15692]  ? clear_bhb_loop+0x35/0x90
[  959.609758][T15692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.609778][T15692] RIP: 0033:0x7fcc91f8d169
[  959.609791][T15692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.609804][T15692] RSP: 002b:00007fcc92d23038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  959.609820][T15692] RAX: ffffffffffffffda RBX: 00007fcc921a5fa0 RCX: 00007fcc91f8d169
[  959.609832][T15692] RDX: 0000000000000002 RSI: 0000400000000240 RDI: 0000000000000003
[  959.609841][T15692] RBP: 00007fcc92d23090 R08: 0000000000000000 R09: 0000000000000000
[  959.609850][T15692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.609859][T15692] R13: 0000000000000000 R14: 00007fcc921a5fa0 R15: 00007ffef9fa1fe8
[  959.609881][T15692]  </TASK>
[  959.951097][   T10] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  960.101219][   T10] usb 2-1: Using ep0 maxpacket: 16
[  960.108487][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  960.118877][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  960.130170][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  960.139939][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  960.149646][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  960.167011][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  960.176131][   T10] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  960.184173][   T10] usb 2-1: Manufacturer: syz
[  960.190236][   T10] usb 2-1: config 0 descriptor??
[  960.289913][T15696] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2604'.
[  960.299402][T14981] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  960.573580][T14981] usb 3-1: config 0 has an invalid interface number: 131 but max is 0
[  960.592763][T14981] usb 3-1: config 0 has no interface number 0
[  960.598922][T14981] usb 3-1: config 0 interface 131 has no altsetting 0
[  960.612843][T14981] usb 3-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=6c.e1
[  960.623373][T14981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.631826][T14981] usb 3-1: Product: syz
[  960.636585][T14981] usb 3-1: Manufacturer: syz
[  960.826595][T15706] ip6t_srh: unknown srh match flags  5294
[  960.836357][T14981] usb 3-1: SerialNumber: syz
[  960.905513][T14981] usb 3-1: config 0 descriptor??
[  962.201773][   T10] rc_core: IR keymap rc-hauppauge not found
[  962.213010][   T10] Registered IR keymap rc-empty
[  962.237266][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.271293][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.294760][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  962.313200][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input41
[  962.345680][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.566699][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.591171][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.611127][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.641206][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.661485][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.683745][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.711881][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.725904][T15713] Unsupported ieee802154 address type: 0
[  962.741314][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.811858][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  962.864097][   T10] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  962.896941][   T10] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  962.959049][   T10] usb 2-1: USB disconnect, device number 45
[  963.208260][T14981] usb 3-1: bad CDC descriptors
[  963.221162][T14981] usb 3-1: USB disconnect, device number 16
[  965.539577][T15739] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2614'.
[  966.675592][T15756] ip6t_srh: unknown srh match flags  5294
[  971.606305][T15799] »»»»»» speed is unknown, defaulting to 1000
[  971.649390][T15794] nvme_fabrics: missing parameter 'transport=%s'
[  971.661264][T15794] nvme_fabrics: missing parameter 'nqn=%s'
[  971.801315][T15799] »»»»»» speed is unknown, defaulting to 1000
[  971.837170][T15806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2631'.
[  971.873122][T15806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2631'.
[  972.021901][T15810] netlink: 'syz.1.2633': attribute type 1 has an invalid length.
[  972.179193][T15816] capability: warning: `syz.1.2633' uses 32-bit capabilities (legacy support in use)
[  972.903791][T15810] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  975.141370][T14262] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  976.465532][T15851] »»»»»» speed is unknown, defaulting to 1000
[  976.537926][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  976.537947][   T30] audit: type=1800 audit(1742329006.221:146): pid=15843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2642" name="/" dev="9p" ino=2 res=0 errno=0
[  976.562953][T14262] usb 6-1: Using ep0 maxpacket: 8
[  976.602100][T14262] usb 6-1: config 135 has an invalid interface number: 230 but max is 0
[  976.610527][T14262] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  976.660072][T14262] usb 6-1: config 135 has no interface number 0
[  976.666775][T14262] usb 6-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  976.701203][T14262] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  976.710582][T14262] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.747932][T14262] usb 6-1: Product: syz
[  976.757547][T14262] usb 6-1: Manufacturer: syz
[  976.791653][T14262] usb 6-1: SerialNumber: syz
[  976.853504][T15851] »»»»»» speed is unknown, defaulting to 1000
[  976.862098][T14262] usb 6-1: Found UVC 0.00 device syz (18ec:3288)
[  976.868519][T14262] usb 6-1: No valid video chain found.
[  977.010552][T15859] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2644'.
