last executing test programs:

6m41.146595373s ago: executing program 0 (id=55):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x8001}, 0xd0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fff7ffc}]})
clock_gettime(0x0, &(0x7f00000001c0))
r3 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_PCM_READ_RATE(r3, 0x80045002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000280)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x10000, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]})

6m40.864219913s ago: executing program 0 (id=58):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000fd0f000003"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x18)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
pipe(&(0x7f0000000100))
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xb)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000030401610000000000000000", @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)

6m39.968983796s ago: executing program 0 (id=63):
iopl(0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/pm_async', 0x80002, 0x4)
getrlimit(0x1, &(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f000001b640)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f00000025c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000000), 0xdcc2, 0x2)
r4 = openat$cgroup_ro(r3, &(0x7f0000000440)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0xfffffffffffffdaf)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
write$UHID_CREATE(r5, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120)
write$UHID_DESTROY(r5, &(0x7f0000000740)={0xa}, 0x4)
add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001f40)=[{&(0x7f0000002600)={0x124c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x123c, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @nested={0x1217, 0x2a, 0x0, 0x1, [@nested={0x135, 0x63, 0x0, 0x1, [@typed={0x8, 0x114, 0x0, 0x0, @uid}, @nested={0x4, 0x131}, @generic="bae09d94f4157c1809fc962f6a09db3219518ddf6478ff34229ea17a2c5d8afa3b0b0da78d6affb988cfdb8f721655347127c76d3af9dfe996169453ee08835bac79814cf711fed8bcbef80aaec6ebb6f233c9eedaa84ee2ed5e622831778eb0d4271158ab7867f439e59c97befdef156c4faf66fa", @typed={0x4, 0x81}, @generic="88a17bc3e9b44c9b3578e5c90049173957abfa3f0ede71c05ed0bdeb475974d9a6f6bbb065fe0bef51459adaa4257342c6be65df370ecf50555603715c491fddbe60af546a32d2c23430e96c0b005c20d7a545bfcb055b738982b9e37b110b093605c6a00338551c4533ad1aad71776bf51cb777364ed0b56e8bdd76ac9ad759b1ff027ad46205d0bbf5922177d4cc7f4bde5a36", @typed={0x14, 0x10a, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x4, 0xc4}]}, @generic="db43189ae2828fb55cd1081fdbb52f6121940a2ca17efbed84853337077b25c57632db6bb4843b7871b3ce18e9d78d47cc8085522c3f35bafd848c48c4c5b1d1bbf91f1b1f8b917d753f62dbb960099dc26fc5f4c5718464547da6", @typed={0x4, 0x9}, @generic="897f85a37693b87f86aa27cd1a364d201517d20fe020f61895b1545fd64c38553128798c4ff950327fb07d963313af2ab04efeefb73850dbcc15ab2db575c4da046174c4198350ebb42c081e1664c6f580551035b94ecbdadfe8a52d543dfaae1b7c87ca61cc7679fc708be93c4de6a5ac4bbc30b84eee4986a5bf4182da3a18f13bdd0d243b4b8bde35975458ff5f6a8063f18db403a00939030446b2905f4bf5771469bf9672bf7b4ced0194cb3bb4121b4291e27fe7821b90e19a024b4104115530800d0e8505121bddeab2023a88780874290a808d384cdc47688445d193a14144d24f548c4753feb86f1e4b71cff55d8ccaf220a13ef3d15b667c7fed650b9b418c27e7dcc93def01abea111359d2b2b0fc322768df90de56a0340e7032bcacd5d0fef68d46c7fcabcf44b7cf519d0d8c4e27dda14fce8cb3121fd48f7313649a9924301e1adc162de585607004e8e2d23523ea413b330da1e1c50d20765a7f600087fee9a67f045ce7f313a3dae5294bd71fb8d0e8d5459068a79dfc3b0fde1e7f65e9385a548701df192820fae3f6975197a7f52f06f041a18b5dc5006eb8b90ed2e7b1bbb6ab7b6f3bce47d7814347c9d84a74e96c152346b294cdb6887520124cd71208f9f05c61e5e1a577df51b5641392365fe4e8c84358a8f877c2f62f5dd2403088704024c3999332d9ee7c845c6d31d61bfcafcfc18efa01a13016f196f7949f9c2c78578f9d83fb132b82ce1df7dc6b1842afa3cfc4d4e8a0a09f32364f5e669d998e63e2e9f8d3210478a6f4eb1e811ec43c3b0daafd18d9ee5f7d5243ec4f26b423095a43c6e82106d9a0cb83bba31f40dfb15b0a7fd0fa836e8649c8db69c8e65bdbbb17122d358e2c8e41217d177f57d36332332c68d4025eb59ad170eb4f9853dcc37c57c7ac890dcdd6b7b6c4057000b5b754de02255b58bbb0d4e893a95b0e0f5806515346557fee725c9ec290a35bd8cfac357c6253080da9964fc4705af7ff60939939790245a5d9613a2099aeb832df3c20fa97b3bd5fda9f5e1e15957c3d2042b81378dab383e36173496a8c7486d653f9de275003e643f3e0f15268e9b1648dcaae14bc73a7d316de16bb2c0e125adadf870c695b02dc2c7de27e341f9955d1fe5c60a915c93db6dd96b37ae1f7e728ba8b7562484af5497865d51c7dab5a581ccd0d367b2a6f72e42b42f80f8985da312bf4bd4765c8b26084e10f418b9c6c1ed8a3ac346bb87031bbfaa73cfb0fca8745e9e263fc8d37aec4de7b02a3a8ea037e06e18eaddd7873c0b9dc4c65fc980bcada1024a6f206d5d0a01b9de53a17c5e2eb082e8dde9b1624c6b7fcf0d46526c8adc6b57f7571454442950043cce34f10628b9fe02d62673799b6ea60a7fd90d4495820c40bc299957521b0974b075c1add8e4a0ef681948e2405d71dc87e08b8813194c155cb122e001507e3c1a59bd1606b98cdbf8e67c95d688c3064f85a81368add85f4ab29e710ab896ff83b8056665e1ec0156e62dcc666fc63f2fdca751e57d9739b7de76507f49ea5907a5b937af1e7a4b72720936285ec3e3a545abdfd2327112204128057bb4f9e2709d54556768b645da41e78c790b3114f7055bf7943df6bbb17d7cf55890b1fe4089ea949628958e8abb9cc881ab70f4ea602dc6c665ee0f0cac79a74dde5a6a8c2802cd0b3b1ef2aada9f51080cdf9f0bae8bf655a8e7756b904df0a2193b807e7925c56da54f7a0f388c59b15f93376f94b2312c1413ab29e4db6d0ed92addcfec43c5e5625f67cc1879e0575d667ec290a81763649fbe3df143ee933142f2419d14f0e001f061ef38ea3d25beed790f722fd25697942640f53d7235567ecc4fd31d4837b30b7e72fcbc295c8dd69ab1835170a24bdf95f748c787242a41da5ab104350d2dabdd40ec752f27b7a75f98a5983e47ed82b97971872fc4c3650cb05036e7a70cbfb27011bcdad65cda9790691e2aeb2796790da869cace72a08e34eccb6688f0c1c2298ad8b493681f2489e94130c91ac7ea160118ee905c611686a730f12e891ce53d4f5099284666b81d9ee74e918197aa28a318b05510b69660e928c6c9ac646e88874ff86471da2828f2c7c3fb9d7e22e4eb766409db9a21d7a775205a16e1eb2265e07931c528e46e8c99f4d82fd17fc529128baa35a107eb20bf589a4c42796fa03dbf6e623e9944be27f15c38094776437d039d29ebbbadf078489c449a7a4cb47ed8d0eb60fe954d27a2ca4403b7a81c440e345602870083213a55432b47af402b17e49606c9cae639274e4932f88e73dc768fa5f3c1a945bb9ef7d4b98bafe6176da887c9a4826873af858f6c0a650e82b7837d5c5e5fa5df840cc728ed6f3b74d03a94a1c06adc4eb0d4103a89a0afeb57fe8dc126da3320f04f43664a6c1f47413d6440166c228713339f9b3d366554dc4e1228e75561f45eb757c761ec102f91bb8635bd9bbcd0ccf4b05815dbf57ca89916701ab203976dec812bf8de71b4081f7ac07491f56e4b964825fe879c0d2e479c3fb51c6149953ff7227c4a648a1a8879c4bca66717150181c1be19bd90dfd899e2bd127a738596abb21870029d2e6320515b406031a45cafefc45f28217da20bc920eae9030d1529abdfc0120cab6b9ac4d527b89a94aef5015938f33ece4927884866efd719394ebb223178b0f2356d2ef343d92802269bfafa70dd684cc427441977afb0ab6280fddef72137ef455a081de1a11671cfec5d203636c298fa8c7efc717f115bde7fed8b6625cf131fa5dd59cc727168ddd20cefbbe33f0c049260f066a31a2e2ff3521b5ef3303b3928b9c940639cdf864dd0d51a55eafe045c146a9a671359cdb6727190b4aa1010a84afa03f3346088b47b3209f75054648091571bc2e68cc4a33d534de8352564ae544d5403bfeb16c7914b1f6314ef3b3f002595df3dd0b165e04a3569a60541a2c21bbfea4e7f2314ce9703f6669709fd5238f2b5909bbb4e9b022a4f915342daf027bd74ddeb3cf69970f8d29da6d11ca2bff5d71134d0e16e60f976b2ad3087c0dcf68ed1235132862165be7c4e1c2118dcf3cc11b446c10647beefb639382515e956af528aef664895fb4b3f6c4557e1189112eb7bc4eb340c70614ea73ef15639e2ba965f9511787bff32ac4eb90367769f7801693d975dacc5c350e783de46f368da42afad8bfdb729e1bab3a88577096f2fe7a996af3b30108f361592a62c8f36e927e779f83023118c1ca89dd1cf253d24e383a3eefed75141388db8a4970d7992e62a2c6fe063b892b473479d95a9bf48526732ee398d5b4ef4c07560fcabe276ac2291198bcc4fb2024f2bc1bd741f57483b004f1dad18b7fe8611da61e42e610126e3d13d229e276dd8ef82900c98f70a0dd25f62d3e572fd2620a5c959271cfc12b6a2af881e8a468b372344d3576a1477df034b0633f2ecdf7e7d8c694d35607e642685656fd06d5834f155f0c269ac77a49b4608b7f7f69b071a2d08c12ba78a60c6347d0faf3f97dec739bd19b9d3cfae4033a9e4b024d1bbd806bb4fc77a37f53881ce8a2e10150ed7e7bea31985a530ab6af4d851c0f01da09368ba85a1b795f3df6166d32820a211a29dfe4834f6576773a648d09f2c4e6b2b8ba7ae9dc155a0cebaca905d4d2029a50da093c1061d7e7b3f66f8cdfdac0166d61d4c17d8a503c343e3364d092c89cb8712f5d079e9138b1c80f9c212e776bbc17743b7c0ef8b811794691c5306b3218db714fdc5ca11347b0ac35cd28733dfe40048e220d563aa82470a62285520db6f3854fdad78a6ece4e1c49f982e093f04bd95e9378c9daa4efc9a99e6dcc0a68f2eddc11bcd0f38bfa4f123b03325290365a044e96e3e1c3edb459ed7a7b9da22dfd260887bdf373de3b24c602f9f94204bfaed35023471996850fe40f2c4b4fa77617bc0f90b7030be3067483a14b14e5df594751b7931564007ce1647feb9347b96016692ca004fd2b57a5721f84b955894a7da17dfd372e8e52f482fb5e1caf3a917cb58a35d947e1b77d11b672d0de7e3337e921b35a51111bc7683231ac605f4f5be87e043d3d3195bdfbf490902703add4a622936aca89d926fe4a6abe8e66ad76bbfee62d268dcf6d507adb0ab109d3f2a25ba84fd1dcf46a4701ced8f3c62b0250f0ee0f5c13bdad79941dcbdd5d4778ec6f4732c96f413bb59eb7d5e5c05d0e976aa3ab306fb10abb13ea4d4e02ff4a4fd0a21d6e712da1332c331b20a7fbe2738d111f1b1d86bbf7d6102f14fdbe5172b1b5745c83a3d83837462eb9a6072bc384d3aa58c45306cce7f3df22fd7efeff78e60e0112b98ac49901583a80a7d39005171e95e36a2d53074f78a501310623cd7371fef025d591e5bb5654f3c64462a4b89c8231dc6db20366131827de11d03ea71d7c29e2076a90325c0177d98641a0d001e06e201ca27268bc55ba7bc8bb26741bab70b39fde151e7075aa53134a1e5cf8f7d37b9e0db10324397743c2d0c7e992d62b61a270eacab513ee1a35ca8a0e9ebe5ebcce2a5d6f2fadb543b6528d252c43c0e44f76164d8efa3a64e60924210f4266906fb2215acf4a203c6c074f7b1df1c134e275ee2bc5be9edf5cec621853c9a33e5515702b7420aec90839ad35358fc13f0c0e048d03b563d896dce07f0491a57c26b8cc27920818397ff59e28c3740262c0d3d64fe5ccff0f3acef203e15d134dbcbc162937b23fce3db772c905d3efd0e5a8f0aa7d75cc09b9c4164152ac23b628ce8b28bf1603c61668a9be4e219216ec9afd530e8a30e3eda28842b301829e66a8b6a4183c5abe2b3ed4b634025c50859c8e05af76b5d1e5f45c2a7247031625bf63cf73f9c027f49148558b864ac8fe996bceb35fcbf4f84d06a131748da97259e2baa934462504567de460afd92624005b0acf8ffc112c3457cb635dd97edf4307a67592a80f0b089d8eeb991b8d8fba1ce0e836f796f76aed7da2aac12f845c51f8ddcf929081b794b1e92fbe0d8557e3481f3a4bb01af927bd91494c6fb9a12ccf6a61fddcc40623134974d2e132c470a10c526526d1e999495932260c1ed4bd239ee8cc4a5e0b700f72528bb580e9f03249dfad2242cac891e4225aabc7bbb920be7b341d7b6a7a8b9dd550fbef5f15bae1661d2e8a9a3b5417127598e2d48ddd760c092fe266889643c5ba0c62ffaa0edf99e32e4f3155f34b186c8aa38dec06abb0a8bcf4b368cd29626dd8a80b7aba2367bf05899949e4d8bc63b77b02007fe6db3ddcc436f5231d5a579513028b3ebc200dcd66a5277ec4ced0f6c89669175f8a0ac4cc52a97276d311795df562771c1fe5bc5929659586bf15b99a41be40196079b967bf548054cd0b649f6f27060bcbeac85a0cc6337048eb8d38e3c612f6d47e0203a81f5401522d9be5cfefbbcaa4c6e3e6e9283355af044294531e3feb2d8fd12e2165b63b1a6708820cff83e23cc72936c123c4d91691e0caf0156552f7a9b65bf0fffd20a66267bacc49bcd52253cbfa5ce97e1d435176b3bc87a7c2f99f9d2428c3fec91974366cb82473aa751b44fdd56a6af4561277c97828e1c11f6820e5c1fa5ac73be8513394376a7c77ba61800bf4ba794c1995a733333ad0262dd66d335897066ad24f5278550f0917be2b7e4d78a8259ff9be3ec9a7a47b16df390b3b5b5c81211e5692569b188e155befb9287c1bba7ae93738c1c4d671dc47da4da27ff01cd1871453050f71a0e55571076d6085f4e2767ebd8229d03b52f1ee1ed8", @nested={0x65, 0x98, 0x0, 0x1, [@nested={0x4, 0x1d}, @generic="73b3d1eb837714cc713d94fcb0330776e2c4873c1b9f0761fc4aec65d404dd5275cc49e1ca730cf397241737ad39349f9ea7c4af82ae91466d151b09e69cb31ed3fe17d21d7033f2f024843a23", @typed={0x5, 0x12d, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x13f, 0x0, 0x0, @pid=r0}]}, @typed={0x14, 0x76, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}]}, 0x124c}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x10012, r4, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x10001, 0x7fff, 0x7e, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

6m38.998361823s ago: executing program 0 (id=65):
r0 = memfd_secret(0x80000)
syz_io_uring_setup(0x70f9, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0x80007, 0x2de, 0x0, r0}, 0x0, 0x0)
r1 = io_uring_setup(0x47a, &(0x7f0000000ac0)={0x0, 0x393f, 0x1000, 0x1, 0x8181})
r2 = socket(0x28, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r2, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f00000004c0)={0x4, @pix={0x9, 0x3, 0x35315241, 0x3, 0x3, 0x81, 0x3, 0x6, 0x1, 0x3, 0x0, 0x1}})
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
setsockopt$sock_int(r2, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = dup(r5)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x40603d10, &(0x7f0000000040)={0x0, 0xf})
write(r5, &(0x7f0000000000)="a0", 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={<r8=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000340)={0x9, 0x108, 0xfa00, {r8, 0xf, "e67745", "70858bc684e65401734f3b7a03faa9f6d3ece0fe90c85a0d44c3ca38c715bfb6b428dedacb674cb2dfd9a78c6e20132aac9caa3aa7dee98c32829d41cb6c1af5f369ce0e4f1e1b1c83c046d8f4d81e5d06e1350a9e55e5ed32dc6a9db9705945c8d0fe43c365aa01fffcd87834cf941a57bcf83027c8f82107a7351717b0f77c05458e21ab07382c2143e9d12deefa65e50fd69dd0b350386b41f3a0fd81a9325aaf5d36469cd7e0c3be518e3e5f9589b092f29c58dfb1940daa9e9abe5920e0d8a35e8748e2316a108ed719bc7580d16d6558c4a452c5bdeb0d04db8a8e1706b51ecb990bb9fe2b4f07c2ab87a788d2799be81f346fb4d159b931de8eeabb5a"}}, 0x110)
read$FUSE(r7, &(0x7f0000006380)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000100)={0x50, 0x0, r9, {0x7, 0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)

6m38.288793849s ago: executing program 0 (id=69):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e24, 0x84ff, @empty}}, 0x4, 0x0, 0x3, 0x0, 0xa2}, 0x9c)
r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180), 0x10000, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x3, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, <r6=>0x0}, &(0x7f0000000280)=0x5)
setuid(r6)
ioctl$KDGETMODE(r4, 0x4bfb, 0x0)
timer_create(0x7, &(0x7f00000002c0)={0x0, 0x28, 0x2}, &(0x7f0000000300)=<r7=>0x0)
clock_gettime(0x0, &(0x7f0000000340))
timer_settime(r7, 0x0, &(0x7f0000000380)={{0x0, 0x3938700}}, &(0x7f00000003c0))
sendto$inet6(r1, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000400)=0x3)
r9 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r9, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133a, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x2}], 0xc})
setsockopt$inet_sctp_SCTP_INITMSG(r8, 0x84, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r3, 0xc00464be, &(0x7f0000000440))
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)

