last executing test programs:

13m17.627155674s ago: executing program 3 (id=566):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)={0x1, 0x2, 0x4, 0xffff, 0x0, "008ef14ba278887cb0baba08431799317e6324"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000240)={0x9, 0x0, 0x9, 0x0, 0x0, 0x2, "0ff800dbdf00c8c4dd4f46d40eafa86d", 0x8, 0x2, 0x12, 0xff, 0x0, 0x1, 0xff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x2, &(0x7f0000d88000/0x2000)=nil, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000))
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r5, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
close(r5)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020}, 0x2020)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002380)={0x78, 0x2, 0x6, 0x201, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x28}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x40}]}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x9}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x78}}, 0x80)
syz_usb_connect(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100003ef224407c2c06034171010203010902240001fc0000000904eb8002ff00000409058303000000f4d976526e000009058a03", @ANYRES8], 0x0)
dup(r0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x24000050)

13m13.959673972s ago: executing program 3 (id=576):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, 0x0, 0x52)
syz_open_dev$tty20(0xc, 0x4, 0x0)

13m13.409220873s ago: executing program 3 (id=579):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
io_uring_setup(0x4f01, &(0x7f0000000180))
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
fsmount(r0, 0x1, 0x81)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fdatasync(0xffffffffffffffff)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [0x8], [0x8200], 0x1}}})
syz_io_uring_setup(0x3b29, &(0x7f0000000140)={0x0, 0xbdac, 0x0, 0x8000, 0xfffffffe}, &(0x7f0000000240), 0x0)
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800})

13m12.181856521s ago: executing program 3 (id=580):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x1c)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2805011, 0x0)
mount$bind(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)

13m11.934075453s ago: executing program 3 (id=584):
sync()
sync()
sync()
r0 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
pread64(r0, &(0x7f00000002c0)=""/75, 0x4b, 0x0)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000140)={0xb})

13m9.774758278s ago: executing program 3 (id=589):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000240)={'gre0\x00', r3, 0x700, 0x8728, 0x0, 0x6, {{0x9, 0x4, 0x0, 0x3d, 0x24, 0x68, 0x0, 0x9f, 0x4, 0x0, @remote, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x8, 0x3, [{0x0, 0x2}]}, @timestamp_prespec={0x44, 0x4, 0x4d, 0x3, 0x4}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'gretap0\x00', 0x0})
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3e}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa0}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

13m9.29027727s ago: executing program 32 (id=589):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000240)={'gre0\x00', r3, 0x700, 0x8728, 0x0, 0x6, {{0x9, 0x4, 0x0, 0x3d, 0x24, 0x68, 0x0, 0x9f, 0x4, 0x0, @remote, @empty, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x8, 0x3, [{0x0, 0x2}]}, @timestamp_prespec={0x44, 0x4, 0x4d, 0x3, 0x4}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'gretap0\x00', 0x0})
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3e}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa0}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

12.870765264s ago: executing program 0 (id=2877):
fanotify_init(0x4, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = userfaultfd(0x80001)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r3, 0x0, 0x40000}, 0x18)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})

12.80567795s ago: executing program 2 (id=2878):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x8, 0x7}}, @TCA_FLOWER_KEY_ARP_SIP={0x8, 0x39, @empty}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK={0x6}, @TCA_FLOWER_KEY_ARP_OP={0x5, 0x3d, 0x5}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x0)

11.577122779s ago: executing program 4 (id=2881):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x100)
mount$overlay(0x7900000000000000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})

11.564208461s ago: executing program 2 (id=2883):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x11)
fcntl$notify(r0, 0x402, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000006b8a00fe00000000c7080000010000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb7020000080000fa18230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000300ff010000d67600007f00000003000000"], 0x118)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/233, &(0x7f00000001c0), 0x0, 0x6}, 0x38)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x15, '\x00', 0x0, @fallback=0x1, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x55d401, 0x159)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
mknodat(r3, &(0x7f0000000040)='./bus\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000002c0), 0xffffffff, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x1e)
renameat2(r3, &(0x7f0000000380)='./bus\x00', r3, &(0x7f0000000400)='./file1\x00', 0x2)
unshare(0x20000600)
waitid(0x1, 0x0, &(0x7f0000000440), 0x8, &(0x7f0000000680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x7, 0x800c8e}, {0x16, 0x0, 0x5, 0x4}]}, 0x10)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)

11.349803071s ago: executing program 4 (id=2884):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000dc0)={&(0x7f0000000c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@const={0x11}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)

11.249225505s ago: executing program 0 (id=2885):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0xe)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000e00)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x268, 0x311, 0x0, 0x268, 0x3f0, 0x460, 0x460, 0x3f0, 0x460, 0x9, 0x0, {[{{@uncond, 0x160, 0x288, 0x2b0, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x7f800000000000, 0x0, 0x0, 0x80, 0x5, 0x9}}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @private2, @remote, [], [], [], 0x0, 0x7863}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xd8, 0x140, 0xe4030000, {}, [@common=@unspec=@realm={{0x30}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
rt_sigpending(0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
r3 = syz_io_uring_setup(0x6906, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x10c}, &(0x7f0000000280), &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r3}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000080))
syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r3, 0x5753, 0x0, 0x0, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r8, @ANYBLOB="05005b"], 0x24}}, 0x0)
close(0x4)
ioctl$VHOST_NET_SET_BACKEND(r2, 0xaf02, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$DRM_IOCTL_MODE_ATOMIC(r10, 0xc03864bc, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)

10.10975774s ago: executing program 2 (id=2887):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0)
lseek(r0, 0x800, 0x100000000000000)

10.096671203s ago: executing program 4 (id=2888):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0)
recvmmsg(r1, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)=""/220, 0xdc}, {&(0x7f0000000500)=""/196, 0xc4}], 0x2}, 0x728f}], 0x1, 0xffffff8d, 0x0)

9.988418711s ago: executing program 0 (id=2889):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000400)={r3}, &(0x7f0000000280)=0x8)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000400)={0x22, 0x37, 0x1, {0x2, 0x9, 0x5, r5, 0x4, '!:\xf5$'}}, 0x22)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9d22f000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r8 = syz_open_dev$usbmon(&(0x7f0000000080), 0x81, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000300)={'gretap0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x7800, 0x40, 0xff, 0x6, {{0x10, 0x4, 0x1, 0x0, 0x40, 0x64, 0x0, 0x23, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @timestamp_prespec={0x44, 0x24, 0xee, 0x3, 0x9, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x5}, {@broadcast, 0x69}, {@local, 0x2}]}, @timestamp={0x44, 0x4, 0x7d, 0x0, 0x3}]}}}}})
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0xec}}, 0x0)
r9 = semget$private(0x0, 0x6, 0x0)
semop(r9, &(0x7f0000000000)=[{0x1, 0x8003}, {0x0, 0xfeff}], 0x2)
semop(r9, &(0x7f0000000080)=[{0x1, 0x8}], 0x1)
ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000040)={{}, {}, 0x0, 0x6})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88ac5fb5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010102}, @IFLA_IPTUN_LINK={0x8}]}}}]}, 0x44}}, 0x0)

9.8706476s ago: executing program 2 (id=2891):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000013000500"/20, @ANYRES32=0x0, @ANYBLOB="0010000000000000140003"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

9.87015183s ago: executing program 4 (id=2892):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0) (rerun: 64)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)={0x20, 0x23, 0x2, {0x2, 0x7e8e703122aff25f}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0x5, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$hid(r0, 0x0, 0x0) (rerun: 32)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000800)={0x24, &(0x7f00000005c0)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async, rerun: 32)
r2 = getpid() (rerun: 32)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcf46a000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)={0x40, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x29}, @val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async, rerun: 64)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 64)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r8 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
r9 = fsmount(r8, 0x0, 0x88)
r10 = openat$cgroup_int(r9, &(0x7f0000000040)='cgroup.max.depth\x00', 0x2, 0x0)
sendfile(r10, r10, 0x0, 0x10000a006)

9.596462942s ago: executing program 5 (id=2893):
syz_emit_ethernet(0x2a, &(0x7f0000000b40)={@broadcast, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @multicast, @empty, @remote, @rand_addr=0x4}}}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0xfff0)

8.759056601s ago: executing program 2 (id=2894):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x1001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x15, &(0x7f0000000180)=0xffffffff, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'dvmrp0\x00'})
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010046e3000100b001090400f502030107008e1fbb1ce71c4d7e01229e5f4921933f290e3524baf6cf044cfd3b803db540e9ef42e65a20d17a8f611338c1f82c75a0b275a36b712b693cfd580ff8b70020b15e9327a1b8a31d24a65aeef2afbfa9f5dbabfcb8986af37b728f710a5620c4991389a79f0a34c8b6c92907aa03ec9b02e32fae09203b143a0e7feab6a4e8a981adb7"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

8.687304579s ago: executing program 5 (id=2895):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000400)=@nat={'nat\x00', 0x1b, 0x5, 0x4f0, 0x138, 0x318, 0xffffffff, 0x138, 0x318, 0x420, 0x420, 0xffffffff, 0x420, 0x420, 0x5, 0x0, {[{{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@hbh={{0x48}, {0xffffcd03, 0x6, 0x0, [0x2, 0x3, 0x5, 0x1, 0x3, 0xf, 0x9, 0xd42, 0x2, 0x2, 0xfff9, 0x6, 0x0, 0xff, 0x8001, 0xedd]}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv6=@loopback, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @port=0x4e22, @icmp_id=0x67}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3c}}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffff00, 0xffffffff], 'ip_vti0\x00', 'veth0_to_batadv\x00', {0xff}, {0xff}, 0x2, 0x9, 0x4, 0x49}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0xa, @ipv4=@loopback, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e20}}}, {{@ipv6={@mcast2, @remote, [0xffffffff, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffff00, 0xffffffff], 'macvlan0\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0x29, 0x3b, 0x1, 0x21}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x19, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @ipv6=@remote, @icmp_id=0x67, @gre_key=0x356}}}, {{@ipv6={@local, @mcast1, [0x0, 0xffffffff, 0xff, 0xffffffff], [0x0, 0xffffff00, 0xff, 0xff000000], 'vlan1\x00', 'pim6reg\x00', {}, {}, 0x8, 0x40, 0x4, 0x54}, 0x0, 0xd0, 0x108, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x86}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x2, 0x6, 0x2}, {0x0, 0x1, 0x6}, {0x1, 0x5, 0x3}, 0x475, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x550)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, 0x0, 0x40}, 0x0)

8.682464053s ago: executing program 0 (id=2896):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000200)='u', 0x1, 0x20000840, &(0x7f0000000040)={0xa, 0x0, 0x7, @local, 0x13}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x35, 0x0, 0x0)

8.525597967s ago: executing program 1 (id=2897):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0a00e7ff03000000ff0f000007", @ANYRES16, @ANYRES32, @ANYBLOB="bf5edf0005886f043b7014fd9cbccd30165814ddaf41b5a0d6573bed9b44466cd94b8072c6d6926a9aa979db18bd8a520993a0ef35e26ccb391795b27e5e7569596ea5c6b0b79e294be025ce834c7aa30f3df5a129551289649a582bd955da868449658688d4e231e1521887faaf8a6f37ff83e6195fb2b5460f39a8ec32e3de7169c6a16691884afddbde654dba7a17a4934c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1800000001140004ff000000ffdbdf2508000100010000005d9da317a9abec477330040e654224365bcf08ac65625464071f174c399fc32b9ee82997178cd40d3af9092302a3afda09f1cde99417da5b7a3a749d4e6156ac155753ef2dff6533dcbb491203e4bb02a1d7f9ac957e9780cf590f9431641f995e15bba6bc7d670b6fed2dbfea12ba0ade98563cd5b722e71a9c2511713e6eba183e636cc1d9f81f295840183b2caf5fc4f7563ad115bd011a0c007a3231531b1ff072cccc88dd3c43dfd805577a1ab1eb77728e2fdc0d8932e5484dfa400a71bf8be5f8ea2f05a797e148461aaaa61e539f663bbc30144dfd822f297dbd2c5a31d11cd6148725b7e1f4a180ea5de8d72a90f1573ac4e8028cf96a670000000000000000"], 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
setrlimit(0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000), &(0x7f0000000040)=0x4)
bind$tipc(r2, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00')
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
fchdir(r4)
timer_create(0x9, 0x0, &(0x7f0000000300)=<r5=>0x0)
timer_settime(r5, 0x5, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
clock_gettime(0x0, &(0x7f0000000540))
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1000000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r6, &(0x7f0000000000), 0x0}, 0x20)

7.522373949s ago: executing program 5 (id=2898):
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0xeb4, 0x30, 0xb, 0x0, 0x0, {}, [{0xea0, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe54, 0x2, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xb1b2, 0x0, 0x4}, {}, {0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x712}, {}, {}, {}, {}, {0x9, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x400}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1000000}, {}, {}, {0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x400000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1}, {0x0, 0x3}, {0x0, 0x0, 0x3}], [{}, {}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x4}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb4}}, 0x4000)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
close_range(r3, r5, 0x0)
r6 = semget(0x2, 0x0, 0x41)
semctl$GETALL(r6, 0x0, 0xd, &(0x7f0000000240)=""/71)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000440)={r11, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000080)={r12, 0x0, <r13=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000200)={r11, 0x0, 0x0, 0x0, 0x0, [<r14=>0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r9, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r13})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r9, 0xc00c642d, &(0x7f0000000040)={r14})
close_range(r7, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000140)=@sr0, &(0x7f0000000100)='./cgroup/../file0\x00', &(0x7f0000000300)='virtiofs\x00', 0x1801, &(0x7f00000002c0)='0')

6.414026751s ago: executing program 0 (id=2899):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map, 0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r1, &(0x7f0000000380), 0x0, 0x4, 0x9)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000000))
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f00000023c0)=""/241, 0x1115000, 0x0, 0x0, 0x2}, 0x1c)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)

6.345286328s ago: executing program 4 (id=2900):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
setreuid(0x0, 0xee00)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x83, 0x0, &(0x7f0000000100))
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f00fc00000000000000000000050000000000"], 0x0}, 0x0)
syz_usb_connect(0x0, 0x2fd, &(0x7f0000000580)={{0x12, 0x1, 0x250, 0xd4, 0xe9, 0x86, 0x10, 0xe41, 0x414d, 0x88cb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2eb, 0x3, 0x8, 0x1, 0xc0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x3, 0x80, 0x4, 0x4f, 0xf, [], [{{0x9, 0x5, 0xf, 0x0, 0x3ff, 0x2, 0x2, 0xb}}, {{0x9, 0x5, 0x3, 0x1, 0x418, 0x12, 0x7, 0x3}}, {{0x9, 0x5, 0x80, 0x10, 0x40, 0x6, 0x2, 0x7f, [@generic={0x53, 0x3, "aedaa8171e88fd639c0c4fb66d70a47e4e38030c4b251d6e6d9b6661194650e2f9d077786cce723e01b90c3952651466417d3ba98c97d36b2a3ba933d08cbe7235a1a6262ed2a197a4a269266cdc6554b1"}]}}]}}, {{0x9, 0x4, 0xfb, 0x9, 0x9, 0xa9, 0x3a, 0x9f, 0x88, [], [{{0x9, 0x5, 0xa, 0x10, 0x20, 0x8, 0x0, 0x3}}, {{0x9, 0x5, 0x8, 0x10, 0x3ff, 0x1, 0x80, 0x1}}, {{0x9, 0x5, 0x8, 0x2, 0x400, 0x4, 0x7, 0xfa}}, {{0x9, 0x5, 0x7, 0x0, 0x3ff, 0xaf, 0x1, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xf, 0x100}]}}, {{0x9, 0x5, 0x3, 0x10, 0x0, 0x7, 0x2, 0x0, [@generic={0x81, 0xb, "2f11122fa8b2ee79d7c6997a32a3d1ce6a7d94ed6b14778de0771506c89ed0706b8452327f59acf46c4a2613396b5e9481279a5abd65d3b60f603e72c420274227bb61c1d58b95640b97845b9b37f0666ecd697116ba2af14eb9e37907263bd838c33faa8b7c18165b9b3c7269f7df2d13fc7c49046b83ce4c11f46a039136"}]}}, {{0x9, 0x5, 0x1, 0xc, 0xeca2b2a96b365c35, 0x4, 0xab, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x38b0913a3448692c, 0xb}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x4}]}}, {{0x9, 0x5, 0x5, 0x10, 0x8, 0x7, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7a, 0x5}]}}, {{0x9, 0x5, 0xa, 0x8, 0x20, 0x5, 0x8, 0x7}}, {{0x9, 0x5, 0x7, 0x3, 0x20, 0x4e, 0x3, 0xfc, [@generic={0xfe, 0xd, "59baf7746da6ed08f1b7690365a8449d64a8c705bb5e4124f14bc3b97670cee975644d4a7024382073d83a6f0d23b50c59ffd4fdb5253bda16940863f45a0408967694d63f99dd85fb6e76e98dd3080ae4a8f998394c4fe25e6bac0109f59d8c3e6ebc71769e9c582a05ecdffecf762d33b790bf770a09901eec9aea43398b16b9e7b6863761e0958603ebc6e501d763e811ce537a287c92a0710aff3bafbb30950fe2c3c16d13c6d79573e702586fa5819d74a6970607ece461f721ed1ecb31bde8efe9d15ea7c5d770e2f6589e5f5b736cff56219fe90812d4931e3b570291065d476f48702543b6a247d805f21fb04e918738d2c980b757e64ac5"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x1, 0x7fff}]}}]}}, {{0x9, 0x4, 0xb9, 0x6, 0x4, 0xfa, 0x33, 0x3f, 0x6, [], [{{0x9, 0x5, 0x18, 0x0, 0x400, 0x1, 0xa, 0xd9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x5, 0x4, 0x9, [@generic={0x26, 0x22, "ef4a770b6c129f1946612173415bc73fe14ff77180fd244056113019bfc1cbdd4d8f8dda"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0xf8, 0xd24}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x4, 0x2, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x7ff}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0xd, 0x9}]}}, {{0x9, 0x5, 0x2, 0x11, 0x8, 0x5, 0x1, 0x33}}]}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x3, 0x10, 0x0, 0x20, 0x4}, 0x8, &(0x7f00000001c0)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x5, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x406}}, {0xf7, &(0x7f0000000300)=@string={0xf7, 0x3, "781a2c8f84113921d424c7bb92b553acd343a9304909d1cc008927fd06db8888a61a692c58e95460792e9fdad0eca9254a4bafbc572e7e3d53ec2ce505ad6af5ececa68c1e47215d21634ddcde8c6f62c7ec9e37051c22a0f32812f40e45f85961d91e93501d9b4f3a5cb59d8f0017e0cd07d684730d63323bdbc23fad1ad0600579b3baac330a444cfc6315374322af0600e18ea7891cc658c7a4d122d815dc2e65bfbf64b3848e115c230df7ec64d185c575e64af1a52a5a04f8c3d54682e2a3c9ed917b4c62698709a434b3d93799d5e157b16e5f003cee4e8ee4c21e5f9f53a65cc9c6330c4f4202d4e88183e6395a1851adf9"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x41d}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x2001}}, {0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="150321770ba65d46ca359d30651fb82740aedf779c"]}]})
r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setresuid(0xee01, 0xee01, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x80000, 0x102)
r6 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r6, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r1, 0x29, 0x13, &(0x7f0000fcb000)=0x8000, 0x4)
setsockopt$inet6_int(r5, 0x29, 0x16, &(0x7f0000000140), 0x4)
poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x2000}, {r4, 0x2000}], 0x2, 0x1)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r7, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00')
socket$nl_route(0x10, 0x3, 0x0)
read$FUSE(r1, &(0x7f0000001580)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000880)={{{@in=@local, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e22, 0x5, 0x4e24, 0x0, 0x0, 0xc0, 0x80, 0x21, 0x0, r8}, {0x72d5, 0x100, 0x4bde6841, 0x800, 0x2, 0xb, 0x2, 0x40}, {0x3, 0x3, 0xa, 0x3}, 0x0, 0x6e6bb0, 0x1, 0x1, 0x4, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d5, 0x3c}, 0x2, @in6=@private2, 0x3506, 0x3, 0x3, 0x0, 0xf4a, 0x400, 0x1}}, 0xe8)

