last executing test programs:

1m21.883992626s ago: executing program 2 (id=1596):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000061121c0000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='svcsock_marker\x00', 0xffffffffffffffff, 0x0, 0xcd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x20002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
pselect6(0x40, &(0x7f0000000100)={0x7f, 0x2, 0x5263, 0x4, 0x6, 0x10, 0x0, 0x111}, &(0x7f0000000180)={0x3708000, 0x2, 0x99c0, 0x3, 0x6, 0xf, 0xffff}, &(0x7f0000000240)={0xffffffff, 0x7, 0x0, 0x1, 0x800, 0xc42f, 0x2, 0x3}, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="020320001410000000000000000000000400030000000000000000000000000000000000000000010000000000000000030006000000000002004e207f00000100000000000000000400040000000000feffffffffffffff0000000000000000000000000000000002000100000000000000000000000000030005000000000002004e21ffffffff0000000000000000020013001200000000000000013500006ac3e5dcec4d73a12995ebc516640dda8cfd5e75fbdd13a42c9e37e18355ae424469f46dfe200a8ded9ade3aaade866de68823c70ca6c6008bba43"], 0xa0}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000001000000000300000000210000000000000000000200000000000000000000000602"], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
process_madvise(r6, &(0x7f0000000080)=[{&(0x7f0000000000)="02", 0x1}], 0x1, 0x1, 0x0)

1m15.19108843s ago: executing program 2 (id=1609):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000001000000000000000e0000008500000087000000b7080000000000007b8af8ff00000000b7080000030000007b8af0ff00000000bfa100000400040007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m14.931587639s ago: executing program 2 (id=1611):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800103afffe8000000000000000000000000000bbff0200000000000000000000000000018600907808aab8d84f00000000000000"], 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000100)={@link_local, @remote, @val={@void, {0x8100, 0x1, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000448", 0x20, 0x3a, 0xff, @mcast2, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
socket(0x10, 0x80002, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={<r1=>0x0, @local, @local}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3b, r1})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000880)="b90103600057f008009e0ff008001f", 0x0, 0x102, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x48a00, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0xffffffff)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
capset(&(0x7f0000000180)={0x20071026, r4}, &(0x7f00000001c0)={0x42, 0xffff, 0x0, 0x9, 0x8, 0x7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x9, &(0x7f0000000380)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba000000a70000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m13.493259173s ago: executing program 2 (id=1613):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x297880, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000002100)='./file0/file0\x00', 0x0, 0x2187017, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4018400, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [{@smackfshat={'smackfshat', 0x3d, '+$@u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x00\x00\x85-m\xe4\b'}}, {@seclabel}, {@dont_measure}, {@measure}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="38000000abe886c7f0494d4c4eba44f68f07f94be249ac9b21a1b6e419d34fc6ddc41c133604fc5268993153a6652853bc8b72e1f08ca1a70400c46bce431e724dec135146be59ede837d97532cb2f0730eb3e5877bd0930861de4dbf842ca58e90f5db2eda1b2c10442727b8ce9b9f16ca57557aecb2b5655b55dfe4a4a467a1aa5938a1144bfd481471019f3e830ef1d7d25a5954d9086b0feaecd749654ee6cd34d64686b74e81b5bc0155c231d9d3ff12fb2fd1926d475d2baf2901d5f9266792fef002d9b116e75497d0f31db551d8225ffb62d4af6", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000180060005004e2300000600010002000000080003000a0101000800060001000000"], 0x38}}, 0x0)

1m11.366258974s ago: executing program 2 (id=1616):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r2, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
sendmsg$OSF_MSG_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0xe0c}}, 0x0)
recvmmsg(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/209, 0xd1}], 0x1}, 0x4}], 0x1, 0x10140, 0x0)

1m8.816733972s ago: executing program 2 (id=1623):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800103afffe8000000000000000000000000000bbff0200000000000000000000000000018600907808aab8d84f00000000000000"], 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000100)={@link_local, @remote, @val={@void, {0x8100, 0x1, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000448", 0x20, 0x3a, 0xff, @mcast2, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
socket(0x10, 0x80002, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={<r1=>0x0, @local, @local}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3b, r1})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000880)="b90103600057f008009e0ff008001f", 0x0, 0x102, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x48a00, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0xffffffff)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
capset(&(0x7f0000000180)={0x20071026, r4}, &(0x7f00000001c0)={0x42, 0xffff, 0x0, 0x9, 0x8, 0x7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x9, &(0x7f0000000380)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba000000a70000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m7.793391613s ago: executing program 32 (id=1623):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800103afffe8000000000000000000000000000bbff0200000000000000000000000000018600907808aab8d84f00000000000000"], 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000100)={@link_local, @remote, @val={@void, {0x8100, 0x1, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000448", 0x20, 0x3a, 0xff, @mcast2, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
socket(0x10, 0x80002, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={<r1=>0x0, @local, @local}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3b, r1})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000880)="b90103600057f008009e0ff008001f", 0x0, 0x102, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x48a00, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0xffffffff)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
capset(&(0x7f0000000180)={0x20071026, r4}, &(0x7f00000001c0)={0x42, 0xffff, 0x0, 0x9, 0x8, 0x7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x12, 0x9, &(0x7f0000000380)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba000000a70000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

18.250490189s ago: executing program 4 (id=1749):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f0000000340)=ANY=[@ANYRES16=0x0, @ANYBLOB="ed080c801b6ff416d7e55632a71dbf9689", @ANYRESOCT, @ANYRES8, @ANYRES64, @ANYBLOB, @ANYRES8, @ANYRES32, @ANYRES32], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x600}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r8, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000180)='yeah\x00', 0x5)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x2, 0x2, @remote, 0x80000000}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0xfffffffc, @empty}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000002c40)}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)='R', 0x1}], 0x1}}], 0x2, 0x10)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)
shutdown(r5, 0x2)
r9 = socket$inet6_sctp(0xa, 0x801, 0x84)
msgrcv(0x0, 0x0, 0x2000000, 0x0, 0x86b1b18158a7cb82)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
socket$vsock_stream(0x28, 0x1, 0x0)

15.933712715s ago: executing program 4 (id=1752):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002dc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x168, 0x9, 0x178, 0xb, 0x290, 0x250, 0x250, 0x290, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [0xffffff00], 'veth1_to_team\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x140, 0x178, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}}, @common=@unspec=@physdev={{0x68}, {'ipvlan0\x00', {}, 'ip6_vti0\x00', {}, 0x5, 0xe}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x402, 0x2, 0x6}, {0x3, 0x1}, {0x1, 0x0, 0x3}, 0x9, 0x9}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x96, 'syz1\x00', {0xb8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x40000000, 0x0, 0x2, 0x8}}, 0xffffffffffffffad)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r4, 0x40084149, &(0x7f0000000080)=0x5)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf09000000000000550901000000000095000000b7000000bf91000000000000b702000000000000850000000e000000b7860000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000b085fbfa50cc99cfc26b8ad21d9a8b3e37366adc5409ddf4af3e761948db335c44717918eff8c5c34428689700835ee38fd6c3979944cdeb5045cb7d730ff6213b5aa7c9d987217b51c4a9573dc84aea935647153a6e75457ca6905827686b618204a688c7fce5f2c00c1587821adb732a405c8425cd3f4e3a128806d9dbd8e2ee31afd34f1ce5fd0001000000000000113a53c561f29fbbf2567e57dfa587c332f016bf5c530248b451c316479d400b6d3cf219bd8dc884cd13100870d1e019632bb7ebe451274b342dad4dbcb5a237dae7e5a02ae6c9be62cb5280bf20d9249e14e5", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x4, 0x14, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

15.443913935s ago: executing program 1 (id=1753):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000080)='y', 0x1}], 0x1)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x1, 0x4000005, 0x0, 0x0, 0x2, 0x10000})
shmctl$SHM_UNLOCK(0x0, 0xc)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x28}}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r3, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
close(r8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x100000000000600d, 0x1)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000000))

14.606544411s ago: executing program 4 (id=1755):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, 0x10, 0x1, 0x0, 0x0, {0x3}, [@nested={0x18, 0x1, 0x0, 0x1, [@typed={0x13, 0x0, 0x0, 0x0, @str='\xf5\xfc\x06\xd8)\x11\xbe\xd6/\xc2\x95Ie\x84\xb5'}]}]}, 0x2c}}, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_MPP(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r5, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20044004}, 0x4008814)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, r5, 0x4, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xfffb}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x930}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000051}, 0x20000014)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r1)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x2020}, @IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000000)=0x2, 0x4)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

14.175945925s ago: executing program 5 (id=1756):
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957608d766cfff5c3a665bd121a2d89", 0x0, 0x0, {0x4, 0x40000a}, {0x7, 0xc00000}, 0x5, [0x3, 0x3, 0x9, 0x6, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x7, 0x80000000, 0x81, 0x10, 0x80000000, 0xfffffffffffffffb, 0x400000000000001]}) (async)
mkdir(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3583], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) (async)
socket(0x22, 0x1, 0x0) (async)
syz_io_uring_setup(0x360b, &(0x7f0000001040), 0x0, 0x0) (async)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000003640), 0x40401, 0x0)
write$binfmt_script(r5, &(0x7f0000003680)={'#! ', './file0', [], 0xa, "724344d2f601ea573d9bd883de14fd58f65a0353ea31ce771b7bbffdbc168b9fcf144c7e141dc40c5301b7289d4af37ae84fd915a7dde98b0a54ded0d3f3b38d831c9e5427c88b726ffd0c0820651c85714a6fc45346543162c07bfd2d607997dd7ba75c7419f7044cf7ab584e4a6cc44179aaaf454c6989b4ef2207346716d087a8f00177e191971690273becc730ee87d490df37f58842a3b07623aad084a321bd135ad79c446b26ae71f9e0da980fe6a1503253901c703ce958aac3c95a22d9aa8ce51424ad86ee1f526cf2b0908dc743b26a234f2079e58915d2ba0eac603120608186e921763ce660bfd07d67532799437c896ca37d9d73eee701061ec55b315d8b2d10debb08b6f06ea02abb2f6fb045f75d519e595324a58355104f03e78dac0698a890bd7f04786c5db8b6b15a8783dd38cdcb626663efa64dd6963b434512f8ddc96e8b71a035bc6170e38a3230b32fe8ea37d6c5f2fc9608bfdb077fb3c33d8421fe74c4c4cb4309ddc10e811835b2ed856f35ccff016e244827365f3e12033c48fe5c89c19fda6b433a3bc21fece86ebaf5674290e9e0995375de64fab6de4a1b3d18d289bd479ef210a24fa5c8b08b1aba4858841dcfde4e31184133d758a31315785b849022fc703fd2b2d2cef7da8a27beab2b78a8e197b496f7f2fa89115f480bd3d1d4512625d1154709c0b3f734018849affada44e9e28c97811b939b78b10ce76c84890c5423672ddb453b9dde9aeedb4fee4eb960ed8282d036dfa9bcbe0841312eeb34dd60fc18ce3ec270acdc9e4d54360835641767af539f8d46cc39c4315144d1d2cede08c6dd92bf23f55a12d3539b517c61c655ce7603a931d24175719d75daaa0518d2618306ae6e53981af083c28859947c9023cd964acfb192c33683279fb917c310853854bae125d408b1689172ce1fd1be58617313b0fa2d65644e980945b5d8e629d4be0a249e4da0d94d86eaa8188aee1df6013dc9831e073f03dd6c1a4a137392ebe21ca50c9dc9677d8cc5891240c67ba3d445d96c213d4fd367646f11853b6b88d1317e9aa2ebbb49f47f21aac8f3d25a63974f3c9f2737baa8dbb5ddf9c92ee8b36f23b8e8edf53f1747536677fd12b9c059604b64880e2ebbe1ff4aeeb4c5353a5a2ec935a4915603e8f9e13e911d784fc4ac92231985ae1307859db83e01f3cf29faea49d737203945d8f194393a2368bfd002b163c8c3c23b7b38913505146d60fbd02b94991721caeaf908ff5f0e8a9e57ff11181e68f01f411046d618a6abcf189b14f827262a75754f530656983131834fb145a9e624f3e3b1a903ef0b915bfde8d1f25760e5a1c821bd5899ec11422b23121164a5908fc869270c0653a8eec339b8ea06417201b4418072b1a5ef1f65a368278b0758f708c44e02e5688b42ffced364ce38b300b7e5f0ea3521671c4cbcb3747478909372324d17999b0aefb20a84f8ac5589862ae6f63afc0640568238314372856213b8923929cfe0b09ae4870a0fb486d79c78b3e1e5a7bfbe4cba76d4087566a82a0dcbf6859ade2c47f9ad1b6cc8808957f0682950bf1d866ba1abf73044bba9459afc58c114805f069d6af18cb3b6127b9b69bb13063cf3161cbad86dc6c70255a84bf621cd9ed0fa4b339d5e6c557125835877f529b834f19b525f46496bf7fd43535819e3e8585427dd6184984438a155a906787af2b5c32e3f5d4290cc3b90a7e1f41fdba09b8096c43d0394272dea2444fa4ad99c9e78a055fdee6e2ee02b19785206ab065fd04539ab1a901d792616d982a664587b3c3d2c3338b36642f9b690cb19bef42b8cba995c8cc2fa6339acfc206b0e9ad8d472d011c4fb89c1a3d13d598926df23e663200298c1fe4beb26f858b5cda3258a0605c559e21beb47aefdef4c6e79f13de75c6190526ae5c9d5d6bfc9e0fe757b8399d55227715b3e34ea325838738caa238999ec705b03fcac11f96b7bd5d9bf5101f2ffbb6f9711c6891e8049409721e0515e69c4c9b0fc36e7dd149a1d637d8d6f4d230d7f5cf6c33c9679e8f9e12edce529966682b1cfeed78d933d4ca82857d9412a485b7fb3d9e6df0c8ce752b1935ad4f659b197268aafe0542d653ff27fa7dc5c6b84466efa6a1b12f1846cb614b44d241598a3567b6d7ea89fdc38e220f67f5500b4105cd7c0dd72b2f5b479240e1f8a9998080b1b74e86505cf3657b0cdaac131528a2ba2d30826beb7899b0e2abb18056d8b76e551b00b2e15fe8889cb488d9f1af653b074fb3e1d59e62558da6a9392961ca32c9ee8256dd5953df99ad1d508e3fe57fb22ee5864ebed2885089181a7b0f785242b242e5e79ca0fe255cd0b72d26fbc8fe63bc84b2b6fbd475c11a786920c10c4a76fc540078d5198b55ad4cf6cf3bec82d6d78f2c6655c2aa8db15a496d74d5fed8c56966f6483dad3156e5210c84bcb4799a1139d5345924866f4e15ad71b1d94fae6497ffe6f6b6bc79abe5c06407181d1aef2fd608b261d0648b1dcaacac6726045ca2576070873fb978f0c95e7a9d4866291f7315fc0827a179938566606de39576468b8e2b88250af57d429afec0f93c405a14fcd1bedd03fe85e3daf709c1de2c35c2f29f10c192947e699a4ee38585b118de644c235e5d8aa19410d2d331a5f97999523528b121dfad58fd333f7b7a61999624fd7552693d06c1caa541c8dfcf33dbf60f897cc8c0b6954c9c37eb44b0e815f2d2fe5ed8f0abdbe95b4e79b086c71b576c30db6f3c271d9bb0eb4f3de3e324474aefa45ad3eb536c89488f64d766841e9f500fa0286ffd40c379145c5c92219870c74c086ca560d745cc5b21476ec5da54785482164796c9da53b154327e0a1dfc1cad58b646e593d284e956bcc557bedfa744013c80ed36d065dec493eac5453ec320a611a41dc84bf3667c4af3920893801acc27319ec2f4ce6eac53fb7194c3c8d78aa60effab35fcd63c02a4593cf74f74a3cc42ecd371a8cae0e672f1343de3e302ec2ea3c14116de1f8384970073a418ae68dbb7619cd0aa5cc554b13ba317116abb602e0ab471c5cbd7650f0121c821658e65b97be7d5c424cb37cd9ce8bb4afd2fa96df3a1b738ae2610d09e9f877728da900116e09b025b96152970e512da0498adf140559f6d960b3d3703e0f7fcf4e903c0c32eb83e05b386490c7f18681a2b37e85f9375cc0a33e9332fcdcda80325839129c5a978dfe40e6aaa401582cceb4708931441501564bb4313a941c9ea4f7572d216a96c7883131b2a696d689e4aa9f5c335a93b482b8a22f2e2602a05c71e28ca8cb58d87a61027fb2d29ff68d1d4a350ac447cc34453d2785b70427370767306b35307b56be8ad0baec7a40fc196ff894aa7ad17934dd371bb7d9d6c03b58d2e6e998cf72ef6aa93089b559241fe3217df707620a350e2ecb3c82216e80dfb1cdbadae1625ec61d0b00edc2ffb7230a075a9b3f06a9e3a5cadaa4def6b8933bce7273cf9c704851cc1ede501da7ea0d3fa12410bc53f776e999634a9b1e1ab348fd119cf2fa152347933513a0baade6614e797fd398f8c5895ebe128c0b08474978eba7ce249ec062e1ca698af017cec784f6a0fa70f65d6db1b74cef408d2b97e537f33f888f29e034d9c9dc5a2d20c2a961e33ef1721aa7a691d910e47fab93c59f587da5d22a3ba3e7886ab37f57e96d7e6d4f67bea7c7381ac05a0789e8da46d98af314e71ce84f8d8f8ba660a459bacb9b48ac3978cb2e2d8e080bedddfff296c410258831244dc13bf00218dc911d505d7eac0ff3e2323678cc3d0c126e63e2cda1c24e5a6b59b52d815e7a93109a1e9b0ba8f29591034a29872d845b259309aaa636bc2784090bd3a1e1f5a84c3b546b07e6e04f8c0da8c5ddd91e03db4a47f1650866b1a85bb00f019effc5fa6559cf1342ea2740caaa8ef9fc516b64bd90c5334f72c6503e0e900d23eb4263bc03ce08dc2e87b9da5458138a0285d878aab0024d0704ae9a5201d7cf5593858dbe98a713f8cd385f04275a19665f0c458abc1ca382390c2e28338c8f6a79e3f085439611d7ce07162319e1a3c61bb280fb7cad361163a82064e874cb90ba2cf0472fd5a84621b005ed3287e3d3820fef8253cc795edf0fa1b81238a867203792a6197db354b75826ee1eadd38ec0a7e9f5cbbf802cc2c58129c496177316d7b52f1613dfe9d3126f80ec35e98ee6c8411674599679ad820b434743f6261905a06583de846dd8de5ddfcc0ff9b3db91e50ac65b728f11d94166cde4c0fb9bfbe2ac5126743632ed2b7c1e8fe14fcc80d547bc2ed95ff6282d8caa451c0759c600fd976f17f53ca1f51d0549a05eb9b5d68b9f3e502dfba5982a7200fe984127fd886703f9c3f19e12e5ee1ff1829d90972ab092bd3640616e72a4e10700c7ae85c45e5515680b98ca41b43f94d7b3f2ce98546835d239b0d280ae0af8728d9fa921f5eca3937e15606d542802f7289f64e387b865d126558aceca8cb504952c71d2c0443f940585a07ac8f7b853fbe6d7ea23bf4fde905a3faf59d12c2a772e255645327e27f3fae04283cb1fff4e5cb040232bfafbd2239ffe0c93968ee7a193dc5e20920f44dbaf9a4b5230d3260b9c6475a966b59126a098cfce27d544f9e24389736b6672430fba330bf0d269feddb04e1475cea18ba258fe7c0a7460679e705264216ff0f9725713d7ca772cedd0aaa3cd2c3e7945acc8bee63f49aaf4094293851fa0b9084e5d074b1e02738b6eeeee6f69aa6b4d4e22e68c1eb67d03ea673df27de5760a0cfc6ca1337365853f4bf8aec7dcb84aa65b4ed72ad73a70f59da03197bc8b13042b93380c7e4b054a592343f4a84219676144237d957cb55efd8a9bb0330a8659b129e3f31511dab72eef63c679a134aed30758613137eb6b1b8135961ee5a77e5890fc9847dcf829a2047b44e1d0135fc8b74f5cda2c3ea3e015cb711cacd810d186f066189ed623e7a9d87e721ee594c1d3f3b9500bb8b1b6e129fd1e0db814be45a25ce77c2eeead020a9f2e2cf36cd3504b7e06aa1f2ef4c32dfe49e1110b8f8de70bf03da17e13cae9ddcef1fc3cba9a0afee37dcc525488283b041dd72579d8b79a1bda90ffd09e06153079fb6f1c42c746b9fd5638c01562a69b9896ca6db1c7dcea36534aa6951752740da496b64288a88c3a6583d6bb0fa4047dad67aba4ee35e48c11fb94dbf15e9262233e762b92d14da5498eb15d1d06e54654ff558035a61b2514e00e9047d1f09579f8fe9331e4bbc3969f158304cbd2116b7562139b2f15230683c083b607d0ceb8272c63896f25e7851a1f8fa80fc3f63080b3f1b946847a91212b987a9d977237a7da5e3bf5fc450fa9e32ce86d84f8be605cb88b47b536e2a3d57531078e784d676d9072cdd415a28534e0803293280c36f09f704bcc635a5f511fbd29d16c800f18222376f291d17edc335cf822aaa097880ccadd24ef1a31c8fdefddcc2abe6ff447ff8cde14bcd48943096c877488b6a227329ab0b7db0686d58a3048273aefc8eabb3c3d52d5c49d0bb686436d7ffbaa8e0c00d4790b0f26a4e74e1d4a2a762592e337e0d995538f1afa91189ab18145c24a9444d914387c20c7c772329576e6e29feb231f107b1d010e2c48faa175649fc7a4494102e297c44be1831cb8c6c33a3d73698519a324f11b7392e4d3e4bb656f07bb2b31df3d62835151dd5e92c4d76f4ec33ad88facc649aea81dcce9d0be515006d7fd3d9947f2610eb9a69267"}, 0x1001) (async)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x50, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4c}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x40004}, 0x14) (async)
r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000100)={0x80, 0x2, 0x1}) (async)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r7, 0x0) (async)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffd000/0x1000)=nil) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000300)=ANY=[@ANYRES32=r8, @ANYBLOB="15000200020000a0000300"], 0x78}}, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