6m38.027220926s ago: executing program 0 (id=73):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x20}]}, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = io_uring_setup(0x758a, &(0x7f0000000140))
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000280)={<r3=>0x0, @in6={{0xa, 0x4620, 0x7fff, @remote, 0x2}}, 0x4}, &(0x7f0000000200)=0x90)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000180)={0x0}}, 0xf00)
ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000000))
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000340)={r3, 0x0, 0x64e}, &(0x7f0000000380)=0x8)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1, 0x6, 0x1, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000204000/0x2000)=nil})
r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x22402, 0x0)
ioctl$IMADDTIMER(r7, 0x80044940, &(0x7f0000000080)=0x14)
recvmmsg(r1, &(0x7f00000012c0)=[{{0x0, 0x0, 0x0}, 0x80000005}], 0x1, 0x12100, 0x0)
r8 = getpgrp(0xffffffffffffffff)
r9 = syz_open_procfs(r8, &(0x7f00000003c0)='net/arp\x00')
r10 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r10, r9, 0x0, 0x80000000)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000001c0)=0x6)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x280000, 0x0)

6m36.935258241s ago: executing program 32 (id=73):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x20}]}, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = io_uring_setup(0x758a, &(0x7f0000000140))
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000280)={<r3=>0x0, @in6={{0xa, 0x4620, 0x7fff, @remote, 0x2}}, 0x4}, &(0x7f0000000200)=0x90)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000180)={0x0}}, 0xf00)
ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000000))
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000340)={r3, 0x0, 0x64e}, &(0x7f0000000380)=0x8)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1, 0x6, 0x1, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000204000/0x2000)=nil})
r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x22402, 0x0)
ioctl$IMADDTIMER(r7, 0x80044940, &(0x7f0000000080)=0x14)
recvmmsg(r1, &(0x7f00000012c0)=[{{0x0, 0x0, 0x0}, 0x80000005}], 0x1, 0x12100, 0x0)
r8 = getpgrp(0xffffffffffffffff)
r9 = syz_open_procfs(r8, &(0x7f00000003c0)='net/arp\x00')
r10 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r10, r9, 0x0, 0x80000000)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000001c0)=0x6)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x280000, 0x0)

2m22.53765154s ago: executing program 1 (id=1032):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, &(0x7f00000003c0)='@', 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000000)=0x4, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x7b, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
memfd_create(0x0, 0xa)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000780)='task\x00')
lseek(r6, 0x8, 0x4)
socket$kcm(0x10, 0x2, 0x10)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={0x44, r8, 0x1, 0x70bd26, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x8000001}]}, 0x44}}, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r2, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f0000000180)=0x9c)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="0404"], 0xd)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x6, 0x4c831, 0xffffffffffffffff, 0xfcf36000)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x1000)

2m21.161380883s ago: executing program 1 (id=1036):
socket$tipc(0x1e, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_usb_connect(0x2, 0xa3, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000158ab520ac054502a0a0010203010902b0d501000010000904050302032902"], 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x2, 0x0, 0x1, 0x0, 0x6, @random="6699e39af812"}, 0x14)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f000043f000/0x18000)=nil, &(0x7f0000000500)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd25479024a676b21b3adc5e463c9effbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953584db11b7f89ec68098eafa48cebd6882a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56f335e2373b2cde5600db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2m18.805994856s ago: executing program 1 (id=1049):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe2$9p(&(0x7f0000000080), 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$key(0xf, 0x3, 0x2)
mount$9p_unix(&(0x7f0000002600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000003600)='.\x00', &(0x7f0000000040), 0x2000000, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e733d756e69782c004ae79865592dc9078a2d3ebcc90f48f3aa5e3582872c01ee3c46be222db798e639f1dc9e6d99d9ff23c23f4cb3ba086d6060cc62fcd49875908c30a2014cbeadfe1beba8a0690618fa3c1c5aecd73a4e7bc1c712d92e5e3216892cdb7a"])
close(r0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x8010, 0xffffffffffffffff, 0x0)

2m18.718498725s ago: executing program 4 (id=1052):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000140))

2m17.146195347s ago: executing program 4 (id=1053):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="2400000076001f03000000000000000008000000ffffffff0c000d80080003"], 0x24}], 0x1}, 0x0)

2m17.094348093s ago: executing program 1 (id=1054):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0xfffffffffe5e0000}, 0x4, 0xfffffffc}, 0x20)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='sysfs\x00', 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f00000001c0))
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = open_tree(r1, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r4)
close(r4)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'vlan1\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000040)="c8", 0x1, 0x800, &(0x7f00000000c0)={0x11, 0x88a8, r7, 0x1, 0x7, 0x6, @multicast}, 0x14)
stat(&(0x7f0000000040)='./file0/../file0/file0\x00', &(0x7f0000000300))

2m16.990044181s ago: executing program 4 (id=1056):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x7, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x1c, 0x3, "91abc12404cf378042f26c43f91f68d8a90767c0bc71f608"}]}], {0x14}}, 0x84}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1400000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x81}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x2}]}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x7]}]}, 0x54}, 0x1, 0x0, 0x0, 0x91}, 0x1)
r1 = gettid()
r2 = getpid()
rt_tgsigqueueinfo(r1, r2, 0x30, &(0x7f0000000000)={0x3f, 0x2f79})

2m16.726628061s ago: executing program 4 (id=1057):
r0 = socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x400000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()
r2 = syz_open_dev$sndctrl(0x0, 0x5, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x19, 0x0, &(0x7f0000000400), &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r4)
sendmsg$NFC_CMD_GET_SE(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r5, 0xf15}, 0x14}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, 0x0)
r6 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x9c, 0x24, 0xf0b, 0x1000, 0x0, {0x0, 0x0, 0x12, r7, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x9, 0x9}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x2}, @TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xfffffffc}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x1}}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x16, 0x5, 0x1, 0x80000003, 0x0, 0xffffffff, 0x7fffffff}}, {0x4}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r9 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x0)
r10 = fcntl$dupfd(r9, 0x406, r9)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x7, 0x4, 0x0, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SCSI_IOCTL_GET_PCI(r10, 0x2284, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'dvmrp0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)

2m16.413241621s ago: executing program 1 (id=1059):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r1, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="1400000000000000100100000d00000001000000000000201400000000000000100100000200000000000019"], 0x30}, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x3, 0x5, 0x8, 0x0, 0x0, 0xfffffffffffffff9, 0xf96, 0x0, 0x1})
socket$isdn(0x22, 0x2, 0x25)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000440)={0xb6, 0x5, 0x200})

2m15.448197317s ago: executing program 1 (id=1061):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x2, 0x90, [0x400000000640, 0x0, 0x0, 0x400000000670, 0x4000000006a0], 0x0, 0x0, &(0x7f0000000640)=[{0x20, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff0309"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

2m15.447381474s ago: executing program 4 (id=1062):
unshare(0x24020400)
unshare(0x20000100)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f0000000600)=@getqdisc={0x2c, 0x26, 0x2, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x8, 0xf}, {0xfff1, 0xd}, {0xb, 0xb}}, [{0x4}, {0x4}]}, 0x2c}}, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x180d, 0x0, 0xae4d, 0x0, 0x0, 0x3], [0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x400, 0x0, 0xed0, 0x4000000], [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0e, 0x0, 0x0, 0x0, 0x3, 0x0, 0xd, 0x0, 0x0, 0xf, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffe]}, 0x45c)
unshare(0x14020e00)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000006b0b2d000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
mkdir(&(0x7f00000009c0)='./file0\x00', 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x20)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0xdd3fd72aaa39184d)
r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x240000, 0x102)
utimensat(r2, 0x0, 0x0, 0x0)

2m15.08692173s ago: executing program 33 (id=1061):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x2, 0x90, [0x400000000640, 0x0, 0x0, 0x400000000670, 0x4000000006a0], 0x0, 0x0, &(0x7f0000000640)=[{0x20, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff0309"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

2m15.076018985s ago: executing program 4 (id=1067):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ptrace$setopts(0x4206, r1, 0xb7, 0x2)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_GET_TSC(0x43, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fstat(0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e21, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x3)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETA(r5, 0x5406, &(0x7f0000000200)={0xff02, 0x0, 0x0, 0x8007, 0x0, "5f730000a9003f00"})
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000006c0)=0x16)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r6}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m59.555090886s ago: executing program 34 (id=1067):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ptrace$setopts(0x4206, r1, 0xb7, 0x2)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_GET_TSC(0x43, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fstat(0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e21, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x3)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETA(r5, 0x5406, &(0x7f0000000200)={0xff02, 0x0, 0x0, 0x8007, 0x0, "5f730000a9003f00"})
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000006c0)=0x16)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r6}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

9.860687129s ago: executing program 2 (id=1509):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x0)
read(r0, 0x0, 0xeffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
capset(&(0x7f0000000100)={0x19980330}, &(0x7f0000000140))
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, 0x0, 0x108)
r3 = socket(0x1d, 0x2, 0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
capget(&(0x7f0000000180)={0x20071026, r4}, &(0x7f0000000200)={0x3, 0x5, 0x8, 0x5000000, 0xffffffff, 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1220}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r6, 0x8000000000000003}, 0x18)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000002", @ANYRES16=r7, @ANYBLOB="010000000000001000000f00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc0400d0}, 0x0)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000351930404516080036cf000000010902120001000000000904"], 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x28200, 0x61)
lseek(r9, 0x100, 0x0)
getdents(r9, &(0x7f0000000280)=""/92, 0x5c)
syz_usb_control_io$printer(r8, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="000427bd7000fd0900250b0000000800390006000000080032000700000008003b000700000005122d00010000002fac6e3636dc27c3050035000700000008003400020000000800340009005fc6416adef2c77f420800"/96], 0x5c}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)

6.794221368s ago: executing program 2 (id=1522):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x400000004cd03, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000240)={0x20, 0xfffffffffffffff8})
close(0xffffffffffffffff)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000640), r2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_LLC_SDREQ(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={0x0, 0x20}}, 0x0)

6.021301697s ago: executing program 2 (id=1528):
syz_usb_connect(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c830102030109022900010000000009042900000202010005240200000524"], 0x0)
socket(0x1d, 0x2, 0x6)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket(0x840000000002, 0x3, 0x100)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r0, &(0x7f0000000280)="02042700ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57", 0x46, 0x800, 0x0, 0x0)
socketpair(0x23, 0x5, 0x0, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@typedef={0x4, 0x0, 0x0, 0x7}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10, 0x0, 0x0, 0x4}, @union={0x0, 0xa, 0x0, 0x5, 0x1, 0x200002, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0, 0xda]}}, &(0x7f0000000340)=""/142, 0x52, 0x2df8cb643540299b, 0x1, 0x0, 0x0, @void, @value}, 0x20)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x2, 0x18, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x4, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@loopback, @in=@remote}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x14}}, @in={0x2, 0x0, @multicast2}}]}, 0xa8}}, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r5, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4)

5.951944592s ago: executing program 5 (id=1530):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000140)={0x0, 0x601, &(0x7f0000000340)={&(0x7f0000000400)={0x38, r2, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback={0xff00000000000000}}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x38}}, 0x0)

5.771785053s ago: executing program 7 (id=1532):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYRES16, @ANYBLOB="010028057000fcdbdf253b0000000800", @ANYBLOB="04008e00080057001b0a00000400"], 0x398}, 0x1, 0x0, 0x0, 0x4094}, 0x0)
getpid()
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0327408ca0768a8d4c4000000010902120001000000000904"], 0x0)

5.583737876s ago: executing program 5 (id=1534):
r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "7648944c9afecd94671b219d0f82437505bc1ef346f7c4401e4888bbc83f56b7b1bf62f694aed8956f63ddfab5644f306f5e1845e840be028bbd2cff3e170694", 0x1b}, 0x48, 0xfffffffffffffffb)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0x980929, 0x3})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x1)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000000))
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x34, r9, 0x7, 0x2, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2710}]}, 0x34}}, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x18, r9, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8103e61bc238c4f7}, 0x40000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x0, &(0x7f0000000040), 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c70000000000000800000200dbfb14000180060001000200001b08000300ac1414aa"], 0x28}, 0x1, 0x0, 0x0, 0x8094}, 0x0)
keyctl$unlink(0x9, r0, r1)

5.265164693s ago: executing program 6 (id=1535):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
mkdir(0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x803, 0x1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1390200}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x28, 0x7, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, 0x28}}, 0x400c04c)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x14, r3, 0xff7bc437091e83af, 0x0, 0x0, {0x33}}, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000200))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r5, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x14, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0xfffffffffffffd21, 0x3f}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}]}}]}, 0xb8}, 0x1, 0x7a00}, 0x0)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r7, &(0x7f0000000000)={0x24, @long}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001080)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.274840922s ago: executing program 5 (id=1536):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
mkdir(0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x803, 0x1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r2, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1390200}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x28, 0x7, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, 0x28}}, 0x400c04c)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x14, r3, 0xff7bc437091e83af, 0x0, 0x0, {0x33}}, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000200))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r5, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x14, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0xfffffffffffffd21, 0x3f}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}]}}]}, 0xb8}, 0x1, 0x7a00}, 0x0)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r7, &(0x7f0000000000)={0x24, @long}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001080)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.191706281s ago: executing program 6 (id=1537):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x2000, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x70030000}}}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.528270986s ago: executing program 3 (id=1539):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, 0x0, 0x0, 0xcd4e8ec47367e7d3, &(0x7f0000000000)={0xa, 0x4e21, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c)
sched_setaffinity(0x0, 0x0, 0x0)
getpgrp(0xffffffffffffffff)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x26141, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0)
gettid()
syz_open_dev$MSR(0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r2}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={0x0, r1, 0x0, 0x4, &(0x7f00000005c0)='&X$\x00'}, 0x30)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r3)

3.520566453s ago: executing program 6 (id=1540):
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000001fc0)={0x45, 0x6, 0x0, {0x0, 0x0, 0x1c, 0x0, '/sys/kernel/debug/sync/info\x00'}}, 0x45)

3.519990058s ago: executing program 2 (id=1541):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0}) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000004c0)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e22, 0x1ff, @empty, 0xffffffff}], 0x2c) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r5, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0x3, 0x38, '\x00', 0x1, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x1e0, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x1b0, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0xfd}}, @TCA_CHOKE_STAB={0x104, 0x2, "547d9ed0effe82c024750032ea49f09c72384049bcc87e42ca7e2c78d6a85178e447e32b5f4e4fabff6fb16a40901dc4221e42eb745b6332c476d0c3aefed8dc95af179570cf8cc43bc29eb93c6e78f5e1153d3d7c1542f77dc4b29877e2002685e850f2969cf2164fbf8db7e1713786899d2a8ab03ca5accb2e9b50e1fb7a4e3681b35f0f68461daa4f4e1583b9a02195dee35ae7c8bca085399157d5f30c2ec691c39267b2655c782b363a11645a0c78a39fab8c0ce69f11f2db45ee16e2975a80664f687d01bd7444244a25bdb9ec5b0fa8b1afc0254ddbca2e22ca1b189502b74d7ec4665c23804df713183d428f50a0d64e31e110c707eb3fe69f437992"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x12}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x6, 0x3, 0xe, 0x1e, 0x12, 0x11, 0x6}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x8000, 0x4002, 0x7, 0x4, 0x12, 0x17, 0x7}}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_PARMS={0x76, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x4, 0x7f, 0x9, 0xc, 0x4, 0x6, 0x4}}]}}]}, 0x1e0}}, 0x0)

3.446553285s ago: executing program 7 (id=1542):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = dup(r1)
readv(r2, &(0x7f0000000780)=[{&(0x7f0000000740)=""/60, 0x3c}], 0x1)
read$hidraw(r2, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x8})

3.274038536s ago: executing program 5 (id=1543):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x50, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0xa}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x50}}, 0x0)
getrandom(&(0x7f0000003840)=""/4101, 0x1005, 0x0)
sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000000)=',', 0x1}], 0x1}, 0x8940)
socket$packet(0x11, 0x3, 0x300)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000100)="5fc908ce8cb5049e077f3ba953190a8ce22e51a45861006641e661523ed30e13487a64d3e98231a20c5e08ebe24801b531c63d06db0e6cca2bdb10dd7d02d74ab9dd95bd33747598fc1e063ff967b7c16abd2076323dca7cd2cc5ab8225b6d31c8029cfe91c8f8c054ff41", 0x6b}, {&(0x7f0000000980)="941dd634f75d70afed00837e63d7a620c1b5fd6f48660a86826b474ffb6274f02f52586f30140dafd6a0baffee63a7bafec8837268f35cf21be882e4ac6c522534080f35b3033aeb3f84e473f0b8c5a0d132378d8d7ff5299fd7616415c9c97f6331af9d07a746bb657558522dcee4c292efe922ce9584ec0ca31b7f5362419bd2084f5f9d2ef32bb866383dcb862e17ae85989ce20040b023f6d6b6cae15622b6b9ab922f95edd7f1fe11b20efdecc038027fe452320671c98e51817e1ab6e62610629bb0fa0b8513df543828b7dc90c220c6e7b17c4c7176508749", 0x50c}, {&(0x7f0000000480)="11", 0x10}], 0x3)

3.227193789s ago: executing program 7 (id=1544):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000140)={0x0, 0x601, &(0x7f0000000340)={&(0x7f0000000400)={0x38, r2, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback={0xff00000000000000}}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x38}}, 0x0)

2.75510836s ago: executing program 3 (id=1545):
mknodat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x8000, 0x9)
unshare(0x400)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x6e)
r0 = socket(0x10, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x20040054)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x58}, 0x10000)
r1 = gettid()
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0x0)
accept4$x25(r2, 0x0, 0x0, 0x80800)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)

2.57837551s ago: executing program 5 (id=1546):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getnexthop={0x20, 0x6a, 0x501, 0xfffffdfe, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20008000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
semctl$GETPID(0x0, 0x7, 0xb, &(0x7f0000000300)=""/15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x12, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv4={{0x0, 0x1, @private=0xa010101}, {0x0, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_MARK={0x0, 0x8, 0x1, 0x0, 0xe}, @CTA_SEQ_ADJ_ORIG={0x4}]}, 0xb4}}, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000400)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000})
r8 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$smackfs_ipv6host(r8, &(0x7f0000000380)=@l2={{0xba, 0x3a, 0x5, 0x3a, 0x5a8e, 0x3a, 0x4, 0x3a, 0x4, 0x3a, 0xa8, 0x3a, 0x329a, 0x3a, 0x3800000000000}, 0x2f, 0x8000000000007f, 0x20, '+\\'}, 0xb0)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)

2.480256113s ago: executing program 7 (id=1547):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x8340})
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r0 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x1000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

