last executing test programs:

5m42.19399787s ago: executing program 4 (id=5):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000440)=@file={0x0, './file2\x00'}, 0x8f)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612)
linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f0000000040)={0xbc, 0x0, 0x2})
accept4(r0, 0x0, 0x0, 0x800)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018, r6}, './file1\x00'})
r8 = getpgrp(r1)
ptrace$ARCH_SET_CPUID(0x1e, r8, 0x1, 0x1012)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fe, 0x0, 0xe0, 0x2, 0x0})

5m41.55244487s ago: executing program 4 (id=14):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x18, 0x0, "041f62"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfdff, @mcast1}}]}, 0x80}, 0x1, 0x7}, 0x0)

5m40.60235613s ago: executing program 4 (id=18):
ioctl$SIOCPNENABLEPIPE(0xffffffffffffffff, 0x89ed, 0x0)
io_setup(0x4, &(0x7f0000000000))
io_setup(0x7, &(0x7f0000000040)=<r0=>0x0)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x1c, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000100)=0x8, 0x4)
close_range(r1, r1, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x14, &(0x7f0000000140)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @exit, @map_fd={0x18, 0x4}, @alu={0x7, 0x0, 0x1, 0xa, 0x6, 0x18, 0x4}, @alu={0x7, 0x1, 0xa, 0xa, 0x2, 0x0, 0xb}, @ldst={0x3, 0x1, 0x3, 0x9, 0xc, 0x2, 0xffffffffffffffff}], &(0x7f0000000200)='syzkaller\x00', 0x8, 0xbf, &(0x7f0000000240)=""/191, 0x41100, 0x39de3f8a8d78101d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x8, 0x8001}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000380)=[0xffffffffffffffff], &(0x7f00000003c0)=[{0x3, 0x4, 0x0, 0x4}, {0x3, 0x5, 0xd, 0xa}, {0x4, 0x1, 0xd}, {0x5, 0x1, 0x7}, {0x3, 0x5, 0x8, 0xc}, {0x4, 0x2, 0xb, 0x6}], 0x10, 0xa43, @void, @value}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000580)={'ip6_vti0\x00', &(0x7f0000000500)={'syztnl1\x00', <r3=>0x0, 0x29, 0x9, 0x1, 0x7, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, 0x80, 0x20, 0x8, 0x80}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000600)={r2, r3, 0x25, 0x6, @val=@kprobe_multi=@addrs={0x1, 0x2, 0x0, &(0x7f00000005c0)=[0x4, 0x80000001], 0x8}}, 0x30)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
sched_setscheduler(r4, 0x1, &(0x7f0000002680)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002700), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r5, &(0x7f00000028c0)={&(0x7f00000026c0)={0x10, 0x0, 0x0, 0x81020000}, 0xc, &(0x7f0000002880)={&(0x7f0000002740)={0x11c, r6, 0x0, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5000000}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x741}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x93}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x24000005}, 0x8081)
open$dir(&(0x7f0000002900)='./file0\x00', 0x20000, 0x40)
ptrace$getregset(0x4204, r4, 0x1, &(0x7f00000029c0)={&(0x7f0000002940)=""/83, 0x53})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002a40)={0x6, &(0x7f0000002a00)=[{0x3, 0x9, 0xa, 0x3}, {0x9, 0x8, 0xfd, 0xfffffff9}, {0x7, 0xe6, 0x92}, {0x3ff, 0x1, 0x2, 0x5}, {0x9, 0x0, 0x6, 0x2}, {0x2, 0x4, 0x2, 0x90c}]})
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000002cc0)={&(0x7f0000002a80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002c80)={&(0x7f0000002ac0)={0x190, r6, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xf}, @DEVLINK_ATTR_RATE_NODE_NAME={0x25, 0xa8, @random="1a4819fdee69fa08d0e857a9827cab9d99db0a7aeb8a058a4f03924cc2a8040bd1"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xfa, 0xa8, @random="a571012d71b9b0dce03232e2c267665b2ecb8ba037f6fae24523546855b5cdbe092120ef8e781e98d31dc82f662f42fddb0b3571ffde272722178fd04d3b7ce267097dbd8aad71396f5a94512b7e9e15c61d52577aa3baaff71e65c384325aca8d54655e420b6039d024863a5be77541e5b8fe30a365f85be37e5740696769273462713ab08d9372f91d3a611587de77d9845782d0666f65232e14906b078f4cb0814d7d44237847fa324ff7789b3d790bb67e30cc4675a64ff3d5fe9de1eed2e328517e37ccf71a3d3425e738f2bfbfcd57c67f4ba860085a440801083b505ad3b72db7edddf4a99829da60bb82749d2aadf8bbf081"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}]}, 0x190}, 0x1, 0x0, 0x0, 0xc014}, 0x810)
ioctl$VIDIOC_G_PARM(r5, 0xc0cc5615, &(0x7f0000002d00)={0x4, @output={0x0, 0x1, {0x2, 0x6}, 0x9f07, 0x5}})
syz_init_net_socket$ax25(0x3, 0x5, 0xca)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r7, 0x106, 0x1, &(0x7f0000002e00), 0x4)
getpeername(r1, &(0x7f0000002e40)=@pptp={0x18, 0x2, {0x0, @multicast1}}, &(0x7f0000002ec0)=0x80)
io_destroy(r0)
socket$nl_generic(0x10, 0x3, 0x10)
ptrace$getregset(0x4204, r4, 0x1, &(0x7f0000002fc0)={&(0x7f0000002f00)=""/181, 0xb5})
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000003000))
r8 = add_key$user(&(0x7f0000003040), &(0x7f0000003080)={'syz', 0x3}, &(0x7f00000030c0)="0bf986b2dc", 0x5, 0xfffffffffffffffe)
r9 = add_key$keyring(&(0x7f0000003140), &(0x7f0000003180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$instantiate(0xc, r8, &(0x7f0000003100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'secondname\x00', 0x20, 0xffffffffffff08e6}, 0x32, r9)

5m39.408507055s ago: executing program 32 (id=18):
ioctl$SIOCPNENABLEPIPE(0xffffffffffffffff, 0x89ed, 0x0)
io_setup(0x4, &(0x7f0000000000))
io_setup(0x7, &(0x7f0000000040)=<r0=>0x0)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x1c, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000100)=0x8, 0x4)
close_range(r1, r1, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x14, &(0x7f0000000140)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @exit, @map_fd={0x18, 0x4}, @alu={0x7, 0x0, 0x1, 0xa, 0x6, 0x18, 0x4}, @alu={0x7, 0x1, 0xa, 0xa, 0x2, 0x0, 0xb}, @ldst={0x3, 0x1, 0x3, 0x9, 0xc, 0x2, 0xffffffffffffffff}], &(0x7f0000000200)='syzkaller\x00', 0x8, 0xbf, &(0x7f0000000240)=""/191, 0x41100, 0x39de3f8a8d78101d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x8, 0x8001}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000380)=[0xffffffffffffffff], &(0x7f00000003c0)=[{0x3, 0x4, 0x0, 0x4}, {0x3, 0x5, 0xd, 0xa}, {0x4, 0x1, 0xd}, {0x5, 0x1, 0x7}, {0x3, 0x5, 0x8, 0xc}, {0x4, 0x2, 0xb, 0x6}], 0x10, 0xa43, @void, @value}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000580)={'ip6_vti0\x00', &(0x7f0000000500)={'syztnl1\x00', <r3=>0x0, 0x29, 0x9, 0x1, 0x7, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, 0x80, 0x20, 0x8, 0x80}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000600)={r2, r3, 0x25, 0x6, @val=@kprobe_multi=@addrs={0x1, 0x2, 0x0, &(0x7f00000005c0)=[0x4, 0x80000001], 0x8}}, 0x30)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
sched_setscheduler(r4, 0x1, &(0x7f0000002680)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002700), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r5, &(0x7f00000028c0)={&(0x7f00000026c0)={0x10, 0x0, 0x0, 0x81020000}, 0xc, &(0x7f0000002880)={&(0x7f0000002740)={0x11c, r6, 0x0, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5000000}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x741}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x93}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x24000005}, 0x8081)
open$dir(&(0x7f0000002900)='./file0\x00', 0x20000, 0x40)
ptrace$getregset(0x4204, r4, 0x1, &(0x7f00000029c0)={&(0x7f0000002940)=""/83, 0x53})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002a40)={0x6, &(0x7f0000002a00)=[{0x3, 0x9, 0xa, 0x3}, {0x9, 0x8, 0xfd, 0xfffffff9}, {0x7, 0xe6, 0x92}, {0x3ff, 0x1, 0x2, 0x5}, {0x9, 0x0, 0x6, 0x2}, {0x2, 0x4, 0x2, 0x90c}]})
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000002cc0)={&(0x7f0000002a80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002c80)={&(0x7f0000002ac0)={0x190, r6, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xf}, @DEVLINK_ATTR_RATE_NODE_NAME={0x25, 0xa8, @random="1a4819fdee69fa08d0e857a9827cab9d99db0a7aeb8a058a4f03924cc2a8040bd1"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xfa, 0xa8, @random="a571012d71b9b0dce03232e2c267665b2ecb8ba037f6fae24523546855b5cdbe092120ef8e781e98d31dc82f662f42fddb0b3571ffde272722178fd04d3b7ce267097dbd8aad71396f5a94512b7e9e15c61d52577aa3baaff71e65c384325aca8d54655e420b6039d024863a5be77541e5b8fe30a365f85be37e5740696769273462713ab08d9372f91d3a611587de77d9845782d0666f65232e14906b078f4cb0814d7d44237847fa324ff7789b3d790bb67e30cc4675a64ff3d5fe9de1eed2e328517e37ccf71a3d3425e738f2bfbfcd57c67f4ba860085a440801083b505ad3b72db7edddf4a99829da60bb82749d2aadf8bbf081"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}]}, 0x190}, 0x1, 0x0, 0x0, 0xc014}, 0x810)
ioctl$VIDIOC_G_PARM(r5, 0xc0cc5615, &(0x7f0000002d00)={0x4, @output={0x0, 0x1, {0x2, 0x6}, 0x9f07, 0x5}})
syz_init_net_socket$ax25(0x3, 0x5, 0xca)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r7, 0x106, 0x1, &(0x7f0000002e00), 0x4)
getpeername(r1, &(0x7f0000002e40)=@pptp={0x18, 0x2, {0x0, @multicast1}}, &(0x7f0000002ec0)=0x80)
io_destroy(r0)
socket$nl_generic(0x10, 0x3, 0x10)
ptrace$getregset(0x4204, r4, 0x1, &(0x7f0000002fc0)={&(0x7f0000002f00)=""/181, 0xb5})
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000003000))
r8 = add_key$user(&(0x7f0000003040), &(0x7f0000003080)={'syz', 0x3}, &(0x7f00000030c0)="0bf986b2dc", 0x5, 0xfffffffffffffffe)
r9 = add_key$keyring(&(0x7f0000003140), &(0x7f0000003180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$instantiate(0xc, r8, &(0x7f0000003100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'secondname\x00', 0x20, 0xffffffffffff08e6}, 0x32, r9)

5m36.305653703s ago: executing program 2 (id=35):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x7ff, [{0x0, 0x2}]}]}}, &(0x7f0000000f40)=""/4089, 0x3e, 0xff9, 0xa, 0x7ff, 0x26000000, @void, @value}, 0x28)

5m36.177537469s ago: executing program 2 (id=37):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps\x00')
read$char_usb(r3, &(0x7f0000000040)=""/191, 0xbf)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040))
keyctl$setperm(0x5, 0x0, 0x220c)
keyctl$invalidate(0x15, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000070000000400"/20, @ANYRES32=0x0, @ANYBLOB="03050000000000001c0012800b00010062726964676500000c0002800800020080000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

5m34.383311069s ago: executing program 2 (id=44):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newtaction={0x68, 0x30, 0xffff, 0x70bd27, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x4000}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

5m33.610274749s ago: executing program 2 (id=49):
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xc8}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x24, 0x0, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x24}}, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000000403fe00", '\x00', '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386afe0374831c1f9", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000100)={0x5, 0xfffffffffffffffe, 0x7, 0x0, 0x0, 0x0, "c5c6ff176c2b4d2cffed3a00", 0x0, 0x2, 0x0, 0x9, 0x0, 0x4, 0xff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r6, &(0x7f0000000180)=ANY=[], 0xb9)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r7, r6, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
syz_emit_ethernet(0xf26, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd601200080ef03afffe8000000000000000000000000000bbff0200000000000000000000000000018800907803000000fc00000000000000000000000000000002068bbbecdf1c4b08c7a6aec8723db73debc4e82e3d3cf2c9cce0a6317430a686d242ec08d68d7fed0207e94110e21d230fe818d4557474fecb6b3474eeb3f1f93393347d217e473c4589ff11728bbf495dc7fcbce9ba60e0b983ed468e063aeb4e7055c598fea516351eb2990f15c737ed0b5de2a081a99436b5de9fe01febedc3939f8de8b6c71294042e830213015231bbe2d81fa38f2a132521553b8245cb7d7c50ec7e136d62b6cc656229eae4a6e01222d000b651f3ad7cae83837039c8829aad0272dd21e363c4b37801221f3520294f8b799fa823c2192efdaa96b69ca89bc8b5b016e0bd0e8f3d6a1e3c50d83680b613a65f69371928259819b89f632c4a6c428ea9d524b297e360f67921d4efe570b5591f02e57ee79566a517b15b7dc7d55aa7394bd5d97671c8ac850efa8acbcfbff27236566e1c84c77230cfe117d5c4c33c1f59a28781cbc1abff9b8a3e823c5e62c075ddd83f478af3e7df0108d2e13e03cabce2b30a2b6de175ffa16ac001610abaa936fde3d779ea522c02e247bee25439ef9d7061dedbc9aabba32e8953cdc626962d56de30535896697529cdb6d22f33774b7d888f35938c4428443ea77b96bf762dfae9e68d93ef3050f621ca8e8f654e124b65579d8b6214543cf552af4b465a58d46f9babcfbdc3724409ba297d621e1fc024d9f9edfe24e63cb14deb954bf841f81611819f1c5e32bbdfc322508719d41c5aecabb7e6a3d9b25217e3e69ea271ef0f52aac32c32a927b0a397932bb962e3b3d417d9ab1de86ed80c127fa905494f47c1e8986d54430c9e6c6aa955c5eebc693db12a4710827ed7a123bb6cd4fbb957bbfd4d66eb7ba78a8b04041089e71b8f7c324fdc151c3dfa9bad1ea9fb30125a90feafcd7dd62ee9ae0369f4fbb9191b07e662849c0067e1ca1357c938ba09a4d6cd8ebaa3ee376207754c0d63dbb755f0a3de18e0c63d258a9f8c8f1431ce6bcf1e3cce77929899033f7a3cd5ab4cac82f5a35b271e5b53046a0f39f985c7290538bc764fd7e7db833b651258ef5c02f39ebfd10ff52e26e1dacc0c8c3145e279157c32c9a1638d9dcbff03adae0e5e783a6c84c23f44deb0c3d9a27ac650cbde6f1cf1ae26735f548ac107810636a28754cce36252d3773c1c363c4e7c7b12b17ead9047c584368ebd28606613d88db2e025e9458ac4c2b213ca128dde16e102576acaab3ccdeb1930cd909186939db8b2776f3bda601840e42307f608cfb0f62249013792e4125542e76a7fd5a784223c83bdc808a1fda8a175a04b69d59de279163166b3d52ba40633b06cc03cd56682cd2a45e27174c16935c1ea3b1bfee0e48abe1ae8981e648d694872c83bfad8b0933b6fe1529afb0efa2373d38f23266d48cf5d0a65193658a4ffd66ae7a604cee278197d613aa84962fb40aecd8d564c34284638c2e4f9110e44580abad5180da1c05a0de00a08348a7530a897f5eb0c2a9dd4b8610f6c3f2827b4c62ca86969d23045eb1cc60ea0d01b5f5576d24e57119055a75c8da0b97f555b0fa0540b9e7dd1768477d122230820a25f29e90f52fc841b016a87e5039ae3e6aa39038dba3d0da35d8fe4cfffce6f028096e5477bdea918628b04afd30fdd69dabba3c7cfce67e9a56bf125d4ebecb3cf1c686dbbaad801d4a70d6851f63b8e07d3134f0dc026b4e58a774f5f7307ac2617f8d2b3e9b9a6ec6cfc78c67abfa905ca973130c09fdb57e234cc833765798422ccf8877e10129eca009d6502f5dc8cee960989f2e4d0c4ec2f2d8e22dcb9e00fbe749389866751e068aff456c5d7f804be30346414ef845e4c8386a02276267589f354db1852f3a7e34a827060217d551aeb8e6751bb300c657a7c7822ad7cf031e026df21072cc79f0274b3280bbc5769710d28208584cd3e686dc60c86a1f2196a87d04773da11149c2126b6cfb0bda2247bd6bfc460df1a4bbea514a937751773a9abec3417bce36f9007507638231e39135e41fcecd9c820e60f5e59e5ec6c227560162c6edcf9ae4d3552ff8c5ccf4892a4f062c6975a203364831aa5e9d66ab9d76b6381d0a4a81cf0048e3fc3cfaa4a2324940605ade19bcd71c778b6c0ba7b31f732bf6a3776b3edb73a200945097c454619b39c73a213054d5fb229d01020ba5898a5ef9136603e8e9cf6b5754042bece68d9c5a1d1e5b64101f2f7e4a2bbf37efc88a3c2daedce12ebb2214d3986904bf9a58ea3f144a6e333b1a07b87335ec45c214a43be1e7b4f8c9523f500c39ef99f686770e96570f3d7d849adb5a5366f584768c74f76b21e1640760a270b482b5553e41a492697575e67a5a9ae4e18ab77256f4c5a74e659dad6dfde8145daf0d751decb843fac66a5ec0b71754aa4b4e858797a81a03b6b6dfa3af80b9f47d79aa43ffe1db66ed7b229756b214517c0f1cc4e7c5dba164b2d53a87690a8c77bc9f2669fa4778cf28524250b4b89f33c871f0ab480f179374b831c7e9088e21b9d9db0900c629fa18657887700b454471ac1c105c5984f935533c579ddd1476f3d231d3ef1aa68ebb4b4ef882929fb64bbd5d53d684ca55f47cb8a2814625aced6dfbc6f45125248970d7e19d5b797a2e9c4a62b08f43a82702247aa0479182e88485078d1e1fb352f9b5398888949054a7fd11665402b47ecdb977ae21aba25f3b694eb4df09928458cc9695f03239a1ffd372f9db986b8d4b3819037159fd4dc848be9c8d29793d6ca07c0046166e11c9ff1e0403768b723fd567c7f9d6a2938b696e1e848acc10c6014a480dce6bbb1acb8db1f436c3d876fcb99e7f804db20d1e79a3b02cfc082a26a1b203b95fb9285d6d530abc7022ba8425e1fa9cbef2861e72b9a904fd31c37ef3ef3f19f0f8979975edd41b59f2de326d109a4a4b70db11be1382a1b69393e093032b53dabf00dc7c65be1aff62b788399d24d4e8f6bc082b7d935bd6dd8fd8c44a4465a8d8e4117322333c98d68a15388961bfeb1568538483f0d419a349af258cabfd2b0d478d987d8106f982ce51193da4758b2df1021a3fc1b812c3ae3c03935d699b7ad96796fd91c0284da66da03efef4e1d40ada02874439dba69742f09c495dafbf526c7490844222429fabf0783a35a054a830fda46b02b3f906dab0c22b60cc371a17de5589a66c301836b3bafc8073c0e96c60202b69bcba42d187ae700a37c01901d410e215caa966281ec60fa2c6d4d70515a15dc126cef371ab7a9c35eb448a1db69cbd5fbbdcd5630fbde3ac839b3c878b4154c1967c8a34f4817216596845c2e789c4f7548bce1b599d9f930069d57ad6b3de7d3341a5084ce23c589d5af767503a8526c08f0f47b1ccd8661f72a3fd12495c3d450e4f118533ceb631872178bfee08ea197cdfa13d029122e0fd3f1b7cb3141fc244c1b6d3bbcd5ab1487b44d89efa27ac8f7c40cd59c90a570966a06be812c649a925980b0bb879238e2e6d9a91daec60ddcb11f3483dcc36344469f992a037952bf7c924891cca9a5851c9a741a71f8171b27e88e27dddb007a068ccbd5f1c2ac4fcbecca3fd363273946c564bb896f6f7f26bd509087d480008c7ae614a6b533759e23864dc7dc490c3e5191917d93366a45b4995514ec976bde83c3b17896081de2fab0d7c5f57ae66ca498f8818aa1d7943d36411bfd85676cf6697b6c0ff8eb27fdd6d56ef5c38c742ddd1704eaffdc5cafa378eeb5b13696a10f93f7258940e0336e0d6c96ea71c29eaf664a6202330bc322f8e1a371ca8df9c328fbf7dad6d72a458566bd1f1d9bb713ace137279dcfb53f880a6416d50a6b26bfac0f52c68308b01bf71d34b1ae9c29f14bb9cc3ce5e217cbb938e8be1a2e18b75e49faa8cf09eaf4558d97dc1ecd77a99a9ba637d10f6d8fe97e88b6a6bf978f9c9d32fadb611d64c0948997f37566e7d8759c122acedcba8df0a3d5da6f3aa75943d9e4ae2f81e56a83caa7c8d6822b36cade2d34a6a62aa8cc27cd1b189841bcbd24a31552d64f62d85e38e9c4db5e183b988b881eaa78df010410ac6ea64f934d2ecef00f2536e597fe1685ad048bd716a65b6d145ed002dc4234ddce42ba2a71da36f7145867d6a3fd5312006de48fb4f3df70db12a9d6a649b3e976b3fb7fb12ba58254da435d7728cdf90696129e44b4bc8c71043fb66c5a77cb07f5fb80155177219dd90511e0138d4a0d14792cb5ff4741a0d6377cef487383d232ecc59b9ebd54391e022fd2aaff49180ea658f617f4bb9f32fc2364608994e9ffb9a5bfe7c1a40dcc423bfd063d0330ae39096595f607b1feae0a312bf39db1f7924b7308f693db8a644cc6d289af838ce86d671f8a03e3b25ea9cec71046620086a5888a5ac07d3773d34d5143688f330939d4d84b8ba379b32b625264c5b49acd20c48b6478525d7ddc062a2fbe02cc558c409fad0b65988a906cc1ab400a8b457ef36125ac4be881866f60bf4d60db20ea91696d546d0edcd7d6b1e57b98d2d6da21b2d79e508cb657826e35852088c0e3b895f540e3de94c3628102229630dcba6247723479f8cea4a81ef9e67ff2ae27c515c7bac317aa2f59a00b9fb5f6df7ab0ae42ce67600a1232387c4fc8cfaa807731ffa6a09d38f90d410a9e33ccee1f002599b94282fc41a795e0f0cd5cb677e395d7a752d210a92aef5b485c2b19ffb7ccf5cc3ee2d990c6a3434c17afedd8aaa7439c3484edb7c73aeb32680fef94edd708eb41aae5debe0c9b214bbf5b6a2d0d21f15b03f802ff1ecfa76cceb4ada9083948b5f945d92b9b7342bdd7b533550ceb6e7fdc15b910b8837397e77b850d260a30d60c61611397f8751f38c0eb241d09f1d41904991eb01d7d7204f072c0e1cc45b2a6f7a0b334ca2114235af4849a91d9a2613924fed10183b4ef78cf08ef7a8d3ffa6441c8ed5918c9f19df01832494f77add69de662496ac0b5e9c3802cec6bb8162aaa9c3e30c0929567ba8c5984e9181a4a81c62eb82e7a6d51fe5bba8f76ce6d963e8f1fdf4f53f05860233fdc0514b94d0336a215f642457d5450e8a7b7bbdf1d1dbda41c1148a36cbad5ef49e515b266acc2b369deead50426f7add6164734cd06c66e93e1495dca8fc6eafa6d4ccb3fcede77b15a090d64683670481ef8990729b13928343c62d565ac58126b73a897f7d1bde6e64ab36a91bdb959b141088b9845f925eb9321eb5f386ccfd8f8e652c361993c81ff7af83e2397f15643178193cd27eaf155be8f94eb740c2f97166bab3b80558eac789cad5102769814ed38494f2e8f044f0a7bb86eb5fbdf26c98bd003732e63a40e7091513ddf9537f83345fda6b0a946e09f7a2ded815a7994ed005c82bac892696f00000000"], 0x0)