14.156877502s ago: executing program 4 (id=1757):
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0x1a3)
connect(0xffffffffffffffff, &(0x7f0000000000)=@generic={0x21, "a580f1724e779971ec8449b37f662c740dd6f32f4192451be94d20d79c1885f5affd021e978c1ba6d87d9bb35f8e73bbb763abcc60fba685174814fbdec7624b87f7ddc441cc67fdf1cb839bea4a7b3f9a0fc44711bdd6913b7381dea622ac79bc252f10f96b9b201e9e4a736d999a2cf671690e4a1b12da522173e13a5f"}, 0x80)
write$binfmt_misc(r0, &(0x7f0000000040)="0db723740d6678af6874bb74fb7875012c7de0568a8315a6736b7635e00126b713064871082ef63a291542a0bbb266ec7c61a508716f1b1ea80046ef", 0xe5c)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x2180)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300000000000000c9ffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

14.11949709s ago: executing program 1 (id=1758):
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x480000f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x4000004)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@empty, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0x4, 0x100000000, 0x3ffffffff, 0x0, 0x0, 0x0, 0x0, 0xe086}, {0x10000000000000, 0x400, 0xfffffffffffffffe}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x3c}, 0xa, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3504, 0x5, 0x2, 0x0, 0x2000000}}, 0xe8)
connect$inet6(r1, 0x0, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYRESOCT=r1], &(0x7f0000000000)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019480)=""/102400, 0x19000)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x0, 0x0)
lseek(r2, 0x164, 0x0)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010000000000000000000a00000000004e2200000000ffffffff00000000000000000000000000000000000066ca00000000", @ANYRES32=0x0, @ANYBLOB="010000000300000000000000000000000800030011"], 0x54}}, 0x20004010)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000001c0)=0xfe)
socket$inet_tcp(0x2, 0x1, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x2010, r0, 0x0)
syz_io_uring_setup(0x1515, &(0x7f00000002c0)={0x0, 0xfffffffe, 0x200}, &(0x7f0000000340), &(0x7f0000000380))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305e20000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

13.268023252s ago: executing program 5 (id=1759):
read$FUSE(0xffffffffffffffff, &(0x7f0000000440)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x2, 0xffffffff, {<r1=>0xffffffffffffffff}, {0xffffffffffffffff}, 0x431, 0x2d0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x4, 0x5, 0x0, 0x13, 0x1, 0x1, [{0x1, 0x9}, {0x7, 0xd2, 0x3}, {0xe, 0x1, 0xe7}, {0x2, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1, 0x0, @void, @value}, 0x28)
r2 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/access2\x00', 0x2, 0x0)
pipe(&(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
kcmp(r0, r1, 0x5, r2, r3)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r5, 0xc4c85512, &(0x7f0000002480)={{0x6, 0x3, 0x4e, 0xa, '\x00', 0x7}, 0x0, [0x7, 0x1, 0x6, 0x6, 0x4, 0x1f7ca3df, 0x0, 0x4, 0x9, 0x7f, 0xffffffffffffff6a, 0x4, 0x5, 0xfffffffffffffff9, 0x0, 0x80000001, 0x1, 0x603, 0x3f, 0x4, 0xffffffffffffffff, 0x0, 0x4, 0xa6, 0x6, 0x1ff, 0x8000000000000001, 0x0, 0x7, 0x5, 0x8000, 0x7, 0x8000000000000001, 0x8, 0xdfe4, 0x4, 0x709, 0x0, 0xb440, 0x5, 0x80000000, 0x7fffffffffffffff, 0x2, 0x5c, 0xfffffffffffffffa, 0x1, 0xffff, 0x7, 0x3, 0x8, 0x4940, 0x1000, 0xfffffffffffffff9, 0x1000002, 0xab5, 0x7, 0x8ee, 0x3, 0x9, 0x8000, 0xfffffffffffffffc, 0xb8a3, 0x3eeb, 0x9, 0x10000, 0x2, 0x7ff000000000, 0x9, 0xf5, 0xffff, 0x496, 0x8000000000000001, 0x10000, 0x1, 0x10000, 0x8, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x4, 0x5, 0x8, 0x156, 0x0, 0x49, 0x5, 0x5, 0x10, 0x2, 0x6, 0x10001, 0x9, 0x45b, 0x1, 0x5391, 0x0, 0x3, 0x7, 0x0, 0x6, 0xffffffffffffffff, 0x2, 0x8, 0x5ed596e, 0x5, 0xfffffffffffffb9d, 0x1, 0x9, 0xffffffffffffff62, 0xf, 0x40, 0x401, 0x0, 0x101, 0xb0, 0x8, 0x9, 0x8, 0x8, 0x8, 0x7ff, 0x7ff, 0x6, 0x7fff, 0x4307d8b0, 0x67616e07]})
ioctl$HIDIOCGFEATURE(r4, 0xc0404807, &(0x7f0000000140)={0x8, "dca8dc3af7f9656138fe4e14a6231f103a11eafbbc650cf8fd1d69e225be3a1ca4960845f256b32d0536c20ffcd74013c45eaad1cb39ba3ee7331a503d6a0dbc"})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000001100010100"/20, @ANYRES32, @ANYBLOB="000000000000000008001c"], 0x30}}, 0x20000094)

12.1567504s ago: executing program 1 (id=1760):
openat$kvm(0xffffffffffffff9c, 0x0, 0x44240, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x151000, 0x6)
mkdirat(r0, &(0x7f0000002040)='./file0\x00', 0x1e2)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x60004ce)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000440)={r2, 0x0, {0x0, 0x0, 0x0, 0x9, 0x800000000000, 0x0, 0x0, 0x10, 0x1d, "2401010000000000000d0ec0c1b4e9b1c4369d03740250ceaac500b1b3d741dd17c1c50d38ef2a565ef1e85c58d36500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d20000000100", "24431a1e58a68e174f0000000000ef8a07580000000000002000", [0x5]}})
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x20000000000003, 0x8000000000000002, 0x0, 0x0, 0x10, 0xa, "c25f7e0d775e40aee623452107249fe0bdbfce2fe240da8dce81a69b0edc7a60ad337212006a3e508b8040c7bc6e583cc41170a13349e2cfcc4b64bd4fbf41ee", "a5526c3b6a46c15c42022ee6cc29fd6294ee5056c4e8602a8a28609c370633cd58cda9ddec304859946ea27fb0b97bb826884c3d749834ad1e6c00", "412d226bd7dc8ce5783126ae76e309616391f73ea9c19b4a27828e2d00195a1f", [0x2, 0x1ff]})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8923, &(0x7f0000000000)={'wlan1\x00', 0x103})

12.125051053s ago: executing program 5 (id=1761):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x0)
ioctl$CEC_DQEVENT(r1, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r1, 0xc0506107, 0x0)
ioctl$IOC_PR_PREEMPT(r1, 0x40046109, &(0x7f0000000040)={0xd0})
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRES32, @ANYRESHEX=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000001000000000100000000000000000000000000000000ba4601cde9addc339c29fb0000077ecd0da4ed36bd56939bdb7c1b95c4e1acb0e3a7c4ae33af222d3d92319fc9a35c08fb23d57561d76ec6b7e95b70496d0d34e8cc9d93f7fc4790150359a22611381e7bb8c1e0c061eba488865939e003c996eba3001688e2b4f553612fcf0d5aeabeb9ec5d2775db5c9b5bc55789274413681ac06b9c41a53b61e0dbf4b6e447acc314294356016cf4d3276154d1b7f0d0ae6841ab323d01eeb0cd542fa6ebc48faa1a515ee3caef525827dc75e2e0654f7761cf6ede70b299957b080b", @ANYRES16=r1, @ANYRES64=r1], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000001a2a5e0ae85b6862dbeba909d8e018aedaf011c865c8c946ffef0e2b87c6e6d27b13f23c9b2b602adce0ee54121df789d2996c49a39e2f68205bce7517b044062e407c506606b828989d46c28e645fe73b3950a1337299cf91b3d9ee839a33ae67048564"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000fd00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000021c0)={&(0x7f0000000140)='rss_stat\x00', r4}, 0x10)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpriority(0x2, r5)
syz_usb_connect(0x3, 0x58, &(0x7f0000000b40)={{0x12, 0x1, 0x110, 0xe4, 0x30, 0xc7, 0x40, 0x5c6, 0x9002, 0xe464, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46, 0x2, 0x2, 0x3, 0x80, 0xb, [{{0x9, 0x4, 0xdb, 0x1, 0x2, 0x92, 0xcf, 0xbd, 0x3, [@uac_as={[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x0, 0x0, 0x2}]}], [{{0x9, 0x5, 0xd, 0x8, 0x200, 0x6, 0x1, 0x4, [@generic={0x8, 0xb, "653a135f1f5c"}]}}, {{0x9, 0x5, 0x8, 0x1, 0x3ff, 0x3, 0x8, 0x7, [@generic={0x8, 0xb, "257e418760af"}]}}]}}, {{0x9, 0x4, 0x7f, 0x1, 0x0, 0x88, 0xda, 0xc0, 0x8}}]}}]}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r8)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r9, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

11.995997607s ago: executing program 0 (id=1762):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0)
syz_open_dev$dri(0x0, 0xd21, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x46}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0xf5}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
linkat(0xffffffffffffffff, 0x0, r2, 0x0, 0x400)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
connect$inet6(r1, &(0x7f0000000380)={0xa, 0x4e31, 0x4, @ipv4={'\x00', '\xff\xff', @local}, 0x6}, 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd70000400000005000000080009000200000008000c00a80a00000600"], 0x34}}, 0x0)

11.887558132s ago: executing program 4 (id=1763):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="31010000dccd5e08cb0603000000000023010902240001000064000904340102d469e70009058a"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xcd, 0xf9, 0xf8, 0x8, 0xbc3, 0x1, 0x1185, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xdb, 0xd2, 0x96, 0x0, [], [{{0x9, 0x5, 0x7, 0x3}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

10.2207574s ago: executing program 0 (id=1765):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = semget$private(0x0, 0x4000000009, 0x0)
semop(r1, &(0x7f0000000240)=[{0x2, 0x7fff, 0x1000}], 0x1)
semop(r1, &(0x7f0000000100)=[{0x2, 0xd5db}], 0x1)
semtimedop(r1, &(0x7f0000001780)=[{0x2, 0x81, 0x3800}], 0x1, 0x0)
semctl$IPC_RMID(r1, 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000000)=""/182)
setreuid(0x0, r2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

10.097751198s ago: executing program 1 (id=1766):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000061121c0000000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='svcsock_marker\x00', 0xffffffffffffffff, 0x0, 0xcd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x20002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
pselect6(0x40, &(0x7f0000000100)={0x7f, 0x2, 0x5263, 0x4, 0x6, 0x10, 0x0, 0x111}, &(0x7f0000000180)={0x3708000, 0x2, 0x99c0, 0x3, 0x6, 0xf, 0xffff}, &(0x7f0000000240)={0xffffffff, 0x7, 0x0, 0x1, 0x800, 0xc42f, 0x2, 0x3}, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="020320001410000000000000000000000400030000000000000000000000000000000000000000010000000000000000030006000000000002004e207f00000100000000000000000400040000000000feffffffffffffff0000000000000000000000000000000002000100000000000000000000000000030005000000000002004e21ffffffff0000000000000000020013001200000000000000013500006ac3e5dcec4d73a12995ebc516640dda8cfd5e75fbdd13a42c9e37e18355ae424469f46dfe200a8ded9ade3aaade866de68823c70ca6c6008bba43"], 0xa0}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000001000000000300000000000000000100000000000200000000000000000000000602"], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
process_madvise(r6, &(0x7f0000000080)=[{&(0x7f0000000000)="02", 0x1}], 0x1, 0x1, 0x0)

9.428050323s ago: executing program 0 (id=1767):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000600000711205000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

9.08446008s ago: executing program 3 (id=1769):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/197, 0xc5}], 0x1}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0)

9.068822471s ago: executing program 0 (id=1770):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f00000003c0)={0x0, {{0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x6}}, {{0xa, 0x0, 0x6b4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}}}, 0x108)
r0 = syz_open_dev$media(&(0x7f0000001480), 0x6, 0x101a02)
write$binfmt_script(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x4e00, 0x0, 0x0, 0xbdff, 0x0, "fdffffffffffffff"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x90, 0x9b, "00bf46f8bbde7047bcd4a280000400"})
r2 = syz_open_pts(0xffffffffffffffff, 0x0)
r3 = dup3(r2, 0xffffffffffffffff, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback, 0xe, 0x1, 0x5, &(0x7f0000000380)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000500), &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)}, 0x40)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000540)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x5, 0x7, 0xd2, '\x00', 0x100})
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000340)=0x6000)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)="2d654eb1d2881ab1ea1f65b41f30b3f007507c6574d15d0f8b954ca4b6312dc6e6718f790be22b3801851e3cb57e72e73355a58061939942f7334339d72bf96258978c30a1", 0x45, 0x20000800, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000680)={{{@in=@initdev, @in6}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000000280)=0x52)
pipe(&(0x7f00000000c0)={<r7=>0xffffffffffffffff})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0x0)
splice(r7, 0x0, r8, 0x0, 0x7fff, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040)='ntfs3\x00', 0x8080, &(0x7f00000001c0)='discard')

8.62020726s ago: executing program 4 (id=1771):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)={0x0, 0x6, 0x4, 0x9, 0xfb, 0x8, 0x501}, 0xc)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000340)=ANY=[], 0x8)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsmount(r5, 0x0, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0c000000fe00010043"], 0x408100)

8.540017056s ago: executing program 3 (id=1772):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="38010000100001000000000000000000e0000001000000000000000000000000ffffffff0000000000000000000000004e200000000000000200002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000003a0000000000000000000000006c000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000000000000000000000480003006c7a6a68000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebffffff00000000000000000000d8bb4feb09"], 0x138}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000240), r2)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@loopback}, {@in=@remote, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa, 0x4, 0x0, 0x6a}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x7}}]}, 0x154}}, 0x0)

7.617522257s ago: executing program 0 (id=1773):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@private0, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0xdd9fa7fb5bc9f15c}, {{@in=@multicast1, 0x0, 0x3c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @private}}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800018, 0x19)

7.567321536s ago: executing program 3 (id=1774):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x214, r1, 0x1, 0x0, 0x0, {0x5}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_FEATURES_WANTED={0x1f4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4b, 0x4, "1a1d7f342cd92076d880c0ccc2972a0ab3175d3534c79e7af740f158916e2bddef92f91aeeb40b8647a55fa0a586172b9a06abad7e405029dd9c86a556d2a39c78ade61afe541794025440099ab514e36c15fd8d4453a2bc906ede1aecefb3d12d1dca3dac2fa6f378afdeabee5ac34e616689203f4985eda35abe81ed39794b5c5df11e43e29750b186c7cd0e4b2c68272f8aa4efa54e50575c1b2ee6d7e24ff0ee375f75609515d50ee370a1fba8593fcec3c9b00023ba87214baa965b8311c9ac22e2b202aaebb3eea9372aec3983927ce8aefeec494f1c1b2ea6a21e6a0a93c69a07db50f0400c6192acb6b7f7f6022722007ad9"}, @ETHTOOL_A_BITSET_MASK={0xf2, 0x5, "4fb72037cf23153572a105812004466e348a13b4d787b5cdd42418d72f355062f3e2ea053ec15c9e64f7d0497041d4c5678c66668147fb83c22a0c82a3a7e0bad01523b60864b89717b4e701d0198b0ef9ecbdd5de69e29ecfba0bf59fbe5b2bd2fd3f08494e1f1ea5b5334e91fff699212f2a86471c5e6ac664358dfc2ca11ad9cb10044a13104291cdc1ee577a0b31fd53c6c60ce1f4ac151e1078ce85293dfa858802b71667bef634401a8ae7800e35c1ab5d947697c48f93c8cb92a0ceedd296c8d113e7821ff1e220756d6c49ebb3a0981da9a04499b64d4445d665ceb89dc8548db3ea87ab3e829aaa4480"}]}]}, 0x214}}, 0x0)

