last executing test programs:

9m20.815595517s ago: executing program 2 (id=9):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x4, 0x4, 0x5, 0xf84}, 0x10)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f0000000000000000020000080004000a000000", 0x24)

9m19.697092017s ago: executing program 2 (id=11):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
timer_create(0x3, 0x0, &(0x7f0000000200))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000001300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0xaa00}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x20000802)

9m19.396028837s ago: executing program 2 (id=13):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

9m17.175590766s ago: executing program 2 (id=16):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40811}, 0x20)
process_mrelease(0xffffffffffffffff, 0x0)
setpgid(0x0, r0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r2, 0x9362, 0x0)

9m16.168262899s ago: executing program 2 (id=21):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x28000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0xfff3}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

9m14.955623015s ago: executing program 2 (id=27):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
r4 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r4, &(0x7f0000000540)="900000001c001f4d154a817393278bff0a80a57802000000e503740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e00a2c5fed0759cb068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cef7cff81d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0", 0x8e, 0x0, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000180)="900000001d001f4d154a817393278bff0a80a578020000000404840014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

9m13.960149907s ago: executing program 32 (id=27):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
r4 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r4, &(0x7f0000000540)="900000001c001f4d154a817393278bff0a80a57802000000e503740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e00a2c5fed0759cb068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cef7cff81d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0", 0x8e, 0x0, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000180)="900000001d001f4d154a817393278bff0a80a578020000000404840014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

8.746782891s ago: executing program 3 (id=1805):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f00000001c0)={0x0, 0xea60}, 0x10)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
connect$unix(r0, 0x0, 0x0)

8.400890334s ago: executing program 3 (id=1810):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
close_range(r0, r1, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpeername(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(r2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000005e00679a3601ff81000000000000000000be7ba9bd"], 0x1c}}, 0x24000080)

6.350364489s ago: executing program 5 (id=1815):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4004004)
open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffffffff, 0x8, 0x2, 0xa00, 0xffffffffffffffff, 0x39, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0x6}, 0x50)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000500)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x9, 0x10000}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x12, 0x0, 0x0, &(0x7f00000009c0)='syzkaller\x00', 0x4e, 0x3, &(0x7f0000000a00)=""/3, 0x41100, 0xa, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x3, 0x7, 0x9, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r6, 0x8b22, &(0x7f0000000040))

6.343774326s ago: executing program 1 (id=1816):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r4, @ANYRES16=r5], 0x4c}}, 0x40000)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0xfc)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r7, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000008c0), 0xffa4})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x24, 0x64, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0x8, 0x7}, {0xe, 0xfff1}}}, 0x24}}, 0x24000040)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4}, 0x2d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$inet(0x2, 0x1, 0x0)

5.538556099s ago: executing program 3 (id=1818):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000380)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10}}}, 0x24}}, 0x4000010)

5.470200813s ago: executing program 3 (id=1819):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$inet(0xa, 0x801, 0x84)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x7, {{0xa, 0x4e20, 0xe0, @mcast2, 0x138e}}, {{0xa, 0x4e21, 0x9, @private2, 0x4}}}, 0x108)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r3, 0x2)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getsockopt$sock_buf(r5, 0x1, 0x39, 0xffffffffffffffff, &(0x7f0000000100))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b553850000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})

5.14379391s ago: executing program 5 (id=1821):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r1 = socket(0x840000000002, 0x3, 0xfa)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ecb-blowfish-asm,tgr192)\x00'}, 0x58)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x1, 0x9, @loopback, 0xd9b}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000800)={'ip6_vti0\x00', 0x0})
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240), 0x4000095, 0x0)
unshare(0x6a040000)
socket$inet(0x2, 0x1, 0x0)

5.134343022s ago: executing program 1 (id=1822):
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, 0x0, &(0x7f00000000c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}, 0x1, 0xffa6, 0x0, 0xd0}, 0x20008000)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000080)=0xff, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)

4.439515308s ago: executing program 0 (id=1825):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x8, 0x1}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x8}}]}, 0x38}}, 0x800)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=@newtfilter={0x24, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {0x6, 0x9}, {0x0, 0x9}, {0x9, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x94)

4.248326195s ago: executing program 0 (id=1827):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000080000000010100"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r0=>0x0})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6(0xa, 0x80000, 0x9)
ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000200)={@remote, 0x1a})
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f00000002c0)={0x28, 0x0, 0x2710, @local}, 0x10)

4.218587943s ago: executing program 3 (id=1828):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x1000d0ffc2, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x3e0000}], 0x0)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280), 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0xfffffffffffffe64)
r2 = socket(0x2d, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000440)={0x2d, 0x0, 0x1}, 0xc)
bind$xdp(r2, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x3e}, 0x10)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000100)={0x0, 0x0, 0x6, 0x0, 0x1, [], [0x4, 0x1, 0x0, 0x3], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x9, 0x1]})
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, 0x0)
io_uring_setup(0x4d3e, &(0x7f0000000240)={0x0, 0xcb6c, 0x40, 0x1000003, 0x12e})
sendto$inet6(r0, &(0x7f00000003c0)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x1, @loopback, 0xffffffff}, 0x1c)
syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

3.931347706s ago: executing program 5 (id=1829):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10}}}, 0x24}}, 0x4000010)

3.890972219s ago: executing program 4 (id=1830):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="700200003f0007010000000000000000027c00000400fe80"], 0x270}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

3.861962329s ago: executing program 0 (id=1831):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x4788, {0x0, @dev={0xac, 0x14, 0x14, 0xe}, @multicast2}}}], 0x20}, 0x0)

3.695453795s ago: executing program 4 (id=1832):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4004004)
open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffffffff, 0x8, 0x2, 0xa00, 0xffffffffffffffff, 0x39, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0x6}, 0x50)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000500)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x9, 0x10000}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x12, 0x3, &(0x7f0000000980)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8ff, 0x0, 0x0, 0x0, 0xe3a}}, &(0x7f00000009c0)='syzkaller\x00', 0x4e, 0x3, &(0x7f0000000a00)=""/3, 0x41100, 0xa, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x3, 0x7, 0x9, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r6, 0x8b22, &(0x7f0000000040))

3.657079347s ago: executing program 0 (id=1833):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x147c40, 0x0)
keyctl$clear(0x5, 0xffffffffffffffff)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
syz_usb_connect(0x6, 0x63, &(0x7f0000000540)=ANY=[@ANYBLOB="1201010240d85bc7b1131100345c010203010902510011040800070904880400f7f98a060724060000d2cf0524001c620d240f01000000000200050002090403080353ee970509050810200009090c05f6ce740000000000000f0300040609fe09050d00000402070eec32319e86e1a0923deb6449e03f9aa6603c260ad68e2734f7b91a46a2196270e99100b939d904f58158fa891b3fcf862e1984569f07805cd77cbb771e9db1f5a9cecebadd88c31afc697b826b27b31f655c746714c4cd3039a01944e8875f55cdc21a3f7edc61406450bc7ffbd7bc19490ebfe3849bf447a7751b8abf1448b511ecfa16585d2136a7aa77b4e820190d3c83d3280faf728c58154338cdac0ca5940abca16afa0e14d635a68e004e0f44649a09631639bb22e03bce46cb4d1e53bf341434574a71fb"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0)
read$char_usb(0xffffffffffffffff, &(0x7f00000000c0)=""/76, 0x4c)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x14, 0x30, 0x301}, 0x14}}, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000300)={0x6a, {{0x2, 0x4e22, @broadcast}}}, 0x88)
sched_setaffinity(0x0, 0x0, 0x0)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x773568b9b38b679a}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_COMPAT={0x44, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8847}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6007}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x800}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x22eb}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2e}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x3c}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0xc}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xc4}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f)

3.655698159s ago: executing program 5 (id=1834):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4008000)

3.603602936s ago: executing program 1 (id=1835):
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f9000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0xffffffffffffff57, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x10000000}, 0x4880)

2.34502681s ago: executing program 4 (id=1836):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001400)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="361169583dc7974fc1675e44016577fcd5d3dc4e61db614493ee3c9e7a418fb7da114c10819218cbbbcdd09fb014e32cfae0c97ecd3c7a3ec1c7f3b239fd60ba1709ea07057b34937bbe4e43dfcaa7b4e33b1217b8a31ac9b349", 0x5a}, {&(0x7f0000000600)="6204631fc6e1ccb80033dda1d0152481e25afea1ce37378db9bf728d7380954f0837d5b3b5760acc125ed95a48bb9faba90828743a75745cf82867e4a15b66b0e416cc8ae46715574d3b817f1608972e3e2725cc6cca4822ca932e48322655dcff3a775fbdfffbee5b98156350a3df735fab3038af2de17984a07690a1ebebafcc7e4c9e66c57bc068defdef54484fc0caf2530d63a888bd75a6bfdb4945b9b92c89bdbd8f79799ed3d1b9371835b853c7648d0f6d62bb296740847b51bed12e291d8dc2153bd896673e361f9372056da57ff7c9cb09842aa1512daae60b8722a57ca871e4db6300"/245, 0xf5}, {&(0x7f0000000140)="254b051b59c429dba96614a6996db73f087f", 0x12}, {&(0x7f0000000280)="0500000000000000424bf0b40267ec450f000c765fc0ddb418e584f6c372", 0x1e}, {&(0x7f0000000300)="4e149188518cb47789d519aa2f40f3abffc0ec80d0754170702260db7e16e8be20", 0x21}], 0x5}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000840)="51acbfd19426868616bb324af02387c82391a35ed1dfab2d215aba4ba8589b51f99ef7eb634dceff02c13d036d1557cbdbcbb281c1ad43a032c4d5c3dfb94ddcdd9a4125fdce10ee20d76e9b3dc620e4947f756aef6f3843f609f8e4b44d49c43a1a3327e09c4a76e2c130bf2d008d99268b43f7f8d877e1e5e8500692a0d4eb09b071ac4c83", 0x86}, {&(0x7f0000000900)="59f6d3c03ca776094ec3c647aa119f3a27bae7a6be65288510a82f12324b7381b14d5b52d163ce3d537316b1799f9c00ae7a4c4e3786f9c3a2d5e3228fb5048926a840f5a67e2bd2069f48023a32dc6af4b80f9fc840efd139308d202cdaaa10bea2b505e0bb85efcda19971a7f883f3b4ca9c9e3f37ace1", 0x78}], 0x2}}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000b00)="3fe68d7ac174e12cfb6567a5734bb6e632808a258830485e7dd3fa8e4e14a901864f4bb0b3912ca48d8ef105747c4d1fa0383095da2c82697b154d6ce10ae27027bbcbb8b8817dd4e60e4211959097305078ae68df0b41e5c70fc65fa786568d92fb52fc85b6077c42cac0feefe6cbc2a824047a704b28eecc7ed781537ba26516c14e0ccc85dec4f4e332", 0x8b}, {&(0x7f0000000cc0)="e8f70d00006677d4705caf2e7823cc62078c5053b4c2af50497349c03c69ca46a7d115c3eb28640dfa1a7a4a0e9d210d4b4a5c868287db8d3d3107e4cf0c24a664e389981ad564f03cae8aa3cecbc04b4fcbdf14e45366b3659e3540b9af1e0e350590a0804ab2f80c4e72c6f927cb3de1946eb8e333331e929e6a7087d6061615092e15caaf0a76796b53a4a65d4cf17789edd2c98c5fba0cb35335e299578e047b3bb7dd6bdc8d3c3c632f43f7e52f023cec42d2a23cd2b0761d46b2ebac18b7c4a5ba7c1d4bd1eb5aeb00cc153fa7a96e8b350c32b27c9c930ee01c6b9886", 0xe0}, {&(0x7f0000000bc0)="dad69096c5edf147", 0x8}, {&(0x7f0000000dc0)="a05de87ac2252f7f3ec93d5a04716a9c7f09999c3a4511a1c14ce73f96a687a1d4e2b8862145e04dd81fb277b235635f807bf9bf9c093859e89e5787e39351d4eb2ce5675150183bee8e893274ab575a17a7a5c4c66dbe4ba0aef166193e1923bef241df579fc8fc8b70a910edb81c2d15b154fc59e3f42ef6eabdb692b50ac5c9d76843cfeab1269de2e879d8f00e231ffdbbf9907f3c2567e4f3594fdfef3b77b7f735f43fa726675e284a350e82c8a7f98e6b52c3c892845c948ba6d60efccc72378a04a94fb5", 0xc8}, {&(0x7f0000000c00)="6efc5098da8fa6b1a5", 0x9}], 0x5}}, {{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000400)="5b020000007f00702237870af25013dc11ec4cb6df00000000a4c4e9f8d7a8c31823ef1941d39b3900000023000066040000005622c98000", 0x38}], 0x1}}, {{0x0, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)="72f4446c80c973034ca2563def335487fc3a871f88b5ffcc51c9042b70ac7f0a86243b6ba9a2859687ceb1440937f11700b4c278d3918d5b2530ee32c93629e89584d961dc8b4df41fb862fdd33d0cb39adcdb9e9d4cbcea8211f8c27cd45ef55bebd0b800eca2006f2a78fa16397b1a581dfa", 0x73}], 0x1}}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000001200)="d9732e", 0x3}], 0x1}}], 0x7, 0x2000c044)