2.422933615s ago: executing program 6 (id=1548):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f00000002c0)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000040)={0x0, 0x1001, 0x0, 0x0, 0x0, "70ed35b6b21c6a92"})
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x51, 0x0, 0x5, {0x80, 0x1}, {0x4f, 0x2}, @period={0x59, 0x4, 0xfffd, 0x6, 0x0, {0x20, 0x1, 0x0, 0x800f}, 0x0, 0x0}})
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x12d8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x40, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x40}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x84}, 0x40080)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @random="ada68a2f96c6"})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x90}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0xfe51}, 0x1, 0x0, 0x0, 0x24048000}, 0x0)
sendmsg$802154_dgram(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short}, 0x14, &(0x7f0000000080)={0x0}}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

2.407763041s ago: executing program 3 (id=1549):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x400000004cd03, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000240)={0x20, 0xfffffffffffffff8})
close(0xffffffffffffffff)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000640), r2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_LLC_SDREQ(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={0x0, 0x20}}, 0x0)

2.358575786s ago: executing program 2 (id=1550):
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r5, @ANYBLOB="1400020000000000000000000000ffff00000000"], 0x34}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}, 0x1, 0x0, 0x15}, 0x0)

1.546589907s ago: executing program 5 (id=1551):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffe, 0x0)
socket$key(0xf, 0x3, 0x2)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x6, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_pressure(r8, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r9}], 0x1, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x0, 0x0, 0x12}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x8012, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x12, 0x6558, 0x41424344, 0x41424344, 0x0, 0x0, 0x4}}}}, 0xfdef)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002f0c81087f180002ad6b0102030109022400010000000009040000023c7f98000905030000000000000905c7"], 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000006c0012800b00010062615c000280210001004241544d414e5f49560000000c0001004241544d414e5f560d0001004241544d414f5f49560000000d5f49560000000d0001004241544d414e5f49560000000c0001004241544d414e5f56000000000000000000"], 0x8c}}, 0x0)
r10 = io_uring_setup(0x60d4, &(0x7f0000000140)={0x0, 0xbd6a, 0x140, 0x3, 0xfb})
io_uring_enter(r10, 0x22e9, 0x849a, 0x18, &(0x7f00000001c0)={[0x8da]}, 0x8)
creat(&(0x7f00000002c0)='./bus\x00', 0x0)

1.049886123s ago: executing program 3 (id=1552):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000034000000090a010400000000000000000a00000008000a40000000000900020073c82031000000000900010073797a3000000000"], 0x7c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010012, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

962.255764ms ago: executing program 2 (id=1553):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000640)=ANY=[@ANYRES16=r0, @ANYBLOB="f4d4"], 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r3, @ANYBLOB="18005e800c000100fffffffffcffffff070002"], 0x34}}, 0x0)
request_key(&(0x7f0000000300)='cifs.idmap\x00', &(0x7f0000000400)={'syz', 0x2}, &(0x7f0000000440)='pim6reg\x00', 0xfffffffffffffffc)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r4, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7, 0x47}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4008006)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa2d26910c867386dd6005040000283a00fe880000000000000000000000000101ff020000000000000000000000000001"], 0x0)
pivot_root(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file0\x00')
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="a243e6e0", 0x4}], 0x1, &(0x7f0000000380)=[@ip_retopts={{0x80, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0xa, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @private=0xa010100, @private=0xa010101]}, @timestamp_addr={0x44, 0x44, 0x14, 0x1, 0xe, [{@broadcast, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@remote, 0x8}, {@local, 0x7ff}, {@private=0xa010101, 0x80}, {@empty, 0x96}, {@private=0xa010100, 0x2}, {@private=0xa010101, 0x4}]}, @end, @rr={0x7, 0x13, 0x47, [@loopback, @loopback, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0xf}]}]}}}], 0x80}, 0xd8)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0)
sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0)

881.087168ms ago: executing program 6 (id=1554):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r1, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="1400000000000000100100000d000000010000000000002014000000000000001001000002"], 0x30}, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x3, 0x5, 0x8, 0x0, 0x0, 0xfffffffffffffff9, 0xf96, 0x0, 0x1})
socket$isdn(0x22, 0x2, 0x25)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000440)={0xb6, 0x5, 0x200})

829.382834ms ago: executing program 3 (id=1555):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1f, 0x12, r0, 0x100000000000000)

282.890247ms ago: executing program 7 (id=1556):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38f3a, 0x8000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @remote}]}}}]}, 0x3c}}, 0x900)

229.693561ms ago: executing program 3 (id=1557):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000780)=ANY=[@ANYBLOB="120100000000004006201801000000000001090224000100000000090400070103000100092100100601220700098581030800090300"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000400000000000000090000003c000380140002007663616e3000000000000000000000000800030000000000080001000100000014000600ff02"], 0x50}}, 0x0) (async)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000000)={0x0, 0xe, 0x7, {0x7, 0xc, '\x00\x00\x00\x00\x00'}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

109.97183ms ago: executing program 6 (id=1558):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@empty, @in=@empty, 0x0, 0x0, 0x0, 0xfffe, 0xa, 0x0, 0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x44dbb61b}, {0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x33}, 0x0, @in=@private}}, 0xe4)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x7}, 0x8)
sendto$inet6(r0, &(0x7f0000000080)="e9", 0x1, 0x40841, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

0s ago: executing program 7 (id=1559):
mknodat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x8000, 0x9)
unshare(0x400)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x6e)
r0 = socket(0x10, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x20040054)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x58}, 0x10000)
r1 = gettid()
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0x0)
accept4$x25(r2, 0x0, 0x0, 0x80800)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)

kernel console output (not intermixed with test programs):

