last executing test programs:

9.578068065s ago: executing program 2 (id=754):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="180300000000000000000000000000008510000006", @ANYRES32, @ANYBLOB="000000000000000066000000000000001800000000000000000000163f981a279af0507a00000000009500000000000000570300"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000940)=[{0x5, 0x2, 0xe, 0x3}, {0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

7.891668504s ago: executing program 2 (id=758):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
fsopen(0x0, 0x1)

7.217177131s ago: executing program 2 (id=760):
io_setup(0x9, &(0x7f00000000c0)=<r0=>0x0)
io_setup(0x47, &(0x7f0000000280)=<r1=>0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000380)=0x7ffd)
ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000180)={0x20, 0x0})
write$UHID_CREATE2(r2, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
io_submit(r0, 0x1, &(0x7f0000000100)=[0x0])
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYBLOB="a7c8a8611d54dd872ea26bd5a7e548f5fb84e18db4e4060cd5fa91212796da46716b180def228d5f0b9b90f54d3f663148fe20dd2f79c284513713f994e81019886de384ca102a97e625742096a200edb0e244480aef841ebd3605d3db16b6dee628290ccf0855a59093a1a8e769759597c8947e1cde57ecd94327305e172d6327dd367463b39bdf0b78", @ANYRES16=r2, @ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYBLOB="050006"], 0x6c}, 0x1, 0xba01}, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000000009040000024f6996000905c6d60000000000090502"], 0x0)

6.787759667s ago: executing program 3 (id=764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = socket$alg(0x26, 0x5, 0x0)
fsetxattr$smack_xattr_label(r1, &(0x7f0000000080)='security.SMACK64IPIN\x00', &(0x7f00000000c0)={'GPL\x00'}, 0x5, 0x2)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp384\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000004180), 0xff77)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r3, 0x0, 0x0}, 0x10)

6.471643462s ago: executing program 3 (id=767):
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', 0x0, &(0x7f0000000100), 0x24, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x2000000f2, 0x2)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0xc, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0xffb)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000001340)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000003740)={0xb8, 0x0, r5, [{{0x7, 0x2, 0x2, 0x7, 0x3, 0x9, {0x2, 0xfffffffffffff430, 0x5, 0x7, 0x1, 0x66c, 0x4, 0x10000, 0x5, 0x4000, 0x8, 0x0, r6, 0xfffffffb, 0x4}}, {0x6, 0x1, 0xc, 0x9, '/dev/video#\x00'}}]}, 0xb8)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r7, 0x0)

6.270401112s ago: executing program 1 (id=768):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="180300000000000000000000000000008510000006", @ANYRES32, @ANYBLOB="000000000000000066000000000000001800000000000000000000163f981a279af0507a00000000009500000000000000570300"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000940)=[{0x5, 0x2, 0xe, 0x3}, {0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.730339444s ago: executing program 4 (id=770):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000002c0)={0x47f, 0x0, 0x0, 0xb9ff, 0x5, "000000008200"})
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0))
r1 = syz_open_pts(r0, 0x101000)
r2 = dup3(r1, r0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

5.527747625s ago: executing program 1 (id=771):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
socket(0x2a, 0xa, 0x7f)
syz_usb_connect$uac1(0x0, 0xa4, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=@newtfilter={0x64, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x10ca4}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xe, 0xffe0}}, @TCA_FLOW_MASK={0x8, 0x6, 0x1ff}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xe, 0xd}}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

5.50874178s ago: executing program 3 (id=772):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
fsopen(0x0, 0x1)

5.44748305s ago: executing program 4 (id=773):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab82)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, 0x0)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000180)=0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x20000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$isdn(0x22, 0x2, 0x25)
dup3(r1, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000040), 0x0)
pipe2$watch_queue(&(0x7f0000001180), 0x80)
socket$inet6(0xa, 0x3, 0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)

5.34405112s ago: executing program 3 (id=775):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a44000000060a090400000000000000000200000318000480140001800d00010073796e70726f7879000000000900010073797a30000000000900020073797a32000000001400ffea1100010000000000000000000000000a"], 0x6c}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070400000900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xe0}}, 0x0)
close(r4)
unshare(0x64000600)
socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x20)

5.295107522s ago: executing program 0 (id=776):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x4, 0x4)
r1 = epoll_create1(0x0)
r2 = gettid()
kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r1, &(0x7f0000000280)={r1, 0xffffffffffffffff, 0xfffe})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000000001000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x4, r2, 0x0, &(0x7f0000000040))
syz_open_dev$vim2m(&(0x7f00000000c0), 0x8, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x1, 0x6, 0xfffa}, 0x1d, [0x5, 0xc95a, 0xfffffff3, 0x80000006, 0x9, 0x2, 0x1, 0x7f, 0x6, 0xf, 0xfffffff6, 0x5f, 0xa, 0x7, 0xffff2d33, 0x8, 0x6, 0xa, 0x0, 0x80000001, 0xca, 0x7, 0x5, 0x3c5b, 0x6, 0x22, 0x2, 0xfffffffe, 0x1f461e2c, 0x2, 0x727, 0x4, 0x3, 0x0, 0x107fff, 0x4e74, 0x9, 0x0, 0xd, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x2, 0x3, 0x39, 0x2, 0x6, 0x81, 0x3, 0x8, 0x0, 0x43, 0xe1, 0x7f, 0x9, 0x5, 0x5, 0xa, 0x4, 0x5, 0x40], [0x10000007, 0xffff, 0x12f, 0x9, 0x10, 0x10, 0x129432e6, 0xcb, 0x2, 0xd, 0x22d8, 0x1, 0x9, 0xfffffffc, 0x8, 0xfffffffe, 0x9, 0x5, 0x2f, 0xe, 0x8, 0x78, 0xb840, 0x7ffffffc, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x200753, 0x3, 0xfffffffd, 0xff, 0x1005, 0x801, 0x7, 0x4, 0x2009, 0x106, 0x2, 0x1ff, 0x27, 0x9, 0x8, 0x9, 0x8000, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x74ec1f9b, 0x4, 0x2, 0x7, 0x10, 0x9, 0x48c93690, 0x802, 0xff], [0x7, 0x4, 0x0, 0x101, 0xfffffdfe, 0xd, 0x8ce, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x76, 0x0, 0x1ef, 0x5, 0x7, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x1, 0xb7, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x7, 0x9, 0x3, 0x200, 0xfffffffe, 0x3, 0x4, 0x2, 0x10000, 0xa2, 0x7, 0x53cf6b7b, 0x8001, 0x6, 0x54fe12d5, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x5, 0x10000005, 0x5, 0x6, 0xffbffffb, 0x4, 0x3, 0x8, 0x9, 0x8, 0x3], [0x10009, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0xfffffffc, 0x9, 0xce5, 0x1fd, 0x7669b26e, 0x3, 0x5, 0x40000003, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x40000000, 0x5, 0xffffffff, 0x2, 0x8, 0x60a7, 0x6, 0x6, 0xffffffff, 0x7ffffffb, 0x1, 0x8, 0xc8, 0x3, 0x4, 0x82ffff, 0x200003, 0xfffffff9, 0x7fffffff, 0x9602, 0xa, 0x8, 0x4, 0xfffffffd, 0x1, 0x10002, 0x5, 0x8, 0x2b95, 0x7, 0x7, 0x9, 0x1, 0x6c1b, 0x3, 0x4, 0x5, 0xb1c, 0x1, 0x99f5, 0xffff3441, 0x9]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
close(0x3)

5.294721709s ago: executing program 4 (id=777):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180200000000000000000000000000008500000028000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbfb}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x406}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

5.20223277s ago: executing program 4 (id=778):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r2, 0x852ac000)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x196, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r2, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002000, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000006240), 0x42, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r3)
r4 = open(&(0x7f0000000380)='./bus\x00', 0x240, 0x0)
r5 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000000)=ANY=[], 0x2b)
sendfile(r6, r4, 0x0, 0x4000000053d2)
syz_emit_ethernet(0x76, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "3571a6", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@hopopts={0x6}], "8524c8355d1523d6"}}}}}}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCFLSH(r7, 0x540b, 0x40000000002)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000100)=0xf8, 0x0)
syz_usb_connect$uac1(0x0, 0xa5, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902930003010000000904000000010100000a2401000000020102132406040006000000000000000000000000000924030000260000000924050000f8431cfd0924030002030004fc06240504"], 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

4.308800307s ago: executing program 0 (id=779):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="000000000000000066000000000000001800000000000000000000163f981a279af0507a0000000000950000000000000057030000000000d39916"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000940)=[{0x5, 0x2, 0xe, 0x3}, {0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = syz_genetlink_get_family_id$nl80211(0x0, r2)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000600)={&(0x7f0000000d00)=ANY=[@ANYBLOB="a8020000", @ANYRES16=r4, @ANYBLOB="000025bd7000fbdbdf253b0000006d02330020b80300ffffffffffffffffffffffff5050505050509800bc68c9012846b40008021100000000060101010101010103b68c842d1a000819ff030000000000008b0007000100000000080000000003dddc37862481a65b6ab6fa5c46a600daebb4c6cfaba6844f4942044e411cdab57a5a8ab8da247b363745409478c005ac3b59dd29d62b8a5c23fa1f840add2f414013cf806c76bcc4704b98f564e331bba57e9c8f794dba0d11e08717a291e9cb1bd45995c337991cec01e4774deb40ad4aa9548aeb0ed30a4674630e499c226444b06f1452a2a01604f465142fb98b38b9bfb3430ef42c2f559d71d5d66ea305286451beaac58b0ffa327177db62531db9623fed6f1fa70b1380391bb6ffef755fbdd421a29557cadf716f2e0f504f89e0ba63b3ee8ee4f06086da90c4f0ddba818b751a5c1f6df719706ee31d419eb12dcf5397d3c2370c8f54b842ad7d1f87464524ca8b225fc542d7e692e3cd1098dda9b98c0aba01dbb7faad45e10d96876b0e242689638b2fdfa6e5da4ea2cae2fe0d74fa8fde95b4e246ef56b0a5048a3bd56ecbc615d6be8279c80fc5968fa34c278f6cc5faa335479afe6984093d7939b118f385f462423a005e7a45bfe0fd54aac07241f1c7d12fe57cb11cb1e5d51bb86108a6ae21dbf51559837ab59a501201a2f19334e516566add6261bb930c977224236e0dfb0d380c5f423bc5aeb476cfce36931cffc3edde27d2f20766bc9d01aa0532069c4b54bfd521dacb8a683fcf41d064b4bf909c3eb759c1d38beffb3444c8371973af367fa223ca749cc7cbc0a57661482744b0cb3fa65edfdd1a00e65e19f2f6cad51e82346d23b0a1f4604b42e6137b6f6afb440000001200cd00400029000aaf4bce5509e1000104018005000000000004008e0004008e000800"], 0x2a8}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r5 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
recvmsg$unix(r5, &(0x7f0000000ac0)={&(0x7f0000000780), 0x6e, &(0x7f0000000900)=[{&(0x7f0000000800)=""/15, 0xf}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/91, 0x5b}], 0x3, &(0x7f0000000a80)}, 0x20)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.191565379s ago: executing program 0 (id=780):
r0 = epoll_create1(0x80000)
epoll_wait(r0, &(0x7f0000000000)=[{}, {}, {}, {}, {}], 0x5, 0xb)
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x1400)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
getpid()
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x61, 0x10, 0x79}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, &(0x7f0000000300)={0x2})
setgroups(0x0, 0x0)
ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x8)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="24000000220001060014000000fe80000000aa"], 0x24}], 0x1}, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32, @ANYBLOB="14005a8010000080040001"], 0x30}}, 0x46444)

4.155477703s ago: executing program 1 (id=781):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="180300000000000000000000000000008510000006", @ANYRES32, @ANYBLOB="000000000000000066000000000000001800000000000000000000163f981a279af0507a00000000009500000000000000570300"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000940)=[{0x5, 0x2, 0xe, 0x3}, {0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.976667073s ago: executing program 3 (id=782):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x18)
syz_emit_ethernet(0x46, &(0x7f00000009c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6000000000103afffe800000000000000000000000000000ff0200080000000000000000000000015d7503b85277b302cf86009078ff001f"], 0x0)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000001c0)={0xc})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getpeername(r4, &(0x7f0000000380)=@caif, &(0x7f0000000240)=0x80)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)=ANY=[@ANYBLOB="682400003e000701feffffff00000000037c000008004280040008000c000180060006008848"], 0x2468}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x18, r6, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
splice(r1, 0x0, r4, 0x0, 0x10000000000016, 0x0)
clock_settime(0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$nfc_llcp(r4, 0x118, 0x4, &(0x7f0000000200)=""/3, 0x3)
r8 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)

3.247677518s ago: executing program 4 (id=783):
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', 0x0, &(0x7f0000000100), 0x24, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x2000000f2, 0x2)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0xc, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0xffb)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000001340)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000003740)={0xb8, 0x0, r5, [{{0x7, 0x2, 0x2, 0x7, 0x3, 0x9, {0x2, 0xfffffffffffff430, 0x5, 0x7, 0x1, 0x66c, 0x4, 0x10000, 0x5, 0x4000, 0x8, 0x0, r6, 0xfffffffb, 0x4}}, {0x6, 0x1, 0xc, 0x9, '/dev/video#\x00'}}]}, 0xb8)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r7, 0x0)

3.196613774s ago: executing program 0 (id=784):
socket$nl_netfilter(0x10, 0x3, 0xc)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = syz_io_uring_setup(0x497, &(0x7f0000000340)={0x0, 0x20280f, 0x100, 0x803, 0x1d, 0x0, r1}, &(0x7f00000000c0)=<r8=>0x0, &(0x7f0000000300))
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000040)={&(0x7f0000002000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x7c}}, 0x50)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)

2.477526501s ago: executing program 1 (id=785):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x6, &(0x7f0000006680))
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xe7b, 0x0, 0x41)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000002, 0x10, 0xffffffffffffffff, 0x57c0d000)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000280)={0x7, 0x0, 0x0, 0x0, 0x3270})
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00')
setns(r0, 0x0)
r1 = inotify_init1(0xc1000)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000200000/0x2000)=nil, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0xaf001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x20000000, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
syz_open_dev$vcsa(&(0x7f00000001c0), 0xffffffff, 0x0)
r6 = dup(0xffffffffffffffff)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000300)={[0xea, 0x55e, 0xffffffff, 0x4, 0xfffffffffffffffd, 0x7, 0x9, 0xb, 0x4, 0x80, 0x6, 0x794, 0xa, 0x40, 0xc976, 0x6], 0x2, 0x20200})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x0, 0x20)
r8 = open$dir(&(0x7f0000000140)='./file0\x00', 0x480000, 0x140)
renameat2(r7, &(0x7f0000000100)='./file0\x00', r8, &(0x7f0000000180)='./file1\x00', 0x4)
inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x146)
msgsnd(0x0, &(0x7f0000000340)=ANY=[], 0x8, 0x800)
readv(r1, &(0x7f00000000c0)=[{&(0x7f0000001640)=""/231, 0xe7}], 0x1)
setxattr$incfs_metadata(&(0x7f0000000240)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)

2.440127674s ago: executing program 2 (id=786):
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)

2.392085087s ago: executing program 3 (id=787):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x21, 0xffffffff, 0xfffffffff12bd390, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000100)={@val={0x2000}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x66, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x300, 0x0, 0x28, 0x0, @gue={{0x2, 0x0, 0x0, 0x9}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099b"}}}}}}}, 0x4e)

2.307774734s ago: executing program 2 (id=788):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab82)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, 0x0)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000180)=0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x20000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$isdn(0x22, 0x2, 0x25)
dup3(r1, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000040), 0x0)
pipe2$watch_queue(&(0x7f0000001180), 0x80)
socket$inet6(0xa, 0x3, 0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)