2.330400383s ago: executing program 5 (id=1837):
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe6, 0xb}, {0xfff2, 0x3}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x5}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2.246495072s ago: executing program 1 (id=1838):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$inet(0xa, 0x801, 0x84)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x7, {{0xa, 0x4e20, 0xe0, @mcast2, 0x138e}}, {{0xa, 0x4e21, 0x9, @private2, 0x4}}}, 0x108)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r3, 0x2)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getsockopt$sock_buf(r5, 0x1, 0x39, 0xffffffffffffffff, &(0x7f0000000100))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b553850000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})

2.233105052s ago: executing program 4 (id=1839):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = open(&(0x7f0000000280)='.\x00', 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0x1000}}, './file0\x00'})

1.843673151s ago: executing program 5 (id=1840):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r0 = socket(0x840000000002, 0x3, 0xfa)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ecb-blowfish-asm,tgr192)\x00'}, 0x58)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x1, 0x9, @loopback, 0xd9b}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000800)={'ip6_vti0\x00', 0x0})
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
unshare(0x6a040000)
socket$inet(0x2, 0x1, 0x0)

1.222503411s ago: executing program 4 (id=1841):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x27}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_int(r1, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)

1.025651723s ago: executing program 4 (id=1842):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
io_setup(0x0, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='v', 0xf4240}], 0x1}], 0x1, 0x8004)
accept4(r3, 0x0, 0x0, 0x0)
r4 = io_uring_setup(0x3e60, &(0x7f0000000240)={0x0, 0x7b66, 0x400, 0x0, 0x2b8})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f00000000c0)={0x8, 0xffffffffffffffff, 0x1b, {0xfca4, 0xc}, 0x5}, 0x1)
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000180)=@multiplanar_userptr={0x7, 0xa, 0x4, 0x0, 0x89, {0x0, 0xea60}, {0x5, 0x8, 0xc1, 0x6a, 0x9, 0x5, "a8ed9837"}, 0xfff, 0x2, {0x0}, 0x5})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

807.151948ms ago: executing program 1 (id=1843):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$alg(0x26, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x27}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r0}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

428.807303ms ago: executing program 0 (id=1844):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10}}}, 0x24}}, 0x4000010)

275.595935ms ago: executing program 1 (id=1845):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
socket$kcm(0x11, 0xa, 0x300)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x8000000000000c, &(0x7f0000000080)='@', 0x1)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={&(0x7f0000000140), &(0x7f0000000180)=""/120, &(0x7f0000000340)="4013072e", &(0x7f00000003c0), 0xffffffff, 0x1, 0x4}, 0x38)
setsockopt$inet_opts(r3, 0x0, 0xd, &(0x7f0000000240)="02", 0x1)
getsockopt$inet_opts(r3, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000000)=0x5d)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))

120.210096ms ago: executing program 0 (id=1846):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4004004)
open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffffffff, 0x8, 0x2, 0xa00, 0xffffffffffffffff, 0x39, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0x6}, 0x50)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000500)=0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x9, 0x10000}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x12, 0x3, &(0x7f0000000980)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8ff, 0x0, 0x0, 0x0, 0xe3a}}, &(0x7f00000009c0)='syzkaller\x00', 0x4e, 0x3, &(0x7f0000000a00)=""/3, 0x41100, 0xa, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x3, 0x7, 0x9, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000ac0)=[0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r6, 0x8b22, &(0x7f0000000040))

0s ago: executing program 3 (id=1847):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0xe, &(0x7f00000011c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
socket$inet_sctp(0x2, 0x1, 0x84)
bind$l2tp6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x5, @mcast2, 0x1}, 0x20)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00', 0x10001}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000540)='O', 0x1}], 0x1}}, {{&(0x7f0000000600)={0xa, 0x4e24, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80000000}, 0x1c, &(0x7f0000001000)=[{&(0x7f00000004c0)}], 0x1, &(0x7f00000018c0)=ANY=[@ANYBLOB="1400000000000000290000003e000000390d000000000000480000000000000029000000390000003a0601010000000020010000000000000000000000000000fe8000000000000000000000000000aafc0200000000000000000000000000018010"], 0x10e0}}], 0x2, 0x880)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x4}, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xa8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_START_POLL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r5, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x2c}}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz1\x00', @bcast, 0xff, 0x8, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]})
sendmsg(r3, &(0x7f00000003c0)={&(0x7f0000000200)=@phonet={0x23, 0x1, 0x81, 0x40}, 0x80, 0x0}, 0x40041)
ioctl$SIOCNRDECOBS(r3, 0x89e2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000740)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fcdbdf250700000012000200fc000000000000000000000000000001080002006401010212000300"], 0x44}, 0x1, 0x0, 0x0, 0x20000801}, 0x448c0)

kernel console output (not intermixed with test programs):