[ T8196] netlink: 'syz.2.607': attribute type 1 has an invalid length.
[  243.294802][   T25] IPVS: starting estimator thread 0...
[  243.364573][ T5907] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  243.402704][ T8200] IPVS: using max 22 ests per chain, 52800 per kthread
[  243.664257][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  243.675852][ T5907] usb 6-1: config 0 has no interfaces?
[  243.705226][ T5907] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  243.714314][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  243.733618][ T5907] usb 6-1: SerialNumber: syz
[  243.741910][ T5907] usb 6-1: config 0 descriptor??
[  243.977969][ T8188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.057330][ T8188] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.120797][ T8188] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  244.167840][    T8] usb 6-1: USB disconnect, device number 7
[  245.175281][ T8215] fuse: Unknown parameter '�f1g6;�v+�X�f�'
[  245.706663][ T8228] netlink: 260 bytes leftover after parsing attributes in process `syz.4.616'.
[  245.863795][ T8232] netlink: 188 bytes leftover after parsing attributes in process `syz.4.619'.
[  245.896018][ T8229] /dev/sg0: Can't lookup blockdev
[  245.905857][ T8232] netlink: 'syz.4.619': attribute type 1 has an invalid length.
[  246.157276][ T8240] xt_hashlimit: size too large, truncated to 1048576
[  246.375517][ T8243] 9pnet_fd: Insufficient options for proto=fd
[  246.683981][ T8251] netlink: 24 bytes leftover after parsing attributes in process `syz.4.624'.
[  247.218611][ T8267] netlink: 188 bytes leftover after parsing attributes in process `syz.5.632'.
[  247.237824][ T8267] netlink: 'syz.5.632': attribute type 1 has an invalid length.
[  248.943537][ T8286] gre1: entered promiscuous mode
[  248.948574][ T8286] gre1: entered allmulticast mode
[  248.959199][ T8286] xt_CT: You must specify a L4 protocol and not use inversions on it
[  249.433494][ T8290] overlayfs: failed to clone upperpath
[  249.538855][ T8290] x_tables: unsorted entry at hook 2
[  249.931313][ T8305] veth0_macvtap: mtu less than device minimum
[  250.248659][ T8307] lo speed is unknown, defaulting to 1000
[  250.330874][ T8320] ipt_REJECT: ECHOREPLY no longer supported.
[  251.541090][    C1] blk_print_req_error: 552 callbacks suppressed
[  251.541112][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.556619][    C1] buffer_io_error: 550 callbacks suppressed
[  251.556633][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.645104][    C0] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.654398][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  251.663486][    C0] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.672676][    C0] Buffer I/O error on dev loop6, logical block 2, async page read
[  251.680598][    C0] I/O error, dev loop6, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.689726][    C0] Buffer I/O error on dev loop6, logical block 3, async page read
[  251.697632][    C0] I/O error, dev loop6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.706791][    C0] Buffer I/O error on dev loop6, logical block 4, async page read
[  251.714695][    C0] I/O error, dev loop6, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.723854][    C0] Buffer I/O error on dev loop6, logical block 5, async page read
[  251.731766][    C0] I/O error, dev loop6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.740943][    C0] Buffer I/O error on dev loop6, logical block 6, async page read
[  251.748886][    C0] I/O error, dev loop6, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.758124][    C0] Buffer I/O error on dev loop6, logical block 7, async page read
[  251.802641][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.811952][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.823189][    C0] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.832446][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  251.946037][ T8328] ldm_validate_partition_table(): Disk read failed.
[  252.128688][ T8328] Dev loop6: unable to read RDB block 0
[  252.187075][ T8328]  loop6: unable to read partition table
[  252.273861][ T8328] loop_reread_partitions: partition scan of loop6 (��Fd2ZZLs���{}L#���eY��q*J݀o͕��!�'v��6E��BR) failed (rc=-5)
[  252.347981][ T5198] ldm_validate_partition_table(): Disk read failed.
[  252.390021][ T5198] Dev loop6: unable to read RDB block 0
[  252.419113][ T5198]  loop6: unable to read partition table
[  253.285179][ T8347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  253.441320][ T8347] netlink: 'syz.4.655': attribute type 10 has an invalid length.
[  253.489556][ T8347] 8021q: adding VLAN 0 to HW filter on device team0
[  253.503202][ T8347] bond0: (slave team0): Enslaving as an active interface with an up link
[  254.645399][ T8352] lo speed is unknown, defaulting to 1000
[  254.855797][ T8358] veth0_macvtap: mtu less than device minimum
[  256.464440][    T8] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  256.653523][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  257.313532][    T8] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  257.322292][    T8] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  257.643022][ T5876] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  257.804848][ T5876] usb 6-1: Using ep0 maxpacket: 32
[  257.831387][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.872669][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.353357][ T5876] usb 6-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  258.384617][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.400697][ T5876] usb 6-1: config 0 descriptor??
[  258.593247][ T8393] xt_HMARK: spi-set and port-set can't be combined
[  258.606111][    C1] blk_print_req_error: 271 callbacks suppressed
[  258.606129][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.621624][    C1] buffer_io_error: 270 callbacks suppressed
[  258.621640][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  258.635481][    C1] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.644640][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  258.652505][    C1] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.661674][    C1] Buffer I/O error on dev loop6, logical block 2, async page read
[  258.669576][    C1] I/O error, dev loop6, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.678753][    C1] Buffer I/O error on dev loop6, logical block 3, async page read
[  258.686644][    C1] I/O error, dev loop6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.695824][    C1] Buffer I/O error on dev loop6, logical block 4, async page read
[  258.703732][    C1] I/O error, dev loop6, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.712938][    C1] Buffer I/O error on dev loop6, logical block 5, async page read
[  258.720891][    C1] I/O error, dev loop6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.730100][    C1] Buffer I/O error on dev loop6, logical block 6, async page read
[  258.737987][    C1] I/O error, dev loop6, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.747136][    C1] Buffer I/O error on dev loop6, logical block 7, async page read
[  258.778157][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.787399][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  258.788915][ T8378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.795346][    C1] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.795378][    C1] Buffer I/O error on dev loop6, logical block 1, async page read
[  258.882272][ T8392] ldm_validate_partition_table(): Disk read failed.
[  258.899711][ T8378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.281456][ T8392] Dev loop6: unable to read RDB block 0
[  259.854975][ T8392]  loop6: unable to read partition table
[  259.895394][ T8392] loop_reread_partitions: partition scan of loop6 (��Fd2ZZLs���{}L#���eY��q*J݀o͕��!�'v��6E��BR) failed (rc=-5)
[  260.002087][ T8398] veth0_macvtap: mtu less than device minimum
[  260.080716][ T5198] ldm_validate_partition_table(): Disk read failed.
[  260.115573][ T5198] Dev loop6: unable to read RDB block 0
[  260.142123][ T5198]  loop6: unable to read partition table
[  260.350417][ T5876] usbhid 6-1:0.0: can't add hid device: -71
[  260.377986][ T5876] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  260.418977][ T5876] usb 6-1: USB disconnect, device number 8
[  260.651268][ T8404] 9pnet_fd: p9_fd_create_unix (8404): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  261.722537][ T8413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.678'.
[  261.933755][ T8413] netlink: 24 bytes leftover after parsing attributes in process `syz.4.678'.
[  261.964256][ T8413] tc_dump_action: action bad kind
[  262.000398][ T8418] netlink: 188 bytes leftover after parsing attributes in process `syz.2.680'.
[  262.009557][ T8418] openvswitch: netlink: Flow key attr not present in new flow.
[  262.841257][ T8427] netlink: 12 bytes leftover after parsing attributes in process `syz.1.685'.
[  262.939178][ T8433] veth0_macvtap: mtu less than device minimum
[  263.978385][ T5832] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  264.574750][ T5832] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  264.594742][ T5832] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  264.806488][ T5907] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  265.265140][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  265.350650][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.495914][ T8459] xt_recent: Unsupported userspace flags (000000da)
[  265.532204][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  265.648463][ T8464] overlayfs: invalid redirect (./file0)
[  266.029625][ T5907] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  266.061759][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.145129][ T5907] usb 2-1: config 0 descriptor??
[  266.489219][ T8472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.523578][ T8470] veth0_macvtap: mtu less than device minimum
[  266.561699][ T8472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.268251][ T5907] usbhid 2-1:0.0: can't add hid device: -71
[  268.281770][    C0] blk_print_req_error: 271 callbacks suppressed
[  268.281791][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.297267][    C0] buffer_io_error: 270 callbacks suppressed
[  268.297276][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  268.311007][    C0] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.320128][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  268.327989][    C0] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.337119][    C0] Buffer I/O error on dev loop6, logical block 2, async page read
[  268.344928][    C0] I/O error, dev loop6, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.354263][    C0] Buffer I/O error on dev loop6, logical block 3, async page read
[  268.362341][    C0] I/O error, dev loop6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.371578][    C0] Buffer I/O error on dev loop6, logical block 4, async page read
[  268.379623][    C0] I/O error, dev loop6, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.388920][    C0] Buffer I/O error on dev loop6, logical block 5, async page read
[  268.397011][    C0] I/O error, dev loop6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.406283][    C0] Buffer I/O error on dev loop6, logical block 6, async page read
[  268.414226][    C0] I/O error, dev loop6, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.423501][    C0] Buffer I/O error on dev loop6, logical block 7, async page read
[  268.463212][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.472513][ T5907] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  268.472518][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  268.480551][    C0] I/O error, dev loop6, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  268.497629][    C0] Buffer I/O error on dev loop6, logical block 1, async page read
[  268.537690][ T8491] ldm_validate_partition_table(): Disk read failed.
[  268.582369][ T8491] Dev loop6: unable to read RDB block 0
[  268.600080][ T5907] usb 2-1: USB disconnect, device number 16
[  268.632939][ T8491]  loop6: unable to read partition table
[  268.648400][ T8491] loop_reread_partitions: partition scan of loop6 (��Fd2ZZLs���{}L#���eY��q*J݀o͕��!�'v��6E��BR) failed (rc=-5)
[  268.712562][ T8497] netlink: 32 bytes leftover after parsing attributes in process `syz.1.704'.
[  268.737282][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  268.777180][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  268.817762][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  268.851714][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  268.913476][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  268.980223][ T5198] ldm_validate_partition_table(): Disk read failed.
[  268.989163][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  269.004485][ T5198] Dev loop6: unable to read RDB block 0
[  269.058421][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  269.061257][ T5198]  loop6: unable to read partition table
[  269.155408][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  269.218411][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.705'.
[  269.339639][ T8502] lo speed is unknown, defaulting to 1000
[  269.779690][ T8510] FAULT_INJECTION: forcing a failure.
[  269.779690][ T8510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.792922][ T8510] CPU: 0 UID: 0 PID: 8510 Comm: syz.2.709 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  269.792943][ T8510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  269.792965][ T8510] Call Trace:
[  269.792971][ T8510]  <TASK>
[  269.792978][ T8510]  dump_stack_lvl+0x241/0x360
[  269.793011][ T8510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.793034][ T8510]  ? __pfx__printk+0x10/0x10
[  269.793060][ T8510]  ? __pfx_lock_release+0x10/0x10
[  269.793088][ T8510]  should_fail_ex+0x40a/0x550
[  269.793111][ T8510]  _copy_from_user+0x2d/0xb0
[  269.793129][ T8510]  __se_sys_mount+0x17d/0x3c0
[  269.793148][ T8510]  ? irqentry_exit+0x63/0x90
[  269.793168][ T8510]  ? lockdep_hardirqs_on+0x99/0x150
[  269.793190][ T8510]  ? __pfx___se_sys_mount+0x10/0x10
[  269.793216][ T8510]  ? __x64_sys_mount+0x20/0xc0
[  269.793238][ T8510]  do_syscall_64+0xf3/0x230
[  269.793259][ T8510]  ? clear_bhb_loop+0x35/0x90
[  269.793289][ T8510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.793309][ T8510] RIP: 0033:0x7f86dfb8cde9
[  269.793324][ T8510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.793338][ T8510] RSP: 002b:00007f86e0984038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  269.793357][ T8510] RAX: ffffffffffffffda RBX: 00007f86dfda6160 RCX: 00007f86dfb8cde9
[  269.793369][ T8510] RDX: 0000400000000040 RSI: 0000400000000180 RDI: 0000000000000000
[  269.793380][ T8510] RBP: 00007f86e0984090 R08: 0000400000000580 R09: 0000000000000000
[  269.793390][ T8510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.793400][ T8510] R13: 0000000000000000 R14: 00007f86dfda6160 R15: 00007ffe6aba10a8
[  269.793426][ T8510]  </TASK>
[  271.062250][ T5907] libceph: connect (1)[c::]:6789 error -101
[  271.080518][ T5907] libceph: mon0 (1)[c::]:6789 connect error
[  271.499722][ T8504] ceph: No mds server is up or the cluster is laggy
[  271.562562][ T5872] libceph: connect (1)[c::]:6789 error -101
[  271.577273][ T5872] libceph: mon0 (1)[c::]:6789 connect error
[  272.429817][ T8541] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.438084][ T8541] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.106572][ T8565] __nla_validate_parse: 44 callbacks suppressed
[  275.113065][ T8565] netlink: 28 bytes leftover after parsing attributes in process `syz.1.725'.
[  275.122605][ T8565] netlink: 28 bytes leftover after parsing attributes in process `syz.1.725'.
[  276.362162][ T8580] netlink: 188 bytes leftover after parsing attributes in process `syz.1.729'.
[  276.371367][ T8580] netlink: 'syz.1.729': attribute type 1 has an invalid length.
[  276.725276][ T8589] netlink: 'syz.4.730': attribute type 4 has an invalid length.
[  276.998634][ T5876] lo speed is unknown, defaulting to 1000
[  277.146907][    T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  277.745357][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.555598][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  278.570804][    T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  278.580273][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.657334][    T8] usb 2-1: config 0 descriptor??
[  279.108062][    T8] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  279.116521][    T8] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  279.128413][    T8] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  279.350717][ T8618] befs: (nullb0): No write support. Marking filesystem read-only
[  279.407401][ T5907] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  279.589462][ T5875] usb 2-1: USB disconnect, device number 17
[  279.630015][ T8618] befs: (nullb0): invalid magic header
[  279.767476][ T5907] usb 6-1: Using ep0 maxpacket: 16
[  279.858753][ T5907] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  279.916217][ T5907] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  279.933817][ T5907] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  279.971142][ T5907] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  279.981776][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  279.990229][ T5907] usb 6-1: SerialNumber: syz
[  280.024816][ T8609] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  280.078581][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.098837][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.116271][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.145768][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.172560][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.221982][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.241949][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.260810][ T5907] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  280.273986][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.356919][ T5907] usb 6-1: USB disconnect, device number 9
[  280.373786][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.389836][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.406118][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.416571][ T8634] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.745'.
[  280.741616][ T5875] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  281.247339][ T5875] usb 3-1: Using ep0 maxpacket: 16
[  281.263669][ T5875] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  281.284720][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.574337][ T5875] usb 3-1: Product: syz
[  281.582430][ T5875] usb 3-1: Manufacturer: syz
[  281.587075][ T5875] usb 3-1: SerialNumber: syz
[  281.601361][ T5875] usb 3-1: config 0 descriptor??
[  281.610562][ T5875] usb-storage 3-1:0.0: USB Mass Storage device detected
[  281.634670][ T5875] usb-storage 3-1:0.0: Quirks match for vid 054c pid 002e: 1
[  281.658294][ T5875] usb-storage 3-1:0.0: This device (054c,002e,0500 S 04 P 01) has an unneeded SubClass entry in unusual_devs.h (kernel 6.14.0-rc1-syzkaller-00235-g9946eaf552b1)
[  281.658294][ T5875]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  282.853487][ T5872] usb 3-1: USB disconnect, device number 9
[  282.952912][ T8665] netlink: 'syz.1.756': attribute type 1 has an invalid length.
[  283.859242][ T8675] x_tables: ip_tables: ah match: only valid for protocol 51
[  284.018550][ T8680] netlink: 'syz.2.760': attribute type 1 has an invalid length.
[  284.026292][ T8680] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  285.642949][ T8705] veth0_macvtap: mtu less than device minimum
[  286.880854][ T8727] __nla_validate_parse: 58 callbacks suppressed
[  286.880873][ T8727] netlink: 20 bytes leftover after parsing attributes in process `syz.1.775'.
[  287.101821][ T8741] veth0_macvtap: mtu less than device minimum
[  288.943444][ T8774] 9pnet_fd: Insufficient options for proto=fd
[  289.007979][ T5872] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  289.017237][ T8776] veth0_macvtap: mtu less than device minimum
[  289.167881][ T5872] usb 6-1: Using ep0 maxpacket: 16
[  289.203259][ T5872] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  289.230245][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  289.261157][ T5872] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  289.276705][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.380633][ T5872] usb 6-1: Product: syz
[  289.389439][ T5872] usb 6-1: Manufacturer: syz
[  289.541276][ T5872] usb 6-1: SerialNumber: syz
[  289.868843][ T5872] usb 6-1: config 0 descriptor??
[  289.890062][ T5872] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  289.915090][ T5872] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  291.223661][ T5872] em28xx 6-1:0.0: chip ID is em2874
[  293.288457][ T5829] Bluetooth: hci3: command 0x0406 tx timeout
[  293.752839][ T5872] usb 6-1: USB disconnect, device number 10
[  293.795732][ T5872] em28xx 6-1:0.0: Disconnecting em28xx
[  293.831389][ T5872] em28xx 6-1:0.0: Freeing device
[  294.279837][ T8842] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  294.289558][ T8842] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  295.377227][ T8854] lo speed is unknown, defaulting to 1000
[  296.062316][ T8860] FAULT_INJECTION: forcing a failure.
[  296.062316][ T8860] name failslab, interval 1, probability 0, space 0, times 0
[  296.102483][ T8863] openvswitch: netlink: Message has 8 unknown bytes.
[  296.133384][ T8860] CPU: 0 UID: 0 PID: 8860 Comm: syz.2.818 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  296.133413][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  296.133424][ T8860] Call Trace:
[  296.133430][ T8860]  <TASK>
[  296.133437][ T8860]  dump_stack_lvl+0x241/0x360
[  296.133470][ T8860]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.133493][ T8860]  ? __pfx__printk+0x10/0x10
[  296.133518][ T8860]  ? __kmalloc_cache_noprof+0x48/0x390
[  296.133541][ T8860]  ? __pfx___might_resched+0x10/0x10
[  296.133557][ T8860]  ? __asan_memset+0x23/0x50
[  296.133582][ T8860]  should_fail_ex+0x40a/0x550
[  296.133606][ T8860]  should_failslab+0xac/0x100
[  296.133640][ T8860]  __kmalloc_cache_noprof+0x70/0x390
[  296.133659][ T8860]  ? legacy_init_fs_context+0x51/0xc0
[  296.133679][ T8860]  ? __raw_spin_lock_init+0x45/0x100
[  296.133699][ T8860]  legacy_init_fs_context+0x51/0xc0
[  296.133721][ T8860]  alloc_fs_context+0x68a/0x800
[  296.133750][ T8860]  do_new_mount+0x160/0xb40
[  296.133774][ T8860]  ? __pfx_do_new_mount+0x10/0x10
[  296.133802][ T8860]  __se_sys_mount+0x2d6/0x3c0
[  296.133834][ T8860]  ? __pfx___se_sys_mount+0x10/0x10
[  296.133855][ T8860]  ? do_syscall_64+0x100/0x230
[  296.133879][ T8860]  ? __x64_sys_mount+0x20/0xc0
[  296.133901][ T8860]  do_syscall_64+0xf3/0x230
[  296.133921][ T8860]  ? clear_bhb_loop+0x35/0x90
[  296.133946][ T8860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.133966][ T8860] RIP: 0033:0x7f86dfb8cde9
[  296.133981][ T8860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.133995][ T8860] RSP: 002b:00007f86e09c6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  296.134013][ T8860] RAX: ffffffffffffffda RBX: 00007f86dfda5fa0 RCX: 00007f86dfb8cde9
[  296.134025][ T8860] RDX: 00004000000002c0 RSI: 0000400000000180 RDI: 0000000000000000
[  296.134036][ T8860] RBP: 00007f86e09c6090 R08: 0000400000001540 R09: 0000000000000000
[  296.134047][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  296.134057][ T8860] R13: 0000000000000000 R14: 00007f86dfda5fa0 R15: 00007ffe6aba10a8
[  296.134082][ T8860]  </TASK>
[  296.380892][ T8868] veth1_to_batadv: entered allmulticast mode
[  296.581659][ T8873] openvswitch: netlink: Key 8 has unexpected len 2 expected 40
[  298.414084][ T8895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'.