2.301508963s ago: executing program 1 (id=789):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x10e)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
syz_emit_ethernet(0x1037, &(0x7f0000008140)={@remote, @random="491d327d5d79", @void, {@mpls_mc={0x8848, {[{0x6, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x1}, {0x3}], @ipv4=@igmp={{0x5, 0x4, 0x2, 0x15, 0x1015, 0x66, 0x0, 0x2, 0x2, 0x0, @broadcast, @broadcast}, {0x1e, 0x3, 0x0, @remote, "12fdead0b92f04438e3c87f9a8b7195d24c6987ea67e2f3cb8b26874e14814040e6b63b3996fdb926e49f49c61c258164edd5b4a83d4ae3ca139c82d8360b553efd5abec45dc3439fe3fc2d3eb7b436a43d1dc311e8be4e25abd74f9646f8a43cd161f982a97bb0b49d1c2142a6ae96b0b7dde33afceff99dda8ed76a8b54c82c57e31ed0c5198cfe0fba7f09106731fd84c64cb944d2df8fb387548c6da6dae04e556f739ca03c1f6cfb9f173d98842a84904ca7d7905a26cbe528fb1c9e79dda68ce812ae876bf46b703d01fc5e37dc62a8d75470c9ed2a366ecf760ab864496023bad49b036f13ea8f3b347adca4df921d12ff59f72d1b13aa1fa4c3d6fc21c15a9521377f7ae24fda3f32653f392f21f6b988bb79740e4b16031144a9a603eceb4e29cd8fb8db62d1359bed067d561aa8729db51437ba8e6f726c4e8d6fbc21df11fb9b9fbd40e3fd13278f17c4646f5caa82673755952c7968e8f93c8a066ffda95294c3360b33cef7b058aea73cac942e5fe38d4e19a2dd48e713707cd5de620ed39dc151b9361e4165280bdcc7ce7a346a031bf165559b102541530a7d22bb3fa4dd2e5be78548fb98db46283c7f6183b7cdfdec751bb8e33555dc64ead394d6a3c6a7c307c54fcd90d148dd61865a713b9901dd7e44ae187f483df64a5095cec2dc4377af81c2966bc63ab865f7205dc901549dec3a46ce13ef9bc299edab0b323c65eff4c33ef1a9ecb27f1ca5cbea6977b63ec429ded3e6cf59d24d669d11dc1eafeee918962e6667394e3a3c5b12e7bf92c20a3677c010c024185983d6833c4c5582b8c9cab31ac9ce2e639959ada27ac39fd60f3896c98ae778f4330c583d72ab70495dac03e45a9f1ec67ff7d80135989eb121cb1d0c4198ff9de2e7cdb55dacb432a8ec93550c94d56aab831a4c2e818b7555c8f687707d4ada227d3e922d46abe55172d9c7d98807478ae5dd28531b43f7ced4ef42918f82f99e68f43d238ea289814cfb89e3ec9d2cc8b6cfd393b0459d86acaa58e5a9653544953b465525ffdd28c3b738e68a3b8b10ad4f03a5bbd33b36e64ef412912af6cb5693fa793d740ae7d95dfbbc63b6472a3a52e2c2868cabe9ec2a1e48668015a99dee98f0d3aaaa3466d0c045073634e63df192960bda1557d80c291edb82be5de73fadeb1eb6bc9971ac3afd6503aa66a6c5dd236970a662d96f76f1c5ffefce3e7ae511e5a5efa03e6b0bf8b416aaeaec9513b6f6a9bb5f60cd588df0a30ba1ce21a590fe63f1926756fa02beff0a36658572c9855732922b58e1d27c510749bd8eb5dbebd27f7268f0759f44e1aa26cd0fa5d982ebc85eca6bd304539e7735243871eb891687c6b69537e138bc2f8dccc8d7ba61984556da240f0a60c26b8ed79a6d94f5798bbbc811c264c27123af88ff4e62469b557848e8f89bf0f75e4650422c21f1a35884327f1a4a3acd9a685f0e61e855b29fb3cb0ea3d8115e99dc00de298a959e51eba78d0b5715c806702ac9879ace51ff585ce6290e4b4196daa500cdd61dbb5bd7ee43c263d74179debba03102890ae0f357959bc6b00ee15571d8f243036e33d564835c3960e295bbb897f2ab50a9dfbe84152a55caf17d380cc8b3c395efc2417dc72491dc2adf66c4b5d14862f8aa695288272e1b1872e0c991c1d85c4e10fd454622a000efea60f76ff9797bc1d1a809227b6d183914b68efa825149cc497452aeb662232a1e6f1d357e1a7a4a4842d3c2e6c0e0d6af175b7216747ea44131fa3f30a3dfcb6dfea923c8ef107acf54a25f824faf9c93a0ee2b1c950e2bfcd84200c280933882341378953775f9623d637500a9cd346c036c8c31e09aef43dcbf54f290654e2750abe471d9c02314fe960072b4cc4b1c9bbb612ead9aab8ab30f95dca339c6523419b8a689b948e24226e256638ede0cc072b6297e7683e2ca4153420f8d07391ba854ab88dfbf48200f72cbb2b9768c23aa4198c6460aee469f546a319c0fe7ab299f6ecf9dbb379a4da6d5f0149a88b6966290ffff1f821c158d858c31c57f19a6a6c52b48f2a0fa6ccc37e89ff0ae18ebdc81ef2f5b720003052b2f73b314014ba2b1790af52baa31bb3cb7052edbdc90b2c66c7e6bdcbfa9ddc5a5bffb0d149cce4babdba1366c8adc01ad04e7152b7d5effb4b19fed384527eed72149c350b083f4af70d67ab7341505262f0a6db67c95542e5dfdb028c29b664955fcb228cc3446a378e0461e00ce5f5352d0dcfefb097967534beeed0058654525ffeaa59af9d36548f013c3ac0821cdaa981cb27645daa82d11cd14b1413c812129465bded49e8f311647bdc8f52b636e26d339f9c1df312721aaffad1ad9e18acff6a6fd21ec672835634b2cc852a57322da9cabf7757c7af99325de100abd318e693466d77529fad002e9b1b154458b231ae0f2a8e9c8998cd8158dc905a8db25ac56b0de77d2990f19f6153d6af620f0eb10ca0f664758cd46a961564d18e1d485908271fb295528d53f37c10be0be32dbd6a65ea697e9ecae8ba2ad7c128cef480c8b76d87b768337e66ab084f7004600525b32d53e7bba4add65fa8728403d797aebeaafce78a64093eba96c471005140daae2a8b547ba12305d31723f2ec0cf7612c3e899d21290813c92a814e1b9a0d8c0b78ed18135c855c46e98c4f62ccc202b1b7d40919f4f3089b1eaf9c59d2ca2e800c5396e74e2f702cb9590a185877f1e7babaf544c1030f02fcf962c976ba2181bdf7702a2f862d0f97b9c7bd556f44552712ec55d3bba183473998b4e5eebea8045fbaded9a543cf3c0d14cb44ec3459e31b987d1bce788597bbf2f5749569849a4cded8745a94a8f6ef6f6189c04b038cf03f290579440474661a36a9b2c032361ea38e744fabccd5d3db62d5c827d7b89ff9a9ae71b47ea961c033af823d90d55f7d6e8834afb85eff8aa14475c050cbbd033a7547c88a2b18c571c0a1a3db2572e3a5555ea71b15f1c422d19a0dbe68e74667e26ad0c5ede771633ec4cd512789a29bf5ae5a92b69d96ea51a515cc5570fb80bed0c7ad994b7df63d348c57f39db4e51b811cbeffb40f677b5f8d72eb43e19a492e3b5521ef8617e84727897d2fefb432910996564f586173cf69beb7118771666947b02b716248887dd3a2ffa9e309261ed0b44c5a4b2c1aa3db0890f7701e59b635968572ef81ffe488524cf58db22d16a02523b068f160e467884a0ccf340c27271ad24e229c0a5480c25a539fd85c635a45af487f01caf01f3784d6cca4bd0f6bc1102d860c11e4f2b6734238c72a074d44d836131bf91b90250effef6e0dea878668c10e99535115b6b4414ad7a40c5d2d5bba360dcbc9c8c38ebbc471f849dbb7d920d5f2df3c00f827e786114f9d95a88716b566e3067b3ad9def1d51a5b5963e226a2f6f07658431f3d2b9f2d94306f201d4e558eecf33754da2718ef593cb28371b460a8550db8fe3fbf82bd4e02527914db930f497366121b5119bd465b3317a46af26e00dae2acd024e3f7c3b0303c7bd32f0b8b2e8b7709c2d8fc2fbaef64e8b31ef64824e85b27dfbf4ecae2eeef908a47f9f1cb430c42394fb53c189c1e8679deab82652480bb36ffbb3a36bed39a0c770b4fa9a7d547a97394fde6a27e48fd64ef899923973fb5a64901dea7ce24f9caf9463dd5d10bc05395a28ce500cb2c88b0639f2a71ecd763c9a2927e76d822985a9f55a2a7f46a4f51e810d29376f0e0c08bfbffe2324939c0a415b08bb482aaba0713b99721913582041b3e09474a65e921975199564c7a0aca14b8636dc8e66bb0c723012377a1e7f61e5b88e58f0ef631c718a937807d77967451a4479386fbb61476a044a7a2ed8d14f039ea781957dc9b9befb5b746c718d911d1ad8fbc9884cc3052a750e2b4bf71497bba71116397e221282beede5919eebaa3744f2f7d84bb0f2c3cc128ee892004de76a7728f217a4973fbf66ce0bed26eeb77e8edad15411d35072d9d6902ea622f35e295f5def1a951b850d09164b232fdc9751708cb912a1b075e0f5d7e976419bea6f8ae82988acb5fbeed6a35c8b09568bc8c6c17ebea364020e48af0bc65cd98742dedda61b0f547cdc7b3ab2ec01a1278bbd0dfc37fd6aed607482b6525dd12c1948eadbd87fbcfe8bb3cd049f4751d6243807946a55088c55a6492507d7972061c3881677c654bfb1bad44247a15bff35ad7bff556d36ea878c6524e4e71793973c3fbae3c5d2755f63f82359b07ef505b20d3167479e18bd2a2207bbb3873a37f32f0c7ec6d7e477e77e42e9167c90ffffd57cf36fc5044de3795cc712b58d4f8858a3cb94febbf7e77f0dc9919b909b6bc03878d64c414b4b23bf2e912566a56ee88f8eded59eb24601a3327de0364ed20236969b214904cff4c54171ab1e76b602cb3ed51fac6acd9406d87f4a3069fea7ac5a5cd04ae732983d2e7360f47680fd23b6ba66d40db1ec1af8fffda10807c978137f79fba61c59a4eac081777684469025abf8b55200827d3344ad7dcbadacc838f93bb237e5ec8b54abfa1a513a620a3b79227ec8efcf710c6559b0a60bb8d230f70d09b4c04be16b8f1069fb3e6d3bed7881da7691ddb02da03f424f47ad6b5465dee5cd8fb5bc13ee35154397db724afcac65c959cb7d9de28005a0f30fa14c910e4202f75953fb777f6d80531c56f796e7ccebc75ace670b9bfdfd0ae9901ddfef68dad0c8ce1168391d36192579e77431b0bdccc8c4dc397a11202dbbab84b953d3c9fe3d163aee15015c88503459295a1f2ea65ed06f88b6ae065f01b3bdf2a1223b536fa454bfd9b1696c064c338a1c4708f32fcf1bd5e1efdf47e50ef7172d30aa9de0924dfc4e16f055f6e40d3ef476f4bc678cc4c757e2f8033d6941e621d9bb29e9f8becf3f1cf8b3c73574eee51a88eb327794bb37c2e122a910bdaf8b20c777fb85cde5fc9c9f83b1c3d19563e974ff8327f31cb69c17093a95394855f24f0958201e0ecc588b2a1385eb01545aa98a84450375c4694d4b2c35d74389020c127ed3452502f1c9391987679140b00ce74991055766b51b0c4261b43e717f5940ec3fb57eaf232a2cb5dd55e0454eccd2f4227e805d4edf434a8cc1859ceedaefd474785373b2145f3a3a725caddbcb3841263cb78f04f121f543941e3d97f2a7f315f3251606265f02cd58acbe9919ba513935e050752d29a48f227fdb67823cb24e60414c975eb7c763edcca5ef76bc3113002e329cf9028c9d7f3e780936e981b8fe7fd5de98face7c3e51829ca74f30b268090f990ba05021824529dc4d211860eaf5afae43de466fcb147388e2a382e485cb86f4a458fbd5335b910a05de947de874942d206da96041220db7f2d1768b74cb7c980637f24c7f16c39c308615e8e0fd801593af5567bef9c251e1cb838b389ee5b90d721b5a8e74ab058048c8b52015b151f378383fda3608f801270119eff4c0ee6ad7981a3334d602de728f1810b395a0e6bab585897deb5648a65d6257085914a523f076cb70aea0d3148c3c9dac151f681d88ecda8beb196f5d766a218f1303011fff10ad38159979e27862917f0d868e52a39bf3543099244af18e87da626cb50a634c2d41a06fddb3d27c01252f8f155936d5b6c94da6bf95c9e131a52ddc2daabe8c7edf83bde016f3857241ba690511ec83bb9e9c22cf7cf03446dce58ee628ed4d76f8452e26d335d0e0c3e2874a9b4d090437c285c66d5b693540679c205dc6eb46630bb8e1ecca3"}}}}}}, &(0x7f00000000c0)={0x1, 0x1, [0xd94, 0x12c, 0x328, 0x12e]})
sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)

2.085281682s ago: executing program 0 (id=790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="000000000000000066000000000000001800000000000000000000163f981a279af0507a0000000000950000000000000057030000000000d39916"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000940)=[{0x5, 0x2, 0xe, 0x3}, {0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x40000)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
recvmsg$unix(r4, &(0x7f0000000ac0)={&(0x7f0000000780), 0x6e, &(0x7f0000000900)=[{&(0x7f0000000800)=""/15, 0xf}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/91, 0x5b}], 0x3, &(0x7f0000000a80)}, 0x20)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.08467077s ago: executing program 4 (id=791):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000006780)=""/102400, 0x19000)
chown(0x0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmmsg$inet(r3, &(0x7f0000006740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x81)
r4 = socket$tipc(0x1e, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, &(0x7f00000001c0)={0x1, r7})
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, &(0x7f0000000080)={0x3, r7})
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1, 0x2}, 0x10)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r8, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bind$tipc(r4, 0x0, 0x0)
close(r4)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000d83a3710520c722885b5010203010902120001000000000904290000fcbf050084b92330d2641022e3f97f4288c1b92c5249b8097925c611f765578a719952ed763d719b465592e55cd3c32a5ef843c2a1f292aebda1de10e26c9282042b6a9bc39cab"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

1.09592978s ago: executing program 1 (id=792):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5)
r2 = openat$smackfs_ipv6host(0xffffffffffffff9c, 0x0, 0x2, 0x0)
preadv(r2, &(0x7f0000000200)=[{&(0x7f0000000040)=""/210, 0xd2}], 0x1, 0xfffffff8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r3)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r4, 0x1, 0x0, 0x0, {0x3}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}]}, 0x2c}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
sched_setscheduler(0xffffffffffffffff, 0x6, &(0x7f0000000100)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffd)
execve(&(0x7f0000000000)='./file2\x00', 0x0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280))
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'gre0\x00', @link_local})