7.18403306s ago: executing program 5 (id=1775):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
clock_adjtime(0x0, &(0x7f0000001100)={0xd77, 0x2000000000000000, 0x0, 0x0, 0x0, 0x4b, 0x3ffffe, 0x0, 0x0, 0xa12, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x1})
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0x8001, 0x1)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x6})
r2 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0xce4a000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000001c0)=ANY=[@ANYBLOB="61124c00000000006113860000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070036060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee59b22f2e056d935562beb176c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$BLKRRPART(r2, 0x125f, 0x0)

7.183045052s ago: executing program 3 (id=1776):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$ppp(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x40811}, 0x4042090)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x500}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.73493191s ago: executing program 3 (id=1777):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mremap(&(0x7f000011f000/0x1000)=nil, 0x1000, 0x13000, 0x2, &(0x7f00000b5000/0x13000)=nil)
r1 = getpid()
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa1400"], 0x10c}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = inotify_add_watch(0xffffffffffffffff, 0x0, 0x400)
socket(0x10, 0x3, 0x0)
r6 = dup(0xffffffffffffffff)
syz_open_dev$tty20(0xc, 0x4, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x101000)
inotify_rm_watch(r6, r5)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x260, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="48010000100013070000000000000000ac1e000100000000000000001d00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000ffffe0000002000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000002000000000000000000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000c000000000008000b00000000"], 0x148}}, 0x0)

5.591332062s ago: executing program 5 (id=1778):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000001000000000000000e0000008500000087000000b7080000000000007b8af8ff00000000b7080000030000007b8af0ff00000000bfa1001fffffff0007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

5.504057585s ago: executing program 1 (id=1779):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f00000000c0))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
iopl(0x3)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x420800)
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x404800, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000940)={0x2020}, 0xfffffffffffffe10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc1, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000140))
openat(r1, 0x0, 0x6400, 0x1)
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000700))

5.386288961s ago: executing program 0 (id=1780):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0xa552, 0x0, 0x2}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_LINKAT={0x27, 0x40, 0x0, r1, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x600, 0x1})
io_uring_enter(r1, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x48}, [@ldst={0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0xffffff33, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

4.52548872s ago: executing program 3 (id=1781):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./control\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001880)="5c00000012006bab9e3de3d86e6c1dffff137e0300000000000000b68675f8001d000a00a0e69ee517d34460bc24eab556a7e6241e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f408000300060100000800030011000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$join(0x1, &(0x7f0000000300)={'syz', 0x3})
syz_emit_ethernet(0x42, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)

4.440012505s ago: executing program 5 (id=1782):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/197, 0xc5}], 0x1}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0)

0s ago: executing program 1 (id=1783):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$kcm(0x2, 0x1, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r3, 0x5412, 0x0)
ioctl$TIOCSTI(r3, 0x5412, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x9)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000580)=0xa)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7e)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc4c85512, &(0x7f0000000b80)={{0x5, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0xbca6, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[@ANYRES8=r2, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYRES8=r0], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1b, 0x5, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write(r5, &(0x7f0000000000)="3b000300010086", 0x7)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x81, 0xffffffff, 0x8006})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
connect$can_bcm(r8, &(0x7f0000000200), 0x10)
sendmsg$can_bcm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRESDEC=r0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRESOCT=r6, @ANYBLOB="000000000100000000000000000000005f4731e5de939cbc"], 0x48}}, 0x0)
sendmsg$can_bcm(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="06"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x88d1)

kernel console output (not intermixed with test programs):