[  298.953516][ T8894] netlink: 28 bytes leftover after parsing attributes in process `syz.3.830'.
[  298.961288][ T8899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.831'.
[  299.444537][ T8903] netlink: 96 bytes leftover after parsing attributes in process `syz.1.832'.
[  299.453873][ T8903] netlink: 12 bytes leftover after parsing attributes in process `syz.1.832'.
[  299.551577][ T8903] vlan2: entered allmulticast mode
[  300.087425][ T8913] netlink: 'syz.1.837': attribute type 4 has an invalid length.
[  300.170239][ T8911] fuse: Unknown parameter 'seclabel'
[  300.383494][ T8923] tmpfs: Unknown parameter '00000000000000000000000'
[  301.326907][ T8928] netlink: 40 bytes leftover after parsing attributes in process `syz.1.840'.
[  301.715512][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.848'.
[  301.769711][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.848'.
[  301.787003][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.848'.
[  301.797314][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.848'.
[  301.897392][ T8957] syzkaller1: entered promiscuous mode
[  301.904565][ T8957] syzkaller1: entered allmulticast mode
[  303.431517][ T8975] MTD: Couldn't look up './file0': -15
[  303.437369][ T8975] ./file0: Can't lookup blockdev
[  303.596688][ T8975] bridge_slave_0: left allmulticast mode
[  303.637909][ T8975] bridge_slave_0: left promiscuous mode
[  303.676056][ T8975] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.734509][ T8975] bridge_slave_1: left allmulticast mode
[  303.980341][ T8975] bridge_slave_1: left promiscuous mode
[  304.263662][ T8975] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.317158][ T8975] bond0: (slave bond_slave_0): Releasing backup interface
[  304.393599][ T8975] bond0: (slave bond_slave_1): Releasing backup interface
[  304.565386][ T8975] team0: Port device team_slave_0 removed
[  304.588258][ T8975] team0: Port device team_slave_1 removed
[  304.601133][ T8975] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.609223][ T8975] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.629730][ T8975] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.671767][ T8975] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.867251][ T9005] __nla_validate_parse: 47 callbacks suppressed
[  304.867270][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  304.894286][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  304.904679][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  304.914085][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  304.955892][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  304.999001][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  305.018417][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  305.057351][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  305.068100][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  305.079323][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'.
[  305.297060][ T9022] x_tables: duplicate underflow at hook 3
[  305.605098][ T9032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  305.641123][ T9032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  306.548469][ T5876] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  307.042460][ T5876] usb 2-1: unable to get BOS descriptor or descriptor too short
[  307.051077][ T5876] usb 2-1: not running at top speed; connect to a high speed hub
[  307.062505][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  307.096862][ T5876] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  307.180465][ T5876] usb 2-1: config 1 interface 0 has no altsetting 0
[  307.210026][ T5876] usb 2-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.40
[  307.239433][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.273402][ T5876] usb 2-1: Product: syz
[  307.290837][ T5876] usb 2-1: Manufacturer: syz
[  307.360580][ T5876] usb 2-1: SerialNumber: syz
[  307.507168][ T9035] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  307.903716][ T5876] usbhid 2-1:1.0: can't add hid device: -22
[  307.920365][ T5876] usbhid 2-1:1.0: probe with driver usbhid failed with error -22
[  308.048890][ T5876] usb 2-1: USB disconnect, device number 18
[  308.168839][ T9057] gretap0: entered promiscuous mode
[  308.176486][ T9057] gretap0: left allmulticast mode
[  308.191109][ T9057] 0�X��D��: renamed from gretap0
[  308.198668][ T9057] 0�X��D��: left promiscuous mode
[  308.203796][ T9057] 0�X��D��: entered allmulticast mode
[  308.624496][ T9062] 9pnet_fd: p9_fd_create_unix (9062): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  309.084854][ T9064] FAULT_INJECTION: forcing a failure.
[  309.084854][ T9064] name failslab, interval 1, probability 0, space 0, times 0
[  309.191901][ T9064] CPU: 1 UID: 0 PID: 9064 Comm: syz.1.881 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  309.191927][ T9064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  309.191938][ T9064] Call Trace:
[  309.191942][ T9064]  <TASK>
[  309.191948][ T9064]  dump_stack_lvl+0x241/0x360
[  309.191970][ T9064]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.191985][ T9064]  ? __pfx__printk+0x10/0x10
[  309.191999][ T9064]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  309.192013][ T9064]  ? __pfx___might_resched+0x10/0x10
[  309.192023][ T9064]  ? __asan_memset+0x23/0x50
[  309.192039][ T9064]  should_fail_ex+0x40a/0x550
[  309.192053][ T9064]  should_failslab+0xac/0x100
[  309.192066][ T9064]  __kmalloc_node_noprof+0xe1/0x4d0
[  309.192078][ T9064]  ? __kvmalloc_node_noprof+0x72/0x190
[  309.192094][ T9064]  __kvmalloc_node_noprof+0x72/0x190
[  309.192108][ T9064]  alloc_netdev_mqs+0x8d4/0x1110
[  309.192124][ T9064]  internal_dev_create+0x8a/0x450
[  309.192142][ T9064]  ovs_vport_add+0x13f/0x420
[  309.192156][ T9064]  new_vport+0x1a/0x190
[  309.192168][ T9064]  ovs_dp_cmd_new+0x79c/0xc10
[  309.192186][ T9064]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  309.192201][ T9064]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  309.192218][ T9064]  genl_rcv_msg+0xb14/0xec0
[  309.192234][ T9064]  ? __pfx_genl_rcv_msg+0x10/0x10
[  309.192259][ T9064]  ? __pfx_lock_acquire+0x10/0x10
[  309.192271][ T9064]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  309.192283][ T9064]  ? __pfx___might_resched+0x10/0x10
[  309.192298][ T9064]  netlink_rcv_skb+0x1e3/0x430
[  309.192313][ T9064]  ? __pfx_genl_rcv_msg+0x10/0x10
[  309.192325][ T9064]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  309.192346][ T9064]  ? __netlink_deliver_tap+0x7aa/0x7f0
[  309.192362][ T9064]  genl_rcv+0x28/0x40
[  309.192372][ T9064]  netlink_unicast+0x7f6/0x990
[  309.192390][ T9064]  ? __pfx_netlink_unicast+0x10/0x10
[  309.192401][ T9064]  ? __virt_addr_valid+0x45f/0x530
[  309.192415][ T9064]  ? __phys_addr_symbol+0x2f/0x70
[  309.192428][ T9064]  ? __check_object_size+0x47a/0x730
[  309.192441][ T9064]  netlink_sendmsg+0x8e4/0xcb0
[  309.192457][ T9064]  ? __pfx_netlink_sendmsg+0x10/0x10
[  309.192473][ T9064]  ? __pfx_netlink_sendmsg+0x10/0x10
[  309.192481][ T9064]  __sock_sendmsg+0x221/0x270
[  309.192495][ T9064]  ____sys_sendmsg+0x52a/0x7e0
[  309.192510][ T9064]  ? __pfx_____sys_sendmsg+0x10/0x10
[  309.192518][ T9064]  ? __fget_files+0x2a/0x410
[  309.192543][ T9064]  ? __fget_files+0x2a/0x410
[  309.192559][ T9064]  __sys_sendmsg+0x269/0x350
[  309.192571][ T9064]  ? __pfx___sys_sendmsg+0x10/0x10
[  309.192587][ T9064]  ? do_sys_openat2+0x17a/0x1d0
[  309.192613][ T9064]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  309.192626][ T9064]  ? do_syscall_64+0x100/0x230
[  309.192641][ T9064]  ? do_syscall_64+0xb6/0x230
[  309.192655][ T9064]  do_syscall_64+0xf3/0x230
[  309.192667][ T9064]  ? clear_bhb_loop+0x35/0x90
[  309.192682][ T9064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.192696][ T9064] RIP: 0033:0x7fb533b8cde9
[  309.192706][ T9064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.192713][ T9064] RSP: 002b:00007fb53493f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  309.192725][ T9064] RAX: ffffffffffffffda RBX: 00007fb533da5fa0 RCX: 00007fb533b8cde9
[  309.192732][ T9064] RDX: 0000000020008000 RSI: 0000400000000000 RDI: 0000000000000003
[  309.192738][ T9064] RBP: 00007fb53493f090 R08: 0000000000000000 R09: 0000000000000000
[  309.192744][ T9064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  309.192749][ T9064] R13: 0000000000000000 R14: 00007fb533da5fa0 R15: 00007ffc45aa5b28
[  309.192764][ T9064]  </TASK>
[  309.783154][   T29] audit: type=1804 audit(1739121495.796:64): pid=9072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.886" name="/newroot/170/file0" dev="tmpfs" ino=937 res=1 errno=0
[  311.526333][ T9088] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  311.592670][ T9093] misc userio: The device must be registered before sending interrupts
[  311.729804][ T9102] FAULT_INJECTION: forcing a failure.
[  311.729804][ T9102] name failslab, interval 1, probability 0, space 0, times 0
[  311.749613][ T9102] CPU: 1 UID: 0 PID: 9102 Comm: syz.1.895 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  311.749639][ T9102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  311.749650][ T9102] Call Trace:
[  311.749656][ T9102]  <TASK>
[  311.749663][ T9102]  dump_stack_lvl+0x241/0x360
[  311.749694][ T9102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.749717][ T9102]  ? __pfx__printk+0x10/0x10
[  311.749742][ T9102]  ? __kmalloc_noprof+0xb5/0x4c0
[  311.749770][ T9102]  ? __pfx___might_resched+0x10/0x10
[  311.749793][ T9102]  should_fail_ex+0x40a/0x550
[  311.749818][ T9102]  should_failslab+0xac/0x100
[  311.749839][ T9102]  __kmalloc_noprof+0xdd/0x4c0
[  311.749859][ T9102]  ? nla_strdup+0x9c/0x140
[  311.749876][ T9102]  ? __kasan_kmalloc+0x98/0xb0
[  311.749893][ T9102]  nla_strdup+0x9c/0x140
[  311.749914][ T9102]  nf_tables_newchain+0x2102/0x3310
[  311.749944][ T9102]  ? __pfx_lock_release+0x10/0x10
[  311.749975][ T9102]  ? __pfx_nf_tables_newchain+0x10/0x10
[  311.750012][ T9102]  ? __pfx_lock_acquire+0x10/0x10
[  311.750030][ T9102]  ? nfnl_pernet+0x23/0x240
[  311.750048][ T9102]  ? __pfx_lock_release+0x10/0x10
[  311.750080][ T9102]  ? __nla_parse+0x40/0x60
[  311.750105][ T9102]  nfnetlink_rcv+0x14e3/0x2ab0
[  311.750155][ T9102]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  311.750220][ T9102]  ? netlink_deliver_tap+0x2e/0x1b0
[  311.750234][ T9102]  ? skb_clone+0x240/0x390
[  311.750252][ T9102]  ? __pfx_lock_release+0x10/0x10
[  311.750284][ T9102]  ? netlink_deliver_tap+0x2e/0x1b0
[  311.750302][ T9102]  netlink_unicast+0x7f6/0x990
[  311.750332][ T9102]  ? __pfx_netlink_unicast+0x10/0x10
[  311.750352][ T9102]  ? __virt_addr_valid+0x45f/0x530
[  311.750374][ T9102]  ? __phys_addr_symbol+0x2f/0x70
[  311.750394][ T9102]  ? __check_object_size+0x47a/0x730
[  311.750418][ T9102]  netlink_sendmsg+0x8e4/0xcb0
[  311.750446][ T9102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.750474][ T9102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.750489][ T9102]  __sock_sendmsg+0x221/0x270
[  311.750511][ T9102]  ____sys_sendmsg+0x52a/0x7e0
[  311.750536][ T9102]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.750550][ T9102]  ? __fget_files+0x2a/0x410
[  311.750575][ T9102]  ? __fget_files+0x2a/0x410
[  311.750603][ T9102]  __sys_sendmsg+0x269/0x350
[  311.750624][ T9102]  ? __pfx___sys_sendmsg+0x10/0x10
[  311.750651][ T9102]  ? do_sys_openat2+0x17a/0x1d0
[  311.750697][ T9102]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  311.750718][ T9102]  ? do_syscall_64+0x100/0x230
[  311.750741][ T9102]  ? do_syscall_64+0xb6/0x230
[  311.750771][ T9102]  do_syscall_64+0xf3/0x230
[  311.750792][ T9102]  ? clear_bhb_loop+0x35/0x90
[  311.750816][ T9102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.750835][ T9102] RIP: 0033:0x7fb533b8cde9
[  311.750851][ T9102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.750864][ T9102] RSP: 002b:00007fb53493f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  311.750882][ T9102] RAX: ffffffffffffffda RBX: 00007fb533da5fa0 RCX: 00007fb533b8cde9
[  311.750894][ T9102] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000006
[  311.750905][ T9102] RBP: 00007fb53493f090 R08: 0000000000000000 R09: 0000000000000000
[  311.750915][ T9102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  311.750924][ T9102] R13: 0000000000000000 R14: 00007fb533da5fa0 R15: 00007ffc45aa5b28
[  311.750950][ T9102]  </TASK>
[  312.336317][ T9105] __nla_validate_parse: 98 callbacks suppressed
[  312.336338][ T9105] netlink: 260 bytes leftover after parsing attributes in process `syz.5.896'.
[  312.480292][ T9108] tipc: Started in network mode
[  312.485400][ T9108] tipc: Node identity , cluster identity 4711
[  312.498616][ T5872] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  312.695332][ T9114] batman_adv: batadv0: Adding interface: dummy0
[  312.733726][ T9114] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  312.779194][ T9114] batman_adv: batadv0: Interface activated: dummy0
[  312.848457][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  312.859863][ T5872] usb 3-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=8b.55
[  312.870706][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.130035][ T5872] usb 3-1: config 0 descriptor??
[  313.284904][ T5872] gspca_main: sn9c2028-2.14.0 probing 0c45:800a
[  313.642780][ T5872] gspca_sn9c2028: read1 error -71
[  313.661754][ T5872] gspca_sn9c2028: read1 error -71
[  313.671033][ T5872] gspca_sn9c2028: read1 error -71
[  313.684119][ T5872] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -71
[  313.709887][ T5872] usb 3-1: USB disconnect, device number 10
[  313.928917][ T5876] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  314.175501][ T9132] netlink: 68 bytes leftover after parsing attributes in process `syz.1.907'.
[  314.319274][ T5876] usb 6-1: Using ep0 maxpacket: 8
[  314.418703][ T5876] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[  314.427200][ T5876] usb 6-1: config 0 has no interface number 0
[  314.450696][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  314.498701][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  314.500402][ T9139] netlink: 260 bytes leftover after parsing attributes in process `syz.4.908'.
[  314.525434][ T5876] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  314.537189][ T5876] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  314.556271][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  314.586743][ T5876] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  314.608435][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.633219][ T5876] usb 6-1: Product: syz
[  314.646209][ T5876] usb 6-1: Manufacturer: syz
[  314.691803][ T5876] usb 6-1: SerialNumber: syz
[  314.792309][ T9142] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[9142]
[  315.197488][ T9146] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[9146]
[  315.220153][ T5876] usb 6-1: config 0 descriptor??
[  315.271715][ T9146] pimreg: entered allmulticast mode
[  315.279669][ T9146] netlink: 28 bytes leftover after parsing attributes in process `syz.2.910'.
[  315.483171][ T5876] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  315.659038][ T9124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  315.817023][ T9124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.885968][ T5876] usb 6-1: USB disconnect, device number 11
[  316.807683][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.920'.
[  317.569158][ T9181] FAULT_INJECTION: forcing a failure.
[  317.569158][ T9181] name failslab, interval 1, probability 0, space 0, times 0
[  317.596701][ T9181] CPU: 0 UID: 0 PID: 9181 Comm: syz.5.922 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  317.596726][ T9181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  317.596736][ T9181] Call Trace:
[  317.596742][ T9181]  <TASK>
[  317.596750][ T9181]  dump_stack_lvl+0x241/0x360
[  317.596780][ T9181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  317.596802][ T9181]  ? __pfx__printk+0x10/0x10
[  317.596825][ T9181]  ? fs_reclaim_acquire+0x93/0x130
[  317.596843][ T9181]  ? __pfx___might_resched+0x10/0x10
[  317.596862][ T9181]  should_fail_ex+0x40a/0x550
[  317.596885][ T9181]  should_failslab+0xac/0x100
[  317.596907][ T9181]  __kmalloc_noprof+0xdd/0x4c0
[  317.596925][ T9181]  ? kstrtouint_from_user+0x128/0x190
[  317.596945][ T9181]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  317.596964][ T9181]  tomoyo_realpath_from_path+0xcf/0x5e0
[  317.596991][ T9181]  tomoyo_path_number_perm+0x236/0x860
[  317.597013][ T9181]  ? rcu_read_lock_any_held+0xb7/0x160
[  317.597029][ T9181]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  317.597043][ T9181]  ? tomoyo_path_number_perm+0x206/0x860
[  317.597062][ T9181]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  317.597082][ T9181]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  317.597104][ T9181]  ? sb_end_write+0xe9/0x1c0
[  317.597122][ T9181]  ? vfs_write+0x7fa/0xd10
[  317.597169][ T9181]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  317.597193][ T9181]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  317.597224][ T9181]  security_file_ioctl+0xc6/0x2a0
[  317.597248][ T9181]  __se_sys_ioctl+0x46/0x170
[  317.597266][ T9181]  do_syscall_64+0xf3/0x230
[  317.597288][ T9181]  ? clear_bhb_loop+0x35/0x90
[  317.597313][ T9181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.597333][ T9181] RIP: 0033:0x7f9958f8cde9
[  317.597349][ T9181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.597363][ T9181] RSP: 002b:00007f9959e27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  317.597381][ T9181] RAX: ffffffffffffffda RBX: 00007f99591a5fa0 RCX: 00007f9958f8cde9
[  317.597393][ T9181] RDX: 0000000000000000 RSI: 0000000040045010 RDI: 0000000000000003
[  317.597404][ T9181] RBP: 00007f9959e27090 R08: 0000000000000000 R09: 0000000000000000
[  317.597414][ T9181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.597423][ T9181] R13: 0000000000000000 R14: 00007f99591a5fa0 R15: 00007ffe7f6b97c8
[  317.597450][ T9181]  </TASK>
[  317.598131][ T9181] ERROR: Out of memory at tomoyo_realpath_from_path.
[  317.706941][ T9185] ax25_connect(): syz.4.924 uses autobind, please contact jreuter@yaina.de
[  317.937739][ T9193] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  318.104320][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  319.108701][ T9198] tty tty3: ldisc open failed (-12), clearing slot 2
[  319.119914][ T9196] tty tty3: ldisc open failed (-12), clearing slot 2
[  319.295111][ T9212] netlink: 277 bytes leftover after parsing attributes in process `syz.1.931'.
[  320.267053][ T9220] netlink: 'syz.4.933': attribute type 12 has an invalid length.
[  320.275164][ T9220] netlink: 'syz.4.933': attribute type 29 has an invalid length.
[  320.283118][ T9220] netlink: 148 bytes leftover after parsing attributes in process `syz.4.933'.
[  320.292568][ T9220] netlink: 59 bytes leftover after parsing attributes in process `syz.4.933'.
[  320.601051][ T9231] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  320.634813][ T9231] netlink: 12 bytes leftover after parsing attributes in process `syz.4.938'.
[  320.648491][ T9231] tipc: Started in network mode
[  320.653646][ T9231] tipc: Node identity @emory.en, cluster identity 8
[  320.742841][ T9237] bridge0: port 1(erspan0) entered blocking state
[  320.749395][ T9237] bridge0: port 1(erspan0) entered disabled state
[  320.755960][ T9237] erspan0: entered allmulticast mode
[  320.762281][ T9237] erspan0: entered promiscuous mode
[  320.872088][ T9243] netlink: 'syz.3.944': attribute type 1 has an invalid length.
[  320.895685][ T9243] netlink: 'syz.3.944': attribute type 1 has an invalid length.
[  323.320537][ T5876] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  323.698436][ T5876] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  323.715266][ T5876] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  324.041305][ T5876] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  324.218846][ T5876] usb 5-1: Using ep0 maxpacket: 32
[  324.810447][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.037033][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.048261][ T5876] usb 5-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  325.062011][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.072417][ T5876] usb 5-1: config 0 descriptor??
[  325.355983][ T9279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.364984][ T9279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.438416][   T25] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  325.725736][   T25] usb 2-1: Using ep0 maxpacket: 16
[  325.756477][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.808876][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  325.845654][   T25] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  325.868257][   T25] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  325.898106][   T25] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  325.945265][   T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  325.977070][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  325.987027][ T9283] xt_hashlimit: size too large, truncated to 1048576
[  325.995869][   T25] usb 2-1: SerialNumber: syz
[  326.049472][ T9287] veth0_macvtap: mtu less than device minimum
[  326.209163][ T9276] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  326.218469][   T25] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  326.227915][   T25] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12
[  326.447757][ T5875] usb 2-1: USB disconnect, device number 19
[  326.538724][ T9289] nvme_fabrics: missing parameter 'transport=%s'
[  326.545661][ T9289] nvme_fabrics: missing parameter 'nqn=%s'
[  326.573224][ T5876] usbhid 5-1:0.0: can't add hid device: -71
[  326.590137][ T5876] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  326.636150][ T5876] usb 5-1: USB disconnect, device number 4
[  327.666137][ T9319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.964'.
[  327.787766][ T9321] xt_CT: You must specify a L4 protocol and not use inversions on it
[  329.921923][ T9341] fuse: Unknown parameter '��������'
[  330.941784][ T9353] 9pnet_fd: Insufficient options for proto=fd
[  331.278446][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  331.372760][ T9369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.983'.
[  331.393244][ T9369] vlan3: entered allmulticast mode
[  331.450169][    T8] usb 3-1: Using ep0 maxpacket: 8
[  331.467077][    T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  331.487379][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  331.517976][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  331.565043][ T9375] 9pnet_fd: Insufficient options for proto=fd
[  331.571650][ T9376] 9pnet_fd: Insufficient options for proto=fd
[  331.583742][    T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  331.604847][    T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  331.615269][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.658649][ T5876] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  331.838465][    T8] usb 3-1: usb_control_msg returned -32
[  331.844078][    T8] usbtmc 3-1:16.0: can't read capabilities
[  332.653080][ T5876] usb 5-1: device descriptor read/64, error -71
[  332.988483][ T5876] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  333.300103][ T5876] usb 5-1: device descriptor read/64, error -71
[  333.428947][ T5876] usb usb5-port1: attempt power cycle
[  333.938465][ T5876] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  333.969369][ T5876] usb 5-1: device descriptor read/8, error -71
[  334.088120][ T9403] netlink: 'syz.5.992': attribute type 3 has an invalid length.
[  334.096545][ T9403] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.992'.
[  334.549734][ T5876] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  334.713975][   T25] usb 3-1: USB disconnect, device number 11
[  334.740279][ T5876] usb 5-1: device descriptor read/8, error -71