5m32.600441466s ago: executing program 2 (id=52):
mknodat$loop(0xffffffffffffff9c, 0x0, 0xc000, 0x0)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
gettid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100002e00010000000800fcdbdf250301f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8ae6c29be0400e900004109d7088681ce5c434701f1336896c82f24f9d8fd5484ecdd7d3932"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r5, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r5], &(0x7f0000000200), &(0x7f00000000c0)=[r6], &(0x7f0000000040), 0x0, 0x300})
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x34044841}, 0x800)

5m32.124304092s ago: executing program 2 (id=56):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x400000040000006, 0x400a00)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x2, 0x0)
memfd_create(&(0x7f0000000600)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb1\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00W?$^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xf7\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x18\xe2\x9f\xd9\xae\xe19/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x1b\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\as\x88\xc6\xe0Z%\xca\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4\xfa\x12[\xf9\ry\xc2\vSl\xd6\xdb\x94|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9m\xe9\"\x03\x933p\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hC\n\x00\x00\x00\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\f\xeaH\xd8cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x00\x00\x00\x00', 0x6)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00'})
bind$can_j1939(r3, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x7c, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x36, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random=0x8, 0x1, @void, @val, @val={0x3, 0x1, 0x84}, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0xa, 0x68}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HE_OBSS_PD={0x10, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0xd}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x7c}}, 0x0)

5m31.166303721s ago: executing program 33 (id=56):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x400000040000006, 0x400a00)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x2, 0x0)
memfd_create(&(0x7f0000000600)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb1\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00W?$^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xf7\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x18\xe2\x9f\xd9\xae\xe19/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x1b\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\as\x88\xc6\xe0Z%\xca\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4\xfa\x12[\xf9\ry\xc2\vSl\xd6\xdb\x94|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9m\xe9\"\x03\x933p\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hC\n\x00\x00\x00\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\f\xeaH\xd8cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x00\x00\x00\x00', 0x6)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00'})
bind$can_j1939(r3, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x7c, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x36, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random=0x8, 0x1, @void, @val, @val={0x3, 0x1, 0x84}, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0xa, 0x68}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HE_OBSS_PD={0x10, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0xd}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x7c}}, 0x0)

15.474558231s ago: executing program 0 (id=963):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000380)="67609f1bc76b660c7f522543621903dbd6dfb1322eb58ade49f7f6873e8c5b3a1e47a60fb805cbdca74d2ef9be337149a65b0c074f4b1001eff7a36fd2627258a02a3b46aba1f0f5f27cca55a28ffd26acca165107f55e8dfc020f192c7931515be26928a4af6654", 0x68)
socket$key(0xf, 0x3, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b031404e0ff640f020047540ff6a13bb1000e04080008004803", 0x10f6c, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)
timerfd_create(0x8, 0x800)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x2)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x31, &(0x7f0000001600), 0x4)
socket$netlink(0x10, 0x3, 0x8000000004)

13.263266738s ago: executing program 0 (id=968):
r0 = syz_usb_connect(0x3, 0x10e, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006a249f08ec1888323a3f010203010902fc0001870000000904e6"], 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x940, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_usb_control_io$hid(r0, &(0x7f00000007c0)={0x24, &(0x7f0000000600)={0x40, 0x1, 0x67, {0x67, 0x1, "9e06418d0ceaf0a99778acf1e92076f887d322e863423d6fb50b6e17e1f0e99576ec4e5bec1d3543dfd52027e3d8bc08854db3c5b3b4d9e5c6cf25388cad515fd62ee51e089959fc3ea5d1ea72d863c7ba33654809422458db16fe929dd58ba4dd9f15ed27"}}, &(0x7f0000000680)={0x0, 0x3, 0xb2, @string={0xb2, 0x3, "ba3ceb1fe18d7ff27ecf23131bf2a9072e51879161268c8562c37ace3a03e954ab4031c9020f0c2040436339ae9147ec0eb759f6cdc132feb766e76661cac914d6054abf40a41d51b9c45a518322503b7db141cfc70fe23f37d0d6fc9d8de3296c548ffe045290d5a06ca7e51a8946e20fce414bbc101b17f433a4031cf01a4a02c16a0c0eb81ab0ca4e5f2aae00f0b3f2ea5f1f17bb73f3b29eefa3db03ce33ca001210666250a5b6b2902a9d04e5ef"}}, &(0x7f0000000740)={0x0, 0x22, 0x1b, {[@local=@item_4={0x3, 0x2, 0x4, "e4f09897"}, @local=@item_012={0x2, 0x2, 0xa, "a2b5"}, @local=@item_012={0x1, 0x2, 0x3, "13"}, @global=@item_4={0x3, 0x1, 0x5, "6d58f2f8"}, @local=@item_4={0x3, 0x2, 0x5, "90d73369"}, @global=@item_012={0x1, 0x1, 0x5, "d9"}, @main=@item_4={0x3, 0x0, 0xc, "7b24df18"}]}}, &(0x7f0000000780)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1000, 0xb, 0x1, {0x22, 0x541}}}}, &(0x7f0000000a40)={0x2c, &(0x7f0000000800)={0x40, 0x16, 0xe5, "8463e57fb2cd2bf8d470f3fc070c3d0accf4a63dbda0cbe97abe992a47df0c662ed25ed1edd4f0ade1ad68599f15f82b671d308df1573089e9a7a5a8435b423162e9963a3d5eb6d4e674386bae1773265c97b7478880ea4b283086d28c1a66a985ab6a4f9f3d980acbcc39e9567269af48dbe0f60eec8c91e5a5df866b7749de5308ed408cb61d62dbc015e4744cdd9f0ae2dca6a1342ab81ff415f3ff30cad5af0b78b2d2aa145cbf724bda6a14988caf667fb1e1d53b807029924c4878a78e119c68de5516e82e3a45bd370aa99a766ad29c7708b88080cbe1f010c24d12fd82859dc2b7"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000980)={0x20, 0x1, 0x74, "804d31b8401a926404bd39caaf38b93c78711c765488acd8c9408a0b12f1b34903874b2627377941de6fe07004c4ff59ef46ffc524c490bc2bc71c6ab143cee74bf96b0fbe60da68a545bff685aa599b00b005732333f1d5f62fd4bd69bde74c5ab50c99babe3b1f799c781a83337cd7faaac22e"}, &(0x7f0000000a00)={0x20, 0x3, 0x1, 0x7}})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000000b80)=[{{&(0x7f0000000000)={0xa, 0x4e26, 0x40000, @private0}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000340)='P', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r4, 0x1)
setsockopt(r4, 0x84, 0x82, &(0x7f00000002c0)="1af3050000f20800", 0x8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000bc0)={0x0, 0x0, 0x2, 0x0, '\x00', [{0x5699, 0x9, 0x101, 0x2, 0x6}, {0x0, 0xa, 0x2, 0x10, 0x80000000, 0x100000000}], ['\x00', '\x00']})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000a80)={'team0\x00', <r5=>0x0})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x10, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x9, 0xd2, &(0x7f0000000340)=""/210, 0x41000, 0x1, '\x00', r5, @sk_skb=0x4, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x2, 0x7f, 0x66}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, &(0x7f0000000480)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, r1, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f00000004c0)=[{0x1, 0x4, 0x1, 0x2}, {0x4, 0x2, 0x9, 0x6}, {0x2, 0x800005, 0x9, 0x3}, {0x10001, 0x4, 0x2, 0x8}], 0x10, 0x8, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x39}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x2, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r7 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r7, r8, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f00000005c0))

12.214181801s ago: executing program 3 (id=970):
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {0x1}, @result={0xffffffe0, 0xfffff001}}], 0x1c)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{}], 0x1}, 0x0)
syz_pidfd_open(0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x0, 0xb, 0x10, 0x5, 0x0, 0x10001, 0x0})
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000eaffffff83000040"])
syz_clone3(&(0x7f0000000200)={0x280c200, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_open_dev$dri(&(0x7f0000000740), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r4, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000200)='1{4', 0x3, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r4, 0xc00464be, &(0x7f0000000180)={r5})
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0xffff, 0x9, 0x2, 0x401}]})
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0x1}, 0x6)
write$bt_hci(r6, &(0x7f0000000040)=ANY=[], 0x6)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000080)={0x5, 0x2, 0x2})
ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f00000000c0)=0x3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
accept$ax25(r9, 0x0, 0x0)
ioctl$KDGETKEYCODE(r8, 0x4b4c, &(0x7f0000000100)={0xad76, 0x3})

10.155593039s ago: executing program 3 (id=976):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$swradio(&(0x7f0000000a00), 0x0, 0x2)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x4)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000180)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @local}}, 0x42)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
shmdt(0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0xffffffff, 0x0, &(0x7f0000000000), 0x1, 0x1}]})
syz_emit_vhci(0x0, 0x15)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5})
iopl(0x3)
accept$ax25(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

8.65343301s ago: executing program 3 (id=980):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x7, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r4}, 0x10)
listen(r3, 0x3)

8.560011135s ago: executing program 1 (id=982):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size', 0x280, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_MAC_ACL(r4, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r1, 0x600, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x1, 0x1f}}}}, [@NL80211_ATTR_MAC_ADDRS={0x10, 0xa6, 0x0, 0x1, [{0xa}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x2}, 0x14)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x4, 0x7, 0xfff, 0x3bf5, 0x9, 0x6, 0x5, 0x0, 0x4, 0x1800000000000, 0x2627677c, 0xfffffffffffffffc, 0x0, 0xfbe, 0x4, 0xcccb7b3], 0x4, 0x80})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x34, r1, 0x1, 0x3, 0x0, {{0xa}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_IDX={0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48881}, 0x40)

7.648442527s ago: executing program 6 (id=983):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000200)={0x2, 0x7, 0x3, 0x6, 0x4, 0xe, 0x81, 0xf, 0x80, 0xf9, 0xa, 0x7f, 0xf, 0x1}, 0xe)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, 0x0, 0xc004)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x51, [0xd4, 0x6, 0x9, 0x8a4, 0x2, 0x2, 0x80000002, 0x80000001, 0x5, 0x1, 0x101, 0x3c6, 0x7, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x0, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0x6, 0x2, 0x5, 0x9, 0x5, 0x9, 0x0, 0x3a20, 0x1000, 0x8, 0x1, 0x6, 0x7ff, 0xb8547355], [0x80000000, 0xffffffff, 0x4, 0x5, 0x80000000, 0x1, 0x553, 0x6, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x4, 0x99d, 0x8, 0x5, 0xd, 0x400, 0x0, 0x6e38, 0x8000, 0xa, 0x2, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40, 0x1, 0x8, 0x5, 0x9, 0x0, 0x34f1, 0x10, 0x4, 0x1b2c5a17, 0x0, 0x9, 0xc, 0x77c8cac8, 0xffffffff, 0x1004, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0xae, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x20000800, 0x7, 0x9, 0x1, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x9, 0x8c0, 0x109, 0x2, 0xa, 0x7, 0x7, 0xfffffffa, 0x81, 0x8, 0xffffff20, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x5, 0x10], [0x0, 0x897, 0x8, 0x246a, 0x6, 0x101, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x2, 0x7ff, 0x3ff, 0x0, 0x2, 0x6, 0x100, 0x1, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0xd, 0x0, 0x4, 0x100009, 0x100, 0x3, 0x5, 0x1000, 0x5, 0x2, 0x15, 0x8000, 0x7, 0x85, 0x5, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000060000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r1, 0x8940, 0x0)
prlimit64(0x0, 0x6, 0x0, 0x0)
getpid()

7.303450925s ago: executing program 3 (id=984):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="3d25ab325b19c4cbd00170850800", 0x0, 0x9, 0x0, 0x6c, 0x0, 0x0, 0x0}, 0x50)

6.634080164s ago: executing program 0 (id=985):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
io_setup(0x3, &(0x7f0000000180))
bind$inet(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x0)
userfaultfd(0x1)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pkt_type_change={{0x1d, 0x5}, {0x2, 0xc9, 0x1}}}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03008400000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200180100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000ec000380e8000080d00001"], 0x1ac}}, 0x0)

6.538753017s ago: executing program 1 (id=986):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x25}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x900, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x74, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x9, 0x6}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x4}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8}, @NFTA_CT_KEY={0x8}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xe4}}, 0x0)

6.490535885s ago: executing program 5 (id=987):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000d40)=@newlink={0x54, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4700c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xa, 0xd97, 0x5}}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x9}]}, 0x54}, 0x1, 0x700, 0x0, 0x1}, 0x0)

5.744119366s ago: executing program 3 (id=988):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r0, 0x101, 0x1, &(0x7f0000000100)=0xfffffffb, 0x4)

5.593757564s ago: executing program 0 (id=989):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/441], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0x2, 0x10, 0x8, 0x0, 0x0}}, 0x10)

5.550948025s ago: executing program 1 (id=990):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000100)={0x20, 0x0, 0x341, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f655800000000000007000000", @ANYRES32=r2, @ANYBLOB="40005200060010"], 0x24}, 0x1, 0x0, 0x0, 0x4004810}, 0x0)

5.550562439s ago: executing program 6 (id=991):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0xfffe}}, 0x14}, 0x1, 0x0, 0x0, 0x2400c0c0}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0xe, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)=""/4, 0x4}], 0x1}, 0x4}], 0x1, 0x40000121, 0x0)

5.466657729s ago: executing program 5 (id=992):
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0)
splice(r0, 0x0, r2, 0x0, 0x200000000001, 0x0) (fail_nth: 4)

5.382124366s ago: executing program 0 (id=993):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000ac0)={{0x2, 0x0, @multicast2}, {}, 0x2a, {0x2, 0x0, @empty}, 'bond_slave_1\x00'})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={0x0, 0xffffff81}, 0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200), 0x8)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socket$inet6_udp(0xa, 0x2, 0x0)
iopl(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = epoll_create(0x917)
epoll_wait(r5, 0x0, 0x0, 0x9)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000100)="7d1068a421f05f384340", 0xfcb3)

5.371678592s ago: executing program 3 (id=994):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r4, 0x0)
write$UHID_INPUT(r3, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r5 = open$dir(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xe8100, 0x20)
symlinkat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r5, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_usb_connect(0x3, 0x10e, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006a249f08ec1888323a3f010203010902fc0001870000000904e67e350e010000062404"], 0x0)

5.288044441s ago: executing program 1 (id=995):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000ac0)={{0x2, 0x0, @multicast2}, {}, 0x2a, {0x2, 0x0, @empty}, 'bond_slave_1\x00'})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={0x0, 0xffffff81}, 0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200), 0x8)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socket$inet6_udp(0xa, 0x2, 0x0)
iopl(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create(0x917)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000100)="7d1068a421f05f384340", 0xfcb3)