74832][ T5827] usb usb5-port1: attempt power cycle
[  398.635067][ T5827] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  398.735052][ T5827] usb 5-1: device descriptor read/8, error -71
[  399.004483][ T5827] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  399.046073][ T5827] usb 5-1: device descriptor read/8, error -71
[  399.161400][ T5827] usb usb5-port1: unable to enumerate USB device
[  399.334341][ T9504] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  399.684592][ T9501] mkiss: ax0: crc mode is auto.
[  400.766327][ T9528] netlink: 'syz.0.1083': attribute type 29 has an invalid length.
[  400.814525][ T5827] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  400.855883][ T9532] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1083'.
[  400.885050][ T9530] netlink: 'syz.0.1083': attribute type 29 has an invalid length.
[  401.010944][ T5827] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  401.134797][ T5875] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  401.149421][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.556300][ T5827] usb 4-1: Product: syz
[  401.568116][ T5827] usb 4-1: Manufacturer: syz
[  401.584565][ T5827] usb 4-1: SerialNumber: syz
[  401.598297][ T5911] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  401.604472][ T5875] usb 5-1: Using ep0 maxpacket: 16
[  401.618311][ T5827] usb 4-1: config 0 descriptor??
[  401.712665][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.774539][ T5911] usb 2-1: Using ep0 maxpacket: 32
[  401.838679][ T9524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.910038][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.935553][ T9543] 9pnet_fd: p9_fd_create_tcp (9543): problem connecting socket to 127.0.0.1
[  401.955021][ T9524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  401.982153][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.065192][ T5911] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  402.125057][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.129755][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.236012][ T5875] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  402.262455][ T5911] usb 2-1: config 0 descriptor??
[  402.273730][ T5875] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  402.280184][ T9550] trusted_key: syz.2.1088 sent an empty control message without MSG_MORE.
[  402.313539][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.328483][ T5911] hub 2-1:0.0: USB hub found
[  402.346695][ T5873] usb 4-1: USB disconnect, device number 33
[  402.524720][ T5875] usb 5-1: config 0 descriptor??
[  402.794209][ T5875] usbhid 5-1:0.0: can't add hid device: -71
[  402.802810][ T5875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  402.841713][ T5875] usb 5-1: USB disconnect, device number 34
[  404.941106][ T5911] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  405.213032][ T5911] usbhid 2-1:0.0: can't add hid device: -71
[  405.230356][ T5911] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  405.276979][ T5911] usb 2-1: USB disconnect, device number 32
[  406.595170][ T9571] netlink: 'syz.1.1094': attribute type 12 has an invalid length.
[  406.595200][ T9571] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1094'.
[  406.724502][ T5922] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  406.937109][ T5922] usb 5-1: device descriptor read/64, error -71
[  407.405579][ T5922] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  407.632112][ T5922] usb 5-1: device descriptor read/64, error -71
[  407.745191][ T5922] usb usb5-port1: attempt power cycle
[  408.094542][ T5922] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  408.265618][ T5922] usb 5-1: device descriptor read/8, error -71
[  408.403554][ T5827] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  408.518732][ T5922] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  408.579627][ T5922] usb 5-1: device descriptor read/8, error -71
[  408.583399][ T5827] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  408.583448][ T5827] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  408.583474][ T5827] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  408.583516][ T5827] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  408.583542][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.603197][ T5827] usb 2-1: config 0 descriptor??
[  408.910953][ T5922] usb usb5-port1: unable to enumerate USB device
[  409.124496][ T5866] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  409.211105][ T9590] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  409.242680][ T9590] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  409.329544][ T5866] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  409.329583][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.329609][ T5866] usb 3-1: Product: syz
[  409.329627][ T5866] usb 3-1: Manufacturer: syz
[  409.329645][ T5866] usb 3-1: SerialNumber: syz
[  409.374810][ T5866] usb 3-1: config 0 descriptor??
[  409.455606][ T9591] xt_TCPMSS: Only works on TCP SYN packets
[  409.624732][ T5827] ath6kl: Failed to submit usb control message: -110
[  409.624782][ T5827] ath6kl: unable to send the bmi data to the device: -110
[  409.624801][ T5827] ath6kl: Unable to send get target info: -110
[  409.627739][ T5827] ath6kl: Failed to init ath6kl core: -110
[  409.628132][ T5827] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110
[  409.684573][ T9587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  409.684874][ T9587] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  409.961525][ T5866] usb 3-1: USB disconnect, device number 48
[  410.217145][ T5827] usb 2-1: USB disconnect, device number 33
[  410.444420][ T9604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.500650][ T9604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.560655][ T9604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.591402][ T9604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.664647][ T5827] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  411.299123][ T5827] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  411.671512][ T5827] usb 2-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40
[  411.711404][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.762229][ T5827] usb 2-1: Product: syz
[  411.784804][ T5827] usb 2-1: SerialNumber: syz
[  411.832235][ T5827] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  412.067034][ T5827] usb 2-1: USB disconnect, device number 34
[  412.695726][ T9619] debugfs: Bad value for 'gid'
[  412.700607][ T9619] debugfs: Bad value for 'gid'
[  414.214783][ T5826] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  414.225989][ T5826] Bluetooth: hci2: unexpected event for opcode 0x0c47
[  417.632297][ T9680] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1126'.
[  417.651635][ T9680] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1126'.
[  417.764506][ T5911] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  418.095735][ T5911] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  418.267962][ T5833] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  418.277361][ T5833] Bluetooth: hci2: Injecting HCI hardware error event
[  418.290944][ T5833] Bluetooth: hci2: hardware error 0x00
[  418.352345][ T5911] usb 3-1: config 1 has an invalid descriptor of length 44, skipping remainder of the config
[  418.590448][ T5911] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  418.618250][ T5911] usb 3-1: config 1 has no interface number 1
[  418.675000][ T5911] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  418.754617][ T5911] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  418.804354][ T5911] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 2048, setting to 1023
[  418.845651][ T5911] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  418.872166][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.914480][ T5911] usb 3-1: Product: syz
[  418.934837][ T5911] usb 3-1: Manufacturer: syz
[  419.064770][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout
[  419.835755][ T5911] usb 3-1: SerialNumber: syz
[  420.152300][ T9702] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  420.934095][ T9698] mkiss: ax0: crc mode is auto.
[  420.946215][ T5833] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  421.204669][ T5911] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  421.494015][ T5911] usb 3-1: USB disconnect, device number 49
[  421.503964][ T9710] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1133'.
[  421.670382][ T9710] dummy0: entered promiscuous mode
[  421.749571][ T9710] macvtap1: entered promiscuous mode
[  421.787146][ T9710] macvtap1: entered allmulticast mode
[  421.854484][ T9710] dummy0: entered allmulticast mode
[  421.889671][ T9726] FAULT_INJECTION: forcing a failure.
[  421.889671][ T9726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.014601][ T9726] CPU: 0 UID: 0 PID: 9726 Comm: syz.0.1137 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  422.014632][ T9726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  422.014645][ T9726] Call Trace:
[  422.014654][ T9726]  <TASK>
[  422.014663][ T9726]  dump_stack_lvl+0x241/0x360
[  422.014706][ T9726]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.014748][ T9726]  ? __pfx__printk+0x10/0x10
[  422.014782][ T9726]  ? __pfx_lock_release+0x10/0x10
[  422.014817][ T9726]  should_fail_ex+0x40a/0x550
[  422.014846][ T9726]  _copy_from_user+0x2d/0xb0
[  422.014869][ T9726]  copy_msghdr_from_user+0xae/0x680
[  422.014902][ T9726]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  422.014927][ T9726]  ? __fget_files+0x2a/0x410
[  422.014958][ T9726]  ? __fget_files+0x2a/0x410
[  422.014993][ T9726]  __sys_sendmsg+0x209/0x350
[  422.015019][ T9726]  ? __pfx___sys_sendmsg+0x10/0x10
[  422.015053][ T9726]  ? do_sys_openat2+0x17a/0x1d0
[  422.015105][ T9726]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  422.015132][ T9726]  ? do_syscall_64+0x100/0x230
[  422.015164][ T9726]  ? do_syscall_64+0xb6/0x230
[  422.015196][ T9726]  do_syscall_64+0xf3/0x230
[  422.015224][ T9726]  ? clear_bhb_loop+0x35/0x90
[  422.015256][ T9726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.015284][ T9726] RIP: 0033:0x7f1eb518cde9
[  422.015303][ T9726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.015321][ T9726] RSP: 002b:00007f1eb5f34038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  422.015345][ T9726] RAX: ffffffffffffffda RBX: 00007f1eb53a5fa0 RCX: 00007f1eb518cde9
[  422.015361][ T9726] RDX: 0000000020048040 RSI: 0000200000000d00 RDI: 0000000000000003
[  422.015375][ T9726] RBP: 00007f1eb5f34090 R08: 0000000000000000 R09: 0000000000000000
[  422.015388][ T9726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.015400][ T9726] R13: 0000000000000000 R14: 00007f1eb53a5fa0 R15: 00007ffdfe4cb358
[  422.015430][ T9726]  </TASK>
[  422.295058][ T5917] udevd[5917]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  423.416329][ T9737] netlink: 'syz.1.1141': attribute type 10 has an invalid length.
[  423.524670][ T9743] netlink: 'syz.2.1144': attribute type 3 has an invalid length.
[  424.327820][ T9737] mac80211_hwsim hwsim10 wlan1: left promiscuous mode
[  424.407884][ T9737] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode
[  424.418446][ T9752] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1141'.
[  424.622208][ T9737] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  424.907080][ T5922] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  425.594578][ T5922] usb 5-1: device descriptor read/64, error -71
[  425.645738][ T9763] netlink: 'syz.2.1147': attribute type 29 has an invalid length.
[  425.691492][ T9763] netlink: 'syz.2.1147': attribute type 29 has an invalid length.
[  425.718486][ T9763] netlink: 516 bytes leftover after parsing attributes in process `syz.2.1147'.
[  425.894715][ T5922] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  426.074544][ T5922] usb 5-1: device descriptor read/64, error -71
[  427.048559][ T5922] usb usb5-port1: attempt power cycle
[  427.735372][ T5922] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  428.662026][ T9782] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1151'.
[  429.084470][ T5922] usb 5-1: device descriptor read/8, error -71
[  430.624408][ T5922] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  430.645724][ T9804] netlink: 'syz.3.1161': attribute type 29 has an invalid length.
[  430.797718][ T9804] netlink: 'syz.3.1161': attribute type 29 has an invalid length.
[  431.051645][ T9806] netlink: 516 bytes leftover after parsing attributes in process `syz.3.1161'.
[  431.254498][ T5922] usb 5-1: device descriptor read/8, error -71
[  431.384933][ T5922] usb usb5-port1: unable to enumerate USB device
[  432.991333][ T9821] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  433.142516][ T9821] mkiss: ax0: crc mode is auto.
[  433.565761][ T9817] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1165'.
[  434.594506][ T5922] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  434.842276][ T5922] usb 5-1: config 0 has an invalid interface number: 135 but max is 0
[  434.881273][ T5922] usb 5-1: config 0 has no interface number 0
[  434.911126][ T5922] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 32
[  434.946837][ T5922] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  434.971978][ T5922] usb 5-1: New USB device found, idVendor=05ac, idProduct=1402, bcdDevice=45.65
[  434.987263][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.015306][ T9840] netlink: 'syz.2.1174': attribute type 29 has an invalid length.
[  435.025850][ T5922] usb 5-1: Product: syz
[  435.030088][ T5922] usb 5-1: Manufacturer: syz
[  435.065669][ T9840] netlink: 'syz.2.1174': attribute type 29 has an invalid length.
[  435.080651][ T5922] usb 5-1: SerialNumber: syz
[  435.111518][ T5922] usb 5-1: config 0 descriptor??
[  435.121825][ T9840] netlink: 516 bytes leftover after parsing attributes in process `syz.2.1174'.
[  435.137561][ T9830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  435.160999][ T9830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  435.400131][ T9830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  435.424200][ T9830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  435.667375][ T5922] asix 5-1:0.135 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  435.877420][ T5922] asix 5-1:0.135: probe with driver asix failed with error -71
[  436.107962][ T5922] usb 5-1: USB disconnect, device number 43
[  437.289763][ T5866] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  438.054886][ T5866] usb 4-1: Using ep0 maxpacket: 16
[  438.087344][ T5866] usb 4-1: unable to get BOS descriptor or descriptor too short
[  438.125088][ T5866] usb 4-1: config 0 has no interfaces?
[  438.148025][ T5866] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=c5.67
[  438.274380][ T5866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.352450][ T9881] xt_policy: too many policy elements
[  438.565877][ T5866] usb 4-1: Product: syz
[  438.710232][ T5866] usb 4-1: Manufacturer: syz
[  438.754387][ T5866] usb 4-1: SerialNumber: syz
[  438.807972][ T5866] r8152-cfgselector 4-1: Unknown version 0x0000
[  438.816958][ T5866] r8152-cfgselector 4-1: config 0 descriptor??
[  439.051694][ T5866] r8152-cfgselector 4-1: USB disconnect, device number 34
[  439.215280][ T9883] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1186'.
[  439.707413][ T9889] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1189'.
[  439.754583][ T9889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1189'.
[  440.368458][ T5911] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  440.425695][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.432246][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.955249][ T5911] usb 4-1: device descriptor read/64, error -71
[  441.234584][ T5911] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  441.449866][ T5911] usb 4-1: device descriptor read/64, error -71
[  441.655412][ T5911] usb usb4-port1: attempt power cycle
[  442.006322][ T5911] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  442.170801][ T5911] usb 4-1: device descriptor read/8, error -71
[  442.475295][ T5911] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  442.664817][ T5911] usb 4-1: device descriptor read/8, error -71
[  442.788193][ T5911] usb usb4-port1: unable to enumerate USB device
[  443.029312][ T9909] xt_policy: too many policy elements
[  443.777976][ T9921] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1198'.
[  445.504869][ T9948] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1199'.
[  446.164570][   T58] usb 3-1: new full-speed USB device number 50 using dummy_hcd
[  446.550468][   T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  446.562033][   T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  446.587257][   T58] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  446.655594][   T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  446.689621][   T58] usb 3-1: SerialNumber: syz
[  446.731339][   T58] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  446.775577][ T9972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1213'.
[  446.803169][   T58] usb-storage 3-1:1.0: USB Mass Storage device detected
[  446.844084][ T9972] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1213'.
[  446.855076][   T58] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  446.908335][   T58] scsi host1: usb-storage 3-1:1.0
[  447.264960][ T9977] lo speed is unknown, defaulting to 1000
[  447.740991][ T9986] tmpfs: Unknown parameter '0x00000000000000040x0000000000000005'
[  448.078792][ T9986] block device autoloading is deprecated and will be removed.
[  448.241871][ T5911] usb 3-1: USB disconnect, device number 50
[  448.254174][ T9986] syz.4.1215: attempt to access beyond end of device
[  448.254174][ T9986] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  449.134601][ T5922] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  449.306383][ T5922] usb 5-1: config 0 has an invalid interface number: 4 but max is 0
[  449.331464][ T5922] usb 5-1: config 0 has no interface number 0
[  449.407507][ T5922] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  449.485047][ T5922] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  449.538189][ T5922] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  449.604516][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.656599][ T5922] usb 5-1: config 0 descriptor??
[  450.102483][ T5922] uclogic 0003:256C:006D.000C: interface is invalid, ignoring
[  450.313619][ T5922] usb 5-1: USB disconnect, device number 44
[  450.605220][T10004] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1221'.
[  452.548944][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1225'.
[  452.664518][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1225'.
[  452.695179][ T5922] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  452.866261][ T5922] usb 3-1: config 17 has an invalid descriptor of length 160, skipping remainder of the config
[  453.006017][ T5922] usb 3-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  453.070794][ T5922] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  453.142896][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.246226][T10028] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  453.253388][T10028] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  453.312437][T10028] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  453.319076][T10028] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  454.068085][T10028] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  454.074745][T10028] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  454.108079][T10028] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  454.114658][T10028] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  454.197363][T10028] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  454.203958][T10028] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  454.295303][T10036] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1231'.
[  454.336056][ T5922] usb 3-1: string descriptor 0 read error: -71
[  454.363381][T10036] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1231'.
[  454.396662][ T5922] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1
[  454.440027][T10036] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1231'.
[  454.470758][ T5922] usb 3-1: USB disconnect, device number 51
[  454.748111][T10041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1234'.
[  455.704874][ T5866] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  456.225995][T10052] xt_CT: You must specify a L4 protocol and not use inversions on it
[  456.835496][ T5833] Bluetooth: hci1: unexpected event for opcode 0x041c
[  456.859847][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.884349][ T5866] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.924453][ T5866] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  456.952103][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.196132][ T5866] usb 2-1: config 0 descriptor??
[  457.303448][T10056] netlink: 'syz.4.1237': attribute type 10 has an invalid length.
[  457.312099][T10056] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.319484][T10056] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.243691][T10056] team0: Port device bridge0 removed
[  459.251314][T10056] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.258547][T10056] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.266064][T10056] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.273236][T10056] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.283709][T10056] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  459.438577][T10060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1239'.
[  459.455234][T10060] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1239'.
[  459.465184][ T5866] usbhid 2-1:0.0: can't add hid device: -71
[  459.479151][ T5866] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  459.541905][ T5866] usb 2-1: USB disconnect, device number 35
[  459.825764][T10065] xt_policy: too many policy elements
[  460.255153][ T5875] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  460.525038][ T5875] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  460.533802][ T5875] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  460.624585][ T5875] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  460.658517][ T5875] usb 3-1: config 1 has no interface number 1
[  460.674348][ T5875] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  460.729883][ T5875] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  461.292059][ T5833] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  461.302743][ T5833] Bluetooth: hci1: Injecting HCI hardware error event
[  461.317375][ T5826] Bluetooth: hci1: hardware error 0x00
[  461.416254][ T5875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  461.458220][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.571619][ T5875] usb 3-1: Product: syz
[  461.584317][ T5875] usb 3-1: Manufacturer: syz
[  461.594333][ T5875] usb 3-1: SerialNumber: syz
[  462.936674][ T5875] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  462.974359][ T5875] usb 3-1: MIDIStreaming interface descriptor not found
[  463.105115][ T5875] usb 3-1: USB disconnect, device number 52
[  463.394934][ T5826] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  464.106952][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  464.242870][T10103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'.
[  464.581250][T10108] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1250'.
[  465.252962][T10111] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1253'.
[  465.724583][ T5875] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  465.872992][T10099] netlink: 'syz.2.1249': attribute type 2 has an invalid length.
[  465.882360][T10099] netlink: 'syz.2.1249': attribute type 1 has an invalid length.
[  465.934620][ T5875] usb 5-1: Using ep0 maxpacket: 16
[  466.028561][ T5875] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 31
[  466.057428][ T5875] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  466.080606][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.194332][ T5875] usb 5-1: Product: syz
[  466.209150][ T5875] usb 5-1: Manufacturer: syz
[  466.213834][ T5875] usb 5-1: SerialNumber: syz