ce=de.79
[  242.717993][ T7280] UDF-fs: Scanning with blocksize 1024 failed
[  242.719506][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  242.748659][ T7280] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  242.757325][ T7280] UDF-fs: Scanning with blocksize 2048 failed
[  242.766780][ T7280] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  242.774668][ T7280] UDF-fs: Scanning with blocksize 4096 failed
[  242.986796][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  243.015795][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  243.192770][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  243.205647][ T5833] usb 5-1: Product: syz
[  243.209883][ T5833] usb 5-1: Manufacturer: syz
[  243.243740][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  243.250963][ T5833] usb 5-1: SerialNumber: syz
[  243.269447][   T24] usb 6-1: media controller created
[  243.284649][ T5833] usb 5-1: config 0 descriptor??
[  243.313686][ T7262] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  243.323875][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  243.381321][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  243.395892][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  243.539626][  T983] usb 5-1: USB disconnect, device number 6
[  243.640531][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input6
[  243.770925][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  244.549885][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  244.730262][ T5833] dvb-usb: bulk message failed: -22 (1/0)
[  244.745820][   T24] usb 6-1: USB disconnect, device number 6
[  244.763188][ T5833] dvb-usb: error while querying for an remote control event.
[  245.036490][  T983] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  245.352294][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.341'.
[  245.485511][  T983] usb 2-1: Using ep0 maxpacket: 32
[  245.613126][ T7304] netlink: 28 bytes leftover after parsing attributes in process `syz.0.341'.
[  245.707049][  T983] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  245.771443][  T983] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.939944][  T983] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  246.078289][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.151794][  T983] usb 2-1: Product: syz
[  246.180382][  T983] usb 2-1: Manufacturer: syz
[  246.208931][  T983] usb 2-1: SerialNumber: syz
[  246.403631][   T24] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  246.487996][  T983] usb 2-1: config 0 descriptor??
[  246.831710][ T7301] bond2 (unregistering): Released all slaves
[  246.923322][ T5893] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  247.101354][  T983] usb 2-1: USB disconnect, device number 6
[  247.134092][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  247.365180][ T5893] usb 5-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  247.406009][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.460199][ T5893] usb 5-1: config 0 descriptor??
[  247.552148][ T7320] netlink: 'syz.1.347': attribute type 4 has an invalid length.
[  247.959993][ T7326] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  247.969257][ T7326] UDF-fs: Scanning with blocksize 512 failed
[  247.979838][ T7326] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  247.989425][ T7326] UDF-fs: Scanning with blocksize 1024 failed
[  248.015581][ T7326] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  248.023480][ T7326] UDF-fs: Scanning with blocksize 2048 failed
[  248.048325][ T7326] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  248.056092][ T7326] UDF-fs: Scanning with blocksize 4096 failed
[  248.279719][ T5893] logitech 0003:046D:C626.0001: unbalanced delimiter at end of report description
[  248.343886][ T5893] logitech 0003:046D:C626.0001: parse failed
[  248.350029][ T5893] logitech 0003:046D:C626.0001: probe with driver logitech failed with error -22
[  248.466968][ T5833] usb 5-1: USB disconnect, device number 7
[  249.853137][ T5920] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  250.041335][ T5920] usb 6-1: Using ep0 maxpacket: 16
[  250.067552][ T5920] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  250.084520][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.097481][ T7347] loop3: detected capacity change from 0 to 2048
[  250.100039][ T5920] usb 6-1: Product: syz
[  250.117641][ T5920] usb 6-1: Manufacturer: syz
[  250.122466][ T5920] usb 6-1: SerialNumber: syz
[  250.155083][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  250.155101][   T30] audit: type=1326 audit(1759828367.172:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  250.189745][ T5920] r8152-cfgselector 6-1: Unknown version 0x0000
[  250.198342][ T5920] r8152-cfgselector 6-1: config 0 descriptor??
[  250.225515][ T7347] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.268128][   T30] audit: type=1326 audit(1759828367.202:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  250.480997][   T30] audit: type=1326 audit(1759828367.202:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  250.511070][   T30] audit: type=1326 audit(1759828367.202:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  250.535191][ T7347] EXT4-fs (loop3): shut down requested (0)
[  250.552462][   T30] audit: type=1326 audit(1759828367.202:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  251.172951][   T30] audit: type=1326 audit(1759828367.202:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  251.288161][   T30] audit: type=1326 audit(1759828367.202:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  251.334462][   T30] audit: type=1326 audit(1759828367.202:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  251.352974][ T5920] r8152-cfgselector 6-1: USB disconnect, device number 7
[  251.357810][   T30] audit: type=1326 audit(1759828367.202:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  251.419360][   T30] audit: type=1326 audit(1759828367.202:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7348 comm="syz.1.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  252.815858][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.095611][ T7383] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  255.103445][ T7383] UDF-fs: Scanning with blocksize 512 failed
[  255.118489][ T7383] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  255.126261][ T7383] UDF-fs: Scanning with blocksize 1024 failed
[  255.136919][ T7383] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  255.153859][ T7383] UDF-fs: Scanning with blocksize 2048 failed
[  255.167923][ T7383] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  255.175927][ T7383] UDF-fs: Scanning with blocksize 4096 failed
[  255.553438][ T7387] netlink: 'syz.5.366': attribute type 4 has an invalid length.
[  256.535382][ T1055] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  257.110475][ T5965] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  257.451556][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  257.451576][   T30] audit: type=1326 audit(1759828374.462:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.491223][   T30] audit: type=1326 audit(1759828374.462:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.518307][   T30] audit: type=1326 audit(1759828374.462:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.540624][    C1] vkms_vblank_simulate: vblank timer overrun
[  257.595600][ T5965] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  257.610613][ T5965] usb 5-1: config 1 has no interface number 0
[  257.629790][ T5965] usb 5-1: config 1 interface 105 has no altsetting 0
[  257.641886][   T30] audit: type=1326 audit(1759828374.462:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.674654][ T5965] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  257.685042][ T5965] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.693772][ T5965] usb 5-1: Product: syz
[  257.698193][   T30] audit: type=1326 audit(1759828374.462:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.723885][ T5965] usb 5-1: Manufacturer: syz
[  257.729634][ T5965] usb 5-1: SerialNumber: syz
[  257.737156][   T30] audit: type=1326 audit(1759828374.462:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.759545][    C1] vkms_vblank_simulate: vblank timer overrun
[  257.780953][   T30] audit: type=1326 audit(1759828374.462:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.805877][   T30] audit: type=1326 audit(1759828374.462:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.828154][    C1] vkms_vblank_simulate: vblank timer overrun
[  257.837595][   T30] audit: type=1326 audit(1759828374.472:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  257.859818][    C1] vkms_vblank_simulate: vblank timer overrun
[  257.867019][   T30] audit: type=1326 audit(1759828374.472:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7400 comm="syz.1.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  258.826736][ T7410] loop1: detected capacity change from 0 to 736
[  259.882419][ T5965] aqc111 5-1:1.105: probe with driver aqc111 failed with error -71
[  259.903070][ T5965] usb 5-1: USB disconnect, device number 8
[  261.127624][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  263.950575][ T7461] loop3: detected capacity change from 0 to 2048
[  264.898715][ T7461] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  264.983113][ T7461] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  266.480653][   T30] kauditd_printk_skb: 78 callbacks suppressed
[  266.480697][   T30] audit: type=1800 audit(1759828383.452:224): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.387" name="file1" dev="loop3" ino=1368 res=0 errno=0
[  268.508277][ T7495] netlink: 12 bytes leftover after parsing attributes in process `syz.4.396'.
[  269.033490][ T7502] netlink: 'syz.0.397': attribute type 4 has an invalid length.
[  269.041255][ T7502] netlink: 17 bytes leftover after parsing attributes in process `syz.0.397'.
[  269.640169][ T7501] loop1: detected capacity change from 0 to 2048
[  270.394137][ T7501] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.450197][ T7501] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.398: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  270.813662][ T5832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.994723][ T7522] binder: 7521:7522 ioctl 4018620d 0 returned -22
[  276.030600][ T7551] loop1: detected capacity change from 0 to 1024
[  278.031442][ T7558] nvme_fabrics: missing parameter 'transport=%s'
[  278.093623][ T7558] nvme_fabrics: missing parameter 'nqn=%s'
[  278.588070][ T7565] binder: 7564:7565 ioctl 4018620d 0 returned -22
[  281.103275][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  281.455299][ T7605] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.068260][    T9] usb 5-1: Using ep0 maxpacket: 32
[  282.294141][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  282.377796][    T9] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  282.387975][    T9] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  282.396619][    T9] usb 5-1: Product: syz
[  282.401732][    T9] usb 5-1: Manufacturer: syz
[  282.406750][    T9] usb 5-1: SerialNumber: syz
[  282.422666][    T9] usb 5-1: config 0 descriptor??
[  282.430494][ T7589] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  282.498943][ T7608] autofs: Unknown parameter '0x0000000000000000'
[  282.604265][ T7610] binder: 7609:7610 ioctl 4018620d 0 returned -22
[  282.646721][    T9] usb 5-1: USB disconnect, device number 9
[  284.924620][ T7633] netlink: 196 bytes leftover after parsing attributes in process `syz.1.434'.
[  286.725406][ T7649] autofs: Unknown parameter '0x0000000000000000'
[  287.159043][ T7657] binder: 7656:7657 ioctl c0306201 0 returned -14
[  289.850815][ T7678] fuse: Bad value for 'fd'
[  292.224363][ T7693] netlink: 28 bytes leftover after parsing attributes in process `syz.3.451'.
[  292.233955][ T7693] netlink: 28 bytes leftover after parsing attributes in process `syz.3.451'.
[  292.339666][ T7694] ubi: mtd0 is already attached to ubi31
[  293.162386][ T7704] binder: 7703:7704 ioctl c0306201 0 returned -14
[  294.513095][ T5920] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  294.707868][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  294.727874][ T7718] fuse: Bad value for 'fd'
[  294.778088][ T5920] usb 1-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  294.791285][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.805998][ T5920] usb 1-1: config 0 descriptor??
[  295.286163][ T5920] usbhid 1-1:0.0: can't add hid device: -71
[  295.300344][ T5920] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  295.326050][ T5920] usb 1-1: USB disconnect, device number 8
[  297.888597][ T7745] binder: 7742:7745 ioctl c0306201 0 returned -14
[  297.926375][ T7749] fuse: Bad value for 'fd'
[  298.113601][ T5833] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  298.943528][ T7760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.472'.
[  298.952463][ T7760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.472'.
[  299.224087][ T7759] ubi: mtd0 is already attached to ubi31
[  299.297474][ T5833] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  299.336798][ T5833] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  299.381742][ T5833] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  299.404947][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.846090][ T5833] usb 4-1: config 0 descriptor??
[  300.185322][ T5833] usb 4-1: USB disconnect, device number 13
[  300.927414][ T5920] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  301.880623][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  301.893034][ T5920] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  301.902123][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.924183][ T5920] usb 2-1: config 0 descriptor??
[  302.013127][ T5833] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  302.553140][ T5833] usb 5-1: Using ep0 maxpacket: 16
[  302.578419][ T5920] usbhid 2-1:0.0: can't add hid device: -71
[  302.587757][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.595312][ T5920] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  303.357140][ T7799] netlink: 'syz.5.486': attribute type 4 has an invalid length.
[  303.364923][ T7799] netlink: 17 bytes leftover after parsing attributes in process `syz.5.486'.
[  303.569866][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.597477][ T5920] usb 2-1: USB disconnect, device number 7
[  303.969124][ T5833] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  303.978364][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.034149][ T5833] usb 5-1: config 0 descriptor??
[  304.131587][ T5833] usb 5-1: can't set config #0, error -71
[  304.174818][ T5833] usb 5-1: USB disconnect, device number 10
[  305.790205][ T7825] netlink: 28 bytes leftover after parsing attributes in process `syz.4.492'.
[  305.799377][ T7825] netlink: 28 bytes leftover after parsing attributes in process `syz.4.492'.
[  305.865479][ T7825] ubi: mtd0 is already attached to ubi31