6.274482902s ago: executing program 1 (id=2901):
r0 = socket(0x1, 0x3, 0x0)
bind$unix(r0, 0x0, 0x0)
ioctl$SIOCGETMIFCNT_IN6(r0, 0x89e0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x11, 0x2, 0x0)
socket$kcm(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

5.318893405s ago: executing program 0 (id=2902):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000340)={0xc})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r2, 0x0, 0x0)
write$FUSE_INIT(r2, 0x0, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmmsg$inet(r3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x357300, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
r5 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r5, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0xe10, 0x870, 0x1, 0x3, 0xd59f80, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x400, 0x20002, 0xd1, 0xc, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})

5.205806244s ago: executing program 2 (id=2903):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x6000)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000000)=@sr0, r2, &(0x7f0000000180)='./file0\x00')
ioctl$AUTOFS_IOC_FAIL(r1, 0x81044804, 0x8e4)

5.150491505s ago: executing program 1 (id=2904):
symlink(0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x103400)
write$sndseq(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000040), 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, 0x0, 0x4048884)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000340)=""/102392, 0x18ff8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0xa, 0x1, 0x0, @void, @value}, 0x20)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000))
r3 = openat$sndseq(0xffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505330, &(0x7f0000000000)={{0x0, 0x1}, {0xe}, 0x0, 0x1})

4.378684448s ago: executing program 1 (id=2905):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4004, r0, 0x2})

3.633025424s ago: executing program 1 (id=2906):
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d, 0xfe}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)

3.56138806s ago: executing program 5 (id=2907):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3d0}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000180)=0x1, 0x4)
recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000280)={r4, r4, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x2, 0x7, 'syz0\x00'})
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xffd8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

1.697330652s ago: executing program 5 (id=2908):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000400)=@nat={'nat\x00', 0x1b, 0x5, 0x4f0, 0x138, 0x318, 0xffffffff, 0x138, 0x318, 0x420, 0x420, 0xffffffff, 0x420, 0x420, 0x5, 0x0, {[{{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@hbh={{0x48}, {0xffffcd03, 0x6, 0x0, [0x2, 0x3, 0x5, 0x1, 0x3, 0xf, 0x9, 0xd42, 0x2, 0x2, 0xfff9, 0x6, 0x0, 0xff, 0x8001, 0xedd]}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv6=@loopback, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @port=0x4e22, @icmp_id=0x67}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3c}}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffff00, 0xffffffff], 'ip_vti0\x00', 'veth0_to_batadv\x00', {0xff}, {0xff}, 0x2, 0x9, 0x4, 0x49}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0xa, @ipv4=@loopback, @ipv4=@rand_addr=0x64010101, @port=0x4e21, @port=0x4e20}}}, {{@ipv6={@mcast2, @remote, [0xffffffff, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffff00, 0xffffffff], 'macvlan0\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0x29, 0x3b, 0x1, 0x21}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x19, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @ipv6=@remote, @icmp_id=0x67, @gre_key=0x356}}}, {{@ipv6={@local, @mcast1, [0x0, 0xffffffff, 0xff, 0xffffffff], [0x0, 0xffffff00, 0xff, 0xff000000], 'vlan1\x00', 'pim6reg\x00', {}, {}, 0x8, 0x40, 0x4, 0x54}, 0x0, 0xd0, 0x108, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x86}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x2, 0x6, 0x2}, {0x0, 0x1, 0x6}, {0x1, 0x5, 0x3}, 0x475, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x550)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, 0x0, 0x40}, 0x0)

1.387997181s ago: executing program 1 (id=2909):
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000180))
socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = timerfd_create(0x0, 0x0)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x2def, 0x4000, 0x0, 0x0, 0x0)
timerfd_settime(r4, 0x3, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0xce12, @remote, 0x7}, 0x1c)

738.967µs ago: executing program 4 (id=2910):
r0 = socket(0x1, 0x1, 0x0)
getpeername$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
ioctl$sock_ifreq(r0, 0x89f2, &(0x7f0000000040)={'bond0\x00', @ifru_names='veth0_to_bond\x00'})

0s ago: executing program 5 (id=2911):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x16, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "72e57cd3"}]}}, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