[  466.246682][ T5875] usb 5-1: config 0 descriptor??
[  466.279735][ T5875] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  466.886857][ T5875] ssu100 5-1:0.0: probe with driver ssu100 failed with error -5
[  466.973145][ T5875] usb 5-1: USB disconnect, device number 45
[  467.184413][T10130] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  467.191495][T10130] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  467.215279][T10130] vhci_hcd vhci_hcd.0: Device attached
[  467.527880][ T5875] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  468.450252][   T58] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  468.615095][ T5875] usb 5-1: device descriptor read/64, error -71
[  468.812705][T10140] 9pnet_fd: p9_fd_create_tcp (10140): problem connecting socket to 127.0.0.1
[  468.889064][ T5875] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  469.154620][ T5875] usb 5-1: device descriptor read/64, error -71
[  469.204729][ T5911] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  469.415496][ T5875] usb usb5-port1: attempt power cycle
[  469.443669][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  469.593802][ T5911] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  469.734703][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  469.823227][ T5911] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  469.839321][ T5911] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  469.850164][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.871981][ T5911] usb 2-1: config 0 descriptor??
[  469.974519][ T5875] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  470.038098][ T5875] usb 5-1: device descriptor read/8, error -71
[  470.115617][ T5911] hdpvr 2-1:0.0: unexpected answer of status request, len -71
[  470.160378][ T5911] hdpvr 2-1:0.0: device init failed
[  470.173584][T10131] vhci_hcd: connection reset by peer
[  470.192791][ T5911] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[  470.205886][T10151] program syz.2.1263 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  470.223283][   T52] vhci_hcd: stop threads
[  470.268995][   T52] vhci_hcd: release socket
[  470.286645][ T5911] usb 2-1: USB disconnect, device number 36
[  470.313358][   T52] vhci_hcd: disconnect device
[  470.395437][T10156] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1264'.
[  470.940492][T10164] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1267'.
[  470.949700][T10164] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1267'.
[  472.215323][T10173] net_ratelimit: 66 callbacks suppressed
[  472.215347][T10173] netlink: zone id is out of range
[  472.314809][T10173] netlink: zone id is out of range
[  472.324744][T10173] netlink: zone id is out of range
[  472.337375][T10173] netlink: get zone limit has 4 unknown bytes
[  474.027644][   T58] vhci_hcd: vhci_device speed not set
[  474.366843][T10203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  474.457003][T10207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1277'.
[  474.655834][ T5911] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  474.820315][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  475.405735][ T5911] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  475.476574][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  475.524023][ T5911] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  475.562356][ T5911] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  475.611306][   T58] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  475.687200][T10217] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  475.859512][T10218] Process accounting resumed
[  476.274686][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.374464][   T58] usb 5-1: Using ep0 maxpacket: 16
[  476.381962][ T5911] usb 4-1: config 0 descriptor??
[  476.408144][   T58] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  476.455170][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.496462][   T58] usb 5-1: Product: syz
[  476.500863][   T58] usb 5-1: Manufacturer: syz
[  476.526754][T10224] dccp_invalid_packet: P.Data Offset(0) too small
[  476.533517][   T58] usb 5-1: SerialNumber: syz
[  476.574777][   T58] usb 5-1: config 0 descriptor??
[  476.612448][   T58] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  476.641493][T10206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.677194][   T58] usb 5-1: Detected FT232H
[  476.705589][T10206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.780489][ T5911] hdpvr 4-1:0.0: firmware version 0x0 dated 
[  476.806277][   T58] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  476.822389][ T5911] hdpvr 4-1:0.0: untested firmware, the driver might not work.
[  476.982290][ T5911] hdpvr 4-1:0.0: device init failed
[  477.002263][ T5911] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12
[  477.068457][ T5911] usb 4-1: USB disconnect, device number 39
[  477.243244][   T58] ftdi_sio 5-1:0.0: GPIO initialisation failed: -5
[  477.274737][   T58] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  477.314663][ T5875] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  477.921237][ T5911] usb 5-1: USB disconnect, device number 50
[  477.951400][ T5911] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  477.969823][ T5911] ftdi_sio 5-1:0.0: device disconnected
[  478.014586][ T5875] usb 2-1: Using ep0 maxpacket: 16
[  478.028161][ T5875] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  478.275205][T10246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1290'.
[  478.460912][T10248] bridge_slave_0: left allmulticast mode
[  478.476849][T10248] bridge_slave_0: left promiscuous mode
[  478.493107][T10248] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.494327][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.075032][ T5875] usb 2-1: config 0 descriptor??
[  479.099026][ T5875] gspca_main: sonixj-2.14.0 probing 0471:0327
[  479.107013][T10248] bridge_slave_1: left allmulticast mode
[  479.144855][T10252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1291'.
[  479.192635][T10248] bridge_slave_1: left promiscuous mode
[  479.501824][T10248] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.575954][T10248] bond0: (slave bond_slave_0): Releasing backup interface
[  479.656098][T10248] bond0: (slave bond_slave_1): Releasing backup interface
[  479.751411][T10263] input: syz0 as /devices/virtual/input/input19
[  479.782272][T10248] team0: Port device team_slave_0 removed
[  479.877854][T10248] team0: Port device team_slave_1 removed
[  479.899734][T10248] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  479.913103][ T6961] udevd[6961]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  479.956740][T10248] batman_adv: batadv0: Removing interface: batadv_slave_0
[  479.980910][T10248] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  479.988869][ T5922] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  480.018343][T10248] batman_adv: batadv0: Removing interface: batadv_slave_1
[  480.148036][T10248] team0: Port device vlan0 removed
[  480.208350][T10248] bond0: (slave bond1): Releasing backup interface
[  480.306391][ T5911] lo speed is unknown, defaulting to 1000
[  480.884393][ T5875] gspca_sonixj: i2c_w8 err -71
[  480.905159][ T5875] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  480.916401][ T5875] usb 2-1: USB disconnect, device number 37
[  481.594827][T10286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1302'.
[  481.719582][T10291] netlink: 'syz.1.1304': attribute type 1 has an invalid length.
[  481.797493][T10285] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'.
[  481.806954][T10290] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'.
[  483.808750][T10311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1307'.
[  490.694455][ T5827] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  491.075352][ T5827] usb 4-1: Using ep0 maxpacket: 16
[  491.114830][ T5827] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  491.135344][T10340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1315'.
[  491.298216][ T5827] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  491.395256][ T5827] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  491.549121][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.627698][ T5827] usb 4-1: Product: syz
[  491.631986][ T5827] usb 4-1: Manufacturer: syz
[  491.715647][T10347] netlink: 'syz.4.1318': attribute type 3 has an invalid length.
[  491.820850][ T5827] usb 4-1: SerialNumber: syz
[  492.077595][ T5827] usb 4-1: can't set config #1, error -71
[  492.194526][ T5827] usb 4-1: USB disconnect, device number 41
[  492.422725][T10355] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1321'.
[  492.433719][T10355] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1321'.
[  494.130988][T10369] block nbd3: NBD_DISCONNECT
[  495.141460][T10376] 9pnet_fd: p9_fd_create_tcp (10376): problem connecting socket to 127.0.0.1
[  497.560121][T10384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1326'.
[  500.367007][T10414] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1334'.
[  500.376475][T10414] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1334'.
[  501.711547][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.718208][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  502.387461][T10429] loop8: detected capacity change from 0 to 7
[  503.511405][T10429] Dev loop8: unable to read RDB block 7
[  503.776194][T10429]  loop8: unable to read partition table
[  503.860061][T10429] loop8: partition table beyond EOD, truncated
[  503.955552][T10435] 9pnet_fd: p9_fd_create_tcp (10435): problem connecting socket to 127.0.0.1
[  503.984587][T10429] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  503.984587][T10429] 
) failed (rc=-5)
[  504.427643][T10441] 9pnet_fd: Insufficient options for proto=fd
[  504.679567][T10444] bridge0: entered allmulticast mode
[  504.764747][   T58] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  505.370006][   T58] usb 5-1: Using ep0 maxpacket: 32
[  505.400901][   T58] usb 5-1: config 0 has an invalid interface number: 97 but max is 0
[  505.433884][   T58] usb 5-1: config 0 has no interface number 0
[  505.560226][   T58] usb 5-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=da.cf
[  505.616227][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.661714][   T58] usb 5-1: Product: syz
[  505.671052][   T58] usb 5-1: Manufacturer: syz
[  505.696204][   T58] usb 5-1: SerialNumber: syz
[  505.733001][   T58] usb 5-1: config 0 descriptor??
[  505.755326][   T58] rndis_host 5-1:0.97: More than one union descriptor, skipping ...
[  505.783083][   T58] usb 5-1: bad CDC descriptors
[  505.799077][   T58] cdc_acm 5-1:0.97: More than one union descriptor, skipping ...
[  507.581661][ T5866] usb 5-1: USB disconnect, device number 51
[  507.690336][T10457] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  507.814365][T10463] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1346'.
[  507.823533][T10463] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1346'.
[  509.128918][T10474] input: syz0 as /devices/virtual/input/input20
[  509.376172][T10477] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1349'.
[  509.390003][T10478] syzkaller1: entered promiscuous mode
[  509.399187][T10478] syzkaller1: entered allmulticast mode
[  509.734501][ T5922] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  509.821690][   T29] audit: type=1326 audit(1738857309.662:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10491 comm="syz.2.1353" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f302838cde9 code=0x0
[  509.882443][T10494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1353'.
[  509.924432][ T5922] usb 2-1: Using ep0 maxpacket: 16
[  509.933094][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  509.960221][ T5922] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00
[  509.981316][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.013497][ T5922] usb 2-1: config 0 descriptor??
[  510.038954][ T5922] xbox_remote_probe: Unexpected endpoint_in
[  510.053810][ T5922] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  510.282836][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1354'.
[  510.293330][T10480] 9pnet_fd: p9_fd_create_tcp (10480): problem connecting socket to 127.0.0.1
[  510.378771][T10496] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1354'.
[  510.406826][T10499] bond0: entered promiscuous mode
[  510.457362][T10499] bond_slave_0: entered promiscuous mode
[  511.054495][T10496] netlink: 'syz.4.1354': attribute type 13 has an invalid length.
[  511.062401][T10496] netlink: 'syz.4.1354': attribute type 12 has an invalid length.
[  511.282109][T10499] bond_slave_1: entered promiscuous mode
[  511.310149][T10499] bridge0: entered promiscuous mode
[  511.408855][T10499] bond0: left promiscuous mode
[  511.413714][T10499] bond_slave_0: left promiscuous mode
[  511.638208][T10499] bond_slave_1: left promiscuous mode
[  512.472105][T10499] bridge0: left promiscuous mode
[  512.602209][ T5827] usb 2-1: USB disconnect, device number 38
[  512.807747][T10513] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1359'.
[  512.817291][T10513] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1359'.
[  513.570270][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1358'.
[  514.359486][T10530] loop8: detected capacity change from 0 to 7
[  514.384594][T10530] Dev loop8: unable to read RDB block 7
[  514.396181][T10533] input: syz0 as /devices/virtual/input/input21
[  514.403958][T10530]  loop8: unable to read partition table
[  514.434856][T10530] loop8: partition table beyond EOD, truncated
[  514.474767][T10530] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  514.474767][T10530] 
) failed (rc=-5)
[  515.771079][T10540] Bluetooth: hci1: Opcode 0x080f failed: -4
[  516.046957][T10549] 9pnet_fd: p9_fd_create_tcp (10549): problem connecting socket to 127.0.0.1
[  517.354569][ T5875] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  517.734715][ T5827] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  517.734846][ T5875] usb 4-1: config 0 interface 0 has no altsetting 0
[  518.672925][ T5875] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  518.734585][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.831723][T10569] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1371'.
[  518.937752][ T5875] usb 4-1: config 0 descriptor??
[  518.974387][ T5875] usb 4-1: can't set config #0, error -71
[  519.024615][ T5875] usb 4-1: USB disconnect, device number 42
[  519.724655][ T5875] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  520.294803][ T5875] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  520.304011][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.424287][ T5875] usb 4-1: Product: syz
[  520.430537][ T5875] usb 4-1: Manufacturer: syz
[  520.454302][ T5875] usb 4-1: SerialNumber: syz
[  520.696544][ T5875] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  521.289050][T10597] 9pnet_fd: p9_fd_create_tcp (10597): problem connecting socket to 127.0.0.1
[  521.370697][ T5866] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  522.626476][ T5866] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  522.634559][ T5866] ath9k_htc: Failed to initialize the device
[  523.655813][ T5866] usb 4-1: ath9k_htc: USB layer deinitialized
[  524.509613][ T5827] usb 4-1: USB disconnect, device number 43
[  524.637857][T10625] syz.4.1388: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  524.754542][T10625] CPU: 0 UID: 0 PID: 10625 Comm: syz.4.1388 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  524.754575][T10625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  524.754589][T10625] Call Trace:
[  524.754595][T10625]  <TASK>
[  524.754604][T10625]  dump_stack_lvl+0x241/0x360
[  524.754646][T10625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  524.754679][T10625]  ? __pfx__printk+0x10/0x10
[  524.754715][T10625]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  524.754750][T10625]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  524.754788][T10625]  warn_alloc+0x278/0x410
[  524.754826][T10625]  ? __pfx_warn_alloc+0x10/0x10
[  524.754864][T10625]  ? htable_create+0x102/0x880
[  524.754884][T10625]  ? __get_vm_area_node+0x1c8/0x2d0
[  524.754916][T10625]  ? __get_vm_area_node+0x25c/0x2d0
[  524.754952][T10625]  __vmalloc_node_range_noprof+0x62f/0x1380
[  524.755013][T10625]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  524.755054][T10625]  ? htable_create+0x102/0x880
[  524.755073][T10625]  vmalloc_noprof+0x79/0x90
[  524.755104][T10625]  ? htable_create+0x102/0x880
[  524.755123][T10625]  htable_create+0x102/0x880
[  524.755150][T10625]  hashlimit_mt_check_common+0x710/0xa40
[  524.755177][T10625]  hashlimit_mt_check_v1+0x2ea/0x540
[  524.755211][T10625]  ? __pfx_hashlimit_mt_check_v1+0x10/0x10
[  524.755242][T10625]  ? trace_contention_end+0x3c/0x120
[  524.755282][T10625]  ? __mutex_unlock_slowpath+0x227/0x800
[  524.755324][T10625]  xt_check_match+0x368/0xa40
[  524.755360][T10625]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  524.755389][T10625]  ? __pfx_xt_check_match+0x10/0x10
[  524.755436][T10625]  ? xt_find_match+0x1d3/0x210
[  524.755475][T10625]  translate_table+0x15c5/0x2260
[  524.755530][T10625]  ? __pfx_translate_table+0x10/0x10
[  524.755555][T10625]  ? __might_fault+0xaa/0x120
[  524.755587][T10625]  ? __pfx_lock_release+0x10/0x10
[  524.755619][T10625]  ? __virt_addr_valid+0x183/0x530
[  524.755653][T10625]  ? __might_fault+0xc6/0x120
[  524.755691][T10625]  ? copy_from_sockptr_offset+0x6b/0xb0
[  524.755718][T10625]  do_ipt_set_ctl+0xe3d/0x1250
[  524.755749][T10625]  ? nf_setsockopt+0x240/0x2c0
[  524.755768][T10625]  ? do_ip_setsockopt+0x1f44/0x3cd0
[  524.755793][T10625]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  524.755819][T10625]  ? rcu_is_watching+0x15/0xb0
[  524.755850][T10625]  ? trace_contention_end+0x3c/0x120
[  524.755893][T10625]  ? __mutex_unlock_slowpath+0x227/0x800
[  524.755932][T10625]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  524.755978][T10625]  nf_setsockopt+0x295/0x2c0
[  524.756025][T10625]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  524.756053][T10625]  do_sock_setsockopt+0x3af/0x720
[  524.756092][T10625]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  524.756130][T10625]  ? __fget_files+0x395/0x410
[  524.756156][T10625]  ? __fget_files+0x2a/0x410
[  524.756192][T10625]  __x64_sys_setsockopt+0x1ee/0x280
[  524.756232][T10625]  do_syscall_64+0xf3/0x230
[  524.756261][T10625]  ? clear_bhb_loop+0x35/0x90
[  524.756306][T10625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.756335][T10625] RIP: 0033:0x7fefe238cde9
[  524.756354][T10625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.756371][T10625] RSP: 002b:00007fefe31cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  524.756394][T10625] RAX: ffffffffffffffda RBX: 00007fefe25a5fa0 RCX: 00007fefe238cde9
[  524.756409][T10625] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000006
[  524.756423][T10625] RBP: 00007fefe240e2a0 R08: 0000000000000448 R09: 0000000000000000
[  524.756436][T10625] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000
[  524.756450][T10625] R13: 0000000000000000 R14: 00007fefe25a5fa0 R15: 00007fff0bcecc78
[  524.756481][T10625]  </TASK>
[  524.756722][T10625] Mem-Info:
[  525.174483][T10625] active_anon:597 inactive_anon:19287 isolated_anon:0
[  525.174483][T10625]  active_file:19483 inactive_file:38994 isolated_file:0
[  525.174483][T10625]  unevictable:768 dirty:112 writeback:0
[  525.174483][T10625]  slab_reclaimable:10248 slab_unreclaimable:101776
[  525.174483][T10625]  mapped:29771 shmem:16492 pagetables:935
[  525.174483][T10625]  sec_pagetables:0 bounce:0
[  525.174483][T10625]  kernel_misc_reclaimable:0
[  525.174483][T10625]  free:1301634 free_pcp:2055 free_cma:0
[  525.314442][T10625] Node 0 active_anon:2388kB inactive_anon:69784kB active_file:77952kB inactive_file:155884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119136kB dirty:452kB writeback:0kB shmem:57264kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10672kB pagetables:3436kB sec_pagetables:0kB all_unreclaimable? no
[  525.382286][T10632] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1390'.
[  525.391876][T10632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1390'.
[  525.504287][T10625] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:8kB sec_pagetables:0kB all_unreclaimable? no
[  525.654485][T10625] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  526.663983][T10625] lowmem_reserve[]: 0 2493 2494 0 0
[  526.683434][T10625] Node 0 DMA32 free:1274340kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:2392kB inactive_anon:54644kB active_file:77172kB inactive_file:155832kB unevictable:1536kB writepending:472kB present:3129332kB managed:2553644kB mlocked:0kB bounce:0kB free_pcp:37892kB local_pcp:1272kB free_cma:0kB
[  526.714350][    C1] vkms_vblank_simulate: vblank timer overrun
[  526.936692][T10625] lowmem_reserve[]: 0 0 0 0 0
[  527.143465][T10625] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:780kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  527.177358][    C1] vkms_vblank_simulate: vblank timer overrun
[  527.207862][T10625] lowmem_reserve[]: 0 0 0 0 0
[  527.264352][T10625] Node 1 Normal free:3909248kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:2080kB local_pcp:2080kB free_cma:0kB
[  527.334450][T10643] 9pnet_fd: p9_fd_create_tcp (10643): problem connecting socket to 127.0.0.1
[  527.354603][T10625] lowmem_reserve[]: 0 0 0 0 0
[  527.359669][T10625] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  527.521241][T10625] Node 0 DMA32: 1375*4kB (U) 619*8kB (UME) 343*16kB (UME) 83*32kB (UME) 28*64kB (UME) 50*128kB (UME) 14*256kB (UE) 5*512kB (U) 9*1024kB (UM) 8*2048kB (UME) 296*4096kB (UM) = 1270948kB
[  527.542588][T10653] 9pnet_fd: p9_fd_create_tcp (10653): problem connecting socket to 127.0.0.1
[  527.656664][T10625] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  527.739494][T10625] Node 1 Normal: 210*4kB (UME) 57*8kB (UME) 27*16kB (UME) 216*32kB (UME) 85*64kB (UME) 23*128kB (UME) 12*256kB (UM) 8*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 946*4096kB (UME) = 3909248kB
[  527.810774][T10625] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.885805][T10625] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  527.946451][T10625] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.996790][T10625] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  528.074418][T10625] 63962 total pagecache pages
[  528.091894][T10625] 0 pages in swap cache
[  528.427265][T10625] Free swap  = 124752kB
[  528.473365][T10625] Total swap = 124996kB
[  528.539360][T10625] 2097051 pages RAM
[  529.040449][T10625] 0 pages HighMem/MovableOnly
[  529.060725][T10625] 426788 pages reserved
[  529.074113][T10625] 0 pages cma reserved
[  529.514182][T10667] overlay: ./file0 is not a directory
[  530.106675][T10674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1400'.
[  531.132786][T10695] xt_policy: too many policy elements
[  532.709550][T10719] 9pnet_fd: p9_fd_create_tcp (10719): problem connecting socket to 127.0.0.1
[  534.054768][T10726] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1418'.
[  534.202747][T10731] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  534.331460][T10734] overlay: ./file0 is not a directory
[  535.339139][T10745] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1424'.
[  535.651369][T10753] input: syz0 as /devices/virtual/input/input22
[  537.374480][ T5922] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  537.410021][T10780] 9pnet_fd: p9_fd_create_tcp (10780): problem connecting socket to 127.0.0.1
[  537.545283][ T5922] usb 3-1: Using ep0 maxpacket: 16
[  537.575401][ T5922] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  537.605009][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.613095][ T5922] usb 3-1: Product: syz
[  537.627821][ T5922] usb 3-1: Manufacturer: syz
[  537.632644][ T5922] usb 3-1: SerialNumber: syz
[  537.658243][ T5922] usb 3-1: config 0 descriptor??
[  537.680784][ T5922] usb-storage 3-1:0.0: USB Mass Storage device detected
[  537.694396][   T58] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  537.761541][ T5922] usb-storage 3-1:0.0: Quirks match for vid 054c pid 002e: 1