1.031398064s ago: executing program 2 (id=793):
r0 = socket(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x80880, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005ec0)={0x268, 0x0, 0x5, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [{{0x254, 0x1, {{0x3, 0x3}, 0x6, 0x1, 0x2, 0x5, 0xfe, 'syz0\x00', "48fa4fa631b51ec55eba0db8421273a90cd33eb538595ef1a14dccdc9841ce27", "07a345d63f89ed93f3237de65493734f33bf24bb379372c458ee34be580b7132", [{0x8, 0xfffd, {0x1, 0xad9}}, {0x101, 0x1, {0x0, 0x3}}, {0x3ff, 0x3, {0x3, 0x4}}, {0x64, 0x3685, {0x1, 0x8}}, {0xf926, 0x7, {0x2, 0x3}}, {0x0, 0x80, {0x3, 0x3}}, {0x200, 0xcb, {0x0, 0xb}}, {0x8, 0x9, {0x2, 0x2}}, {0x4, 0x81, {0x3, 0x801}}, {0x8, 0x1, {0x1, 0x6}}, {0x8000, 0x3ff, {0x3, 0x3}}, {0xfdfc, 0x0, {0x0, 0x7fff}}, {0x8001, 0x6d, {0x2, 0x7ff}}, {0x9, 0xa477, {0x2, 0xffffffff}}, {0x7fff, 0xb, {0x1, 0x9}}, {0x7, 0x4, {0x3, 0x5}}, {0x5, 0xffff, {0x2, 0xfffffffa}}, {0x7, 0x5, {0x1, 0x7}}, {0x5, 0x5c, {0x0, 0x8001}}, {0x8000, 0x4, {0x0, 0xffffffff}}, {0xfffa, 0x9, {0x1, 0x6}}, {0x0, 0x93, {0x1, 0xf}}, {0x4, 0x3, {0x0, 0x4}}, {0x6, 0x28c, {0x2, 0xffffffff}}, {0x6, 0x7, {0x1, 0x4}}, {0xffff, 0x4, {0x0, 0x1}}, {0x9, 0x45f, {0x3, 0x9}}, {0x64d, 0x37c4, {0x3, 0x8}}, {0x3, 0x1, {0x2, 0x1}}, {0x6, 0x0, {0x0, 0xffffffff}}, {0xfff9, 0xffff, {0x2, 0x3}}, {0x5, 0x6, {0x2, 0x24}}, {0x3, 0x9, {0x3, 0x1}}, {0x10, 0xfff0, {0x1, 0x2}}, {0x7, 0xd70, {0x3, 0x80000000}}, {0x7, 0x3, {0x0, 0x2da06572}}, {0x0, 0x7f, {0x0, 0x7}}, {0xece4, 0x9, {0x0, 0x1}}, {0x1, 0x8000, {0x0, 0x49}}, {0x1, 0x7, {0x1, 0x31}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x20000080}, 0x40040)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x230, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x198, 0x194, 0x194, 0x198, 0x194, 0x3, 0x0, {[{{@uncond, 0x0, 0xc0, 0xe0, 0x0, {0x0, 0x74020000}, [@common=@inet=@multiport={{0x50}, {0x0, 0x2, [0x4e21, 0x4e20, 0x4e23, 0x4e22, 0x4e20, 0x4e20, 0x4e23, 0x4e23, 0x4e21, 0x4e22, 0x4e24, 0x4e21, 0x4e21, 0x4e22, 0x4e20], [0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1], 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@multicast2, @dev, 0x0, 0xff000000, '\x00', 'tunl0\x00', {}, {}, 0x0, 0x3}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x2, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x290)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0193a2e89a00000000001fffffff04000180080002"], 0x20}}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r8, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r8, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r8, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0)

0s ago: executing program 0 (id=794):
r0 = socket$inet6(0xa, 0x3, 0x5)
unshare(0x2040400) (async)
unshare(0x2040400)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="01000000ff7f00000400000021"], 0x50)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r1, &(0x7f00000000c0), 0x20000000}, 0xc)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000002c0)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x20) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000002c0)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x20)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000001440)={0x9a, 0xfff, 0x1})
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, &(0x7f0000000000)=0x6, 0x4) (async)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, &(0x7f0000000000)=0x6, 0x4)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000001000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x47, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x4cf68d79c8eac253, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r6, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
socket(0x10, 0x803, 0x0) (async)
r7 = socket(0x10, 0x803, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x1)
sendto(r7, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f0000000740)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x173}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4081, 0x564}, {&(0x7f0000000400)=""/106, 0x2f}, {&(0x7f00000006c0)=""/66, 0x12}, {&(0x7f0000000200)=""/77, 0x65f}, {&(0x7f0000000540)=""/166, 0x4a}, {&(0x7f0000000100)=""/10, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}, 0x1}], 0x4000000000003b4, 0x12022, &(0x7f0000000080)={0x77359400}) (async)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f0000000740)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x173}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4081, 0x564}, {&(0x7f0000000400)=""/106, 0x2f}, {&(0x7f00000006c0)=""/66, 0x12}, {&(0x7f0000000200)=""/77, 0x65f}, {&(0x7f0000000540)=""/166, 0x4a}, {&(0x7f0000000100)=""/10, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}, 0x1}], 0x4000000000003b4, 0x12022, &(0x7f0000000080)={0x77359400})

kernel console output (not intermixed with test programs):