[  977.044386][   T30] audit: type=1400 audit(1742329006.731:147): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=15099 comm="syz-executor" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  977.085304][T15854] Cannot find add_set index 1026 as target
[  977.123842][   T10] usb 6-1: USB disconnect, device number 34
[  977.181441][   T30] audit: type=1400 audit(1742329006.731:148): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=15099 comm="syz-executor" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  977.804057][T15858] netlink: 'syz.2.2645': attribute type 2 has an invalid length.
[  977.811989][T15858] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2645'.
[  977.822694][   T30] audit: type=1400 audit(1742329006.761:149): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=17 comm="ksoftirqd/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  977.871747][   T30] audit: type=1400 audit(1742329006.801:150): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=13 comm="kworker/u8:1" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  977.901575][T15868] overlay: Unknown parameter 'appraise_type'
[  977.908701][   T30] audit: type=1400 audit(1742329006.991:151): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  977.934581][T15867] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2646'.
[  977.951596][   T30] audit: type=1400 audit(1742329007.001:152): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  978.020498][   T30] audit: type=1400 audit(1742329007.191:153): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  978.078037][   T30] audit: type=1400 audit(1742329007.441:154): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  978.156196][   T30] audit: type=1400 audit(1742329007.621:155): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=15866 comm="syz.5.2649" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  980.231268][T14262] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  980.391327][T14262] usb 7-1: Using ep0 maxpacket: 32
[  980.398336][T14262] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  980.408536][T14262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  980.419537][T14262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  980.429434][T14262] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  980.448044][T14262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  980.459308][T14262] usb 7-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  980.474388][T14262] usb 7-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  980.483746][T14262] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7
[  980.491840][T14262] usb 7-1: Product: syz
[  980.496029][T14262] usb 7-1: Manufacturer: syz
[  980.500642][T14262] usb 7-1: SerialNumber: syz
[  980.507128][T14262] usb 7-1: config 0 descriptor??
[  980.515793][T14262] usb 7-1: no audio or video endpoints found
[  980.753224][T14981] usb 7-1: USB disconnect, device number 2
[  983.808582][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  983.808601][   T30] audit: type=1400 audit(1742329013.491:160): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=14980 comm="udevd" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  983.863518][   T30] audit: type=1400 audit(1742329013.551:161): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  990.131318][T14788] Bluetooth: hci5: command 0x0406 tx timeout
[  990.602278][   T30] audit: type=1400 audit(1742329020.291:162): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  990.772376][   T30] audit: type=1400 audit(1742329020.461:163): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[  993.174042][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1004.339595][   T30] audit: type=1400 audit(1742329034.021:164): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[ 1004.682333][   T30] audit: type=1400 audit(1742329034.371:165): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=11276 comm="kworker/u8:54" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[ 1020.851316][ T5136] Bluetooth: hci2: command 0x0406 tx timeout
[ 1032.203519][   T31] INFO: task syz.0.2397:14930 blocked for more than 143 seconds.
[ 1032.205958][   T30] audit: type=1400 audit(1742329061.891:166): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=11276 comm="kworker/u8:54" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[ 1032.212056][   T31]       Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[ 1032.244677][   T30] audit: type=1400 audit(1742329061.921:167): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=1093 comm="kworker/u8:6" saddr=10.128.0.169 src=30008 daddr=10.128.1.144 dest=53458 netif=eth0
[ 1032.261125][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1032.279955][   T31] task:syz.0.2397      state:D stack:23736 pid:14930 tgid:14926 ppid:5819   task_flags:0x400140 flags:0x00000004
[ 1032.292787][   T31] Call Trace:
[ 1032.296336][   T31]  <TASK>
[ 1032.299304][   T31]  __schedule+0x18bc/0x4c40
[ 1032.304017][   T31]  ? __pfx___schedule+0x10/0x10
[ 1032.308919][   T31]  ? __pfx_lock_release+0x10/0x10
[ 1032.314087][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1032.320125][   T31]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1032.326852][   T31]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1032.332095][   T31]  ? schedule+0x90/0x320
[ 1032.336386][   T31]  schedule+0x14b/0x320
[ 1032.340589][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1032.346205][   T31]  rwsem_down_write_slowpath+0xeee/0x13b0