[  537.790097][ T5922] usb-storage 3-1:0.0: This device (054c,002e,0500 S 04 P 01) has an unneeded SubClass entry in unusual_devs.h (kernel 6.14.0-rc1-syzkaller-00034-g92514ef226f5)
[  537.790097][ T5922]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  537.898006][   T58] usb 5-1: Using ep0 maxpacket: 32
[  537.906038][T10776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  537.966222][T10776] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.008447][   T58] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  538.048686][   T58] usb 5-1: config 0 has no interface number 0
[  538.084322][   T58] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  538.170374][   T58] usb 5-1: New USB device found, idVendor=0664, idProduct=0309, bcdDevice=a4.e3
[  538.185372][ T5922] usb 3-1: USB disconnect, device number 53
[  538.235442][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.318822][   T58] usb 5-1: config 0 descriptor??
[  539.238053][T10799] netlink: 'syz.0.1441': attribute type 29 has an invalid length.
[  539.442393][T10799] netlink: 'syz.0.1441': attribute type 29 has an invalid length.
[  539.639180][T10802] netlink: 516 bytes leftover after parsing attributes in process `syz.0.1441'.
[  540.202515][   T29] audit: type=1326 audit(2000000007.540:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10810 comm="syz.0.1444" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x0
[  540.901359][   T58] usb 5-1: USB disconnect, device number 52
[  543.014446][   T58] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  543.214437][   T58] usb 2-1: Using ep0 maxpacket: 16
[  543.239542][   T58] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  543.324602][   T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  543.373348][   T58] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  543.404462][   T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.412632][   T58] usb 2-1: Product: syz
[  543.434572][   T58] usb 2-1: Manufacturer: syz
[  543.449830][   T58] usb 2-1: SerialNumber: syz
[  543.490862][   T58] usb 2-1: config 0 descriptor??
[  543.516564][   T58] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  543.565717][   T58] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  544.159055][   T58] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  544.176512][   T58] em28xx 2-1:0.0: Config register raw data: 0x41
[  544.391775][   T58] usb 2-1: USB disconnect, device number 40
[  544.423533][   T58] em28xx 2-1:0.0: Disconnecting em28xx
[  544.489546][   T58] em28xx 2-1:0.0: Freeing device
[  545.236770][T10862] FAULT_INJECTION: forcing a failure.
[  545.236770][T10862] name failslab, interval 1, probability 0, space 0, times 0
[  545.284385][T10862] CPU: 0 UID: 0 PID: 10862 Comm: syz.2.1457 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  545.284417][T10862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  545.284431][T10862] Call Trace:
[  545.284438][T10862]  <TASK>
[  545.284447][T10862]  dump_stack_lvl+0x241/0x360
[  545.284491][T10862]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.284528][T10862]  ? __pfx__printk+0x10/0x10
[  545.284557][T10862]  ? __kmalloc_cache_noprof+0x48/0x390
[  545.284584][T10862]  ? __pfx___might_resched+0x10/0x10
[  545.284609][T10862]  should_fail_ex+0x40a/0x550
[  545.284635][T10862]  should_failslab+0xac/0x100
[  545.284660][T10862]  __kmalloc_cache_noprof+0x70/0x390
[  545.284682][T10862]  ? nf_tables_newtable+0x52c/0x1e10
[  545.284704][T10862]  nf_tables_newtable+0x52c/0x1e10
[  545.284725][T10862]  ? nfnl_pernet+0x23/0x240
[  545.284751][T10862]  ? __pfx_nf_tables_newtable+0x10/0x10
[  545.284779][T10862]  ? __nla_parse+0x40/0x60
[  545.284806][T10862]  nfnetlink_rcv+0x14e3/0x2ab0
[  545.284859][T10862]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  545.284925][T10862]  ? netlink_deliver_tap+0x2e/0x1b0
[  545.284952][T10862]  ? skb_clone+0x240/0x390
[  545.284971][T10862]  ? __pfx_lock_release+0x10/0x10
[  545.285008][T10862]  ? netlink_deliver_tap+0x2e/0x1b0
[  545.285038][T10862]  netlink_unicast+0x7f6/0x990
[  545.285072][T10862]  ? __pfx_netlink_unicast+0x10/0x10
[  545.285095][T10862]  ? __virt_addr_valid+0x45f/0x530
[  545.285120][T10862]  ? __phys_addr_symbol+0x2f/0x70
[  545.285144][T10862]  ? __check_object_size+0x47a/0x730
[  545.285170][T10862]  netlink_sendmsg+0x8e4/0xcb0
[  545.285199][T10862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.285228][T10862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.285244][T10862]  __sock_sendmsg+0x221/0x270
[  545.285270][T10862]  ____sys_sendmsg+0x52a/0x7e0
[  545.285296][T10862]  ? __pfx_____sys_sendmsg+0x10/0x10
[  545.285311][T10862]  ? __fget_files+0x2a/0x410
[  545.285337][T10862]  ? __fget_files+0x2a/0x410
[  545.285368][T10862]  __sys_sendmsg+0x269/0x350
[  545.285391][T10862]  ? __pfx___sys_sendmsg+0x10/0x10
[  545.285420][T10862]  ? do_sys_openat2+0x17a/0x1d0
[  545.285470][T10862]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  545.285494][T10862]  ? do_syscall_64+0x100/0x230
[  545.285529][T10862]  ? do_syscall_64+0xb6/0x230
[  545.285555][T10862]  do_syscall_64+0xf3/0x230
[  545.285580][T10862]  ? clear_bhb_loop+0x35/0x90
[  545.285609][T10862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.285632][T10862] RIP: 0033:0x7f302838cde9
[  545.285648][T10862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.285664][T10862] RSP: 002b:00007f3029237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  545.285684][T10862] RAX: ffffffffffffffda RBX: 00007f30285a5fa0 RCX: 00007f302838cde9
[  545.285697][T10862] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003
[  545.285709][T10862] RBP: 00007f3029237090 R08: 0000000000000000 R09: 0000000000000000
[  545.285720][T10862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  545.285731][T10862] R13: 0000000000000000 R14: 00007f30285a5fa0 R15: 00007ffd445fd818
[  545.285757][T10862]  </TASK>
[  546.403943][T10869] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1460'.
[  546.484884][T10871] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1461'.
[  546.494010][T10871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1461'.
[  547.934585][ T5911] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  548.614547][ T5911] usb 3-1: Using ep0 maxpacket: 16
[  548.658719][ T5911] usb 3-1: unable to get BOS descriptor or descriptor too short
[  548.754383][ T5875] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  548.784131][ T5911] usb 3-1: config 1 interface 0 altsetting 202 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  548.907255][ T5911] usb 3-1: config 1 interface 0 has no altsetting 0
[  549.004893][ T5875] usb 4-1: Using ep0 maxpacket: 32
[  549.007199][ T5911] usb 3-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice= 0.40
[  549.115824][ T5875] usb 4-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=64.02
[  549.130366][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.134282][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.171114][ T5911] usb 3-1: Product: syz
[  549.193704][ T5911] usb 3-1: Manufacturer: syz
[  549.216076][ T5875] usb 4-1: Product: syz
[  549.247226][ T5911] usb 3-1: SerialNumber: syz
[  549.278195][ T5875] usb 4-1: Manufacturer: syz
[  549.282923][ T5875] usb 4-1: SerialNumber: syz
[  549.607138][ T5875] usb 4-1: config 0 descriptor??
[  549.661362][T10879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.892414][T10879] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.120971][ T5911] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input23
[  550.166550][ T5181] bcm5974 3-1:1.0: could not read from device
[  550.189526][ T5181] bcm5974 3-1:1.0: could not read from device
[  550.219765][T10888] syz.4.1464 (10888): drop_caches: 2
[  550.236028][ T5181] bcm5974 3-1:1.0: could not read from device
[  550.243882][ T5911] usb 3-1: USB disconnect, device number 55
[  550.252042][ T5181] bcm5974 3-1:1.0: could not read from device
[  550.388266][T10908] FAULT_INJECTION: forcing a failure.
[  550.388266][T10908] name failslab, interval 1, probability 0, space 0, times 0
[  550.424038][T10908] CPU: 1 UID: 0 PID: 10908 Comm: syz.4.1470 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  550.424072][T10908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  550.424086][T10908] Call Trace:
[  550.424094][T10908]  <TASK>
[  550.424103][T10908]  dump_stack_lvl+0x241/0x360
[  550.424156][T10908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.424189][T10908]  ? __pfx__printk+0x10/0x10
[  550.424228][T10908]  ? __kmalloc_noprof+0xb5/0x4c0
[  550.424255][T10908]  ? __pfx___might_resched+0x10/0x10
[  550.424283][T10908]  should_fail_ex+0x40a/0x550
[  550.424313][T10908]  should_failslab+0xac/0x100
[  550.424341][T10908]  __kmalloc_noprof+0xdd/0x4c0
[  550.424367][T10908]  ? nla_strdup+0x9c/0x140
[  550.424393][T10908]  ? __kasan_kmalloc+0x98/0xb0
[  550.424420][T10908]  nla_strdup+0x9c/0x140
[  550.424451][T10908]  nf_tables_newtable+0x59b/0x1e10
[  550.424477][T10908]  ? nfnl_pernet+0x23/0x240
[  550.424508][T10908]  ? __pfx_nf_tables_newtable+0x10/0x10
[  550.424539][T10908]  ? __nla_parse+0x40/0x60
[  550.424572][T10908]  nfnetlink_rcv+0x14e3/0x2ab0
[  550.424633][T10908]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  550.424709][T10908]  ? netlink_deliver_tap+0x2e/0x1b0
[  550.424741][T10908]  ? skb_clone+0x240/0x390
[  550.424763][T10908]  ? __pfx_lock_release+0x10/0x10
[  550.424806][T10908]  ? netlink_deliver_tap+0x2e/0x1b0
[  550.424842][T10908]  netlink_unicast+0x7f6/0x990
[  550.424882][T10908]  ? __pfx_netlink_unicast+0x10/0x10
[  550.424909][T10908]  ? __virt_addr_valid+0x45f/0x530
[  550.424940][T10908]  ? __phys_addr_symbol+0x2f/0x70
[  550.424968][T10908]  ? __check_object_size+0x47a/0x730
[  550.425000][T10908]  netlink_sendmsg+0x8e4/0xcb0
[  550.425035][T10908]  ? __pfx_netlink_sendmsg+0x10/0x10
[  550.425070][T10908]  ? __pfx_netlink_sendmsg+0x10/0x10
[  550.425089][T10908]  __sock_sendmsg+0x221/0x270
[  550.425120][T10908]  ____sys_sendmsg+0x52a/0x7e0
[  550.425158][T10908]  ? __pfx_____sys_sendmsg+0x10/0x10
[  550.425176][T10908]  ? __fget_files+0x2a/0x410
[  550.425208][T10908]  ? __fget_files+0x2a/0x410
[  550.425245][T10908]  __sys_sendmsg+0x269/0x350
[  550.425271][T10908]  ? __pfx___sys_sendmsg+0x10/0x10
[  550.425306][T10908]  ? do_sys_openat2+0x17a/0x1d0
[  550.425363][T10908]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  550.425392][T10908]  ? do_syscall_64+0x100/0x230
[  550.425427][T10908]  ? do_syscall_64+0xb6/0x230
[  550.425460][T10908]  do_syscall_64+0xf3/0x230
[  550.425491][T10908]  ? clear_bhb_loop+0x35/0x90
[  550.425524][T10908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.425553][T10908] RIP: 0033:0x7fefe238cde9
[  550.425573][T10908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  550.425592][T10908] RSP: 002b:00007fefe31cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  550.425616][T10908] RAX: ffffffffffffffda RBX: 00007fefe25a5fa0 RCX: 00007fefe238cde9
[  550.425633][T10908] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003
[  550.425647][T10908] RBP: 00007fefe31cf090 R08: 0000000000000000 R09: 0000000000000000
[  550.425661][T10908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.425674][T10908] R13: 0000000000000000 R14: 00007fefe25a5fa0 R15: 00007fff0bcecc78
[  550.425708][T10908]  </TASK>
[  550.739832][    C1] vkms_vblank_simulate: vblank timer overrun
[  550.804992][ T5875] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -110
[  550.996174][   T58] usb 4-1: USB disconnect, device number 44
[  551.144797][ T5922] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  551.205571][ T5911] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  551.224578][ T5833] Bluetooth: hci4: command 0x0c1a tx timeout
[  551.306202][ T5922] usb 2-1: device descriptor read/64, error -71
[  551.588751][ T5911] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  551.615452][ T5922] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  551.655625][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.855976][ T5911] usb 3-1: Product: syz
[  551.860229][ T5911] usb 3-1: Manufacturer: syz
[  551.934433][ T5922] usb 2-1: device descriptor read/64, error -71
[  551.940965][ T5911] usb 3-1: SerialNumber: syz
[  551.959992][ T5911] usb 3-1: config 0 descriptor??
[  552.111795][ T5922] usb usb2-port1: attempt power cycle
[  552.220393][ T5911] hid-generic 0000:0003:0000.000D: unknown main item tag 0x0
[  552.241147][ T5911] hid-generic 0000:0003:0000.000D: unknown main item tag 0x0
[  552.320300][ T5911] hid-generic 0000:0003:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  552.458703][ T5911] usb 3-1: USB disconnect, device number 56
[  552.485930][ T5922] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  552.553549][ T5922] usb 2-1: device descriptor read/8, error -71
[  552.794563][ T5922] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  552.853159][ T5922] usb 2-1: device descriptor read/8, error -71
[  552.964801][ T5922] usb usb2-port1: unable to enumerate USB device
[  553.091231][T10937] misc userio: Invalid payload size
[  553.613470][T10944] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1481'.
[  553.659494][T10942] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1481'.
[  553.668810][T10942] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1481'.
[  554.080930][T10950] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.193294][   T29] audit: type=1326 audit(2000000022.540:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.334340][   T29] audit: type=1326 audit(2000000022.540:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.498823][   T29] audit: type=1326 audit(2000000022.540:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.604855][   T29] audit: type=1326 audit(2000000022.540:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.662665][   T29] audit: type=1326 audit(2000000022.540:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.796672][   T29] audit: type=1326 audit(2000000022.540:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  555.913009][   T29] audit: type=1326 audit(2000000022.540:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  556.038926][   T29] audit: type=1326 audit(2000000022.540:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  556.401413][   T29] audit: type=1326 audit(2000000022.540:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  556.614836][T10984] 9pnet_fd: p9_fd_create_tcp (10984): problem connecting socket to 127.0.0.1
[  557.107290][   T29] audit: type=1326 audit(2000000022.540:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10922 comm="syz.0.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  557.510920][T10986] FAULT_INJECTION: forcing a failure.
[  557.510920][T10986] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  557.574520][T10986] CPU: 1 UID: 0 PID: 10986 Comm: syz.2.1495 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  557.574564][T10986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  557.574581][T10986] Call Trace:
[  557.574603][T10986]  <TASK>
[  557.574612][T10986]  dump_stack_lvl+0x241/0x360
[  557.574654][T10986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.574688][T10986]  ? __pfx__printk+0x10/0x10
[  557.574733][T10986]  should_fail_ex+0x40a/0x550
[  557.574763][T10986]  prepare_alloc_pages+0x1da/0x5b0
[  557.574795][T10986]  __alloc_frozen_pages_noprof+0x16f/0x710
[  557.574822][T10986]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  557.574868][T10986]  alloc_pages_mpol+0x311/0x660
[  557.574901][T10986]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  557.574939][T10986]  vma_alloc_folio_noprof+0x12b/0x260
[  557.574970][T10986]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  557.575001][T10986]  ? do_raw_spin_unlock+0x13c/0x8b0
[  557.575029][T10986]  folio_prealloc+0x2e/0x170
[  557.575052][T10986]  do_wp_page+0x1253/0x49b0
[  557.575098][T10986]  ? __pfx_do_wp_page+0x10/0x10
[  557.575128][T10986]  ? __pfx_validate_chain+0x10/0x10
[  557.575164][T10986]  ? __pfx_lock_acquire+0x10/0x10
[  557.575188][T10986]  ? rcu_is_watching+0x15/0xb0
[  557.575224][T10986]  ? do_raw_spin_lock+0x14f/0x370
[  557.575246][T10986]  ? __pfx____pte_offset_map+0x10/0x10
[  557.575295][T10986]  __handle_mm_fault+0x24d5/0x70f0
[  557.575325][T10986]  ? mark_lock+0x9a/0x360
[  557.575382][T10986]  ? __pfx___handle_mm_fault+0x10/0x10
[  557.575420][T10986]  ? __pfx_lock_acquire+0x10/0x10
[  557.575451][T10986]  ? do_raw_spin_lock+0x14f/0x370
[  557.575493][T10986]  ? follow_page_pte+0xdd3/0x1460
[  557.575516][T10986]  ? follow_page_pte+0xe54/0x1460
[  557.575537][T10986]  ? __pfx_lock_release+0x10/0x10
[  557.575574][T10986]  ? do_raw_spin_unlock+0x13c/0x8b0
[  557.575621][T10986]  ? __pfx___might_resched+0x10/0x10
[  557.575648][T10986]  handle_mm_fault+0x2c1/0x7e0
[  557.575690][T10986]  __get_user_pages+0x1a92/0x4140
[  557.575735][T10986]  ? mark_lock+0x9a/0x360
[  557.575788][T10986]  ? __pfx___get_user_pages+0x10/0x10
[  557.575824][T10986]  ? __pfx_down_read_killable+0x10/0x10
[  557.575860][T10986]  ? __pfx_lock_acquire+0x10/0x10
[  557.575887][T10986]  ? try_get_folio+0xf1/0x6f0
[  557.575908][T10986]  ? __pfx_lock_release+0x10/0x10
[  557.575943][T10986]  __gup_longterm_locked+0xe64/0x17f0
[  557.575977][T10986]  ? mark_lock+0x9a/0x360
[  557.576010][T10986]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  557.576036][T10986]  ? __pfx___gup_longterm_locked+0x10/0x10
[  557.576060][T10986]  ? sanity_check_pinned_pages+0x11b2/0x12a0
[  557.576101][T10986]  gup_fast_fallback+0x2266/0x29c0
[  557.576168][T10986]  ? __pfx_gup_fast_fallback+0x10/0x10
[  557.576201][T10986]  ? 0xffffffffa0003b40
[  557.576222][T10986]  ? is_bpf_text_address+0x26/0x2a0
[  557.576249][T10986]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  557.576274][T10986]  ? kernel_text_address+0xa7/0xe0
[  557.576306][T10986]  ? __kernel_text_address+0xd/0x40
[  557.576336][T10986]  ? unwind_get_return_address+0x4d/0x90
[  557.576365][T10986]  ? arch_stack_walk+0xfd/0x150
[  557.576408][T10986]  ? stack_trace_save+0x118/0x1d0
[  557.576429][T10986]  ? __pfx_lock_release+0x10/0x10
[  557.576454][T10986]  ? is_valid_gup_args+0x124/0x200
[  557.576490][T10986]  pin_user_pages_fast+0xcc/0x160
[  557.576514][T10986]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  557.576559][T10986]  iov_iter_extract_pages+0x3bb/0x5c0
[  557.576584][T10986]  ? __x64_sys_recvmmsg+0x199/0x250
[  557.576617][T10986]  extract_iter_to_sg+0xea6/0x2650
[  557.576665][T10986]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  557.576715][T10986]  ? __asan_memset+0x23/0x50
[  557.576750][T10986]  af_alg_get_rsgl+0x41e/0x850
[  557.576794][T10986]  skcipher_recvmsg+0x3f8/0x1230
[  557.576841][T10986]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  557.576869][T10986]  ? __might_fault+0xaa/0x120
[  557.576902][T10986]  ? __pfx_lock_release+0x10/0x10
[  557.576926][T10986]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  557.576956][T10986]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  557.576985][T10986]  sock_recvmsg+0x22f/0x280
[  557.577016][T10986]  ____sys_recvmsg+0x1c6/0x480
[  557.577048][T10986]  ? __pfx_____sys_recvmsg+0x10/0x10
[  557.577094][T10986]  do_recvmmsg+0x426/0xab0
[  557.577129][T10986]  ? __pfx_do_recvmmsg+0x10/0x10
[  557.577174][T10986]  ? ksys_write+0x22a/0x2b0
[  557.577195][T10986]  ? __pfx_lock_release+0x10/0x10
[  557.577229][T10986]  ? sb_end_write+0xe9/0x1c0
[  557.577257][T10986]  ? vfs_write+0x7fa/0xd10
[  557.577279][T10986]  ? __mutex_unlock_slowpath+0x227/0x800
[  557.577319][T10986]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  557.577347][T10986]  ? __fget_files+0x2a/0x410
[  557.577391][T10986]  __x64_sys_recvmmsg+0x199/0x250
[  557.577416][T10986]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  557.577440][T10986]  ? do_syscall_64+0x100/0x230
[  557.577473][T10986]  ? do_syscall_64+0xb6/0x230
[  557.577503][T10986]  do_syscall_64+0xf3/0x230
[  557.577532][T10986]  ? clear_bhb_loop+0x35/0x90
[  557.577565][T10986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.577599][T10986] RIP: 0033:0x7f302838cde9
[  557.577616][T10986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.577635][T10986] RSP: 002b:00007f3029237038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  557.577658][T10986] RAX: ffffffffffffffda RBX: 00007f30285a5fa0 RCX: 00007f302838cde9
[  557.577673][T10986] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000004
[  557.577686][T10986] RBP: 00007f3029237090 R08: 0000000000000000 R09: 0000000000000000
[  557.577698][T10986] R10: 0000000000010140 R11: 0000000000000246 R12: 0000000000000001
[  557.577711][T10986] R13: 0000000000000000 R14: 00007f30285a5fa0 R15: 00007ffd445fd818
[  557.577743][T10986]  </TASK>
[  558.195975][ T5866] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  558.453293][ T5866] usb 2-1: Using ep0 maxpacket: 8
[  558.935207][ T5866] usb 2-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 16
[  558.968154][ T5866] usb 2-1: config 1 interface 0 has no altsetting 0
[  558.995612][ T5866] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  559.067195][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.404569][ T5866] usb 2-1: Product: syz
[  559.409277][ T5866] usb 2-1: Manufacturer: syz
[  559.413931][ T5866] usb 2-1: SerialNumber: syz
[  559.448497][T10988] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  559.554806][ T5911] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  559.703304][ T5866] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8
[  559.744518][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  559.780962][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  559.794831][ T5866] usb 2-1: USB disconnect, device number 45
[  559.809967][ T5866] usblp0: removed
[  559.834747][ T5911] usb 5-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping
[  560.040442][ T5911] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  560.081125][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.134286][ T5911] usb 5-1: Product: syz
[  560.151613][ T5911] usb 5-1: Manufacturer: syz
[  560.181892][ T5911] usb 5-1: SerialNumber: syz
[  560.216399][ T5911] usb 5-1: config 0 descriptor??
[  560.235093][ T5911] appledisplay 5-1:0.0: Could not find int-in endpoint
[  560.252623][ T5911] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  561.055333][T11022] cifs: Unknown parameter 'no'�a��N�[G�zob,er��;%j��
[  561.055333][T11022] ��z�,�@q�������J#�"��h/.�W1ȱ�nNC�"�C�׈�E)�8+����'
[  561.221017][T11024] xt_policy: too many policy elements
[  562.202506][T11008] xt_ecn: cannot match TCP bits for non-tcp packets
[  562.714611][ T5911] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  562.891824][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  562.966454][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.027170][ T5911] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  563.154197][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  563.161095][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.178455][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.483925][ T5911] usb 2-1: config 0 descriptor??
[  563.698485][    T8] usb 5-1: USB disconnect, device number 53
[  563.865393][T11043] FAULT_INJECTION: forcing a failure.
[  563.865393][T11043] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.880399][T11042] input: syz0 as /devices/virtual/input/input24
[  563.934486][T11043] CPU: 0 UID: 0 PID: 11043 Comm: syz.4.1517 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  563.934518][T11043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  563.934531][T11043] Call Trace:
[  563.934538][T11043]  <TASK>
[  563.934547][T11043]  dump_stack_lvl+0x241/0x360
[  563.934589][T11043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.934622][T11043]  ? __pfx__printk+0x10/0x10
[  563.934660][T11043]  ? snprintf+0xda/0x120
[  563.934684][T11043]  should_fail_ex+0x40a/0x550
[  563.934714][T11043]  _copy_to_user+0x31/0xb0
[  563.934738][T11043]  simple_read_from_buffer+0xca/0x150
[  563.934767][T11043]  proc_fail_nth_read+0x1e9/0x250
[  563.934796][T11043]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.934824][T11043]  ? rw_verify_area+0x243/0x630
[  563.934856][T11043]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.934883][T11043]  vfs_read+0x1f8/0xb40
[  563.934915][T11043]  ? fdget_pos+0x254/0x320
[  563.934945][T11043]  ? __pfx___mutex_lock+0x10/0x10