[  306.793242][ T5920] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  306.898457][ T7829] warning: `syz.5.489' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  307.087561][ T5920] usb 2-1: too many configurations: 67, using maximum allowed: 8
[  307.209941][ T5920] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  307.236437][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.254422][ T5920] usb 2-1: Product: syz
[  307.265520][ T5920] usb 2-1: Manufacturer: syz
[  307.287494][ T5920] usb 2-1: SerialNumber: syz
[  307.323526][ T5920] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  307.411437][ T5893] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  308.001024][ T5920] usb 2-1: USB disconnect, device number 8
[  308.783289][ T5893] usb 2-1: Service connection timeout for: 256
[  308.836486][ T5893] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  308.852481][ T5893] ath9k_htc: Failed to initialize the device
[  308.873569][ T5920] usb 2-1: ath9k_htc: USB layer deinitialized
[  315.663884][ T7904] autofs: Unknown parameter 'fd0x0000000000000000'
[  317.958691][ T7938] netlink: 'syz.4.524': attribute type 3 has an invalid length.
[  319.268107][ T7950] autofs: Unknown parameter 'fd0x0000000000000000'
[  322.390039][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  324.309352][   T30] audit: type=1326 audit(1759828441.312:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  324.339091][   T30] audit: type=1326 audit(1759828441.352:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  324.362729][   T30] audit: type=1326 audit(1759828441.352:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  324.593129][   T30] audit: type=1326 audit(1759828441.352:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  325.448821][   T30] audit: type=1326 audit(1759828441.352:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  325.631285][   T30] audit: type=1326 audit(1759828441.352:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  325.654321][   T30] audit: type=1326 audit(1759828441.352:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  325.677793][   T30] audit: type=1326 audit(1759828441.352:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  325.701339][   T30] audit: type=1326 audit(1759828441.352:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  326.712410][   T30] audit: type=1326 audit(1759828441.352:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7995 comm="syz.0.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  331.153327][ T8080] loop3: detected capacity change from 0 to 4096
[  331.172849][ T8080] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  331.842332][ T8080] ntfs3(loop3): ino=3, ntfs_set_state failed, -22.
[  331.963369][  T983] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  331.983868][ T1055] ntfs3(loop3): ino=3, ntfs3_write_inode failed, -22.
[  331.998955][ T8080] ntfs3(loop3): ino=3, ntfs_set_state failed, -22.
[  332.023277][ T8080] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  332.074480][ T8092] tipc: Started in network mode
[  332.103151][ T8080] ntfs3(loop3): ino=3, ntfs_set_state failed, -22.
[  332.103733][ T8092] tipc: Node identity def572e7460a, cluster identity 4711
[  332.115627][ T7923] ntfs3(loop3): ino=3, ntfs3_write_inode failed, -22.
[  332.121426][ T8092] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  332.150042][  T983] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  332.165499][  T983] usb 6-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  332.175054][ T8092] syzkaller0: entered promiscuous mode
[  332.180761][ T8092] syzkaller0: entered allmulticast mode
[  332.183061][  T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.238124][  T983] usb 6-1: config 0 descriptor??
[  332.266878][ T8092] tipc: Resetting bearer <eth:syzkaller0>
[  332.286921][ T8091] tipc: Resetting bearer <eth:syzkaller0>
[  332.485674][ T8091] tipc: Disabling bearer <eth:syzkaller0>
[  332.662715][  T983] usbhid 6-1:0.0: can't add hid device: -71
[  332.683269][  T983] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  332.706887][  T983] usb 6-1: USB disconnect, device number 8
[  332.894094][ T5965] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  333.295438][ T5965] usb 4-1: too many configurations: 67, using maximum allowed: 8
[  334.512465][ T5965] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  334.558133][ T5965] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.640301][ T5965] usb 4-1: Product: syz
[  334.649402][ T5965] usb 4-1: Manufacturer: syz
[  334.671857][ T5965] usb 4-1: SerialNumber: syz
[  334.704757][ T5965] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  334.761250][   T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  335.097366][ T8122] netlink: 28 bytes leftover after parsing attributes in process `syz.5.579'.
[  335.106514][ T8122] netlink: 28 bytes leftover after parsing attributes in process `syz.5.579'.
[  335.191901][ T8123] ubi: mtd0 is already attached to ubi31
[  335.471417][    T9] usb 4-1: USB disconnect, device number 14
[  335.809554][   T43] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[  335.818948][   T43] ath9k_htc: Failed to initialize the device
[  335.841986][    T9] usb 4-1: ath9k_htc: USB layer deinitialized
[  336.433176][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  336.576772][ T8139] bpf: Bad value for 'gid'
[  337.194308][    T9] usb 4-1: Using ep0 maxpacket: 32
[  337.215450][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  337.225698][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  337.249151][    T9] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  337.258585][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.306000][    T9] usb 4-1: Product: syz
[  337.520051][    T9] usb 4-1: Manufacturer: syz
[  337.549374][    T9] usb 4-1: SerialNumber: syz
[  337.594217][    T9] usb 4-1: config 0 descriptor??
[  339.389879][   T43] usb 4-1: USB disconnect, device number 15
[  340.630284][ T8165] netlink: 44 bytes leftover after parsing attributes in process `syz.0.597'.
[  340.643986][ T8165] netlink: 44 bytes leftover after parsing attributes in process `syz.0.597'.
[  340.833430][ T5920] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  341.031247][ T5920] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  341.057510][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0
[  341.692169][ T8167] loop4: detected capacity change from 0 to 4096
[  341.725812][ T8167] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  341.820639][ T5920] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  341.830157][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  341.843032][ T5920] usb 6-1: Product: syz
[  341.861572][ T5920] usb 6-1: Manufacturer: syz
[  341.873118][ T5920] usb 6-1: SerialNumber: syz
[  341.894703][ T5920] usb 6-1: config 0 descriptor??
[  341.927615][ T5920] usb 6-1: selecting invalid altsetting 0
[  343.162143][ T5833] usb 6-1: USB disconnect, device number 9
[  343.783364][   T43] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  343.958407][   T43] usb 2-1: Using ep0 maxpacket: 32
[  344.532494][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  344.543416][   T43] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  344.557588][   T43] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  344.567146][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.575254][   T43] usb 2-1: Product: syz
[  344.579816][   T43] usb 2-1: Manufacturer: syz
[  344.584766][   T43] usb 2-1: SerialNumber: syz
[  344.591744][   T43] usb 2-1: config 0 descriptor??
[  345.000105][ T8200] Bluetooth: MGMT ver 1.23
[  347.628294][ T5840] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4
[  347.635599][ T5840] Bluetooth: hci0: unexpected event for opcode 0x0809
[  347.951018][ T5920] usb 2-1: USB disconnect, device number 9
[  348.183932][ T8236] netlink: 28 bytes leftover after parsing attributes in process `syz.0.613'.
[  348.193222][ T8236] netlink: 28 bytes leftover after parsing attributes in process `syz.0.613'.
[  348.344920][ T8237] ubi: mtd0 is already attached to ubi31
[  350.224289][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  350.463761][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.489786][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.520437][    T9] usb 2-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  350.544639][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.571572][    T9] usb 2-1: config 0 descriptor??
[  351.944471][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  352.393160][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  352.416568][    T9] usb 2-1: USB disconnect, device number 10
[  352.464523][ T8267] ntfs3(nullb0): Primary boot signature is not NTFS.
[  352.471409][ T8267] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  352.530096][ T5840] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4
[  352.539851][ T5840] Bluetooth: hci0: unexpected event for opcode 0x0809
[  354.592943][ T8285] netlink: 4 bytes leftover after parsing attributes in process `syz.5.628'.
[  355.428231][ T8295] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  355.449835][ T8295] syzkaller0: entered promiscuous mode
[  355.463352][ T8295] syzkaller0: entered allmulticast mode
[  355.764816][ T8300] tipc: Resetting bearer <eth:syzkaller0>
[  355.784035][ T8294] tipc: Resetting bearer <eth:syzkaller0>
[  356.751366][   T24] tipc: Node number set to 2566877927
[  357.653244][ T8310] ubi: mtd0 is already attached to ubi31
[  357.834371][ T8294] tipc: Disabling bearer <eth:syzkaller0>
[  357.880888][ T8304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.634'.
[  357.889999][ T8304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.634'.
[  358.010556][ T5840] Bluetooth: hci0: unexpected cc 0x0809 length: 68 > 4
[  358.017806][ T5840] Bluetooth: hci0: unexpected event for opcode 0x0809
[  359.143079][ T5893] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  359.232691][ T8327] ntfs3(nullb0): Primary boot signature is not NTFS.
[  359.239715][ T8327] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  359.393098][ T5893] usb 6-1: device descriptor read/64, error -71
[  360.539859][ T5893] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  361.335470][ T5893] usb 6-1: device descriptor read/64, error -71
[  361.444085][ T5893] usb usb6-port1: attempt power cycle
[  361.681902][ T8353] netlink: 156 bytes leftover after parsing attributes in process `syz.1.651'.
[  363.773149][ T5920] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  364.863131][ T5920] usb 4-1: device descriptor read/64, error -71
[  367.063559][ T5920] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  367.341119][ T5920] usb 4-1: device descriptor read/64, error -71
[  368.045534][ T5920] usb usb4-port1: attempt power cycle
[  368.260534][ T8411] netlink: 'syz.4.667': attribute type 4 has an invalid length.
[  371.487876][ T8439] tipc: Started in network mode
[  371.500401][ T8439] tipc: Node identity 1642104b79dd, cluster identity 4711
[  371.518195][ T8439] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.321016][ T8439] syzkaller0: entered promiscuous mode
[  372.371906][ T8439] syzkaller0: entered allmulticast mode
[  372.520016][ T8439] tipc: Resetting bearer <eth:syzkaller0>
[  372.525930][  T983] tipc: Node number set to 1872695371
[  372.560371][ T8438] tipc: Resetting bearer <eth:syzkaller0>
[  372.759220][ T8438] tipc: Disabling bearer <eth:syzkaller0>
[  372.935275][ T8452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.680'.
[  373.563175][ T5965] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  373.703094][ T5965] usb 4-1: device descriptor read/64, error -71
[  374.103310][ T5965] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  374.187951][ T8467] netlink: 'syz.4.683': attribute type 3 has an invalid length.
[  375.025040][   T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  375.488387][ T8476] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  376.331832][ T5965] usb 4-1: device descriptor read/64, error -71
[  376.429388][   T43] usb 1-1: Using ep0 maxpacket: 32
[  376.445637][   T43] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  376.463963][ T5965] usb usb4-port1: attempt power cycle
[  377.162102][   T43] usb 1-1: string descriptor 0 read error: -71
[  377.207658][   T43] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  377.430372][   T43] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  377.457930][   T43] usb 1-1: config 0 descriptor??
[  377.631369][   T43] usb 1-1: can't set config #0, error -71
[  377.681696][   T43] usb 1-1: USB disconnect, device number 9
[  379.179652][ T5920] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  379.321411][ T8511] netlink: 'syz.4.696': attribute type 3 has an invalid length.
[  379.961564][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  379.988124][ T5920] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  380.026884][ T5920] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  380.065867][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.107322][ T5920] usb 4-1: config 0 descriptor??
[  380.427124][ T8516] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  381.096457][  T983] usb 4-1: USB disconnect, device number 22
[  381.373219][ T5920] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  381.420271][ T8523] netlink: 'syz.5.700': attribute type 1 has an invalid length.
[  381.533318][ T5920] usb 5-1: device descriptor read/64, error -71
[  381.713940][ T8523] netlink: 28 bytes leftover after parsing attributes in process `syz.5.700'.
[  381.719090][ T8525] bond1: (slave gretap1): making interface the new active one
[  381.760738][ T8525] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  381.818034][ T8523] 8021q: adding VLAN 0 to HW filter on device bond1
[  381.853081][ T5920] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  381.994410][ T5920] usb 5-1: device descriptor read/64, error -71
[  382.041761][ T8532] ntfs3(nullb0): Primary boot signature is not NTFS.
[  382.049854][ T8532] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  382.114330][ T5920] usb usb5-port1: attempt power cycle
[  383.214425][ T5920] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  383.253709][ T5920] usb 5-1: device descriptor read/8, error -71
[  383.616709][ T5920] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  383.643931][ T5920] usb 5-1: device descriptor read/8, error -71
[  383.775750][ T5920] usb usb5-port1: unable to enumerate USB device
[  384.418492][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  385.033071][   T43] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  385.897092][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  385.984411][   T43] usb 4-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  385.996752][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.012405][   T43] usb 4-1: config 0 descriptor??
[  387.874969][   T43] usbhid 4-1:0.0: can't add hid device: -71