[  335.601644][ T5876] usb usb5-port1: unable to enumerate USB device
[  335.681881][ T9418] input: syz1 as /devices/virtual/input/input7
[  335.727127][ T9421] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  336.056548][ T9431] syz.5.1002 (9431): /proc/9431/oom_adj is deprecated, please use /proc/9431/oom_score_adj instead.
[  336.088603][ T5876] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  336.125841][ T9431] netlink: 'syz.5.1002': attribute type 1 has an invalid length.
[  336.149800][ T9431] netlink: 'syz.5.1002': attribute type 2 has an invalid length.
[  336.278479][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  336.321488][ T5876] usb 3-1: unable to get BOS descriptor or descriptor too short
[  336.369688][ T5876] usb 3-1: config 1 has an invalid interface number: 160 but max is 0
[  336.380444][ T9439] can: request_module (can-proto-0) failed.
[  336.429878][ T5876] usb 3-1: config 1 has no interface number 0
[  336.457494][ T5876] usb 3-1: config 1 interface 160 has no altsetting 0
[  336.500171][ T5876] usb 3-1: New USB device found, idVendor=0c88, idProduct=0021, bcdDevice=19.47
[  336.526780][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.751156][ T5876] usb 3-1: Product: syz
[  336.793211][ T5876] usb 3-1: Manufacturer: syz
[  336.863882][ T5876] usb 3-1: SerialNumber: syz
[  337.679976][ T5876] usb 3-1: palm_os_4_probe - error -71 getting connection info
[  337.687613][ T5876] visor 3-1:1.160: Handspring Visor / Palm OS converter detected
[  337.778692][ T5876] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  337.838806][ T5876] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  338.081417][ T5876] usb 3-1: USB disconnect, device number 12
[  338.368823][ T5876] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  338.429151][ T5876] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  338.523108][ T5876] visor 3-1:1.160: device disconnected
[  339.062415][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1016'.
[  342.009955][ T9516] 9pnet_fd: Insufficient options for proto=fd
[  342.546691][ T9509] syz.1.1023 (9509): drop_caches: 2
[  342.659735][ T9509] Process accounting resumed
[  343.833169][ T9535] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  343.839583][ T9535] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  343.980047][ T9535] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  343.986019][ T9535] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  344.448704][   T25] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  344.664131][   T25] usb 2-1: config index 0 descriptor too short (expected 54704, got 145)
[  344.687889][   T25] usb 2-1: config 0 has an invalid interface number: 5 but max is 0
[  344.707959][   T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  344.748190][   T25] usb 2-1: config 0 has no interface number 0
[  344.762763][   T25] usb 2-1: config 0 interface 5 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  344.808663][   T25] usb 2-1: config 0 interface 5 has no altsetting 0
[  344.837347][   T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=a0.a0
[  344.848236][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.884598][   T25] usb 2-1: Product: syz
[  344.894840][   T25] usb 2-1: Manufacturer: syz
[  344.906758][   T25] usb 2-1: SerialNumber: syz
[  344.930152][   T25] usb 2-1: config 0 descriptor??
[  344.990203][   T25] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.5/input/input8
[  345.341960][ T5183] bcm5974 2-1:0.5: could not read from device
[  345.378120][ T5183] bcm5974 2-1:0.5: could not read from device
[  345.385913][   T25] usb 2-1: USB disconnect, device number 20
[  345.416669][ T9562] 9pnet_fd: Insufficient options for proto=fd
[  345.543958][   T29] audit: type=1804 audit(1739121531.566:65): pid=9565 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1043" name="/newroot/213/file0" dev="tmpfs" ino=1152 res=1 errno=0
[  345.546638][ T9565] ref_ctr going negative. vaddr: 0x400000ffc002, curr val: -29824, delta: 1
[  345.577682][ T9565] ref_ctr increment failed for inode: 0x480 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888034794e00
[  345.849991][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[  345.921037][ T9577] input: syz0 as /devices/virtual/input/input9
[  346.049522][ T5829] Bluetooth: hci3: command 0x0406 tx timeout
[  346.707529][ T9586] 9pnet_fd: p9_fd_create_unix (9586): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  347.944283][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[  348.169086][ T5829] Bluetooth: hci3: command 0x0406 tx timeout
[  348.358088][ T9604] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0
[  348.384550][ T9602] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  348.687716][   T25] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  348.945612][   T25] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  349.098565][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.135318][   T25] usb 6-1: config 0 descriptor??
[  349.218696][   T25] gspca_main: spca508-2.14.0 probing 8086:0110
[  349.464101][   T25] gspca_spca508: reg_read err -32
[  349.488818][   T25] gspca_spca508: reg_read err -32
[  349.702756][   T25] gspca_spca508: reg_read err -71
[  349.716203][ T9620] delete_channel: no stack
[  349.769413][   T25] gspca_spca508: reg_read err -71
[  349.800671][   T25] gspca_spca508: reg write: error -71
[  349.848449][   T25] spca508 6-1:0.0: probe with driver spca508 failed with error -71
[  349.870790][   T25] usb 6-1: USB disconnect, device number 12
[  349.971565][ T9626] input: syz0 as /devices/virtual/input/input10
[  351.050032][ T9640] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  351.614619][ T5138] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  351.625052][ T5138] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  351.645276][ T5138] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  351.655471][ T5138] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  351.664435][ T5138] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  351.671813][ T5138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  351.860343][ T9643] lo speed is unknown, defaulting to 1000
[  351.884861][ T9652] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1075'.
[  352.274507][   T25] IPVS: starting estimator thread 0...
[  352.379797][ T9660] IPVS: using max 19 ests per chain, 45600 per kthread
[  353.132726][    T8] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  353.147100][    T8] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  353.165101][ T9649] delete_channel: no stack
[  353.274362][ T9643] chnl_net:caif_netlink_parms(): no params data found
[  353.502442][ T9671] overlayfs: failed to resolve './file1': -2
[  353.799800][ T5138] Bluetooth: hci1: command tx timeout
[  353.970238][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1079'.
[  354.105475][ T9643] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.159806][ T9643] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.167214][ T9643] bridge_slave_0: entered allmulticast mode
[  354.191218][ T9643] bridge_slave_0: entered promiscuous mode
[  354.206466][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.229515][ T9643] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.238719][ T9643] bridge_slave_1: entered allmulticast mode
[  354.305315][ T9643] bridge_slave_1: entered promiscuous mode
[  354.451943][ T9643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  354.513101][ T9643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  354.842293][ T9643] team0: Port device team_slave_0 added
[  354.929721][ T9643] team0: Port device team_slave_1 added
[  355.045617][ T9643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.093840][ T9643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.219582][ T9643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.239266][ T9643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.256557][ T9643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.319506][ T9643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.506668][ T9643] hsr_slave_0: entered promiscuous mode
[  355.530851][ T9643] hsr_slave_1: entered promiscuous mode
[  355.547687][ T9643] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  355.567252][ T9643] Cannot create hsr debugfs directory
[  355.848594][ T5138] Bluetooth: hci1: command tx timeout
[  355.904676][ T9693] FAULT_INJECTION: forcing a failure.
[  355.904676][ T9693] name failslab, interval 1, probability 0, space 0, times 0
[  355.990483][ T9693] CPU: 1 UID: 0 PID: 9693 Comm: syz.2.1086 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  355.990510][ T9693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  355.990520][ T9693] Call Trace:
[  355.990526][ T9693]  <TASK>
[  355.990533][ T9693]  dump_stack_lvl+0x241/0x360
[  355.990563][ T9693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.990583][ T9693]  ? __pfx__printk+0x10/0x10
[  355.990606][ T9693]  ? ref_tracker_alloc+0x332/0x490
[  355.990624][ T9693]  should_fail_ex+0x40a/0x550
[  355.990644][ T9693]  should_failslab+0xac/0x100
[  355.990660][ T9693]  ? skb_clone+0x20c/0x390
[  355.990674][ T9693]  kmem_cache_alloc_noprof+0x70/0x380
[  355.990696][ T9693]  skb_clone+0x20c/0x390
[  355.990712][ T9693]  __netlink_deliver_tap+0x3cc/0x7f0
[  355.990737][ T9693]  ? netlink_deliver_tap+0x2e/0x1b0
[  355.990751][ T9693]  netlink_deliver_tap+0x19d/0x1b0
[  355.990766][ T9693]  netlink_sendskb+0x68/0x140
[  355.990796][ T9693]  netlink_unicast+0x39d/0x990
[  355.990824][ T9693]  ? __pfx_netlink_unicast+0x10/0x10
[  355.990845][ T9693]  ? __pfx___alloc_skb+0x10/0x10
[  355.990868][ T9693]  rtnl_unicast+0x50/0x60
[  355.990886][ T9693]  inet6_rtm_getroute+0x13dc/0x1d70
[  355.990915][ T9693]  ? __pfx_inet6_rtm_getroute+0x10/0x10
[  355.990953][ T9693]  ? rcu_read_unlock+0x87/0xa0
[  355.990966][ T9693]  ? __dev_queue_xmit+0x1775/0x3f50
[  355.990983][ T9693]  ? __pfx_lock_release+0x10/0x10
[  355.991015][ T9693]  ? __pfx_inet6_rtm_getroute+0x10/0x10
[  355.991038][ T9693]  rtnetlink_rcv_msg+0x791/0xcf0
[  355.991055][ T9693]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  355.991077][ T9693]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  355.991101][ T9693]  ? ref_tracker_free+0x643/0x7e0
[  355.991125][ T9693]  netlink_rcv_skb+0x1e3/0x430
[  355.991148][ T9693]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  355.991168][ T9693]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  355.991210][ T9693]  ? netlink_deliver_tap+0x2e/0x1b0
[  355.991227][ T9693]  netlink_unicast+0x7f6/0x990
[  355.991251][ T9693]  ? __pfx_netlink_unicast+0x10/0x10
[  355.991269][ T9693]  ? __virt_addr_valid+0x45f/0x530
[  355.991290][ T9693]  ? __phys_addr_symbol+0x2f/0x70
[  355.991309][ T9693]  ? __check_object_size+0x47a/0x730
[  355.991332][ T9693]  netlink_sendmsg+0x8e4/0xcb0
[  355.991355][ T9693]  ? __pfx_netlink_sendmsg+0x10/0x10
[  355.991377][ T9693]  ? __pfx_netlink_sendmsg+0x10/0x10
[  355.991388][ T9693]  __sock_sendmsg+0x221/0x270
[  355.991407][ T9693]  ____sys_sendmsg+0x52a/0x7e0
[  355.991427][ T9693]  ? __pfx_____sys_sendmsg+0x10/0x10
[  355.991439][ T9693]  ? __fget_files+0x2a/0x410
[  355.991458][ T9693]  ? __fget_files+0x2a/0x410
[  355.991481][ T9693]  __sys_sendmsg+0x269/0x350
[  355.991498][ T9693]  ? __pfx___sys_sendmsg+0x10/0x10
[  355.991520][ T9693]  ? do_sys_openat2+0x17a/0x1d0
[  355.991556][ T9693]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  355.991573][ T9693]  ? do_syscall_64+0x100/0x230
[  355.991592][ T9693]  ? do_syscall_64+0xb6/0x230
[  355.991610][ T9693]  do_syscall_64+0xf3/0x230
[  355.991626][ T9693]  ? clear_bhb_loop+0x35/0x90
[  355.991646][ T9693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.991661][ T9693] RIP: 0033:0x7f86dfb8cde9
[  355.991674][ T9693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.991685][ T9693] RSP: 002b:00007f86e09c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.991700][ T9693] RAX: ffffffffffffffda RBX: 00007f86dfda5fa0 RCX: 00007f86dfb8cde9
[  355.991710][ T9693] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000003
[  355.991719][ T9693] RBP: 00007f86e09c6090 R08: 0000000000000000 R09: 0000000000000000
[  355.991727][ T9693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.991735][ T9693] R13: 0000000000000000 R14: 00007f86dfda5fa0 R15: 00007ffe6aba10a8
[  355.991755][ T9693]  </TASK>
[  356.047783][ T9643] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  356.496490][ T9643] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  356.512075][ T9643] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  356.535677][ T9643] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  356.576415][    T8] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  356.588736][    T8] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  356.817109][ T9643] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.854361][ T9643] 8021q: adding VLAN 0 to HW filter on device team0
[  356.903029][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.911497][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.958086][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.965263][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  357.700235][ T9705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1090'.
[  357.855365][ T9643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.928561][ T5138] Bluetooth: hci1: command tx timeout
[  358.259774][ T5832] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  358.435787][ T5832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.523319][ T5832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.619981][ T5832] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  358.678550][ T5832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.732287][ T5832] usb 6-1: config 0 descriptor??
[  358.846041][ T9722] delete_channel: no stack
[  359.022965][ T9643] veth0_vlan: entered promiscuous mode
[  359.044515][ T9643] veth1_vlan: entered promiscuous mode
[  359.130440][ T9643] veth0_macvtap: entered promiscuous mode
[  359.177553][ T9643] veth1_macvtap: entered promiscuous mode
[  359.974150][ T5832] uclogic 0003:256C:006D.000E: failed retrieving Huion firmware version: -71
[  359.993672][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.018512][ T5832] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[  360.026193][ T5832] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71
[  360.120691][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.121014][ T5138] Bluetooth: hci1: command tx timeout
[  360.156029][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.196180][ T5832] usb 6-1: USB disconnect, device number 13
[  360.222131][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.297097][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.319434][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.334277][ T9643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  360.391501][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.417932][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.466638][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.512487][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.533718][ T9643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.607444][ T9643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.647373][ T9643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  360.664134][ T9643] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  360.674440][ T9643] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  360.683802][ T9643] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  360.697871][ T9643] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.296774][ T3561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.354918][ T3561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.710307][ T3561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.740869][ T3561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.015444][ T9730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  362.605556][ T9768] netlink: 'syz.5.1104': attribute type 2 has an invalid length.
[  363.048743][ T9777] 9pnet_fd: p9_fd_create_unix (9777): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  363.691832][ T9778] delete_channel: no stack
[  365.247192][ T9794] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1109'.
[  365.256465][ T9794] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1109'.
[  367.454276][ T9819] netlink: 260 bytes leftover after parsing attributes in process `syz.5.1118'.
[  367.643368][ T5876] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  367.890455][ T5876] usb 7-1: Using ep0 maxpacket: 8
[  368.168624][ T5876] usb 7-1: unable to get BOS descriptor or descriptor too short
[  368.228239][ T5876] usb 7-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 113, changing to 10
[  368.378447][ T5876] usb 7-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1040, setting to 1024
[  368.730956][ T5876] usb 7-1: config 1 interface 0 has no altsetting 0
[  368.754784][ T5876] usb 7-1: string descriptor 0 read error: -22
[  368.784083][ T5876] usb 7-1: New USB device found, idVendor=05ac, idProduct=021a, bcdDevice= 0.40
[  368.796692][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  368.807538][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  368.815953][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  368.829988][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  368.848553][ T5829] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  368.857518][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  368.898891][ T5876] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.917015][ T9831] lo speed is unknown, defaulting to 1000
[  369.016028][ T9815] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  370.021496][ T9815] xt_l2tp: missing protocol rule (udp|l2tpip)
[  370.674337][ T9831] chnl_net:caif_netlink_parms(): no params data found
[  370.890707][ T5829] Bluetooth: hci4: command tx timeout
[  371.410047][ T5876] appletouch 7-1:1.0: Geyser mode initialized.
[  371.440153][ T5876] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input11
[  371.468119][ T9831] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.498921][ T9831] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.508301][ T9831] bridge_slave_0: entered allmulticast mode
[  371.534825][ T9831] bridge_slave_0: entered promiscuous mode
[  371.560576][ T9831] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.606289][ T9831] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.625069][ T9831] bridge_slave_1: entered allmulticast mode
[  371.668752][ T9831] bridge_slave_1: entered promiscuous mode
[  371.720756][   T25] usb 7-1: USB disconnect, device number 2
[  371.720873][    C0] appletouch 7-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  371.797182][   T25] appletouch 7-1:1.0: input: appletouch disconnected
[  371.809901][ T9831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.853842][ T9831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  371.889274][ T9870] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1129'.
[  371.927715][ T9831] team0: Port device team_slave_0 added
[  371.947974][ T9831] team0: Port device team_slave_1 added
[  372.218060][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.258948][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.316053][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.329927][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.494686][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.551629][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.628625][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.637640][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.708757][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'.
[  372.922193][ T9831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  373.008471][ T5829] Bluetooth: hci4: command tx timeout
[  373.161308][ T9831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  373.188492][ T9831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  373.201090][ T9831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  373.208073][ T9831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  373.234114][ T9831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  373.301968][ T9831] hsr_slave_0: entered promiscuous mode
[  373.315183][ T9831] hsr_slave_1: entered promiscuous mode
[  373.324777][ T9831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  373.333129][ T9831] Cannot create hsr debugfs directory
[  374.935563][ T9831] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  374.972837][ T9831] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  375.097092][ T5829] Bluetooth: hci4: command tx timeout
[  375.112976][ T9831] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  375.868487][ T9831] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  377.070826][ T9931] netlink: 'syz.5.1149': attribute type 2 has an invalid length.
[  377.120881][ T9831] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.128586][ T5829] Bluetooth: hci4: command tx timeout
[  377.196734][ T9831] 8021q: adding VLAN 0 to HW filter on device team0
[  377.214121][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.221347][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.259898][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.267057][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  378.004775][ T9941] FAULT_INJECTION: forcing a failure.
[  378.004775][ T9941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.018704][ T9941] CPU: 1 UID: 0 PID: 9941 Comm: syz.2.1151 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  378.018729][ T9941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  378.018740][ T9941] Call Trace:
[  378.018746][ T9941]  <TASK>
[  378.018753][ T9941]  dump_stack_lvl+0x241/0x360
[  378.018784][ T9941]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.018808][ T9941]  ? __pfx__printk+0x10/0x10
[  378.018832][ T9941]  ? __pfx_lock_release+0x10/0x10
[  378.018860][ T9941]  should_fail_ex+0x40a/0x550
[  378.018882][ T9941]  _copy_from_user+0x2d/0xb0
[  378.018900][ T9941]  generic_map_update_batch+0x5ba/0x900
[  378.018936][ T9941]  ? __pfx_generic_map_update_batch+0x10/0x10
[  378.018957][ T9941]  ? __fget_files+0x395/0x410
[  378.018977][ T9941]  ? __fget_files+0x2a/0x410
[  378.019004][ T9941]  ? __pfx_generic_map_update_batch+0x10/0x10
[  378.019025][ T9941]  bpf_map_do_batch+0x39a/0x660
[  378.019048][ T9941]  __sys_bpf+0x377/0x810
[  378.019067][ T9941]  ? __pfx___sys_bpf+0x10/0x10
[  378.019096][ T9941]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  378.019118][ T9941]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  378.019145][ T9941]  ? do_syscall_64+0x100/0x230
[  378.019171][ T9941]  __x64_sys_bpf+0x7c/0x90
[  378.019187][ T9941]  do_syscall_64+0xf3/0x230
[  378.019208][ T9941]  ? clear_bhb_loop+0x35/0x90
[  378.019231][ T9941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.019251][ T9941] RIP: 0033:0x7f86dfb8cde9
[  378.019267][ T9941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.019281][ T9941] RSP: 002b:00007f86e0984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  378.019299][ T9941] RAX: ffffffffffffffda RBX: 00007f86dfda6160 RCX: 00007f86dfb8cde9
[  378.019311][ T9941] RDX: 0000000000000038 RSI: 0000400000000200 RDI: 000000000000001a
[  378.019321][ T9941] RBP: 00007f86e0984090 R08: 0000000000000000 R09: 0000000000000000
[  378.019332][ T9941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  378.019341][ T9941] R13: 0000000000000000 R14: 00007f86dfda6160 R15: 00007ffe6aba10a8
[  378.019367][ T9941]  </TASK>
[  379.270914][ T9831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  379.532730][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  380.233215][ T9967] __nla_validate_parse: 44 callbacks suppressed
[  380.233234][ T9967] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1159'.
[  380.498692][ T9967] netlink: 'syz.2.1159': attribute type 1 has an invalid length.