[  563.934975][T11043]  ? __pfx_vfs_read+0x10/0x10
[  563.935010][T11043]  ? __fget_files+0x2a/0x410
[  563.935039][T11043]  ? __fget_files+0x395/0x410
[  563.935065][T11043]  ? __fget_files+0x2a/0x410
[  563.935105][T11043]  ksys_read+0x18f/0x2b0
[  563.935135][T11043]  ? __pfx_ksys_read+0x10/0x10
[  563.935156][T11043]  ? do_syscall_64+0x100/0x230
[  563.935189][T11043]  ? do_syscall_64+0xb6/0x230
[  563.935220][T11043]  do_syscall_64+0xf3/0x230
[  563.935248][T11043]  ? clear_bhb_loop+0x35/0x90
[  563.935282][T11043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.935311][T11043] RIP: 0033:0x7fefe238b7fc
[  563.935329][T11043] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  563.935347][T11043] RSP: 002b:00007fefe31cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  563.935370][T11043] RAX: ffffffffffffffda RBX: 00007fefe25a5fa0 RCX: 00007fefe238b7fc
[  563.935385][T11043] RDX: 000000000000000f RSI: 00007fefe31cf0a0 RDI: 0000000000000005
[  563.935399][T11043] RBP: 00007fefe31cf090 R08: 0000000000000000 R09: 0000000000000000
[  563.935412][T11043] R10: 0000000000010140 R11: 0000000000000246 R12: 0000000000000001
[  563.935424][T11043] R13: 0000000000000000 R14: 00007fefe25a5fa0 R15: 00007fff0bcecc78
[  563.935456][T11043]  </TASK>
[  563.956348][ T5911] hid-led 0003:0FC5:B080.000E: item fetching failed at offset 2/3
[  564.181937][ T5911] hid-led 0003:0FC5:B080.000E: probe with driver hid-led failed with error -22
[  564.351948][T11045] 9pnet_fd: p9_fd_create_tcp (11045): problem connecting socket to 127.0.0.1
[  564.537650][    T8] usb 2-1: USB disconnect, device number 46
[  566.126805][T11073] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1526'.
[  567.396165][T11082] input: syz0 as /devices/virtual/input/input25
[  567.623328][T11088] overlay: Unknown parameter 'audit'
[  568.413055][T11094] 9pnet_fd: p9_fd_create_tcp (11094): problem connecting socket to 127.0.0.1
[  568.623729][ T5911] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  568.794485][ T5911] usb 4-1: device descriptor read/64, error -71
[  569.091224][ T5911] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  569.274489][ T5911] usb 4-1: device descriptor read/64, error -71
[  569.379801][T11108] netlink: 'syz.0.1541': attribute type 29 has an invalid length.
[  569.403694][T11108] netlink: 'syz.0.1541': attribute type 29 has an invalid length.
[  569.414804][ T5911] usb usb4-port1: attempt power cycle
[  569.436014][T11108] netlink: 516 bytes leftover after parsing attributes in process `syz.0.1541'.
[  569.715491][ T5922] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  569.794568][ T5911] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  569.897192][ T5922] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  571.457964][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.499636][ T5922] usb 5-1: Product: syz
[  571.519692][ T5922] usb 5-1: Manufacturer: syz
[  571.539286][ T5922] usb 5-1: SerialNumber: syz
[  571.546342][ T5911] usb 4-1: device descriptor read/8, error -71
[  571.568945][ T5922] usb 5-1: config 0 descriptor??
[  571.642104][T11120] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  572.042821][T11120] team0: Port device vlan0 added
[  572.056354][T11112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  572.130047][T11112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.974727][ T5866] usb 5-1: USB disconnect, device number 54
[  573.084734][    T8] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  573.327005][    T8] usb 3-1: config 0 has an invalid interface number: 83 but max is 0
[  573.345609][    T8] usb 3-1: config 0 has no interface number 0
[  573.372055][    T8] usb 3-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  573.424864][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.473560][    T8] usb 3-1: config 0 descriptor??
[  573.593968][    T8] ttusbir 3-1:0.83: cannot find expected altsetting
[  573.719684][T11136] can0: slcan on ttyS3.
[  574.534401][ T5922] usb 4-1: new full-speed USB device number 49 using dummy_hcd
[  574.644595][ T5911] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  574.711364][   T59] usb 3-1: USB disconnect, device number 57
[  574.765509][ T5922] usb 4-1: device descriptor read/64, error -71
[  574.857181][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  574.891546][ T5911] usb 5-1: unable to get BOS descriptor or descriptor too short
[  574.946865][ T5911] usb 5-1: config index 0 descriptor too short (expected 18151, got 90)
[  574.986497][ T5911] usb 5-1: config 81 has too many interfaces: 101, using maximum allowed: 32
[  575.004418][ T5922] usb 4-1: new full-speed USB device number 50 using dummy_hcd
[  575.037545][ T5911] usb 5-1: config 81 has an invalid descriptor of length 106, skipping remainder of the config
[  575.099457][ T5911] usb 5-1: config 81 has 0 interfaces, different from the descriptor's value: 101
[  575.164529][ T5911] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=c5.67
[  575.177236][ T5922] usb 4-1: device descriptor read/64, error -71
[  575.234978][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.243046][ T5911] usb 5-1: Product: syz
[  575.285090][ T5922] usb usb4-port1: attempt power cycle
[  575.290950][ T5911] usb 5-1: Manufacturer: syz
[  575.311557][ T5911] usb 5-1: SerialNumber: syz
[  575.734805][ T5922] usb 4-1: new full-speed USB device number 51 using dummy_hcd
[  575.750990][ T5911] r8152-cfgselector 5-1: Unknown version 0x0000
[  576.015623][ T5922] usb 4-1: device descriptor read/8, error -71
[  576.353784][T11140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.362640][T11140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.057387][ T5911] r8152-cfgselector 5-1: USB disconnect, device number 55
[  577.268690][T11137] can0 (unregistered): slcan off ttyS3.
[  577.658847][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  577.658868][   T29] audit: type=1326 audit(2000000045.000:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  577.895141][ T5922] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  577.947731][ T5922] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  577.973355][   T29] audit: type=1326 audit(2000000045.000:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb518cde9 code=0x7ffc0000
[  578.014502][ T5922] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  578.078769][T11182] overlayfs: invalid origin (0000)
[  578.086691][ T5922] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  578.134801][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.142884][ T5922] usb 4-1: Product: syz
[  578.199958][ T5922] usb 4-1: Manufacturer: syz
[  578.219080][ T5922] usb 4-1: SerialNumber: syz
[  578.320880][T11187] input: syz0 as /devices/virtual/input/input27
[  579.063177][T11191] input: syz1 as /devices/virtual/input/input28
[  579.247071][T11174] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  579.313165][T11198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1563'.
[  580.618802][ T5922] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed
[  580.688290][ T5922] cdc_ncm 4-1:1.0: bind() failure
[  580.755734][ T5922] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  580.762597][ T5922] cdc_ncm 4-1:1.1: bind() failure
[  580.865291][ T5922] usb 4-1: USB disconnect, device number 52
[  581.166671][T11214] ptrace attach of "./syz-executor exec"[11222] was attempted by "./syz-executor exec"[11214]
[  583.245602][T11245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1570'.
[  583.293627][T11230] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  583.311147][T11246] loop8: detected capacity change from 0 to 7
[  583.371532][T11246] Dev loop8: unable to read RDB block 7
[  583.524489][T11246]  loop8: unable to read partition table
[  583.537721][T11230] team0: Port device vlan0 removed
[  583.584636][T11246] loop8: partition table beyond EOD, truncated
[  583.631783][T11236] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  583.640187][T11246] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  583.640187][T11246] 
) failed (rc=-5)
[  583.710665][T11236] team0: Port device vlan0 added
[  584.034440][   T59] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  584.083256][T11259] input: syz0 as /devices/virtual/input/input29
[  584.217892][   T59] usb 4-1: Using ep0 maxpacket: 16
[  584.273892][   T59] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  584.302505][   T59] usb 4-1: config 0 has no interface number 0
[  584.325188][   T59] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  584.377508][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.469934][   T59] usb 4-1: Product: syz
[  584.600219][   T59] usb 4-1: Manufacturer: syz
[  584.709271][   T59] usb 4-1: SerialNumber: syz
[  584.910914][   T59] usb 4-1: config 0 descriptor??
[  584.957828][   T59] hub 4-1:0.1: bad descriptor, ignoring hub
[  584.963855][   T59] hub 4-1:0.1: probe with driver hub failed with error -5
[  585.031147][   T59] usb 4-1: selecting invalid altsetting 1
[  585.084467][   T59] snd-usb-us122l 4-1:0.1: usb_set_interface error
[  585.109620][   T59] snd-usb-us122l 4-1:0.1: probe with driver snd-usb-us122l failed with error -22
[  585.214367][ T5875] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  585.237012][T11272] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  585.245998][T11272] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  585.254858][T11272] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  585.263638][T11272] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  585.274377][   T59] usb 4-1: USB disconnect, device number 53
[  585.343275][T11272] vxlan0: entered promiscuous mode
[  585.372592][T11272] vxlan0: entered allmulticast mode
[  585.425656][ T5875] usb 3-1: Using ep0 maxpacket: 16
[  586.474702][T11272] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  586.483685][T11272] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  586.483764][ T5875] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  586.492946][T11272] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  586.512858][T11272] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  586.572309][ T5875] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  586.602414][ T5875] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  586.636704][ T5875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  586.664313][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.702531][ T5875] usb 3-1: Product: syz
[  586.715036][ T5875] usb 3-1: Manufacturer: syz
[  586.719719][ T5875] usb 3-1: SerialNumber: syz
[  587.631625][T11295] lo speed is unknown, defaulting to 1000
[  587.874488][T11298] netlink: 'syz.1.1588': attribute type 1 has an invalid length.
[  588.390013][T11311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1591'.
[  588.700060][T11314] xt_policy: too many policy elements
[  589.255503][ T5875] usb 3-1: 2:1 : unknown format tag 0x2 is detected.  processed as MPEG.
[  589.264016][ T5875] usb 3-1: found format II with max.bitrate = 9, frame size=9758
[  589.324279][ T5875] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  589.371347][ T5875] usb 3-1: unit 6 not found!
[  589.513695][ T5875] usb 3-1: USB disconnect, device number 58
[  589.900053][T10328] udevd[10328]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  590.624498][T11329] 9pnet_fd: p9_fd_create_tcp (11329): problem connecting socket to 127.0.0.1
[  590.755627][T11332] 8021q: adding VLAN 0 to HW filter on device bond0
[  591.026121][T11332] bond0: (slave rose0): Enslaving as an active interface with an up link
[  593.960064][T11370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1604'.
[  594.344383][ T5875] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  594.532014][T11380] xt_policy: too many policy elements
[  594.897328][ T5875] usb 2-1: Using ep0 maxpacket: 16
[  595.007143][ T5875] usb 2-1: unable to get BOS descriptor or descriptor too short
[  595.037229][ T5875] usb 2-1: config 1 has an invalid interface number: 108 but max is 0
[  595.084411][ T5875] usb 2-1: config 1 has no interface number 0
[  595.111877][ T5875] usb 2-1: config 1 interface 108 has no altsetting 0
[  595.153249][ T5875] usb 2-1: language id specifier not provided by device, defaulting to English
[  595.216599][ T5875] usb 2-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=b8.92
[  595.246155][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.294274][ T5875] usb 2-1: Product: syz
[  595.298512][ T5875] usb 2-1: Manufacturer: 섵Ћ鈳彝䊭ⴶ埃ﾔ뎻樗啚捞鄙
[  595.299739][T11386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.344562][ T5875] usb 2-1: SerialNumber: syz
[  595.364683][T11386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.534617][   T59] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  595.587178][T11375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.597372][T11375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.627398][ T5875] usbserial_generic 2-1:1.108: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  595.644430][ T5875] usbserial_generic 2-1:1.108: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  595.694332][ T5875] usbserial_generic 2-1:1.108: device has no bulk endpoints
[  595.702433][ T5875] safe_serial 2-1:1.108: safe_serial converter detected
[  595.734680][   T59] usb 4-1: Using ep0 maxpacket: 32
[  595.752050][   T59] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  595.754609][ T5875] usb 2-1: safe_serial converter now attached to ttyUSB0
[  595.790959][   T59] usb 4-1: config 0 has no interface number 0
[  595.820521][   T59] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  595.823939][ T5875] usb 2-1: USB disconnect, device number 47
[  595.854417][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.878221][ T5875] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[  595.897441][   T59] usb 4-1: Product: syz
[  595.901682][   T59] usb 4-1: Manufacturer: syz
[  595.922567][ T5875] safe_serial 2-1:1.108: device disconnected
[  595.964022][   T59] usb 4-1: SerialNumber: syz
[  596.009858][   T59] usb 4-1: config 0 descriptor??
[  596.036639][   T59] smsc95xx v2.0.0
[  597.921738][   T59] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  598.146827][   T59] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  598.167498][   T59] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  598.179659][   T59] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  598.228196][   T59] usb 4-1: USB disconnect, device number 54
[  599.828022][T11431] netlink: 'syz.1.1615': attribute type 39 has an invalid length.
[  599.976659][ T5875] hid (null): unknown global tag 0xd
[  599.982915][ T5875] hid (null): invalid report_count 1036575593
[  600.036471][ T5875] hid-generic 0000:0003:00DB.000F: unknown main item tag 0x7
[  600.064285][ T5875] hid-generic 0000:0003:00DB.000F: unexpected long global item
[  600.114823][ T5875] hid-generic 0000:0003:00DB.000F: probe with driver hid-generic failed with error -22
[  601.521742][T11450] ALSA: mixer_oss: invalid OSS volume 'P�7{*;��+�$p�'
[  601.815643][T11450] ALSA: mixer_oss: invalid OSS volume ''
[  601.875099][T11450] ALSA: mixer_oss: invalid OSS volume 'b$Kf��7?]����3s�X'
[  601.946067][T11450] ALSA: mixer_oss: invalid OSS volume '��K�׍?F�g'
[  601.952738][T11450] ALSA: mixer_oss: invalid OSS volume '��.L!�t�8�y����W�+��$N��Js�'
[  602.533642][T11457] xt_policy: too many policy elements
[  603.504648][T11471] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1626'.
[  603.514064][T11471] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1626'.
[  604.895570][T11486] netlink: 'syz.0.1630': attribute type 29 has an invalid length.
[  605.249495][T11486] netlink: 'syz.0.1630': attribute type 29 has an invalid length.
[  606.260305][T11486] netlink: 516 bytes leftover after parsing attributes in process `syz.0.1630'.
[  606.534472][ T5911] usb 4-1: new low-speed USB device number 55 using dummy_hcd
[  606.898187][ T5911] usb 4-1: No LPM exit latency info found, disabling LPM.
[  606.929408][ T5911] usb 4-1: config 0 has no interfaces?
[  606.966679][ T5911] usb 4-1: string descriptor 0 read error: -22
[  607.013957][ T5911] usb 4-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.40
[  607.072978][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.124255][ T5911] usb 4-1: config 0 descriptor??
[  607.307988][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  607.318507][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  607.327706][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  607.336340][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  607.346615][ T5833] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  607.397243][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  607.596875][T11495] bond0: (slave bridge0): Releasing backup interface
[  607.680382][T11501] 9pnet_fd: Insufficient options for proto=fd
[  607.728248][T11495] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.735723][T11495] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.778128][T11504] input: syz0 as /devices/virtual/input/input30
[  608.045097][T11495] bridge_slave_0: left allmulticast mode
[  608.092210][T11495] bridge_slave_0: left promiscuous mode
[  608.133134][T11509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1632'.
[  608.200898][T11495] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.228627][T11495] bridge_slave_1: left allmulticast mode
[  608.248230][T11495] bridge_slave_1: left promiscuous mode
[  608.259888][T11495] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.309674][T11495] bond0: (slave bond_slave_0): Releasing backup interface
[  608.409415][T11495] bond0: (slave bond_slave_1): Releasing backup interface
[  608.525039][ T5922] usb 4-1: USB disconnect, device number 55
[  608.606462][T11495] team0: Port device team_slave_0 removed
[  608.766143][T11495] team0: Port device team_slave_1 removed
[  608.773904][T11495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  608.782166][T11495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  609.078780][T11495] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  609.173672][T11495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  609.407453][T11495] team0: Port device vlan0 removed
[  609.412929][ T5922] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  609.464916][ T5826] Bluetooth: hci1: command tx timeout
[  609.497050][T11501] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  609.552603][T11501] team0: Port device vlan0 added
[  609.594752][ T5922] usb 2-1: Using ep0 maxpacket: 32
[  609.620642][ T5922] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  609.674267][ T5922] usb 2-1: config 0 has no interface number 0
[  609.736242][ T5922] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  609.795477][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.824617][T11497] lo speed is unknown, defaulting to 1000
[  609.844420][ T5922] usb 2-1: Product: syz
[  609.860711][ T5922] usb 2-1: Manufacturer: syz
[  609.889928][ T5922] usb 2-1: SerialNumber: syz
[  609.917970][ T5922] usb 2-1: config 0 descriptor??
[  609.961777][ T5922] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  609.994473][ T5922] usb 2-1: selecting invalid altsetting 1
[  610.000279][ T5922] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  610.085293][ T5922] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  610.137761][ T5922] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  610.171730][ T5922] usb 2-1: media controller created
[  610.286991][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  610.446682][ T5922] usb 2-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)...
[  610.496321][ T5922] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered.
[  611.031131][ T5922] DVB: Unable to find symbol mxl5005s_attach()
[  611.050503][ T5922] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  611.544784][ T5826] Bluetooth: hci1: command tx timeout
[  611.690947][ T5922] usb 2-1: USB disconnect, device number 48
[  611.833636][T11547] netlink: 'syz.4.1641': attribute type 29 has an invalid length.
[  611.905246][T11551] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1641'.
[  611.952107][T11548] netlink: 'syz.4.1641': attribute type 29 has an invalid length.
[  612.058011][T11497] chnl_net:caif_netlink_parms(): no params data found
[  612.453445][T11497] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.491604][T11497] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.522193][T11497] bridge_slave_0: entered allmulticast mode
[  612.765663][T11497] bridge_slave_0: entered promiscuous mode
[  612.775194][T11497] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.785004][T11497] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.792301][T11497] bridge_slave_1: entered allmulticast mode
[  612.994471][T11563] xt_CT: You must specify a L4 protocol and not use inversions on it
[  613.121921][T11497] bridge_slave_1: entered promiscuous mode
[  613.704325][ T5826] Bluetooth: hci1: command tx timeout
[  613.827871][T11497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.901395][T11497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.411482][T11497] team0: Port device team_slave_0 added
[  614.768586][T11497] team0: Port device team_slave_1 added
[  614.919147][ T5922] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  615.195478][ T5922] usb 4-1: Using ep0 maxpacket: 16
[  615.701722][ T5922] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  615.748010][ T5922] usb 4-1: config 1 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  615.784503][ T5826] Bluetooth: hci1: command tx timeout
[  615.809185][ T5922] usb 4-1: config 1 interface 0 has no altsetting 0
[  615.823832][T11497] batman_adv: batadv0: Adding interface: batadv_slave_0
[  615.836672][T11497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.864906][T11497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  615.898836][T11497] batman_adv: batadv0: Adding interface: batadv_slave_1
[  615.906547][ T5922] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  615.984087][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  615.993653][T11497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  616.042419][ T5922] usb 4-1: SerialNumber: syz
[  616.084330][T11497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  616.216096][T11592] netlink: 'syz.4.1653': attribute type 13 has an invalid length.
[  616.262267][T11593] netlink: 'syz.0.1652': attribute type 29 has an invalid length.
[  616.297123][T11595] netlink: 'syz.0.1652': attribute type 29 has an invalid length.
[  616.332799][T11593] netlink: 516 bytes leftover after parsing attributes in process `syz.0.1652'.
[  616.387769][T11497] hsr_slave_0: entered promiscuous mode
[  616.419997][T11497] hsr_slave_1: entered promiscuous mode
[  616.447380][T11497] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  616.481914][T11497] Cannot create hsr debugfs directory
[  616.604471][ T5911] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  616.735608][T11607] netlink: 'syz.0.1655': attribute type 39 has an invalid length.
[  616.821270][ T5911] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  616.869063][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.929916][ T5911] usb 2-1: Product: syz
[  616.962325][ T5911] usb 2-1: Manufacturer: syz
[  616.994426][ T5911] usb 2-1: SerialNumber: syz
[  617.053819][ T5911] usb 2-1: config 0 descriptor??
[  617.346073][T11601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.355101][T11601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.921587][ T5922] cdc_acm 4-1:1.0: skipping garbage
[  618.938115][ T5922] usb 4-1: USB disconnect, device number 56
[  618.976901][   T59] usb 2-1: USB disconnect, device number 49
[  619.097745][T11497] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  619.160674][T11497] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  619.278545][T11497] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  619.384591][T11497] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  620.946110][T11497] 8021q: adding VLAN 0 to HW filter on device bond0
[  621.028500][T11497] 8021q: adding VLAN 0 to HW filter on device team0
[  621.143992][  T995] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.151180][  T995] bridge0: port 1(bridge_slave_0) entered forwarding state