[  387.882666][   T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  388.311731][   T43] usb 4-1: USB disconnect, device number 23
[  389.373058][  T983] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  390.228655][ T8607] netlink: 28 bytes leftover after parsing attributes in process `syz.3.726'.
[  390.233104][  T983] usb 1-1: Using ep0 maxpacket: 32
[  390.274337][  T983] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  390.303005][  T983] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  390.338896][  T983] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  390.358726][  T983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.383566][  T983] usb 1-1: Product: syz
[  390.389297][  T983] usb 1-1: Manufacturer: syz
[  390.432374][  T983] usb 1-1: SerialNumber: syz
[  390.457648][  T983] usb 1-1: config 0 descriptor??
[  391.319714][ T5965] usb 1-1: USB disconnect, device number 10
[  392.741636][ T5840] block nbd0: Receive control failed (result -32)
[  393.726660][ T8653] netlink: 'syz.1.738': attribute type 4 has an invalid length.
[  393.734641][ T8653] netlink: 17 bytes leftover after parsing attributes in process `syz.1.738'.
[  395.133083][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  395.483983][    T9] usb 4-1: Using ep0 maxpacket: 32
[  395.513952][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.537418][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  395.575377][    T9] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  395.593349][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.601407][    T9] usb 4-1: Product: syz
[  395.623017][    T9] usb 4-1: Manufacturer: syz
[  395.628024][    T9] usb 4-1: SerialNumber: syz
[  395.641176][    T9] usb 4-1: config 0 descriptor??
[  396.319883][  T983] usb 4-1: USB disconnect, device number 24
[  396.485864][ T8678] netlink: 4 bytes leftover after parsing attributes in process `syz.4.745'.
[  397.227245][ T8681] bpf: Bad value for 'gid'
[  397.523272][ T8688] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  397.531208][ T8688] UDF-fs: Scanning with blocksize 512 failed
[  397.563146][ T8688] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  397.570963][ T8688] UDF-fs: Scanning with blocksize 1024 failed
[  397.607032][ T8688] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  397.615867][ T8688] UDF-fs: Scanning with blocksize 2048 failed
[  397.642549][ T8688] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  397.651193][ T8688] UDF-fs: Scanning with blocksize 4096 failed
[  399.453821][ T5965] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  399.740140][ T5965] usb 1-1: Using ep0 maxpacket: 32
[  399.818729][ T8720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.758'.
[  400.420633][ T5965] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.441322][ T5965] usb 1-1: config 0 has no interfaces?
[  400.450028][ T5965] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  400.471481][ T5965] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  400.498521][ T5965] usb 1-1: Product: syz
[  400.502859][ T5965] usb 1-1: Manufacturer: syz
[  400.521598][ T5965] usb 1-1: SerialNumber: syz
[  400.560833][ T5965] usb 1-1: config 0 descriptor??
[  400.837552][ T5965] usb 1-1: USB disconnect, device number 11
[  402.095728][ T5840] Bluetooth: hci3: unexpected event for opcode 0x6909
[  402.163081][ T5965] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  402.333110][ T5965] usb 2-1: Using ep0 maxpacket: 16
[  402.347799][ T5965] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  402.362736][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.383476][ T5965] usb 2-1: Product: syz
[  402.393117][ T5965] usb 2-1: Manufacturer: syz
[  402.404032][ T5965] usb 2-1: SerialNumber: syz
[  402.429654][ T5965] r8152-cfgselector 2-1: Unknown version 0x0000
[  402.446701][ T5965] r8152-cfgselector 2-1: config 0 descriptor??
[  402.739238][ T5965] r8152-cfgselector 2-1: Unknown version 0x0000
[  402.755075][ T5965] r8152-cfgselector 2-1: bad CDC descriptors
[  402.949154][    T9] r8152-cfgselector 2-1: USB disconnect, device number 11
[  404.801183][ T5840] Bluetooth: hci3: unexpected event for opcode 0x6909
[  409.751895][ T8883] fuse: Bad value for 'group_id'
[  409.776956][ T8883] fuse: Bad value for 'group_id'
[  410.443457][ T5920] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  410.743012][ T5920] usb 1-1: Using ep0 maxpacket: 32
[  410.916169][ T5920] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.027134][ T5920] usb 1-1: config 0 has no interfaces?
[  411.108541][ T5920] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  411.200277][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  411.302193][ T5920] usb 1-1: Product: syz
[  411.337838][ T5920] usb 1-1: Manufacturer: syz
[  411.449443][ T5920] usb 1-1: SerialNumber: syz
[  411.470583][ T5920] usb 1-1: config 0 descriptor??
[  411.483235][ T8905] netlink: 28 bytes leftover after parsing attributes in process `syz.5.796'.
[  411.492152][ T8905] netlink: 28 bytes leftover after parsing attributes in process `syz.5.796'.
[  411.682429][ T5920] usb 1-1: USB disconnect, device number 12
[  411.770175][ T8911] netlink: 'syz.3.801': attribute type 3 has an invalid length.
[  412.479404][ T8913] ubi: mtd0 is already attached to ubi31
[  413.523215][ T5920] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  413.673337][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  413.681018][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  413.691532][ T5920] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[  413.714504][ T5920] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  413.723931][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  413.746884][ T5920] usb 5-1: Product: syz
[  413.755632][ T5920] usb 5-1: Manufacturer: syz
[  413.791482][ T5920] usb 5-1: SerialNumber: syz
[  414.067823][ T5920] usb 5-1: config 0 descriptor??
[  414.338791][ T5920] usb 5-1: USB disconnect, device number 15
[  414.625832][ T8934] fuse: Bad value for 'group_id'
[  414.630868][ T8934] fuse: Bad value for 'group_id'
[  416.544998][ T8955] netlink: 52 bytes leftover after parsing attributes in process `syz.5.812'.
[  417.210520][ T8967] netlink: 'syz.5.813': attribute type 3 has an invalid length.
[  419.668826][ T8985] fuse: Bad value for 'group_id'
[  419.681012][ T8985] fuse: Bad value for 'group_id'
[  420.213027][  T983] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  420.373503][  T983] usb 4-1: Using ep0 maxpacket: 32
[  420.386084][  T983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  420.426060][  T983] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[  420.462110][  T983] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  420.478817][  T983] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  420.571095][  T983] usb 4-1: Product: syz
[  420.642506][  T983] usb 4-1: Manufacturer: syz
[  420.665117][  T983] usb 4-1: SerialNumber: syz
[  420.738436][  T983] usb 4-1: config 0 descriptor??
[  421.285318][ T5833] usb 4-1: USB disconnect, device number 25
[  421.737343][ T9000] netlink: 28 bytes leftover after parsing attributes in process `syz.4.820'.
[  421.757098][ T9000] netlink: 28 bytes leftover after parsing attributes in process `syz.4.820'.
[  421.813334][ T9000] ubi: mtd0 is already attached to ubi31
[  422.467169][ T9008] netlink: 'syz.3.824': attribute type 3 has an invalid length.
[  424.768083][ T9031] netlink: 'syz.1.830': attribute type 1 has an invalid length.
[  425.533867][ T9039] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'.
[  425.656705][ T9033] bond1: (slave gretap1): making interface the new active one
[  426.112486][ T9033] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  426.286196][ T9039] 8021q: adding VLAN 0 to HW filter on device bond1
[  427.210906][ T9059] netlink: 'syz.1.836': attribute type 3 has an invalid length.
[  427.963048][ T5833] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  428.235304][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  428.325555][ T5833] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  428.345520][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.080009][ T5833] usb 2-1: config 0 descriptor??
[  431.720122][ T5833] usbhid 2-1:0.0: can't add hid device: -71
[  431.873162][ T5833] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  431.901637][ T5833] usb 2-1: USB disconnect, device number 12
[  437.503162][ T5833] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  438.485577][ T5833] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.646338][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.860'.
[  439.263512][ T5833] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  439.303035][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  439.325440][ T5833] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  439.356867][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.430821][ T5833] usb 4-1: config 0 descriptor??
[  439.581162][ T9144] bpf: Bad value for 'gid'
[  439.660420][ T5833] usb 4-1: can't set config #0, error -71
[  439.668653][ T5833] usb 4-1: USB disconnect, device number 26
[  439.934666][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  439.946475][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  439.980117][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.610877][   T24] usb 1-1: config 0 descriptor??
[  441.517277][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  441.775901][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  441.789669][   T24] usb 1-1: USB disconnect, device number 13
[  441.833097][ T5833] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  442.059799][ T5833] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  442.090231][ T5833] usb 5-1: config 0 interface 0 has no altsetting 0
[  442.125674][ T5833] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  442.171809][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  442.218477][ T5833] usb 5-1: Product: syz
[  442.854076][ T5833] usb 5-1: Manufacturer: syz
[  442.858763][ T5833] usb 5-1: SerialNumber: syz
[  442.914184][ T5833] usb 5-1: config 0 descriptor??
[  443.109698][ T5833] usb 5-1: selecting invalid altsetting 0
[  443.214160][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  443.575129][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  443.943112][    T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  443.953131][ T5833] usb 5-1: USB disconnect, device number 16
[  443.962293][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  443.992484][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.036785][    T9] usb 1-1: config 0 descriptor??
[  444.108628][ T9199] vxfs: unable to read disk superblock at 1
[  444.289555][ T9200] bpf: Bad value for 'gid'
[  444.319581][ T9199] vxfs: unable to read disk superblock at 8
[  444.539509][   T43] usb 1-1: USB disconnect, device number 14
[  444.559753][ T9199] vxfs: can't find superblock.
[  445.273111][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  447.794028][ T9226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.882'.
[  450.058468][ T9240] netlink: 'syz.5.888': attribute type 3 has an invalid length.
[  452.839051][ T9260] bond0: entered promiscuous mode
[  452.849113][ T9260] bond_slave_0: entered promiscuous mode
[  452.890746][ T9260] bond_slave_1: entered promiscuous mode
[  452.904169][ T9260] dummy0: entered promiscuous mode
[  452.910645][ T9260] debugfs: 'hsr1' already exists in 'hsr'
[  452.916529][ T9260] Cannot create hsr debugfs directory
[  452.922444][ T9260] hsr1: entered promiscuous mode
[  452.933177][ T9260] hsr1: entered allmulticast mode
[  452.938374][ T9260] bond0: entered allmulticast mode
[  452.944376][ T9260] bond_slave_0: entered allmulticast mode
[  452.950316][ T9260] bond_slave_1: entered allmulticast mode
[  452.958976][ T9260] dummy0: entered allmulticast mode
[  453.114245][   T43] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  453.151409][ T9276] ntfs3(nullb0): Primary boot signature is not NTFS.
[  453.160117][ T9276] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  453.294652][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  453.398175][   T43] usb 6-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  453.502254][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.700078][   T43] usb 6-1: config 0 descriptor??
[  454.608824][   T43] usbhid 6-1:0.0: can't add hid device: -71
[  454.615052][   T43] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  454.626607][   T43] usb 6-1: USB disconnect, device number 13
[  456.902436][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.908'.
[  456.911350][ T9313] netlink: 20 bytes leftover after parsing attributes in process `syz.1.908'.
[  457.525433][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  458.163030][ T5920] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  458.336559][ T9328] ntfs3(nullb0): Primary boot signature is not NTFS.
[  458.364619][ T9328] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  458.373035][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  458.379451][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  458.400840][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  458.421024][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[  458.423106][   T43] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  458.466329][ T5920] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  458.486342][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  458.503931][   T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  458.516226][ T5920] usb 4-1: Product: syz
[  458.520455][ T5920] usb 4-1: Manufacturer: syz
[  458.531396][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.553046][ T5920] usb 4-1: SerialNumber: syz
[  458.579454][ T5920] usb 4-1: config 0 descriptor??
[  458.593704][   T43] usb 1-1: config 0 descriptor??
[  458.951340][ T5920] usb 4-1: USB disconnect, device number 27
[  459.015293][    T9] usb 1-1: USB disconnect, device number 15
[  462.123989][ T9374] netlink: 'syz.3.930': attribute type 1 has an invalid length.
[  463.540046][ T9374] netlink: 28 bytes leftover after parsing attributes in process `syz.3.930'.
[  463.566266][ T9379] bond1: (slave gretap1): making interface the new active one
[  463.596251][ T9379] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  463.688326][ T9374] 8021q: adding VLAN 0 to HW filter on device bond1
[  467.518844][ T9434] netlink: 'syz.1.946': attribute type 3 has an invalid length.
[  471.074375][ T9462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.175885][ T9480] fuse: Bad value for 'user_id'
[  471.180846][ T9480] fuse: Bad value for 'user_id'
[  472.391186][ T9507] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  472.429769][ T9509] netlink: 'syz.4.970': attribute type 1 has an invalid length.
[  472.490317][ T9514] netlink: 28 bytes leftover after parsing attributes in process `syz.4.970'.
[  472.566466][ T9509] bond1: (slave gretap1): making interface the new active one