mm: syz.0.2166 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  755.324078][T14131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  755.324087][T14131] Call Trace:
[  755.324094][T14131]  <TASK>
[  755.324101][T14131]  dump_stack_lvl+0x241/0x360
[  755.324131][T14131]  ? __pfx_dump_stack_lvl+0x10/0x10
[  755.324155][T14131]  ? __pfx__printk+0x10/0x10
[  755.324180][T14131]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  755.324202][T14131]  ? __pfx___might_resched+0x10/0x10
[  755.324222][T14131]  should_fail_ex+0x40a/0x550
[  755.324244][T14131]  should_failslab+0xac/0x100
[  755.324265][T14131]  kmem_cache_alloc_node_noprof+0x77/0x380
[  755.324285][T14131]  ? __alloc_skb+0x1c3/0x440
[  755.324308][T14131]  __alloc_skb+0x1c3/0x440
[  755.324334][T14131]  ? __pfx___alloc_skb+0x10/0x10
[  755.324358][T14131]  ? netlink_autobind+0xd6/0x2f0
[  755.324374][T14131]  ? netlink_autobind+0x2b0/0x2f0
[  755.324394][T14131]  netlink_sendmsg+0x638/0xcb0
[  755.324421][T14131]  ? __pfx_netlink_sendmsg+0x10/0x10
[  755.324447][T14131]  ? __pfx_netlink_sendmsg+0x10/0x10
[  755.324462][T14131]  __sock_sendmsg+0x221/0x270
[  755.324484][T14131]  ____sys_sendmsg+0x52a/0x7e0
[  755.324508][T14131]  ? __pfx_____sys_sendmsg+0x10/0x10
[  755.324521][T14131]  ? __fget_files+0x2a/0x410
[  755.324542][T14131]  ? __fget_files+0x2a/0x410
[  755.324568][T14131]  __sys_sendmsg+0x269/0x350
[  755.324587][T14131]  ? __pfx___sys_sendmsg+0x10/0x10
[  755.324612][T14131]  ? do_sys_openat2+0x17a/0x1d0
[  755.324650][T14131]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  755.324669][T14131]  ? do_syscall_64+0x100/0x230
[  755.324691][T14131]  ? do_syscall_64+0xb6/0x230
[  755.324710][T14131]  do_syscall_64+0xf3/0x230
[  755.324729][T14131]  ? clear_bhb_loop+0x35/0x90
[  755.324752][T14131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.324772][T14131] RIP: 0033:0x7fbf57f8cde9
[  755.324786][T14131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  755.324799][T14131] RSP: 002b:00007fbf58d05038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  755.324817][T14131] RAX: ffffffffffffffda RBX: 00007fbf581a5fa0 RCX: 00007fbf57f8cde9
[  755.324828][T14131] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  755.324838][T14131] RBP: 00007fbf58d05090 R08: 0000000000000000 R09: 0000000000000000
[  755.324846][T14131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  755.324855][T14131] R13: 0000000000000000 R14: 00007fbf581a5fa0 R15: 00007ffc3dec37d8
[  755.324887][T14131]  </TASK>
[  756.034085][ T8418] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  756.925602][ T8418] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  756.962101][ T8418] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[  757.009324][ T8418] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  757.026129][ T8418] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  757.069753][ T8418] usb 1-1: config 0 descriptor??
[  757.684544][ T8418] Bluetooth: Can't get state to change to load configuration err
[  757.692334][ T8418] Bluetooth: Loading sysconfig file failed
[  757.756834][ T8418] ath3k 1-1:0.0: probe with driver ath3k failed with error -16
[  757.797581][ T8418] usb 1-1: USB disconnect, device number 25
[  758.017562][T11366] usb 5-1: 0:2 : does not exist
[  758.067402][T11366] usb 5-1: USB disconnect, device number 45
[  758.306689][T14115] udevd[14115]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  758.597446][   T29] audit: type=1800 audit(1738840964.662:169): pid=14163 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2178" name="/" dev="9p" ino=2 res=0 errno=0
[  760.038927][T14158] loop2: detected capacity change from 0 to 7
[  760.056466][T14158] Dev loop2: unable to read RDB block 7
[  760.062079][T14158]  loop2: AHDI p1 p2 p3
[  760.071596][T14158] loop2: partition table partially beyond EOD, truncated
[  760.103323][T14158] loop2: p1 start 4225490725 is beyond EOD, truncated
[  760.115339][T14158] loop2: p2 start 33554560 is beyond EOD, truncated
[  760.254044][ T5956] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  760.404321][ T8418] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  760.406842][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  760.430781][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  760.442119][ T5956] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  760.459286][ T5956] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  760.469000][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.480701][ T5956] usb 1-1: config 0 descriptor??
[  760.575670][ T8418] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  760.626974][ T8418] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  760.696403][ T8418] usb 2-1: config 0 interface 0 has no altsetting 0
[  760.744276][ T8418] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice=ff.00
[  760.756572][ T8418] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=254
[  760.772873][ T8418] usb 2-1: Product: syz
[  760.781889][ T8418] usb 2-1: Manufacturer: syz
[  760.794979][ T8418] usb 2-1: SerialNumber: syz
[  760.808797][ T8418] usb 2-1: config 0 descriptor??
[  760.815425][T14191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2186'.
[  760.846965][T14191] netlink: 172 bytes leftover after parsing attributes in process `syz.5.2186'.
[  760.862710][T14191] net_ratelimit: 881 callbacks suppressed
[  760.862752][T14191] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  760.914090][ T5956] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  760.942134][ T5956] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  760.957524][ T5956] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  761.019685][T14195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.061644][T14194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.061853][T14195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.077904][T14194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.704149][ T5956] usb 1-1: USB disconnect, device number 26
[  761.781028][ T8418] usbhid 2-1:0.0: can't add hid device: -71
[  761.788610][ T8418] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  761.817659][ T8418] usb 2-1: USB disconnect, device number 31
[  762.393038][T14210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  762.415607][T14210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  762.597504][T14213] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  762.608732][T14213] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  762.619511][T14213] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  762.626894][ T5956] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  762.635810][T14213] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  762.643610][T14213] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  762.651366][T14213] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  762.713147][T14216] lo speed is unknown, defaulting to 1000
[  762.803979][ T5956] usb 2-1: Using ep0 maxpacket: 16
[  762.810967][ T5956] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  762.822275][ T5956] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  762.832892][ T5956] usb 2-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  762.842293][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.853603][ T5956] usb 2-1: config 0 descriptor??
[  762.889942][T14216] chnl_net:caif_netlink_parms(): no params data found
[  762.974013][T11366] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  763.017883][T14216] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.036125][T14216] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.043447][T14216] bridge_slave_0: entered allmulticast mode
[  763.068205][ T5956] usbhid 2-1:0.0: can't add hid device: -71
[  763.070208][T14216] bridge_slave_0: entered promiscuous mode
[  763.075742][ T5956] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  763.100661][ T5956] usb 2-1: USB disconnect, device number 32
[  763.103136][T14216] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.125804][T11366] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  763.131955][T14216] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.139304][T11366] usb 5-1: config 0 interface 0 has no altsetting 0
[  763.143371][T14216] bridge_slave_1: entered allmulticast mode
[  763.156784][T11366] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  763.166092][T11366] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.175681][T11366] usb 5-1: Product: syz
[  763.180244][T11366] usb 5-1: Manufacturer: syz
[  763.185154][T14216] bridge_slave_1: entered promiscuous mode
[  763.191749][T11366] usb 5-1: SerialNumber: syz
[  763.204917][T11366] usb 5-1: config 0 descriptor??
[  763.215239][T11366] usb 5-1: selecting invalid altsetting 0
[  763.250933][T14216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  763.278406][T14216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  763.403784][T14216] team0: Port device team_slave_0 added
[  763.412437][ T5956] usb 5-1: USB disconnect, device number 46
[  763.417048][T14216] team0: Port device team_slave_1 added
[  763.439573][   T29] audit: type=1326 audit(1738840969.522:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14219 comm="syz.4.2194" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x0
[  763.537180][T14216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  763.555523][T14216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.643906][T14216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  763.671588][T14216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  763.687443][T14216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.725374][T14216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  763.814873][T14216] hsr_slave_0: entered promiscuous mode
[  763.834949][T14216] hsr_slave_1: entered promiscuous mode
[  763.847852][T14216] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  763.865547][T14216] Cannot create hsr debugfs directory
[  764.175852][T14216] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.459857][T14216] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.729406][ T5835] Bluetooth: hci0: command tx timeout
[  765.166258][T14216] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.379812][T14216] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.492461][T14253] 9pnet_fd: Insufficient options for proto=fd
[  765.640326][ T6245] Bluetooth: hci5: Frame reassembly failed (-84)
[  765.784033][   T25] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  765.809622][T14216] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  765.888869][T14216] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  765.910697][T14216] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  765.929124][T14216] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  765.993936][   T25] usb 1-1: Using ep0 maxpacket: 16
[  766.005344][   T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  766.033932][   T25] usb 1-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  766.091557][   T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  766.111258][T14216] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.138634][   T25] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  766.160465][T14216] 8021q: adding VLAN 0 to HW filter on device team0
[  766.180476][   T25] usb 1-1: config 0 interface 0 has no altsetting 0
[  766.204130][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  766.212874][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  766.216175][   T25] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  766.388996][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.396140][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  766.443975][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.478672][   T25] usb 1-1: Product: syz
[  766.501243][   T25] usb 1-1: Manufacturer: syz
[  766.523763][   T25] usb 1-1: SerialNumber: syz
[  766.546328][   T25] usb 1-1: config 0 descriptor??
[  766.613209][T14255] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  766.785442][ T5826] Bluetooth: hci0: command tx timeout
[  766.821344][T14251] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  766.884610][   T25] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input66
[  766.950502][T14216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  767.211029][   T25] usb 1-1: USB disconnect, device number 27
[  767.218017][    C1] synaptics_usb 1-1:0.0: synusb_irq - usb_submit_urb failed with result: -19
[  767.554005][T14283] fuse: Bad value for 'fd'
[  767.670948][ T5835] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  767.674034][ T5826] Bluetooth: hci5: command 0xfc11 tx timeout
[  768.118848][T14216] veth0_vlan: entered promiscuous mode
[  768.186304][T14216] veth1_vlan: entered promiscuous mode
[  768.243224][T14216] veth0_macvtap: entered promiscuous mode
[  768.303340][T14216] veth1_macvtap: entered promiscuous mode
[  768.357342][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  768.414096][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  768.458800][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  768.499245][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  768.529455][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  768.582185][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  768.625804][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  768.673033][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  768.717383][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  768.772951][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  768.833310][T14216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  768.874153][ T5835] Bluetooth: hci0: command tx timeout
[  768.902262][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.000685][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.043929][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.045527][T14301] tmpfs: Unknown parameter '0xffffffffffffffff'
[  769.093919][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.204019][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.209774][T14301] syz.4.2214: attempt to access beyond end of device
[  769.209774][T14301] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  769.233975][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.269774][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.303712][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.336319][T14216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  769.353581][T14216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.392753][T14216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  769.427845][T14216] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  769.469574][T14216] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  769.494117][T14216] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  769.510067][T14216] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  769.617708][T14305] tipc: Started in network mode
[  769.622617][T14305] tipc: Node identity 00000000000000000000ffffe0000002, cluster identity 4711
[  769.631743][T14305] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  769.878561][ T6351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  769.916310][ T6351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  769.968302][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  769.983622][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  770.351815][ T5835] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  770.953906][ T5826] Bluetooth: hci0: command tx timeout
[  771.376274][T14339] Process accounting resumed
[  771.524145][ T5956] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  771.580357][T14347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2229'.
[  771.877061][T14355] No control pipe specified
[  772.726539][ T8418] IPVS: starting estimator thread 0...
[  772.777750][T14363] netlink: 'syz.1.2235': attribute type 5 has an invalid length.
[  772.824075][T14361] IPVS: using max 32 ests per chain, 76800 per kthread
[  772.917287][T14365] FAULT_INJECTION: forcing a failure.
[  772.917287][T14365] name failslab, interval 1, probability 0, space 0, times 0
[  772.931649][T14365] CPU: 0 UID: 0 PID: 14365 Comm: syz.1.2236 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  772.931674][T14365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  772.931684][T14365] Call Trace:
[  772.931691][T14365]  <TASK>
[  772.931698][T14365]  dump_stack_lvl+0x241/0x360
[  772.931748][T14365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.931772][T14365]  ? __pfx__printk+0x10/0x10
[  772.931798][T14365]  ? __kmalloc_noprof+0xb5/0x4c0
[  772.931819][T14365]  ? __pfx___might_resched+0x10/0x10
[  772.931843][T14365]  should_fail_ex+0x40a/0x550
[  772.931866][T14365]  should_failslab+0xac/0x100
[  772.931883][T14365]  __kmalloc_noprof+0xdd/0x4c0
[  772.931897][T14365]  ? kobject_get_path+0xb8/0x230
[  772.931920][T14365]  kobject_get_path+0xb8/0x230
[  772.931946][T14365]  kobject_uevent_env+0x2a5/0x8e0
[  772.931968][T14365]  ? bus_add_device+0xde/0x460
[  772.931998][T14365]  device_add+0x63b/0xbf0
[  772.932019][T14365]  wakeup_source_sysfs_add+0x1aa/0x270
[  772.932047][T14365]  wakeup_source_register+0x171/0x250
[  772.932072][T14365]  ep_insert+0xd99/0x1ab0
[  772.932101][T14365]  ? __pfx_ep_insert+0x10/0x10
[  772.932138][T14365]  ? bpf_lsm_capable+0x9/0x10
[  772.932163][T14365]  do_epoll_ctl+0x8bc/0xf80
[  772.932187][T14365]  __x64_sys_epoll_ctl+0x161/0x1a0
[  772.932207][T14365]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  772.932225][T14365]  ? do_syscall_64+0x100/0x230
[  772.932249][T14365]  ? do_syscall_64+0xb6/0x230
[  772.932272][T14365]  do_syscall_64+0xf3/0x230
[  772.932292][T14365]  ? clear_bhb_loop+0x35/0x90
[  772.932316][T14365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.932335][T14365] RIP: 0033:0x7f412518cde9
[  772.932350][T14365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  772.932362][T14365] RSP: 002b:00007f41260d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  772.932380][T14365] RAX: ffffffffffffffda RBX: 00007f41253a5fa0 RCX: 00007f412518cde9
[  772.932391][T14365] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[  772.932400][T14365] RBP: 00007f41260d4090 R08: 0000000000000000 R09: 0000000000000000
[  772.932409][T14365] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000002
[  772.932419][T14365] R13: 0000000000000000 R14: 00007f41253a5fa0 R15: 00007ffe3b80a038
[  772.932443][T14365]  </TASK>
[  773.866475][T14376] lo speed is unknown, defaulting to 1000
[  773.952701][T14381] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2239'.
[  774.344480][ T5956] usb 1-1: unable to read config index 0 descriptor/start: -71
[  774.352120][ T5956] usb 1-1: can't read configurations, error -71
[  774.653603][T14399] FAULT_INJECTION: forcing a failure.
[  774.653603][T14399] name failslab, interval 1, probability 0, space 0, times 0
[  774.666871][T14399] CPU: 0 UID: 0 PID: 14399 Comm: syz.0.2246 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  774.666899][T14399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  774.666910][T14399] Call Trace:
[  774.666917][T14399]  <TASK>
[  774.666924][T14399]  dump_stack_lvl+0x241/0x360
[  774.666956][T14399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  774.666986][T14399]  ? __pfx__printk+0x10/0x10
[  774.667012][T14399]  ? fs_reclaim_acquire+0x93/0x130
[  774.667029][T14399]  ? __pfx___might_resched+0x10/0x10
[  774.667052][T14399]  should_fail_ex+0x40a/0x550
[  774.667075][T14399]  should_failslab+0xac/0x100
[  774.667097][T14399]  __kmalloc_noprof+0xdd/0x4c0
[  774.667117][T14399]  ? tomoyo_encode+0x26f/0x540
[  774.667137][T14399]  tomoyo_encode+0x26f/0x540
[  774.667158][T14399]  tomoyo_realpath_from_path+0x59e/0x5e0
[  774.667186][T14399]  tomoyo_path_number_perm+0x236/0x860
[  774.667207][T14399]  ? __lock_acquire+0x1397/0x2100
[  774.667229][T14399]  ? tomoyo_path_number_perm+0x206/0x860
[  774.667253][T14399]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  774.667314][T14399]  ? __fget_files+0x2a/0x410
[  774.667338][T14399]  ? __fget_files+0x2a/0x410
[  774.667363][T14399]  security_file_ioctl+0xc6/0x2a0
[  774.667387][T14399]  __se_sys_ioctl+0x46/0x170
[  774.667405][T14399]  do_syscall_64+0xf3/0x230
[  774.667427][T14399]  ? clear_bhb_loop+0x35/0x90
[  774.667452][T14399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  774.667472][T14399] RIP: 0033:0x7fbf57f8cde9
[  774.667487][T14399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  774.667501][T14399] RSP: 002b:00007fbf58d05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  774.667520][T14399] RAX: ffffffffffffffda RBX: 00007fbf581a5fa0 RCX: 00007fbf57f8cde9
[  774.667532][T14399] RDX: 0000200000000280 RSI: 00000000c0189378 RDI: 0000000000000008
[  774.667543][T14399] RBP: 00007fbf58d05090 R08: 0000000000000000 R09: 0000000000000000
[  774.667554][T14399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  774.667563][T14399] R13: 0000000000000000 R14: 00007fbf581a5fa0 R15: 00007ffc3dec37d8
[  774.667590][T14399]  </TASK>
[  774.667607][T14399] ERROR: Out of memory at tomoyo_realpath_from_path.
[  775.364058][ T5956] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  775.516402][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  775.542179][ T5956] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=62.70
[  775.569845][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.591141][ T5956] usb 1-1: Product: syz
[  775.604077][ T5956] usb 1-1: Manufacturer: syz