4.955979689s ago: executing program 5 (id=996):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000880)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x20000005, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x409, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', 0x0, 0x8080, 0x0)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000200))
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01bf061438b1fd685b241f002dbd7000", @ANYBLOB="14005e80080002000000000008000100"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)

4.115150962s ago: executing program 6 (id=997):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9c000000190a01020000000000000000000000000900010073797a30000000070c000640000000000000000100000580080001400000a23c08000140000000320800024000000007080001400000002f0900020073797a300000000020000740d07d45b2ea3eec53a10c6b79cc855cf3348d80c823b4913af25a90a908000a400000000208000a4000000000040005800900010073797a30"], 0x9c}}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
dup(r7)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c})

4.002982246s ago: executing program 5 (id=998):
r0 = socket$xdp(0x2c, 0x3, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
mmap$xdp(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x11, 0xf, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014002000b70300000000000085000000d4000000bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0xffe, &(0x7f0000000180)=""/4094, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94)

3.151885934s ago: executing program 5 (id=999):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0xf00, &(0x7f00000009c0)=ANY=[], 0x2e8}}], 0x2, 0x0)

2.985117181s ago: executing program 1 (id=1000):
r0 = memfd_create(&(0x7f0000000e80)='prodM\xb0\xea\a\x06\xbe\xaeJ:]\xbb\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\xae\x00\x00\x00\x00\x00\xff\x04\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5U\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KB\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>-\x00\x00\x00\x00\xc8X\xdaNz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x00\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[R\xc36b\xa2]\xed\xe8\xb0\xfa\"\xa2\xd27)\xd5yQ\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x99\xc5{&\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\x061] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x00P\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8fC\x91W\xadi\x00\xf2k\xd5v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x1a\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\xf0V\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\xf6]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1n 1\x8d \xc1\xaf\x19\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16\x00\x00\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xd2\a\aR\xba\xae-q\xe0\xe5a\xdd7\xb8\x1b\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xf2\xb5K\x03\x85\x92k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00KT\"0\x16=\x10\xd3\x9a\xf0\xb7\x00\x00\x00\x00\x00\x00\x00UXZ\xf4\xd1+\aO\xa7E\xee-=U\xa7\xa4D\xf9<]v\xe4~-o=\x04\xc0\xabs\x99\xc0\x96\xfe\"\x88\xf8S\x8eG\x0f\xfec\xd6\n\x8cN6\r\xbf[\f\xa3\f\x80\x99\x1f\xa1\xcd\xcd\x81\xe7\x97\xec\xa6\x14l[$qpG\xff\x93\xf6\x18\xf8\xdfy\x98\n/\x18S%\x02;\x13L\xc7A\xfb\xd6\x9c\xe2\xe4,\xdd\xf9E\xb8\xe5c\xc3\n\x97^b\xddL\xb7\xcf\x11\xfe\xa1\xd6\x9c\x1a\x103]/\xd8\xcc\xc9\xee2\x9aaI<\xfd\x80\x17\x1b\xe3IJ\x9f\xfa8\xe9\x99E\xa1\x10\x10FVj0\xdc\xbd\xd4@e.\xe6l\xda)\\\xcen\xbab\x9aJ\x802\xfb\xac@\x1b\x9d!\x1e\x95\xcd@\xda\xb2!\x90\x9b\xeay\xcd#\xae\x9a\xc2\r\xee\x0e\x13\x1fh', 0x3)
fcntl$addseals(r0, 0x409, 0x1a)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x1, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'sit0\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0585605, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xffffd6c0}, 0x38)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000740)=ANY=[@ANYRESHEX=r3, @ANYBLOB="598e8389f32246438ece71d797372d21e60e7b108b32b52f54b239bc16eda9df27f599cb226335f56cc7c1d705", @ANYRES32], 0x60)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r6=>0x0})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @local, @private1, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x4400046, r6})
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00'})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050000000000000000000000001000000002"], 0x30}, 0x1, 0x11}, 0x0)

2.864633461s ago: executing program 6 (id=1001):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50000000020201020000ffffff8800000a0000003c0002802c00018014000300fc0000000000000000000000000000001400040000000000000000000000ffffffffffff0c000280050001000000000096cb1675832d69e25f1b13630feab557b9b4"], 0x50}}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20)

2.74798356s ago: executing program 5 (id=1002):
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000000000)={0x0, 0xe, &(0x7f0000000240)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0x0, 0x99, {0xf, 0x31}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_PMKID={0x14, 0x55, "9ccb910466fa24f96c59de2016f713fd"}]}, 0x3c}}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r0}})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x400, 0x4800103e, r6, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'sit0\x00', 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c8c1}, 0x1)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102392, 0x18ff8, 0xffffffffd)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000010006ea92ffffffffffffff0000000000000000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYBLOB="040000000400"/28], 0x48)

1.575578478s ago: executing program 6 (id=1003):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/441], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0x2, 0x10, 0x8, 0x0, 0x0}}, 0x10)

1.507223308s ago: executing program 1 (id=1004):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
pipe(0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0x9f8, 0x4)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x7ffff000, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000001400)={0x8, 0x151}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x82)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r2)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0x1}, {0x0, 0x2}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x40040)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x400c914)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x1, &(0x7f0000000100)=0xfffffffb, 0x4)

801.856659ms ago: executing program 0 (id=1005):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x80)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@updpolicy={0xb8, 0x19, 0x1, 0xffffffff, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0xe7}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x4000090)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x80ff}}}, 0xb8}}, 0x0)

0s ago: executing program 6 (id=1006):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xf5}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1d}]}, @NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0)

kernel console output (not intermixed with test programs):

 usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  109.865622][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  109.875942][ T3644] usb 2-1: device descriptor read/8, error -71
[  110.049064][   T10] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  110.064468][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  110.080136][   T10] usb 4-1: config 0 has no interface number 1
[  110.099624][   T10] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  110.118042][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  110.134874][ T3644] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  110.157344][   T10] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  110.174122][ T3644] usb 2-1: device descriptor read/8, error -71
[  110.174337][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  110.189089][   T10] usb 4-1: SerialNumber: syz
[  110.223252][   T10] usb 4-1: config 0 descriptor??
[  110.243806][   T10] usb 4-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  110.250889][   T10] usb 4-1: No valid video chain found.
[  110.288612][ T3644] usb usb2-port1: unable to enumerate USB device
[  110.361834][ T5989] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  110.414035][ T5989] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  110.455238][ T5989] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  110.477084][   T10] usb 4-1: USB disconnect, device number 4
[  110.490045][ T5989] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  111.427687][ T6117] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  111.650157][ T6117] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  111.698626][ T6117] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  111.727477][ T6117] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  112.404709][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.447267][ T5989] 8021q: adding VLAN 0 to HW filter on device team0
[  112.475000][  T992] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.482202][  T992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.495046][ T5864] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  112.552182][ T6280] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.559401][ T6280] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.655115][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.663783][ T6382] netlink: 10 bytes leftover after parsing attributes in process `syz.3.109'.
[  112.678476][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.720164][ T5864] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  112.734434][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.812381][ T5864] usb 1-1: config 0 descriptor??
[  112.865961][ T6117] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.952339][ T6117] 8021q: adding VLAN 0 to HW filter on device team0
[  113.020481][ T6280] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.027744][ T6280] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.107796][  T992] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.115008][  T992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.519671][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.903509][  T975] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  113.976819][ T6117] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.082964][  T975] usb 2-1: Using ep0 maxpacket: 16
[  114.101495][  T975] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  114.137999][  T975] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.156761][  T975] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  114.194478][  T975] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  114.209027][  T975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.232183][  T975] usb 2-1: Product: 
[  114.238448][  T975] usb 2-1: Manufacturer: 淃谲훀찯媦과ꑤ乔ᐢ䔿佲萸뺋꽟㸙峼╝쪫録
[  114.250065][  T975] usb 2-1: SerialNumber: 횉钃䜿ፌ뢞ḟꙊ༖䗠흻蝏韫□꥗㡛箣瀘ល暽쥦諧鸷ⷊ쀗錍ႚ鎔ꥩ蝺憉뛅걕ル첃្佴⵮떇륗䐺笿৒ᯃﾶ懲賑橅뒇낔̧ㄆ蹨蛏鈰黜፧ﰢ뛙陷Ɥ왼뿉˨녡❶ᯫᮺ렒鹪쿦屼쌆樤⍵蓖鴀祰顮펼渺䑲砣猐踖䩟ꥭ苉䭖숓ᩓΘ匂굆ꬫ纙陓ő㧽視郏⥾曮ṻ￙틊픊
[  114.459402][ T5989] veth0_vlan: entered promiscuous mode
[  114.519191][ T5864] usb 1-1: string descriptor 0 read error: -71
[  114.542047][ T5864] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71
[  114.580014][ T5989] veth1_vlan: entered promiscuous mode
[  114.615553][ T5864] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71
[  114.672759][ T5864] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71
[  114.707421][ T5864] uclogic 0003:256C:006D.0001: failed probing parameters: -71
[  114.734038][ T5864] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71
[  114.761191][  T975] usb 2-1: 0:2 : does not exist
[  114.793624][ T5864] usb 1-1: USB disconnect, device number 4
[  114.934589][ T5989] veth0_macvtap: entered promiscuous mode
[  114.942858][  T975] usb 2-1: USB disconnect, device number 10
[  114.959113][ T5989] veth1_macvtap: entered promiscuous mode
[  115.175844][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.527524][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  115.614829][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.724340][ T5989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.768908][ T5989] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.803081][ T5989] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.815697][ T5989] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.917051][ T6117] veth0_vlan: entered promiscuous mode
[  116.214563][ T6117] veth1_vlan: entered promiscuous mode
[  116.847788][ T6459] netlink: 'syz.0.114': attribute type 1 has an invalid length.
[  116.855811][ T6459] netlink: 224 bytes leftover after parsing attributes in process `syz.0.114'.
[  116.865903][ T6459] workqueue: Failed to create a rescuer kthread for wq "phy4": -EINTR
[  117.060387][ T5955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.088623][ T5955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.140636][ T6117] veth0_macvtap: entered promiscuous mode
[  117.180562][ T6469] netlink: 104 bytes leftover after parsing attributes in process `syz.3.118'.
[  117.256591][ T6117] veth1_macvtap: entered promiscuous mode
[  117.308096][ T6283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.310299][ T6117] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.357075][ T6283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.416423][ T6117] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.439989][ T6117] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.467387][ T6117] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.747690][ T5829] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  117.747860][ T5829] Bluetooth: hci2: Malformed Event: 0x2f
[  118.093297][ T6117] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.102049][ T6117] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.186313][ T6478] ip6tnl1: entered promiscuous mode
[  118.191644][ T6478] ip6tnl1: entered allmulticast mode
[  118.200250][ T6478] team0: Device ip6tnl1 is of different type
[  119.281953][ T6283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.297001][ T6283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.498845][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.507767][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.544689][ T6494] bridge0: entered promiscuous mode
[  119.550248][ T6494] macvlan2: entered promiscuous mode
[  119.823224][ T6494] bridge0: port 3(macvlan2) entered blocking state
[  119.847296][ T6494] bridge0: port 3(macvlan2) entered disabled state
[  119.882460][ T6494] macvlan2: entered allmulticast mode
[  119.916595][ T6494] bridge0: entered allmulticast mode
[  119.959823][ T6494] macvlan2: left allmulticast mode
[  119.987753][ T6494] bridge0: left allmulticast mode
[  120.019785][ T6494] bridge0: left promiscuous mode
[  120.129202][ T6497] wg2: entered promiscuous mode
[  120.165346][ T6497] wg2: entered allmulticast mode
[  120.586983][ T6513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.129'.
[  120.741132][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.6.130'.
[  120.785956][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.6.130'.
[  120.893629][ T6527] netlink: 8 bytes leftover after parsing attributes in process `syz.0.132'.
[  121.476087][ T6542] hugetlbfs: Bad value '%' for mount option 'size'
[  121.476087][ T6542] 
[  121.608723][ T6548] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  122.717244][    C1] hrtimer: interrupt took 37819 ns
[  123.425718][ T6564] program syz.1.142 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  123.570032][ T6573] netlink: 20 bytes leftover after parsing attributes in process `syz.5.146'.
[  123.588942][ T6573] bridge0: entered promiscuous mode
[  123.597159][ T6573] bridge0: left promiscuous mode
[  123.726086][ T6579] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  124.713052][ T5868] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  124.985953][ T5868] usb 1-1: config 0 has an invalid interface number: 113 but max is 0
[  125.023718][ T5868] usb 1-1: config 0 has no interface number 0
[  125.060554][ T5868] usb 1-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=98.2a
[  125.071556][ T6604] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.082818][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.090838][ T5868] usb 1-1: Product: syz
[  125.122730][ T5868] usb 1-1: Manufacturer: syz
[  125.132940][ T5868] usb 1-1: SerialNumber: syz
[  125.158498][ T5868] usb 1-1: config 0 descriptor??
[  125.186304][ T6604] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.330183][ T6610] team0: No ports can be present during mode change
[  125.531500][ T6612] (syz.5.157,6612,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  125.540286][ T6612] (syz.5.157,6612,0):ocfs2_fill_super:1177 ERROR: status = -22
[  125.561534][ T6617] netlink: 32 bytes leftover after parsing attributes in process `syz.1.158'.
[  126.283417][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  126.464232][    T9] usb 6-1: Using ep0 maxpacket: 32
[  126.498013][    T9] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  126.527729][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.565363][    T9] usb 6-1: Product: syz
[  126.569568][    T9] usb 6-1: Manufacturer: syz
[  126.602665][    T9] usb 6-1: SerialNumber: syz
[  126.604934][ T3644] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  126.623249][    T9] usb 6-1: config 0 descriptor??
[  126.655763][    T9] rtl8150 6-1:0.0: couldn't find required endpoints
[  126.683014][    T9] rtl8150 6-1:0.0: probe with driver rtl8150 failed with error -5
[  126.732431][ T6639] netlink: 28 bytes leftover after parsing attributes in process `syz.1.162'.
[  126.778041][ T6639] netlink: 'syz.1.162': attribute type 7 has an invalid length.
[  126.802497][ T6639] netlink: 'syz.1.162': attribute type 8 has an invalid length.
[  126.842661][ T3644] usb 7-1: Using ep0 maxpacket: 8
[  126.862877][ T6639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.162'.
[  126.891556][ T3644] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  126.917351][ T3644] usb 7-1: config 0 has no interface number 0
[  126.926089][ T5868] snd_usb_variax 1-1:0.113: Line 6 Variax Workbench found
[  126.968176][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  127.014669][ T5868] usb 1-1: selecting invalid altsetting 1
[  127.020588][ T5868] snd_usb_variax 1-1:0.113: set_interface failed
[  127.024531][ T6639] team0: entered promiscuous mode
[  127.085520][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  127.126794][ T5868] snd_usb_variax 1-1:0.113: Line 6 Variax Workbench now disconnected
[  127.218214][ T3644] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  127.222243][ T6639] team_slave_0: entered promiscuous mode
[  127.235454][ T5868] snd_usb_variax 1-1:0.113: probe with driver snd_usb_variax failed with error -22
[  127.238757][ T5868] usb 1-1: USB disconnect, device number 5
[  127.318290][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  127.346753][ T6639] team_slave_1: entered promiscuous mode
[  127.471218][ T3644] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  127.495613][ T6009] udevd[6009]: setting owner of /dev/bus/usb/001/005 to uid=0, gid=0 failed: No such file or directory
[  127.514187][ T6639] bond0: entered promiscuous mode
[  127.540618][ T3644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.560907][ T6639] bond_slave_0: entered promiscuous mode
[  127.569008][ T6639] bond_slave_1: entered promiscuous mode
[  127.578434][ T6639] gretap0: entered promiscuous mode
[  127.596926][ T3644] usb 7-1: config 0 descriptor??
[  127.602930][ T6639] 8021q: adding VLAN 0 to HW filter on device hsr1
[  127.628281][ T3644] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  127.754060][ T6649] netlink: 'syz.3.164': attribute type 1 has an invalid length.
[  127.762141][ T6649] netlink: 224 bytes leftover after parsing attributes in process `syz.3.164'.
[  127.920418][ T3644] usb 6-1: USB disconnect, device number 2
[  128.386676][    T9] usb 7-1: USB disconnect, device number 2
[  128.471379][    T9] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  129.778775][ T6681] tmpfs: Bad value for 'nr_blocks'
[  129.985953][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.5.170'.
[  130.152487][ T6690] lo speed is unknown, defaulting to 1000
[  130.159561][ T6690] lo speed is unknown, defaulting to 1000
[  130.173559][ T6690] lo speed is unknown, defaulting to 1000
[  130.218737][ T6690] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  130.340985][ T6690] infiniband s�z0: RDMA CMA: cma_listen_on_dev, error -98
[  130.521242][ T6690] lo speed is unknown, defaulting to 1000
[  130.529567][ T6690] lo speed is unknown, defaulting to 1000
[  130.596848][ T6684] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.605463][ T6684] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.654238][ T6690] lo speed is unknown, defaulting to 1000
[  130.661778][ T6690] lo speed is unknown, defaulting to 1000
[  130.669427][ T6690] lo speed is unknown, defaulting to 1000
[  132.397871][ T6712] netlink: 8 bytes leftover after parsing attributes in process `syz.6.178'.
[  132.756205][ T6721] netlink: 'syz.1.179': attribute type 1 has an invalid length.
[  132.764466][ T6721] netlink: 224 bytes leftover after parsing attributes in process `syz.1.179'.
[  132.781153][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  134.400843][ T6755] capability: warning: `syz.3.173' uses 32-bit capabilities (legacy support in use)
[  134.734076][ T6762] siw: device registration error -23
[  137.612848][ T6799] netlink: 'syz.0.196': attribute type 1 has an invalid length.
[  137.620521][ T6799] netlink: 224 bytes leftover after parsing attributes in process `syz.0.196'.
[  138.072487][ T6805] tipc: Started in network mode
[  138.146392][ T6805] tipc: Node identity 0000000000002d000000000000000001, cluster identity 4711
[  138.232866][ T6805] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  138.634871][ T6821] Cannot find add_set index 0 as target
[  140.287795][ T6824] bridge0: entered promiscuous mode
[  140.386354][ T6824] macvlan2: entered promiscuous mode
[  140.434952][ T6824] bridge0: port 3(macvlan2) entered blocking state
[  140.483035][ T6824] bridge0: port 3(macvlan2) entered disabled state
[  140.597304][ T6824] macvlan2: entered allmulticast mode
[  140.633574][ T6824] bridge0: entered allmulticast mode
[  141.181913][ T6824] macvlan2: left allmulticast mode
[  141.220733][ T6824] bridge0: left allmulticast mode
[  141.237084][ T6824] bridge0: left promiscuous mode
[  141.438771][ T6827] wg2: entered promiscuous mode
[  141.452821][ T6827] wg2: entered allmulticast mode
[  141.512397][    C0] Unknown status report in ack skb
[  141.641129][ T6846] lo speed is unknown, defaulting to 1000
[  143.035041][ T6870] netlink: 72 bytes leftover after parsing attributes in process `syz.5.212'.
[  143.628995][ T6887] netlink: 'syz.5.216': attribute type 1 has an invalid length.
[  143.636788][ T6887] netlink: 224 bytes leftover after parsing attributes in process `syz.5.216'.
[  144.434234][ T6879] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.442576][ T6879] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.080335][ T6879] bridge0: entered allmulticast mode
[  145.155258][ T6895] bridge_slave_1: left allmulticast mode
[  145.185904][ T6895] bridge_slave_1: left promiscuous mode
[  145.218149][ T6895] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.320748][ T6912] netlink: 20 bytes leftover after parsing attributes in process `syz.5.220'.
[  145.330070][ T6912] netlink: 20 bytes leftover after parsing attributes in process `syz.5.220'.
[  145.340488][ T6912] netlink: 204 bytes leftover after parsing attributes in process `syz.5.220'.
[  146.041664][ T6895] bridge_slave_0: left allmulticast mode
[  146.625734][ T6895] bridge_slave_0: left promiscuous mode
[  146.757102][ T6895] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.159787][ T6941] xt_ecn: cannot match TCP bits for non-tcp packets
[  150.252942][ T6947] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  150.261255][ T6949] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  150.448003][ T6958] netlink: 'syz.0.230': attribute type 1 has an invalid length.
[  150.456530][ T6958] netlink: 224 bytes leftover after parsing attributes in process `syz.0.230'.
[  151.089367][ T6976] netlink: 'syz.5.231': attribute type 1 has an invalid length.
[  151.098089][ T6976] netlink: 224 bytes leftover after parsing attributes in process `syz.5.231'.
[  153.633201][ T7014] IPv6: NLM_F_REPLACE set, but no existing node found!
[  153.856196][ T7020] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  155.341255][ T7035] (syz.1.245,7035,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  155.349882][ T7035] (syz.1.245,7035,0):ocfs2_fill_super:1177 ERROR: status = -22
[  155.436067][   T30] audit: type=1326 audit(2000000260.234:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7031 comm="syz.3.246" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8e7a98e969 code=0x0
[  155.729213][ T7046] netlink: 'syz.0.249': attribute type 1 has an invalid length.
[  155.729249][ T7046] netlink: 224 bytes leftover after parsing attributes in process `syz.0.249'.
[  156.730155][ T7066] netlink: 8 bytes leftover after parsing attributes in process `syz.6.254'.
[  157.136144][ T7078] overlayfs: missing 'workdir'
[  157.271479][ T7079] bridge1: entered promiscuous mode
[  157.277424][ T7079] bridge1: entered allmulticast mode
[  157.975110][ T7076] batadv_slave_1: entered promiscuous mode
[  157.997734][ T7075] batadv_slave_1: left promiscuous mode
[  159.116409][ T7087] lo speed is unknown, defaulting to 1000
[  161.755894][ T7123] netlink: 'syz.3.268': attribute type 1 has an invalid length.
[  161.763606][ T7123] netlink: 224 bytes leftover after parsing attributes in process `syz.3.268'.
[  161.844814][ T7126] (syz.0.266,7126,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  161.853793][ T7126] (syz.0.266,7126,0):ocfs2_fill_super:1177 ERROR: status = -22
[  162.023083][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  162.608742][   T30] audit: type=1804 audit(2000000267.414:3): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.269" name="/newroot/67/file0/file0" dev="ramfs" ino=12132 res=1 errno=0
[  162.629695][ T7138] lo speed is unknown, defaulting to 1000
[  163.464028][ T5864] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  163.994912][ T5864] usb 6-1: Using ep0 maxpacket: 32
[  164.002101][ T5864] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  164.020614][ T5864] usb 6-1: config 0 has no interface number 0
[  164.033351][ T5864] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  164.052715][ T5864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.060735][ T5864] usb 6-1: Product: syz
[  164.065265][ T5864] usb 6-1: Manufacturer: syz
[  164.070779][ T5864] usb 6-1: SerialNumber: syz
[  164.083715][ T5864] usb 6-1: config 0 descriptor??
[  164.091463][ T5864] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  164.327346][ T5864] usb 6-1: qt2_attach - failed to power on unit: -71
[  164.353348][   T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  164.357640][ T5864] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  164.387432][ T5864] usb 6-1: USB disconnect, device number 3
[  164.407893][ T7175] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  164.482687][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  164.493505][   T24] usb 1-1: device descriptor read/64, error -71
[  164.762789][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  164.824896][ T7188] Can't find a SQUASHFS superblock on nullb0
[  164.912927][   T24] usb 1-1: device descriptor read/64, error -71
[  165.078996][   T24] usb usb1-port1: attempt power cycle
[  165.263289][   T10] usb 7-1: Using ep0 maxpacket: 32
[  165.288602][   T10] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  165.299732][   T10] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  165.311834][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  165.342806][   T10] usb 7-1: config 1 has no interface number 0
[  165.349432][   T10] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  165.466253][   T10] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  165.479248][   T10] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  165.488880][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.524003][   T10] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  165.786582][   T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  165.799598][ T7199] (syz.5.282,7199,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  165.808270][ T7199] (syz.5.282,7199,1):ocfs2_fill_super:1177 ERROR: status = -22
[  165.823755][ T5829] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  165.835772][ T5829] Bluetooth: hci1: Injecting HCI hardware error event
[  165.844607][ T5829] Bluetooth: hci1: hardware error 0x00
[  165.873351][   T24] usb 1-1: device descriptor read/8, error -71
[  166.200915][ T7210] netlink: 'syz.1.286': attribute type 1 has an invalid length.
[  166.206312][   T10] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[  166.208647][ T7210] netlink: 224 bytes leftover after parsing attributes in process `syz.1.286'.
[  166.255551][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  166.295320][   T24] usb 1-1: device descriptor read/8, error -71
[  166.413264][   T24] usb usb1-port1: unable to enumerate USB device
[  167.104291][ T7170] xt_TCPMSS: Only works on TCP SYN packets
[  167.111209][ T7170] net veth1_virt_wifi 
��: renamed from virt_wifi0
[  167.256173][ T5866] snd_usb_pod 7-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  168.199339][ T5829] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  169.264047][ T5868] usb 7-1: USB disconnect, device number 4
[  169.270884][ T5868] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  169.824718][   T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  169.998671][   T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  170.016433][ T7249] netlink: 24 bytes leftover after parsing attributes in process `syz.6.293'.
[  170.060978][   T24] usb 6-1: config 0 has no interface number 0
[  170.158442][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  170.182700][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  170.389879][ T7256] usb usb8: usbfs: process 7256 (syz.3.292) did not claim interface 0 before use
[  170.836301][ T3644] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  170.912671][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  171.003173][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  171.071700][ T3644] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[  171.089368][ T7262] netlink: 16 bytes leftover after parsing attributes in process `syz.6.296'.
[  171.110801][ T7260] netlink: 'syz.5.297': attribute type 83 has an invalid length.
[  171.157081][   T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  171.187933][ T3644] usb 1-1: config 8 has no interface number 0
[  171.245947][ T3644] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  171.298363][   T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  171.378085][ T3644] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  171.418898][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.552191][ T3644] usb 1-1: config 8 interface 177 has no altsetting 0
[  171.822745][ T3644] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  171.841929][   T24] usb 6-1: config 0 descriptor??
[  171.991298][   T24] usb 6-1: can't set config #0, error -71
[  172.008034][ T3644] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.069018][   T24] usb 6-1: USB disconnect, device number 4