[ T5836] bridge_slave_0: entered allmulticast mode
[   86.974312][ T5836] bridge_slave_0: entered promiscuous mode
[   87.035092][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.044090][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.051522][ T5836] bridge_slave_1: entered allmulticast mode
[   87.058739][ T5836] bridge_slave_1: entered promiscuous mode
[   87.066573][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.073710][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.081109][ T5838] bridge_slave_0: entered allmulticast mode
[   87.088924][ T5838] bridge_slave_0: entered promiscuous mode
[   87.134665][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.142037][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.149256][ T5834] bridge_slave_0: entered allmulticast mode
[   87.158196][ T5834] bridge_slave_0: entered promiscuous mode
[   87.166861][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.173966][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.181641][ T5834] bridge_slave_1: entered allmulticast mode
[   87.189385][ T5834] bridge_slave_1: entered promiscuous mode
[   87.209013][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.216392][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.223543][ T5838] bridge_slave_1: entered allmulticast mode
[   87.231323][ T5838] bridge_slave_1: entered promiscuous mode
[   87.250142][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.257417][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.264852][ T5835] bridge_slave_0: entered allmulticast mode
[   87.272793][ T5835] bridge_slave_0: entered promiscuous mode
[   87.281429][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.288763][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.296071][ T5835] bridge_slave_1: entered allmulticast mode
[   87.303284][ T5835] bridge_slave_1: entered promiscuous mode
[   87.359606][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.367036][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.374839][ T5851] bridge_slave_0: entered allmulticast mode
[   87.383173][ T5851] bridge_slave_0: entered promiscuous mode
[   87.417286][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.437663][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.444833][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.452444][ T5851] bridge_slave_1: entered allmulticast mode
[   87.459710][ T5851] bridge_slave_1: entered promiscuous mode
[   87.468669][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.480883][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.492669][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.505040][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.528396][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.563994][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.587252][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.649926][ T5836] team0: Port device team_slave_0 added
[   87.659613][ T5836] team0: Port device team_slave_1 added
[   87.681232][ T5838] team0: Port device team_slave_0 added
[   87.689582][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.702340][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.713712][ T5835] team0: Port device team_slave_0 added
[   87.753307][ T5838] team0: Port device team_slave_1 added
[   87.766130][ T5850] Bluetooth: hci2: command tx timeout
[   87.788698][ T5835] team0: Port device team_slave_1 added
[   87.798086][ T5834] team0: Port device team_slave_0 added
[   87.843845][ T5851] team0: Port device team_slave_0 added
[   87.848318][ T5850] Bluetooth: hci0: command tx timeout
[   87.850049][ T5848] Bluetooth: hci1: command tx timeout
[   87.854902][ T5156] Bluetooth: hci3: command tx timeout
[   87.864175][ T5851] team0: Port device team_slave_1 added
[   87.876269][ T5834] team0: Port device team_slave_1 added
[   87.895123][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.902139][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.928511][ T5850] Bluetooth: hci4: command tx timeout
[   87.928685][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.994899][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.001984][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.028103][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.039659][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.047170][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.073186][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.091225][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.098681][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.124923][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.137733][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.144694][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.170716][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.182363][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.189358][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.215564][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.239507][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.246624][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.272575][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.332136][ T5836] hsr_slave_0: entered promiscuous mode
[   88.339727][ T5836] hsr_slave_1: entered promiscuous mode
[   88.347239][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.354203][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.380669][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.392341][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.399464][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.425408][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.438060][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.445054][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.471293][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.604375][ T5838] hsr_slave_0: entered promiscuous mode
[   88.611251][ T5838] hsr_slave_1: entered promiscuous mode
[   88.617448][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.625142][ T5838] Cannot create hsr debugfs directory
[   88.669592][ T5835] hsr_slave_0: entered promiscuous mode
[   88.676578][ T5835] hsr_slave_1: entered promiscuous mode
[   88.682701][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.690616][ T5835] Cannot create hsr debugfs directory
[   88.715770][ T5851] hsr_slave_0: entered promiscuous mode
[   88.722105][ T5851] hsr_slave_1: entered promiscuous mode
[   88.728473][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.736212][ T5851] Cannot create hsr debugfs directory
[   88.798130][ T5834] hsr_slave_0: entered promiscuous mode
[   88.804545][ T5834] hsr_slave_1: entered promiscuous mode
[   88.811449][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.819988][ T5834] Cannot create hsr debugfs directory
[   89.348533][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.366948][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.390937][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.409711][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.457997][ T5851] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   89.474516][ T5851] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   89.492410][ T5851] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   89.502509][ T5851] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   89.585749][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.614873][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.641454][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.670913][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.733189][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.771224][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.781016][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.790756][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   89.846506][ T5850] Bluetooth: hci2: command tx timeout
[   89.850462][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.892942][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.916075][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.925931][ T5850] Bluetooth: hci0: command tx timeout
[   89.931395][ T5850] Bluetooth: hci3: command tx timeout
[   89.937007][ T5850] Bluetooth: hci1: command tx timeout
[   89.942949][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.969847][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.985093][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.000178][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   90.007115][ T5848] Bluetooth: hci4: command tx timeout
[   90.027178][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   90.061606][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.068876][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.080371][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.087525][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.119479][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.126712][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.152775][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.160068][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.241223][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.301395][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.364001][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   90.401040][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   90.444337][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.451551][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.489471][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.496691][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.540587][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.547916][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.623371][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.630600][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.685026][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.807830][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   90.838564][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.853068][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.860354][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.909658][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.916834][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.940502][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.072100][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.250770][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.274515][ T5836] veth0_vlan: entered promiscuous mode
[   91.367929][ T5836] veth1_vlan: entered promiscuous mode
[   91.481460][ T5838] veth0_vlan: entered promiscuous mode
[   91.542150][ T5836] veth0_macvtap: entered promiscuous mode
[   91.554217][ T5838] veth1_vlan: entered promiscuous mode
[   91.571518][ T5836] veth1_macvtap: entered promiscuous mode
[   91.583182][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.627093][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.673688][ T5838] veth0_macvtap: entered promiscuous mode
[   91.711692][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.724060][ T5851] veth0_vlan: entered promiscuous mode
[   91.739028][ T5835] veth0_vlan: entered promiscuous mode
[   91.749536][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.760873][ T5838] veth1_macvtap: entered promiscuous mode
[   91.782937][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.792997][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.802975][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.812327][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.834601][ T5835] veth1_vlan: entered promiscuous mode
[   91.843121][ T5834] veth0_vlan: entered promiscuous mode
[   91.860877][  T977] cfg80211: failed to load regulatory.db
[   91.871325][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.896433][ T5851] veth1_vlan: entered promiscuous mode
[   91.904111][ T5834] veth1_vlan: entered promiscuous mode
[   91.921780][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.934988][ T5838] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.938114][ T5848] Bluetooth: hci2: command tx timeout
[   91.950381][ T5838] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.959853][ T5838] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.968866][ T5838] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.006128][ T5848] Bluetooth: hci3: command tx timeout
[   92.011582][ T5848] Bluetooth: hci0: command tx timeout
[   92.017171][ T5850] Bluetooth: hci1: command tx timeout
[   92.064672][ T5835] veth0_macvtap: entered promiscuous mode
[   92.078289][ T5851] veth0_macvtap: entered promiscuous mode
[   92.087507][ T5848] Bluetooth: hci4: command tx timeout
[   92.100757][ T5835] veth1_macvtap: entered promiscuous mode
[   92.131245][ T5851] veth1_macvtap: entered promiscuous mode
[   92.190416][ T5834] veth0_macvtap: entered promiscuous mode
[   92.214747][ T5834] veth1_macvtap: entered promiscuous mode
[   92.256155][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.263779][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.272229][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.293597][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.304430][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.329563][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.338226][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.338965][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.360088][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.375124][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.404190][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.421910][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.430987][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.439954][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.451860][ T5834] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.461699][ T5834] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.471414][ T5834] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.480183][ T5834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.492914][ T5851] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.501907][ T5851] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.511185][ T5851] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.519944][ T5851] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.538329][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.546390][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.641308][ T1335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.660564][ T1335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.707450][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   92.765627][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.773593][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.901349][ T1335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.099845][ T1335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.171109][ T3534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.190695][ T3534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.461841][   T43] IPVS: starting estimator thread 0...
[   93.626611][ T5970] IPVS: using max 22 ests per chain, 52800 per kthread
[   93.963759][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.972348][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.035304][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.045042][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.090399][ T5850] Bluetooth: hci1: command tx timeout
[   94.096174][ T5848] Bluetooth: hci0: command tx timeout
[   94.101629][ T5848] Bluetooth: hci3: command tx timeout
[   94.168194][ T5848] Bluetooth: hci4: command tx timeout
[   94.184289][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.220837][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.379825][ T5977] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   94.635086][ T5984] FAULT_INJECTION: forcing a failure.
[   94.635086][ T5984] name failslab, interval 1, probability 0, space 0, times 1
[   94.655402][   T43] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   94.674290][ T5984] CPU: 1 UID: 0 PID: 5984 Comm: syz.1.10 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[   94.674317][ T5984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.674337][ T5984] Call Trace:
[   94.674349][ T5984]  <TASK>
[   94.674359][ T5984]  dump_stack_lvl+0x189/0x250
[   94.674396][ T5984]  ? __pfx____ratelimit+0x10/0x10
[   94.674419][ T5984]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.674442][ T5984]  ? __pfx__printk+0x10/0x10
[   94.674483][ T5984]  ? __pfx___might_resched+0x10/0x10
[   94.674512][ T5984]  should_fail_ex+0x414/0x560
[   94.674537][ T5984]  should_failslab+0xa8/0x100
[   94.674561][ T5984]  __kmalloc_node_noprof+0xd1/0x4e0
[   94.674582][ T5984]  ? alloc_slab_obj_exts+0x39/0xa0
[   94.674619][ T5984]  alloc_slab_obj_exts+0x39/0xa0
[   94.674652][ T5984]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[   94.674704][ T5984]  kmem_cache_alloc_node_noprof+0x2bd/0x3c0
[   94.674726][ T5984]  ? __alloc_skb+0x112/0x2d0
[   94.674759][ T5984]  __alloc_skb+0x112/0x2d0
[   94.674791][ T5984]  alloc_skb_with_frags+0xca/0x890
[   94.674828][ T5984]  ? process_measurement+0x72d/0x1a40
[   94.674861][ T5984]  sock_alloc_send_pskb+0x857/0x990
[   94.674902][ T5984]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[   94.674923][ T5984]  ? __pfx_process_measurement+0x10/0x10
[   94.674945][ T5984]  ? tomoyo_check_open_permission+0x16a/0x3b0
[   94.674971][ T5984]  ? smack_socket_getpeersec_dgram+0x320/0x430
[   94.675011][ T5984]  unix_dgram_sendmsg+0x451/0x17d0
[   94.675061][ T5984]  ? unwind_next_frame+0xa5/0x2390
[   94.675082][ T5984]  ? rcu_is_watching+0x15/0xb0
[   94.675110][ T5984]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[   94.675138][ T5984]  ? __bfs+0x154/0x2a0
[   94.675157][ T5984]  ? __pfx_hlock_conflict+0x10/0x10
[   94.675190][ T5984]  ? check_noncircular+0xe0/0x160
[   94.675216][ T5984]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[   94.675261][ T5984]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.675282][ T5984]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[   94.675315][ T5984]  __sock_sendmsg+0x219/0x270
[   94.675344][ T5984]  ____sys_sendmsg+0x52d/0x830
[   94.675383][ T5984]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.675426][ T5984]  ? import_iovec+0x74/0xa0
[   94.675471][ T5984]  ___sys_sendmsg+0x21f/0x2a0
[   94.675507][ T5984]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.675577][ T5984]  ? __fget_files+0x2a/0x420
[   94.675601][ T5984]  ? __fget_files+0x3a0/0x420
[   94.675637][ T5984]  __sys_sendmmsg+0x227/0x430
[   94.675676][ T5984]  ? __pfx___sys_sendmmsg+0x10/0x10
[   94.675707][ T5984]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   94.675760][ T5984]  ? ksys_write+0x22a/0x250
[   94.675783][ T5984]  ? __pfx_ksys_write+0x10/0x10
[   94.675801][ T5984]  ? rcu_is_watching+0x15/0xb0
[   94.675831][ T5984]  __x64_sys_sendmmsg+0xa0/0xc0
[   94.675867][ T5984]  do_syscall_64+0xfa/0x3b0
[   94.675890][ T5984]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.675912][ T5984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.675934][ T5984]  ? clear_bhb_loop+0x60/0xb0
[   94.675960][ T5984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.675981][ T5984] RIP: 0033:0x7fb796d8e9a9
[   94.676008][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.676025][ T5984] RSP: 002b:00007fb797b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.676048][ T5984] RAX: ffffffffffffffda RBX: 00007fb796fb5fa0 RCX: 00007fb796d8e9a9
[   94.676063][ T5984] RDX: 0000000000000002 RSI: 0000200000005a40 RDI: 0000000000000004
[   94.676077][ T5984] RBP: 00007fb797b27090 R08: 0000000000000000 R09: 0000000000000000
[   94.676090][ T5984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.676102][ T5984] R13: 0000000000000000 R14: 00007fb796fb5fa0 R15: 00007ffeedbe4608
[   94.676134][ T5984]  </TASK>
[   94.704026][ T5986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'.
[   94.796488][ T5986] syz.4.5 (5986) used greatest stack depth: 17992 bytes left
[   95.032766][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   95.032818][   T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   95.050182][   T43] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   95.050210][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   95.050230][   T43] usb 1-1: SerialNumber: syz
[   95.429516][ T5993] netlink: 'syz.1.11': attribute type 1 has an invalid length.
[   95.429572][ T5993] netlink: 224 bytes leftover after parsing attributes in process `syz.1.11'.
[   95.774369][   T43] usb 1-1: 0:2 : does not exist
[   96.176627][   T43] usb 1-1: unit 5 not found!
[   96.226626][   T43] usb 1-1: USB disconnect, device number 2
[   96.341818][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   96.801740][    T9] hid-generic 0000:0004:0034.0001: unknown main item tag 0x0
[   96.879977][    T9] hid-generic 0000:0004:0034.0001: unknown main item tag 0x0
[   96.941568][    T9] hid-generic 0000:0004:0034.0001: unknown main item tag 0x0
[   97.121149][    T9] hid-generic 0000:0004:0034.0001: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[   97.704718][ T6026] process 'syz.3.21' launched './file2' with NULL argv: empty string added
[   97.720074][ T6026] Bluetooth: MGMT ver 1.23
[   97.799653][ T6031] netlink: 48 bytes leftover after parsing attributes in process `syz.0.20'.
[   97.824712][ T6021] fido_id[6021]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   98.031791][ T6032] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   98.092879][ T6036] bridge: RTM_NEWNEIGH with invalid ether address
[   98.365581][ T5914] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   98.660857][ T5914] usb 4-1: Using ep0 maxpacket: 8