[  775.614296][ T5956] usb 1-1: SerialNumber: syz
[  775.626186][ T5956] usb 1-1: config 0 descriptor??
[  775.968642][T14421] xt_TCPMSS: Only works on TCP SYN packets
[  776.048429][ T5956] usb 1-1: USB disconnect, device number 29
[  776.790733][T14441] netlink: 'syz.2.2263': attribute type 1 has an invalid length.
[  776.912822][T14441] 8021q: adding VLAN 0 to HW filter on device bond3
[  778.724349][T14464] dlm: Unknown command passed to DLM device : 0
[  778.724349][T14464] 
[  778.966567][T14469] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2271'.
[  779.143733][T14477] 9pnet_fd: Insufficient options for proto=fd
[  779.210646][T14476] lo speed is unknown, defaulting to 1000
[  780.948268][T14493] [U] 
[  780.951434][T14493] [U] 
[  780.954152][T14493] [U] 
[  780.956852][T14493] [U] 
[  780.959809][T14493] [U] 
[  780.962524][T14493] [U] 
[  780.965239][T14493] [U] 
[  780.967940][T14493] [U] 
[  780.970828][T14493] [U] 
[  780.973532][T14493] [U] 
[  780.976235][T14493] [U] 
[  780.978937][T14493] [U] 
[  780.981858][T14493] [U] 
[  780.984572][T14493] [U] 
[  780.987285][T14493] [U] 
[  780.989983][T14493] [U] 
[  780.992986][T14493] [U] 
[  780.995691][T14493] [U] 
[  780.998392][T14493] [U] 
[  781.001097][T14493] [U] 
[  781.004010][T14493] [U] 
[  781.006717][T14493] [U] 
[  781.009417][T14493] [U] 
[  781.012133][T14493] [U] 
[  781.015131][T14493] [U] 
[  781.017839][T14493] [U] 
[  781.020537][T14493] [U] 
[  781.023240][T14493] [U] 
[  781.026136][T14493] [U] 
[  781.028842][T14493] [U] 
[  781.031543][T14493] [U] 
[  781.034242][T14493] [U] 
[  781.037166][T14493] [U] 
[  781.039872][T14493] [U] 
[  781.042573][T14493] [U] 
[  781.045277][T14493] [U] 
[  781.048654][T14493] [U] 
[  781.051372][T14493] [U] 
[  781.054089][T14493] [U] 
[  781.056792][T14493] [U] 
[  781.059711][T14493] [U] 
[  781.062415][T14493] [U] 
[  781.065126][T14493] [U] 
[  781.067827][T14493] [U] 
[  781.070729][T14493] [U] 
[  781.073433][T14493] [U] 
[  781.076140][T14493] [U] 
[  781.078841][T14493] [U] 
[  781.081808][T14493] [U] 
[  781.084517][T14493] [U] 
[  781.087221][T14493] [U] 
[  781.089921][T14493] [U] 
[  781.092784][T14493] [U] 
[  781.095493][T14493] [U] 
[  781.098193][T14493] [U] 
[  781.100894][T14493] [U] 
[  781.103782][T14493] [U] 
[  781.106488][T14493] [U] 
[  781.109188][T14493] [U] 
[  781.111887][T14493] [U] 
[  781.114815][T14493] [U] 
[  781.117538][T14493] [U] 
[  781.120248][T14493] [U] 
[  781.122955][T14493] [U] 
[  781.125855][T14493] [U] 
[  781.128566][T14493] [U] 
[  781.131269][T14493] [U] 
[  781.133978][T14493] [U] 
[  781.136888][T14493] [U] 
[  781.139595][T14493] [U] 
[  781.142295][T14493] [U] 
[  781.144998][T14493] [U] 
[  781.148400][T14493] [U] 
[  781.151127][T14493] [U] 
[  781.153834][T14493] [U] 
[  781.156538][T14493] [U] 
[  781.159459][T14493] [U] 
[  781.162167][T14493] [U] 
[  781.164870][T14493] [U] 
[  781.167570][T14493] [U] 
[  781.170454][T14493] [U] 
[  781.173157][T14493] [U] 
[  781.175859][T14493] [U] 
[  781.178560][T14493] [U] 
[  781.181486][T14493] [U] 
[  781.184191][T14493] [U] 
[  781.186889][T14493] [U] 
[  781.189591][T14493] [U] 
[  781.192964][T14493] [U] 
[  781.195683][T14493] [U] 
[  781.198389][T14493] [U] 
[  781.201126][T14493] [U] 
[  781.204171][T14493] [U] 
[  781.206876][T14493] [U] 
[  781.209574][T14493] [U] 
[  781.212274][T14493] [U] 
[  781.215143][T14493] [U] 
[  781.217852][T14493] [U] 
[  781.220552][T14493] [U] 
[  781.223250][T14493] [U] 
[  781.226119][T14493] [U] 
[  781.228823][T14493] [U] 
[  781.231523][T14493] [U] 
[  781.234223][T14493] [U] 
[  781.237117][T14493] [U] 
[  781.239820][T14493] [U] 
[  781.242523][T14493] [U] 
[  781.245238][T14493] [U] 
[  781.248658][T14493] [U] 
[  781.251382][T14493] [U] 
[  781.254086][T14493] [U] 
[  781.256788][T14493] [U] 
[  781.259672][T14493] [U] 
[  781.262379][T14493] [U] 
[  781.265084][T14493] [U] 
[  781.267788][T14493] [U] 
[  781.270716][T14493] [U] 
[  781.273595][T14493] [U] 
[  781.276298][T14493] [U] 
[  781.279003][T14493] [U] 
[  781.281888][T14493] [U] 
[  781.284592][T14493] [U] 
[  781.287299][T14493] [U] 
[  781.290007][T14493] [U] 
[  781.292855][T14493] [U] 
[  781.295556][T14493] [U] 
[  781.298253][T14493] [U] 
[  781.717077][T14501] usb usb8: usbfs: process 14501 (syz.1.2279) did not claim interface 0 before use
[  781.815320][T14492] [U] 
[  782.373117][T14518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'.
[  785.342482][T14549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2294'.
[  786.121021][T14553] netlink: 'syz.1.2297': attribute type 1 has an invalid length.
[  786.153646][T14552] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2296'.
[  786.182938][T14553] bond4: entered promiscuous mode
[  786.188764][T14553] 8021q: adding VLAN 0 to HW filter on device bond4
[  788.433278][ T5826] block nbd0: Receive control failed (result -32)
[  788.840241][T14575] block nbd0: shutting down sockets
[  789.774460][T11366] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  789.847830][T14597] fuse: Unknown parameter ''
[  789.981047][T11366] usb 5-1: Using ep0 maxpacket: 8
[  790.005395][T11366] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  790.032171][T11366] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  790.111218][T11366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.171353][T11366] usb 5-1: config 0 descriptor??
[  790.206763][T11366] gspca_main: vc032x-2.14.0 probing 046d:0892
[  790.804333][T11366] gspca_vc032x: reg_r err -110
[  790.813537][T11366] vc032x 5-1:0.0: probe with driver vc032x failed with error -110
[  794.830763][T11366] usb 5-1: USB disconnect, device number 47
[  795.877256][T14638] [U] Ù
[  795.998149][T14653] IPv4: Oversized IP packet from 127.202.26.0
[  798.277398][T14669] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2335'.
[  799.471652][T14700] netlink: 'syz.2.2345': attribute type 1 has an invalid length.
[  800.978464][T14712] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2349'.
[  801.019897][T14712] unsupported nlmsg_type 40
[  801.156812][T14716] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  801.754373][T14722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2351'.
[  802.664772][T14742] team0: Port device virt_wifi0 added
[  803.454038][T14745] netlink: 'syz.4.2357': attribute type 1 has an invalid length.
[  804.870671][T14753] netlink: 'syz.5.2362': attribute type 1 has an invalid length.
[  804.878542][T14753] netlink: 'syz.5.2362': attribute type 3 has an invalid length.
[  804.886325][T14753] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2362'.
[  805.781596][T14771] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer.
[  805.855763][T14773] Cannot find set identified by id 65534 to match
[  805.884651][T14775] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  807.188654][T14784] 9pnet_fd: Insufficient options for proto=fd
[  807.444632][T14790] netlink: 'syz.0.2373': attribute type 1 has an invalid length.
[  808.788211][T14801] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  808.797629][T14801] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  808.806450][T14801] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  808.815292][T14801] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  808.949273][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  808.956436][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  810.058982][T14814] syzkaller0: entered allmulticast mode
[  810.489721][T14821] syzkaller0 (unregistering): left allmulticast mode
[  810.795173][T14829] netlink: 'syz.0.2386': attribute type 1 has an invalid length.
[  812.157154][T11366] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  812.427611][T11366] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  812.436625][T11366] usb 2-1: config 0 has no interface number 0
[  812.443472][T11366] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  812.577089][T11366] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  812.590694][T11366] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  812.602301][T11366] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.610454][T11366] usb 2-1: Product: syz
[  812.614806][T11366] usb 2-1: Manufacturer: syz
[  812.619428][T11366] usb 2-1: SerialNumber: syz
[  812.626805][T11366] usb 2-1: config 0 descriptor??
[  812.632519][T14839] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  812.641923][T11366] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  812.658892][T11366] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  813.229564][T14868] netlink: 'syz.0.2398': attribute type 1 has an invalid length.
[  814.055733][ T2160] usb 2-1: USB disconnect, device number 33
[  814.114395][ T2160] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  814.210534][ T2160] cyberjack 2-1:0.69: device disconnected
[  814.782900][T14878] ip6gretap0: entered promiscuous mode
[  814.821521][T14878] macsec1: entered promiscuous mode
[  814.852174][T14878] macsec1: entered allmulticast mode
[  814.877936][T14881] input: syz0 as /devices/virtual/input/input67
[  814.908984][T14878] ip6gretap0: entered allmulticast mode
[  814.939059][T14878] ip6gretap0: left allmulticast mode
[  814.949618][T14878] ip6gretap0: left promiscuous mode
[  815.439514][T14887] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2404'.
[  815.535933][T14887] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.726263][T14913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2413'.
[  818.103771][T14923] overlayfs: failed to resolve './file1': -2
[  818.895379][    T8] libceph: connect (1)[c::]:6789 error -101
[  818.913552][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  819.177541][T14917] ceph: No mds server is up or the cluster is laggy
[  819.196604][    T8] libceph: connect (1)[c::]:6789 error -101
[  819.253370][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  821.146337][   T29] audit: type=1326 audit(1738841027.222:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.192200][T14949] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  821.389439][   T29] audit: type=1326 audit(1738841027.222:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.435587][T14961] FAULT_INJECTION: forcing a failure.
[  821.435587][T14961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  821.456287][T14961] CPU: 1 UID: 0 PID: 14961 Comm: syz.1.2426 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  821.456305][T14961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  821.456311][T14961] Call Trace:
[  821.456315][T14961]  <TASK>
[  821.456321][T14961]  dump_stack_lvl+0x241/0x360
[  821.456342][T14961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  821.456356][T14961]  ? __pfx__printk+0x10/0x10
[  821.456373][T14961]  ? snprintf+0xda/0x120
[  821.456385][T14961]  should_fail_ex+0x40a/0x550
[  821.456401][T14961]  _copy_to_user+0x31/0xb0
[  821.456413][T14961]  simple_read_from_buffer+0xca/0x150
[  821.456427][T14961]  proc_fail_nth_read+0x1e9/0x250
[  821.456440][T14961]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  821.456452][T14961]  ? rw_verify_area+0x243/0x630
[  821.456466][T14961]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  821.456478][T14961]  vfs_read+0x1f8/0xb40
[  821.456492][T14961]  ? fdget_pos+0x254/0x320
[  821.456505][T14961]  ? __pfx___mutex_lock+0x10/0x10
[  821.456517][T14961]  ? __pfx_vfs_read+0x10/0x10
[  821.456530][T14961]  ? do_sys_openat2+0x17a/0x1d0
[  821.456543][T14961]  ? __fget_files+0x2a/0x410
[  821.456555][T14961]  ? __fget_files+0x395/0x410
[  821.456566][T14961]  ? __fget_files+0x2a/0x410
[  821.456582][T14961]  ksys_read+0x18f/0x2b0
[  821.456592][T14961]  ? __pfx_ksys_read+0x10/0x10
[  821.456600][T14961]  ? do_syscall_64+0x100/0x230
[  821.456614][T14961]  ? do_syscall_64+0xb6/0x230
[  821.456627][T14961]  do_syscall_64+0xf3/0x230
[  821.456639][T14961]  ? clear_bhb_loop+0x35/0x90
[  821.456653][T14961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.456665][T14961] RIP: 0033:0x7f412518b7fc
[  821.456675][T14961] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  821.456682][T14961] RSP: 002b:00007f41260d4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  821.456694][T14961] RAX: ffffffffffffffda RBX: 00007f41253a5fa0 RCX: 00007f412518b7fc
[  821.456701][T14961] RDX: 000000000000000f RSI: 00007f41260d40a0 RDI: 0000000000000004
[  821.456707][T14961] RBP: 00007f41260d4090 R08: 0000000000000000 R09: 0000000000000000
[  821.456712][T14961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  821.456717][T14961] R13: 0000000000000000 R14: 00007f41253a5fa0 R15: 00007ffe3b80a038
[  821.456732][T14961]  </TASK>
[  821.690378][    C1] vkms_vblank_simulate: vblank timer overrun
[  821.707711][   T25] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  821.717245][   T29] audit: type=1326 audit(1738841027.222:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.779814][   T29] audit: type=1326 audit(1738841027.222:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.807774][   T29] audit: type=1326 audit(1738841027.232:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.829417][    C1] vkms_vblank_simulate: vblank timer overrun
[  821.843408][   T29] audit: type=1326 audit(1738841027.232:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.869949][   T29] audit: type=1326 audit(1738841027.272:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.895958][   T25] usb 5-1: Using ep0 maxpacket: 8
[  821.902667][   T29] audit: type=1326 audit(1738841027.272:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  821.931407][   T25] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  821.940745][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.956344][   T25] usb 5-1: Product: syz
[  821.960840][   T29] audit: type=1326 audit(1738841027.272:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3422d8b750 code=0x7ffc0000
[  821.989521][   T25] usb 5-1: Manufacturer: syz
[  821.995792][   T25] usb 5-1: SerialNumber: syz
[  822.002901][   T25] usb 5-1: config 0 descriptor??
[  822.018120][   T29] audit: type=1326 audit(1738841027.272:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14948 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x7ffc0000
[  822.256179][   T25] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  822.640216][T14977] overlayfs: failed to resolve './file1': -2
[  823.373949][ T8418] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  823.421104][T14981] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2432'.
[  823.543947][ T8418] usb 2-1: Using ep0 maxpacket: 8
[  823.554933][ T8418] usb 2-1: config 2 interface 0 has no altsetting 0
[  823.575748][ T8418] usb 2-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10
[  823.603892][ T8418] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.612011][ T8418] usb 2-1: Product: syz
[  823.618170][ T8418] usb 2-1: Manufacturer: syz
[  823.622827][ T8418] usb 2-1: SerialNumber: syz
[  823.654024][ T2160] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  823.830123][ T2160] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.841183][ T2160] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.851617][ T2160] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  823.909296][ T2160] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  823.926374][T14993] Unknown options in mask 5
[  824.731755][ T2160] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.743706][ T2160] usb 6-1: config 0 descriptor??
[  824.833544][T14997] netlink: 'syz.0.2438': attribute type 8 has an invalid length.
[  824.849597][   T25] usb write operation failed. (-71)
[  824.878557][   T25] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  824.890288][   T25] dvbdev: DVB: registering new adapter (Terratec H7)
[  824.905910][   T25] usb 5-1: media controller created
[  824.916603][   T25] usb read operation failed. (-71)
[  824.922371][   T25] usb write operation failed. (-71)
[  824.937116][   T25] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  824.950889][   T25] usb 5-1: USB disconnect, device number 48
[  825.108455][ T8418] usb 2-1: USB disconnect, device number 34
[  825.232965][ T2160] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  825.298568][ T2160] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  825.591930][ T2160] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  825.920743][ T2160] usb 6-1: USB disconnect, device number 24
[  826.323790][T15012] overlayfs: failed to resolve './file1': -2
[  827.053468][T15018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2444'.
[  827.284347][T15024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  827.292978][T15024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  827.404076][T11366] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  828.605530][T15033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2448'.
[  829.815128][    T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  829.949265][T11366] usb 1-1: device descriptor read/all, error -71
[  829.958418][T15040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  830.016749][T15035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  830.100622][    T8] usb 5-1: device descriptor read/64, error -71
[  830.354264][    T8] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  830.494377][    T8] usb 5-1: device descriptor read/64, error -71
[  830.604806][    T8] usb usb5-port1: attempt power cycle
[  831.546814][T15054] netlink: 'syz.2.2452': attribute type 10 has an invalid length.
[  831.584397][ T8418] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  831.599817][T15054] bond0: (slave netdevsim0): Releasing backup interface
[  831.954461][ T8418] usb 2-1: Using ep0 maxpacket: 16
[  832.010717][T15069] 9pnet_virtio: no channels available for device syz
[  832.169846][ T8418] usb 2-1: config 4 has an invalid interface number: 229 but max is 0
[  832.551702][T15067] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  832.649188][ T8418] usb 2-1: config 4 has no interface number 0
[  832.656365][ T8418] usb 2-1: config 4 interface 229 has no altsetting 0
[  832.665539][ T8418] usb 2-1: New USB device found, idVendor=0c52, idProduct=2851, bcdDevice=d5.c3
[  832.674998][ T8418] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.683105][ T8418] usb 2-1: Product: syz
[  832.688642][ T8418] usb 2-1: Manufacturer: syz
[  832.693380][ T8418] usb 2-1: SerialNumber: syz
[  833.387788][T15050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  833.424351][T15050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  833.524545][ T8418] ftdi_sio 2-1:4.229: FTDI USB Serial Device converter detected
[  833.556280][ T8418] ftdi_sio ttyUSB0: unknown device type: 0xd5c3
[  833.711112][ T8418] usb 2-1: USB disconnect, device number 35
[  833.728008][ T8418] ftdi_sio 2-1:4.229: device disconnected
[  834.334260][ T5826] Bluetooth: hci2: unexpected event for opcode 0x0c47
[  837.986954][ T5826] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  837.995766][ T5826] Bluetooth: hci2: Injecting HCI hardware error event
[  838.006628][ T5835] Bluetooth: hci2: hardware error 0x00
[  838.979268][T15125] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input68
[  840.144221][ T5835] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  840.215289][T15131] dlm: non-version read from control device 178
[  840.490689][T15142] netlink: 'syz.1.2474': attribute type 1 has an invalid length.
[  843.079525][T15155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  843.152094][T15155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  843.934643][T15010] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  844.233903][T15010] usb 6-1: Using ep0 maxpacket: 32
[  844.262509][T15010] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88
[  844.294002][T15010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  844.316555][T15010] usb 6-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  844.364018][T15010] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.372060][T15010] usb 6-1: Product: syz
[  844.400747][T15010] usb 6-1: Manufacturer: syz
[  844.410666][T15010] usb 6-1: SerialNumber: syz
[  844.426751][T15010] usb 6-1: config 0 descriptor??
[  844.450194][T15010] usb 6-1: no audio or video endpoints found
[  845.078506][T15193] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2494'.
[  845.130387][T15193] batadv0: entered promiscuous mode
[  845.150234][T15193] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  845.168214][T15193] batadv0: left promiscuous mode
[  845.237204][T15201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2496'.
[  848.645128][    T8] usb 6-1: USB disconnect, device number 25
[  852.972597][T15267] x_tables: duplicate underflow at hook 2
[  853.136839][T15263] dvmrp0: entered allmulticast mode
[  855.057043][T15280] overlayfs: failed to clone upperpath
[  855.419520][T15286] bridge1: entered promiscuous mode
[  855.495287][T15286] bridge1: entered allmulticast mode
[  855.579511][T15286] team0: Port device bridge1 added
[  856.034118][T15010] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  856.666533][T15010] usb 2-1: config 0 has too many interfaces: 36, using maximum allowed: 32
[  856.698380][T15010] usb 2-1: config 0 has an invalid interface number: 82 but max is 35
[  856.727397][T15010] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 36
[  856.753883][T15010] usb 2-1: config 0 has no interface number 0
[  856.773952][T15010] usb 2-1: New USB device found, idVendor=08ca, idProduct=0104, bcdDevice=32.8f