[ 1032.352023][   T31]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[ 1032.357981][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[ 1032.364460][   T31]  ? __pfx_lock_acquire+0x10/0x10
[ 1032.369532][   T31]  ? __pfx_lock_acquire+0x10/0x10
[ 1032.374710][   T31]  ? __pfx_lock_release+0x10/0x10
[ 1032.379816][   T31]  ? rcu_read_lock_any_held+0xb7/0x160
[ 1032.385384][   T31]  down_write_nested+0x1e0/0x220
[ 1032.390372][   T31]  ? __pfx_down_write_nested+0x10/0x10
[ 1032.396207][   T31]  filename_create+0x260/0x540
[ 1032.401341][   T31]  ? __pfx_filename_create+0x10/0x10
[ 1032.406695][   T31]  ? __pfx_lock_release+0x10/0x10
[ 1032.411908][   T31]  do_mknodat+0x18b/0x5b0
[ 1032.416273][   T31]  ? __pfx_do_mknodat+0x10/0x10
[ 1032.421238][   T31]  ? getname_flags+0x1e3/0x540
[ 1032.426035][   T31]  __x64_sys_mknodat+0xa7/0xc0
[ 1032.430812][   T31]  do_syscall_64+0xf3/0x230
[ 1032.435678][   T31]  ? clear_bhb_loop+0x35/0x90
[ 1032.440410][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1032.451031][   T31] RIP: 0033:0x7fe81d78d169
[ 1032.455505][   T31] RSP: 002b:00007fe81e604038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[ 1032.464502][   T31] RAX: ffffffffffffffda RBX: 00007fe81d9a6080 RCX: 00007fe81d78d169
[ 1032.472957][   T31] RDX: 00000000000081c0 RSI: 00004000000000c0 RDI: ffffffffffffff9c
[ 1032.481499][   T31] RBP: 00007fe81d80e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 1032.489525][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1032.498514][   T31] R13: 0000000000000000 R14: 00007fe81d9a6080 R15: 00007ffde6806b58
[ 1032.507397][   T31]  </TASK>
[ 1032.510537][   T31] 
[ 1032.510537][   T31] Showing all locks held in the system:
[ 1032.518644][   T31] 1 lock held by khungtaskd/31:
[ 1032.523661][   T31]  #0: ffffffff8eb393e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[ 1032.533662][   T31] 2 locks held by getty/5579:
[ 1032.538341][   T31]  #0: ffff8880356da0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1032.548279][   T31]  #1: ffffc90002fd62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770
[ 1032.558547][   T31] 2 locks held by syz.0.2397/14929:
[ 1032.563843][   T31]  #0: ffff88807a77e420 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[ 1032.573216][   T31]  #1: ffff8880793c3b38 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: chmod_common+0x1bb/0x4c0
[ 1032.583553][   T31] 2 locks held by syz.0.2397/14930:
[ 1032.588770][   T31]  #0: ffff88807a77e420 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[ 1032.598160][   T31]  #1: ffff8880793c3b38 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: filename_create+0x260/0x540
[ 1032.609634][   T31] 
[ 1032.612136][   T31] =============================================
[ 1032.612136][   T31] 
[ 1032.620591][   T31] NMI backtrace for cpu 0
[ 1032.620608][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[ 1032.620628][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1032.620639][   T31] Call Trace:
[ 1032.620646][   T31]  <TASK>
[ 1032.620654][   T31]  dump_stack_lvl+0x241/0x360
[ 1032.620679][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1032.620697][   T31]  ? __pfx__printk+0x10/0x10
[ 1032.620731][   T31]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1032.620758][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1032.620779][   T31]  ? _printk+0xd5/0x120
[ 1032.620802][   T31]  ? __pfx__printk+0x10/0x10
[ 1032.620827][   T31]  ? __wake_up_klogd+0xcc/0x110
[ 1032.620849][   T31]  ? __pfx__printk+0x10/0x10
[ 1032.620875][   T31]  ? __rcu_read_unlock+0xa1/0x110
[ 1032.620899][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1032.620930][   T31]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1032.620959][   T31]  watchdog+0x1058/0x10a0
[ 1032.620990][   T31]  ? watchdog+0x1ea/0x10a0
[ 1032.621025][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1032.621055][   T31]  kthread+0x7a9/0x920
[ 1032.621082][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621111][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1032.621135][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621157][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621184][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621207][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1032.621229][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[ 1032.621253][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621278][   T31]  ret_from_fork+0x4b/0x80
[ 1032.621299][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.621324][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1032.621353][   T31]  </TASK>
[ 1032.785312][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1032.790589][    C1] NMI backtrace for cpu 1
[ 1032.790607][    C1] CPU: 1 UID: 0 PID: 5945 Comm: kworker/u8:9 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[ 1032.790628][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1032.790642][    C1] Workqueue: bat_events batadv_nc_worker
[ 1032.790667][    C1] RIP: 0010:lock_acquire+0x287/0x550
[ 1032.790694][    C1] Code: 44 24 40 0e 36 e0 45 4b c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 11 00 00 00 00 66 43 c7 44 25 15 00 00 <43> c6 44 25 17 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 00 01 00
[ 1032.790710][    C1] RSP: 0018:ffffc90004847940 EFLAGS: 00000206