[   98.680329][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   98.713876][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   98.735264][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   98.744100][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   98.791238][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   98.815630][ T5907] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   98.823241][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   98.991180][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   99.019499][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.050241][    T9] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   99.148801][ T5907] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.193632][ T5907] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   99.234371][ T5907] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   99.252554][ T5914] usb 4-1: GET_CAPABILITIES returned 0
[   99.268223][ T5914] usbtmc 4-1:16.0: can't read capabilities
[   99.274748][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   99.311407][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[   99.332066][ T5907] usb 2-1: SerialNumber: syz
[   99.361938][    T9] usb 3-1: not running at top speed; connect to a high speed hub
[   99.387237][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[   99.404579][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[   99.425016][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.452964][    T9] usb 3-1: Product: syz
[   99.469100][    T9] usb 3-1: Manufacturer: syz
[   99.477866][ T5914] usb 4-1: USB disconnect, device number 2
[   99.496810][    T9] usb 3-1: SerialNumber: syz
[   99.609723][ T5907] usb 2-1: 0:2 : does not exist
[   99.614804][ T5907] usb 2-1: unit 5 not found!
[   99.768490][ T6056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.782947][ T5907] usb 2-1: USB disconnect, device number 2
[   99.795971][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   99.822013][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.903433][ T6056] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.911725][ T6073] netlink: 32 bytes leftover after parsing attributes in process `syz.0.31'.
[  100.195614][ T6073] Zero length message leads to an empty skb
[  100.297489][ T6073] netlink: 24 bytes leftover after parsing attributes in process `syz.0.31'.
[  100.326431][    T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!!
[  100.381713][    T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input5
[  100.456617][ T5191] bcm5974 3-1:1.0: could not read from device
[  100.490098][ T6080] af_packet: tpacket_rcv: packet too big, clamped from 200 to 4294967272. macoff=96
[  100.514671][    T9] usb 3-1: USB disconnect, device number 2
[  100.723173][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  101.223072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.562587][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  101.586241][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.647274][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.656411][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.761524][    T9] hid-generic 0000:0004:0034.0002: unknown main item tag 0x0
[  101.943085][    T9] hid-generic 0000:0004:0034.0002: unknown main item tag 0x0
[  102.064549][    T9] hid-generic 0000:0004:0034.0002: unknown main item tag 0x0
[  102.665980][    T9] hid-generic 0000:0004:0034.0002: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  102.949871][ T6095] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  103.763074][ T6110] netlink: 'syz.0.40': attribute type 1 has an invalid length.
[  103.771174][ T6110] netlink: 224 bytes leftover after parsing attributes in process `syz.0.40'.
[  104.030486][ T6112] fido_id[6112]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  104.471253][ T6137] tap0: tun_chr_ioctl cmd 1074025677
[  104.503853][ T6137] tap0: linktype set to 270
[  104.596291][ T1208] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  105.409834][ T1208] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  105.431647][ T1208] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  105.443740][ T1208] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  105.454134][ T1208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  105.463035][ T1208] usb 5-1: SerialNumber: syz
[  105.757686][ T1208] usb 5-1: 0:2 : does not exist
[  105.764350][ T1208] usb 5-1: unit 5 not found!
[  105.786440][ T1208] usb 5-1: USB disconnect, device number 2
[  106.662374][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  107.243856][ T1208] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  107.540658][ T5907] hid-generic 0000:0004:0034.0003: unknown main item tag 0x0
[  107.643555][ T5907] hid-generic 0000:0004:0034.0003: unknown main item tag 0x0
[  107.768787][ T5907] hid-generic 0000:0004:0034.0003: unknown main item tag 0x0
[  108.183287][ T5907] hid-generic 0000:0004:0034.0003: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  108.549632][ T6177] tap0: tun_chr_ioctl cmd 1074025677
[  108.581186][ T6177] tap0: linktype set to 270
[  108.595400][ T1208] usb 1-1: Using ep0 maxpacket: 8
[  108.610764][ T6180] fido_id[6180]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  108.753747][ T6184] overlay: Unknown parameter '\eiserfs'
[  108.803843][ T6186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.62'.
[  108.823708][ T6188] fuse: Bad value for 'group_id'
[  108.845853][ T1208] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  108.850178][ T6188] fuse: Bad value for 'group_id'
[  108.868436][ T1208] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  108.878590][ T5907] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  109.235738][ T1208] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  109.313545][ T5907] usb 2-1: Using ep0 maxpacket: 8
[  109.317569][ T1208] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.321961][ T5907] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  109.341947][ T5907] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  109.375027][ T1208] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.400809][ T5907] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  109.405937][ T1208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.418673][ T5907] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.450658][ T5907] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.453835][ T6191] bond_slave_0: entered promiscuous mode
[  109.462710][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.465564][ T6191] bond_slave_1: entered promiscuous mode
[  109.465728][ T6191] macvlan2: entered promiscuous mode
[  109.484743][ T6191] bond0: entered promiscuous mode
[  109.492457][ T6191] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  109.723838][ T5907] usb 2-1: GET_CAPABILITIES returned 0
[  109.731125][ T5907] usbtmc 2-1:16.0: can't read capabilities
[  109.749926][ T1208] usb 1-1: GET_CAPABILITIES returned 0
[  109.767111][ T1208] usbtmc 1-1:16.0: can't read capabilities
[  109.895593][ T5947] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  110.019633][ T1208] usb 1-1: USB disconnect, device number 3
[  110.055880][ T5947] usb 3-1: Using ep0 maxpacket: 8
[  110.083479][ T5947] usb 3-1: unable to get BOS descriptor or descriptor too short
[  110.141044][ T5947] usb 3-1: config 7 has an invalid interface number: 204 but max is 0
[  110.149710][ T5947] usb 3-1: config 7 has no interface number 0
[  110.161164][ T5947] usb 3-1: too many endpoints for config 7 interface 204 altsetting 80: 241, using maximum allowed: 30
[  110.183666][ T5947] usb 3-1: config 7 interface 204 altsetting 80 has 0 endpoint descriptors, different from the interface descriptor's value: 241
[  110.204079][ T5947] usb 3-1: config 7 interface 204 has no altsetting 0
[  110.216956][ T5947] usb 3-1: string descriptor 0 read error: -22
[  110.223753][ T5947] usb 3-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe
[  110.238095][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.273571][ T5947] hub 3-1:7.204: bad descriptor, ignoring hub
[  110.290921][ T5947] hub 3-1:7.204: probe with driver hub failed with error -5
[  110.759327][ T6193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.955958][ T6193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.981237][ T5947] asix 3-1:7.204 (unnamed net_device) (uninitialized): invalid hw address, using random
[  111.726452][ T5914] usb 2-1: USB disconnect, device number 3
[  111.785140][ T5947] asix 3-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  111.835702][ T5947] asix 3-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  112.026929][ T5947] asix 3-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  112.061347][ T5947] asix 3-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  112.105567][ T5907] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  112.215588][ T5927] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  112.283605][ T5907] usb 5-1: Using ep0 maxpacket: 8
[  112.398017][ T5907] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  112.497151][ T5907] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  112.624058][ T5907] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  112.751614][    T9] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  112.780819][ T5907] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  112.911192][    T9] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  112.995333][ T5907] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  113.047964][    T9] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  113.214646][ T5907] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  113.308906][    T9] hid-generic 0000:0004:0034.0004: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  113.408543][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.534481][ T5947] asix 3-1:7.204 eth1: register 'asix' at usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet, 9e:99:6d:95:7f:16
[  113.679224][ T5927] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  113.728918][ T5927] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  113.802630][ T5927] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  113.819888][ T5907] usb 5-1: usb_control_msg returned -32
[  113.835212][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  113.841596][ T6228] fido_id[6228]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  113.870945][ T5907] usbtmc 5-1:16.0: can't read capabilities
[  113.890337][ T5927] usb 2-1: SerialNumber: syz
[  114.019265][ T6233] tap0: tun_chr_ioctl cmd 1074025677
[  114.054441][ T6233] tap0: linktype set to 270
[  114.123641][ T5927] usb 2-1: 0:2 : does not exist
[  114.133078][ T5927] usb 2-1: unit 5 not found!
[  114.201873][ T6240] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  114.210237][ T5927] usb 2-1: USB disconnect, device number 4
[  114.267844][ T1208] usb 5-1: USB disconnect, device number 3
[  114.385572][ T5947] usb 3-1: USB disconnect, device number 3
[  114.562663][ T5947] asix 3-1:7.204 eth1: unregister 'asix' usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet
[  114.621102][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  117.403390][ T5905] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  117.556772][ T5905] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  117.734267][ T5905] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  118.258478][ T5905] hid-generic 0000:0004:0034.0005: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  118.456654][ T6291] warning: `syz.2.86' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  119.224553][ T5947] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  119.262174][ T6308] syz.2.90: attempt to access beyond end of device
[  119.262174][ T6308] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  119.885121][ T6299] fido_id[6299]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  120.028649][ T5947] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  120.039049][ T5947] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  120.049901][ T5947] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  120.059526][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  120.125249][ T5947] usb 2-1: SerialNumber: syz
[  120.179011][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.3.94'.
[  120.215869][ T6317] tap0: tun_chr_ioctl cmd 1074025677
[  120.235725][ T6317] tap0: linktype set to 270
[  121.410909][ T5947] usb 2-1: 0:2 : does not exist
[  121.659072][ T5947] usb 2-1: unit 5 not found!
[  121.776673][ T5947] usb 2-1: USB disconnect, device number 5
[  122.331288][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  122.437226][ T1208] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  122.534846][ T1208] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  123.145741][ T1208] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  123.302257][ T1208] hid-generic 0000:0004:0034.0006: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  123.395381][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.2.96'.
[  123.419572][ T6347] netlink: 60 bytes leftover after parsing attributes in process `syz.2.96'.
[  123.455643][ T5907] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  123.595642][ T5907] usb 1-1: device descriptor read/64, error -71
[  123.801603][ T6356] fido_id[6356]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  123.841866][ T6364] netlink: 48 bytes leftover after parsing attributes in process `syz.3.101'.
[  123.897738][ T5907] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  124.056134][ T5907] usb 1-1: device descriptor read/64, error -71
[  124.237638][ T5907] usb usb1-port1: attempt power cycle
[  125.191665][ T6382] qrtr: Invalid version 4
[  125.225632][ T5907] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  125.314888][ T6381] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  125.376290][ T5907] usb 1-1: device descriptor read/8, error -71
[  125.458116][ T6385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.105'.
[  125.630720][ T5907] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  125.686849][ T5907] usb 1-1: device descriptor read/8, error -71
[  126.155212][ T5907] usb usb1-port1: unable to enumerate USB device
[  126.625742][ T5907] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  126.927344][ T6405] syz.0.108: attempt to access beyond end of device
[  126.927344][ T6405] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  127.485761][ T5907] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  127.500127][ T5907] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  127.510828][ T5907] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  127.545704][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  127.553771][ T5907] usb 5-1: SerialNumber: syz
[  128.178248][ T5947] hid-generic 0000:0004:0034.0007: unknown main item tag 0x0
[  128.288087][ T5947] hid-generic 0000:0004:0034.0007: unknown main item tag 0x0
[  128.428817][ T5947] hid-generic 0000:0004:0034.0007: unknown main item tag 0x0
[  128.591077][ T5947] hid-generic 0000:0004:0034.0007: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  128.882083][ T6408] FAULT_INJECTION: forcing a failure.
[  128.882083][ T6408] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  128.934224][ T5907] usb 5-1: 0:2 : does not exist
[  128.972558][ T5907] usb 5-1: unit 5 not found!
[  129.023941][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.2.110 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  129.023967][ T6408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  129.023978][ T6408] Call Trace:
[  129.023986][ T6408]  <TASK>
[  129.023994][ T6408]  dump_stack_lvl+0x189/0x250
[  129.024019][ T6408]  ? __pfx____ratelimit+0x10/0x10
[  129.024040][ T6408]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.024061][ T6408]  ? __pfx__printk+0x10/0x10
[  129.024083][ T6408]  ? __might_fault+0xb0/0x130
[  129.024111][ T6408]  should_fail_ex+0x414/0x560
[  129.024136][ T6408]  _copy_from_user+0x2d/0xb0
[  129.024161][ T6408]  ___sys_sendmsg+0x158/0x2a0
[  129.024189][ T6408]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.024243][ T6408]  ? __fget_files+0x2a/0x420
[  129.024259][ T6408]  ? __fget_files+0x3a0/0x420
[  129.024285][ T6408]  __x64_sys_sendmsg+0x19b/0x260
[  129.024311][ T6408]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  129.024343][ T6408]  ? rcu_is_watching+0x15/0xb0
[  129.024364][ T6408]  ? do_syscall_64+0xbe/0x3b0
[  129.024385][ T6408]  do_syscall_64+0xfa/0x3b0
[  129.024403][ T6408]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.024421][ T6408]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.024439][ T6408]  ? clear_bhb_loop+0x60/0xb0
[  129.024461][ T6408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.024479][ T6408] RIP: 0033:0x7f84b838e9a9
[  129.024494][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.024509][ T6408] RSP: 002b:00007f84b91cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  129.024528][ T6408] RAX: ffffffffffffffda RBX: 00007f84b85b5fa0 RCX: 00007f84b838e9a9
[  129.024541][ T6408] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000003
[  129.024552][ T6408] RBP: 00007f84b91cc090 R08: 0000000000000000 R09: 0000000000000000
[  129.024563][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.024573][ T6408] R13: 0000000000000000 R14: 00007f84b85b5fa0 R15: 00007ffe21a1e188
[  129.024600][ T6408]  </TASK>
[  130.174396][ T1208] IPVS: starting estimator thread 0...
[  130.205672][ T5907] usb 5-1: USB disconnect, device number 4
[  130.283845][ T6411] fido_id[6411]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  130.335608][ T6421] IPVS: using max 30 ests per chain, 72000 per kthread
[  130.612429][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  132.827834][ T6457] tipc: Started in network mode
[  132.836457][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  132.993862][ T6457] tipc: Node identity b687870457b2, cluster identity 4711
[  133.156134][ T6457] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  133.194316][ T6465] syzkaller0: entered promiscuous mode
[  133.230716][ T6465] syzkaller0: entered allmulticast mode
[  133.393503][ T6469] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  133.436020][ T6457] tipc: Resetting bearer <eth:syzkaller0>
[  133.447075][ T5947] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  134.049287][ T6459] delete_channel: no stack
[  134.179697][ T6457] tipc: Disabling bearer <eth:syzkaller0>
[  134.186481][ T5905] tipc: Node number set to 3778381572
[  134.195568][ T5947] usb 4-1: Using ep0 maxpacket: 16
[  134.253766][ T5947] usb 4-1: too many configurations: 14, using maximum allowed: 8
[  134.322777][ T5905] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  134.352299][ T5947] usb 4-1: unable to read config index 0 descriptor/start: -61
[  134.367915][ T5947] usb 4-1: can't read configurations, error -61
[  134.575566][ T5905] usb 5-1: Using ep0 maxpacket: 8
[  134.596185][ T5947] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  134.646409][ T5905] usb 5-1: config 162 has an invalid interface number: 226 but max is 1
[  134.665080][ T5905] usb 5-1: config 162 has an invalid interface number: 97 but max is 1
[  134.681866][ T5905] usb 5-1: config 162 has no interface number 0
[  134.718172][ T5905] usb 5-1: config 162 has no interface number 1
[  134.775347][ T6481] netlink: 96 bytes leftover after parsing attributes in process `syz.2.130'.
[  134.800295][ T5905] usb 5-1: config 162 interface 226 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  134.903775][ T5905] usb 5-1: config 162 interface 97 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  135.010147][ T6485] syz.0.131 uses obsolete (PF_INET,SOCK_PACKET)
[  135.017954][ T5905] usb 5-1: config 162 interface 97 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  135.083264][ T5905] usb 5-1: config 162 interface 97 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  135.206637][ T5905] usb 5-1: config 162 interface 97 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  135.217476][ T5905] usb 5-1: config 162 interface 97 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  135.253308][ T5905] usb 5-1: config 162 interface 226 has no altsetting 0
[  135.260617][ T5905] usb 5-1: config 162 interface 97 has no altsetting 0
[  135.330084][ T5947] usb 4-1: Using ep0 maxpacket: 16
[  135.354678][ T5947] usb 4-1: too many configurations: 14, using maximum allowed: 8
[  135.415267][ T5947] usb 4-1: unable to read config index 0 descriptor/start: -61
[  135.423826][ T5905] usb 5-1: New USB device found, idVendor=07b8, idProduct=9271, bcdDevice=bc.4e
[  135.426532][ T5947] usb 4-1: can't read configurations, error -61
[  135.450913][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.470116][ T5905] usb 5-1: Product: syz
[  135.476833][ T5947] usb usb4-port1: attempt power cycle
[  135.491526][ T5905] usb 5-1: Manufacturer: syz
[  135.499387][ T5905] usb 5-1: SerialNumber: syz
[  136.029539][ T6469] netlink: 12 bytes leftover after parsing attributes in process `syz.4.127'.
[  136.076213][ T5947] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  136.093587][ T6494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.102677][ T6494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.227153][ T5947] usb 4-1: device descriptor read/8, error -71
[  136.835652][ T5905] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  136.854074][ T5905] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  136.871951][ T5905] usb 5-1: USB disconnect, device number 5
[  136.949933][ T6491] delete_channel: no stack
[  139.020846][ T6524] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.677246][   T30] audit: type=1326 audit(1752989167.942:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6536 comm="syz.2.143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84b838e9a9 code=0x80000000