[  856.853970][T15010] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.879127][T15010] usb 2-1: config 0 descriptor??
[  856.926448][T15010] gspca_main: sunplus-2.14.0 probing 08ca:0104
[  858.206829][   T29] kauditd_printk_skb: 50 callbacks suppressed
[  858.206868][   T29] audit: type=1326 audit(1738841063.772:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  858.235398][T15010] gspca_sunplus: reg_r err -110
[  858.312984][T15308] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  858.323997][T15010] sunplus 2-1:0.82: probe with driver sunplus failed with error -110
[  858.362385][   T29] audit: type=1326 audit(1738841063.772:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  858.435065][   T29] audit: type=1326 audit(1738841063.772:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  858.482409][   T29] audit: type=1326 audit(1738841063.772:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  858.520253][   T29] audit: type=1326 audit(1738841063.772:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  859.042932][ T5835] Bluetooth: hci0: command 0x0401 tx timeout
[  859.962918][   T29] audit: type=1326 audit(1738841063.782:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  859.967796][T14261] usb 2-1: USB disconnect, device number 37
[  859.985182][   T29] audit: type=1326 audit(1738841063.782:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  860.030801][   T29] audit: type=1326 audit(1738841063.782:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  860.112779][   T29] audit: type=1326 audit(1738841063.782:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  860.195475][   T29] audit: type=1326 audit(1738841064.192:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15309 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eadd8cde9 code=0x7ffc0000
[  862.189639][T15342] netlink: 'syz.0.2533': attribute type 1 has an invalid length.
[  862.317078][T15345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2533'.
[  862.358191][T15345] 8021q: adding VLAN 0 to HW filter on device bond4
[  862.432337][T15342] bond4: entered promiscuous mode
[  866.524514][T15391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2541'.
[  866.534513][T15391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2541'.
[  866.546234][T15391] netlink: 4432 bytes leftover after parsing attributes in process `syz.1.2541'.
[  867.488378][T15400] trusted_key: syz.5.2542 sent an empty control message without MSG_MORE.
[  869.371744][T15410] netlink: 'syz.5.2544': attribute type 4 has an invalid length.
[  869.489713][T15413] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2545'.
[  869.731654][T15427] fuse: Unknown parameter ''
[  870.044489][   T29] kauditd_printk_skb: 16 callbacks suppressed
[  870.044506][   T29] audit: type=1326 audit(1738841076.122:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.100099][   T29] audit: type=1326 audit(1738841076.122:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.123990][   T29] audit: type=1326 audit(1738841076.122:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.194105][   T29] audit: type=1326 audit(1738841076.122:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.281695][T15447] batadv1: entered promiscuous mode
[  870.287201][   T29] audit: type=1326 audit(1738841076.122:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.345894][   T29] audit: type=1326 audit(1738841076.122:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.369763][   T29] audit: type=1326 audit(1738841076.122:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.403873][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  870.410340][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  870.423604][   T29] audit: type=1326 audit(1738841076.122:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.448436][   T29] audit: type=1326 audit(1738841076.122:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.492149][   T29] audit: type=1326 audit(1738841076.122:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.5.2544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  870.790985][T14261] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  871.680775][T14261] usb 6-1: Using ep0 maxpacket: 16
[  871.691347][T14261] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  871.708187][T14261] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.726778][T14261] usb 6-1: Product: syz
[  871.737313][T14261] usb 6-1: Manufacturer: syz
[  871.742124][T14261] usb 6-1: SerialNumber: syz
[  871.793431][T14261] usb 6-1: config 0 descriptor??
[  871.804469][T15466] netlink: 4448 bytes leftover after parsing attributes in process `syz.4.2557'.
[  871.811443][T14261] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  871.813797][T15466] netlink: 4448 bytes leftover after parsing attributes in process `syz.4.2557'.
[  872.051819][T14261] ssu100 6-1:0.0: probe with driver ssu100 failed with error -5
[  873.082033][T15470] vcan0: entered promiscuous mode
[  873.104273][T15470] vlan2: entered promiscuous mode
[  873.114557][T15470] vcan0: left promiscuous mode
[  873.155030][T15481] fuse: Unknown parameter ''
[  873.375160][ T5875] usb 6-1: USB disconnect, device number 26
[  873.831839][T15497] 9pnet_virtio: no channels available for device syz
[  876.374075][    T8] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  876.534779][    T8] usb 2-1: Using ep0 maxpacket: 16
[  876.559924][    T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  876.604114][    T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  876.675494][    T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  876.694093][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.702125][    T8] usb 2-1: Product: syz
[  876.734214][    T8] usb 2-1: Manufacturer: syz
[  876.738866][    T8] usb 2-1: SerialNumber: syz
[  877.003508][T15527] fuse: Unknown parameter ''
[  877.494309][    T8] usb 2-1: 0:2 : does not exist
[  877.527555][    T8] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  878.022533][    T8] usb 2-1: USB disconnect, device number 38
[  878.254660][T15533] udevd[15533]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  878.365279][T15548] 9pnet_virtio: no channels available for device syz
[  881.645092][T15568] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2580'.
[  881.985275][T15578] netlink: 'syz.5.2582': attribute type 1 has an invalid length.
[  882.818980][T15585] fuse: Unknown parameter ''
[  883.536004][T15569] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  885.529108][T15606] 9pnet_virtio: no channels available for device syz
[  886.243388][T15608] sctp: [Deprecated]: syz.5.2590 (pid 15608) Use of struct sctp_assoc_value in delayed_ack socket option.
[  886.243388][T15608] Use struct sctp_sack_info instead
[  886.802938][T15615] netlink: 'syz.4.2593': attribute type 1 has an invalid length.
[  886.906059][T15615] bond2: entered promiscuous mode
[  887.040903][T15619] overlayfs: failed to clone upperpath
[  887.681940][T15615] 8021q: adding VLAN 0 to HW filter on device bond2
[  888.428958][T15634] 9pnet: p9_errstr2errno: server reported unknown error �@‚ÛL¹|	èþU¡
[  888.428958][T15634] 
[  889.493787][T15649] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  889.515378][T15649] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  889.627617][T15652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2601'.
[  889.765531][T15652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2601'.
[  889.796338][T15652] team0: entered promiscuous mode
[  889.854974][T15652] team_slave_0: entered promiscuous mode
[  890.764464][T15652] team_slave_1: entered promiscuous mode
[  890.981792][T15666] overlayfs: failed to clone upperpath
[  891.959174][T15652] team0: left promiscuous mode
[  891.967855][T15652] team_slave_0: left promiscuous mode
[  892.401812][T15652] team_slave_1: left promiscuous mode
[  892.474468][T15671] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2607'.
[  894.046465][T15688] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2613'.
[  894.055856][T15688] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2613'.
[  894.676392][T15674] kexec: Could not allocate control_code_buffer
[  895.920012][T15712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2623'.
[  895.995271][T15010] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  896.004268][T15713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2623'.
[  896.193524][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  896.208110][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  896.290018][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  896.300783][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  896.313044][ T5826] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  896.326099][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  896.721404][T15718] lo speed is unknown, defaulting to 1000
[  896.899680][T15010] usb 5-1: config 0 has no interfaces?
[  896.971237][T15010] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  896.992765][T15010] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.044946][T15010] usb 5-1: Product: syz
[  897.049161][T15010] usb 5-1: Manufacturer: syz
[  897.055386][T15729] FAULT_INJECTION: forcing a failure.
[  897.055386][T15729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  897.094240][T15010] usb 5-1: SerialNumber: syz
[  897.120114][T15010] usb 5-1: config 0 descriptor??
[  897.133533][T15729] CPU: 0 UID: 0 PID: 15729 Comm: syz.5.2625 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  897.133559][T15729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  897.133569][T15729] Call Trace:
[  897.133575][T15729]  <TASK>
[  897.133583][T15729]  dump_stack_lvl+0x241/0x360
[  897.133624][T15729]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.133648][T15729]  ? __pfx__printk+0x10/0x10
[  897.133676][T15729]  ? snprintf+0xda/0x120
[  897.133695][T15729]  should_fail_ex+0x40a/0x550
[  897.133719][T15729]  _copy_to_user+0x31/0xb0
[  897.133738][T15729]  simple_read_from_buffer+0xca/0x150
[  897.133761][T15729]  proc_fail_nth_read+0x1e9/0x250
[  897.133784][T15729]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  897.133806][T15729]  ? rw_verify_area+0x243/0x630
[  897.133833][T15729]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  897.133850][T15729]  vfs_read+0x1f8/0xb40
[  897.133879][T15729]  ? fdget_pos+0x254/0x320
[  897.133899][T15729]  ? __pfx___mutex_lock+0x10/0x10
[  897.133918][T15729]  ? __pfx_vfs_read+0x10/0x10
[  897.133940][T15729]  ? __fget_files+0x2a/0x410
[  897.133960][T15729]  ? __fget_files+0x395/0x410
[  897.133975][T15729]  ? __fget_files+0x2a/0x410
[  897.134002][T15729]  ksys_read+0x18f/0x2b0
[  897.134020][T15729]  ? __pfx_ksys_read+0x10/0x10
[  897.134036][T15729]  ? do_syscall_64+0x100/0x230
[  897.134061][T15729]  ? do_syscall_64+0xb6/0x230
[  897.134084][T15729]  do_syscall_64+0xf3/0x230
[  897.134105][T15729]  ? clear_bhb_loop+0x35/0x90
[  897.134130][T15729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.134150][T15729] RIP: 0033:0x7f1ead18b7fc
[  897.134166][T15729] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  897.134180][T15729] RSP: 002b:00007f1eadf04030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  897.134199][T15729] RAX: ffffffffffffffda RBX: 00007f1ead3a6080 RCX: 00007f1ead18b7fc
[  897.134211][T15729] RDX: 000000000000000f RSI: 00007f1eadf040a0 RDI: 0000000000000004
[  897.134222][T15729] RBP: 00007f1eadf04090 R08: 0000000000000000 R09: 0000000000000000
[  897.134233][T15729] R10: 0000000000010010 R11: 0000000000000246 R12: 0000000000000001
[  897.134243][T15729] R13: 0000000000000000 R14: 00007f1ead3a6080 R15: 00007ffed9e83f78
[  897.134270][T15729]  </TASK>
[  897.430692][T15732] 9pnet_virtio: no channels available for device syz
[  897.828146][T15010] usb 5-1: USB disconnect, device number 52
[  897.880275][T15718] chnl_net:caif_netlink_parms(): no params data found
[  897.924852][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  897.924869][   T29] audit: type=1326 audit(1738841104.012:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15706 comm="syz.4.2621" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3422d8cde9 code=0x0
[  898.465578][ T5826] Bluetooth: hci5: command tx timeout
[  898.567023][T15718] bridge0: port 1(bridge_slave_0) entered blocking state
[  898.654040][T15718] bridge0: port 1(bridge_slave_0) entered disabled state
[  898.661317][T15718] bridge_slave_0: entered allmulticast mode
[  898.720093][T15718] bridge_slave_0: entered promiscuous mode
[  898.736279][T15718] bridge0: port 2(bridge_slave_1) entered blocking state
[  898.743788][T15718] bridge0: port 2(bridge_slave_1) entered disabled state
[  898.756368][T15718] bridge_slave_1: entered allmulticast mode
[  898.792229][T15718] bridge_slave_1: entered promiscuous mode
[  899.671178][T15718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  899.699014][T15718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  900.208840][T15759] bridge2: the hash_elasticity option has been deprecated and is always 16
[  900.280484][T15718] team0: Port device team_slave_0 added
[  900.307762][T15718] team0: Port device team_slave_1 added
[  900.405677][T15718] batman_adv: batadv0: Adding interface: batadv_slave_0
[  900.433149][T15010] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  900.434120][T15718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.513958][T15718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  900.544237][ T5826] Bluetooth: hci5: command tx timeout
[  900.554668][T15718] batman_adv: batadv0: Adding interface: batadv_slave_1
[  900.561645][T15718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.589391][T15718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  900.615510][T15010] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  900.625999][T15010] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.650902][T15010] usb 1-1: config 0 descriptor??
[  900.662305][T15010] cp210x 1-1:0.0: cp210x converter detected
[  900.732841][T15718] hsr_slave_0: entered promiscuous mode
[  900.757914][T15718] hsr_slave_1: entered promiscuous mode
[  900.779446][T15718] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  900.794542][T15718] Cannot create hsr debugfs directory
[  900.920886][T15770] 9pnet_virtio: no channels available for device syz
[  902.427349][T15718] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  902.435424][T15785] netlink: 'syz.4.2638': attribute type 1 has an invalid length.
[  902.438356][T15718] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.635622][ T5826] Bluetooth: hci5: command tx timeout
[  902.656353][  T974] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  902.929488][  T974] usb 6-1: config 0 has no interfaces?
[  902.980723][  T974] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  902.990637][  T974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.033437][  T974] usb 6-1: Product: syz
[  903.056766][  T974] usb 6-1: Manufacturer: syz
[  903.110636][  T974] usb 6-1: SerialNumber: syz
[  903.151869][T15718] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  903.166426][  T974] usb 6-1: config 0 descriptor??
[  903.175373][T15718] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.206319][T15788] bond3: entered promiscuous mode
[  903.217909][T15788] 8021q: adding VLAN 0 to HW filter on device bond3
[  903.315112][T15718] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  903.327771][T15718] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.905496][  T974] usb 6-1: USB disconnect, device number 27
[  904.074188][   T29] audit: type=1326 audit(1738841110.132:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15780 comm="syz.5.2639" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x0
[  904.163774][T15718] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  904.175344][T15718] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.427606][T15718] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  904.440335][T15718] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  904.464477][T15718] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  904.489252][T15718] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  904.630496][T15718] 8021q: adding VLAN 0 to HW filter on device bond0
[  904.664186][T15718] 8021q: adding VLAN 0 to HW filter on device team0
[  904.677759][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.684982][ T6245] bridge0: port 1(bridge_slave_0) entered forwarding state
[  904.714318][ T6245] bridge0: port 2(bridge_slave_1) entered blocking state
[  904.716787][ T5826] Bluetooth: hci5: command tx timeout
[  904.721424][ T6245] bridge0: port 2(bridge_slave_1) entered forwarding state
[  905.787807][T15816] netlink: 'syz.1.2647': attribute type 5 has an invalid length.
[  905.795875][T15816] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2647'.
[  906.012819][T15010] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -110
[  906.129003][T15010] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -32
[  906.971469][T15010] cp210x 1-1:0.0: GPIO initialisation failed: -32
[  907.017367][T15010] usb 1-1: cp210x converter now attached to ttyUSB0
[  907.598556][T15010] usb 1-1: USB disconnect, device number 32
[  907.624716][T15010] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  907.650038][T15010] cp210x 1-1:0.0: device disconnected
[  907.722286][T15718] 8021q: adding VLAN 0 to HW filter on device batadv0
[  907.924527][ T8418] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  908.146520][ T8418] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  908.239968][ T8418] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  908.244732][T15718] veth0_vlan: entered promiscuous mode
[  908.285144][ T8418] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  908.388294][T15718] veth1_vlan: entered promiscuous mode
[  908.394500][ T8418] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  908.424088][ T8418] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.509570][ T8418] usb 6-1: config 0 descriptor??
[  908.537024][T15718] veth0_macvtap: entered promiscuous mode
[  908.558521][T15718] veth1_macvtap: entered promiscuous mode
[  908.597592][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.628800][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.642735][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.667341][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.687134][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.708219][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.728624][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.838496][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.848638][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.859735][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.870747][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.881481][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.897648][T15718] batman_adv: batadv0: Interface activated: batadv_slave_0
[  909.570530][ T8418] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[  909.664311][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.674165][ T5956] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  909.675954][ T8418] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  909.690109][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.700861][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.714118][ T8418] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  909.735404][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.753119][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.764842][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.775222][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.786366][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.801320][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.827650][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.838307][T15718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.849553][T15718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.069432][T15854] netlink: ct family unspecified
[  910.074710][T15854] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  911.145190][T11366] usb 6-1: USB disconnect, device number 28
[  911.156868][ T5956] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  911.180374][T15718] batman_adv: batadv0: Interface activated: batadv_slave_1
[  911.209941][ T5956] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  911.224277][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.246540][T15718] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  911.259717][ T5956] usb 2-1: Product: syz
[  911.272226][T15718] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  911.282124][ T5956] usb 2-1: Manufacturer: syz
[  911.294138][ T5956] usb 2-1: SerialNumber: syz
[  911.312137][T15718] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  911.324405][ T5956] usb 2-1: config 0 descriptor??
[  911.338282][T15718] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  911.372117][ T5956] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  911.458652][T15600] udevd[15600]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  911.488974][T15821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.507756][T15821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.546421][ T5956] usb 2-1: USB disconnect, device number 39
[  911.547941][ T6245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.566398][   T29] audit: type=1326 audit(1738841117.642:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15844 comm="syz.1.2657" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412518cde9 code=0x0