[ 1032.790724][    C1] RAX: 0000000000000001 RBX: 1ffff92000908f34 RCX: ffff888027fb28e8
[ 1032.790738][    C1] RDX: dffffc0000000000 RSI: ffffffff8c2ac600 RDI: ffffffff8c802ce0
[ 1032.790751][    C1] RBP: ffffc90004847aa0 R08: ffffffff94517847 R09: 1ffffffff28a2f08
[ 1032.790765][    C1] R10: dffffc0000000000 R11: fffffbfff28a2f09 R12: 1ffff92000908f30
[ 1032.790784][    C1] R13: dffffc0000000000 R14: ffffc900048479a0 R15: 0000000000000246
[ 1032.790798][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1032.790813][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1032.790825][    C1] CR2: 000056229da33970 CR3: 000000000e938000 CR4: 00000000003526f0
[ 1032.790841][    C1] DR0: 0000000000000006 DR1: 0000000000000004 DR2: 000000000000002f
[ 1032.790853][    C1] DR3: 0000000000000008 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1032.790864][    C1] Call Trace:
[ 1032.790871][    C1]  <NMI>
[ 1032.790880][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1032.790903][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1032.790934][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1032.790957][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1032.790992][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1032.791016][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1032.791043][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1032.791070][    C1]  ? lock_acquire+0x287/0x550
[ 1032.791097][    C1]  ? default_do_nmi+0x63/0x160
[ 1032.791121][    C1]  ? exc_nmi+0x123/0x1f0
[ 1032.791144][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1032.791180][    C1]  ? lock_acquire+0x287/0x550
[ 1032.791207][    C1]  ? lock_acquire+0x287/0x550
[ 1032.791235][    C1]  ? lock_acquire+0x287/0x550
[ 1032.791260][    C1]  </NMI>
[ 1032.791266][    C1]  <TASK>
[ 1032.791276][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1032.791301][    C1]  ? batadv_nc_worker+0xcb/0x610
[ 1032.791319][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1032.791345][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1032.791373][    C1]  batadv_nc_worker+0xec/0x610
[ 1032.791390][    C1]  ? batadv_nc_worker+0xcb/0x610
[ 1032.791406][    C1]  ? batadv_nc_worker+0xcb/0x610
[ 1032.791425][    C1]  ? process_scheduled_works+0x9c6/0x18e0
[ 1032.791446][    C1]  process_scheduled_works+0xabe/0x18e0
[ 1032.791480][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1032.791506][    C1]  ? assign_work+0x364/0x3d0
[ 1032.791528][    C1]  worker_thread+0x870/0xd30
[ 1032.791559][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1032.791583][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1032.791605][    C1]  kthread+0x7a9/0x920
[ 1032.791628][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791654][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1032.791675][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791698][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791724][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791747][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1032.791769][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1032.791800][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791824][    C1]  ret_from_fork+0x4b/0x80
[ 1032.791845][    C1]  ? __pfx_kthread+0x10/0x10
[ 1032.791869][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1032.791897][    C1]  </TASK>
[ 1032.800417][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1032.800440][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
[ 1032.800468][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1032.800484][   T31] Call Trace:
[ 1032.800494][   T31]  <TASK>
[ 1032.800506][   T31]  dump_stack_lvl+0x241/0x360
[ 1032.800551][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1032.800577][   T31]  ? __pfx__printk+0x10/0x10
[ 1032.800611][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1032.800653][   T31]  ? vscnprintf+0x5d/0x90
[ 1032.800684][   T31]  panic+0x349/0x880
[ 1032.800721][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1032.800754][   T31]  ? __pfx_panic+0x10/0x10
[ 1032.800785][   T31]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1032.800813][   T31]  ? __irq_work_queue_local+0x137/0x410
[ 1032.800848][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[ 1032.800881][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1032.800916][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1032.800949][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1032.800983][   T31]  watchdog+0x1097/0x10a0
[ 1032.801018][   T31]  ? watchdog+0x1ea/0x10a0
[ 1032.801057][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1032.801090][   T31]  kthread+0x7a9/0x920
[ 1032.801122][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801158][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1032.801191][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801222][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801258][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801290][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1032.801321][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[ 1032.801353][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801388][   T31]  ret_from_fork+0x4b/0x80
[ 1032.801417][   T31]  ? __pfx_kthread+0x10/0x10
[ 1032.801450][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1032.801492][   T31]  </TASK>
[ 1033.321780][   T31] Kernel Offset: disabled
[ 1033.326110][   T31] Rebooting in 86400 seconds..