[  139.713397][ T6524] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.920276][ T6524] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.127084][ T6524] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.434743][ T6524] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.477854][ T6524] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.541247][ T6524] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.608481][ T6524] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.904791][   T30] audit: type=1326 audit(1752989169.162:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6548 comm="syz.4.146" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x0
[  142.047976][ T6556] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.319724][ T6556] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.551674][ T6578] tipc: Started in network mode
[  143.565156][ T6578] tipc: Node identity 4a28133be624, cluster identity 4711
[  143.600393][ T6578] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  143.625031][ T6584] syzkaller0: entered promiscuous mode
[  143.650808][ T6584] syzkaller0: entered allmulticast mode
[  143.779192][ T6578] tipc: Resetting bearer <eth:syzkaller0>
[  143.807119][ T6578] tipc: Disabling bearer <eth:syzkaller0>
[  143.816342][ T5914] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  144.016054][ T5914] usb 5-1: Using ep0 maxpacket: 16
[  144.030001][ T5914] usb 5-1: config 0 has no interfaces?
[  144.037574][ T5914] usb 5-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  144.055558][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.087176][ T5914] usb 5-1: config 0 descriptor??
[  144.889500][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.156'.
[  144.956636][ T5905] usb 5-1: USB disconnect, device number 6
[  144.990090][ T6603] kvm: emulating exchange as write
[  144.998729][ T6603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.159'.
[  145.073424][ T6603] netlink: 16 bytes leftover after parsing attributes in process `syz.0.159'.
[  146.253009][ T6618] tap0: tun_chr_ioctl cmd 1074025677
[  146.268643][ T6618] tap0: linktype set to 270
[  146.804888][ T6628] tap0: tun_chr_ioctl cmd 1074025677
[  146.830937][ T6628] tap0: linktype set to 270
[  148.821282][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.172'.
[  149.205703][   T30] audit: type=1326 audit(1752989177.462:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.267559][   T30] audit: type=1326 audit(1752989177.462:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.338661][   T30] audit: type=1326 audit(1752989177.462:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.378806][ T5914] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  149.424806][   T30] audit: type=1326 audit(1752989177.462:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.471559][   T30] audit: type=1326 audit(1752989177.462:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.555584][   T30] audit: type=1326 audit(1752989177.462:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.613594][ T5914] usb 2-1: config 0 has an invalid descriptor of length 242, skipping remainder of the config
[  149.628302][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  149.639202][   T30] audit: type=1326 audit(1752989177.462:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.675654][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  149.703110][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 1024
[  149.714925][   T30] audit: type=1326 audit(1752989177.462:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.736235][    C0] vkms_vblank_simulate: vblank timer overrun
[  149.755552][ T5914] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 1024
[  149.775733][   T30] audit: type=1326 audit(1752989177.462:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.828929][ T5914] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  149.838200][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.866112][   T30] audit: type=1326 audit(1752989177.462:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6657 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ff00000
[  149.887329][    C0] vkms_vblank_simulate: vblank timer overrun
[  149.893458][ T5914] usb 2-1: Product: syz
[  149.899056][ T5914] usb 2-1: Manufacturer: syz
[  149.917604][ T5914] usb 2-1: SerialNumber: syz
[  149.924786][ T5914] usb 2-1: config 0 descriptor??
[  149.952004][ T6656] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  149.990165][ T5914] usb 2-1: ucan: probing device on interface #0
[  150.229299][ T5914] usb 2-1: ucan: invalid endpoint configuration
[  150.236200][ T5914] usb 2-1: ucan: probe failed; try to update the device firmware
[  152.129302][ T6667] netlink: 'syz.2.181': attribute type 6 has an invalid length.
[  152.208498][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'.
[  152.230670][ T1208] usb 2-1: USB disconnect, device number 6
[  152.268964][ T6686] ipvlan2: entered promiscuous mode
[  152.284523][ T6686] ipvlan2: entered allmulticast mode
[  152.306659][ T6686] gretap0: entered allmulticast mode
[  152.405982][ T5907] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  152.593738][ T5907] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.627766][ T5907] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  152.642466][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.653339][ T5907] usb 1-1: Product: syz
[  152.658344][ T5907] usb 1-1: Manufacturer: syz
[  152.665233][ T5907] usb 1-1: SerialNumber: syz
[  152.715752][ T1208] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  152.895508][ T1208] usb 2-1: Using ep0 maxpacket: 16
[  152.912518][ T5907] pxrc 1-1:1.0: Could not find endpoint
[  152.913228][ T1208] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  152.938871][ T1208] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.953179][ T5907] usb 1-1: USB disconnect, device number 8
[  152.955051][ T1208] usb 2-1: config 0 descriptor??
[  153.092491][ T1208] gspca_main: sonixj-2.14.0 probing 0471:0327
[  153.427220][ T1208] gspca_sonixj: reg_r err -32
[  153.453081][ T1208] sonixj 2-1:0.0: probe with driver sonixj failed with error -32
[  154.064526][ T6725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'.
[  154.949774][ T6732] syzkaller0: entered promiscuous mode
[  154.970442][ T6732] syzkaller0: entered allmulticast mode
[  155.506640][ T6743] netlink: 'syz.4.202': attribute type 1 has an invalid length.
[  155.514461][ T6743] netlink: 224 bytes leftover after parsing attributes in process `syz.4.202'.
[  156.066268][ T5914] usb 2-1: USB disconnect, device number 7
[  158.562079][ T6775] netlink: 36 bytes leftover after parsing attributes in process `syz.4.210'.
[  160.927699][ T6801] netlink: 76 bytes leftover after parsing attributes in process `syz.2.216'.
[  161.025616][ T5907] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  161.296864][ T5907] usb 4-1: Using ep0 maxpacket: 8
[  161.311685][ T5907] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  161.411238][ T6814] netlink: 'syz.1.220': attribute type 1 has an invalid length.
[  161.419052][ T6814] netlink: 224 bytes leftover after parsing attributes in process `syz.1.220'.
[  161.895371][ T5907] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  161.905638][ T5907] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  161.915890][ T5907] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  161.925840][ T5907] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  161.939018][ T5907] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  162.036583][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.120020][ T5907] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  162.670363][ T6799] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  162.930336][ T6823] FAULT_INJECTION: forcing a failure.
[  162.930336][ T6823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.943524][ T6823] CPU: 0 UID: 0 PID: 6823 Comm: syz.4.222 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  162.943541][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  162.943554][ T6823] Call Trace:
[  162.943563][ T6823]  <TASK>
[  162.943571][ T6823]  dump_stack_lvl+0x189/0x250
[  162.943598][ T6823]  ? __pfx____ratelimit+0x10/0x10
[  162.943621][ T6823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.943644][ T6823]  ? __pfx__printk+0x10/0x10
[  162.943671][ T6823]  should_fail_ex+0x414/0x560
[  162.943689][ T6823]  _copy_to_user+0x31/0xb0
[  162.943710][ T6823]  msr_read+0x177/0x250
[  162.943732][ T6823]  ? __pfx_msr_read+0x10/0x10
[  162.943748][ T6823]  ? security_file_permission+0x75/0x290
[  162.943765][ T6823]  ? rw_verify_area+0x258/0x650
[  162.943786][ T6823]  ? __pfx_msr_read+0x10/0x10
[  162.943804][ T6823]  vfs_read+0x1fd/0x980
[  162.943831][ T6823]  ? __pfx_vfs_read+0x10/0x10
[  162.943854][ T6823]  ? __fget_files+0x2a/0x420
[  162.943872][ T6823]  ? __fget_files+0x2a/0x420
[  162.943886][ T6823]  ? __fget_files+0x3a0/0x420
[  162.943900][ T6823]  ? __fget_files+0x2a/0x420
[  162.943921][ T6823]  ksys_read+0x145/0x250
[  162.943936][ T6823]  ? __pfx_ksys_read+0x10/0x10
[  162.943952][ T6823]  ? do_syscall_64+0xbe/0x3b0
[  162.943970][ T6823]  do_syscall_64+0xfa/0x3b0
[  162.943984][ T6823]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.943999][ T6823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.944013][ T6823]  ? clear_bhb_loop+0x60/0xb0
[  162.944030][ T6823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.944043][ T6823] RIP: 0033:0x7f7bf398e9a9
[  162.944055][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.944074][ T6823] RSP: 002b:00007f7bf483d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  162.944088][ T6823] RAX: ffffffffffffffda RBX: 00007f7bf3bb5fa0 RCX: 00007f7bf398e9a9
[  162.944099][ T6823] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000004
[  162.944108][ T6823] RBP: 00007f7bf483d090 R08: 0000000000000000 R09: 0000000000000000
[  162.944116][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  162.944124][ T6823] R13: 0000000000000000 R14: 00007f7bf3bb5fa0 R15: 00007ffd4f268118
[  162.944145][ T6823]  </TASK>
[  163.342584][ T6817] netlink: 16 bytes leftover after parsing attributes in process `syz.3.217'.
[  163.354071][ T6799] netlink: 16 bytes leftover after parsing attributes in process `syz.3.217'.
[  163.367684][ T6817] netlink: 40 bytes leftover after parsing attributes in process `syz.3.217'.
[  163.443907][ T6799] netlink: 40 bytes leftover after parsing attributes in process `syz.3.217'.
[  163.534793][ T6817] bond1: entered promiscuous mode
[  163.540437][ T6817] 8021q: adding VLAN 0 to HW filter on device bond1
[  164.246670][ T6799] bond2: entered promiscuous mode
[  164.288669][ T6799] 8021q: adding VLAN 0 to HW filter on device bond2
[  164.320561][    T9] usb 4-1: USB disconnect, device number 7
[  168.104269][ T6860] delete_channel: no stack
[  168.109153][ T6863] FAULT_INJECTION: forcing a failure.
[  168.109153][ T6863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.171207][ T6863] CPU: 1 UID: 0 PID: 6863 Comm: syz.4.235 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  168.171233][ T6863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.171245][ T6863] Call Trace:
[  168.171253][ T6863]  <TASK>
[  168.171262][ T6863]  dump_stack_lvl+0x189/0x250
[  168.171289][ T6863]  ? __pfx____ratelimit+0x10/0x10
[  168.171310][ T6863]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.171332][ T6863]  ? __pfx__printk+0x10/0x10
[  168.171358][ T6863]  ? __might_fault+0xb0/0x130
[  168.171388][ T6863]  should_fail_ex+0x414/0x560
[  168.171413][ T6863]  _copy_from_user+0x2d/0xb0
[  168.171442][ T6863]  do_handle_open+0x4a0/0x850
[  168.171469][ T6863]  ? __pfx_do_handle_open+0x10/0x10
[  168.171491][ T6863]  ? ksys_write+0x22a/0x250
[  168.171512][ T6863]  ? __pfx_ksys_write+0x10/0x10
[  168.171527][ T6863]  ? rcu_is_watching+0x15/0xb0
[  168.171554][ T6863]  ? do_syscall_64+0xbe/0x3b0
[  168.171580][ T6863]  do_syscall_64+0xfa/0x3b0
[  168.171600][ T6863]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.171620][ T6863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.171639][ T6863]  ? clear_bhb_loop+0x60/0xb0
[  168.171667][ T6863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.171686][ T6863] RIP: 0033:0x7f7bf398e9a9
[  168.171732][ T6863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.171749][ T6863] RSP: 002b:00007f7bf483d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  168.171770][ T6863] RAX: ffffffffffffffda RBX: 00007f7bf3bb5fa0 RCX: 00007f7bf398e9a9
[  168.171785][ T6863] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  168.171799][ T6863] RBP: 00007f7bf483d090 R08: 0000000000000000 R09: 0000000000000000
[  168.171812][ T6863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.171823][ T6863] R13: 0000000000000000 R14: 00007f7bf3bb5fa0 R15: 00007ffd4f268118
[  168.171864][ T6863]  </TASK>
[  168.556384][ T6868] netlink: 100 bytes leftover after parsing attributes in process `syz.1.239'.
[  168.581409][ T6870] random: crng reseeded on system resumption
[  168.780111][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  169.235545][    T9] usb 4-1: Using ep0 maxpacket: 32
[  169.243563][    T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  169.265338][    T9] usb 4-1: config 0 has no interface number 0
[  169.272541][ T6880] capability: warning: `syz.1.241' uses 32-bit capabilities (legacy support in use)
[  169.299432][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  169.319153][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.342002][ T6884] ptrace attach of "./syz-executor exec"[5835] was attempted by "\x09   
                   ��      ��      ��      0              ��      ��      ��                 ����                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               �  
"[6884]
[  169.429610][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.438101][    T9] usb 4-1: Product: syz
[  169.442422][    T9] usb 4-1: Manufacturer: syz
[  169.448837][    T9] usb 4-1: SerialNumber: syz
[  169.470016][    T9] usb 4-1: config 0 descriptor??
[  169.497370][    T9] smsc95xx v2.0.0
[  170.174160][ T6867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.184536][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  170.196284][ T6867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.218598][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  170.234022][ T6889] overlayfs: failed to resolve './bus': -2
[  170.253165][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  170.267047][    T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  170.353842][    T9] usb 4-1: USB disconnect, device number 8
[  170.466788][ T6895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.244'.
[  172.125803][ T6906] tap0: tun_chr_ioctl cmd 1074025677
[  172.210230][ T6906] tap0: linktype set to 270
[  172.986297][ T6903] devtmpfs: Unknown parameter 'nr_Inode'
[  173.539489][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'.
[  176.140241][ T6953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.255'.
[  176.550945][ T6958] capability: warning: `syz.0.262' uses deprecated v2 capabilities in a way that may be insecure
[  177.131596][ T6962] netlink: 'syz.0.264': attribute type 21 has an invalid length.
[  177.141938][ T6962] netlink: 'syz.0.264': attribute type 1 has an invalid length.
[  177.700503][ T6973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.267'.
[  180.241527][ T6994] block device autoloading is deprecated and will be removed.
[  181.151256][ T5907] IPVS: starting estimator thread 0...
[  181.265677][ T7016] IPVS: using max 25 ests per chain, 60000 per kthread
[  181.759222][ T5898] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  182.076867][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.432312][ T5898] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.481422][ T5898] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  182.518581][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.563595][ T5898] usb 2-1: Product: syz
[  182.583335][ T5898] usb 2-1: Manufacturer: syz
[  182.617838][ T5898] usb 2-1: SerialNumber: syz
[  183.089839][ T5898] usb 2-1: cannot find UAC_HEADER
[  183.167938][ T5898] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  183.273657][ T6422] udevd[6422]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  183.566767][ T7050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.287'.
[  183.580733][ T5898] usb 2-1: USB disconnect, device number 8
[  184.152027][ T5848] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  184.159117][ T7061] FAULT_INJECTION: forcing a failure.
[  184.159117][ T7061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.159153][ T7061] CPU: 0 UID: 0 PID: 7061 Comm: syz.3.294 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  184.159174][ T7061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  184.159185][ T7061] Call Trace:
[  184.159197][ T7061]  <TASK>
[  184.159205][ T7061]  dump_stack_lvl+0x189/0x250
[  184.159241][ T7061]  ? __pfx____ratelimit+0x10/0x10
[  184.159261][ T7061]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.159282][ T7061]  ? __pfx__printk+0x10/0x10
[  184.159306][ T7061]  ? __might_fault+0xb0/0x130
[  184.159336][ T7061]  should_fail_ex+0x414/0x560
[  184.159360][ T7061]  _copy_from_user+0x2d/0xb0
[  184.159393][ T7061]  ucma_query+0xe0/0x1280
[  184.159432][ T7061]  ? __lock_acquire+0xab9/0xd20
[  184.159449][ T7061]  ? __pfx_ucma_query+0x10/0x10
[  184.159492][ T7061]  ? is_bpf_text_address+0x26/0x2b0
[  184.159522][ T7061]  ? __lock_acquire+0xab9/0xd20
[  184.159563][ T7061]  ? __lock_acquire+0xab9/0xd20
[  184.159593][ T7061]  ? __might_fault+0xb0/0x130
[  184.159636][ T7061]  ucma_write+0x246/0x2e0
[  184.159666][ T7061]  ? __pfx_ucma_write+0x10/0x10
[  184.159692][ T7061]  ? security_file_permission+0x75/0x290
[  184.159717][ T7061]  ? rw_verify_area+0x258/0x650
[  184.159747][ T7061]  ? __pfx_ucma_write+0x10/0x10
[  184.159775][ T7061]  vfs_write+0x27b/0xa90
[  184.159804][ T7061]  ? __pfx_vfs_write+0x10/0x10
[  184.159824][ T7061]  ? __fget_files+0x2a/0x420
[  184.159850][ T7061]  ? __fget_files+0x2a/0x420
[  184.159871][ T7061]  ? __fget_files+0x3a0/0x420
[  184.159892][ T7061]  ? __fget_files+0x2a/0x420
[  184.159923][ T7061]  ksys_write+0x145/0x250
[  184.159945][ T7061]  ? __pfx_ksys_write+0x10/0x10
[  184.159962][ T7061]  ? rcu_is_watching+0x15/0xb0
[  184.159989][ T7061]  ? do_syscall_64+0xbe/0x3b0
[  184.160017][ T7061]  do_syscall_64+0xfa/0x3b0
[  184.160039][ T7061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.160059][ T7061]  ? asm_sysvec_call_function_single+0x1a/0x20
[  184.160079][ T7061]  ? clear_bhb_loop+0x60/0xb0
[  184.160103][ T7061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.160124][ T7061] RIP: 0033:0x7ff46f38e9a9
[  184.160146][ T7061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.160163][ T7061] RSP: 002b:00007ff4701fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  184.160193][ T7061] RAX: ffffffffffffffda RBX: 00007ff46f5b6080 RCX: 00007ff46f38e9a9
[  184.160208][ T7061] RDX: 0000000000000018 RSI: 0000200000000000 RDI: 0000000000000006
[  184.160219][ T7061] RBP: 00007ff4701fc090 R08: 0000000000000000 R09: 0000000000000000
[  184.160232][ T7061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.160243][ T7061] R13: 0000000000000000 R14: 00007ff46f5b6080 R15: 00007fff91489dc8
[  184.160273][ T7061]  </TASK>
[  185.263424][ T5848] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  187.901932][ T7095] FAULT_INJECTION: forcing a failure.
[  187.901932][ T7095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.916079][ T7095] CPU: 1 UID: 0 PID: 7095 Comm: syz.4.302 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  187.916169][ T7095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.916185][ T7095] Call Trace:
[  187.916196][ T7095]  <TASK>
[  187.916205][ T7095]  dump_stack_lvl+0x189/0x250
[  187.916246][ T7095]  ? __pfx____ratelimit+0x10/0x10
[  187.916267][ T7095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.916289][ T7095]  ? __pfx__printk+0x10/0x10
[  187.916315][ T7095]  ? __might_fault+0xb0/0x130
[  187.916346][ T7095]  should_fail_ex+0x414/0x560
[  187.916373][ T7095]  _copy_from_iter+0x1db/0x16f0
[  187.916399][ T7095]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[  187.916435][ T7095]  ? __pfx__copy_from_iter+0x10/0x10
[  187.916461][ T7095]  ? policy_nodemask+0x27c/0x720
[  187.916488][ T7095]  ? page_copy_sane+0x4e/0x280
[  187.916515][ T7095]  copy_page_from_iter+0xdd/0x170
[  187.916546][ T7095]  anon_pipe_write+0x99a/0x1360
[  187.916593][ T7095]  ? __pfx_anon_pipe_write+0x10/0x10
[  187.916613][ T7095]  ? rcu_read_lock_any_held+0xb3/0x120
[  187.916637][ T7095]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  187.916663][ T7095]  ? bpf_lsm_file_permission+0x9/0x20
[  187.916686][ T7095]  ? security_file_permission+0x75/0x290
[  187.916718][ T7095]  vfs_write+0x548/0xa90
[  187.916741][ T7095]  ? __pfx_anon_pipe_write+0x10/0x10
[  187.916765][ T7095]  ? __pfx_vfs_write+0x10/0x10
[  187.916795][ T7095]  ? __fget_files+0x2a/0x420
[  187.916827][ T7095]  ksys_write+0x145/0x250
[  187.916849][ T7095]  ? __pfx_ksys_write+0x10/0x10
[  187.916865][ T7095]  ? rcu_is_watching+0x15/0xb0
[  187.916893][ T7095]  ? do_syscall_64+0xbe/0x3b0
[  187.916919][ T7095]  do_syscall_64+0xfa/0x3b0
[  187.916940][ T7095]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.916960][ T7095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.916994][ T7095]  ? clear_bhb_loop+0x60/0xb0
[  187.917019][ T7095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.917057][ T7095] RIP: 0033:0x7f7bf398e9a9
[  187.917075][ T7095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.917092][ T7095] RSP: 002b:00007f7bf481c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  187.917135][ T7095] RAX: ffffffffffffffda RBX: 00007f7bf3bb6080 RCX: 00007f7bf398e9a9
[  187.917150][ T7095] RDX: 00000000fffffecc RSI: 0000200000000000 RDI: 0000000000000008
[  187.917164][ T7095] RBP: 00007f7bf481c090 R08: 0000000000000000 R09: 0000000000000000
[  187.917176][ T7095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.917188][ T7095] R13: 0000000000000000 R14: 00007f7bf3bb6080 R15: 00007ffd4f268118
[  187.917222][ T7095]  </TASK>
[  188.255775][ T5914] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  188.442231][ T5914] usb 4-1: Using ep0 maxpacket: 8