[  381.229997][ T9978] gretap0: entered promiscuous mode
[  381.235784][ T9978] macvtap1: entered promiscuous mode
[  381.254757][ T9978] gretap0: left promiscuous mode
[  381.357872][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.367833][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.377504][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.407796][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.458623][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.467599][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.501996][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.533263][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.564274][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1161'.
[  381.601137][ T9986] tipc: Started in network mode
[  381.606191][ T9986] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[  381.646242][ T9986] tipc: Enabled bearer <udp:syz0>, priority 10
[  381.751339][ T9831] veth0_vlan: entered promiscuous mode
[  381.778114][ T9831] veth1_vlan: entered promiscuous mode
[  381.816190][ T9831] veth0_macvtap: entered promiscuous mode
[  381.842053][ T9831] veth1_macvtap: entered promiscuous mode
[  381.960427][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.988464][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.998882][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.009486][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.029450][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.042268][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.052719][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.063821][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.076138][ T9831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  382.110472][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.165468][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.188202][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.209406][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.220642][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.232186][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.242406][ T9831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  382.253757][ T9831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.273511][ T9831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  382.294003][ T9831] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.309214][ T9831] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.318034][ T9831] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.360730][ T9831] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.562882][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.589747][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.678017][ T5872] tipc: Node number set to 4269801491
[  382.724641][ T9997] lo speed is unknown, defaulting to 1000
[  382.758873][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.798735][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.943263][T10011] FAULT_INJECTION: forcing a failure.
[  382.943263][T10011] name failslab, interval 1, probability 0, space 0, times 0
[  382.957584][T10011] CPU: 0 UID: 0 PID: 10011 Comm: syz.2.1171 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  382.957608][T10011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  382.957618][T10011] Call Trace:
[  382.957624][T10011]  <TASK>
[  382.957631][T10011]  dump_stack_lvl+0x241/0x360
[  382.957663][T10011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.957686][T10011]  ? __pfx__printk+0x10/0x10
[  382.957711][T10011]  ? __kmalloc_cache_noprof+0x48/0x390
[  382.957733][T10011]  ? __pfx___might_resched+0x10/0x10
[  382.957762][T10011]  should_fail_ex+0x40a/0x550
[  382.957785][T10011]  should_failslab+0xac/0x100
[  382.957806][T10011]  __kmalloc_cache_noprof+0x70/0x390
[  382.957825][T10011]  ? v9fs_mount+0xb2/0xa90
[  382.957846][T10011]  v9fs_mount+0xb2/0xa90
[  382.957865][T10011]  ? __kasan_kmalloc+0x98/0xb0
[  382.957882][T10011]  ? __pfx_v9fs_mount+0x10/0x10
[  382.957897][T10011]  ? __kmalloc_cache_noprof+0x243/0x390
[  382.957919][T10011]  ? rcu_is_watching+0x15/0xb0
[  382.957942][T10011]  ? cap_capable+0x139/0x450
[  382.957966][T10011]  legacy_get_tree+0xee/0x190
[  382.957985][T10011]  ? __pfx_v9fs_mount+0x10/0x10
[  382.958003][T10011]  vfs_get_tree+0x90/0x2b0
[  382.958023][T10011]  do_new_mount+0x2be/0xb40
[  382.958047][T10011]  ? __pfx_do_new_mount+0x10/0x10
[  382.958075][T10011]  __se_sys_mount+0x2d6/0x3c0
[  382.958100][T10011]  ? __pfx___se_sys_mount+0x10/0x10
[  382.958121][T10011]  ? do_syscall_64+0x100/0x230
[  382.958145][T10011]  ? __x64_sys_mount+0x20/0xc0
[  382.958166][T10011]  do_syscall_64+0xf3/0x230
[  382.958187][T10011]  ? clear_bhb_loop+0x35/0x90
[  382.958211][T10011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.958231][T10011] RIP: 0033:0x7f86dfb8cde9
[  382.958246][T10011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.958259][T10011] RSP: 002b:00007f86e09c6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  382.958277][T10011] RAX: ffffffffffffffda RBX: 00007f86dfda5fa0 RCX: 00007f86dfb8cde9
[  382.958288][T10011] RDX: 00004000000002c0 RSI: 0000400000000180 RDI: 0000000000000000
[  382.958299][T10011] RBP: 00007f86e09c6090 R08: 0000400000001540 R09: 0000000000000000
[  382.958310][T10011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  382.958320][T10011] R13: 0000000000000000 R14: 00007f86dfda5fa0 R15: 00007ffe6aba10a8
[  382.958346][T10011]  </TASK>
[  385.133577][T10039] delete_channel: no stack
[  385.234595][T10046] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  385.244342][T10046] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  386.094404][T10051] __nla_validate_parse: 83 callbacks suppressed
[  386.094447][T10051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1182'.
[  387.510995][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.565219][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.634102][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.644967][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.655752][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.666773][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.680374][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.690609][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  387.719452][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1187'.
[  389.585412][T10026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  389.688222][T10079] overlayfs: failed to clone upperpath
[  389.714986][   T25] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  389.727138][   T25] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  389.788871][   T25] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  389.829099][T10081] delete_channel: no stack
[  389.998602][ T5872] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  390.527879][T10093] vlan0: entered allmulticast mode
[  390.598590][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  390.609731][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.664851][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.725511][ T5872] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  390.741825][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.777540][ T5872] usb 3-1: config 0 descriptor??
[  392.259553][T10110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.424809][T10110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.053031][ T5872] usbhid 3-1:0.0: can't add hid device: -71
[  394.063678][ T5872] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  394.121567][ T5872] usb 3-1: USB disconnect, device number 13
[  395.188435][    T8] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  395.337205][T10136] __nla_validate_parse: 40 callbacks suppressed
[  395.337218][T10136] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1209'.
[  395.352570][T10136] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1209'.
[  395.380483][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.076857][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.102342][    T8] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  396.151093][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.186454][    T8] usb 8-1: config 0 descriptor??
[  396.617411][T10151] netlink: 'syz.2.1212': attribute type 10 has an invalid length.
[  396.826769][T10151] 8021q: adding VLAN 0 to HW filter on device team0
[  396.868646][T10151] 
: (slave team0): Enslaving as an active interface with an up link
[  398.020552][    T8] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:256C:006D.0010/input/input12
[  398.045974][T10157] tty tty31: ldisc open failed (-12), clearing slot 30
[  398.135656][    T8] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:256C:006D.0010/input/input13
[  398.217804][T10148] netlink: 'syz.2.1212': attribute type 4 has an invalid length.
[  398.226452][T10148] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1212'.
[  398.349658][    T8] uclogic 0003:256C:006D.0010: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.7-1/input0
[  398.379109][    T8] usb 8-1: USB disconnect, device number 2
[  398.736080][T10167] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1218'.
[  398.745188][T10167] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1218'.
[  399.524811][T10128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.742314][T10186] netlink: 188 bytes leftover after parsing attributes in process `syz.6.1225'.
[  399.751739][T10186] netlink: 'syz.6.1225': attribute type 1 has an invalid length.
[  407.529491][T10252] batman_adv: batadv0: Adding interface: dummy0
[  407.535799][T10252] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  407.561051][    C1] vkms_vblank_simulate: vblank timer overrun
[  408.002194][T10252] batman_adv: batadv0: Interface activated: dummy0
[  408.063479][T10256] overlayfs: failed to clone upperpath
[  408.291619][T10264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1247'.
[  408.671501][T10276] x_tables: ip_tables: ah match: only valid for protocol 51
[  410.610281][T10291] veth0_macvtap: mtu less than device minimum
[  413.391752][T10324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1264'.
[  413.400872][T10324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1264'.
[  414.031220][T10334] veth0_macvtap: mtu less than device minimum
[  414.106542][T10338] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1267'.
[  416.742218][T10364] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1277'.
[  417.439794][T10374] veth0_macvtap: mtu less than device minimum
[  417.781623][ T5832] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  417.810539][T10386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1285'.
[  417.981615][ T5832] usb 6-1: unable to get BOS descriptor or descriptor too short
[  418.286915][ T5832] usb 6-1: config 6 has an invalid interface number: 4 but max is 0
[  418.307305][ T5832] usb 6-1: config 6 has no interface number 0
[  418.324998][ T5832] usb 6-1: config 6 interface 4 has no altsetting 0
[  418.335361][ T5832] usb 6-1: New USB device found, idVendor=19d2, idProduct=1008, bcdDevice=be.d4
[  418.344590][ T5832] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.353347][ T5832] usb 6-1: Product: ј
[  418.357533][ T5832] usb 6-1: Manufacturer: 㰊
[  418.362545][ T5832] usb 6-1: SerialNumber: syz
[  418.555667][T10393] netlink: 'syz.6.1289': attribute type 8 has an invalid length.
[  418.616561][ T5832] usb 6-1: USB disconnect, device number 14
[  422.655201][    T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  423.022520][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.042328][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.393524][    T8] usb 8-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  423.646379][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.732338][    T8] usb 8-1: config 0 descriptor??
[  424.885996][    T8] hid-generic 0003:05AC:4262.0011: unbalanced delimiter at end of report description
[  424.908867][    T8] hid-generic 0003:05AC:4262.0011: probe with driver hid-generic failed with error -22
[  426.233086][ T5876] usb 8-1: USB disconnect, device number 3
[  426.386236][T10469] netlink: 188 bytes leftover after parsing attributes in process `syz.6.1311'.
[  426.402356][T10469] netlink: 'syz.6.1311': attribute type 1 has an invalid length.
[  426.561176][T10477] kAFS: unable to lookup cell 'sy>7 ��O-z1'
[  427.445335][T10483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1315'.
[  432.098764][ T5832] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  432.740852][ T5832] usb 7-1: config index 0 descriptor too short (expected 54704, got 145)
[  432.768259][ T5832] usb 7-1: config 0 has an invalid interface number: 5 but max is 0
[  432.798231][ T5832] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.273234][ T5832] usb 7-1: config 0 has no interface number 0
[  433.280917][ T5832] usb 7-1: config 0 interface 5 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  433.295775][ T5832] usb 7-1: config 0 interface 5 has no altsetting 0
[  433.311571][T10528] overlayfs: failed to clone upperpath
[  433.360990][ T5832] usb 7-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=a0.a0
[  433.405305][ T5832] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.430493][ T5832] usb 7-1: Product: syz
[  433.436842][ T5832] usb 7-1: Manufacturer: syz
[  433.469083][ T5832] usb 7-1: SerialNumber: syz
[  433.639873][ T5832] usb 7-1: config 0 descriptor??
[  434.509217][ T5832] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.5/input/input14
[  434.580336][ T5183] bcm5974 7-1:0.5: could not read from device
[  434.610648][ T5183] bcm5974 7-1:0.5: could not read from device
[  434.619739][T10537] overlayfs: failed to clone upperpath
[  434.641990][ T5832] usb 7-1: USB disconnect, device number 3
[  435.131261][T10550] netlink: 188 bytes leftover after parsing attributes in process `syz.7.1336'.
[  435.323725][T10550] netlink: 'syz.7.1336': attribute type 1 has an invalid length.
[  436.891668][T10575] veth0_macvtap: mtu less than device minimum
[  437.777430][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1350'.
[  437.910009][ T5872] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  438.006271][   T29] audit: type=1326 audit(1739121624.026:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.672017][   T29] audit: type=1326 audit(1739121624.026:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.694509][   T29] audit: type=1326 audit(1739121624.026:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.757232][ T5872] usb 8-1: config index 0 descriptor too short (expected 54704, got 145)
[  438.791694][ T5872] usb 8-1: config 0 has an invalid interface number: 5 but max is 0
[  438.815636][   T29] audit: type=1326 audit(1739121624.026:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.846612][ T5872] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.867142][ T5872] usb 8-1: config 0 has no interface number 0
[  438.875227][ T5872] usb 8-1: config 0 interface 5 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  438.947381][   T29] audit: type=1326 audit(1739121624.026:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.977442][ T5872] usb 8-1: config 0 interface 5 has no altsetting 0
[  438.987787][   T29] audit: type=1326 audit(1739121624.026:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  438.988720][ T5872] usb 8-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=a0.a0
[  439.003118][T10611] vlan2: entered promiscuous mode
[  439.024852][ T5872] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.039327][T10611] bridge0: entered promiscuous mode
[  439.043422][ T5907] IPVS: starting estimator thread 0...
[  439.050819][   T29] audit: type=1326 audit(1739121624.026:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  439.069389][T10611] bridge0: port 3(vlan2) entered blocking state
[  439.073059][ T5872] usb 8-1: Product: syz
[  439.085165][ T5872] usb 8-1: Manufacturer: syz
[  439.090172][ T5872] usb 8-1: SerialNumber: syz
[  439.095281][   T29] audit: type=1326 audit(1739121624.026:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  439.100367][T10611] bridge0: port 3(vlan2) entered disabled state
[  439.125720][ T5872] usb 8-1: config 0 descriptor??
[  439.138923][ T5872] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.5/input/input15
[  439.148898][T10611] vlan2: entered allmulticast mode
[  439.151127][   T29] audit: type=1326 audit(1739121624.026:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  439.167916][T10611] bridge0: entered allmulticast mode
[  439.178366][T10613] IPVS: using max 28 ests per chain, 67200 per kthread
[  439.190626][   T29] audit: type=1326 audit(1739121624.026:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10597 comm="syz.3.1354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0238cde9 code=0x7ffc0000
[  439.250760][T10611] vlan2: left allmulticast mode
[  439.287235][T10611] bridge0: left allmulticast mode
[  439.305899][T10611] bridge0: left promiscuous mode
[  439.973977][ T5183] bcm5974 8-1:0.5: could not read from device
[  439.997557][ T5183] bcm5974 8-1:0.5: could not read from device
[  440.018760][ T5183] bcm5974 8-1:0.5: could not read from device
[  440.025993][ T5872] usb 8-1: USB disconnect, device number 4
[  440.112636][ T6000] udevd[6000]: setting mode of /dev/bus/usb/008/004 to 020664 failed: No such file or directory
[  440.179632][ T6000] udevd[6000]: setting owner of /dev/bus/usb/008/004 to uid=0, gid=0 failed: No such file or directory
[  440.327895][T10622] veth0_macvtap: mtu less than device minimum
[  441.075403][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  441.976615][T10644] delete_channel: no stack
[  442.120932][T10648] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  443.139961][T10651] netlink: 'syz.2.1366': attribute type 10 has an invalid length.
[  443.165355][T10650] bridge2: entered promiscuous mode
[  443.195537][T10650] bridge2: entered allmulticast mode
[  443.256770][T10650] team0: Port device bridge2 added
[  443.469809][T10651] 
: (slave netdevsim0): Enslaving as an active interface with an up link
[  443.506325][T10660] veth0_macvtap: mtu less than device minimum
[  444.128848][ T5876] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  444.564965][ T5876] usb 3-1: config index 0 descriptor too short (expected 54704, got 145)
[  444.588506][ T5876] usb 3-1: config 0 has an invalid interface number: 5 but max is 0
[  444.596630][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  444.607004][ T5876] usb 3-1: config 0 has no interface number 0
[  444.618699][ T5876] usb 3-1: config 0 interface 5 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  444.640546][ T5876] usb 3-1: config 0 interface 5 has no altsetting 0
[  444.655002][ T5876] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=a0.a0
[  444.680590][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.718505][ T5876] usb 3-1: Product: syz
[  444.722735][ T5876] usb 3-1: Manufacturer: syz
[  444.727348][ T5876] usb 3-1: SerialNumber: syz
[  444.789772][ T5876] usb 3-1: config 0 descriptor??
[  444.832393][ T5876] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.5/input/input16
[  445.113255][ T5183] bcm5974 3-1:0.5: could not read from device
[  445.161708][ T5183] bcm5974 3-1:0.5: could not read from device
[  445.186834][ T5183] bcm5974 3-1:0.5: could not read from device
[  445.196323][ T5876] usb 3-1: USB disconnect, device number 14
[  445.311470][ T5183] bcm5974 3-1:0.5: could not read from device
[  446.309056][ T5872] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  446.458542][ T5872] usb 6-1: Using ep0 maxpacket: 8
[  446.479560][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  446.534967][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  446.863711][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  446.873679][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  446.884923][ T5872] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  446.895062][ T5872] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  446.904284][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.934818][ T5872] usb 6-1: config 0 descriptor??
[  446.969691][T10699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  446.993502][T10707] overlayfs: failed to clone upperpath
[  447.285185][T10699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.399097][T10699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.468135][T10699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  448.174013][T10699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.691510][ T5874] usb 6-1: USB disconnect, device number 15
[  448.703734][ T5829] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  448.940633][T10721] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  449.448489][T10556] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  450.160986][   T29] kauditd_printk_skb: 66 callbacks suppressed
[  450.161006][   T29] audit: type=1804 audit(1739121636.186:142): pid=10744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1395" name="file0" dev="tmpfs" ino=2066 res=1 errno=0
[  452.397909][T10769] ipt_REJECT: ECHOREPLY no longer supported.
[  452.559032][ T5874] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  453.049156][ T5874] usb 6-1: Using ep0 maxpacket: 8
[  453.062035][ T5874] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  453.078572][ T5874] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  453.098525][ T5874] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  453.131925][ T5874] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  453.200897][ T5874] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  453.311718][ T5874] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  453.459985][T10776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1405'.
[  453.741647][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.759724][ T5874] usb 6-1: config 0 descriptor??
[  453.767619][T10768] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  454.104230][T10768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.193634][T10768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.253535][T10768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.337609][T10768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.480916][ T5874] usb 6-1: USB disconnect, device number 16
[  454.482882][ T5829] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  455.431982][ T5832] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  455.624967][ T5832] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  455.730165][ T5832] usb 8-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  455.878120][ T5832] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.076024][ T5872] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  456.099080][ T5832] usb 8-1: config 0 descriptor??
[  456.259023][ T5872] usb 3-1: device descriptor read/64, error -71
[  456.716915][T10808] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1418'.
[  456.769991][ T5872] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  456.924510][ T5872] usb 3-1: device descriptor read/64, error -71
[  457.061057][ T5872] usb usb3-port1: attempt power cycle
[  457.718650][ T5872] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  457.768225][ T5872] usb 3-1: device descriptor read/8, error -71
[  458.025220][ T5872] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  458.063934][ T5872] usb 3-1: device descriptor read/8, error -71
[  458.103718][T10556] usb 8-1: USB disconnect, device number 5
[  458.123427][T10831] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  458.199050][ T5872] usb usb3-port1: unable to enumerate USB device
[  458.207375][T10833] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  458.984456][T10846] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1431'.
[  459.008499][T10846] netlink: 'syz.5.1431': attribute type 7 has an invalid length.
[  459.022438][T10846] netlink: 'syz.5.1431': attribute type 8 has an invalid length.