[  472.575382][ T9509] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  472.588583][ T9509] netlink: 28 bytes leftover after parsing attributes in process `syz.4.970'.
[  472.600420][ T9509] 8021q: adding VLAN 0 to HW filter on device bond1
[  472.845781][ T9528] fuse: Bad value for 'user_id'
[  472.853366][ T9528] fuse: Bad value for 'user_id'
[  473.275635][ T9536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.977'.
[  473.517877][ T9540] program syz.1.978 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  474.613338][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  474.666565][ T9545] syzkaller0: entered promiscuous mode
[  474.683957][ T9545] syzkaller0: entered allmulticast mode
[  474.903074][    T9] usb 2-1: Using ep0 maxpacket: 32
[  474.999951][    T9] usb 2-1: config 0 has an invalid interface number: 83 but max is 0
[  475.050818][    T9] usb 2-1: config 0 has no interface number 0
[  475.070428][    T9] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=92.f7
[  475.080397][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.088976][    T9] usb 2-1: Product: syz
[  475.113258][    T9] usb 2-1: Manufacturer: syz
[  475.123370][    T9] usb 2-1: SerialNumber: syz
[  475.171824][    T9] usb 2-1: config 0 descriptor??
[  475.736177][ T9567] fuse: Bad value for 'user_id'
[  475.760558][ T9567] fuse: Bad value for 'user_id'
[  477.057315][ T9577] loop4: detected capacity change from 0 to 4096
[  477.068275][ T9577] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  478.215013][ T9577] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  478.231557][ T8386] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22.
[  478.669211][ T9577] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  478.693359][ T9577] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  478.718675][ T9577] ntfs3(loop4): ino=3, ntfs_set_state failed, -22.
[  478.807802][ T7377] ntfs3(loop4): ino=3, ntfs3_write_inode failed, -22.
[  478.959885][    T9] peak_usb 2-1:0.83 can0: unable to request usb[type=0 value=1] err=-71
[  478.992670][    T9] peak_usb 2-1:0.83: unable to read PCAN-USB Pro firmware info (err -71)
[  479.111160][ T9605] fuse: Bad value for 'fd'
[  479.199550][    T9] peak_usb 2-1:0.83: probe with driver peak_usb failed with error -71
[  479.244583][    T9] usb 2-1: USB disconnect, device number 13
[  481.214221][   T30] kauditd_printk_skb: 76 callbacks suppressed
[  481.214240][   T30] audit: type=1326 audit(1759828598.232:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  481.375918][   T30] audit: type=1326 audit(1759828598.322:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  481.852421][   T30] audit: type=1326 audit(1759828598.332:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  481.939363][   T30] audit: type=1326 audit(1759828598.332:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.168373][   T30] audit: type=1326 audit(1759828598.332:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.282145][   T30] audit: type=1326 audit(1759828598.332:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.332693][   T30] audit: type=1326 audit(1759828598.332:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.370709][   T30] audit: type=1326 audit(1759828598.332:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.397778][   T30] audit: type=1326 audit(1759828598.332:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.422811][   T30] audit: type=1326 audit(1759828598.332:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9634 comm="syz.0.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  482.546345][ T9655] program syz.4.1013 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  485.073621][ T9680] dummy0: left promiscuous mode
[  485.695737][ T9648] syz.0.1014: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  485.855373][ T9648] CPU: 0 UID: 0 PID: 9648 Comm: syz.0.1014 Not tainted syzkaller #0 PREEMPT(full) 
[  485.855396][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  485.855411][ T9648] Call Trace:
[  485.855418][ T9648]  <TASK>
[  485.855425][ T9648]  dump_stack_lvl+0x189/0x250
[  485.855458][ T9648]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.855475][ T9648]  ? __pfx__printk+0x10/0x10
[  485.855491][ T9648]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  485.855508][ T9648]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  485.855530][ T9648]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  485.855548][ T9648]  warn_alloc+0x214/0x310
[  485.855571][ T9648]  ? __pfx_warn_alloc+0x10/0x10
[  485.855596][ T9648]  ? __get_vm_area_node+0x28f/0x300
[  485.855612][ T9648]  ? hash_ip4_resize+0x1e0/0x1990
[  485.855632][ T9648]  __vmalloc_node_range_noprof+0x690/0x12d0
[  485.855648][ T9648]  ? __lock_acquire+0xab9/0xd20
[  485.855685][ T9648]  ? alloc_pages_mpol+0x3cd/0x4a0
[  485.855706][ T9648]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  485.855726][ T9648]  ? rcu_is_watching+0x15/0xb0
[  485.855749][ T9648]  ? hash_ip4_resize+0x1e0/0x1990
[  485.855765][ T9648]  __kvmalloc_node_noprof+0x674/0x910
[  485.855783][ T9648]  ? hash_ip4_resize+0x1e0/0x1990
[  485.855806][ T9648]  hash_ip4_resize+0x1e0/0x1990
[  485.855824][ T9648]  ? hash_ip4_uadt+0x6cb/0x850
[  485.855841][ T9648]  ? __pfx_hash_ip4_add+0x10/0x10
[  485.855856][ T9648]  ? __pfx_hash_ip4_uadt+0x10/0x10
[  485.855869][ T9648]  ? __local_bh_enable_ip+0x12d/0x1c0
[  485.855906][ T9648]  call_ad+0x44e/0xb00
[  485.855934][ T9648]  ? __pfx_call_ad+0x10/0x10
[  485.855965][ T9648]  ? __nla_parse+0x40/0x60
[  485.855985][ T9648]  ip_set_ad+0x791/0x930
[  485.856013][ T9648]  ? __pfx_ip_set_ad+0x10/0x10
[  485.856085][ T9648]  nfnetlink_rcv_msg+0xb4d/0x1130
[  485.856116][ T9648]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  485.856164][ T9648]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  485.856190][ T9648]  ? kmem_cache_free+0x19b/0x690
[  485.856235][ T9648]  ? __lock_acquire+0xab9/0xd20
[  485.856261][ T9648]  netlink_rcv_skb+0x208/0x470
[  485.856287][ T9648]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  485.856309][ T9648]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  485.856340][ T9648]  ? bpf_lsm_capable+0x9/0x20
[  485.856353][ T9648]  ? security_capable+0x7e/0x2e0
[  485.856373][ T9648]  nfnetlink_rcv+0x282/0x2590
[  485.856396][ T9648]  ? kernel_text_address+0xa5/0xe0
[  485.856414][ T9648]  ? __kernel_text_address+0xd/0x40
[  485.856431][ T9648]  ? unwind_get_return_address+0x4d/0x90
[  485.856455][ T9648]  ? arch_stack_walk+0xfc/0x150
[  485.856488][ T9648]  ? stack_trace_save+0x9c/0xe0
[  485.856503][ T9648]  ? __pfx_stack_trace_save+0x10/0x10
[  485.856521][ T9648]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  485.856539][ T9648]  ? save_netdev_trace_buffer+0x14f/0x5e0
[  485.856561][ T9648]  ? save_netdev_trace_buffer+0x4e2/0x5e0
[  485.856584][ T9648]  ? __pfx_save_netdev_trace_buffer+0x10/0x10
[  485.856602][ T9648]  ? ref_tracker_free+0x63a/0x7d0
[  485.856616][ T9648]  ? __netlink_deliver_tap+0x636/0x8b0
[  485.856636][ T9648]  ? netlink_deliver_tap+0x19c/0x1b0
[  485.856658][ T9648]  ? netlink_unicast+0x7fa/0x9e0
[  485.856676][ T9648]  ? netlink_sendmsg+0x805/0xb30
[  485.856697][ T9648]  ? __sock_sendmsg+0x21c/0x270
[  485.856723][ T9648]  ? ____sys_sendmsg+0x505/0x830
[  485.856740][ T9648]  ? ___sys_sendmsg+0x21f/0x2a0
[  485.856758][ T9648]  ? __x64_sys_sendmsg+0x19b/0x260
[  485.856776][ T9648]  ? do_syscall_64+0xfa/0xfa0
[  485.856793][ T9648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.856813][ T9648]  ? __skb_clone+0x483/0x7a0
[  485.856834][ T9648]  ? skb_clone+0x246/0x3a0
[  485.856852][ T9648]  ? __netlink_deliver_tap+0x866/0x8b0
[  485.856875][ T9648]  ? netlink_deliver_tap+0x2e/0x1b0
[  485.856903][ T9648]  ? netlink_deliver_tap+0x2e/0x1b0
[  485.856931][ T9648]  netlink_unicast+0x82f/0x9e0
[  485.856958][ T9648]  ? __pfx_netlink_unicast+0x10/0x10
[  485.856980][ T9648]  ? netlink_sendmsg+0x642/0xb30
[  485.857002][ T9648]  ? skb_put+0x11b/0x210
[  485.857035][ T9648]  netlink_sendmsg+0x805/0xb30
[  485.857066][ T9648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.857092][ T9648]  ? aa_sock_msg_perm+0xf1/0x1d0
[  485.857110][ T9648]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  485.857130][ T9648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.857154][ T9648]  __sock_sendmsg+0x21c/0x270
[  485.857175][ T9648]  ____sys_sendmsg+0x505/0x830
[  485.857195][ T9648]  ? __pfx_____sys_sendmsg+0x10/0x10
[  485.857217][ T9648]  ? import_iovec+0x74/0xa0
[  485.857239][ T9648]  ___sys_sendmsg+0x21f/0x2a0
[  485.857256][ T9648]  ? __pfx____sys_sendmsg+0x10/0x10
[  485.857299][ T9648]  ? __fget_files+0x2a/0x420
[  485.857317][ T9648]  ? __fget_files+0x3a0/0x420
[  485.857343][ T9648]  __x64_sys_sendmsg+0x19b/0x260
[  485.857360][ T9648]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  485.857389][ T9648]  ? do_syscall_64+0xbe/0xfa0
[  485.857408][ T9648]  do_syscall_64+0xfa/0xfa0
[  485.857423][ T9648]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.857439][ T9648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.857454][ T9648]  ? clear_bhb_loop+0x60/0xb0
[  485.857472][ T9648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.857493][ T9648] RIP: 0033:0x7fe783f8eec9
[  485.857514][ T9648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  485.857528][ T9648] RSP: 002b:00007fe7821f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  485.857544][ T9648] RAX: ffffffffffffffda RBX: 00007fe7841e5fa0 RCX: 00007fe783f8eec9
[  485.857555][ T9648] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 0000000000000007
[  485.857565][ T9648] RBP: 00007fe784011f91 R08: 0000000000000000 R09: 0000000000000000
[  485.857574][ T9648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  485.857583][ T9648] R13: 00007fe7841e6038 R14: 00007fe7841e5fa0 R15: 00007ffc69dac3a8
[  485.857607][ T9648]  </TASK>
[  485.859839][ T9648] Mem-Info:
[  486.466666][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  486.466688][   T30] audit: type=1326 audit(1759828603.482:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  486.495118][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.130370][ T9648] active_anon:7776 inactive_anon:0 isolated_anon:0
[  487.130370][ T9648]  active_file:12997 inactive_file:40050 isolated_file:0
[  487.130370][ T9648]  unevictable:768 dirty:240 writeback:0
[  487.130370][ T9648]  slab_reclaimable:10800 slab_unreclaimable:98260
[  487.130370][ T9648]  mapped:30246 shmem:1361 pagetables:1474
[  487.130370][ T9648]  sec_pagetables:0 bounce:0
[  487.130370][ T9648]  kernel_misc_reclaimable:0
[  487.130370][ T9648]  free:1312906 free_pcp:16261 free_cma:0
[  487.175825][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.339380][ T9648] Node 0 active_anon:27272kB inactive_anon:0kB active_file:51988kB inactive_file:160000kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120968kB dirty:960kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12580kB pagetables:5732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  487.371242][    C1] vkms_vblank_simulate: vblank timer overrun
[  487.398332][ T9700] syzkaller0: entered promiscuous mode
[  487.429004][ T9700] syzkaller0: entered allmulticast mode
[  487.430089][   T30] audit: type=1326 audit(1759828603.482:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.463223][   T30] audit: type=1326 audit(1759828603.532:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.487648][   T30] audit: type=1326 audit(1759828603.532:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.510489][   T30] audit: type=1326 audit(1759828603.532:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.533742][   T30] audit: type=1326 audit(1759828603.532:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.586533][   T30] audit: type=1326 audit(1759828603.542:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.608628][ T9648] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  487.619222][   T30] audit: type=1326 audit(1759828603.542:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.687002][   T30] audit: type=1326 audit(1759828603.542:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.732990][   T30] audit: type=1326 audit(1759828603.542:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.1.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f358eec9 code=0x7ffc0000
[  487.794548][ T9648] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  487.825242][ T9648] lowmem_reserve[]: 0 2495 2496 2496 2496
[  487.831173][ T9648] Node 0 DMA32 free:1344696kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33304kB inactive_anon:0kB active_file:51988kB inactive_file:160000kB unevictable:1536kB writepending:960kB zspages:0kB present:3129332kB managed:2555476kB mlocked:0kB bounce:0kB free_pcp:40080kB local_pcp:26336kB free_cma:0kB
[  488.007053][ T9648] lowmem_reserve[]: 0 0 1 1 1
[  488.028152][ T9648] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  488.174429][ T9648] lowmem_reserve[]: 0 0 0 0 0
[  488.195284][ T9648] Node 1 Normal free:3898328kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15552kB local_pcp:6816kB free_cma:0kB
[  488.495888][ T9648] lowmem_reserve[]: 0 0 0 0 0
[  488.511839][ T9648] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  489.237499][ T9648] Node 0 DMA32: 0*4kB 2*8kB (UE) 4*16kB (UE) 91*32kB (UME) 48*64kB (UM) 100*128kB (UM) 56*256kB (UME) 24*512kB (UME) 12*1024kB (UM) 5*2048kB (M) 307*4096kB (UM) = 1325488kB
[  489.256442][ T9648] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  490.123751][ T9648] Node 1 Normal: 180*4kB (UE) 37*8kB (UME) 38*16kB (UME) 114*32kB (UME) 25*64kB (UME) 4*128kB (UM) 5*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3898328kB
[  490.221554][ T9648] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  490.265490][ T9648] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  490.393443][ T9648] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  490.453850][ T9648] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  490.481309][ T9648] 57039 total pagecache pages
[  490.496391][ T9648] 0 pages in swap cache
[  490.628531][ T9648] Free swap  = 124996kB
[  490.632753][ T9648] Total swap = 124996kB
[  490.791123][ T9648] 2097051 pages RAM
[  490.795900][ T9648] 0 pages HighMem/MovableOnly
[  490.801598][ T9648] 426284 pages reserved
[  490.806207][ T9648] 0 pages cma reserved
[  492.397702][ T9756] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1041'.
[  492.469311][ T9758] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1041'.
[  492.541569][ T9747] team0 (unregistering): Port device team_slave_0 removed
[  492.560188][ T9747] team0 (unregistering): Port device team_slave_1 removed
[  492.579699][ T9751] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1039'.
[  492.639862][ T9756] macvlan0: entered promiscuous mode
[  492.672097][ T9756] batadv0: entered promiscuous mode
[  492.765887][ T9756] debugfs: 'hsr1' already exists in 'hsr'
[  492.777066][ T9756] Cannot create hsr debugfs directory
[  492.783507][ T9756] hsr1: entered allmulticast mode