[  172.203164][ T7250] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  172.653582][ T7277] tmpfs: Bad value for 'mpol'
[  173.345960][ T3644] usb 1-1: string descriptor 0 read error: -71
[  173.474177][ T3644] ir_toy 1-1:8.177: required endpoints not found
[  173.484682][ T3644] usb 1-1: USB disconnect, device number 10
[  173.532906][ T7282] netlink: 'syz.5.301': attribute type 1 has an invalid length.
[  173.540585][ T7282] netlink: 224 bytes leftover after parsing attributes in process `syz.5.301'.
[  176.427241][ T7300] bridge0: entered promiscuous mode
[  176.675495][ T7300] macvlan2: entered promiscuous mode
[  177.091578][ T7300] bridge0: port 3(macvlan2) entered blocking state
[  177.136485][ T7300] bridge0: port 3(macvlan2) entered disabled state
[  177.194247][ T7315] netlink: 56 bytes leftover after parsing attributes in process `syz.0.308'.
[  177.212849][ T7300] macvlan2: entered allmulticast mode
[  177.218268][ T7300] bridge0: entered allmulticast mode
[  177.332028][ T7317] netlink: 'syz.3.309': attribute type 3 has an invalid length.
[  177.363172][ T7300] macvlan2: left allmulticast mode
[  177.368338][ T7300] bridge0: left allmulticast mode
[  177.392439][ T7300] bridge0: left promiscuous mode
[  177.444750][ T7304] wg2: entered promiscuous mode
[  177.449673][ T7304] wg2: entered allmulticast mode
[  177.983763][ T7333] netlink: 164 bytes leftover after parsing attributes in process `syz.5.312'.
[  178.320884][ T7337] netlink: 'syz.6.314': attribute type 13 has an invalid length.
[  178.330050][ T7337] netlink: 152 bytes leftover after parsing attributes in process `syz.6.314'.
[  178.376504][ T7337] syz_tun: refused to change device tx_queue_len
[  178.441991][ T7337] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  179.159808][ T7347] netlink: 'syz.0.316': attribute type 1 has an invalid length.
[  179.167516][ T7347] netlink: 224 bytes leftover after parsing attributes in process `syz.0.316'.
[  180.175428][ T7364] process 'syz.1.319' launched '/dev/fd/7' with NULL argv: empty string added
[  180.625383][ T7370] netlink: 28 bytes leftover after parsing attributes in process `syz.5.320'.
[  181.025652][ T7368] Cannot find del_set index 0 as target
[  183.852775][ T5864] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  184.171811][ T5864] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  184.183539][ T5864] usb 2-1: config 0 has no interface number 0
[  184.190048][ T5864] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  184.212887][ T5864] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  184.224616][ T5864] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  184.908273][ T5864] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  184.923955][ T5864] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  184.941891][ T5864] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  184.952025][ T5864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.081457][ T5864] usb 2-1: config 0 descriptor??
[  185.147402][ T7393] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  185.342689][ T5900] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  186.064144][ T7422] netlink: 'syz.3.334': attribute type 1 has an invalid length.
[  186.071859][ T7422] netlink: 224 bytes leftover after parsing attributes in process `syz.3.334'.
[  186.108880][ T5864] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  186.117515][ T5900] usb 6-1: device descriptor read/64, error -71
[  186.366437][ T5900] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  186.390601][ T5864] IPVS: starting estimator thread 0...
[  186.397844][ T7432] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  186.512847][ T5900] usb 6-1: device descriptor read/64, error -71
[  186.519500][ T7436] IPVS: using max 34 ests per chain, 81600 per kthread
[  186.643875][ T5900] usb usb6-port1: attempt power cycle
[  187.534444][ T7446] overlayfs: failed to resolve './file1/file0': -2
[  187.602814][ T5900] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  187.963501][   T24] usb 2-1: USB disconnect, device number 11
[  187.988153][ T5900] usb 6-1: device descriptor read/8, error -71
[  188.068662][   T24] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  188.983855][ T7469] netlink: 830 bytes leftover after parsing attributes in process `syz.0.342'.
[  190.080251][ T7435] lo speed is unknown, defaulting to 1000
[  190.545301][ T7497] netlink: 'syz.3.349': attribute type 1 has an invalid length.
[  190.553020][ T7497] netlink: 224 bytes leftover after parsing attributes in process `syz.3.349'.
[  191.230471][ T7497] workqueue: Failed to create a rescuer kthread for wq "phy17-mac-cmds": -EINTR
[  191.850894][ T7520] tmpfs: Bad value for 'mpol'
[  191.913107][  T975] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  192.097407][  T975] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  192.135292][  T975] usb 2-1: config 0 has no interface number 0
[  192.141442][  T975] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  192.208572][  T975] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  192.312663][   T24] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  192.361875][  T975] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  192.375824][  T975] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  192.387289][  T975] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  192.400918][  T975] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  192.419344][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.436629][  T975] usb 2-1: config 0 descriptor??
[  192.448196][ T7507] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  192.468158][  T975] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  192.483162][   T24] usb 6-1: Using ep0 maxpacket: 16
[  192.508908][   T24] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  192.546713][   T24] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  192.571860][   T24] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  192.589407][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  192.604813][   T24] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  192.619229][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.627401][   T24] usb 6-1: Product: syz
[  192.631638][   T24] usb 6-1: Manufacturer: syz
[  192.645856][   T24] usb 6-1: SerialNumber: syz
[  192.709262][   T24] usb 6-1: config 0 descriptor??
[  193.017323][   T24] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input7
[  193.032416][ T5173] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  193.092705][ T5173] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  193.308743][ T6119] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  194.028681][ T3644] usb 2-1: USB disconnect, device number 12
[  194.045288][ T7522] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  194.065034][ T3644] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  194.161078][ T5173] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  194.221161][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.369510][ T3644] usb 6-1: USB disconnect, device number 9
[  194.491947][ T5173] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -19
[  196.042821][ T3644] usb 6-1: new low-speed USB device number 10 using dummy_hcd
[  196.340376][ T5825] Bluetooth: hci0: command 0x0406 tx timeout
[  196.350739][ T5825] Bluetooth: hci2: command 0x0406 tx timeout
[  196.361355][ T5825] Bluetooth: hci4: command 0x0406 tx timeout
[  196.467901][ T3644] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  196.477641][ T3644] usb 6-1: config 179 has no interface number 0
[  196.484759][ T3644] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  196.512947][ T3644] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  196.588535][ T3644] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  196.694042][ T3644] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[  196.739711][ T3644] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  196.758224][ T7600] block device autoloading is deprecated and will be removed.
[  196.803579][ T3644] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  196.830049][ T3644] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.857127][ T7606] tipc: Started in network mode
[  196.871604][ T7606] tipc: Node identity 00000000000040000000000000000001, cluster identity 4711
[  196.885532][ T7579] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  196.909593][ T7579] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  196.918147][ T7606] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  197.569309][ T3644] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  197.682701][ T5864] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  197.740976][   T30] audit: type=1800 audit(2000000302.544:4): pid=7579 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.366" name="file0" dev="overlay" ino=275 res=0 errno=0
[  197.794485][ T7575] netlink: 'syz.6.364': attribute type 1 has an invalid length.
[  197.802707][ T3644] usb 2-1: Using ep0 maxpacket: 8
[  197.821523][ T3644] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  197.850198][ T3644] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.851299][ T7575] netlink: 224 bytes leftover after parsing attributes in process `syz.6.364'.
[  197.870213][ T3644] usb 2-1: config 0 descriptor??
[  197.881583][ T5864] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  197.929023][ T5864] usb 4-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=fd.0b
[  197.983287][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.063624][ T5864] usb 4-1: config 0 descriptor??
[  198.094170][ T3644] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  198.130742][ T5864] usb 4-1: unsupported MDLM descriptors
[  198.282177][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  198.283535][  T975] usb 6-1: USB disconnect, device number 10
[  198.290512][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  198.327638][ T5864] usb 4-1: USB disconnect, device number 5
[  198.566841][ T7610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.372'.
[  199.125655][ T3644] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  199.153375][ T3644] asix 2-1:0.0: probe with driver asix failed with error -61
[  199.451634][ T7649] netlink: 28 bytes leftover after parsing attributes in process `syz.5.377'.
[  199.463790][ T7649] netlink: 'syz.5.377': attribute type 7 has an invalid length.
[  199.500605][ T7649] netlink: 'syz.5.377': attribute type 8 has an invalid length.
[  199.583117][ T7649] netlink: 4 bytes leftover after parsing attributes in process `syz.5.377'.
[  199.632522][ T7653] loop2: detected capacity change from 0 to 7
[  199.646143][ T7649] team0: entered promiscuous mode
[  199.660771][ T7653] Dev loop2: unable to read RDB block 7
[  199.671778][ T7649] team_slave_0: entered promiscuous mode
[  199.682134][ T7653]  loop2: unable to read partition table
[  199.691091][ T7649] team_slave_1: entered promiscuous mode
[  199.709153][ T7653] loop2: partition table beyond EOD, truncated
[  200.487099][ T7653] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  200.521970][  T975] usb 2-1: USB disconnect, device number 13
[  200.530590][ T7649] bond0: entered promiscuous mode
[  200.561061][ T7649] bond_slave_0: entered promiscuous mode
[  200.755477][ T7649] bond_slave_1: entered promiscuous mode
[  200.892496][ T7649] gretap0: entered promiscuous mode
[  200.927864][ T7649] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  201.037924][ T7649] Cannot create hsr debugfs directory
[  201.044337][ T7649] 8021q: adding VLAN 0 to HW filter on device hsr1
[  202.027021][ T7676] 9pnet_fd: Insufficient options for proto=fd
[  202.680858][ T7687] netlink: 'syz.3.386': attribute type 1 has an invalid length.
[  202.688560][ T7687] netlink: 224 bytes leftover after parsing attributes in process `syz.3.386'.
[  202.776076][ T7693] netlink: 12 bytes leftover after parsing attributes in process `syz.5.388'.
[  205.725028][ T7718] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  206.195934][ T7723] bridge0: entered promiscuous mode
[  206.201292][ T7723] macvlan2: entered promiscuous mode
[  206.321061][ T7723] bridge0: port 3(macvlan2) entered blocking state
[  206.950663][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[  207.003622][ T7723] bridge0: port 3(macvlan2) entered disabled state
[  207.034495][ T7723] macvlan2: entered allmulticast mode
[  207.040624][ T7723] bridge0: entered allmulticast mode
[  207.055276][ T7723] macvlan2: left allmulticast mode
[  207.071723][ T7723] bridge0: left allmulticast mode
[  207.107853][ T7723] bridge0: left promiscuous mode
[  207.520128][ T7755] netlink: 116 bytes leftover after parsing attributes in process `syz.6.404'.
[  209.032811][ T5866] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  209.243052][ T5866] usb 7-1: Using ep0 maxpacket: 8
[  209.272236][ T5866] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  209.362740][ T5866] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  209.437926][ T5866] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  209.499654][ T5866] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  209.535643][ T5866] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.571533][ T5866] usb 7-1: Product: syz
[  209.620165][ T5866] usb 7-1: Manufacturer: syz
[  209.659373][ T5866] usb 7-1: SerialNumber: syz
[  209.698115][ T7778] netlink: 'syz.5.409': attribute type 83 has an invalid length.
[  209.858403][ T7777] netlink: 'syz.1.408': attribute type 1 has an invalid length.
[  209.866657][ T7777] netlink: 224 bytes leftover after parsing attributes in process `syz.1.408'.
[  210.942001][  T975] usb 7-1: USB disconnect, device number 5
[  211.761975][ T7799] /dev/nullb0: Can't open blockdev
[  212.683859][ T7819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.419'.
[  216.449215][ T7859] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.427'.
[  216.476687][ T7859] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.427'.
[  216.502492][ T7859] netlink: 584 bytes leftover after parsing attributes in process `syz.6.427'.
[  216.825731][ T7870] netlink: 'syz.5.428': attribute type 1 has an invalid length.
[  216.835409][ T7870] netlink: 224 bytes leftover after parsing attributes in process `syz.5.428'.
[  216.882632][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  216.940289][  T975] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  217.103258][   T10] usb 1-1: device descriptor read/64, error -71
[  217.338406][  T975] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  217.642408][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  217.668791][  T975] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  218.027544][  T975] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  218.050426][  T975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  218.076786][  T975] usb 7-1: SerialNumber: syz
[  218.813795][   T47] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  218.820574][  T975] usb 7-1: 0:2 : does not exist
[  219.049221][   T47] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  219.110141][  T975] usb 7-1: USB disconnect, device number 6
[  219.164019][   T47] usb 2-1: config 0 has no interface number 0
[  219.213102][   T47] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  219.247667][   T47] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  219.286302][   T47] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  219.452433][   T47] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  219.465041][   T47] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  219.480275][   T47] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  219.490967][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.511213][   T47] usb 2-1: config 0 descriptor??
[  219.519588][ T7884] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  219.536198][   T47] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  220.867966][ T7916] netlink: 20 bytes leftover after parsing attributes in process `syz.3.438'.
[  221.021144][ T5900] usb 2-1: USB disconnect, device number 14
[  221.147796][ T5900] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  221.458039][   T30] audit: type=1326 audit(2000000326.264:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  221.479856][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.929612][   T30] audit: type=1326 audit(2000000326.264:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.029023][   T30] audit: type=1326 audit(2000000326.264:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.101224][ T7931] netlink: 192 bytes leftover after parsing attributes in process `syz.3.443'.
[  222.202825][   T30] audit: type=1326 audit(2000000326.264:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.285064][   T30] audit: type=1326 audit(2000000326.264:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.327732][   T30] audit: type=1326 audit(2000000326.264:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.349177][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.370427][   T30] audit: type=1326 audit(2000000326.264:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  222.856661][ T7942] netlink: 'syz.5.445': attribute type 1 has an invalid length.
[  222.864399][ T7942] netlink: 224 bytes leftover after parsing attributes in process `syz.5.445'.
[  223.140298][   T10] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  223.236842][   T30] audit: type=1326 audit(2000000326.264:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  223.773216][   T10] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  223.944474][   T30] audit: type=1326 audit(2000000326.264:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  223.965792][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.993968][   T10] usb 7-1: config 0 has no interface number 0
[  224.000955][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  224.065514][   T30] audit: type=1326 audit(2000000326.264:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7922 comm="syz.5.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7ffc0000
[  224.171974][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  224.258893][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  224.313661][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'.
[  224.380270][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  224.421130][   T10] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  224.630131][ T7959] bridge_slave_0: left allmulticast mode
[  224.643035][   T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  225.068502][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.086916][ T7959] bridge_slave_0: left promiscuous mode
[  225.096922][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.100354][   T10] usb 7-1: config 0 descriptor??
[  225.217849][ T7959] bridge_slave_1: left allmulticast mode
[  225.221014][ T7944] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  225.332720][ T7959] bridge_slave_1: left promiscuous mode
[  225.338531][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.385582][   T10] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  225.486012][   T10] usb 7-1: USB disconnect, device number 7
[  225.723865][ T7959] bond0: (slave bond_slave_0): Releasing backup interface
[  225.815705][ T7975] (syz.0.451,7975,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  225.824533][ T7975] (syz.0.451,7975,0):ocfs2_fill_super:1177 ERROR: status = -22
[  226.719615][ T7959] bond_slave_0: left promiscuous mode
[  226.752831][   T10] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  227.198860][ T7959] bond0: (slave bond_slave_1): Releasing backup interface
[  227.278219][ T7959] bond_slave_1: left promiscuous mode
[  227.334507][ T7959] team_slave_0: left promiscuous mode
[  227.437671][ T7959] team0: Port device team_slave_0 removed
[  227.489192][ T7959] team_slave_1: left promiscuous mode
[  227.665410][ T7959] team0: Port device team_slave_1 removed
[  227.718187][ T7959] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  227.727477][ T7959] batman_adv: batadv0: Removing interface: batadv_slave_0
[  228.031308][ T7991] netlink: 104 bytes leftover after parsing attributes in process `syz.5.455'.
[  228.338557][ T5868] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  228.520007][ T8000] netlink: 268 bytes leftover after parsing attributes in process `syz.6.457'.
[  228.534578][ T5868] usb 1-1: Using ep0 maxpacket: 16
[  228.548171][ T5868] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  228.564725][ T5868] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  228.577885][ T5868] usb 1-1: config 0 interface 0 has no altsetting 0
[  228.587292][ T5868] usb 1-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00
[  228.973334][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.637994][ T5868] usb 1-1: config 0 descriptor??
[  230.880239][ T5868] chicony 0003:04F2:0418.0002: item fetching failed at offset 0/4
[  230.900486][ T5868] chicony 0003:04F2:0418.0002: Chicony hid parse failed: -22
[  230.909076][ T5868] chicony 0003:04F2:0418.0002: probe with driver chicony failed with error -22
[  232.085638][ T7988] netlink: 12 bytes leftover after parsing attributes in process `syz.0.454'.
[  232.238243][ T5868] usb 1-1: USB disconnect, device number 13
[  232.700920][ T8017] syz_tun: entered allmulticast mode
[  233.041956][ T8017] dvmrp1: entered allmulticast mode
[  233.134275][ T8015] syz_tun: left allmulticast mode
[  233.174466][ T8031] sctp: failed to load transform for md5: -2
[  234.219842][ T5864] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  234.596778][ T5864] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  234.802530][ T5864] usb 7-1: config 0 has no interface number 0
[  234.893293][ T5864] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  235.101887][ T5864] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  235.151636][ T5864] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  235.209355][ T5864] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  235.448858][ T5864] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  235.462065][ T5864] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  235.477949][ T3644] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  235.492112][ T5864] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.921451][ T5864] usb 7-1: config 0 descriptor??
[  235.939978][ T8039] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  235.987332][ T5864] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  235.989719][ T3644] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  236.220395][ T3644] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.233185][ T3644] usb 6-1: Product: syz
[  236.237945][ T3644] usb 6-1: Manufacturer: syz
[  236.244291][ T3644] usb 6-1: SerialNumber: syz
[  236.280702][ T3644] r8152-cfgselector 6-1: Unknown version 0x0000
[  236.310050][ T3644] r8152-cfgselector 6-1: config 0 descriptor??
[  237.283333][ T8075] netlink: 32 bytes leftover after parsing attributes in process `syz.0.476'.
[  237.610578][ T5900] usb 7-1: USB disconnect, device number 8
[  237.730817][ T5900] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  238.575596][ T5864] r8152-cfgselector 6-1: USB disconnect, device number 11
[  242.161391][ T8111] ceph: No mds server is up or the cluster is laggy
[  243.156353][ T8125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.489'.
[  243.165538][ T8125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'.
[  243.958886][ T3644] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  243.993845][ T8132] netlink: 28 bytes leftover after parsing attributes in process `syz.6.492'.
[  244.045387][ T8132] netlink: 'syz.6.492': attribute type 7 has an invalid length.
[  244.087362][ T8132] netlink: 'syz.6.492': attribute type 8 has an invalid length.
[  244.119864][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.6.492'.
[  244.189948][ T8132] team0: entered promiscuous mode
[  244.205576][ T8132] team_slave_0: entered promiscuous mode
[  244.239133][ T8132] team_slave_1: entered promiscuous mode
[  244.266252][ T8132] bond0: entered promiscuous mode
[  244.285760][ T8132] bond_slave_0: entered promiscuous mode
[  244.319936][ T8132] bond_slave_1: entered promiscuous mode
[  244.342166][ T8132] gretap0: entered promiscuous mode
[  244.363193][ T8132] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  244.436461][ T8132] Cannot create hsr debugfs directory
[  244.465428][ T8132] 8021q: adding VLAN 0 to HW filter on device hsr1
[  244.475636][ T3644] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  244.489688][ T3644] usb 1-1: config 0 has no interface number 0