[  911.588023][T14261] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  911.596022][ T6245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.687743][T15866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2662'.
[  911.874011][T14261] usb 5-1: Using ep0 maxpacket: 16
[  911.888835][T14261] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  911.900302][T14261] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  911.925438][T14261] usb 5-1: New USB device found, idVendor=0582, idProduct=87d1, bcdDevice=f8.e7
[  911.934901][T14261] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.943161][T14261] usb 5-1: Product: syz
[  911.955132][T14261] usb 5-1: Manufacturer: syz
[  911.960001][T14261] usb 5-1: SerialNumber: syz
[  912.174939][T14261] usb 5-1: config 0 descriptor??
[  912.693505][T14261] usb 5-1: USB disconnect, device number 53
[  912.928401][T15600] udevd[15600]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  913.671665][T15894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2670'.
[  914.073996][T11366] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  915.139559][T11366] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.251709][T11366] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  915.254403][T15907] Bluetooth: (null): Invalid header checksum
[  915.272860][T11366] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  915.304609][T11366] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  915.353721][T11366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.357412][   T57] Bluetooth: (null): Invalid header checksum
[  915.400877][T11366] usb 5-1: config 0 descriptor??
[  915.583950][   T57] Bluetooth: (null): Invalid header checksum
[  916.653237][T11366] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[  916.661441][T11366] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[  916.693706][T11366] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  920.069455][T15935] netlink: 'syz.2.2681': attribute type 2 has an invalid length.
[  920.283110][T15935] lo speed is unknown, defaulting to 1000
[  920.740101][ T5956] usb 5-1: reset high-speed USB device number 54 using dummy_hcd
[  921.368756][T15939] lo speed is unknown, defaulting to 1000
[  922.084227][T14261] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  922.275346][T14261] usb 3-1: Using ep0 maxpacket: 16
[  922.828131][T14261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  922.874139][T14261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  922.893939][T14261] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  922.912355][T14261] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.034853][T11366] usb 5-1: USB disconnect, device number 54
[  923.118225][ T2160] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  923.161559][T14261] usb 3-1: config 0 descriptor??
[  923.358335][ T2160] usb 2-1: not running at top speed; connect to a high speed hub
[  923.441552][ T2160] usb 2-1: config 205 has an invalid interface number: 10 but max is 3
[  923.589906][ T2160] usb 2-1: config 205 has an invalid interface number: 193 but max is 3
[  923.876549][ T2160] usb 2-1: config 205 has an invalid descriptor of length 231, skipping remainder of the config
[  923.889736][ T2160] usb 2-1: config 205 has 2 interfaces, different from the descriptor's value: 4
[  923.904261][ T2160] usb 2-1: config 205 has no interface number 0
[  923.910705][ T2160] usb 2-1: config 205 has no interface number 1
[  923.924545][ T2160] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x1 has invalid maxpacket 23451, setting to 64
[  923.936791][ T2160] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xC has invalid maxpacket 512, setting to 64
[  923.957531][ T2160] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  923.973372][ T2160] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x5 has invalid maxpacket 57260, setting to 64
[  923.992574][ T2160] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  924.040891][ T2160] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  924.163751][ T2160] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0xA, skipping
[  924.287565][ T2160] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  924.470688][ T2160] usb 2-1: config 205 interface 10 altsetting 4 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  924.589406][ T2160] usb 2-1: config 205 interface 193 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  924.628426][T14261] usbhid 3-1:0.0: can't add hid device: -71
[  925.533197][T14261] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  925.545541][ T2160] usb 2-1: config 205 interface 10 has no altsetting 0
[  925.560688][ T2160] usb 2-1: config 205 interface 193 has no altsetting 0
[  925.570267][T14261] usb 3-1: USB disconnect, device number 14
[  925.671791][ T2160] usb 2-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=3b.77
[  925.725315][ T2160] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.749745][ T2160] usb 2-1: Product: 빠瞙蕌꜖戎탵篣俌鲈牳Ⲿ㴤㖟⻙ਗ豥횊�酥��麯ⷦ늚箑ԩ饨㕈ഉڇ�ጸ膑䀮镫꫷�氱ಡ௲땲甗갷ᘷ책䗉镅㕑雄㛲桳稌⧰啨풕ᅅ캻ཙ쮕䰞�嫶䣊壞☎輸螚䕂墌ퟕᆔ懡粷啯憺�當�專�⛔ﲤ跗뎵茨絛堑氪颲謗൦킱絮믩�텢陮ᳬ姒唱岮莧쵌擥ఄ䎪냸㰪羗斞劚
[  925.784269][    C1] vkms_vblank_simulate: vblank timer overrun
[  925.916100][ T2160] usb 2-1: Manufacturer: à š
[  925.921368][ T2160] usb 2-1: SerialNumber: �
[  925.932721][T15956] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  925.940275][T15956] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  927.168816][ T2160] usb 2-1: Expected 3 endpoints, found: 7
[  927.192028][ T2160] usb 2-1: USB disconnect, device number 40
[  928.682687][ T2160] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  929.314206][   T25] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  930.011278][ T2160] usb 6-1: unable to get BOS descriptor or descriptor too short
[  930.028380][ T2160] usb 6-1: config 3 has an invalid interface number: 101 but max is 0
[  930.039435][ T2160] usb 6-1: config 3 has no interface number 0
[  930.046494][   T25] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  930.057861][ T2160] usb 6-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  930.070293][   T25] usb 2-1: config 0 interface 0 has no altsetting 0
[  930.084217][ T2160] usb 6-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  930.104160][ T2160] usb 6-1: config 3 interface 101 has no altsetting 0
[  930.112473][   T25] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  930.123914][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.136596][T16008] mkiss: ax0: crc mode is auto.
[  930.142413][   T25] usb 2-1: Product: syz
[  930.147301][   T25] usb 2-1: Manufacturer: syz
[  930.163622][   T25] usb 2-1: SerialNumber: syz
[  930.168537][ T2160] usb 6-1: string descriptor 0 read error: -22
[  930.178030][ T2160] usb 6-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  930.189474][   T25] usb 2-1: config 0 descriptor??
[  930.208879][ T2160] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.228414][   T25] usb 2-1: selecting invalid altsetting 0
[  930.237492][T15995] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  930.246284][T15995] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  930.318622][ T2160] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  930.366241][T16010] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  930.372803][T16010] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  930.400193][ T2160] snd-usb-audio 6-1:3.101: probe with driver snd-usb-audio failed with error -2
[  930.520233][T15995] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2697'.
[  930.531069][T16010] vhci_hcd vhci_hcd.0: Device attached
[  930.704332][  T974] vhci_hcd: vhci_device speed not set
[  930.942560][ T5956] usb 2-1: USB disconnect, device number 41
[  931.080963][  T974] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  931.352158][T16014] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6)
[  931.358894][T16014] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  931.384823][   T29] audit: type=1326 audit(1738841137.452:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15998 comm="syz.1.2700" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f412518cde9 code=0x0
[  931.426415][ T2160] usb 6-1: USB disconnect, device number 29
[  931.489967][T16014] vhci_hcd vhci_hcd.0: Device attached
[  931.545425][T16010] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(5)
[  931.551985][T16010] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  931.718731][T16021] udevd[16021]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  931.782731][T16022] udevd[16022]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:3.101/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  931.791431][T16010] vhci_hcd vhci_hcd.0: Device attached
[  931.826387][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  931.832676][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  933.165148][T16037] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(10)
[  933.171855][T16037] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  933.426449][ T2160] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  933.724727][T16037] vhci_hcd vhci_hcd.0: Device attached
[  933.905955][ T2160] usb 6-1: not running at top speed; connect to a high speed hub
[  933.917000][T16011] vhci_hcd: connection reset by peer
[  933.925837][T16028] vhci_hcd: connection closed
[  933.936443][T16016] vhci_hcd: connection closed
[  933.942137][T16038] vhci_hcd: connection closed
[  933.964091][ T2160] usb 6-1: config 205 has an invalid interface number: 10 but max is 3
[  934.004048][   T12] vhci_hcd: stop threads
[  934.007849][ T2160] usb 6-1: config 205 has an invalid interface number: 193 but max is 3
[  934.024362][   T12] vhci_hcd: release socket
[  934.032914][ T2160] usb 6-1: config 205 has an invalid descriptor of length 231, skipping remainder of the config
[  934.042791][   T12] vhci_hcd: disconnect device
[  934.057171][   T12] vhci_hcd: stop threads
[  934.080401][   T12] vhci_hcd: release socket
[  934.080545][ T2160] usb 6-1: config 205 has 2 interfaces, different from the descriptor's value: 4
[  934.590057][   T12] vhci_hcd: disconnect device
[  934.599910][   T12] vhci_hcd: stop threads
[  934.604442][   T12] vhci_hcd: release socket
[  934.609070][   T12] vhci_hcd: disconnect device
[  934.621280][   T12] vhci_hcd: stop threads
[  934.626410][   T12] vhci_hcd: release socket
[  934.634024][ T2160] usb 6-1: config 205 has no interface number 0
[  934.655612][ T2160] usb 6-1: config 205 has no interface number 1
[  934.768581][ T2160] usb 6-1: config 205 interface 10 altsetting 4 endpoint 0x1 has invalid maxpacket 23451, setting to 64
[  934.784129][ T2160] usb 6-1: config 205 interface 10 altsetting 4 endpoint 0xC has invalid maxpacket 512, setting to 64
[  934.801680][ T2160] usb 6-1: config 205 interface 10 altsetting 4 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  935.603747][   T12] vhci_hcd: disconnect device
[  935.647063][ T2160] usb 6-1: config 205 interface 10 altsetting 4 endpoint 0x5 has invalid maxpacket 57260, setting to 64
[  935.744343][ T2160] usb 6-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  935.785141][ T2160] usb 6-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  935.829551][ T2160] usb 6-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0xA, skipping
[  935.851431][ T2160] usb 6-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  935.865888][ T2160] usb 6-1: config 205 interface 10 altsetting 4 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  935.911916][ T2160] usb 6-1: config 205 interface 193 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  936.054762][ T2160] usb 6-1: config 205 interface 10 has no altsetting 0
[  936.147803][ T2160] usb 6-1: config 205 interface 193 has no altsetting 0
[  936.393467][ T2160] usb 6-1: string descriptor 0 read error: -71
[  936.404285][ T2160] usb 6-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=3b.77
[  936.423956][ T2160] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.539357][  T974] vhci_hcd: vhci_device speed not set
[  937.041354][ T2160] usb 6-1: can't set config #205, error -71
[  937.120062][ T2160] usb 6-1: USB disconnect, device number 30
[  938.694262][T16086] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input69
[  938.755847][ T2160] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  939.971496][T16093] 9pnet: Could not find request transport: uni
[  942.672157][T15010] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  943.546808][T15010] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  943.714820][T15010] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.203591][T15010] usb 2-1: config 0 descriptor??
[  944.515338][T16135] FAULT_INJECTION: forcing a failure.
[  944.515338][T16135] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  944.548983][T16135] CPU: 1 UID: 0 PID: 16135 Comm: syz.5.2732 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  944.549009][T16135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  944.549020][T16135] Call Trace:
[  944.549029][T16135]  <TASK>
[  944.549035][T16135]  dump_stack_lvl+0x241/0x360
[  944.549066][T16135]  ? __pfx_dump_stack_lvl+0x10/0x10
[  944.549089][T16135]  ? __pfx__printk+0x10/0x10
[  944.549112][T16135]  ? __pfx_lock_release+0x10/0x10
[  944.549139][T16135]  should_fail_ex+0x40a/0x550
[  944.549163][T16135]  _copy_from_user+0x2d/0xb0
[  944.549179][T16135]  copy_msghdr_from_user+0xae/0x680
[  944.549204][T16135]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  944.549222][T16135]  ? __fget_files+0x2a/0x410
[  944.549245][T16135]  ? __fget_files+0x2a/0x410
[  944.549272][T16135]  __sys_sendmsg+0x209/0x350
[  944.549293][T16135]  ? __pfx___sys_sendmsg+0x10/0x10
[  944.549321][T16135]  ? do_sys_openat2+0x17a/0x1d0
[  944.549367][T16135]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  944.549388][T16135]  ? do_syscall_64+0x100/0x230
[  944.549412][T16135]  ? do_syscall_64+0xb6/0x230
[  944.549436][T16135]  do_syscall_64+0xf3/0x230
[  944.549456][T16135]  ? clear_bhb_loop+0x35/0x90
[  944.549486][T16135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  944.549507][T16135] RIP: 0033:0x7f1ead18cde9
[  944.549522][T16135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  944.549536][T16135] RSP: 002b:00007f1eadf04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  944.549554][T16135] RAX: ffffffffffffffda RBX: 00007f1ead3a6080 RCX: 00007f1ead18cde9
[  944.549567][T16135] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  944.549577][T16135] RBP: 00007f1eadf04090 R08: 0000000000000000 R09: 0000000000000000
[  944.549587][T16135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  944.549596][T16135] R13: 0000000000000001 R14: 00007f1ead3a6080 R15: 00007ffed9e83f78
[  944.549622][T16135]  </TASK>
[  944.984610][T15010] elan 0003:04F3:0755.0014: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  945.039115][T15010] usb 2-1: USB disconnect, device number 42
[  946.623791][T16151] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input70
[  948.534647][ T5956] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  949.546359][ T5956] usb 5-1: Using ep0 maxpacket: 32
[  949.574471][ T5956] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  949.582508][ T5956] usb 5-1: config 0 has no interface number 0
[  949.727751][ T5956] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  949.747222][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.777530][ T5956] usb 5-1: Product: syz
[  949.792247][ T5956] usb 5-1: Manufacturer: syz
[  949.823903][ T5956] usb 5-1: SerialNumber: syz
[  949.840832][ T5956] usb 5-1: config 0 descriptor??
[  949.891387][ T5956] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  949.944278][ T5956] usb 5-1: selecting invalid altsetting 1
[  949.965806][ T5956] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  950.115026][T16192] fuse: Unknown parameter ''
[  950.931820][ T5956] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  951.058316][ T5956] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  951.183611][ T5956] usb 5-1: media controller created
[  951.758191][ T5956] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  951.876669][ T5956] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  951.930696][ T5956] zl10353_read_register: readreg error (reg=127, ret==-71)
[  952.023945][ T5956] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  952.457299][ T5956] usb 5-1: USB disconnect, device number 55
[  953.744030][T15010] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  954.937401][T16229] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input71
[  955.308293][T15010] usb 2-1: not running at top speed; connect to a high speed hub
[  955.322499][T15010] usb 2-1: config 205 has an invalid interface number: 10 but max is 3
[  955.334202][T15010] usb 2-1: config 205 has an invalid interface number: 193 but max is 3
[  955.342716][T15010] usb 2-1: config 205 has an invalid descriptor of length 231, skipping remainder of the config
[  955.764082][T15010] usb 2-1: config 205 has 2 interfaces, different from the descriptor's value: 4
[  955.983960][T15010] usb 2-1: config 205 has no interface number 0
[  955.990288][T15010] usb 2-1: config 205 has no interface number 1
[  956.027120][T15010] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x1 has invalid maxpacket 23451, setting to 64
[  956.117445][T15010] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xC has invalid maxpacket 512, setting to 64
[  956.199643][T15010] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  956.251122][T15010] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x5 has invalid maxpacket 57260, setting to 64
[  956.424411][T15010] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  956.634152][ T5956] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  956.643533][T15010] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  956.704080][T15010] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0xA, skipping
[  956.738614][T15010] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  956.951529][T15010] usb 2-1: config 205 interface 10 altsetting 4 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  957.014174][T15010] usb 2-1: config 205 interface 193 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  957.035700][ T5956] usb 6-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  957.064070][T15010] usb 2-1: config 205 interface 10 has no altsetting 0
[  957.065169][ T5956] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.081602][T16251] netlink: 'syz.2.2763': attribute type 1 has an invalid length.
[  957.101826][T15010] usb 2-1: config 205 interface 193 has no altsetting 0
[  957.140872][T15010] usb 2-1: string descriptor 0 read error: -71
[  957.156288][ T5956] usb 6-1: config 0 descriptor??
[  957.184185][T15010] usb 2-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=3b.77
[  957.185949][ T5956] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input72
[  957.237408][T16251] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2763'.
[  957.326247][T15010] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.445283][T16251] bond1: entered promiscuous mode
[  957.814642][T15010] usb 2-1: can't set config #205, error -71
[  957.834825][T16251] 8021q: adding VLAN 0 to HW filter on device bond1
[  957.867389][T15010] usb 2-1: USB disconnect, device number 43
[  958.149479][T16258] usb usb8: usbfs: process 16258 (syz.4.2765) did not claim interface 0 before use
[  958.778260][T16268] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input73
[  960.548492][  T974] usb 6-1: USB disconnect, device number 32
[  960.784406][ T5956] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  960.959575][ T5875] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  961.345003][ T5956] usb 2-1: not running at top speed; connect to a high speed hub
[  961.373919][ T5956] usb 2-1: config 205 has an invalid interface number: 10 but max is 3
[  961.384065][ T5875] usb 1-1: Using ep0 maxpacket: 32
[  961.392813][ T5956] usb 2-1: config 205 has an invalid interface number: 193 but max is 3
[  961.402605][ T5875] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  961.509384][ T5875] usb 1-1: config 0 has no interface number 0
[  961.519275][ T5956] usb 2-1: config 205 has an invalid descriptor of length 231, skipping remainder of the config
[  961.534400][ T5956] usb 2-1: config 205 has 2 interfaces, different from the descriptor's value: 4
[  961.554025][ T5956] usb 2-1: config 205 has no interface number 0
[  961.554694][ T5875] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  961.580367][ T5956] usb 2-1: config 205 has no interface number 1
[  961.589464][ T5956] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x1 has invalid maxpacket 23451, setting to 64
[  961.612101][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.623876][ T5956] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xC has invalid maxpacket 512, setting to 64
[  961.643896][ T5875] usb 1-1: Product: syz
[  961.654523][ T5875] usb 1-1: Manufacturer: syz
[  961.669677][ T5875] usb 1-1: SerialNumber: syz
[  961.674581][ T5956] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  961.725230][ T5875] usb 1-1: config 0 descriptor??
[  961.744286][ T5956] usb 2-1: config 205 interface 10 altsetting 4 endpoint 0x5 has invalid maxpacket 57260, setting to 64
[  961.844887][ T5956] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  961.880698][ T5875] usb 1-1: can't set config #0, error -71
[  961.924605][ T5956] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  961.943975][ T5875] usb 1-1: USB disconnect, device number 33