[  621.217937][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.225156][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  621.364571][ T5922] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  621.612480][ T5922] usb 2-1: Using ep0 maxpacket: 16
[  621.632453][T11662] netlink: 'syz.4.1665': attribute type 29 has an invalid length.
[  621.653511][T11664] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1665'.
[  621.658422][ T5922] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  621.722915][ T5922] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  621.723440][T11663] netlink: 'syz.4.1665': attribute type 29 has an invalid length.
[  621.770417][ T5922] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  621.800038][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.849989][ T5922] usb 2-1: Product: syz
[  621.866116][ T5922] usb 2-1: Manufacturer: syz
[  621.886456][ T5922] usb 2-1: SerialNumber: syz
[  622.137545][ T5922] usb 2-1: 0:2 : does not exist
[  622.170898][ T5922] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  622.260917][ T5922] usb 2-1: USB disconnect, device number 50
[  622.574124][T11636] udevd[11636]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  622.901646][T11497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  624.187360][T11497] veth0_vlan: entered promiscuous mode
[  624.249495][T11497] veth1_vlan: entered promiscuous mode
[  624.567392][T11497] veth0_macvtap: entered promiscuous mode
[  624.599805][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.614776][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  624.691021][T11732] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  624.987119][T11497] veth1_macvtap: entered promiscuous mode
[  625.452914][T11497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  625.476406][T11497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.524661][T11497] batman_adv: batadv0: Interface activated: batadv_slave_0
[  625.597688][T11497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  625.650449][T11497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  625.703195][T11497] batman_adv: batadv0: Interface activated: batadv_slave_1
[  625.746916][T11497] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  625.791210][T11497] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  625.814452][T11497] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  625.841439][ T5875] usb 4-1: new full-speed USB device number 57 using dummy_hcd
[  625.843698][T11497] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  626.092304][T11746] erspan0: left allmulticast mode
[  626.124859][T11746] erspan0: left promiscuous mode
[  626.147611][ T5875] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  626.185028][T11746] bridge0: port 3(erspan0) entered disabled state
[  626.204323][ T5875] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  626.213452][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.296379][ T5875] usb 4-1: config 0 descriptor??
[  626.372113][T11751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1681'.
[  626.413730][T11746] bridge_slave_0: left allmulticast mode
[  626.460938][T11746] bridge_slave_0: left promiscuous mode
[  626.495126][T11746] bridge0: port 1(bridge_slave_0) entered disabled state
[  626.572593][T11746] bridge_slave_1: left allmulticast mode
[  626.614546][T11746] bridge_slave_1: left promiscuous mode
[  626.631215][T11746] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.650797][T11741] 9pnet_fd: p9_fd_create_tcp (11741): problem connecting socket to 127.0.0.1
[  626.825370][T11746] bond0: (slave bond_slave_0): Releasing backup interface
[  626.904722][T11746] bond0: (slave bond_slave_1): Releasing backup interface
[  626.986326][T11746] team0: Port device team_slave_0 removed
[  627.030657][T11746] team0: Port device team_slave_1 removed
[  627.053486][T11746] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  627.083721][T11746] batman_adv: batadv0: Removing interface: batadv_slave_0
[  627.149501][T11746] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  627.194583][T11746] batman_adv: batadv0: Removing interface: batadv_slave_1
[  627.328487][T11746] team0: Port device vlan0 removed
[  627.355078][T11746] bond0: (slave wlan1): Releasing backup interface
[  628.895023][T11746] mac80211_hwsim hwsim10 wlan1: left promiscuous mode
[  629.786486][T11745] usb 4-1: USB disconnect, device number 57
[  630.865310][T11746] batadv1: left allmulticast mode
[  630.870526][T11746] batadv1: left promiscuous mode
[  630.898474][T11746] bridge0: port 4(batadv1) entered disabled state
[  631.353605][T11749] team0: Port device vlan0 added
[  631.385326][T11774] loop8: detected capacity change from 0 to 7
[  631.398343][T11774] Dev loop8: unable to read RDB block 7
[  631.404024][T11774]  loop8: unable to read partition table
[  631.466943][T11774] loop8: partition table beyond EOD, truncated
[  631.634589][T11774] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  631.634589][T11774] 
) failed (rc=-5)
[  632.031410][T11751] team0: Port device vlan0 removed
[  632.218759][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  632.250982][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  632.350333][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  632.379422][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  632.748721][T11779] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  632.764388][ T5911] usb 2-1: new low-speed USB device number 51 using dummy_hcd
[  632.974156][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  633.193990][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  633.439745][ T5911] usb 2-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.00
[  633.513803][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.610219][ T5911] usb 2-1: config 0 descriptor??
[  633.630604][T11787] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  633.653905][ T5911] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input31
[  633.834615][   T59] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  634.044853][   T59] usb 4-1: Using ep0 maxpacket: 32
[  634.086877][   T59] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  634.182691][   T59] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  634.258592][   T59] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[  634.381204][   T59] usb 4-1: New USB device found, idVendor=0582, idProduct=002b, bcdDevice=9f.7f
[  634.420027][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.496645][   T59] usb 4-1: Product: syz
[  634.529155][   T59] usb 4-1: Manufacturer: syz
[  634.579211][   T59] usb 4-1: SerialNumber: syz
[  634.669350][   T59] usb 4-1: config 0 descriptor??
[  634.956484][   T59] usb 4-1: USB disconnect, device number 58
[  635.225209][T11636] udevd[11636]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  635.954713][ T5826] Bluetooth: hci1: command tx timeout
[  636.033642][ T5181] bcm5974 2-1:0.0: could not read from device
[  636.051978][    T8] usb 2-1: USB disconnect, device number 51
[  636.066869][T10328] bcm5974 2-1:0.0: could not read from device
[  636.159162][ T5181] bcm5974 2-1:0.0: could not read from device
[  637.586676][T11853] netlink: 188 bytes leftover after parsing attributes in process `syz.4.1701'.
[  637.596238][T11853] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1701'.
[  637.781768][T11855] netlink: 'syz.3.1702': attribute type 29 has an invalid length.
[  637.859168][T11855] netlink: 'syz.3.1702': attribute type 29 has an invalid length.
[  638.011768][T11855] netlink: 516 bytes leftover after parsing attributes in process `syz.3.1702'.
[  639.078729][T11869] Invalid ELF header len 5
[  639.799005][   T59] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  639.994711][   T59] usb 4-1: Using ep0 maxpacket: 32
[  640.037954][   T59] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  640.123200][   T59] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  640.236004][   T59] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  640.312779][   T59] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  640.484995][   T59] usb 4-1: Product: syz
[  640.496331][T11886] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  640.513849][   T59] usb 4-1: Manufacturer: syz
[  640.529449][   T59] usb 4-1: SerialNumber: syz
[  640.535250][T11886] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  640.564723][T11886] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  640.592206][T11886] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  640.620329][T11886] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  640.633048][   T59] appletouch 4-1:1.0: Could not find int-in endpoint
[  640.658752][   T59] appletouch 4-1:1.0: probe with driver appletouch failed with error -5
[  640.696141][   T59] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  640.785621][T11886] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  640.940705][   T59] usb 4-1: USB disconnect, device number 59
[  641.046609][T11892] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1713'.
[  641.056148][T11892] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1713'.
[  641.067937][T11894] netlink: 'syz.4.1714': attribute type 46 has an invalid length.
[  642.584416][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout
[  642.584444][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  642.664338][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  644.315407][   T59] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  644.741437][   T59] usb 6-1: device descriptor read/64, error -71
[  644.754634][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  645.712485][   T59] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  645.884357][   T59] usb 6-1: device descriptor read/64, error -71
[  646.666719][   T59] usb usb6-port1: attempt power cycle
[  646.825418][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout
[  649.550091][T11970] netlink: 'syz.4.1725': attribute type 1 has an invalid length.
[  649.785123][T11986] netlink: 'syz.1.1735': attribute type 3 has an invalid length.
[  650.846701][T11995] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  651.004942][   T29] audit: type=1800 audit(2000000118.350:225): pid=11958 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1725" name="memory.events" dev="tmpfs" ino=1847 res=0 errno=0
[  652.215678][T12011] loop8: detected capacity change from 0 to 7
[  652.245019][T12011] Dev loop8: unable to read RDB block 7
[  652.250690][T12011]  loop8: unable to read partition table
[  652.284674][T12011] loop8: partition table beyond EOD, truncated
[  652.290927][T12011] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  652.290927][T12011] 
) failed (rc=-5)
[  652.326091][T12014] Unsupported ieee802154 address type: 0
[  652.768631][T12021] input: syz0 as /devices/virtual/input/input32
[  655.064384][ T5922] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  655.636630][ T5922] usb 6-1: device descriptor read/64, error -71
[  656.004655][ T5922] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  656.126249][T12040] Cannot find add_set index 1026 as target
[  656.299129][T12047] overlay: ./file0 is not a directory
[  656.715549][T12051] netlink: 'syz.4.1755': attribute type 1 has an invalid length.
[  658.472177][T12059] loop8: detected capacity change from 0 to 7
[  658.703585][T12059] Dev loop8: unable to read RDB block 7
[  658.773857][T12059]  loop8: unable to read partition table
[  658.905016][T12059] loop8: partition table beyond EOD, truncated
[  658.991561][T12059] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  658.991561][T12059] 
) failed (rc=-5)
[  660.317462][T12068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1762'.
[  660.464468][    T8] usb 5-1: new full-speed USB device number 56 using dummy_hcd
[  660.911997][T12077] mac80211_hwsim hwsim10 
: renamed from wlan1
[  660.956102][   T59] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  661.027473][    T8] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  661.036527][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.075732][    T8] usb 5-1: config 0 has no interface number 0
[  661.082102][    T8] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  661.114802][    T8] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  661.127259][   T59] usb 6-1: config 2 has an invalid interface number: 219 but max is 1
[  661.154234][    T8] usb 5-1: config 0 interface 52 has no altsetting 0
[  661.163906][   T59] usb 6-1: config 2 has an invalid interface number: 127 but max is 1
[  661.184573][    T8] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[  661.202841][   T59] usb 6-1: config 2 has no interface number 0
[  661.223102][   T59] usb 6-1: config 2 has no interface number 1
[  661.224243][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35
[  661.251053][   T59] usb 6-1: config 2 interface 219 altsetting 1 endpoint 0xD has invalid maxpacket 512, setting to 64
[  661.282935][    T8] usb 5-1: SerialNumber: syz
[  661.337377][    T8] usb 5-1: config 0 descriptor??
[  661.522005][   T59] usb 6-1: config 2 interface 219 has no altsetting 0
[  661.530274][   T59] usb 6-1: config 2 interface 127 has no altsetting 0
[  661.547465][   T59] usb 6-1: New USB device found, idVendor=05c6, idProduct=9002, bcdDevice=e4.64
[  661.564493][   T59] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.572565][   T59] usb 6-1: Product: syz
[  661.589412][T12071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.634585][   T59] usb 6-1: Manufacturer: syz
[  661.644529][T12071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.670045][   T59] usb 6-1: SerialNumber: syz
[  661.706644][   T59] usb 6-1: Interface #127 referenced by multiple IADs
[  661.999734][    T8] usb 5-1: USB disconnect, device number 56
[  662.008073][T12066] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1761'.
[  662.282887][T12093] netlink: 'syz.3.1769': attribute type 29 has an invalid length.
[  662.321756][T12093] netlink: 'syz.3.1769': attribute type 29 has an invalid length.
[  662.372422][T12095] netlink: 516 bytes leftover after parsing attributes in process `syz.3.1769'.
[  662.542324][T12096] ntfs3(nbd0): try to read out of volume at offset 0x0
[  663.494513][   T59] usb 6-1: USB disconnect, device number 7
[  663.825223][T12110] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1774'.
[  665.577303][T12120] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1777'.
[  665.586754][T12120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1777'.
[  666.843956][T12127] 9pnet_fd: p9_fd_create_tcp (12127): problem connecting socket to 127.0.0.1
[  668.623791][T12138] netlink: 'syz.5.1782': attribute type 29 has an invalid length.
[  671.129367][T12138] netlink: 'syz.5.1782': attribute type 29 has an invalid length.
[  671.168066][T12133] page: refcount:3 mapcount:1 mapping:ffff888059b0cb78 index:0x47 pfn:0x543f6
[  671.178436][T12133] memcg:ffff888030834000
[  671.182691][T12133] aops:shmem_aops ino:503
[  671.187037][T12133] flags: 0xfff0000002012d(locked|referenced|uptodate|lru|active|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[  671.198423][T12133] raw: 00fff0000002012d ffffea000150fd48 ffffea000150fdc8 ffff888059b0cb78
[  671.207013][T12133] raw: 0000000000000047 0000000000000000 0000000300000000 ffff888030834000
[  671.215597][T12133] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio))
[  671.222889][T12133] page_owner tracks the page as allocated
[  671.230021][T12133] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 12132, tgid 12130 (syz.3.1781), ts 667417138972, free_ts 664248700820
[  671.247949][T12133]  post_alloc_hook+0x1f4/0x240
[  671.252747][T12133]  get_page_from_freelist+0x3651/0x37a0
[  671.258309][T12133]  __alloc_frozen_pages_noprof+0x292/0x710
[  671.264134][T12133]  alloc_pages_mpol+0x311/0x660
[  671.269009][T12133]  folio_alloc_mpol_noprof+0x36/0x70
[  671.274306][T12133]  shmem_alloc_and_add_folio+0x4a0/0x1090
[  671.280034][T12133]  shmem_get_folio_gfp+0x621/0x1840
[  671.285240][T12133]  shmem_fault+0x220/0x5b0
[  671.289667][T12133]  __do_fault+0x135/0x390
[  671.294006][T12133]  __handle_mm_fault+0x4c44/0x70f0
[  671.299130][T12133]  handle_mm_fault+0x2c1/0x7e0
[  671.303910][T12133]  __get_user_pages+0x1a92/0x4140
[  671.308952][T12133]  populate_vma_page_range+0x264/0x330
[  671.314433][T12133]  __mm_populate+0x27a/0x460
[  671.319034][T12133]  vm_mmap_pgoff+0x303/0x430
[  671.323640][T12133]  do_syscall_64+0xf3/0x230
[  671.328158][T12133] page last free pid 12115 tgid 12107 stack trace:
[  671.334659][T12133]  free_unref_folios+0xe2f/0x18a0
[  671.339706][T12133]  shrink_folio_list+0x4326/0x5930
[  671.344826][T12133]  reclaim_folio_list+0x142/0x600
[  671.349859][T12133]  reclaim_pages+0x49e/0x5e0
[  671.354459][T12133]  madvise_cold_or_pageout_pte_range+0x1ea8/0x2360
[  671.360978][T12133]  walk_pgd_range+0xc3d/0x17e0
[  671.365754][T12133]  __walk_page_range+0x15f/0x700
[  671.370740][T12133]  walk_page_range_mm+0x58f/0x7c0
[  671.375784][T12133]  do_madvise+0x3944/0x4d90
[  671.380303][T12133]  __x64_sys_madvise+0xa6/0xc0
[  671.385079][T12133]  do_syscall_64+0xf3/0x230
[  671.389628][T12133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.395666][T12133] ------------[ cut here ]------------
[  671.401124][T12133] kernel BUG at mm/filemap.c:154!
[  671.406189][T12133] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  671.413129][T12133] CPU: 0 UID: 0 PID: 12133 Comm: syz.3.1781 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  671.423890][T12133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  671.433949][T12133] RIP: 0010:filemap_unaccount_folio+0x73d/0x7d0
[  671.440206][T12133] Code: de c7 ff 48 89 df 48 c7 c6 e0 d3 13 8c e8 1b b2 0f 00 90 0f 0b e8 d3 de c7 ff 48 89 df 48 c7 c6 c0 d2 13 8c e8 04 b2 0f 00 90 <0f> 0b e8 bc de c7 ff 48 89 df 48 c7 c6 e0 d3 13 8c e8 ed b1 0f 00
[  671.459899][T12133] RSP: 0018:ffffc9000c937070 EFLAGS: 00010046
[  671.465969][T12133] RAX: 61ae5ea4d14b9c00 RBX: ffffea000150fd80 RCX: ffffc9000c936c03
[  671.473942][T12133] RDX: 0000000000000002 RSI: ffffffff8c0ab8e0 RDI: ffffffff8c5fb600
[  671.481914][T12133] RBP: 0000000000000000 R08: ffffffff901a2777 R09: 1ffffffff20344ee
[  671.489887][T12133] R10: dffffc0000000000 R11: fffffbfff20344ef R12: dffffc0000000000
[  671.497859][T12133] R13: 1ffffd40002a1fb1 R14: ffff888059b0cb78 R15: ffffea000150fd88
[  671.505835][T12133] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  671.514767][T12133] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  671.521351][T12133] CR2: 000000110c2e1405 CR3: 000000000e738000 CR4: 00000000003526f0
[  671.529328][T12133] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  671.537298][T12133] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  671.545271][T12133] Call Trace:
[  671.548550][T12133]  <TASK>
[  671.551484][T12133]  ? __die_body+0x5f/0xb0
[  671.555825][T12133]  ? die+0x9e/0xc0
[  671.559553][T12133]  ? do_trap+0x15a/0x3a0
[  671.563798][T12133]  ? filemap_unaccount_folio+0x73d/0x7d0
[  671.569441][T12133]  ? do_error_trap+0x1dc/0x2c0
[  671.574206][T12133]  ? filemap_unaccount_folio+0x73d/0x7d0
[  671.579848][T12133]  ? __pfx_do_error_trap+0x10/0x10
[  671.584961][T12133]  ? report_bug+0x3cd/0x500
[  671.589472][T12133]  ? handle_invalid_op+0x34/0x40
[  671.594414][T12133]  ? filemap_unaccount_folio+0x73d/0x7d0
[  671.600054][T12133]  ? exc_invalid_op+0x38/0x50
[  671.604740][T12133]  ? asm_exc_invalid_op+0x1a/0x20
[  671.609774][T12133]  ? filemap_unaccount_folio+0x73d/0x7d0
[  671.615419][T12133]  __filemap_remove_folio+0xc7/0x670
[  671.620711][T12133]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  671.626094][T12133]  ? __pfx___filemap_remove_folio+0x10/0x10
[  671.631997][T12133]  ? _raw_spin_lock_irq+0xdf/0x120
[  671.637112][T12133]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  671.642666][T12133]  filemap_remove_folio+0xe1/0x1f0
[  671.647791][T12133]  truncate_inode_folio+0x5d/0x70
[  671.652821][T12133]  shmem_undo_range+0x44b/0x1820
[  671.657774][T12133]  ? __pfx_shmem_undo_range+0x10/0x10
[  671.663164][T12133]  ? __kernel_text_address+0xd/0x40
[  671.668378][T12133]  ? unwind_get_return_address+0x4d/0x90
[  671.674017][T12133]  ? __pfx_validate_chain+0x10/0x10
[  671.679224][T12133]  ? arch_stack_walk+0xfd/0x150
[  671.684094][T12133]  ? percpu_counter_add_batch+0xff/0x1f0
[  671.689732][T12133]  shmem_evict_inode+0x29b/0xa80
[  671.694694][T12133]  ? inode_wait_for_writeback+0x111/0x2a0
[  671.700438][T12133]  ? __pfx_shmem_evict_inode+0x10/0x10
[  671.705919][T12133]  ? do_raw_spin_unlock+0x13c/0x8b0
[  671.711130][T12133]  ? __pfx_shmem_evict_inode+0x10/0x10
[  671.716600][T12133]  evict+0x4e8/0x9a0
[  671.720501][T12133]  ? __pfx_evict+0x10/0x10
[  671.724918][T12133]  ? iput+0x713/0xa50
[  671.728906][T12133]  __dentry_kill+0x20d/0x630
[  671.733524][T12133]  ? dput+0x37/0x2b0
[  671.737439][T12133]  dput+0x19f/0x2b0
[  671.741260][T12133]  __fput+0x60b/0x9f0
[  671.745261][T12133]  task_work_run+0x24f/0x310
[  671.749864][T12133]  ? __pfx_task_work_run+0x10/0x10
[  671.754985][T12133]  ? switch_task_namespaces+0xe4/0x110
[  671.760459][T12133]  do_exit+0xa2a/0x28e0
[  671.764622][T12133]  ? __pfx_do_exit+0x10/0x10
[  671.769218][T12133]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  671.774594][T12133]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.780578][T12133]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  671.786914][T12133]  ? _raw_spin_lock_irq+0xdf/0x120
[  671.792033][T12133]  do_group_exit+0x207/0x2c0
[  671.796627][T12133]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.801827][T12133]  ? lockdep_hardirqs_on+0x99/0x150
[  671.807030][T12133]  get_signal+0x16b2/0x1750
[  671.811548][T12133]  ? __pfx_get_signal+0x10/0x10
[  671.816414][T12133]  arch_do_signal_or_restart+0x96/0x860
[  671.821963][T12133]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  671.828118][T12133]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.834110][T12133]  ? syscall_exit_to_user_mode+0xa3/0x340
[  671.839835][T12133]  syscall_exit_to_user_mode+0xce/0x340
[  671.845389][T12133]  do_syscall_64+0x100/0x230
[  671.849984][T12133]  ? clear_bhb_loop+0x35/0x90
[  671.854671][T12133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.860571][T12133] RIP: 0033:0x7fbfbfd8cde9
[  671.864985][T12133] Code: Unable to access opcode bytes at 0x7fbfbfd8cdbf.
[  671.871997][T12133] RSP: 002b:00007fbfc0c120e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  671.880413][T12133] RAX: fffffffffffffe00 RBX: 00007fbfbffa6088 RCX: 00007fbfbfd8cde9
[  671.888390][T12133] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbfbffa6088
[  671.896396][T12133] RBP: 00007fbfbffa6080 R08: 0000000000000000 R09: 0000000000000000
[  671.904371][T12133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbfbffa608c
[  671.912343][T12133] R13: 0000000000000000 R14: 00007ffd9bdbcc70 R15: 00007ffd9bdbcd58
[  671.920331][T12133]  </TASK>
[  671.923362][T12133] Modules linked in:
[  671.927275][T12133] ---[ end trace 0000000000000000 ]---
[  671.932729][T12133] RIP: 0010:filemap_unaccount_folio+0x73d/0x7d0
[  671.938985][T12133] Code: de c7 ff 48 89 df 48 c7 c6 e0 d3 13 8c e8 1b b2 0f 00 90 0f 0b e8 d3 de c7 ff 48 89 df 48 c7 c6 c0 d2 13 8c e8 04 b2 0f 00 90 <0f> 0b e8 bc de c7 ff 48 89 df 48 c7 c6 e0 d3 13 8c e8 ed b1 0f 00
[  671.958593][T12133] RSP: 0018:ffffc9000c937070 EFLAGS: 00010046
[  671.964752][T12133] RAX: 61ae5ea4d14b9c00 RBX: ffffea000150fd80 RCX: ffffc9000c936c03
[  671.972813][T12133] RDX: 0000000000000002 RSI: ffffffff8c0ab8e0 RDI: ffffffff8c5fb600
[  671.980795][T12133] RBP: 0000000000000000 R08: ffffffff901a2777 R09: 1ffffffff20344ee
[  671.988769][T12133] R10: dffffc0000000000 R11: fffffbfff20344ef R12: dffffc0000000000
[  671.996742][T12133] R13: 1ffffd40002a1fb1 R14: ffff888059b0cb78 R15: ffffea000150fd88
[  672.004729][T12133] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  672.013660][T12133] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  672.020244][T12133] CR2: 000000110c2e1405 CR3: 000000000e738000 CR4: 00000000003526f0
[  672.028245][T12133] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  672.036217][T12133] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  672.044203][T12133] Kernel panic - not syncing: Fatal exception
[  672.050572][T12133] Kernel Offset: disabled
[  672.054916][T12133] Rebooting in 86400 seconds..