[  244.522100][ T3644] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  244.553566][ T3644] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  244.604424][ T3644] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  244.643770][ T3644] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  244.656318][ T3644] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  244.702846][ T3644] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  244.733973][ T3644] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.251817][ T3644] usb 1-1: config 0 descriptor??
[  245.287006][ T3644] usb 1-1: can't set config #0, error -71
[  245.328664][ T3644] usb 1-1: USB disconnect, device number 14
[  245.629828][ T8161] netlink: 20 bytes leftover after parsing attributes in process `syz.6.498'.
[  245.629915][ T8161] netlink: 20 bytes leftover after parsing attributes in process `syz.6.498'.
[  245.630254][ T8161] netlink: 204 bytes leftover after parsing attributes in process `syz.6.498'.
[  246.854263][ T8171] (syz.3.499,8171,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  246.863010][ T8171] (syz.3.499,8171,0):ocfs2_fill_super:1177 ERROR: status = -22
[  247.823716][ T8162] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  247.873013][ T8162] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  248.307208][ T8162] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  248.337730][ T8162] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  248.774669][ T8184] (syz.1.500,8184,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  248.785863][ T8184] (syz.1.500,8184,0):ocfs2_fill_super:1177 ERROR: status = -22
[  248.898378][ T8162] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  248.931696][ T8162] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  248.938099][ T5128] Bluetooth: hci0: command 0x0406 tx timeout
[  248.980692][ T8162] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  249.007678][ T8162] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  249.299806][ T8193] syz.5.505: attempt to access beyond end of device
[  249.299806][ T8193] loop5: rw=0, sector=0, nr_sectors = 1 limit=0
[  249.313216][ T8193] FAT-fs (loop5): unable to read boot sector
[  249.335647][ T8193] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  249.440672][ T5866] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  249.716950][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  249.854892][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.032203][ T5866] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  251.174798][ T5128] Bluetooth: hci2: command 0x0406 tx timeout
[  251.177865][ T5818] Bluetooth: hci4: command 0x0406 tx timeout
[  251.181576][ T5128] Bluetooth: hci3: command 0x0406 tx timeout
[  251.191292][ T5829] Bluetooth: hci0: command 0x0406 tx timeout
[  251.299778][ T5866] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  251.477694][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.007358][ T8212] sctp: failed to load transform for md5: -2
[  252.035691][ T5866] usb 7-1: config 0 descriptor??
[  252.043124][ T5866] usb 7-1: can't set config #0, error -71
[  252.062001][ T5866] usb 7-1: USB disconnect, device number 9
[  252.220832][ T8226] netlink: 16 bytes leftover after parsing attributes in process `syz.6.512'.
[  252.652848][  T975] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  252.707367][ T8233] usb usb8: usbfs: process 8233 (syz.0.513) did not claim interface 0 before use
[  252.918790][  T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  253.320749][ T5829] Bluetooth: hci4: command 0x0406 tx timeout
[  253.327404][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[  253.334185][ T5829] Bluetooth: hci2: command 0x0406 tx timeout
[  253.343133][  T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  253.421162][  T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  253.706400][ T8236] fuse: Bad value for 'user_id'
[  253.711325][ T8236] fuse: Bad value for 'user_id'
[  253.717825][  T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  253.799005][ T8241] usb usb8: usbfs: process 8241 (syz.1.515) did not claim interface 0 before use
[  253.826113][  T975] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  253.852916][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.884211][  T975] usb 4-1: Product: syz
[  253.902392][  T975] usb 4-1: Manufacturer: syz
[  253.983733][  T975] usb 4-1: SerialNumber: syz
[  254.237353][  T975] usb 4-1: config 0 descriptor??
[  254.553759][  T975] kvaser_usb 4-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0
[  254.560914][  T975] kvaser_usb 4-1:0.0: error -EMSGSIZE: Failed to initialize card
[  254.569215][ T5866] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  254.620986][  T975] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  254.802643][ T5866] usb 7-1: Using ep0 maxpacket: 16
[  254.840073][  T975] usb 4-1: USB disconnect, device number 6
[  254.850013][ T5866] usb 7-1: config 143 has too many interfaces: 181, using maximum allowed: 32
[  254.853456][ T8250] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  254.888164][ T5866] usb 7-1: config 143 has 1 interface, different from the descriptor's value: 181
[  254.938685][ T5866] usb 7-1: config 143 has no interface number 0
[  254.958248][ T5866] usb 7-1: config 143 interface 8 altsetting 0 has an endpoint descriptor with address 0xCA, changing to 0x8A
[  254.977242][ T5866] usb 7-1: config 143 interface 8 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  255.020285][ T5866] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  255.036899][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  255.046371][ T5866] usb 7-1: Product: syz
[  255.050616][ T5866] usb 7-1: SerialNumber: syz
[  255.223451][ T8256] XFS (nullb0): Invalid superblock magic number
[  255.290437][ T8236] netlink: 8 bytes leftover after parsing attributes in process `syz.6.516'.
[  255.321292][ T8236] MPI: mpi too large (130952 bits)
[  255.466324][ T5866] cm109 7-1:143.8: invalid payload size 92, expected 4
[  255.486451][ T8256] xt_TCPMSS: Only works on TCP SYN packets
[  255.558726][ T5866] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:143.8/input/input8
[  255.591437][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.599903][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.607383][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.614872][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.622243][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.629561][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.636942][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.646136][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.664884][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  255.667903][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.678620][    C0] cm109 7-1:143.8: cm109_urb_ctl_callback: urb status -71
[  255.757299][ T5866] usb 7-1: USB disconnect, device number 10
[  255.763378][    C0] cm109 7-1:143.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  255.955032][ T5866] cm109 7-1:143.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  261.080511][ T8297] usb usb8: usbfs: process 8297 (syz.1.527) did not claim interface 0 before use
[  263.476351][ T8322] nfs: Bad value for 'fsc'
[  263.514966][ T8321] FAULT_INJECTION: forcing a failure.
[  263.514966][ T8321] name failslab, interval 1, probability 0, space 0, times 1
[  263.528556][ T8321] CPU: 0 UID: 0 PID: 8321 Comm: syz.3.534 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  263.528578][ T8321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.528591][ T8321] Call Trace:
[  263.528598][ T8321]  <TASK>
[  263.528609][ T8321]  dump_stack_lvl+0x189/0x250
[  263.528638][ T8321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.528660][ T8321]  ? __pfx__printk+0x10/0x10
[  263.528689][ T8321]  ? __pfx___might_resched+0x10/0x10
[  263.528718][ T8321]  should_fail_ex+0x414/0x560
[  263.528740][ T8321]  should_failslab+0xa8/0x100
[  263.528757][ T8321]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  263.528782][ T8321]  ? __alloc_skb+0x112/0x2d0
[  263.528806][ T8321]  __alloc_skb+0x112/0x2d0
[  263.528829][ T8321]  netlink_sendmsg+0x5c6/0xb30
[  263.528854][ T8321]  ? is_bpf_text_address+0x26/0x2b0
[  263.528883][ T8321]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.528910][ T8321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  263.528927][ T8321]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.528947][ T8321]  __sock_sendmsg+0x219/0x270
[  263.528967][ T8321]  ____sys_sendmsg+0x505/0x830
[  263.528994][ T8321]  ? __pfx_____sys_sendmsg+0x10/0x10
[  263.529025][ T8321]  ? import_iovec+0x74/0xa0
[  263.529051][ T8321]  ___sys_sendmsg+0x21f/0x2a0
[  263.529074][ T8321]  ? __pfx____sys_sendmsg+0x10/0x10
[  263.529132][ T8321]  ? __fget_files+0x2a/0x420
[  263.529147][ T8321]  ? __fget_files+0x3a0/0x420
[  263.529172][ T8321]  __x64_sys_sendmsg+0x19b/0x260
[  263.529196][ T8321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  263.529235][ T8321]  ? do_syscall_64+0xba/0x210
[  263.529259][ T8321]  do_syscall_64+0xf6/0x210
[  263.529279][ T8321]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  263.529294][ T8321]  ? clear_bhb_loop+0x60/0xb0
[  263.529314][ T8321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.529330][ T8321] RIP: 0033:0x7f8e7a98e969
[  263.529345][ T8321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.529359][ T8321] RSP: 002b:00007f8e7b75f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.529377][ T8321] RAX: ffffffffffffffda RBX: 00007f8e7abb6080 RCX: 00007f8e7a98e969
[  263.529389][ T8321] RDX: 0000000000044880 RSI: 0000200000000040 RDI: 0000000000000005
[  263.529399][ T8321] RBP: 00007f8e7b75f090 R08: 0000000000000000 R09: 0000000000000000
[  263.529409][ T8321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.529418][ T8321] R13: 0000000000000000 R14: 00007f8e7abb6080 R15: 00007fff73fec128
[  263.529446][ T8321]  </TASK>
[  264.889616][ T5864] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  265.132767][ T5864] usb 2-1: device descriptor read/64, error -71
[  265.982678][ T5864] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  269.038722][ T8368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.547'.
[  269.528647][ T8379] Illegal XDP return value 4294967274 on prog  (id 151) dev N/A, expect packet loss!
[  269.588893][ T8392] netlink: 164 bytes leftover after parsing attributes in process `syz.5.549'.
[  269.601311][ T8393] ieee802154 phy1 wpan1: encryption failed: -90
[  269.974487][ T5866] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  270.183332][ T5866] usb 7-1: Using ep0 maxpacket: 32
[  270.201798][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.244690][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.281085][ T5866] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  270.321264][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.576079][ T5866] usb 7-1: config 0 descriptor??
[  271.377031][ T5866] greenasia 0003:0E8F:0012.0003: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.6-1/input0
[  271.402837][ T5866] greenasia 0003:0E8F:0012.0003: no inputs found
[  272.863145][ T8442] macvlan2: entered promiscuous mode
[  272.871921][ T8442] bridge0: entered promiscuous mode
[  272.881453][ T8442] bridge0: port 3(macvlan2) entered blocking state
[  272.978483][ T8442] bridge0: port 3(macvlan2) entered disabled state
[  273.152320][ T5866] usb 7-1: USB disconnect, device number 11
[  274.099626][ T8442] macvlan2: entered allmulticast mode
[  274.169760][ T8442] bridge0: entered allmulticast mode
[  274.251908][ T8442] macvlan2: left allmulticast mode
[  274.308098][ T8442] bridge0: left allmulticast mode
[  274.353424][ T8442] bridge0: left promiscuous mode
[  274.442942][  T975] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  274.463839][ T8443] wg2: entered promiscuous mode
[  274.486585][ T8443] wg2: entered allmulticast mode
[  274.638996][  T975] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  274.736583][  T975] usb 2-1: config 0 has no interface number 0
[  274.745965][  T975] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  274.758266][  T975] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  274.775126][  T975] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  274.825702][ T8459] (syz.0.561,8459,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  274.834566][ T8459] (syz.0.561,8459,0):ocfs2_fill_super:1177 ERROR: status = -22
[  274.886566][  T975] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  275.222602][  T975] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  275.282850][  T975] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  275.291932][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.353565][  T975] usb 2-1: config 0 descriptor??
[  275.359505][ T8445] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  275.415943][  T975] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  276.579113][ T8477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.566'.
[  276.984983][   T47] usb 2-1: USB disconnect, device number 17
[  277.018511][   T47] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  278.372738][  T975] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  279.193460][  T975] usb 6-1: Using ep0 maxpacket: 16
[  279.219079][  T975] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  279.268534][  T975] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  279.285097][  T975] usb 6-1: New USB device found, idVendor=1d6b, idProduct=1301, bcdDevice= 1.40
[  279.294652][  T975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.322719][  T975] usb 6-1: Product: syz
[  279.337495][  T975] usb 6-1: Manufacturer: syz
[  279.342120][  T975] usb 6-1: SerialNumber: syz
[  279.655752][  T975] usb 6-1: 0:2 : does not exist
[  279.671331][  T975] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  279.727215][  T975] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  279.739813][  T975] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  279.766354][  T975] usb 6-1: 5:0: cannot get min/max values for control 8 (id 5)
[  279.837404][  T975] usb 6-1: USB disconnect, device number 12
[  279.919539][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  280.922632][  T975] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  281.122765][ T5900] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  281.224487][  T975] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  281.259136][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.320575][  T975] usb 6-1: config 0 descriptor??
[  281.347350][ T8540] usb usb8: usbfs: process 8540 (syz.3.579) did not claim interface 0 before use
[  281.434507][  T975] cp210x 6-1:0.0: cp210x converter detected
[  282.297982][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.310641][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.321821][ T5900] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  282.339593][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.525094][ T5900] usb 1-1: config 0 descriptor??
[  283.172725][ T8543] Process accounting resumed
[  283.202331][  T975] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -71
[  283.275498][  T975] cp210x 6-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  283.343599][  T975] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  283.400336][  T975] usb 6-1: cp210x converter now attached to ttyUSB0
[  283.474083][ T8563] netlink: 268 bytes leftover after parsing attributes in process `syz.5.585'.
[  283.495813][  T975] usb 6-1: USB disconnect, device number 13
[  283.541780][  T975] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  283.605146][  T975] cp210x 6-1:0.0: device disconnected
[  283.746396][ T8569] netlink: 32 bytes leftover after parsing attributes in process `syz.5.587'.
[  283.789690][ T5868] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  283.878490][ T8549] bond0 (unregistering): left promiscuous mode
[  283.896772][ T8549] bond0 (unregistering): Released all slaves
[  284.014032][ T8561] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  284.014856][ T5868] usb 4-1: Using ep0 maxpacket: 16
[  284.037246][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  284.078368][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  284.105263][ T5868] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  284.147210][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.191847][ T5868] usb 4-1: Product: syz
[  284.345572][ T8579] netlink: 252 bytes leftover after parsing attributes in process `syz.6.589'.
[  284.424049][ T5900] usb 1-1: string descriptor 0 read error: -71
[  284.442626][ T5868] usb 4-1: Manufacturer: syz
[  284.447894][ T5868] usb 4-1: SerialNumber: syz
[  284.453432][ T5900] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #200: -71
[  284.473940][ T5900] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71
[  284.489173][ T5900] uclogic 0003:256C:006D.0004: failed probing pen v2 parameters: -71
[  284.502319][ T5900] uclogic 0003:256C:006D.0004: failed probing parameters: -71
[  284.512405][ T5900] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71
[  284.565692][ T5900] usb 1-1: USB disconnect, device number 15
[  284.602940][ T5864] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  284.784493][ T5864] usb 6-1: config 252 has an invalid interface number: 107 but max is 0
[  284.805381][ T5864] usb 6-1: config 252 has no interface number 0
[  284.828218][ T5864] usb 6-1: config 252 interface 107 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  284.851976][ T5864] usb 6-1: config 252 interface 107 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  284.880320][ T5864] usb 6-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=d7.67
[  284.901928][ T5864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.958158][ T5868] usb 4-1: cannot find UAC_HEADER
[  284.991162][ T5864] usb 6-1: Product: syz
[  285.450734][ T5864] usb 6-1: Manufacturer: syz
[  285.462561][ T5864] usb 6-1: SerialNumber: syz
[  285.558815][ T8591] hub 8-0:1.0: USB hub found
[  285.568589][ T8591] hub 8-0:1.0: 1 port detected
[  285.616532][ T5868] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  285.667590][ T5868] usb 4-1: USB disconnect, device number 7
[  285.748882][  T975] usb 6-1: USB disconnect, device number 14
[  285.971612][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  285.994183][ T8600] netlink: 'syz.0.594': attribute type 1 has an invalid length.
[  286.001991][ T8600] netlink: 224 bytes leftover after parsing attributes in process `syz.0.594'.
[  286.017285][ T8599] bridge0: entered promiscuous mode
[  286.043802][ T8599] macvlan2: entered promiscuous mode
[  286.075911][ T8599] bridge0: port 1(macvlan2) entered blocking state
[  286.093801][ T8599] bridge0: port 1(macvlan2) entered disabled state
[  286.154871][ T8599] macvlan2: entered allmulticast mode
[  286.172997][ T8599] bridge0: entered allmulticast mode
[  286.235600][ T8599] macvlan2: left allmulticast mode
[  286.262403][ T8599] bridge0: left allmulticast mode
[  286.284219][ T8599] bridge0: left promiscuous mode
[  287.229366][ T8634] netlink: 844 bytes leftover after parsing attributes in process `syz.6.601'.
[  289.384951][ T8670] bridge0: entered promiscuous mode
[  289.391072][ T8670] macvlan2: entered promiscuous mode
[  289.451435][ T8670] bridge0: port 3(macvlan2) entered blocking state
[  289.472748][ T8670] bridge0: port 3(macvlan2) entered disabled state
[  289.489724][ T8670] macvlan2: entered allmulticast mode
[  289.518379][ T8670] bridge0: entered allmulticast mode
[  289.533448][ T8675] netlink: 268 bytes leftover after parsing attributes in process `syz.5.614'.
[  289.611939][ T8670] macvlan2: left allmulticast mode
[  289.622096][ T8670] bridge0: left allmulticast mode
[  289.656560][ T8670] bridge0: left promiscuous mode
[  291.185214][ T8694] sctp: failed to load transform for md5: -2
[  293.920329][ T8719] (syz.5.623,8719,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  293.930229][ T8719] (syz.5.623,8719,1):ocfs2_fill_super:1177 ERROR: status = -22
[  294.576231][ T8725] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  295.191619][ T8728] loop2: detected capacity change from 0 to 7
[  295.251756][ T8728] Dev loop2: unable to read RDB block 7
[  295.342841][ T8728]  loop2: unable to read partition table
[  295.375550][ T8728] loop2: partition table beyond EOD, truncated
[  295.412987][ T8728] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  295.635574][  T975] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  295.802626][  T975] usb 7-1: Using ep0 maxpacket: 32
[  296.427139][  T975] usb 7-1: config index 0 descriptor too short (expected 63517, got 29)
[  296.476145][  T975] usb 7-1: config 96 has too many interfaces: 214, using maximum allowed: 32
[  296.681515][  T975] usb 7-1: config 96 has an invalid descriptor of length 130, skipping remainder of the config
[  296.700652][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.633'.
[  296.712842][ T8745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.633'.
[  296.910997][  T975] usb 7-1: config 96 has 0 interfaces, different from the descriptor's value: 214
[  297.432447][  T975] usb 7-1: New USB device found, idVendor=0421, idProduct=02e3, bcdDevice=51.43
[  297.487170][  T975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.529705][  T975] usb 7-1: Product: syz
[  297.557585][  T975] usb 7-1: Manufacturer: syz
[  297.572443][  T975] usb 7-1: SerialNumber: syz
[  297.677130][ T8752] use of bytesused == 0 is deprecated and will be removed in the future,
[  297.734725][ T8752] use the actual size instead.
[  297.810830][ T8734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.945627][ T8734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.628814][  T975] usb 7-1: USB disconnect, device number 12
[  299.899590][ T8771] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.639'.
[  299.915422][ T8770] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.639'.
[  302.676946][ T8775] netlink: 8 bytes leftover after parsing attributes in process `syz.6.642'.
[  303.748591][ T5868] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  303.973021][ T5868] usb 2-1: Using ep0 maxpacket: 32
[  303.986163][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  304.561894][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  304.587068][ T5868] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  304.678124][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.712660][ T5868] usb 2-1: Product: syz
[  304.717473][ T5868] usb 2-1: Manufacturer: syz
[  304.763484][ T5868] usb 2-1: SerialNumber: syz
[  304.795934][ T5868] usb 2-1: config 0 descriptor??
[  304.835188][ T5868] usb 2-1: no audio or video endpoints found
[  304.899838][ T8799] netlink: 56 bytes leftover after parsing attributes in process `syz.5.648'.
[  304.955770][ T8799] netlink: 8 bytes leftover after parsing attributes in process `syz.5.648'.
[  305.123185][ T8808] syz.3.651 uses obsolete (PF_INET,SOCK_PACKET)
[  306.228327][ T5864] usb 2-1: USB disconnect, device number 18
[  306.727181][ T8831] netlink: 268 bytes leftover after parsing attributes in process `syz.6.658'.
[  308.918292][ T8854] netlink: 'syz.3.663': attribute type 10 has an invalid length.
[  309.955863][ T8865] netlink: 20 bytes leftover after parsing attributes in process `syz.1.668'.
[  309.964993][ T8865] netlink: 20 bytes leftover after parsing attributes in process `syz.1.668'.
[  309.974269][ T8865] netlink: 204 bytes leftover after parsing attributes in process `syz.1.668'.
[  310.633371][ T8868] bridge0: entered promiscuous mode
[  310.654937][ T8868] macvlan2: entered promiscuous mode
[  310.676843][ T8868] bridge0: port 3(macvlan2) entered blocking state
[  311.234878][ T8868] bridge0: port 3(macvlan2) entered disabled state
[  311.241625][ T8868] macvlan2: entered allmulticast mode
[  311.298370][ T8868] bridge0: entered allmulticast mode
[  311.357607][ T8868] macvlan2: left allmulticast mode
[  311.410203][ T8868] bridge0: left allmulticast mode
[  311.470300][ T8878] RDS: rds_bind could not find a transport for ::9d:0:0:0:1, load rds_tcp or rds_rdma?
[  311.496067][ T8868] bridge0: left promiscuous mode
[  311.810306][ T8876] macvlan2: entered promiscuous mode
[  312.107770][ T8876] bridge0: entered promiscuous mode
[  312.210391][ T8876] bridge0: port 3(macvlan2) entered blocking state
[  312.311170][ T8876] bridge0: port 3(macvlan2) entered disabled state
[  312.327927][  T975] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  312.498194][ T8876] macvlan2: entered allmulticast mode
[  312.551709][ T8876] bridge0: entered allmulticast mode
[  312.583433][  T975] usb 7-1: Using ep0 maxpacket: 16