[  961.973925][ T5956] usb 2-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0xA, skipping
[  962.018918][ T5956] usb 2-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  962.054345][T16296] netlink: 'syz.5.2774': attribute type 4 has an invalid length.
[  962.073616][ T5956] usb 2-1: config 205 interface 10 altsetting 4 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  962.148044][ T5956] usb 2-1: config 205 interface 193 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  962.179956][T16296] netlink: 'syz.5.2774': attribute type 6 has an invalid length.
[  962.200330][T16296] IPv6: NLM_F_CREATE should be specified when creating new route
[  962.214278][ T5956] usb 2-1: config 205 interface 10 has no altsetting 0
[  962.229979][ T5956] usb 2-1: config 205 interface 193 has no altsetting 0
[  962.542679][T16301] overlayfs: missing 'lowerdir'
[  963.135584][ T5956] usb 2-1: string descriptor 0 read error: -71
[  963.174233][ T5956] usb 2-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=3b.77
[  963.305504][T16304] netlink: 'syz.0.2778': attribute type 1 has an invalid length.
[  963.349279][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  963.373622][T16306] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2778'.
[  963.394422][   T29] audit: type=1326 audit(1738841169.452:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.474634][ T5956] usb 2-1: can't set config #205, error -71
[  963.526595][ T5956] usb 2-1: USB disconnect, device number 44
[  963.534717][T16304] bond5: entered promiscuous mode
[  963.545009][   T29] audit: type=1326 audit(1738841169.452:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.570774][T16304] 8021q: adding VLAN 0 to HW filter on device bond5
[  963.585813][   T29] audit: type=1326 audit(1738841169.452:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.691263][   T29] audit: type=1326 audit(1738841169.452:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.831610][T16315] loop7: detected capacity change from 0 to 16384
[  963.866795][   T29] audit: type=1326 audit(1738841169.452:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.908349][T16314] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap3
[  963.963921][   T29] audit: type=1326 audit(1738841169.452:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  963.987035][T16314] batman_adv: batadv0: Adding interface: ip6gretap3
[  964.044032][T16314] batman_adv: batadv0: The MTU of interface ip6gretap3 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  964.054589][T16316] loop7: detected capacity change from 16384 to 16382
[  964.087640][   T29] audit: type=1326 audit(1738841169.452:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  964.142994][T16314] batman_adv: batadv0: Interface activated: ip6gretap3
[  964.166634][   T29] audit: type=1326 audit(1738841169.452:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  964.194113][T15934] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  964.222358][T16314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2782'.
[  964.310058][   T29] audit: type=1326 audit(1738841169.452:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  964.402612][   T29] audit: type=1326 audit(1738841169.452:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16285 comm="syz.5.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ead18cde9 code=0x7fc00000
[  964.486961][T15934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  964.508385][T15934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.523939][T15934] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  964.558107][T15934] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  964.614507][T15934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.662244][T15934] usb 5-1: config 0 descriptor??
[  965.294238][ T8418] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  965.947517][ T8418] usb 1-1: not running at top speed; connect to a high speed hub
[  966.001027][T15934] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  966.004091][ T8418] usb 1-1: config 205 has an invalid interface number: 10 but max is 3
[  966.020176][T15934] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  966.047565][ T8418] usb 1-1: config 205 has an invalid interface number: 193 but max is 3
[  966.071634][T15934] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  966.137637][ T8418] usb 1-1: config 205 has an invalid descriptor of length 231, skipping remainder of the config
[  966.179099][ T8418] usb 1-1: config 205 has 2 interfaces, different from the descriptor's value: 4
[  966.228530][ T8418] usb 1-1: config 205 has no interface number 0
[  966.247306][ T8418] usb 1-1: config 205 has no interface number 1
[  966.284040][ T8418] usb 1-1: config 205 interface 10 altsetting 4 endpoint 0x1 has invalid maxpacket 23451, setting to 64
[  966.319145][ T8418] usb 1-1: config 205 interface 10 altsetting 4 endpoint 0xC has invalid maxpacket 512, setting to 64
[  966.373994][ T8418] usb 1-1: config 205 interface 10 altsetting 4 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  966.412547][ T8418] usb 1-1: config 205 interface 10 altsetting 4 endpoint 0x5 has invalid maxpacket 57260, setting to 64
[  966.713640][ T8418] usb 1-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  966.986745][ T8418] usb 1-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  967.157654][ T8418] usb 1-1: config 205 interface 10 altsetting 4 has a duplicate endpoint with address 0xA, skipping
[  967.171752][ T8418] usb 1-1: config 205 interface 10 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  967.664420][ T8418] usb 1-1: config 205 interface 10 altsetting 4 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  967.804144][ T8418] usb 1-1: config 205 interface 193 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  967.875586][ T8418] usb 1-1: config 205 interface 10 has no altsetting 0
[  967.882505][ T8418] usb 1-1: config 205 interface 193 has no altsetting 0
[  967.912269][ T8418] usb 1-1: string descriptor 0 read error: -71
[  967.953963][ T8418] usb 1-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=3b.77
[  968.013534][ T8418] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.032393][ T8418] usb 1-1: can't set config #205, error -71
[  968.054301][ T8418] usb 1-1: USB disconnect, device number 34
[  968.425366][ T8418] usb 5-1: USB disconnect, device number 56
[  969.316824][T16339] overlayfs: missing 'lowerdir'
[  969.770725][T16347] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer.
[  970.627015][T16357] netlink: ct family unspecified
[  970.632121][T16357] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  974.536362][T16397] netlink: ct family unspecified
[  974.541366][T16397] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  974.843966][ T8418] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  974.994707][ T8418] usb 1-1: Using ep0 maxpacket: 16
[  975.063195][ T8418] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  975.084807][ T8418] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.093786][ T8418] usb 1-1: Product: syz
[  975.100845][ T8418] usb 1-1: Manufacturer: syz
[  975.106041][ T8418] usb 1-1: SerialNumber: syz
[  975.120700][ T8418] r8152-cfgselector 1-1: Unknown version 0x0000
[  975.127234][ T8418] r8152-cfgselector 1-1: config 0 descriptor??
[  975.337757][ T8418] r8152-cfgselector 1-1: Needed 2 retries to read version
[  975.345319][ T8418] r8152-cfgselector 1-1: Unknown version 0x5cf0
[  975.351848][ T8418] r8152-cfgselector 1-1: bad CDC descriptors
[  975.541968][ T8418] r8152-cfgselector 1-1: USB disconnect, device number 35
[  975.727217][T16413] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2813'.
[  976.211536][ T5875] libceph: connect (1)[c::]:6789 error -101
[  976.218144][ T5875] libceph: mon0 (1)[c::]:6789 connect error
[  977.078108][  T974] libceph: connect (1)[c::]:6789 error -101
[  977.251753][  T974] libceph: mon0 (1)[c::]:6789 connect error
[  977.348310][T16427] netlink: 'syz.0.2816': attribute type 21 has an invalid length.
[  977.438474][T16415] ceph: No mds server is up or the cluster is laggy
[  977.795563][  T974] libceph: connect (1)[c::]:6789 error -101
[  977.801620][  T974] libceph: mon0 (1)[c::]:6789 connect error
[  978.621009][T16444] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input74
[  980.257155][T16465] batadv_slave_1: entered promiscuous mode
[  981.194961][T16464] batadv_slave_1: left promiscuous mode
[  983.293522][T16500] netlink: 'syz.1.2840': attribute type 1 has an invalid length.
[  984.712976][T16508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2840'.
[  984.895951][T16508] 8021q: adding VLAN 0 to HW filter on device bond5
[  985.254710][T16532] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2848'.
[  985.273778][T16532] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2848'.
[  985.284065][T16532] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2848'.
[  985.394182][T15934] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  985.512882][T16512] FAULT_INJECTION: forcing a failure.
[  985.512882][T16512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  985.527033][T16512] CPU: 1 UID: 0 PID: 16512 Comm: syz.5.2842 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  985.527057][T16512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  985.527079][T16512] Call Trace:
[  985.527085][T16512]  <TASK>
[  985.527092][T16512]  dump_stack_lvl+0x241/0x360
[  985.527124][T16512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  985.527148][T16512]  ? __pfx__printk+0x10/0x10
[  985.527171][T16512]  ? __pfx_lock_release+0x10/0x10
[  985.527199][T16512]  should_fail_ex+0x40a/0x550
[  985.527221][T16512]  set_fd_set+0x3a/0xa0
[  985.527240][T16512]  core_sys_select+0x72c/0x910
[  985.527266][T16512]  ? __pfx_core_sys_select+0x10/0x10
[  985.527286][T16512]  ? ksys_write+0x22a/0x2b0
[  985.527326][T16512]  ? __pfx_set_user_sigmask+0x10/0x10
[  985.527344][T16512]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  985.527363][T16512]  ? __fget_files+0x2a/0x410
[  985.527386][T16512]  __se_sys_pselect6+0x321/0x3e0
[  985.527411][T16512]  ? __pfx___se_sys_pselect6+0x10/0x10
[  985.527428][T16512]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  985.527448][T16512]  ? do_syscall_64+0x100/0x230
[  985.527471][T16512]  ? __x64_sys_pselect6+0x21/0xf0
[  985.527492][T16512]  do_syscall_64+0xf3/0x230
[  985.527509][T16512]  ? clear_bhb_loop+0x35/0x90
[  985.527524][T16512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.527536][T16512] RIP: 0033:0x7f1ead18cde9
[  985.527545][T16512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  985.527553][T16512] RSP: 002b:00007f1eadf25038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  985.527565][T16512] RAX: ffffffffffffffda RBX: 00007f1ead3a5fa0 RCX: 00007f1ead18cde9
[  985.527572][T16512] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  985.527578][T16512] RBP: 00007f1eadf25090 R08: 0000000000000000 R09: 0000000000000000
[  985.527584][T16512] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  985.527589][T16512] R13: 0000000000000000 R14: 00007f1ead3a5fa0 R15: 00007ffed9e83f78
[  985.527603][T16512]  </TASK>
[  985.739735][  T974] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  985.747698][T15934] usb 1-1: Using ep0 maxpacket: 16
[  985.755748][T15934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  985.779707][T15934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  985.800608][T15934] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  985.822792][T15934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  985.866746][T15934] usb 1-1: config 0 descriptor??
[  986.024275][  T974] usb 5-1: Using ep0 maxpacket: 16
[  986.032379][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  986.045173][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  986.922904][  T974] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  986.936974][  T974] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  986.946700][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.990215][  T974] usb 5-1: config 0 descriptor??
[  987.141573][T15934] lua 0003:1E7D:2C2E.0016: item fetching failed at offset 1/5
[  987.162022][T15934] lua 0003:1E7D:2C2E.0016: parse failed
[  987.171648][T15934] lua 0003:1E7D:2C2E.0016: probe with driver lua failed with error -22
[  987.725273][T15934] usb 1-1: USB disconnect, device number 36
[  987.912842][  T974] usbhid 5-1:0.0: can't add hid device: -71
[  987.923658][  T974] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  987.935298][  T974] usb 5-1: USB disconnect, device number 57
[  988.494519][T16559] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input75
[  989.272492][T16575] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2861'.
[  989.661905][T16580] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input76
[  990.412862][ T5956] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  990.575569][ T5956] usb 6-1: config 0 has an invalid interface number: 69 but max is 0
[  990.586192][ T5956] usb 6-1: config 0 has no interface number 0
[  990.599502][ T5956] usb 6-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  990.621645][ T5956] usb 6-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  990.646112][ T5956] usb 6-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  990.658239][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.692900][ T5956] usb 6-1: Product: syz
[  990.699892][ T5956] usb 6-1: Manufacturer: syz
[  990.724082][ T5956] usb 6-1: SerialNumber: syz
[  990.736340][ T5956] usb 6-1: config 0 descriptor??
[  990.742001][T16574] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  990.771277][ T5956] cyberjack 6-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  990.787601][ T5956] usb 6-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  991.384137][T16607] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input77
[  993.272192][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  993.278605][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  994.319176][T16617] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  994.520013][T16617] FAULT_INJECTION: forcing a failure.
[  994.520013][T16617] name failslab, interval 1, probability 0, space 0, times 0
[  995.275535][T16617] CPU: 0 UID: 0 PID: 16617 Comm: syz.2.2871 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[  995.275561][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  995.275571][T16617] Call Trace:
[  995.275577][T16617]  <TASK>
[  995.275584][T16617]  dump_stack_lvl+0x241/0x360
[  995.275617][T16617]  ? __pfx_dump_stack_lvl+0x10/0x10
[  995.275640][T16617]  ? __pfx__printk+0x10/0x10
[  995.275671][T16617]  should_fail_ex+0x40a/0x550
[  995.275692][T16617]  should_failslab+0xac/0x100
[  995.275711][T16617]  ? dst_alloc+0x12b/0x190
[  995.275730][T16617]  kmem_cache_alloc_noprof+0x70/0x380
[  995.275756][T16617]  dst_alloc+0x12b/0x190
[  995.275782][T16617]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[  995.275815][T16617]  ip_route_output_key_hash+0x193/0x2b0
[  995.275832][T16617]  ? ip_route_output_key_hash+0xdf/0x2b0
[  995.275849][T16617]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  995.275882][T16617]  ip_route_output_flow+0x29/0x140
[  995.275909][T16617]  udp_sendmsg+0x1759/0x2a90
[  995.275946][T16617]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  995.275965][T16617]  ? __pfx_udp_sendmsg+0x10/0x10
[  995.275989][T16617]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  995.276016][T16617]  ? finish_task_switch+0x1e5/0x870
[  995.276036][T16617]  ? lockdep_hardirqs_on+0x99/0x150
[  995.276065][T16617]  ? __schedule+0x18c4/0x4c40
[  995.276098][T16617]  udpv6_sendmsg+0xcf8/0x3310
[  995.276137][T16617]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  995.276163][T16617]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  995.276201][T16617]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  995.276230][T16617]  ? sock_rps_record_flow+0x1a/0x400
[  995.276244][T16617]  ? inet_send_prepare+0x21/0x260
[  995.276273][T16617]  __sock_sendmsg+0xef/0x270
[  995.276297][T16617]  ____sys_sendmsg+0x52a/0x7e0
[  995.276319][T16617]  ? __pfx_____sys_sendmsg+0x10/0x10
[  995.276332][T16617]  ? __fget_files+0x2a/0x410
[  995.276354][T16617]  ? __fget_files+0x2a/0x410
[  995.276394][T16617]  __sys_sendmmsg+0x36a/0x720
[  995.276423][T16617]  ? __pfx___sys_sendmmsg+0x10/0x10
[  995.276451][T16617]  ? __pfx_lock_release+0x10/0x10
[  995.276468][T16617]  ? kstrtouint_from_user+0x128/0x190
[  995.276511][T16617]  ? ksys_write+0x22a/0x2b0
[  995.276527][T16617]  ? __pfx_lock_release+0x10/0x10
[  995.276552][T16617]  ? sb_end_write+0xe9/0x1c0
[  995.276573][T16617]  ? vfs_write+0x7fa/0xd10
[  995.276592][T16617]  ? __mutex_unlock_slowpath+0x227/0x800
[  995.276638][T16617]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  995.276660][T16617]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  995.276681][T16617]  ? do_syscall_64+0x100/0x230
[  995.276706][T16617]  __x64_sys_sendmmsg+0xa0/0xb0
[  995.276723][T16617]  do_syscall_64+0xf3/0x230
[  995.276744][T16617]  ? clear_bhb_loop+0x35/0x90
[  995.276767][T16617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  995.276787][T16617] RIP: 0033:0x7fbbe5b8cde9
[  995.276802][T16617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  995.276815][T16617] RSP: 002b:00007fbbe39f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  995.276833][T16617] RAX: ffffffffffffffda RBX: 00007fbbe5da5fa0 RCX: 00007fbbe5b8cde9
[  995.276846][T16617] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003
[  995.276856][T16617] RBP: 00007fbbe39f6090 R08: 0000000000000000 R09: 0000000000000000
[  995.276867][T16617] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001
[  995.276876][T16617] R13: 0000000000000000 R14: 00007fbbe5da5fa0 R15: 00007ffde5340dd8
[  995.276902][T16617]  </TASK>
[  996.281728][T16630] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2876'.
[  996.334208][T16630] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2876'.
[  996.553460][T16630] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2876'.
[  997.283205][   T25] usb 6-1: USB disconnect, device number 33
[  997.332065][   T25] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  997.424603][   T25] cyberjack 6-1:0.69: device disconnected
[  997.546310][T16647] lo speed is unknown, defaulting to 1000
[  998.904000][T16666] ip6t_srh: unknown srh invflags 7863
[  999.232192][T16651] Invalid ELF header magic: != ELF
[  999.361813][T16678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2890'.
[  999.464999][T16684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2891'.
[  999.534624][T16678] lo: entered promiscuous mode
[  999.545892][T16678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2890'.
[  999.756315][T16688] ipip0: entered promiscuous mode
[  999.761441][T16688] ipip0: entered allmulticast mode
[  999.827448][T16678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2890'.
[  999.987868][T16678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2890'.
[ 1000.475794][  T974] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[ 1001.625643][  T974] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1001.634929][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1002.127365][  T974] usb 5-1: config 0 descriptor??
[ 1002.264376][T14261] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[ 1002.494151][T14261] usb 3-1: device descriptor read/64, error -71
[ 1002.704242][  T974] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[ 1002.712810][  T974] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[ 1002.769579][  T974] [drm:udl_init] *ERROR* Selecting channel failed
[ 1002.773964][T14261] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[ 1003.017405][  T974] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[ 1003.043957][T14261] usb 3-1: device descriptor read/64, error -71
[ 1003.467894][T14261] usb usb3-port1: attempt power cycle
[ 1003.783890][  T974] [drm] Initialized udl on minor 2
[ 1003.804166][  T974] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1003.868129][  T974] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1003.911839][T15934] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1003.930834][  T974] usb 5-1: USB disconnect, device number 58
[ 1003.947209][T15934] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1004.124384][ T6153] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1004.378354][ T6153] usb 1-1: Using ep0 maxpacket: 32
[ 1004.424200][T14261] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 1004.424354][  T974] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1004.437853][ T6153] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1004.606441][T14261] usb 3-1: Using ep0 maxpacket: 32
[ 1004.624018][ T6153] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1004.633529][T14261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1004.648486][ T6153] usb 1-1: config 0 descriptor??
[ 1004.656007][T14261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1004.666277][T14261] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1004.676712][ T6153] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1004.683346][T14261] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1004.706043][T14261] usb 3-1: config 0 descriptor??