[  188.476785][ T5914] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  188.559780][ T5914] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  188.736444][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.756507][ T5914] usb 4-1: config 0 descriptor??
[  188.769784][ T5914] iowarrior 4-1:0.0: no interrupt-in endpoint found
[  188.856302][ T5898] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  189.016271][ T5898] usb 1-1: Using ep0 maxpacket: 8
[  189.020255][ T7091] netlink: 'syz.3.299': attribute type 25 has an invalid length.
[  189.050586][ T5898] usb 1-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a
[  189.168303][ T7116] netlink: 60 bytes leftover after parsing attributes in process `syz.1.307'.
[  189.170203][ T5927] usb 4-1: USB disconnect, device number 9
[  189.185596][ T7115] netlink: 60 bytes leftover after parsing attributes in process `syz.1.307'.
[  189.206067][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.500835][ T5898] usb 1-1: config 0 descriptor??
[  189.539266][ T5898] pwc: Logitech QuickCam Notebook Pro USB webcam detected.
[  189.556498][ T5898] pwc: Warning: more than 1 configuration available.
[  189.957815][ T7119] netlink: 16 bytes leftover after parsing attributes in process `syz.1.308'.
[  189.968443][ T7119] 9pnet_fd: Insufficient options for proto=fd
[  190.131836][ T5898] pwc: Failed to set LED on/off time (-71)
[  190.142173][ T5898] pwc: send_video_command error -71
[  190.180967][ T5898] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  190.248021][ T5898] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  190.331075][ T5898] usb 1-1: USB disconnect, device number 9
[  190.685979][ T5927] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  191.238412][ T5927] usb 2-1: unable to get BOS descriptor or descriptor too short
[  191.299038][ T5927] usb 2-1: config 6 has an invalid interface number: 200 but max is 0
[  191.340000][ T7130] syz.2.312: attempt to access beyond end of device
[  191.340000][ T7130] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  191.436142][ T5927] usb 2-1: config 6 has an invalid descriptor of length 249, skipping remainder of the config
[  191.456294][ T5927] usb 2-1: config 6 has no interface number 0
[  191.462528][ T5927] usb 2-1: config 6 interface 200 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  191.477695][ T5927] usb 2-1: config 6 interface 200 has no altsetting 0
[  191.488361][ T5927] usb 2-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  191.500311][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.559073][ T5927] usb 2-1: Product: syz
[  191.577496][ T5927] usb 2-1: Manufacturer: syz
[  191.597652][ T5927] usb 2-1: SerialNumber: syz
[  191.617104][ T7133] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  192.154853][ T5927] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  192.163323][ T5927] dvb-usb: bulk message failed: -22 (3/0)
[  192.201665][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  192.239317][ T5927] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  192.286246][ T5927] usb 2-1: media controller created
[  192.350646][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  192.397659][ T5927] dvb-usb: bulk message failed: -22 (6/0)
[  192.442853][ T5927] dvb-usb: bulk message failed: -22 (6/0)
[  192.465525][ T5914] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  192.467803][ T5927] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  192.532386][ T5927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6
[  192.550864][ T5927] dvb-usb: schedule remote query interval to 150 msecs.
[  192.558584][ T5927] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  192.589478][ T5927] usb 2-1: USB disconnect, device number 9
[  192.615659][ T7142] sp0: Synchronizing with TNC
[  192.655550][ T5914] usb 4-1: Using ep0 maxpacket: 8
[  192.670092][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.728656][ T5914] usb 4-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00
[  192.770000][ T5927] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  192.789824][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.860148][ T5914] usb 4-1: config 0 descriptor??
[  193.042378][ T7147] netlink: 156 bytes leftover after parsing attributes in process `syz.0.319'.
[  193.053874][ T7147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.319'.
[  193.505304][ T5914] usbhid 4-1:0.0: can't add hid device: -71
[  193.536616][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  193.560995][ T5914] usb 4-1: USB disconnect, device number 10
[  193.577434][ T5907] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  193.591556][ T7161] syz.1.324: attempt to access beyond end of device
[  193.591556][ T7161] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  193.735669][ T5907] usb 3-1: Using ep0 maxpacket: 16
[  193.747440][ T5907] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.770198][ T5907] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.783177][ T5907] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  194.599383][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.791279][ T5907] usb 3-1: config 0 interface 0 has no altsetting 0
[  195.386858][ T5907] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  195.458332][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.725401][ T5907] usb 3-1: config 0 descriptor??
[  195.742647][ T5914] hid-generic 0000:0004:0034.0008: unknown main item tag 0x0
[  195.844724][ T5914] hid-generic 0000:0004:0034.0008: unknown main item tag 0x0
[  195.995711][ T5914] hid-generic 0000:0004:0034.0008: unknown main item tag 0x0
[  196.255828][ T5914] hid-generic 0000:0004:0034.0008: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  196.506091][   T30] kauditd_printk_skb: 1395 callbacks suppressed
[  196.506134][   T30] audit: type=1326 audit(1752989224.762:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  197.263513][   T30] audit: type=1326 audit(1752989224.822:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  197.961102][   T30] audit: type=1326 audit(1752989224.932:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  198.345747][ T5907] usbhid 3-1:0.0: can't add hid device: -71
[  198.483489][ T5907] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  198.556531][   T30] audit: type=1326 audit(1752989225.012:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  198.869212][ T5907] usb 3-1: USB disconnect, device number 4
[  198.976405][   T30] audit: type=1326 audit(1752989225.042:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.070805][   T30] audit: type=1326 audit(1752989225.232:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.107187][   T30] audit: type=1326 audit(1752989225.262:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.138686][   T30] audit: type=1326 audit(1752989225.262:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.169564][ T7187] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  199.238173][   T30] audit: type=1326 audit(1752989225.292:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.363264][ T7194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.332'.
[  199.374721][   T30] audit: type=1326 audit(1752989225.292:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.1.329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb796d8e9a9 code=0x7ffc0000
[  199.559377][ T7192] trusted_key: encrypted_key: master key parameter 'tru' is invalid
[  199.568997][ T7192] trusted_key: encrypted_key: master key parameter 'tru' is invalid
[  200.109993][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.342'.
[  200.122513][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.342'.
[  202.516211][ T5927] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  202.913193][ T7253] netlink: 'syz.1.351': attribute type 10 has an invalid length.
[  202.942996][ T7253] netlink: 40 bytes leftover after parsing attributes in process `syz.1.351'.
[  203.147447][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  203.893953][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  204.259496][ T7257] overlayfs: missing 'workdir'
[  204.312103][ T5927] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  204.375114][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.376540][ T7253] team0: Port device geneve0 added
[  204.457592][ T5927] usb 5-1: config 0 descriptor??
[  204.489141][ T5927] usb 5-1: can't set config #0, error -71
[  204.510936][ T5927] usb 5-1: USB disconnect, device number 7
[  206.307520][ T7268] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  206.503976][ T7284] syz.3.358: attempt to access beyond end of device
[  206.503976][ T7284] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  206.530010][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  206.530027][   T30] audit: type=1326 audit(1752989234.792:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.0.359" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x0
[  207.319433][ T7294] netlink: 48 bytes leftover after parsing attributes in process `syz.1.363'.
[  209.075222][ T7324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.371'.
[  209.673450][ T7318] XFS (nullb0): Invalid superblock magic number
[  210.116964][ T7349] FAULT_INJECTION: forcing a failure.
[  210.116964][ T7349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.186778][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.3.378 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  210.186807][ T7349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  210.186818][ T7349] Call Trace:
[  210.186826][ T7349]  <TASK>
[  210.186834][ T7349]  dump_stack_lvl+0x189/0x250
[  210.186862][ T7349]  ? __pfx____ratelimit+0x10/0x10
[  210.186883][ T7349]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.186905][ T7349]  ? __pfx__printk+0x10/0x10
[  210.186930][ T7349]  ? __might_fault+0xb0/0x130
[  210.186971][ T7349]  should_fail_ex+0x414/0x560
[  210.186998][ T7349]  _copy_from_user+0x2d/0xb0
[  210.187026][ T7349]  ___sys_recvmsg+0x12e/0x510
[  210.187063][ T7349]  ? __pfx____sys_recvmsg+0x10/0x10
[  210.187118][ T7349]  ? __fget_files+0x3a0/0x420
[  210.187152][ T7349]  do_recvmmsg+0x307/0x770
[  210.187178][ T7349]  ? __pfx_do_recvmmsg+0x10/0x10
[  210.187209][ T7349]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  210.187249][ T7349]  __x64_sys_recvmmsg+0x190/0x240
[  210.187271][ T7349]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  210.187288][ T7349]  ? rcu_is_watching+0x15/0xb0
[  210.187315][ T7349]  ? do_syscall_64+0xbe/0x3b0
[  210.187340][ T7349]  do_syscall_64+0xfa/0x3b0
[  210.187362][ T7349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.187380][ T7349]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  210.187400][ T7349]  ? clear_bhb_loop+0x60/0xb0
[  210.187424][ T7349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.187442][ T7349] RIP: 0033:0x7ff46f38e9a9
[  210.187460][ T7349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.187476][ T7349] RSP: 002b:00007ff47021d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  210.187496][ T7349] RAX: ffffffffffffffda RBX: 00007ff46f5b5fa0 RCX: 00007ff46f38e9a9
[  210.187511][ T7349] RDX: 040000000000049e RSI: 0000200000000300 RDI: 0000000000000003
[  210.187524][ T7349] RBP: 00007ff47021d090 R08: 0000000000000000 R09: 0000000000000000
[  210.187535][ T7349] R10: 00001000000000fe R11: 0000000000000246 R12: 0000000000000001
[  210.187547][ T7349] R13: 0000000000000000 R14: 00007ff46f5b5fa0 R15: 00007fff91489dc8
[  210.187577][ T7349]  </TASK>
[  211.276473][ T7362] netlink: 48 bytes leftover after parsing attributes in process `syz.3.382'.
[  211.689097][ T5845] Bluetooth: hci3: command 0x0406 tx timeout
[  211.689258][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  211.695199][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  212.375080][ T5927] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  212.642315][ T7378] mmap: syz.3.387 (7378) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  212.756268][ T5927] usb 5-1: Using ep0 maxpacket: 8
[  213.202883][ T5927] usb 5-1: config 1 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.336399][ T5927] usb 5-1: config 1 interface 0 altsetting 129 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  213.374659][ T5927] usb 5-1: config 1 interface 0 has no altsetting 0
[  213.406455][ T5927] usb 5-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.40
[  213.431150][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.454057][ T5927] usb 5-1: Product: ࠖ
[  213.471632][ T5927] usb 5-1: Manufacturer: 睼흯㫥䛮끁롗륩ﴋ㛷Ÿ㊁ম⻍腧䢼컂ᮎ鑔ｔ՟赀蚋氜叺䏡筁◴묡౜仨詫ꗓ筦襂﨡娅醲⳿䏛峘쒒㷼Ⱒ3哬盥시ヷ健䥀ꮸ⥳瞧凭ִ葊䶑⁷닻숿六㰾叁기⨦ຒ뼿슆㘭굹巚ⷀࢽⱇ园㸩鏭㘵눟羰㉖꧁䰜ঐ
[  213.564667][ T5927] usb 5-1: SerialNumber: М
[  214.055563][   T30] audit: type=1326 audit(1752989242.312:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  214.308984][   T30] audit: type=1326 audit(1752989242.322:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  214.332287][   T30] audit: type=1326 audit(1752989242.342:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  214.364208][   T30] audit: type=1326 audit(1752989242.342:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  214.398817][   T30] audit: type=1326 audit(1752989242.342:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  214.940590][   T30] audit: type=1326 audit(1752989242.342:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  215.005251][   T30] audit: type=1326 audit(1752989242.342:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  215.047625][   T30] audit: type=1326 audit(1752989242.342:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  215.083962][   T30] audit: type=1326 audit(1752989242.352:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  215.106396][   T30] audit: type=1326 audit(1752989242.352:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7390 comm="syz.0.393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  215.377139][ T7406] netlink: 48 bytes leftover after parsing attributes in process `syz.1.397'.
[  216.098252][ T5927] usbhid 5-1:1.0: can't add hid device: -71
[  216.104345][ T5927] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  216.128867][ T5927] usb 5-1: USB disconnect, device number 8
[  217.123641][ T5898] IPVS: starting estimator thread 0...
[  217.246698][ T7421] IPVS: using max 25 ests per chain, 60000 per kthread
[  220.857234][ T7452] hid-generic 0000:0004:0034.0009: unknown main item tag 0x0
[  221.008181][ T7452] hid-generic 0000:0004:0034.0009: unknown main item tag 0x0
[  221.119565][ T7452] hid-generic 0000:0004:0034.0009: unknown main item tag 0x0
[  221.749812][ T7452] hid-generic 0000:0004:0034.0009: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  222.117830][ T7460] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  222.407628][ T7462] fido_id[7462]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  222.417975][ T7464] netlink: 8 bytes leftover after parsing attributes in process `syz.3.412'.
[  222.688383][ T7470] random: crng reseeded on system resumption
[  223.878274][ T7485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.418'.
[  223.888071][ T7485] netlink: 20 bytes leftover after parsing attributes in process `syz.0.418'.
[  223.900243][ T7486] syz.4.416: attempt to access beyond end of device
[  223.900243][ T7486] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  224.935488][ T5905] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  225.161954][ T5905] usb 1-1: Using ep0 maxpacket: 8
[  225.422857][ T5905] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  225.441555][ T5914] hid-generic 0000:0004:0034.000A: unknown main item tag 0x0
[  225.546361][ T5914] hid-generic 0000:0004:0034.000A: unknown main item tag 0x0
[  225.571251][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.658133][ T5914] hid-generic 0000:0004:0034.000A: unknown main item tag 0x0
[  228.674685][ T5905] usb 1-1: Product: syz
[  229.180218][ T5905] usb 1-1: Manufacturer: syz
[  229.184863][ T5905] usb 1-1: SerialNumber: syz
[  229.238232][ T5914] hid-generic 0000:0004:0034.000A: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  229.301555][ T5905] usb 1-1: config 0 descriptor??
[  229.331611][ T7510] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  229.353872][ T7511] fido_id[7511]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  229.367552][ T5905] usb 1-1: can't set config #0, error -71
[  229.377890][ T5905] usb 1-1: USB disconnect, device number 10
[  230.699053][ T7517] kexec: Could not allocate control_code_buffer
[  230.791976][ T7530] i2c i2c-0: Invalid block write size 34
[  230.816844][ T7530] netlink: 'syz.2.433': attribute type 1 has an invalid length.
[  231.389639][ T7530] 8021q: adding VLAN 0 to HW filter on device bond1
[  232.242517][ T7537] tipc: Started in network mode
[  232.364006][ T7537] tipc: Node identity 223887c9775a, cluster identity 4711
[  232.415816][ T7537] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  232.454779][ T7532] tipc: Resetting bearer <eth:syzkaller0>
[  232.478733][ T7545] syz.0.436: attempt to access beyond end of device
[  232.478733][ T7545] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  232.681410][ T7532] tipc: Disabling bearer <eth:syzkaller0>
[  233.324543][ T7551] tap0: tun_chr_ioctl cmd 1074025677
[  233.332927][ T7551] tap0: linktype set to 270
[  233.516216][ T7452] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  233.708697][ T7452] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.729729][ T7452] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.760014][ T7452] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  233.789055][ T7452] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.894736][ T7452] usb 1-1: config 0 descriptor??
[  236.204995][ T7570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.213807][ T7570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.292452][ T7582] Driver unsupported XDP return value 0 on prog  (id 77) dev N/A, expect packet loss!
[  237.369165][ T7452] uclogic 0003:256C:006D.000B: failed retrieving string descriptor #200: -71
[  237.411129][ T7452] uclogic 0003:256C:006D.000B: failed retrieving pen parameters: -71
[  237.429518][ T7452] uclogic 0003:256C:006D.000B: failed probing pen v2 parameters: -71
[  237.767173][ T7603] random: crng reseeded on system resumption
[  239.592304][ T7452] uclogic 0003:256C:006D.000B: failed probing parameters: -71
[  240.259196][ T7452] uclogic 0003:256C:006D.000B: probe with driver uclogic failed with error -71
[  240.272385][ T7452] usb 1-1: USB disconnect, device number 11
[  240.923050][ T5905] hid-generic 0000:0004:0034.000C: unknown main item tag 0x0
[  242.757222][ T5905] hid-generic 0000:0004:0034.000C: unknown main item tag 0x0
[  242.808824][ T5905] hid-generic 0000:0004:0034.000C: unknown main item tag 0x0
[  242.999155][ T5905] hid-generic 0000:0004:0034.000C: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  243.662227][ T7624] fido_id[7624]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  243.973260][ T7635] netlink: 64 bytes leftover after parsing attributes in process `syz.0.465'.
[  245.252557][ T5914] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  245.771107][ T7645] delete_channel: no stack
[  245.786071][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  245.826682][ T5914] usb 1-1: unable to get BOS descriptor or descriptor too short
[  245.874816][ T5914] usb 1-1: config 127 has an invalid interface number: 1 but max is 0
[  245.946934][ T5914] usb 1-1: config 127 has no interface number 0
[  246.058014][ T5914] usb 1-1: config 127 interface 1 has no altsetting 0
[  246.067207][ T7650] random: crng reseeded on system resumption
[  246.822087][ T7452] IPVS: starting estimator thread 0...
[  246.827660][ T5914] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=c4.a4
[  246.827687][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.827706][ T5914] usb 1-1: Product: syz
[  246.827721][ T5914] usb 1-1: Manufacturer: syz
[  246.827735][ T5914] usb 1-1: SerialNumber: syz
[  247.122268][ T5914] usb 1-1: selecting invalid altsetting 2
[  247.166773][ T5914] i2c-cp2615 1-1:127.1: probe with driver i2c-cp2615 failed with error -22
[  247.177002][ T7657] IPVS: using max 30 ests per chain, 72000 per kthread
[  247.216642][ T5914] usb 1-1: USB disconnect, device number 12
[  247.608912][ T5848] Bluetooth: hci1: unexpected event 0x10 length: 6 > 1
[  247.610320][ T5839] Bluetooth: hci1: hardware error 0x00
[  247.727328][ T7677] FAULT_INJECTION: forcing a failure.
[  247.727328][ T7677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  248.144535][ T7677] CPU: 1 UID: 0 PID: 7677 Comm: syz.3.478 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  248.144558][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  248.144567][ T7677] Call Trace:
[  248.144573][ T7677]  <TASK>
[  248.144579][ T7677]  dump_stack_lvl+0x189/0x250
[  248.144600][ T7677]  ? __pfx____ratelimit+0x10/0x10
[  248.144623][ T7677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.144640][ T7677]  ? __pfx__printk+0x10/0x10
[  248.144668][ T7677]  should_fail_ex+0x414/0x560
[  248.144688][ T7677]  _copy_to_user+0x31/0xb0
[  248.144711][ T7677]  simple_read_from_buffer+0xe1/0x170
[  248.144731][ T7677]  proc_fail_nth_read+0x1df/0x250
[  248.144771][ T7677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  248.144793][ T7677]  ? rw_verify_area+0x258/0x650
[  248.144816][ T7677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  248.144836][ T7677]  vfs_read+0x1fd/0x980
[  248.144864][ T7677]  ? __pfx___mutex_lock+0x10/0x10
[  248.144882][ T7677]  ? __pfx_vfs_read+0x10/0x10
[  248.144907][ T7677]  ? __fget_files+0x2a/0x420
[  248.144928][ T7677]  ? __fget_files+0x3a0/0x420
[  248.144944][ T7677]  ? __fget_files+0x2a/0x420
[  248.144968][ T7677]  ksys_read+0x145/0x250
[  248.144984][ T7677]  ? __pfx_ksys_read+0x10/0x10
[  248.145002][ T7677]  ? do_syscall_64+0xbe/0x3b0
[  248.145022][ T7677]  do_syscall_64+0xfa/0x3b0
[  248.145038][ T7677]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.145053][ T7677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.145070][ T7677]  ? clear_bhb_loop+0x60/0xb0