[  312.759038][ T8876] macvlan2: left allmulticast mode
[  312.779355][  T975] usb 7-1: unable to get BOS descriptor or descriptor too short
[  312.814413][ T8876] bridge0: left allmulticast mode
[  312.839659][ T8876] bridge0: left promiscuous mode
[  312.852159][ T8889] FAT-fs (nullb0): bogus number of reserved sectors
[  312.860374][ T8889] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  312.877786][  T975] usb 7-1: config 1 has an invalid interface number: 108 but max is 0
[  312.950661][  T975] usb 7-1: config 1 has no interface number 0
[  313.021405][  T975] usb 7-1: config 1 interface 108 has no altsetting 0
[  313.127810][  T975] usb 7-1: language id specifier not provided by device, defaulting to English
[  313.347978][  T975] usb 7-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=b8.92
[  313.392085][  T975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.425148][  T975] usb 7-1: Product: syz
[  313.429353][  T975] usb 7-1: Manufacturer: 섵Ћ鈳彝䊭ⴶ埃ﾔ뎻樗啚捞鄙
[  313.470321][  T975] usb 7-1: SerialNumber: syz
[  313.579195][ T8897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.677'.
[  313.793574][  T975] usbserial_generic 7-1:1.108: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  313.835433][  T975] usbserial_generic 7-1:1.108: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  313.868015][  T975] usbserial_generic 7-1:1.108: device has no bulk endpoints
[  313.881185][  T975] safe_serial 7-1:1.108: safe_serial converter detected
[  313.917290][  T975] usb 7-1: safe_serial converter now attached to ttyUSB0
[  313.947444][  T975] usb 7-1: USB disconnect, device number 13
[  314.021698][  T975] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[  314.109977][  T975] safe_serial 7-1:1.108: device disconnected
[  315.841500][ T8931] bridge0: entered promiscuous mode
[  315.894476][ T8931] macvlan2: entered promiscuous mode
[  315.901255][ T8931] bridge0: port 1(macvlan2) entered blocking state
[  315.909444][ T8931] bridge0: port 1(macvlan2) entered disabled state
[  315.916928][ T8931] macvlan2: entered allmulticast mode
[  315.923316][ T8931] bridge0: entered allmulticast mode
[  315.936871][ T8931] macvlan2: left allmulticast mode
[  315.973313][ T8931] bridge0: left allmulticast mode
[  315.985476][ T8931] bridge0: left promiscuous mode
[  316.354772][ T8923] netlink: 132 bytes leftover after parsing attributes in process `syz.0.685'.
[  317.293533][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  317.301711][ T8941] hub 8-0:1.0: USB hub found
[  317.306781][ T8941] hub 8-0:1.0: 1 port detected
[  318.047005][ T8949] (syz.1.691,8949,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  318.055620][ T8949] (syz.1.691,8949,0):ocfs2_fill_super:1177 ERROR: status = -22
[  320.410304][ T8987] hub 8-0:1.0: USB hub found
[  320.416156][ T8987] hub 8-0:1.0: 1 port detected
[  320.558024][  T975] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  320.728320][  T975] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  320.753153][  T975] usb 7-1: config 0 interface 0 has no altsetting 0
[  320.848782][ T8998] Cannot find add_set index 0 as target
[  320.960038][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  321.062908][  T975] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  321.286765][  T975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.404054][   T10] usb 1-1: Using ep0 maxpacket: 16
[  321.469979][  T975] usb 7-1: Product: syz
[  321.480512][   T10] usb 1-1: no configurations
[  321.495403][  T975] usb 7-1: Manufacturer: syz
[  321.509590][   T10] usb 1-1: can't read configurations, error -22
[  321.516681][  T975] usb 7-1: SerialNumber: syz
[  321.557366][  T975] usb 7-1: config 0 descriptor??
[  321.611350][  T975] usb 7-1: can't set config #0, error -71
[  321.652351][  T975] usb 7-1: USB disconnect, device number 14
[  321.672631][   T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  321.852621][   T10] usb 1-1: Using ep0 maxpacket: 16
[  321.874492][   T10] usb 1-1: no configurations
[  321.888800][   T10] usb 1-1: can't read configurations, error -22
[  321.910840][   T10] usb usb1-port1: attempt power cycle
[  322.252705][   T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  322.333417][   T10] usb 1-1: Using ep0 maxpacket: 16
[  322.393316][   T10] usb 1-1: no configurations
[  322.398326][   T10] usb 1-1: can't read configurations, error -22
[  322.665262][ T9021] netlink: 32 bytes leftover after parsing attributes in process `syz.3.714'.
[  322.702612][   T10] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  323.133734][   T10] usb 1-1: Using ep0 maxpacket: 16
[  323.488467][   T10] usb 1-1: no configurations
[  323.524982][   T10] usb 1-1: can't read configurations, error -22
[  323.572939][   T10] usb usb1-port1: unable to enumerate USB device
[  323.802641][ T9031] netlink: 252 bytes leftover after parsing attributes in process `syz.6.718'.
[  324.100098][   T47] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  324.277156][ T9042] netlink: 56 bytes leftover after parsing attributes in process `syz.6.722'.
[  324.286453][ T9042] netlink: 8 bytes leftover after parsing attributes in process `syz.6.722'.
[  324.389971][ T9047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'.
[  324.391941][   T47] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  324.421229][   T47] usb 2-1: config 0 has no interface number 0
[  324.447646][   T47] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  324.470714][   T47] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  324.483509][   T47] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has invalid maxpacket 43776, setting to 64
[  324.501344][   T47] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  324.528648][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.550968][ T9051] netlink: 830 bytes leftover after parsing attributes in process `syz.0.726'.
[  324.560946][   T47] usb 2-1: Product: syz
[  324.574117][   T47] usb 2-1: Manufacturer: syz
[  325.033489][   T47] usb 2-1: SerialNumber: syz
[  325.764840][   T47] usb 2-1: config 0 descriptor??
[  325.826906][ T9029] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  325.844633][ T9029] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  325.875561][   T47] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  325.918887][   T47] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  326.152692][ T9029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.178429][ T9029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.671163][ T9070] netlink: 'syz.6.731': attribute type 3 has an invalid length.
[  327.845188][ T3644] usb 2-1: USB disconnect, device number 19
[  327.870630][ T9073] netlink: 12 bytes leftover after parsing attributes in process `syz.5.732'.
[  327.879781][ T9073] netlink: 12 bytes leftover after parsing attributes in process `syz.5.732'.
[  327.931405][ T3644] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  327.974223][ T3644] cyberjack 2-1:0.69: device disconnected
[  332.275866][ T9107] bridge0: entered promiscuous mode
[  332.281872][ T9107] macvlan2: entered promiscuous mode
[  332.321354][ T9107] bridge0: port 3(macvlan2) entered blocking state
[  332.329291][ T9107] bridge0: port 3(macvlan2) entered disabled state
[  332.348138][ T9107] macvlan2: entered allmulticast mode
[  332.372314][ T9107] bridge0: entered allmulticast mode
[  332.391016][ T9107] macvlan2: left allmulticast mode
[  332.421661][ T9107] bridge0: left allmulticast mode
[  332.439836][ T9107] bridge0: left promiscuous mode
[  333.251759][ T9120] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  333.618147][ T9123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.749'.
[  333.882785][  T975] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  334.122941][ T9128] netlink: 24 bytes leftover after parsing attributes in process `syz.6.751'.
[  334.201871][  T975] usb 1-1: config 5 has an invalid interface number: 123 but max is 0
[  334.316200][  T975] usb 1-1: config 5 has no interface number 0
[  334.378431][ T9130] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  334.423287][  T975] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  334.566943][  T975] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xE6, changing to 0x86
[  334.646864][  T975] usb 1-1: config 5 interface 123 altsetting 7 endpoint 0x86 has invalid wMaxPacketSize 0
[  334.700093][  T975] usb 1-1: config 5 interface 123 has no altsetting 0
[  334.727605][ T9135] netlink: 'syz.6.754': attribute type 10 has an invalid length.
[  334.956832][  T975] usb 1-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  335.663122][  T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.671162][  T975] usb 1-1: Product: syz
[  335.675381][  T975] usb 1-1: Manufacturer: syz
[  335.679985][  T975] usb 1-1: SerialNumber: syz
[  336.972345][ T9150] usb usb8: usbfs: process 9150 (syz.6.755) did not claim interface 0 before use
[  338.019440][  T975] ni6501 1-1:5.123: driver 'ni6501' failed to auto-configure device.
[  338.112083][  T975] usb 1-1: USB disconnect, device number 20
[  338.145174][ T9155] block nbd0: not configured, cannot reconfigure
[  339.078019][  T975] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  339.092675][ T9169] netlink: 20 bytes leftover after parsing attributes in process `syz.6.763'.
[  339.103235][ T9169] netlink: 20 bytes leftover after parsing attributes in process `syz.6.763'.
[  339.112427][ T9169] netlink: 204 bytes leftover after parsing attributes in process `syz.6.763'.
[  339.729651][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.769000][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.807718][  T975] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  339.821517][  T975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.840542][  T975] usb 1-1: config 0 descriptor??
[  339.842235][ T9174] netlink: 16 bytes leftover after parsing attributes in process `syz.5.765'.
[  339.862619][ T5866] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  340.025545][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.6.766'.
[  340.054267][ T5866] usb 2-1: Using ep0 maxpacket: 32
[  340.081760][ T5866] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  340.111528][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.129377][ T5866] usb 2-1: Product: syz
[  340.143423][ T5866] usb 2-1: Manufacturer: syz
[  340.151376][ T5866] usb 2-1: SerialNumber: syz
[  340.181279][ T5866] usb 2-1: config 0 descriptor??
[  340.267038][  T975] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  340.315119][  T975] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0
[  340.421029][  T975] pyra 0003:1E7D:2CF6.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  340.520072][ T9182] netlink: 12 bytes leftover after parsing attributes in process `syz.5.768'.
[  340.611111][ T5866] airspy 2-1:0.0: Board ID: 00
[  340.646022][ T5866] airspy 2-1:0.0: Firmware version: 
[  340.669423][  T975] pyra 0003:1E7D:2CF6.0005: couldn't init struct pyra_device
[  340.711666][  T975] pyra 0003:1E7D:2CF6.0005: couldn't install mouse
[  340.780695][  T975] pyra 0003:1E7D:2CF6.0005: probe with driver pyra failed with error -71
[  340.875789][  T975] usb 1-1: USB disconnect, device number 21
[  340.950646][ T9190] fido_id[9190]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  341.661983][ T5866] airspy 2-1:0.0: usb_control_msg() failed -71 request 12
[  341.700130][ T5866] airspy 2-1:0.0: Registered as swradio24
[  341.718369][ T5866] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  341.784291][ T5866] usb 2-1: USB disconnect, device number 20
[  342.467558][ T9220] netlink: 104 bytes leftover after parsing attributes in process `syz.1.781'.
[  342.485896][ T9219] can0: slcan on ptm0.
[  342.702629][ T5866] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  342.969916][ T9226] FAULT_INJECTION: forcing a failure.
[  342.969916][ T9226] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  342.983124][ T9226] CPU: 0 UID: 0 PID: 9226 Comm: syz.1.783 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  342.983146][ T9226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.983156][ T9226] Call Trace:
[  342.983163][ T9226]  <TASK>
[  342.983171][ T9226]  dump_stack_lvl+0x189/0x250
[  342.983196][ T9226]  ? __lock_acquire+0xaac/0xd20
[  342.983221][ T9226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.983241][ T9226]  ? __pfx__printk+0x10/0x10
[  342.983265][ T9226]  ? __might_fault+0xb0/0x130
[  342.983299][ T9226]  should_fail_ex+0x414/0x560
[  342.983321][ T9226]  _copy_from_iter+0x1db/0x15a0
[  342.983348][ T9226]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  342.983368][ T9226]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  342.983392][ T9226]  ? __pfx__copy_from_iter+0x10/0x10
[  342.983413][ T9226]  ? __build_skb_around+0x257/0x3e0
[  342.983437][ T9226]  ? netlink_sendmsg+0x642/0xb30
[  342.983453][ T9226]  ? skb_put+0x11b/0x210
[  342.983475][ T9226]  netlink_sendmsg+0x6b2/0xb30
[  342.983492][ T9226]  ? is_bpf_text_address+0x26/0x2b0
[  342.983522][ T9226]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.983549][ T9226]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  342.983566][ T9226]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.983585][ T9226]  __sock_sendmsg+0x219/0x270
[  342.983606][ T9226]  ____sys_sendmsg+0x505/0x830
[  342.983632][ T9226]  ? __pfx_____sys_sendmsg+0x10/0x10
[  342.983662][ T9226]  ? import_iovec+0x74/0xa0
[  342.983686][ T9226]  ___sys_sendmsg+0x21f/0x2a0
[  342.983710][ T9226]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.983766][ T9226]  ? __fget_files+0x2a/0x420
[  342.983781][ T9226]  ? __fget_files+0x3a0/0x420
[  342.983806][ T9226]  __x64_sys_sendmsg+0x19b/0x260
[  342.983830][ T9226]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.983868][ T9226]  ? do_syscall_64+0xba/0x210
[  342.983893][ T9226]  do_syscall_64+0xf6/0x210
[  342.983912][ T9226]  ? clear_bhb_loop+0x60/0xb0
[  342.983933][ T9226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.983948][ T9226] RIP: 0033:0x7f689738e969
[  342.983964][ T9226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.983978][ T9226] RSP: 002b:00007f68981b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.983997][ T9226] RAX: ffffffffffffffda RBX: 00007f68975b5fa0 RCX: 00007f689738e969
[  342.984015][ T9226] RDX: 0000000000044880 RSI: 0000200000000040 RDI: 0000000000000005
[  342.984025][ T9226] RBP: 00007f68981b7090 R08: 0000000000000000 R09: 0000000000000000
[  342.984036][ T9226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.984045][ T9226] R13: 0000000000000000 R14: 00007f68975b5fa0 R15: 00007ffd41ee6088
[  342.984073][ T9226]  </TASK>
[  343.244466][    C0] vkms_vblank_simulate: vblank timer overrun
[  343.413065][ T5866] usb 4-1: config 0 has an invalid interface number: 32 but max is 0
[  343.421190][ T5866] usb 4-1: config 0 has no interface number 0
[  343.427396][ T5866] usb 4-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.442424][ T5866] usb 4-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.452706][ T5866] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  343.461780][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.472682][ T5866] usb 4-1: config 0 descriptor??
[  343.509706][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  343.509733][   T30] audit: type=1326 audit(2000000448.314:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  343.672059][   T30] audit: type=1326 audit(2000000448.314:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  343.701326][   T30] audit: type=1326 audit(2000000448.314:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  343.882330][   T30] audit: type=1326 audit(2000000448.314:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  343.908739][ T5866] hid (null): unknown global tag 0xe
[  344.227556][ T5866] logitech-djreceiver 0003:046D:C71B.0006: unknown global tag 0xe
[  344.693966][ T9218] can0 (unregistered): slcan off ptm0.
[  344.775423][   T30] audit: type=1326 audit(2000000448.314:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  345.526892][   T30] audit: type=1326 audit(2000000448.354:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9222 comm="syz.5.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0358f8e969 code=0x7fc00000
[  346.522588][ T5866] logitech-djreceiver 0003:046D:C71B.0006: item 0 2 1 14 parsing failed
[  346.531784][ T5866] logitech-djreceiver 0003:046D:C71B.0006: logi_dj_probe: parse failed
[  346.547807][ T5866] logitech-djreceiver 0003:046D:C71B.0006: probe with driver logitech-djreceiver failed with error -22
[  346.562152][ T5866] usb 4-1: USB disconnect, device number 8
[  347.031958][ T9250] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  347.834135][    T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  348.041156][    T9] usb 2-1: Using ep0 maxpacket: 16
[  348.073547][ T9266] netlink: 20 bytes leftover after parsing attributes in process `syz.0.794'.
[  348.082861][ T9266] netlink: 20 bytes leftover after parsing attributes in process `syz.0.794'.
[  348.091943][ T9266] netlink: 204 bytes leftover after parsing attributes in process `syz.0.794'.
[  348.224383][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.523645][    T9] usb 2-1: New USB device found, idVendor=102c, idProduct=6151, bcdDevice=2c.ae
[  348.533909][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.360041][    T9] usb 2-1: Product: syz
[  349.378284][    T9] usb 2-1: Manufacturer: syz
[  349.384742][    T9] usb 2-1: SerialNumber: syz
[  349.394180][    T9] usb 2-1: config 0 descriptor??
[  349.431896][    T9] gspca_main: etoms-2.14.0 probing 102c:6151
[  349.800304][    T9] usb 2-1: USB disconnect, device number 21
[  349.832629][ T5866] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  350.026934][ T5866] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  350.049852][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.117357][ T5866] usb 1-1: config 0 descriptor??
[  351.859633][ T9291] usb usb8: usbfs: process 9291 (syz.6.802) did not claim interface 0 before use
[  353.396491][ T9298] dlm: no locking on control device
[  353.440268][ T9298] netlink: 12 bytes leftover after parsing attributes in process `syz.6.804'.
[  353.510999][ T9287] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  353.604436][ T5866] usb 1-1: Cannot set autoneg
[  353.626551][ T5866] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  353.653907][ T9305] netlink: 4 bytes leftover after parsing attributes in process `syz.5.805'.
[  353.698831][ T5866] usb 1-1: USB disconnect, device number 22
[  354.616989][ T9333] netlink: 788 bytes leftover after parsing attributes in process `syz.1.813'.
[  359.412250][ T9365] overlay: ./file0 is not a directory
[  359.919841][   T30] audit: type=1326 audit(2000000464.724:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9369 comm="syz.6.825" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2901b8e969 code=0x0
[  361.888883][ T9398] cgroup: Unknown subsys name 'noxattr'
[  362.093554][   T30] audit: type=1326 audit(2000000466.904:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9397 comm="syz.1.833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f689738e969 code=0x0
[  362.350577][ T9405] sp0: Synchronizing with TNC
[  363.713092][ T9417] netlink: 252 bytes leftover after parsing attributes in process `syz.3.838'.
[  363.881685][ T9422] netlink: 8 bytes leftover after parsing attributes in process `syz.6.841'.
[  364.188517][    T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  364.764619][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  364.882693][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  364.962630][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  364.984724][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  365.001502][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  365.016325][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.053614][    T9] usb 2-1: config 0 descriptor??
[  365.956866][ T9437] netlink: 56 bytes leftover after parsing attributes in process `syz.0.845'.
[  366.045310][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.845'.
[  366.364992][    T9] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  366.433369][    T9] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  366.663978][ T9450] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  366.766772][ T9419] 8021q: VLANs not supported on vxcan0
[  366.818619][  T975] usb 2-1: USB disconnect, device number 22
[  369.005135][ T9482] netlink: 'syz.1.860': attribute type 7 has an invalid length.
[  369.038586][ T9482] lo speed is unknown, defaulting to 1000
[  370.263315][  T975] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  370.614610][ T9499] netlink: 12 bytes leftover after parsing attributes in process `syz.3.863'.
[  370.631756][ T9499] netlink: 12 bytes leftover after parsing attributes in process `syz.3.863'.
[  370.644641][  T975] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  370.679138][  T975] usb 6-1: config 0 has no interface number 0
[  370.704757][  T975] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  370.733782][  T975] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  370.766365][ T9501] netlink: 'syz.6.865': attribute type 3 has an invalid length.
[  370.818060][  T975] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  370.832251][  T975] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  370.847859][  T975] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  370.869299][  T975] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  370.985825][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.040775][  T975] usb 6-1: config 0 descriptor??
[  371.056198][ T9484] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  371.069531][  T975] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  372.952966][  T975] usb 6-1: USB disconnect, device number 15
[  373.255381][  T975] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  373.328580][ T9512] sctp: failed to load transform for md5: -2
[  373.452084][ T9519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.870'.
[  373.530304][ T9519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.870'.
[  373.819918][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  373.882567][ T5866] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  373.918811][ T9519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.870'.
[  373.931156][ T9519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.870'.
[  374.304198][ T9529] usb usb8: usbfs: process 9529 (syz.5.872) did not claim interface 0 before use
[  374.982609][ T5866] usb 1-1: Using ep0 maxpacket: 32
[  375.033043][    T9] usb 2-1: device descriptor read/all, error -71
[  375.055777][ T5866] usb 1-1: config 0 has an invalid interface number: 96 but max is 0
[  375.092747][ T5866] usb 1-1: config 0 has no interface number 0
[  375.149672][ T5866] usb 1-1: New USB device found, idVendor=05d1, idProduct=9006, bcdDevice=48.7b
[  375.414066][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.575557][ T5866] usb 1-1: Product: syz
[  375.600214][ T5866] usb 1-1: Manufacturer: syz
[  375.611444][ T9535] bridge0: entered promiscuous mode
[  375.624240][ T5866] usb 1-1: SerialNumber: syz
[  375.631322][ T9535] macvlan2: entered promiscuous mode
[  375.654855][ T5866] usb 1-1: config 0 descriptor??
[  375.851646][ T9535] bridge0: port 1(macvlan2) entered blocking state
[  375.940919][ T5866] hub 1-1:0.96: bad descriptor, ignoring hub
[  375.942918][ T9535] bridge0: port 1(macvlan2) entered disabled state
[  375.956966][ T9541] Cannot find add_set index 0 as target
[  376.097514][ T5866] hub 1-1:0.96: probe with driver hub failed with error -5
[  376.097840][ T9535] macvlan2: entered allmulticast mode
[  376.153792][ T9535] bridge0: entered allmulticast mode
[  376.247195][ T5866] ftdi_sio 1-1:0.96: FTDI USB Serial Device converter detected
[  376.597686][ T5866] ftdi_sio ttyUSB0: unknown device type: 0x487b
[  376.692880][ T9535] macvlan2: left allmulticast mode
[  376.763177][ T9535] bridge0: left allmulticast mode
[  376.801671][ T9535] bridge0: left promiscuous mode
[  377.123021][ T5866] usb 1-1: USB disconnect, device number 23
[  377.138313][ T5866] ftdi_sio 1-1:0.96: device disconnected
[  378.580111][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  379.272965][ T9567] netlink: 28 bytes leftover after parsing attributes in process `syz.6.883'.
[  379.284850][ T9567] netlink: 28 bytes leftover after parsing attributes in process `syz.6.883'.
[  382.434225][ T3644] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  383.334822][ T3644] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  383.344583][ T3644] usb 7-1: config 0 has no interface number 0