[  492.788919][ T9756] macvlan0: entered allmulticast mode
[  492.821805][ T9756] veth1_vlan: entered allmulticast mode
[  492.834974][ T9767] netlink: 'syz.5.1046': attribute type 1 has an invalid length.
[  492.850544][ T9756] batadv0: entered allmulticast mode
[  492.933221][ T9770] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1046'.
[  492.942326][ T9770] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1046'.
[  493.007311][ T9767] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1046'.
[  493.644200][ T9767] 8021q: adding VLAN 0 to HW filter on device bond2
[  494.102101][ T9781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  495.101229][ T9793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1051'.
[  495.111397][ T9793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1051'.
[  495.149096][ T9793] ubi: mtd0 is already attached to ubi31
[  497.681924][ T9827] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1061'.
[  498.238259][ T9842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'.
[  499.530272][ T9863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1075'.
[  499.539372][ T9863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1075'.
[  499.557561][ T9863] ubi: mtd0 is already attached to ubi31
[  499.575788][ T9866] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1076'.
[  499.715212][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  499.715231][   T30] audit: type=1326 audit(1759828616.732:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  499.754165][   T30] audit: type=1326 audit(1759828616.732:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  499.795051][   T30] audit: type=1326 audit(1759828616.732:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  499.821480][   T30] audit: type=1326 audit(1759828616.732:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  499.858124][   T30] audit: type=1326 audit(1759828616.732:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  499.947613][   T30] audit: type=1326 audit(1759828616.732:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  500.853019][   T30] audit: type=1326 audit(1759828616.732:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  501.062027][   T30] audit: type=1326 audit(1759828616.732:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  501.118019][   T30] audit: type=1326 audit(1759828616.732:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  501.184166][   T30] audit: type=1326 audit(1759828616.732:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9872 comm="syz.0.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe783f8eec9 code=0x7ffc0000
[  502.801971][ T9915] netlink: 'syz.1.1088': attribute type 1 has an invalid length.
[  503.544797][ T9918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1088'.
[  503.607768][ T9915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1088'.
[  503.633073][ T9918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1088'.
[  503.659363][ T9915] 8021q: adding VLAN 0 to HW filter on device bond2
[  503.739668][ T9925] tipc: Started in network mode
[  503.783144][ T9925] tipc: Node identity 4adf0b1672de, cluster identity 4711
[  503.817414][ T9925] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  503.823242][  T983] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  503.897954][ T9925] tipc: Resetting bearer <eth:syzkaller0>
[  503.947761][ T9923] tipc: Disabling bearer <eth:syzkaller0>
[  504.104368][  T983] usb 5-1: Using ep0 maxpacket: 32
[  504.110111][ T9929] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1096'.
[  504.119892][ T9929] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1096'.
[  504.122286][  T983] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  504.139552][  T983] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  504.152412][  T983] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  504.164114][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.183030][  T983] usb 5-1: Product: syz
[  504.187260][  T983] usb 5-1: Manufacturer: syz
[  504.191886][  T983] usb 5-1: SerialNumber: syz
[  504.233074][  T983] usb 5-1: config 0 descriptor??
[  505.712486][ T9932] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  506.718009][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  507.506547][  T983] usb 5-1: USB disconnect, device number 17
[  507.737871][ T9968] netlink: 'syz.4.1105': attribute type 1 has an invalid length.
[  507.885472][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1105'.
[  507.969784][ T9973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1105'.
[  508.204687][ T9968] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1105'.
[  508.254701][ T9968] 8021q: adding VLAN 0 to HW filter on device bond2
[  509.674728][T10008] netlink: 14212 bytes leftover after parsing attributes in process `syz.4.1114'.
[  510.704190][ T5965] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  510.955190][ T5965] usb 2-1: Using ep0 maxpacket: 32
[  510.977923][ T5965] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  510.998467][ T5965] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  511.020222][T10028] netlink: 'syz.3.1121': attribute type 1 has an invalid length.
[  511.034660][ T5965] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  511.063118][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.081598][ T5965] usb 2-1: Product: syz
[  511.091987][ T5965] usb 2-1: Manufacturer: syz
[  511.106907][ T5965] usb 2-1: SerialNumber: syz
[  511.115948][T10030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1121'.
[  511.116051][ T5965] usb 2-1: config 0 descriptor??
[  511.211952][T10032] tipc: Started in network mode
[  511.243011][T10032] tipc: Node identity da5ae9060ffe, cluster identity 4711
[  511.247324][T10028] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1121'.
[  511.261778][T10032] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.135361][T10035] syzkaller0: entered promiscuous mode
[  512.153046][T10035] syzkaller0: entered allmulticast mode
[  512.185060][T10028] 8021q: adding VLAN 0 to HW filter on device bond3
[  512.224400][T10045] tipc: Resetting bearer <eth:syzkaller0>
[  512.236972][T10026] tipc: Resetting bearer <eth:syzkaller0>
[  512.265053][T10026] tipc: Disabling bearer <eth:syzkaller0>
[  513.407552][    T9] usb 2-1: USB disconnect, device number 14
[  514.723052][T10083] netlink: 'syz.0.1134': attribute type 1 has an invalid length.
[  516.723566][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1134'.
[  517.013625][T10083] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1134'.
[  517.245294][T10083] 8021q: adding VLAN 0 to HW filter on device bond2
[  518.080311][T10120] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1142'.
[  520.463393][  T983] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  520.753019][  T983] usb 5-1: Using ep0 maxpacket: 8
[  520.942747][  T983] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  520.984218][  T983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.673920][  T983] pvrusb2: Hardware description: Terratec Grabster AV400
[  521.681019][  T983] pvrusb2: **********
[  521.705045][  T983] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  521.726485][  T983] pvrusb2: Important functionality might not be entirely working.
[  521.746796][  T983] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  521.772955][  T983] pvrusb2: **********
[  522.116376][ T2345] pvrusb2: Invalid write control endpoint
[  522.140480][T10155] fuse: Unknown parameter 'user_i0x0000000000000000'
[  522.141008][  T983] usb 5-1: USB disconnect, device number 18
[  522.154961][T10153] netlink: 'syz.0.1152': attribute type 1 has an invalid length.
[  522.221901][ T2345] pvrusb2: Invalid write control endpoint
[  522.233657][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  522.248672][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  522.256357][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  522.266556][ T2345] pvrusb2: Device being rendered inoperable
[  522.275590][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  522.283209][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  522.288103][T10160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1152'.
[  522.300221][ T2345] pvrusb2: Attached sub-driver cx25840
[  522.300275][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  522.300289][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  522.422546][T10159] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  522.430307][T10153] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1152'.
[  522.456654][T10153] 8021q: adding VLAN 0 to HW filter on device bond5
[  522.497866][T10157] tipc: Disabling bearer <eth:syzkaller0>
[  524.197207][T10189] fuse: Unknown parameter 'user_i0x0000000000000000'
[  524.924242][T10195] netlink: 'syz.4.1167': attribute type 3 has an invalid length.
[  528.294548][T10238] netlink: 'syz.4.1180': attribute type 16 has an invalid length.
[  528.302505][T10238] netlink: 'syz.4.1180': attribute type 17 has an invalid length.
[  528.320250][T10238] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  531.503966][T10280] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.511462][T10280] bridge0: port 1(bridge_slave_0) entered disabled state
[  531.521384][T10289] netlink: 'syz.0.1194': attribute type 3 has an invalid length.
[  531.771152][T10280] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.854776][T10280] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  532.284603][T10280] hsr1: left promiscuous mode
[  532.289358][T10280] hsr1: left allmulticast mode
[  532.310845][T10280] bond0: left allmulticast mode
[  532.316419][T10280] bond_slave_0: left allmulticast mode
[  532.322225][T10280] bond_slave_1: left allmulticast mode
[  532.364779][T10294] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  532.390335][ T8238] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  532.419972][ T8238] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  532.439392][ T8238] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  532.484531][ T8238] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  532.654435][T10308] erspan0: entered promiscuous mode
[  534.103703][T10320] netlink: 'syz.4.1205': attribute type 1 has an invalid length.
[  534.330805][T10320] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1205'.
[  534.356949][T10320] 8021q: adding VLAN 0 to HW filter on device bond4
[  534.437853][T10332] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  535.575911][T10346] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  535.586129][T10341] tipc: Resetting bearer <eth:syzkaller0>
[  535.796643][T10338] tipc: Disabling bearer <eth:syzkaller0>
[  536.251017][T10367] netlink: 'syz.3.1221': attribute type 1 has an invalid length.
[  536.766018][T10374] netlink: 14212 bytes leftover after parsing attributes in process `syz.0.1223'.
[  537.298284][T10380] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1221'.
[  537.372711][T10380] 8021q: adding VLAN 0 to HW filter on device bond5
[  537.605273][ T5965] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  539.043411][ T5965] usb 2-1: Using ep0 maxpacket: 8
[  539.247279][ T5965] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  539.277477][ T5965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.040196][ T5965] usb 2-1: can't set config #252, error -71
[  540.064458][ T5965] usb 2-1: USB disconnect, device number 15
[  541.052365][T10418] netlink: 14212 bytes leftover after parsing attributes in process `syz.3.1236'.
[  541.702202][T10426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1237'.
[  541.711314][T10426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1237'.
[  543.342820][T10441] fuse: Unknown parameter '0x0000000000000005'
[  545.060727][T10459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  545.069150][T10459] syzkaller0: entered promiscuous mode
[  545.083414][T10459] syzkaller0: entered allmulticast mode
[  545.149002][T10459] tipc: Resetting bearer <eth:syzkaller0>
[  545.166096][T10458] tipc: Resetting bearer <eth:syzkaller0>
[  545.195683][T10458] tipc: Disabling bearer <eth:syzkaller0>
[  548.926237][T10504] fuse: Unknown parameter 'fd0x0000000000000003'
[  551.293690][T10548] fuse: Unknown parameter 'fd0x0000000000000003'
[  551.539043][T10553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1278'.
[  552.230682][T10575] netlink: 'syz.5.1285': attribute type 3 has an invalid length.
[  552.983196][T10578] fuse: Unknown parameter 'fd0x0000000000000003'
[  553.231098][T10589] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1291'.
[  553.408262][T10595] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1294'.
[  555.047096][T10628] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1306'.
[  555.322935][T10635] ubi: mtd0 is already attached to ubi31
[  555.712927][T10632] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1305'.
[  555.722034][T10632] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1305'.
[  557.390793][T10666] netlink: 'syz.3.1318': attribute type 1 has an invalid length.
[  557.699337][T10666] openvswitch: netlink: Message has 596 unknown bytes.
[  558.759468][T10682] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1322'.
[  560.757650][   T43] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  561.503087][   T43] usb 6-1: Using ep0 maxpacket: 8
[  561.514652][   T43] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  561.542980][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.582728][   T43] pvrusb2: Hardware description: Terratec Grabster AV400
[  561.604643][   T43] pvrusb2: **********
[  561.608706][   T43] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  561.653289][   T43] pvrusb2: Important functionality might not be entirely working.
[  561.681755][   T43] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  561.705405][   T43] pvrusb2: **********
[  561.998875][   T43] usb 6-1: USB disconnect, device number 14
[  562.004532][ T2345] pvrusb2: Invalid write control endpoint
[  562.154855][ T2345] pvrusb2: Invalid write control endpoint
[  562.162451][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  562.203463][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  562.231617][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  562.262378][ T2345] pvrusb2: Device being rendered inoperable
[  562.279818][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  562.387960][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  562.412763][ T2345] pvrusb2: Attached sub-driver cx25840
[  562.420255][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  562.439664][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  562.515367][T10738] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  563.872830][   T43] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  564.085725][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  564.773939][   T43] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  564.796315][   T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  564.816590][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.839219][   T43] usb 1-1: config 0 descriptor??