[  248.145089][ T7677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.145104][ T7677] RIP: 0033:0x7ff46f38d3bc
[  248.145117][ T7677] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  248.145129][ T7677] RSP: 002b:00007ff4701fc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  248.145146][ T7677] RAX: ffffffffffffffda RBX: 00007ff46f5b6080 RCX: 00007ff46f38d3bc
[  248.145157][ T7677] RDX: 000000000000000f RSI: 00007ff4701fc0a0 RDI: 0000000000000003
[  248.145166][ T7677] RBP: 00007ff4701fc090 R08: 0000000000000000 R09: 0000000000000000
[  248.145176][ T7677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  248.145184][ T7677] R13: 0000000000000001 R14: 00007ff46f5b6080 R15: 00007fff91489dc8
[  248.145207][ T7677]  </TASK>
[  250.216580][ T5839] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  250.936483][ T7452] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  251.267942][ T7452] usb 1-1: device descriptor read/64, error -71
[  251.526242][ T7452] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  251.686588][ T7452] usb 1-1: device descriptor read/64, error -71
[  251.867586][ T7452] usb usb1-port1: attempt power cycle
[  252.581199][ T7452] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  252.713381][ T7752] random: crng reseeded on system resumption
[  253.271490][ T7452] usb 1-1: device not accepting address 15, error -71
[  255.690396][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  255.823676][ T7791] tap0: tun_chr_ioctl cmd 1074025677
[  255.856692][ T7791] tap0: linktype set to 270
[  257.528559][ T5905] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  257.753791][ T5905] usb 3-1: Using ep0 maxpacket: 16
[  257.973837][ T5905] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  257.983823][ T5905] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  258.341482][ T5905] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  258.398197][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  258.420522][ T5905] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  258.452419][ T5905] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  258.474090][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.485715][ T5905] usb 3-1: Product: syz
[  258.490604][ T5905] usb 3-1: Manufacturer: syz
[  258.507641][ T5905] usb 3-1: SerialNumber: syz
[  258.707765][ T7825] syz.3.523: attempt to access beyond end of device
[  258.707765][ T7825] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  258.755746][ T7452] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  258.826377][ T5905] usb 3-1: 0:2 : does not exist
[  258.859096][ T5905] usb 3-1: USB disconnect, device number 5
[  259.474865][ T7452] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.490612][ T7452] usb 2-1: config 0 interface 0 has no altsetting 0
[  259.499362][ T7452] usb 2-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  259.509950][ T7452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.523666][ T6422] udevd[6422]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  259.544439][ T7452] usb 2-1: config 0 descriptor??
[  260.898008][ T7452] nti 0003:0757:0A00.000D: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.1-1/input0
[  261.823084][    T9] usb 2-1: USB disconnect, device number 10
[  261.989235][ T7843] fido_id[7843]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  262.010384][ T7846] tap0: tun_chr_ioctl cmd 1074025677
[  262.036137][ T7846] tap0: linktype set to 270
[  263.287920][ T7857] netlink: 60 bytes leftover after parsing attributes in process `syz.1.537'.
[  263.366709][ T7860] netlink: 36 bytes leftover after parsing attributes in process `syz.3.539'.
[  263.769890][ T7873] netlink: 44 bytes leftover after parsing attributes in process `syz.2.544'.
[  264.357272][ T7877] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  265.876521][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.0.547'.
[  265.887281][ T5927] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  266.078824][ T5927] usb 3-1: Using ep0 maxpacket: 8
[  266.163145][ T5927] usb 3-1: config 254 has an invalid interface number: 240 but max is 0
[  266.278354][ T5927] usb 3-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  266.366293][ T7894] netlink: 60 bytes leftover after parsing attributes in process `syz.4.550'.
[  266.396292][ T5927] usb 3-1: config 254 has no interface number 0
[  266.415527][ T5927] usb 3-1: config 254 interface 240 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  266.516853][ T5927] usb 3-1: New USB device found, idVendor=17ef, idProduct=3069, bcdDevice=3e.9b
[  266.543871][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.886734][ T5927] usb 3-1: Product: syz
[  266.891262][ T5927] usb 3-1: Manufacturer: syz
[  266.897467][ T5927] usb 3-1: SerialNumber: syz
[  266.914843][ T5927] r8152-cfgselector 3-1: Unknown version 0x0000
[  267.064926][ T7915] netlink: 48 bytes leftover after parsing attributes in process `syz.1.557'.
[  267.132270][ T7452] r8152-cfgselector 3-1: USB disconnect, device number 6
[  267.156203][ T5898] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  267.996379][ T5898] usb 1-1: Using ep0 maxpacket: 32
[  268.005354][ T5898] usb 1-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7
[  268.016448][ T5898] usb 1-1: New USB device strings: Mfr=249, Product=255, SerialNumber=3
[  268.025006][ T5898] usb 1-1: Product: syz
[  268.038820][ T5898] usb 1-1: Manufacturer: syz
[  268.043559][ T5898] usb 1-1: SerialNumber: syz
[  268.091750][ T5898] usb 1-1: config 0 descriptor??
[  268.408296][ T5898] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II
[  269.023719][ T7926] netlink: 8 bytes leftover after parsing attributes in process `syz.4.559'.
[  269.510737][ T7932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.562'.
[  270.068136][ T5206] udevd[5206]: worker [5979] terminated by signal 33 (Unknown signal 33)
[  270.082056][ T5206] udevd[5206]: worker [5979] failed while handling '/devices/virtual/block/loop1'
[  270.148430][ T7936] netlink: 68 bytes leftover after parsing attributes in process `syz.3.564'.
[  270.254173][ T5898] usb 1-1: [UEAGLE-ATM] interface 1 not found
[  270.285573][ T5898] ueagle-atm 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  270.329319][ T5898] usb 1-1: USB disconnect, device number 17
[  273.180778][ T5948] hid-generic 0000:0004:0034.000E: unknown main item tag 0x0
[  273.437694][ T5948] hid-generic 0000:0004:0034.000E: unknown main item tag 0x0
[  273.520363][ T5948] hid-generic 0000:0004:0034.000E: unknown main item tag 0x0
[  273.817075][ T5948] hid-generic 0000:0004:0034.000E: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  274.653523][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.577'.
[  275.290103][ T7976] fido_id[7976]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  275.338366][ T7988] netlink: 68 bytes leftover after parsing attributes in process `syz.0.581'.
[  277.397289][ T5898] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  277.458342][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.591'.
[  278.146077][ T5898] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  278.155232][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.164538][ T5898] usb 4-1: Product: syz
[  278.169716][ T5898] usb 4-1: Manufacturer: syz
[  278.174380][ T5898] usb 4-1: SerialNumber: syz
[  278.221384][ T5898] usb 4-1: config 0 descriptor??
[  278.259042][ T5898] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  278.289040][ T5898] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  278.296286][ T8026] netlink: 68 bytes leftover after parsing attributes in process `syz.4.595'.
[  278.329381][ T5898] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  278.783818][ T5898] usb 4-1: USB disconnect, device number 11
[  279.514834][ T8041] netlink: 48 bytes leftover after parsing attributes in process `syz.2.598'.
[  279.607372][ T8047] netlink: 'syz.1.597': attribute type 1 has an invalid length.
[  279.615212][ T8047] netlink: 224 bytes leftover after parsing attributes in process `syz.1.597'.
[  280.411752][ T8052] /dev/nullb0: Can't open blockdev
[  281.991603][ T8065] bridge0: entered promiscuous mode
[  281.999539][ T8065] macvlan2: entered promiscuous mode
[  282.816478][ T8072] netlink: 8 bytes leftover after parsing attributes in process `syz.4.604'.
[  282.908014][ T8073] syz.1.605: attempt to access beyond end of device
[  282.908014][ T8073] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  282.925225][ T7452] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  283.156102][ T7452] usb 4-1: Using ep0 maxpacket: 8
[  283.165213][ T7452] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.193966][ T7452] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  283.355186][ T7452] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  283.365337][ T7452] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  283.373975][ T7452] usb 4-1: Product: syz
[  283.378465][ T7452] usb 4-1: Manufacturer: syz
[  283.383109][ T7452] usb 4-1: SerialNumber: syz
[  283.397239][ T7452] usb 4-1: config 0 descriptor??
[  284.290002][ T8086] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  284.323048][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  284.323062][   T30] audit: type=1326 audit(1752989312.557:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  284.411797][   T30] audit: type=1326 audit(1752989312.557:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  285.987959][ T5907] usb 4-1: USB disconnect, device number 12
[  286.006563][ T5914] hid-generic 0000:0004:0034.000F: unknown main item tag 0x0
[  286.019942][ T5914] hid-generic 0000:0004:0034.000F: unknown main item tag 0x0
[  286.027657][   T30] audit: type=1326 audit(1752989312.557:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  286.049433][ T5914] hid-generic 0000:0004:0034.000F: unknown main item tag 0x0
[  286.076081][ T5914] hid-generic 0000:0004:0034.000F: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  286.951695][   T30] audit: type=1326 audit(1752989312.557:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  287.026284][   T30] audit: type=1326 audit(1752989312.557:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  287.052213][   T30] audit: type=1326 audit(1752989312.657:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  287.086360][   T30] audit: type=1326 audit(1752989312.657:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8078 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8fd8e9a9 code=0x7ffc0000
[  287.350928][ T8095] fido_id[8095]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  294.247761][ T8135] sctp: failed to load transform for md5: -2
[  295.099632][ T8151] netlink: 48 bytes leftover after parsing attributes in process `syz.3.624'.
[  296.445619][ T7452] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  297.847017][ T7452] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  297.895913][ T7452] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.014438][ T7452] usb 3-1: Product: syz
[  299.035918][ T7452] usb 3-1: Manufacturer: syz
[  299.040581][ T7452] usb 3-1: SerialNumber: syz
[  299.148724][ T7452] usb 3-1: config 0 descriptor??
[  299.240968][ T7452] usb 3-1: can't set config #0, error -71
[  299.329025][ T7452] usb 3-1: USB disconnect, device number 7
[  299.802813][ T8210] netlink: 'syz.2.640': attribute type 1 has an invalid length.
[  299.811953][ T8210] netlink: 224 bytes leftover after parsing attributes in process `syz.2.640'.
[  301.385964][ T7452] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  302.133645][ T7452] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  302.163873][ T7452] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.191500][ T7452] usb 1-1: Product: syz
[  302.197205][ T7452] usb 1-1: Manufacturer: syz
[  302.202070][ T7452] usb 1-1: SerialNumber: syz
[  302.633348][ T7452] usb 1-1: config 0 descriptor??
[  302.670520][ T7452] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  302.700116][ T7452] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  302.725153][ T7452] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  303.019724][ T5907] usb 1-1: USB disconnect, device number 18
[  303.075666][ T8242] delete_channel: no stack
[  304.337420][    T9] hid-generic 0000:160034:0030.0010: hidraw0: <UNKNOWN> HID v100.2c Device [syz1] on syz0
[  306.559774][ T7452] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  306.595649][ T7452] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  306.625105][ T7452] hid-generic 0000:0004:0034.0011: unknown main item tag 0x0
[  306.657129][ T7452] hid-generic 0000:0004:0034.0011: hidraw1: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  308.953913][ T8293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.670'.
[  309.846161][ T5907] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  310.442663][ T5907] usb 1-1: config index 0 descriptor too short (expected 65069, got 45)
[  310.451377][ T5907] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  310.485499][ T5907] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  310.534844][ T5907] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.578751][ T5907] usb 1-1: config 0 has no interfaces?
[  310.589264][ T5907] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  310.635416][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.703635][ T5907] usb 1-1: config 0 descriptor??
[  311.057696][ T7452] usb 1-1: USB disconnect, device number 19
[  311.973936][ T8322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.681'.
[  315.480075][ T8353] netlink: 24 bytes leftover after parsing attributes in process `syz.3.690'.
[  315.690468][ T8389] tap0: tun_chr_ioctl cmd 1074025677
[  315.706473][ T8389] tap0: linktype set to 270
[  316.342787][ T8397] netlink: 'syz.3.705': attribute type 1 has an invalid length.
[  316.351425][ T8397] netlink: 224 bytes leftover after parsing attributes in process `syz.3.705'.
[  316.875618][ T8401] netlink: 28 bytes leftover after parsing attributes in process `syz.1.706'.
[  316.884731][ T8401] netlink: 28 bytes leftover after parsing attributes in process `syz.1.706'.
[  317.001122][ T8414] xt_l2tp: unknown flags: 17
[  317.375297][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  319.764907][ T8443] tap0: tun_chr_ioctl cmd 1074025677
[  320.226709][ T8443] tap0: linktype set to 270
[  322.839128][    T9] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  322.948355][    T9] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  323.036723][    T9] hid-generic 0000:0004:0034.0012: unknown main item tag 0x0
[  323.304993][    T9] hid-generic 0000:0004:0034.0012: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  329.540290][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  329.705515][    T9] usb 2-1: Using ep0 maxpacket: 16
[  329.719273][    T9] usb 2-1: config 0 has an invalid interface number: 145 but max is 0
[  329.742770][    T9] usb 2-1: config 0 has no interface number 0
[  329.964717][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  329.984311][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.992600][    T9] usb 2-1: Product: syz
[  330.000193][    T9] usb 2-1: Manufacturer: syz
[  330.004825][    T9] usb 2-1: SerialNumber: syz
[  330.018191][    T9] usb 2-1: config 0 descriptor??
[  330.027643][    T9] hub 2-1:0.145: bad descriptor, ignoring hub
[  330.033757][    T9] hub 2-1:0.145: probe with driver hub failed with error -5
[  330.078328][    T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.145/input/input7
[  330.434278][ T8539] netlink: 32 bytes leftover after parsing attributes in process `syz.1.742'.
[  330.587036][    T9] usb 2-1: USB disconnect, device number 11
[  330.935599][   T30] audit: type=1326 audit(1752989359.197:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.572812][   T30] audit: type=1326 audit(1752989359.197:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7bf398d310 code=0x7ffc0000
[  331.595206][   T30] audit: type=1326 audit(1752989359.197:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.616868][   T30] audit: type=1326 audit(1752989359.197:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.730514][   T30] audit: type=1326 audit(1752989359.197:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.757782][   T30] audit: type=1326 audit(1752989359.197:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7bf398d310 code=0x7ffc0000
[  331.780336][   T30] audit: type=1326 audit(1752989359.197:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.822625][   T30] audit: type=1326 audit(1752989359.227:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  331.878229][   T30] audit: type=1326 audit(1752989359.237:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  332.657916][ T8558] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  333.205790][   T30] audit: type=1326 audit(1752989359.237:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8543 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7bf398e9a9 code=0x7ffc0000
[  334.337361][ T8585] delete_channel: no stack
[  334.916387][   T24] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  335.065438][   T24] usb 3-1: device descriptor read/64, error -71
[  335.406623][   T24] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  335.586382][   T24] usb 3-1: device descriptor read/64, error -71
[  335.766625][   T24] usb usb3-port1: attempt power cycle
[  336.054685][ T8621] delete_channel: no stack
[  336.126311][   T24] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  336.156926][   T24] usb 3-1: device descriptor read/8, error -71
[  336.409068][   T24] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  337.183979][   T24] usb 3-1: device descriptor read/8, error -71
[  337.454744][   T24] usb usb3-port1: unable to enumerate USB device
[  338.082941][ T8649] netlink: 9280 bytes leftover after parsing attributes in process `syz.3.782'.
[  339.369742][ T8668] delete_channel: no stack
[  340.967888][ T5839]  non-paged memory
[  340.972353][ T5839] list_del corruption, ffff88802815ea80->next is LIST_POISON1 (dead000000000100)
[  341.432562][ T5839] ------------[ cut here ]------------
[  341.438445][ T5839] kernel BUG at lib/list_debug.c:58!
[  341.444801][ T5839] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  341.451081][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: kworker/u9:2 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  341.463248][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  341.473315][ T5839] Workqueue: hci4 hci_conn_timeout
[  341.478438][ T5839] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[  341.485477][ T5839] Code: 80 bd e1 8b 48 89 de e8 20 20 68 fc 90 0f 0b 4c 89 e7 e8 c5 03 40 fd 48 c7 c7 e0 bd e1 8b 48 89 de 4c 89 e2 e8 03 20 68 fc 90 <0f> 0b 4c 89 e7 e8 a8 03 40 fd 48 c7 c7 40 be e1 8b 48 89 de 4c 89
[  341.505453][ T5839] RSP: 0018:ffffc90003fff980 EFLAGS: 00010246
[  341.511615][ T5839] RAX: 000000000000004e RBX: ffff88802815ea80 RCX: 0b39167559041400
[  341.519584][ T5839] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  341.527552][ T5839] RBP: ffffffff8a758780 R08: 0000000000000003 R09: 0000000000000004
[  341.535524][ T5839] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: dead000000000100
[  341.543506][ T5839] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[  341.551485][ T5839] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  341.560414][ T5839] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  341.566993][ T5839] CR2: 00007fb794bd4f98 CR3: 000000007ee5c000 CR4: 00000000003526f0
[  341.574969][ T5839] Call Trace:
[  341.578247][ T5839]  <TASK>
[  341.581183][ T5839]  hci_cmd_sync_dequeue_once+0x24a/0x370
[  341.586827][ T5839]  hci_cancel_connect_sync+0xc8/0x120
[  341.592209][ T5839]  hci_abort_conn+0x191/0x330
[  341.596917][ T5839]  ? process_scheduled_works+0x9ef/0x17b0
[  341.602642][ T5839]  process_scheduled_works+0xade/0x17b0
[  341.608203][ T5839]  ? __pfx_process_scheduled_works+0x10/0x10
[  341.614185][ T5839]  worker_thread+0x8a0/0xda0
[  341.618784][ T5839]  kthread+0x711/0x8a0
[  341.622874][ T5839]  ? __pfx_worker_thread+0x10/0x10
[  341.627993][ T5839]  ? __pfx_kthread+0x10/0x10
[  341.632594][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[  341.637962][ T5839]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.643188][ T5839]  ? __pfx_kthread+0x10/0x10
[  341.647790][ T5839]  ret_from_fork+0x3fc/0x770
[  341.652410][ T5839]  ? __pfx_ret_from_fork+0x10/0x10
[  341.657531][ T5839]  ? __switch_to_asm+0x39/0x70
[  341.662317][ T5839]  ? __switch_to_asm+0x33/0x70
[  341.667094][ T5839]  ? __pfx_kthread+0x10/0x10
[  341.671775][ T5839]  ret_from_fork_asm+0x1a/0x30
[  341.676571][ T5839]  </TASK>
[  341.679686][ T5839] Modules linked in:
[  341.685502][ T5839] ---[ end trace 0000000000000000 ]---
[  341.696011][ T5839] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[  341.703111][ T5839] Code: 80 bd e1 8b 48 89 de e8 20 20 68 fc 90 0f 0b 4c 89 e7 e8 c5 03 40 fd 48 c7 c7 e0 bd e1 8b 48 89 de 4c 89 e2 e8 03 20 68 fc 90 <0f> 0b 4c 89 e7 e8 a8 03 40 fd 48 c7 c7 40 be e1 8b 48 89 de 4c 89
[  341.723254][ T5839] RSP: 0018:ffffc90003fff980 EFLAGS: 00010246
[  341.730672][ T5839] RAX: 000000000000004e RBX: ffff88802815ea80 RCX: 0b39167559041400
[  341.739198][ T5839] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  341.748596][ T5839] RBP: ffffffff8a758780 R08: 0000000000000003 R09: 0000000000000004
[  341.757012][ T5839] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: dead000000000100
[  341.765006][ T5839] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[  341.774393][ T5839] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  341.784299][ T5839] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  341.792716][ T5839] CR2: 00007fb794bd4f98 CR3: 000000000df38000 CR4: 00000000003526f0
[  341.801781][ T5839] Kernel panic - not syncing: Fatal exception
[  341.808581][ T5839] Kernel Offset: disabled
[  341.812910][ T5839] Rebooting in 86400 seconds..