[  383.353007][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  383.377342][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  383.411001][ T3644] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  383.443011][ T3644] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  383.500952][ T3644] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  383.519535][ T3644] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  383.530227][ T3644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.515804][ T9605] loop2: detected capacity change from 0 to 7
[  384.517551][ T3644] usb 7-1: config 0 descriptor??
[  384.614799][ T3644] usb 7-1: can't set config #0, error -71
[  384.626340][ T3644] usb 7-1: USB disconnect, device number 15
[  385.235688][ T3644] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  386.585670][ T3644] usb 7-1: Using ep0 maxpacket: 16
[  386.753572][ T3644] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  386.768014][ T3644] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  386.779032][ T3644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.793931][ T3644] usb 7-1: config 0 descriptor??
[  387.322692][ T5864] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  387.368594][ T3644] usbhid 7-1:0.0: can't add hid device: -71
[  387.378842][ T3644] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  387.426781][ T3644] usb 7-1: USB disconnect, device number 16
[  387.502819][ T5864] usb 2-1: Using ep0 maxpacket: 8
[  387.547155][ T5864] usb 2-1: config 0 has no interfaces?
[  387.572653][ T5864] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  387.581741][ T5864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.601697][ T5864] usb 2-1: config 0 descriptor??
[  387.659977][ T9662] ipt_ECN: cannot use operation on non-tcp rule
[  387.927311][ T9647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.063631][ T9647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.135771][ T9666] FAULT_INJECTION: forcing a failure.
[  388.135771][ T9666] name failslab, interval 1, probability 0, space 0, times 0
[  388.149389][ T9666] CPU: 0 UID: 0 PID: 9666 Comm: syz.0.915 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  388.149411][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  388.149425][ T9666] Call Trace:
[  388.149433][ T9666]  <TASK>
[  388.149442][ T9666]  dump_stack_lvl+0x189/0x250
[  388.149471][ T9666]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.149492][ T9666]  ? __pfx__printk+0x10/0x10
[  388.149523][ T9666]  ? ref_tracker_alloc+0x318/0x460
[  388.149544][ T9666]  should_fail_ex+0x414/0x560
[  388.149566][ T9666]  should_failslab+0xa8/0x100
[  388.149584][ T9666]  kmem_cache_alloc_noprof+0x73/0x3c0
[  388.149607][ T9666]  ? skb_clone+0x212/0x3a0
[  388.149634][ T9666]  skb_clone+0x212/0x3a0
[  388.149659][ T9666]  __netlink_deliver_tap+0x404/0x850
[  388.149698][ T9666]  ? netlink_deliver_tap+0x2e/0x1b0
[  388.149718][ T9666]  netlink_deliver_tap+0x19c/0x1b0
[  388.149738][ T9666]  netlink_unicast+0x72f/0x8d0
[  388.149766][ T9666]  netlink_sendmsg+0x805/0xb30
[  388.149783][ T9666]  ? is_bpf_text_address+0x26/0x2b0
[  388.149814][ T9666]  ? __pfx_netlink_sendmsg+0x10/0x10
[  388.149841][ T9666]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  388.149858][ T9666]  ? __pfx_netlink_sendmsg+0x10/0x10
[  388.149878][ T9666]  __sock_sendmsg+0x219/0x270
[  388.149899][ T9666]  ____sys_sendmsg+0x505/0x830
[  388.149926][ T9666]  ? __pfx_____sys_sendmsg+0x10/0x10
[  388.149957][ T9666]  ? import_iovec+0x74/0xa0
[  388.149983][ T9666]  ___sys_sendmsg+0x21f/0x2a0
[  388.150007][ T9666]  ? __pfx____sys_sendmsg+0x10/0x10
[  388.150066][ T9666]  ? __fget_files+0x2a/0x420
[  388.150081][ T9666]  ? __fget_files+0x3a0/0x420
[  388.150107][ T9666]  __x64_sys_sendmsg+0x19b/0x260
[  388.150132][ T9666]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  388.150171][ T9666]  ? do_syscall_64+0xba/0x210
[  388.150195][ T9666]  do_syscall_64+0xf6/0x210
[  388.150216][ T9666]  ? clear_bhb_loop+0x60/0xb0
[  388.150237][ T9666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.150252][ T9666] RIP: 0033:0x7fd0d058e969
[  388.150267][ T9666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.150282][ T9666] RSP: 002b:00007fd0d131e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  388.150300][ T9666] RAX: ffffffffffffffda RBX: 00007fd0d07b5fa0 RCX: 00007fd0d058e969
[  388.150311][ T9666] RDX: 0000000000044880 RSI: 0000200000000040 RDI: 0000000000000005
[  388.150321][ T9666] RBP: 00007fd0d131e090 R08: 0000000000000000 R09: 0000000000000000
[  388.150332][ T9666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.150341][ T9666] R13: 0000000000000000 R14: 00007fd0d07b5fa0 R15: 00007ffd556ca3c8
[  388.150370][ T9666]  </TASK>
[  388.409093][    C0] vkms_vblank_simulate: vblank timer overrun
[  388.653278][ T9675] netlink: 'syz.3.917': attribute type 83 has an invalid length.
[  388.738612][ T9647] netlink: 228 bytes leftover after parsing attributes in process `syz.1.908'.
[  388.945361][ T5865] usb 2-1: USB disconnect, device number 25
[  391.183306][ T5865] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  391.308222][ T9701] fuse: Unknown parameter './file0'
[  391.353242][ T5865] usb 2-1: device descriptor read/64, error -71
[  391.530459][ T9705] netlink: 164 bytes leftover after parsing attributes in process `syz.6.927'.
[  391.622737][ T5865] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  391.782649][ T5865] usb 2-1: device descriptor read/64, error -71
[  392.292631][ T9723] siw: device registration error -23
[  392.539959][ T5865] usb usb2-port1: attempt power cycle
[  393.118714][   T30] audit: type=1804 audit(2000000497.914:26): pid=9714 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.929" name="/newroot/165/file0/file0" dev="ramfs" ino=21382 res=1 errno=0
[  393.183568][ T5865] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  393.263684][ T5865] usb 2-1: device descriptor read/8, error -71
[  393.324361][ T9729] netlink: 56 bytes leftover after parsing attributes in process `syz.0.932'.
[  393.542891][ T5865] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  394.362961][ T5865] usb 2-1: device descriptor read/8, error -71
[  394.516490][ T5865] usb usb2-port1: unable to enumerate USB device
[  396.213267][ T5865] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  396.754253][ T5865] usb 2-1: config 2 has an invalid interface number: 108 but max is 0
[  396.797040][ T5865] usb 2-1: config 2 has no interface number 0
[  396.831203][ T5865] usb 2-1: config 2 interface 108 has no altsetting 0
[  396.850927][ T5865] usb 2-1: New USB device found, idVendor=129b, idProduct=160c, bcdDevice=1b.d8
[  396.891819][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.987202][ T5865] usb 2-1: Product: syz
[  397.032422][ T5865] usb 2-1: Manufacturer: syz
[  397.092194][ T5865] usb 2-1: SerialNumber: syz
[  397.103316][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  397.564491][ T5864] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  397.602648][    T9] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  397.663175][ T5865] usb 2-1: Could not find all expected endpoints
[  397.680648][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.725767][ T5865] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  397.733206][    T9] usb 4-1: Product: syz
[  397.737385][    T9] usb 4-1: Manufacturer: syz
[  397.741987][    T9] usb 4-1: SerialNumber: syz
[  397.753402][ T5865] usb 2-1: MIDIStreaming interface descriptor not found
[  397.922180][ T5864] usb 1-1: device descriptor read/64, error -71
[  397.933739][    T9] usb 4-1: config 0 descriptor??
[  397.963361][    T9] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  397.972240][ T9776] netlink: 788 bytes leftover after parsing attributes in process `syz.1.946'.
[  398.037754][ T5865] usb 2-1: USB disconnect, device number 30
[  398.182731][ T5864] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  398.223062][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:2.108/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  398.822568][ T5864] usb 1-1: device descriptor read/64, error -71
[  399.120832][ T5864] usb usb1-port1: attempt power cycle
[  399.314565][    T9] gspca_sunplus: reg_r err -32
[  401.012591][ T9798] (syz.3.951,9798,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  401.022653][ T9798] (syz.3.951,9798,1):ocfs2_fill_super:1177 ERROR: status = -22
[  405.272984][    T9] sunplus 4-1:0.0: probe with driver sunplus failed with error -32
[  405.372985][    T9] usb 4-1: USB disconnect, device number 9
[  406.231806][ T9844] netlink: 32 bytes leftover after parsing attributes in process `syz.3.960'.
[  406.261740][ T9845] netlink: 432 bytes leftover after parsing attributes in process `syz.6.961'.
[  406.301122][ T9846] netlink: 16 bytes leftover after parsing attributes in process `syz.5.959'.
[  409.602652][   T24] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  409.792897][   T24] usb 1-1: Using ep0 maxpacket: 8
[  409.824452][   T24] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  409.842515][   T24] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  410.733903][   T24] usb 1-1: config 135 has no interface number 0
[  410.883715][ T9881] netlink: 68 bytes leftover after parsing attributes in process `syz.6.971'.
[  411.358528][   T24] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  411.442989][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.469730][   T24] usb 1-1: Product: syz
[  411.479859][   T24] usb 1-1: Manufacturer: syz
[  411.496210][   T24] usb 1-1: SerialNumber: syz
[  411.972233][ T9894] loop2: detected capacity change from 0 to 7
[  412.035177][ T9894] Dev loop2: unable to read RDB block 7
[  412.052619][ T9894]  loop2: unable to read partition table
[  412.058526][ T9894] loop2: partition table beyond EOD, truncated
[  412.366372][ T9894] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  413.232085][ T9903] macvlan2: entered promiscuous mode
[  413.262717][ T9903] bridge0: entered promiscuous mode
[  413.268989][ T9903] bridge0: port 3(macvlan2) entered blocking state
[  413.313070][ T9903] bridge0: port 3(macvlan2) entered disabled state
[  413.359771][ T9903] macvlan2: entered allmulticast mode
[  413.373170][ T9903] bridge0: entered allmulticast mode
[  413.403474][ T9903] macvlan2: left allmulticast mode
[  413.409390][ T9903] bridge0: left allmulticast mode
[  414.354233][ T9903] bridge0: left promiscuous mode
[  414.831631][ T5867] usb 1-1: USB disconnect, device number 27
[  415.426924][ T9924] netlink: 20 bytes leftover after parsing attributes in process `syz.0.985'.
[  415.436162][ T9924] netlink: 20 bytes leftover after parsing attributes in process `syz.0.985'.
[  415.445508][ T9924] netlink: 204 bytes leftover after parsing attributes in process `syz.0.985'.
[  416.040391][ T9927] netlink: 24 bytes leftover after parsing attributes in process `syz.1.986'.
[  416.130010][ T9928] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  416.503195][ T9940] FAULT_INJECTION: forcing a failure.
[  416.503195][ T9940] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.538884][ T9940] CPU: 0 UID: 0 PID: 9940 Comm: syz.5.992 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  416.538908][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  416.538918][ T9940] Call Trace:
[  416.538926][ T9940]  <TASK>
[  416.538933][ T9940]  dump_stack_lvl+0x189/0x250
[  416.538963][ T9940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.538984][ T9940]  ? __pfx__printk+0x10/0x10
[  416.539020][ T9940]  should_fail_ex+0x414/0x560
[  416.539043][ T9940]  _copy_to_user+0x31/0xb0
[  416.539067][ T9940]  simple_read_from_buffer+0xe1/0x170
[  416.539095][ T9940]  proc_fail_nth_read+0x1df/0x250
[  416.539117][ T9940]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  416.539137][ T9940]  ? rw_verify_area+0x258/0x650
[  416.539157][ T9940]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  416.539176][ T9940]  vfs_read+0x200/0x980
[  416.539202][ T9940]  ? __pfx___mutex_lock+0x10/0x10
[  416.539224][ T9940]  ? __pfx_vfs_read+0x10/0x10
[  416.539246][ T9940]  ? __fget_files+0x2a/0x420
[  416.539266][ T9940]  ? __fget_files+0x3a0/0x420
[  416.539280][ T9940]  ? __fget_files+0x2a/0x420
[  416.539304][ T9940]  ksys_read+0x145/0x250
[  416.539328][ T9940]  ? __pfx_ksys_read+0x10/0x10
[  416.539352][ T9940]  ? do_syscall_64+0xba/0x210
[  416.539377][ T9940]  do_syscall_64+0xf6/0x210
[  416.539397][ T9940]  ? clear_bhb_loop+0x60/0xb0
[  416.539418][ T9940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.539433][ T9940] RIP: 0033:0x7f0358f8d37c
[  416.539449][ T9940] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  416.539463][ T9940] RSP: 002b:00007f0359e97030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  416.539481][ T9940] RAX: ffffffffffffffda RBX: 00007f03591b6080 RCX: 00007f0358f8d37c
[  416.539493][ T9940] RDX: 000000000000000f RSI: 00007f0359e970a0 RDI: 0000000000000008
[  416.539504][ T9940] RBP: 00007f0359e97090 R08: 0000000000000000 R09: 0000000000000000
[  416.539514][ T9940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.539523][ T9940] R13: 0000000000000000 R14: 00007f03591b6080 R15: 00007ffc4a0b28f8
[  416.539551][ T9940]  </TASK>
[  417.094374][ T9951] input: syz1 as /devices/virtual/input/input11
[  417.310133][ T9949] netfs: Couldn't get user pages (rc=-14)
[  417.602734][ T5867] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  417.792690][ T5867] usb 4-1: Using ep0 maxpacket: 8
[  417.950347][ T5867] usb 4-1: config 135 has an invalid interface number: 230 but max is 0
[  417.978108][ T5867] usb 4-1: config 135 has an invalid descriptor of length 97, skipping remainder of the config
[  418.277277][ T9967] netlink: 112 bytes leftover after parsing attributes in process `syz.6.997'.
[  418.478853][ T5867] usb 4-1: config 135 has no interface number 0
[  418.589380][ T5867] usb 4-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  418.650087][ T5867] usb 4-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  418.692770][ T5867] usb 4-1: config 135 interface 230 has no altsetting 0
[  418.722727][ T5867] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  418.740466][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.771401][ T5867] usb 4-1: Product: syz
[  418.841905][ T5867] usb 4-1: Manufacturer: syz
[  418.874739][ T5867] usb 4-1: SerialNumber: syz
[  420.283232][ T9979] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1002'.
[  421.764549][ T9988] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1005'.
[  421.838974][ T3556] ==================================================================
[  421.847075][ T3556] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x1da/0x5f0
[  421.854720][ T3556] Read of size 4 at addr ffff88807dabdb78 by task kworker/u8:7/3556
[  421.862697][ T3556] 
[  421.865017][ T3556] CPU: 0 UID: 0 PID: 3556 Comm: kworker/u8:7 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  421.865035][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.865046][ T3556] Workqueue: events_unbound netfs_write_collection_worker
[  421.865065][ T3556] Call Trace:
[  421.865073][ T3556]  <TASK>
[  421.865080][ T3556]  dump_stack_lvl+0x189/0x250
[  421.865099][ T3556]  ? __kasan_check_byte+0x12/0x40
[  421.865121][ T3556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.865140][ T3556]  ? lock_release+0x4b/0x3e0
[  421.865155][ T3556]  ? lock_release+0x4b/0x3e0
[  421.865175][ T3556]  ? __virt_addr_valid+0x469/0x540
[  421.865191][ T3556]  print_report+0xb4/0x290
[  421.865208][ T3556]  ? iov_iter_revert+0x1da/0x5f0
[  421.865223][ T3556]  kasan_report+0x118/0x150
[  421.865244][ T3556]  ? iov_iter_revert+0x1da/0x5f0
[  421.865262][ T3556]  iov_iter_revert+0x1da/0x5f0
[  421.865282][ T3556]  netfs_retry_writes+0x1645/0x1840
[  421.865305][ T3556]  ? __pfx_netfs_retry_writes+0x10/0x10
[  421.865328][ T3556]  ? __lock_acquire+0xaac/0xd20
[  421.865349][ T3556]  netfs_write_collection_worker+0x2007/0x2bd0
[  421.865376][ T3556]  ? process_scheduled_works+0x9ec/0x17a0
[  421.865396][ T3556]  process_scheduled_works+0xade/0x17a0
[  421.865425][ T3556]  ? __pfx_process_scheduled_works+0x10/0x10
[  421.865450][ T3556]  worker_thread+0x8a0/0xda0
[  421.865464][ T3556]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  421.865482][ T3556]  ? __kthread_parkme+0x7b/0x200
[  421.865500][ T3556]  kthread+0x711/0x8a0
[  421.865515][ T3556]  ? __pfx_worker_thread+0x10/0x10
[  421.865528][ T3556]  ? __pfx_kthread+0x10/0x10
[  421.865542][ T3556]  ? __pfx_kthread+0x10/0x10
[  421.865556][ T3556]  ? _raw_spin_unlock_irq+0x23/0x50
[  421.865570][ T3556]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.865588][ T3556]  ? __pfx_kthread+0x10/0x10
[  421.865603][ T3556]  ret_from_fork+0x4b/0x80
[  421.865616][ T3556]  ? __pfx_kthread+0x10/0x10
[  421.865631][ T3556]  ret_from_fork_asm+0x1a/0x30
[  421.865655][ T3556]  </TASK>
[  421.865661][ T3556] 
[  422.058450][ T3556] Allocated by task 9946:
[  422.062766][ T3556]  kasan_save_track+0x3e/0x80
[  422.067441][ T3556]  __kasan_kmalloc+0x93/0xb0
[  422.072023][ T3556]  __kmalloc_cache_noprof+0x230/0x3d0
[  422.077392][ T3556]  kmem_cache_free+0x169/0x3f0
[  422.082149][ T3556]  exit_mmap+0x593/0xba0
[  422.086390][ T3556]  __mmput+0x118/0x410
[  422.090449][ T3556]  exit_mm+0x1da/0x2c0
[  422.094696][ T3556]  do_exit+0x859/0x2550
[  422.098851][ T3556]  do_group_exit+0x21c/0x2d0
[  422.103434][ T3556]  get_signal+0x125e/0x1310
[  422.107935][ T3556]  arch_do_signal_or_restart+0x95/0x780
[  422.113487][ T3556]  syscall_exit_to_user_mode+0x8b/0x120
[  422.119041][ T3556]  do_syscall_64+0x103/0x210
[  422.123633][ T3556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.129522][ T3556] 
[  422.131836][ T3556] Freed by task 0:
[  422.135546][ T3556]  kasan_save_track+0x3e/0x80
[  422.140227][ T3556]  kasan_save_free_info+0x46/0x50
[  422.145250][ T3556]  __kasan_slab_free+0x62/0x70
[  422.150032][ T3556]  kfree+0x193/0x440
[  422.153926][ T3556]  slab_free_after_rcu_debug+0x62/0x290
[  422.159463][ T3556]  rcu_core+0xca5/0x1710
[  422.163698][ T3556]  handle_softirqs+0x283/0x870
[  422.168458][ T3556]  __irq_exit_rcu+0xca/0x1f0
[  422.173044][ T3556]  irq_exit_rcu+0x9/0x30
[  422.177290][ T3556]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  422.182915][ T3556]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  422.188882][ T3556] 
[  422.191194][ T3556] Last potentially related work creation:
[  422.196899][ T3556]  kasan_save_stack+0x3e/0x60
[  422.201571][ T3556]  kasan_record_aux_stack+0xbc/0xd0
[  422.206756][ T3556]  call_rcu+0x142/0x990
[  422.210908][ T3556]  kmem_cache_free+0x301/0x3f0
[  422.215665][ T3556]  exit_mmap+0x593/0xba0
[  422.219906][ T3556]  __mmput+0x118/0x410
[  422.223994][ T3556]  exit_mm+0x1da/0x2c0
[  422.228064][ T3556]  do_exit+0x859/0x2550
[  422.232226][ T3556]  do_group_exit+0x21c/0x2d0
[  422.236811][ T3556]  get_signal+0x125e/0x1310
[  422.241314][ T3556]  arch_do_signal_or_restart+0x95/0x780
[  422.246862][ T3556]  syscall_exit_to_user_mode+0x8b/0x120
[  422.252403][ T3556]  do_syscall_64+0x103/0x210
[  422.256986][ T3556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.262865][ T3556] 
[  422.265178][ T3556] The buggy address belongs to the object at ffff88807dabdb40
[  422.265178][ T3556]  which belongs to the cache kmalloc-32 of size 32
[  422.279048][ T3556] The buggy address is located 24 bytes to the right of
[  422.279048][ T3556]  allocated 32-byte region [ffff88807dabdb40, ffff88807dabdb60)
[  422.293532][ T3556] 
[  422.295855][ T3556] The buggy address belongs to the physical page:
[  422.302265][ T3556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7dabd
[  422.311023][ T3556] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  422.318473][ T3556] page_type: f5(slab)
[  422.322447][ T3556] raw: 00fff00000000000 ffff88801a041780 ffffea0000c2fb80 dead000000000003
[  422.331023][ T3556] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  422.339591][ T3556] page dumped because: kasan: bad access detected
[  422.346166][ T3556] page_owner tracks the page as allocated
[  422.351877][ T3556] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5188, tgid 5188 (udevd), ts 184953301765, free_ts 184747946687
[  422.369580][ T3556]  post_alloc_hook+0x1d8/0x230
[  422.374344][ T3556]  get_page_from_freelist+0x21c7/0x22a0
[  422.379883][ T3556]  __alloc_frozen_pages_noprof+0x181/0x370
[  422.385684][ T3556]  alloc_pages_mpol+0x232/0x4a0
[  422.390615][ T3556]  allocate_slab+0x8a/0x3b0
[  422.395115][ T3556]  ___slab_alloc+0xbfc/0x1480
[  422.399788][ T3556]  __kmalloc_cache_noprof+0x296/0x3d0
[  422.405155][ T3556]  kmem_cache_free+0x169/0x3f0
[  422.409911][ T3556]  fput_close_sync+0x119/0x200
[  422.414662][ T3556]  __x64_sys_close+0x7f/0x110
[  422.419328][ T3556]  do_syscall_64+0xf6/0x210
[  422.423824][ T3556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.429707][ T3556] page last free pid 5866 tgid 5866 stack trace:
[  422.436033][ T3556]  __free_frozen_pages+0xb05/0xcd0
[  422.441133][ T3556]  vfree+0x1a6/0x330
[  422.445018][ T3556]  delayed_vfree_work+0x55/0x80
[  422.449858][ T3556]  process_scheduled_works+0xade/0x17a0
[  422.455400][ T3556]  worker_thread+0x8a0/0xda0
[  422.459977][ T3556]  kthread+0x711/0x8a0
[  422.464035][ T3556]  ret_from_fork+0x4b/0x80
[  422.468441][ T3556]  ret_from_fork_asm+0x1a/0x30
[  422.473199][ T3556] 
[  422.475512][ T3556] Memory state around the buggy address:
[  422.481144][ T3556]  ffff88807dabda00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  422.489189][ T3556]  ffff88807dabda80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  422.497238][ T3556] >ffff88807dabdb00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  422.505289][ T3556]                                                                 ^
[  422.513248][ T3556]  ffff88807dabdb80: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  422.521298][ T3556]  ffff88807dabdc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  422.529345][ T3556] ==================================================================
[  422.574465][ T3556] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  422.581686][ T3556] CPU: 0 UID: 0 PID: 3556 Comm: kworker/u8:7 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[  422.592103][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  422.602149][ T3556] Workqueue: events_unbound netfs_write_collection_worker
[  422.609261][ T3556] Call Trace:
[  422.612529][ T3556]  <TASK>
[  422.615450][ T3556]  dump_stack_lvl+0x99/0x250
[  422.620035][ T3556]  ? __asan_memcpy+0x40/0x70
[  422.624624][ T3556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.629819][ T3556]  ? __pfx__printk+0x10/0x10
[  422.634410][ T3556]  panic+0x2db/0x790
[  422.638386][ T3556]  ? __pfx_preempt_schedule+0x10/0x10
[  422.643756][ T3556]  ? __pfx_panic+0x10/0x10
[  422.648264][ T3556]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  422.654151][ T3556]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  422.660475][ T3556]  ? iov_iter_revert+0x1da/0x5f0
[  422.665411][ T3556]  check_panic_on_warn+0x89/0xb0
[  422.670345][ T3556]  ? iov_iter_revert+0x1da/0x5f0
[  422.675271][ T3556]  end_report+0x78/0x160
[  422.679508][ T3556]  kasan_report+0x129/0x150
[  422.684015][ T3556]  ? iov_iter_revert+0x1da/0x5f0
[  422.688950][ T3556]  iov_iter_revert+0x1da/0x5f0
[  422.693709][ T3556]  netfs_retry_writes+0x1645/0x1840
[  422.698910][ T3556]  ? __pfx_netfs_retry_writes+0x10/0x10
[  422.704451][ T3556]  ? __lock_acquire+0xaac/0xd20
[  422.709298][ T3556]  netfs_write_collection_worker+0x2007/0x2bd0
[  422.715453][ T3556]  ? process_scheduled_works+0x9ec/0x17a0
[  422.721178][ T3556]  process_scheduled_works+0xade/0x17a0
[  422.726732][ T3556]  ? __pfx_process_scheduled_works+0x10/0x10
[  422.732717][ T3556]  worker_thread+0x8a0/0xda0
[  422.737299][ T3556]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  422.743623][ T3556]  ? __kthread_parkme+0x7b/0x200
[  422.748555][ T3556]  kthread+0x711/0x8a0
[  422.752619][ T3556]  ? __pfx_worker_thread+0x10/0x10
[  422.757724][ T3556]  ? __pfx_kthread+0x10/0x10
[  422.762311][ T3556]  ? __pfx_kthread+0x10/0x10
[  422.766895][ T3556]  ? _raw_spin_unlock_irq+0x23/0x50
[  422.772085][ T3556]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.777287][ T3556]  ? __pfx_kthread+0x10/0x10
[  422.781880][ T3556]  ret_from_fork+0x4b/0x80
[  422.786291][ T3556]  ? __pfx_kthread+0x10/0x10
[  422.790888][ T3556]  ret_from_fork_asm+0x1a/0x30
[  422.795662][ T3556]  </TASK>
[  422.798902][ T3556] Kernel Offset: disabled
[  422.803219][ T3556] Rebooting in 86400 seconds..