[  459.030734][T10846] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1431'.
[  459.330979][   T29] audit: type=1804 audit(1739121645.346:143): pid=10865 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1436" name="file0" dev="tmpfs" ino=2144 res=1 errno=0
[  459.404699][T10867] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1434'.
[  459.504474][T10869] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1434'.
[  459.866983][T10867] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1434'.
[  460.126549][T10875] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  460.138959][T10875] bond0: (slave lo): Error: Device can not be enslaved while up
[  460.682328][T10883] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1442'.
[  460.792459][T10883] netlink: 108 bytes leftover after parsing attributes in process `syz.7.1442'.
[  460.880420][T10887] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1443'.
[  460.890078][T10887] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1443'.
[  462.277267][T10899] netlink: 'syz.3.1447': attribute type 4 has an invalid length.
[  463.688000][   T29] audit: type=1804 audit(1739121649.706:144): pid=10926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1454" name="file0" dev="tmpfs" ino=2175 res=1 errno=0
[  465.847284][T10948] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  465.898760][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  465.925484][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  465.959418][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.008786][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.032310][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.083564][T10958] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1466'.
[  466.092948][T10958] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1466'.
[  466.102646][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.119629][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.130018][T10952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  466.161097][   T29] audit: type=1804 audit(1739121652.166:145): pid=10961 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.1467" name="/newroot/57/file0" dev="tmpfs" ino=325 res=1 errno=0
[  468.376633][T11001] overlayfs: failed to clone upperpath
[  468.555989][T11006] input: syz0 as /devices/virtual/input/input17
[  469.249263][T11013] FAULT_INJECTION: forcing a failure.
[  469.249263][T11013] name failslab, interval 1, probability 0, space 0, times 0
[  469.316800][T11013] CPU: 0 UID: 0 PID: 11013 Comm: syz.2.1483 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  469.316828][T11013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  469.316839][T11013] Call Trace:
[  469.316845][T11013]  <TASK>
[  469.316853][T11013]  dump_stack_lvl+0x241/0x360
[  469.316887][T11013]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.316910][T11013]  ? __pfx__printk+0x10/0x10
[  469.316936][T11013]  ? __kmalloc_noprof+0xb5/0x4c0
[  469.316957][T11013]  ? __pfx___might_resched+0x10/0x10
[  469.316980][T11013]  should_fail_ex+0x40a/0x550
[  469.317004][T11013]  should_failslab+0xac/0x100
[  469.317026][T11013]  __kmalloc_noprof+0xdd/0x4c0
[  469.317046][T11013]  ? fib6_info_alloc+0x2e/0xf0
[  469.317065][T11013]  fib6_info_alloc+0x2e/0xf0
[  469.317082][T11013]  ip6_route_info_create+0x445/0x12b0
[  469.317114][T11013]  inet6_rtm_newroute+0x71a/0x2100
[  469.317159][T11013]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  469.317180][T11013]  ? __mutex_trylock_common+0x183/0x2e0
[  469.317204][T11013]  ? __pfx___might_resched+0x10/0x10
[  469.317245][T11013]  ? __mutex_lock+0x397/0x1010
[  469.317298][T11013]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  469.317324][T11013]  rtnetlink_rcv_msg+0x73f/0xcf0
[  469.317342][T11013]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  469.317366][T11013]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  469.317391][T11013]  ? ref_tracker_free+0x643/0x7e0
[  469.317417][T11013]  netlink_rcv_skb+0x1e3/0x430
[  469.317443][T11013]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  469.317463][T11013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  469.317507][T11013]  ? netlink_deliver_tap+0x2e/0x1b0
[  469.317527][T11013]  netlink_unicast+0x7f6/0x990
[  469.317556][T11013]  ? __pfx_netlink_unicast+0x10/0x10
[  469.317576][T11013]  ? __virt_addr_valid+0x45f/0x530
[  469.317598][T11013]  ? __phys_addr_symbol+0x2f/0x70
[  469.317618][T11013]  ? __check_object_size+0x47a/0x730
[  469.317642][T11013]  netlink_sendmsg+0x8e4/0xcb0
[  469.317670][T11013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  469.317698][T11013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  469.317713][T11013]  __sock_sendmsg+0x221/0x270
[  469.317737][T11013]  ____sys_sendmsg+0x52a/0x7e0
[  469.317762][T11013]  ? __pfx_____sys_sendmsg+0x10/0x10
[  469.317777][T11013]  ? __fget_files+0x2a/0x410
[  469.317800][T11013]  ? __fget_files+0x2a/0x410
[  469.317828][T11013]  __sys_sendmsg+0x269/0x350
[  469.317850][T11013]  ? __pfx___sys_sendmsg+0x10/0x10
[  469.317878][T11013]  ? do_sys_openat2+0x17a/0x1d0
[  469.317925][T11013]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  469.317947][T11013]  ? do_syscall_64+0x100/0x230
[  469.317971][T11013]  ? do_syscall_64+0xb6/0x230
[  469.317994][T11013]  do_syscall_64+0xf3/0x230
[  469.318015][T11013]  ? clear_bhb_loop+0x35/0x90
[  469.318039][T11013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.318060][T11013] RIP: 0033:0x7f86dfb8cde9
[  469.318075][T11013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.318089][T11013] RSP: 002b:00007f86e09c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  469.318108][T11013] RAX: ffffffffffffffda RBX: 00007f86dfda5fa0 RCX: 00007f86dfb8cde9
[  469.318119][T11013] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000003
[  469.318130][T11013] RBP: 00007f86e09c6090 R08: 0000000000000000 R09: 0000000000000000
[  469.318140][T11013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.318149][T11013] R13: 0000000000000000 R14: 00007f86dfda5fa0 R15: 00007ffe6aba10a8
[  469.318175][T11013]  </TASK>
[  473.115403][T11056] __nla_validate_parse: 44 callbacks suppressed
[  473.115487][T11056] netlink: 27 bytes leftover after parsing attributes in process `syz.7.1493'.
[  474.354107][T11075] delete_channel: no stack
[  476.206682][T10556] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  476.663643][T11118] overlayfs: failed to clone upperpath
[  476.689334][T10556] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  476.728412][T10556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.756225][T10556] usb 3-1: config 0 descriptor??
[  476.996963][T11112] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1512'.
[  477.006053][T11112] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1512'.
[  477.025851][T10556] kaweth 3-1:0.0: Firmware present in device.
[  477.034199][T11123] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1516'.
[  477.069321][T11123] input: syz0 as /devices/virtual/input/input18
[  477.188636][T10556] kaweth 3-1:0.0: Statistics collection: 0
[  477.204476][T10556] kaweth 3-1:0.0: Multicast filter limit: 0
[  477.217017][T10556] kaweth 3-1:0.0: MTU: 0
[  477.224747][T10556] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00
[  477.606402][T10556] kaweth 3-1:0.0: Error setting SOFS wait
[  477.617294][T10556] kaweth 3-1:0.0: probe with driver kaweth failed with error -5
[  477.637489][T10556] usb 3-1: USB disconnect, device number 20
[  478.983458][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[  479.502428][T10556] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  479.842250][    T8] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  479.868938][T10556] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  479.881668][T10556] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  479.922824][T10556] usb 3-1: config 0 has no interface number 0
[  479.932030][T10556] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  479.955745][T10556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.981901][T10556] usb 3-1: Product: syz
[  479.986501][T10556] usb 3-1: Manufacturer: syz
[  479.992809][T10556] usb 3-1: SerialNumber: syz
[  480.049633][    T8] usb 8-1: Using ep0 maxpacket: 8
[  480.160060][T10556] usb 3-1: config 0 descriptor??
[  480.210041][    T8] usb 8-1: config 0 interface 0 has no altsetting 0
[  480.278715][T10556] ims_pcu 3-1:0.41: Missing CDC union descriptor
[  480.291675][    T8] usb 8-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=c4.d4
[  480.326860][T10556] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22
[  480.338401][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.810592][    T8] usb 8-1: config 0 descriptor??
[  480.819637][    T8] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[  480.837302][    T8] usb 8-1: selecting invalid altsetting 0
[  480.867147][    T8] cxusb: set interface failed
[  480.893263][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  480.954093][ T5876] usb 3-1: USB disconnect, device number 21
[  480.981746][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  481.035403][    T8] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[  481.058624][    T8] usb 8-1: media controller created
[  481.610226][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  481.903260][    T8] DVB: Unable to find symbol lgdt330x_attach()
[  481.926190][    T8] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[  481.951195][T11204] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1541'.
[  482.049648][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  482.263372][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[  482.421537][    T8] usb 8-1: USB disconnect, device number 6
[  482.497731][    T8] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  482.885612][T11222] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1546'.
[  482.900882][T11222] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  483.817445][T11229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1550'.
[  484.137486][T11220] loop2: detected capacity change from 0 to 7
[  484.157113][T11220]  loop2: [POWERTEC] p1 p2 p3 p4
[  484.165157][T11232] syzkaller1: entered promiscuous mode
[  484.170860][T11232] syzkaller1: entered allmulticast mode
[  484.200293][T11220] loop2: p1 start 1179648 is beyond EOD, truncated
[  484.206867][T11220] loop2: p2 start 3310731404 is beyond EOD, truncated
[  484.295535][T11220] loop2: p3 start 590693049 is beyond EOD, truncated
[  484.328090][T11220] loop2: p4 start 1635021614 is beyond EOD, truncated
[  484.399640][   T29] audit: type=1804 audit(1739122183.210:146): pid=11239 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1555" name="file0" dev="tmpfs" ino=2339 res=1 errno=0
[  484.590776][    T8] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  484.976911][    T8] usb 6-1: Using ep0 maxpacket: 8
[  484.982492][T11243] netlink: 'syz.2.1553': attribute type 2 has an invalid length.
[  484.999352][T11236] delete_channel: no stack
[  485.004665][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  485.035804][    T8] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC7, changing to 0x87
[  485.058551][T11248] IPVS: Error connecting to the multicast addr
[  485.072971][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  485.095943][    T8] usb 6-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  485.112957][T11251] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  485.122228][T11251] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  485.131327][T11251] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  485.140326][T11251] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  485.149474][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.149500][    T8] usb 6-1: Product: syz
[  485.149515][    T8] usb 6-1: Manufacturer: syz
[  485.149530][    T8] usb 6-1: SerialNumber: syz
[  485.151507][    T8] usb 6-1: config 0 descriptor??
[  485.185616][    T8] smsusb:smsusb_probe: board id=2, interface number 0
[  485.197068][    T8] smsusb:siano_media_device_register: media controller created
[  485.207850][    T8] ------------[ cut here ]------------
[  485.213561][    T8] usb 6-1: BOGUS urb xfer, pipe 3 != type 1
[  485.221015][    T8] WARNING: CPU: 0 PID: 8 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0
[  485.231622][    T8] Modules linked in:
[  485.235557][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  485.246529][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  485.256939][    T8] Workqueue: usb_hub_wq hub_event
[  485.262201][    T8] RIP: 0010:usb_submit_urb+0xc4e/0x18c0
[  485.267964][    T8] Code: f8 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 b1 08 00 00 45 8b 07 48 c7 c7 60 9e af 8c 48 8b 34 24 4c 89 e2 89 e9 e8 d3 fb 1d fa 90 <0f> 0b 90 90 48 8b 5c 24 30 41 89 dc 4c 89 e7 48 c7 c6 90 58 59 8f
[  485.287792][    T8] RSP: 0018:ffffc900000d6a48 EFLAGS: 00010246
[  485.293949][    T8] RAX: 9cf71c4266536e00 RBX: dffffc0000000000 RCX: 0000000000100000
[  485.302111][    T8] RDX: ffffc9001a278000 RSI: 0000000000065c24 RDI: 0000000000065c25
[  485.310103][    T8] RBP: 0000000000000003 R08: ffffffff81800b32 R09: fffffbfff1cfa588
[  485.318357][    T8] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: ffff8880274bbea0
[  485.326541][    T8] R13: ffff88814c8afb00 R14: 0000000000000001 R15: ffffffff8caf9c4c
[  485.334672][    T8] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  485.343997][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  485.350778][    T8] CR2: 00007f22a17a7bac CR3: 000000000e738000 CR4: 00000000003526f0
[  485.358825][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  485.366978][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  485.375171][    T8] Call Trace:
[  485.378479][    T8]  <TASK>
[  485.381427][    T8]  ? __warn+0x165/0x4d0
[  485.385674][    T8]  ? usb_submit_urb+0xc4e/0x18c0
[  485.390669][    T8]  ? report_bug+0x2b3/0x500
[  485.395290][    T8]  ? usb_submit_urb+0xc4e/0x18c0
[  485.400271][    T8]  ? handle_bug+0x60/0x90
[  485.404736][    T8]  ? exc_invalid_op+0x1a/0x50
[  485.409462][    T8]  ? asm_exc_invalid_op+0x1a/0x20
[  485.414596][    T8]  ? __warn_printk+0x292/0x360
[  485.419398][    T8]  ? usb_submit_urb+0xc4e/0x18c0
[  485.424909][    T8]  ? usb_submit_urb+0xc4d/0x18c0
[  485.429878][    T8]  smsusb_start_streaming+0x22/0x340
[  485.435289][    T8]  smsusb_probe+0x1c54/0x2410
[  485.439998][    T8]  ? __pfx_smsusb_probe+0x10/0x10
[  485.445220][    T8]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  485.451040][    T8]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  485.457228][    T8]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  485.463599][    T8]  ? __pm_runtime_set_status+0x6c1/0xa10
[  485.469341][    T8]  usb_probe_interface+0x641/0xbb0
[  485.474693][    T8]  ? __pfx_usb_probe_interface+0x10/0x10
[  485.480373][    T8]  really_probe+0x2b9/0xad0
[  485.485050][    T8]  __driver_probe_device+0x1a2/0x390
[  485.490381][    T8]  driver_probe_device+0x50/0x430
[  485.495514][    T8]  __device_attach_driver+0x2d6/0x530
[  485.500925][    T8]  bus_for_each_drv+0x24e/0x2e0
[  485.505893][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[  485.511810][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[  485.517353][    T8]  __device_attach+0x333/0x520
[  485.522139][    T8]  ? __pfx_lock_release+0x10/0x10
[  485.527284][    T8]  ? __pfx___device_attach+0x10/0x10
[  485.532592][    T8]  ? do_raw_spin_unlock+0x13c/0x8b0
[  485.537886][    T8]  bus_probe_device+0x189/0x260
[  485.542776][    T8]  device_add+0x856/0xbf0
[  485.547251][    T8]  usb_set_configuration+0x1976/0x1fb0
[  485.552945][    T8]  usb_generic_driver_probe+0x88/0x140
[  485.558645][    T8]  usb_probe_device+0x1b8/0x380
[  485.563530][    T8]  ? __pfx_usb_probe_device+0x10/0x10
[  485.568977][    T8]  really_probe+0x2b9/0xad0
[  485.573519][    T8]  __driver_probe_device+0x1a2/0x390
[  485.579041][    T8]  driver_probe_device+0x50/0x430
[  485.584098][    T8]  __device_attach_driver+0x2d6/0x530
[  485.589558][    T8]  bus_for_each_drv+0x24e/0x2e0
[  485.594440][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[  485.600467][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[  485.605893][    T8]  __device_attach+0x333/0x520
[  485.610796][    T8]  ? __pfx___device_attach+0x10/0x10
[  485.616113][    T8]  bus_probe_device+0x189/0x260
[  485.621056][    T8]  device_add+0x856/0xbf0
[  485.625405][    T8]  usb_new_device+0x104a/0x19a0
[  485.630387][    T8]  ? __pfx_usb_new_device+0x10/0x10
[  485.635616][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.640896][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[  485.646128][    T8]  hub_event+0x2d6d/0x5150
[  485.650693][    T8]  ? __pfx_hub_event+0x10/0x10
[  485.655483][    T8]  ? __pfx_lock_acquire+0x10/0x10
[  485.660922][    T8]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  485.666914][    T8]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  485.673530][    T8]  ? process_scheduled_works+0x976/0x1840
[  485.679322][    T8]  process_scheduled_works+0xa66/0x1840
[  485.684974][    T8]  ? __pfx_process_scheduled_works+0x10/0x10
[  485.691089][    T8]  ? assign_work+0x364/0x3d0
[  485.695703][    T8]  worker_thread+0x870/0xd30
[  485.700401][    T8]  ? __kthread_parkme+0x169/0x1d0
[  485.705450][    T8]  ? __pfx_worker_thread+0x10/0x10
[  485.710640][    T8]  kthread+0x7a9/0x920
[  485.714741][    T8]  ? __pfx_kthread+0x10/0x10
[  485.719456][    T8]  ? __pfx_worker_thread+0x10/0x10
[  485.724601][    T8]  ? __pfx_kthread+0x10/0x10
[  485.729332][    T8]  ? __pfx_kthread+0x10/0x10
[  485.733959][    T8]  ? __pfx_kthread+0x10/0x10
[  485.738578][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[  485.743877][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[  485.749159][    T8]  ? __pfx_kthread+0x10/0x10
[  485.753785][    T8]  ret_from_fork+0x4b/0x80
[  485.758229][    T8]  ? __pfx_kthread+0x10/0x10
[  485.763225][    T8]  ret_from_fork_asm+0x1a/0x30
[  485.768040][    T8]  </TASK>
[  485.771549][    T8] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  485.778854][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[  485.789357][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  485.799413][    T8] Workqueue: usb_hub_wq hub_event
[  485.804450][    T8] Call Trace:
[  485.807720][    T8]  <TASK>
[  485.810646][    T8]  dump_stack_lvl+0x241/0x360
[  485.815325][    T8]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.820526][    T8]  ? __pfx__printk+0x10/0x10
[  485.825110][    T8]  ? _printk+0xd5/0x120
[  485.829263][    T8]  ? __init_begin+0x41000/0x41000
[  485.834287][    T8]  ? vscnprintf+0x5d/0x90
[  485.838610][    T8]  panic+0x349/0x880
[  485.842503][    T8]  ? __warn+0x174/0x4d0
[  485.846656][    T8]  ? __pfx_panic+0x10/0x10
[  485.851076][    T8]  ? ret_from_fork_asm+0x1a/0x30
[  485.856010][    T8]  __warn+0x344/0x4d0
[  485.859985][    T8]  ? usb_submit_urb+0xc4e/0x18c0
[  485.864924][    T8]  report_bug+0x2b3/0x500
[  485.869256][    T8]  ? usb_submit_urb+0xc4e/0x18c0
[  485.874190][    T8]  handle_bug+0x60/0x90
[  485.878343][    T8]  exc_invalid_op+0x1a/0x50
[  485.882842][    T8]  asm_exc_invalid_op+0x1a/0x20
[  485.887686][    T8] RIP: 0010:usb_submit_urb+0xc4e/0x18c0
[  485.893230][    T8] Code: f8 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 b1 08 00 00 45 8b 07 48 c7 c7 60 9e af 8c 48 8b 34 24 4c 89 e2 89 e9 e8 d3 fb 1d fa 90 <0f> 0b 90 90 48 8b 5c 24 30 41 89 dc 4c 89 e7 48 c7 c6 90 58 59 8f
[  485.912838][    T8] RSP: 0018:ffffc900000d6a48 EFLAGS: 00010246
[  485.918905][    T8] RAX: 9cf71c4266536e00 RBX: dffffc0000000000 RCX: 0000000000100000
[  485.926867][    T8] RDX: ffffc9001a278000 RSI: 0000000000065c24 RDI: 0000000000065c25
[  485.934831][    T8] RBP: 0000000000000003 R08: ffffffff81800b32 R09: fffffbfff1cfa588
[  485.942801][    T8] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: ffff8880274bbea0
[  485.950761][    T8] R13: ffff88814c8afb00 R14: 0000000000000001 R15: ffffffff8caf9c4c
[  485.958761][    T8]  ? __warn_printk+0x292/0x360
[  485.963530][    T8]  ? usb_submit_urb+0xc4d/0x18c0
[  485.968477][    T8]  smsusb_start_streaming+0x22/0x340
[  485.973768][    T8]  smsusb_probe+0x1c54/0x2410
[  485.978482][    T8]  ? __pfx_smsusb_probe+0x10/0x10
[  485.983594][    T8]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  485.989136][    T8]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  485.995031][    T8]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  486.001365][    T8]  ? __pm_runtime_set_status+0x6c1/0xa10
[  486.007004][    T8]  usb_probe_interface+0x641/0xbb0
[  486.012126][    T8]  ? __pfx_usb_probe_interface+0x10/0x10
[  486.017754][    T8]  really_probe+0x2b9/0xad0
[  486.022261][    T8]  __driver_probe_device+0x1a2/0x390
[  486.027541][    T8]  driver_probe_device+0x50/0x430
[  486.032558][    T8]  __device_attach_driver+0x2d6/0x530
[  486.037928][    T8]  bus_for_each_drv+0x24e/0x2e0
[  486.042777][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[  486.048668][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[  486.054043][    T8]  __device_attach+0x333/0x520
[  486.058802][    T8]  ? __pfx_lock_release+0x10/0x10
[  486.063824][    T8]  ? __pfx___device_attach+0x10/0x10
[  486.069101][    T8]  ? do_raw_spin_unlock+0x13c/0x8b0
[  486.074297][    T8]  bus_probe_device+0x189/0x260
[  486.079149][    T8]  device_add+0x856/0xbf0
[  486.083479][    T8]  usb_set_configuration+0x1976/0x1fb0
[  486.088955][    T8]  usb_generic_driver_probe+0x88/0x140
[  486.094409][    T8]  usb_probe_device+0x1b8/0x380
[  486.099256][    T8]  ? __pfx_usb_probe_device+0x10/0x10
[  486.104619][    T8]  really_probe+0x2b9/0xad0
[  486.109125][    T8]  __driver_probe_device+0x1a2/0x390
[  486.114405][    T8]  driver_probe_device+0x50/0x430
[  486.119427][    T8]  __device_attach_driver+0x2d6/0x530
[  486.124797][    T8]  bus_for_each_drv+0x24e/0x2e0
[  486.129643][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[  486.135528][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[  486.140905][    T8]  __device_attach+0x333/0x520
[  486.145664][    T8]  ? __pfx___device_attach+0x10/0x10
[  486.150955][    T8]  bus_probe_device+0x189/0x260
[  486.155804][    T8]  device_add+0x856/0xbf0
[  486.160129][    T8]  usb_new_device+0x104a/0x19a0
[  486.164992][    T8]  ? __pfx_usb_new_device+0x10/0x10
[  486.170189][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[  486.175379][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[  486.180579][    T8]  hub_event+0x2d6d/0x5150
[  486.185032][    T8]  ? __pfx_hub_event+0x10/0x10
[  486.189798][    T8]  ? __pfx_lock_acquire+0x10/0x10
[  486.194816][    T8]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  486.200795][    T8]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  486.207124][    T8]  ? process_scheduled_works+0x976/0x1840
[  486.212838][    T8]  process_scheduled_works+0xa66/0x1840
[  486.218397][    T8]  ? __pfx_process_scheduled_works+0x10/0x10
[  486.224373][    T8]  ? assign_work+0x364/0x3d0
[  486.228957][    T8]  worker_thread+0x870/0xd30
[  486.233549][    T8]  ? __kthread_parkme+0x169/0x1d0
[  486.238567][    T8]  ? __pfx_worker_thread+0x10/0x10
[  486.243668][    T8]  kthread+0x7a9/0x920
[  486.247729][    T8]  ? __pfx_kthread+0x10/0x10
[  486.252315][    T8]  ? __pfx_worker_thread+0x10/0x10
[  486.257416][    T8]  ? __pfx_kthread+0x10/0x10
[  486.261998][    T8]  ? __pfx_kthread+0x10/0x10
[  486.266588][    T8]  ? __pfx_kthread+0x10/0x10
[  486.271175][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[  486.276362][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[  486.281559][    T8]  ? __pfx_kthread+0x10/0x10
[  486.286148][    T8]  ret_from_fork+0x4b/0x80
[  486.290560][    T8]  ? __pfx_kthread+0x10/0x10
[  486.295232][    T8]  ret_from_fork_asm+0x1a/0x30
[  486.300002][    T8]  </TASK>
[  486.303257][    T8] Kernel Offset: disabled
[  486.307626][    T8] Rebooting in 86400 seconds..