[ 1004.795566][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1004.817136][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1004.827495][  T974] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1004.840927][  T974] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1004.850141][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1004.865204][  T974] usb 5-1: config 0 descriptor??
[ 1005.184933][ T6153] gspca_sunplus: reg_w_riv err -110
[ 1005.275168][ T6153] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[ 1005.507823][ T6153] usb 1-1: USB disconnect, device number 37
[ 1005.950472][T14261] savu 0003:1E7D:2D5A.0017: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 1007.164372][  T974] usbhid 5-1:0.0: can't add hid device: -71
[ 1007.175658][  T974] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1007.187591][  T974] usb 5-1: USB disconnect, device number 59
[ 1007.724272][T11366] usb 3-1: USB disconnect, device number 17
[ 1007.791550][T16745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2909'.
[ 1114.183841][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1114.190839][    C0] rcu: 	1-...!: (1 GPs behind) idle=d734/1/0x4000000000000000 softirq=66210/66211 fqs=0
[ 1114.202309][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P14216/1:b..l
[ 1114.210349][    C0] rcu: 	(detected by 0, t=10506 jiffies, g=65145, q=285 ncpus=2)
[ 1114.218106][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1114.218146][    C1] NMI backtrace for cpu 1
[ 1114.218160][    C1] CPU: 1 UID: 0 PID: 16721 Comm: syz.2.2903 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[ 1114.218177][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1114.218188][    C1] RIP: 0010:kasan_check_range+0x1b8/0x290
[ 1114.218215][    C1] Code: 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee 5b <41> 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff 00
[ 1114.218228][    C1] RSP: 0018:ffffc90000a189e8 EFLAGS: 00000056
[ 1114.218243][    C1] RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff819acb34
[ 1114.218253][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff942c3840
[ 1114.218263][    C1] RBP: 0000000000000000 R08: ffffffff942c3847 R09: 1ffffffff2858708
[ 1114.218274][    C1] R10: dffffc0000000000 R11: fffffbfff2858709 R12: ffff88807abb64d4
[ 1114.218286][    C1] R13: ffff88807abb5a00 R14: dffffc0000000001 R15: fffffbfff2858709
[ 1114.218298][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1114.218310][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1114.218320][    C1] CR2: 00007f41260aad58 CR3: 000000003409a000 CR4: 00000000003526f0
[ 1114.218335][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1114.218344][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1114.218353][    C1] Call Trace:
[ 1114.218362][    C1]  <NMI>
[ 1114.218369][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1114.218388][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1114.218409][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1114.218431][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1114.218448][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1114.218468][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1114.218489][    C1]  ? kasan_check_range+0x1b8/0x290
[ 1114.218505][    C1]  ? default_do_nmi+0x63/0x160
[ 1114.218520][    C1]  ? exc_nmi+0x123/0x1f0
[ 1114.218534][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1114.218556][    C1]  ? __lock_acquire+0xc94/0x2100
[ 1114.218575][    C1]  ? kasan_check_range+0x1b8/0x290
[ 1114.218592][    C1]  ? kasan_check_range+0x1b8/0x290
[ 1114.218610][    C1]  ? kasan_check_range+0x1b8/0x290
[ 1114.218627][    C1]  </NMI>
[ 1114.218632][    C1]  <IRQ>
[ 1114.218638][    C1]  __lock_acquire+0xc94/0x2100
[ 1114.218679][    C1]  lock_acquire+0x1ed/0x550
[ 1114.218696][    C1]  ? advance_sched+0xa02/0xca0
[ 1114.218715][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1114.218733][    C1]  ? advance_sched+0x9b4/0xca0
[ 1114.218747][    C1]  ? do_raw_spin_lock+0x14f/0x370
[ 1114.218762][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1114.218783][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1114.218797][    C1]  ? taprio_set_budgets+0x32c/0x370
[ 1114.218814][    C1]  ? advance_sched+0xa02/0xca0
[ 1114.218830][    C1]  advance_sched+0xa1e/0xca0
[ 1114.218849][    C1]  ? advance_sched+0xa02/0xca0
[ 1114.218869][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1114.218885][    C1]  __hrtimer_run_queues+0x59b/0xd30
[ 1114.218913][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1114.218934][    C1]  ? sched_clock+0x4a/0x70
[ 1114.218950][    C1]  ? read_tsc+0x9/0x20
[ 1114.218964][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1114.218985][    C1]  hrtimer_interrupt+0x403/0xa40
[ 1114.219016][    C1]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1114.219039][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1114.219058][    C1]  </IRQ>
[ 1114.219062][    C1]  <TASK>
[ 1114.219068][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1114.219089][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x35/0x90
[ 1114.219109][    C1] Code: 0c 25 00 d5 03 00 65 8b 05 50 72 44 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 57 83 b9 2c 16 00 00 00 74 4e 8b 81 08 16 00 00 <83> f8 03 75 43 48 8b 91 10 16 00 00 44 8b 89 0c 16 00 00 49 c1 e1
[ 1114.219122][    C1] RSP: 0018:ffffc90005a87258 EFLAGS: 00000246
[ 1114.219135][    C1] RAX: 0000000000000000 RBX: ffff88806d638d10 RCX: ffff88807abb5a00
[ 1114.219146][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1114.219155][    C1] RBP: ffffc90005a87610 R08: ffffffff82093ad4 R09: 1ffffd40001b792e
[ 1114.219166][    C1] R10: dffffc0000000000 R11: fffff940001b792f R12: ffffc90005a87840
[ 1114.219178][    C1] R13: ffffc90005a87840 R14: 8000000036f26007 R15: 00007fbbe4ba2000
[ 1114.219191][    C1]  ? unmap_page_range+0xd34/0x48d0
[ 1114.219213][    C1]  unmap_page_range+0xd34/0x48d0
[ 1114.219237][    C1]  ? validate_chain+0x11e/0x5920
[ 1114.219265][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[ 1114.219283][    C1]  ? mas_next_node+0xb99/0xe00
[ 1114.219302][    C1]  ? mas_next_slot+0xdc6/0xea0
[ 1114.219322][    C1]  ? uprobe_munmap+0x183/0x460
[ 1114.219343][    C1]  ? unmap_single_vma+0x1bd/0x2b0
[ 1114.219364][    C1]  unmap_vmas+0x3cc/0x5f0
[ 1114.219384][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[ 1114.219408][    C1]  ? tlb_gather_mmu_fullmm+0x160/0x210
[ 1114.219426][    C1]  exit_mmap+0x283/0xd40
[ 1114.219451][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1114.219478][    C1]  ? __pfx_exit_aio+0x10/0x10
[ 1114.219496][    C1]  ? uprobe_clear_state+0x271/0x290
[ 1114.219513][    C1]  ? mm_update_next_owner+0xa2/0x8a0
[ 1114.219531][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1114.219547][    C1]  __mmput+0x115/0x410
[ 1114.219570][    C1]  exit_mm+0x220/0x310
[ 1114.219589][    C1]  ? __pfx_exit_mm+0x10/0x10
[ 1114.219606][    C1]  ? taskstats_exit+0x326/0xa60
[ 1114.219625][    C1]  do_exit+0x9ad/0x28e0
[ 1114.219646][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1114.219663][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1114.219679][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1114.219699][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1114.219717][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1114.219735][    C1]  do_group_exit+0x207/0x2c0
[ 1114.219753][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1114.219769][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1114.219789][    C1]  get_signal+0x16b2/0x1750
[ 1114.219816][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1114.219847][    C1]  arch_do_signal_or_restart+0x96/0x860
[ 1114.219865][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1114.219881][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1114.219904][    C1]  ? syscall_exit_to_user_mode+0xa3/0x340
[ 1114.219925][    C1]  syscall_exit_to_user_mode+0xce/0x340
[ 1114.219946][    C1]  do_syscall_64+0x100/0x230
[ 1114.219965][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1114.219986][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1114.220006][    C1] RIP: 0033:0x7fbbe5b8cde9
[ 1114.220019][    C1] Code: Unable to access opcode bytes at 0x7fbbe5b8cdbf.
[ 1114.220027][    C1] RSP: 002b:00007fbbe39f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1114.220041][    C1] RAX: fffffffffffffe00 RBX: 00007fbbe5da5fa8 RCX: 00007fbbe5b8cde9
[ 1114.220052][    C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbbe5da5fa8
[ 1114.220062][    C1] RBP: 00007fbbe5da5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1114.220071][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbe5da5fac
[ 1114.220086][    C1] R13: 0000000000000000 R14: 00007ffde5340cf0 R15: 00007ffde5340dd8
[ 1114.220103][    C1]  </TASK>
[ 1114.220142][    C0] task:syz-executor    state:R  running task     stack:20544 pid:14216 tgid:14216 ppid:14207  task_flags:0x400140 flags:0x00004002
[ 1114.907876][    C0] Call Trace:
[ 1114.911162][    C0]  <TASK>
[ 1114.914105][    C0]  __schedule+0x18bc/0x4c40
[ 1114.918629][    C0]  ? is_bpf_text_address+0x285/0x2a0
[ 1114.923937][    C0]  ? arch_stack_walk+0xfd/0x150
[ 1114.928807][    C0]  ? __pfx___schedule+0x10/0x10
[ 1114.933669][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1114.939668][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[ 1114.944967][    C0]  preempt_schedule_irq+0xfb/0x1c0
[ 1114.950105][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1114.955848][    C0]  ? save_stack+0x11f/0x1f0
[ 1114.960380][    C0]  irqentry_exit+0x5e/0x90
[ 1114.964817][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1114.970824][    C0] RIP: 0010:__kasan_check_write+0x0/0x20
[ 1114.976477][    C0] Code: 48 8b 0c 24 31 d2 e9 af e6 ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 89 f6 48 8b 0c 24 ba 01 00 00 00 e9 7c e6 ff ff 66 2e
[ 1114.996089][    C0] RSP: 0018:ffffc900036e74c8 EFLAGS: 00000293
[ 1115.002170][    C0] RAX: ffffffff822cdb05 RBX: 0000000000000001 RCX: ffff88802beb5a00
[ 1115.010145][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88801e614490
[ 1115.018121][    C0] RBP: 0000000000000000 R08: ffffffff822cdae6 R09: 0000000000000009
[ 1115.026095][    C0] R10: dffffc0000000000 R11: fffffbfff20344ef R12: 0000000000000000
[ 1115.034155][    C0] R13: dffffc0000000000 R14: ffff88801e614498 R15: ffff88801e614490
[ 1115.042141][    C0]  ? __reset_page_owner+0x126/0x430
[ 1115.047439][    C0]  ? __reset_page_owner+0x145/0x430
[ 1115.052650][    C0]  __reset_page_owner+0x152/0x430
[ 1115.057777][    C0]  free_unref_folios+0xe2f/0x18a0
[ 1115.062824][    C0]  ? __page_cache_release+0x95f/0xb90
[ 1115.068214][    C0]  folios_put_refs+0x76c/0x860
[ 1115.072998][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[ 1115.078294][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1115.083510][    C0]  ? folio_batch_remove_exceptionals+0x18a/0x1f0
[ 1115.089851][    C0]  shmem_undo_range+0x593/0x1820
[ 1115.094820][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1115.101022][    C0]  ? __pfx_shmem_undo_range+0x10/0x10
[ 1115.106616][    C0]  ? unwind_get_return_address+0x4d/0x90
[ 1115.112303][    C0]  ? stack_depot_save_flags+0x37/0x940
[ 1115.117823][    C0]  shmem_evict_inode+0x29b/0xa80
[ 1115.122791][    C0]  ? inode_wait_for_writeback+0x111/0x2a0
[ 1115.128531][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1115.134016][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1115.139662][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1115.145220][    C0]  evict+0x4e8/0x9a0
[ 1115.149133][    C0]  ? __pfx_evict+0x10/0x10
[ 1115.153563][    C0]  ? iput+0x713/0xa50
[ 1115.157565][    C0]  do_unlinkat+0x512/0x830
[ 1115.162005][    C0]  ? __pfx_do_unlinkat+0x10/0x10
[ 1115.166948][    C0]  ? __check_object_size+0x47a/0x730
[ 1115.172249][    C0]  ? __might_fault+0xc6/0x120
[ 1115.176942][    C0]  ? strncpy_from_user+0x146/0x270
[ 1115.182155][    C0]  ? getname_flags+0x1e3/0x540
[ 1115.186932][    C0]  __x64_sys_unlink+0x47/0x50
[ 1115.191645][    C0]  do_syscall_64+0xf3/0x230
[ 1115.196166][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1115.200861][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1115.206862][    C0] RIP: 0033:0x7f1ead18c397
[ 1115.211289][    C0] RSP: 002b:00007ffed9e83208 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 1115.219713][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ead18c397
[ 1115.227693][    C0] RDX: 00007ffed9e83230 RSI: 00007ffed9e832c0 RDI: 00007ffed9e832c0
[ 1115.235688][    C0] RBP: 00007ffed9e832c0 R08: 0000000000000000 R09: 0000000000000000
[ 1115.243675][    C0] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffed9e84350
[ 1115.251659][    C0] R13: 00007f1ead20e08c R14: 00000000000f60ab R15: 00007ffed9e84390
[ 1115.259664][    C0]  </TASK>
[ 1115.262691][    C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g65145 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1115.273892][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1115.283869][    C0] rcu: RCU grace-period kthread stack dump:
[ 1115.289778][    C0] task:rcu_preempt     state:R  running task     stack:25752 pid:17    tgid:17    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1115.303395][    C0] Call Trace:
[ 1115.306773][    C0]  <TASK>
[ 1115.309724][    C0]  __schedule+0x18bc/0x4c40
[ 1115.314246][    C0]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1115.320167][    C0]  ? __pfx___schedule+0x10/0x10
[ 1115.325042][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1115.330088][    C0]  ? __pfx___mod_timer+0x10/0x10
[ 1115.335032][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1115.341370][    C0]  ? schedule+0x90/0x320
[ 1115.345622][    C0]  schedule+0x14b/0x320
[ 1115.349788][    C0]  schedule_timeout+0x15a/0x290
[ 1115.354644][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1115.360043][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1115.365364][    C0]  ? prepare_to_swait_event+0x330/0x350
[ 1115.370932][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1115.376161][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[ 1115.381035][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1115.386258][    C0]  ? rcu_gp_init+0x1256/0x1630
[ 1115.391040][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1115.396004][    C0]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[ 1115.401913][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1115.407212][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1115.413124][    C0]  ? finish_swait+0xd4/0x1e0
[ 1115.417727][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1115.422945][    C0]  rcu_gp_kthread+0xa7/0x3b0
[ 1115.427557][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1115.432770][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1115.438678][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1115.443717][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1115.448930][    C0]  kthread+0x7a9/0x920
[ 1115.453025][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.457633][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1115.462880][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.467483][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.472107][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.476707][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1115.482105][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1115.487317][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.491923][    C0]  ret_from_fork+0x4b/0x80
[ 1115.496351][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.501134][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1115.506025][    C0]  </TASK>
[ 1115.509052][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1115.515377][    C0] CPU: 0 UID: 0 PID: 16729 Comm: syz.0.2902 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
[ 1115.526151][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 1115.536211][    C0] RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30
[ 1115.543003][    C0] Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 b0 e8 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 60 e4 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00
[ 1115.562625][    C0] RSP: 0018:ffffc90005aaf400 EFLAGS: 00000293
[ 1115.568706][    C0] RAX: ffffffff81b37985 RBX: 1ffff110170e88c9 RCX: ffff88802ea7da00
[ 1115.576691][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1115.584666][    C0] RBP: ffffc90005aaf600 R08: ffffffff81b37950 R09: 1ffffffff285870e
[ 1115.592643][    C0] R10: dffffc0000000000 R11: fffffbfff285870f R12: ffff8880b863f9c8
[ 1115.600623][    C0] R13: ffff8880b8744648 R14: ffff8880b863f9c0 R15: 0000000000000001
[ 1115.608602][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1115.617539][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1115.624127][    C0] CR2: 00007f3423ad56c0 CR3: 0000000064772000 CR4: 00000000003526f0
[ 1115.632109][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1115.640085][    C0] DR3: 00000000c98e000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1115.648064][    C0] Call Trace:
[ 1115.651352][    C0]  <IRQ>
[ 1115.654203][    C0]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[ 1115.660556][    C0]  ? print_other_cpu_stall+0x1481/0x15c0
[ 1115.666226][    C0]  ? __pfx_print_other_cpu_stall+0x10/0x10
[ 1115.672058][    C0]  ? cgroup_rstat_updated+0x13b/0xc30
[ 1115.677543][    C0]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[ 1115.683802][    C0]  ? rcu_sched_clock_irq+0xa26/0x10e0
[ 1115.689194][    C0]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 1115.694850][    C0]  ? update_process_times+0x242/0x2f0
[ 1115.700235][    C0]  ? tick_nohz_handler+0x37c/0x500
[ 1115.705358][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 1115.710826][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[ 1115.716233][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1115.721982][    C0]  ? sched_clock+0x4a/0x70
[ 1115.726406][    C0]  ? read_tsc+0x9/0x20
[ 1115.730488][    C0]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1115.736582][    C0]  ? hrtimer_interrupt+0x403/0xa40
[ 1115.741731][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 1115.747899][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1115.753718][    C0]  </IRQ>
[ 1115.756653][    C0]  <TASK>
[ 1115.759590][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1115.765763][    C0]  ? smp_call_function_many_cond+0x1b90/0x2d30
[ 1115.771950][    C0]  ? smp_call_function_many_cond+0x1bc5/0x2d30
[ 1115.778118][    C0]  ? smp_call_function_many_cond+0x1ba4/0x2d30
[ 1115.784301][    C0]  ? tlb_remove_table+0xf4/0x550
[ 1115.789252][    C0]  ? free_pgd_range+0xd57/0xdd0
[ 1115.794136][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1115.800488][    C0]  ? __pfx_free_pgd_range+0x10/0x10
[ 1115.805696][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1115.810493][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1115.815704][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 1115.820834][    C0]  flush_tlb_mm_range+0x42d/0x710
[ 1115.825883][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1115.831447][    C0]  ? __pfx_free_pgtables+0x10/0x10
[ 1115.836574][    C0]  tlb_flush_mmu+0x1aa/0x680
[ 1115.841173][    C0]  ? __pfx_down_write+0x10/0x10
[ 1115.846040][    C0]  tlb_finish_mmu+0xd4/0x200
[ 1115.850643][    C0]  exit_mmap+0x52a/0xd40
[ 1115.854908][    C0]  ? __pfx_exit_mmap+0x10/0x10
[ 1115.859705][    C0]  ? __pfx_exit_aio+0x10/0x10
[ 1115.864397][    C0]  ? uprobe_clear_state+0x271/0x290
[ 1115.869601][    C0]  ? mm_update_next_owner+0xa2/0x8a0
[ 1115.874893][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1115.880104][    C0]  __mmput+0x115/0x410
[ 1115.884187][    C0]  exit_mm+0x220/0x310
[ 1115.888284][    C0]  ? __pfx_exit_mm+0x10/0x10
[ 1115.892892][    C0]  ? taskstats_exit+0x326/0xa60
[ 1115.897763][    C0]  do_exit+0x9ad/0x28e0
[ 1115.901946][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1115.906564][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1115.911968][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1115.917978][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1115.924319][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1115.929444][    C0]  do_group_exit+0x207/0x2c0
[ 1115.934046][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1115.939252][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1115.944469][    C0]  get_signal+0x16b2/0x1750
[ 1115.949001][    C0]  ? __pfx_get_signal+0x10/0x10
[ 1115.953964][    C0]  arch_do_signal_or_restart+0x96/0x860
[ 1115.959608][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1115.965770][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1115.971771][    C0]  ? syscall_exit_to_user_mode+0xa3/0x340
[ 1115.977508][    C0]  syscall_exit_to_user_mode+0xce/0x340
[ 1115.983066][    C0]  do_syscall_64+0x100/0x230
[ 1115.987676][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1115.992369][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1115.998368][    C0] RIP: 0033:0x7fbf57f8cde9
[ 1116.002791][    C0] Code: Unable to access opcode bytes at 0x7fbf57f8cdbf.
[ 1116.009808][    C0] RSP: 002b:00007fbf55dd50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1116.018229][    C0] RAX: fffffffffffffe00 RBX: 00007fbf581a6168 RCX: 00007fbf57f8cde9
[ 1116.026206][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbf581a6168
[ 1116.034266][    C0] RBP: 00007fbf581a6160 R08: 0000000000000000 R09: 0000000000000000
[ 1116.042239][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbf581a616c
[ 1116.050211][    C0] R13: 0000000000000000 R14: 00007ffc3dec36f0 R15: 00007ffc3dec37d8
[ 1116.058227][    C0]  </TASK>