[  564.957998][T10763] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1352'.
[  565.071903][   T43] usb 1-1: USB disconnect, device number 16
[  565.570706][T10755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1350'.
[  565.857477][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  566.025033][   T24] usb 2-1: Using ep0 maxpacket: 8
[  566.040895][   T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  566.083253][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.142055][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  566.171515][   T24] pvrusb2: **********
[  566.190001][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  566.212707][   T24] pvrusb2: Important functionality might not be entirely working.
[  566.241839][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  566.262464][   T24] pvrusb2: **********
[  566.602976][ T2345] pvrusb2: Invalid write control endpoint
[  566.624028][   T24] usb 2-1: USB disconnect, device number 16
[  566.797892][ T2345] pvrusb2: Invalid write control endpoint
[  566.816384][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  566.928859][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  566.987711][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  567.000486][ T2345] pvrusb2: Device being rendered inoperable
[  567.007207][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  567.014734][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  567.035516][ T2345] pvrusb2: Attached sub-driver cx25840
[  567.041290][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  567.054844][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  568.151200][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  569.028187][T10813] netlink: 'syz.0.1364': attribute type 1 has an invalid length.
[  569.036148][T10813] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1364'.
[  569.047989][T10813] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1364'.
[  569.500979][T10832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1371'.
[  569.544824][T10832] team1: entered promiscuous mode
[  569.550027][T10832] team1: entered allmulticast mode
[  569.556809][T10832] 8021q: adding VLAN 0 to HW filter on device team1
[  572.083083][  T983] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  572.381005][  T983] usb 6-1: Using ep0 maxpacket: 8
[  572.399946][  T983] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  572.433014][  T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.525792][  T983] pvrusb2: Hardware description: Terratec Grabster AV400
[  572.578268][  T983] pvrusb2: **********
[  572.588459][  T983] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  572.625978][  T983] pvrusb2: Important functionality might not be entirely working.
[  572.642954][  T983] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  572.672995][  T983] pvrusb2: **********
[  572.926972][T10880] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  572.944193][T10880] syzkaller0: entered promiscuous mode
[  572.956568][T10880] syzkaller0: entered allmulticast mode
[  572.967285][ T2345] pvrusb2: Invalid write control endpoint
[  572.987527][  T983] usb 6-1: USB disconnect, device number 15
[  572.997374][T10880] tipc: Resetting bearer <eth:syzkaller0>
[  573.006520][T10884] x_tables: duplicate underflow at hook 1
[  573.046128][T10878] tipc: Resetting bearer <eth:syzkaller0>
[  573.060715][ T2345] pvrusb2: Invalid write control endpoint
[  573.070240][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  573.094838][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  573.095501][T10878] tipc: Disabling bearer <eth:syzkaller0>
[  573.113528][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  573.133992][ T2345] pvrusb2: Device being rendered inoperable
[  573.141577][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  573.150495][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  573.160550][ T2345] pvrusb2: Attached sub-driver cx25840
[  573.166113][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  573.177780][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  574.404419][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1404'.
[  577.003016][  T983] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  577.263236][  T983] usb 2-1: Using ep0 maxpacket: 8
[  577.277682][  T983] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  577.532388][T10975] netlink: 'syz.3.1419': attribute type 1 has an invalid length.
[  577.574244][T10969] netlink: 'syz.0.1417': attribute type 16 has an invalid length.
[  577.592559][T10969] netlink: 'syz.0.1417': attribute type 17 has an invalid length.
[  577.753345][T10984] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  577.761451][T10984] syzkaller0: entered promiscuous mode
[  577.767699][T10984] syzkaller0: entered allmulticast mode
[  577.783349][  T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.907746][T10969] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  577.921263][  T983] pvrusb2: Hardware description: Terratec Grabster AV400
[  577.930323][  T983] pvrusb2: **********
[  577.934191][T10982] nbd3: detected capacity change from 0 to 63
[  577.943000][  T983] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  577.955027][T10983] tipc: Resetting bearer <eth:syzkaller0>
[  577.955267][T10988] block nbd3: NBD_DISCONNECT
[  577.973325][  T983] pvrusb2: Important functionality might not be entirely working.
[  577.981196][  T983] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  578.001418][T10985] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1420'.
[  578.005058][T10988] block nbd3: Disconnected due to user request.
[  578.020963][T10988] block nbd3: shutting down sockets
[  578.042553][  T983] pvrusb2: **********
[  578.071236][    C1] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.080864][    C1] Buffer I/O error on dev nbd3, logical block 0, async page read
[  578.091819][T10983] tipc: Disabling bearer <eth:syzkaller0>
[  578.315148][    C1] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.324291][    C1] Buffer I/O error on dev nbd3, logical block 1, async page read
[  578.342378][ T2345] pvrusb2: Invalid write control endpoint
[  578.408444][  T983] usb 2-1: USB disconnect, device number 17
[  578.423589][    C1] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.432694][    C1] Buffer I/O error on dev nbd3, logical block 2, async page read
[  578.440554][    C1] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.449620][    C1] Buffer I/O error on dev nbd3, logical block 3, async page read
[  578.457519][ T7019] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.513030][ T7019] Buffer I/O error on dev nbd3, logical block 0, async page read
[  578.521133][ T7019] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.593082][ T7019] Buffer I/O error on dev nbd3, logical block 1, async page read
[  578.623221][ T7019] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.632343][ T7019] Buffer I/O error on dev nbd3, logical block 2, async page read
[  578.649801][ T2345] pvrusb2: Invalid write control endpoint
[  578.668276][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  578.693336][ T7019] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.702840][ T7019] Buffer I/O error on dev nbd3, logical block 3, async page read
[  578.722951][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  578.730561][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  578.753192][ T7019] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.779675][ T7019] Buffer I/O error on dev nbd3, logical block 0, async page read
[  578.800640][ T2345] pvrusb2: Device being rendered inoperable
[  578.812183][ T7019] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  578.823606][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  578.830726][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  578.853742][ T7019] Buffer I/O error on dev nbd3, logical block 1, async page read
[  578.880010][ T7019] ldm_validate_partition_table(): Disk read failed.
[  578.887361][ T2345] pvrusb2: Attached sub-driver cx25840
[  578.901322][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  578.914664][ T7019] Dev nbd3: unable to read RDB block 0
[  578.934777][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  578.955905][ T7019]  nbd3: unable to read partition table
[  579.031681][ T7019] ldm_validate_partition_table(): Disk read failed.
[  579.066274][ T7019] Dev nbd3: unable to read RDB block 0
[  579.146920][ T7019]  nbd3: unable to read partition table
[  579.191949][T11010] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  579.277049][T11010] tipc: Resetting bearer <eth:syzkaller0>
[  579.410625][T11009] tipc: Disabling bearer <eth:syzkaller0>
[  579.537208][T11025] block nbd1: not configured, cannot reconfigure
[  581.673006][   T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  581.843305][   T43] usb 5-1: Using ep0 maxpacket: 8
[  581.855492][   T43] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  581.883392][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.975924][   T43] pvrusb2: Hardware description: Terratec Grabster AV400
[  581.999799][   T43] pvrusb2: **********
[  582.021647][   T43] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  582.046816][   T43] pvrusb2: Important functionality might not be entirely working.
[  582.055264][   T43] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  582.072166][   T43] pvrusb2: **********
[  582.527124][ T2345] pvrusb2: Invalid write control endpoint
[  582.530272][   T43] usb 5-1: USB disconnect, device number 19
[  582.658854][ T2345] pvrusb2: Invalid write control endpoint
[  582.674984][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  582.687294][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  582.695247][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  582.705893][ T2345] pvrusb2: Device being rendered inoperable
[  582.712391][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  582.720162][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  582.742853][ T2345] pvrusb2: Attached sub-driver cx25840
[  582.760337][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  582.783453][T11095] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  582.796718][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  582.827855][T11095] tipc: Resetting bearer <eth:syzkaller0>
[  582.874377][T11093] tipc: Disabling bearer <eth:syzkaller0>
[  582.995617][T11100] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1457'.
[  584.679375][T11140] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1470'.
[  584.688544][T11140] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1470'.
[  584.787577][T11141] ubi: mtd0 is already attached to ubi31
[  587.588541][T11171] netlink: 'syz.1.1482': attribute type 16 has an invalid length.
[  587.603441][T11171] netlink: 'syz.1.1482': attribute type 17 has an invalid length.
[  587.658822][T11171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  594.554334][T11282] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1510'.
[  594.715853][T11284] syzkaller0: entered promiscuous mode
[  594.730652][T11284] syzkaller0: entered allmulticast mode
[  595.229085][T11294] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1519'.
[  595.506893][T11294] netlink: 'syz.5.1519': attribute type 1 has an invalid length.
[  595.514864][T11294] netlink: 208 bytes leftover after parsing attributes in process `syz.5.1519'.
[  596.432182][T11282] syz.0.1510 (11282): drop_caches: 2
[  598.114413][T11324] netlink: 'syz.5.1527': attribute type 1 has an invalid length.
[  598.122181][T11324] netlink: 140 bytes leftover after parsing attributes in process `syz.5.1527'.
[  598.376721][T11324] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1527'.
[  598.488694][T11334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1531'.
[  598.555123][T11336] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1532'.
[  598.715415][T11340] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  598.723212][T11340] UDF-fs: Scanning with blocksize 512 failed
[  598.962596][T11340] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  598.987421][T11340] UDF-fs: Scanning with blocksize 1024 failed
[  599.000971][T11340] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  599.726241][T11340] UDF-fs: Scanning with blocksize 2048 failed
[  599.754050][T11340] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  599.761575][T11340] UDF-fs: Scanning with blocksize 4096 failed
[  601.226516][T11369] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1543'.
[  601.501359][T11371] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  601.563725][T11371] syzkaller0: entered promiscuous mode
[  601.673856][T11371] syzkaller0: entered allmulticast mode
[  601.848072][T11382] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1547'.
[  601.882740][T11383] netlink: 'syz.4.1546': attribute type 1 has an invalid length.
[  601.890714][T11383] netlink: 140 bytes leftover after parsing attributes in process `syz.4.1546'.
[  601.906196][T11383] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1546'.
[  601.906798][T11371] tipc: Resetting bearer <eth:syzkaller0>
[  601.967431][T11370] tipc: Resetting bearer <eth:syzkaller0>
[  602.060264][T11370] tipc: Disabling bearer <eth:syzkaller0>
[  602.338019][T11391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1551'.
[  602.451933][T11391] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1551'.
[  602.954566][T11410] netlink: 14212 bytes leftover after parsing attributes in process `syz.3.1556'.
[  604.365527][T11429] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1560'.
[  607.049105][T11463] netlink: 'syz.5.1569': attribute type 83 has an invalid length.
[  607.116177][T11464] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1572'.
[  610.723005][   T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  610.895760][   T24] usb 2-1: Using ep0 maxpacket: 32
[  610.914334][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  611.135216][   T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  611.153717][   T24] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  611.172971][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.181096][   T24] usb 2-1: Product: syz
[  611.202999][   T24] usb 2-1: Manufacturer: syz
[  611.207665][   T24] usb 2-1: SerialNumber: syz
[  611.225594][   T24] usb 2-1: config 0 descriptor??
[  611.372329][T11527] netlink: 'syz.3.1594': attribute type 16 has an invalid length.
[  611.403020][T11527] netlink: 'syz.3.1594': attribute type 17 has an invalid length.
[  611.424822][T11527] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  612.315762][T11540] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20001
[  613.568743][ T5893] usb 2-1: USB disconnect, device number 18
[  614.089687][T11563] syzkaller0: entered promiscuous mode
[  614.109201][T11563] syzkaller0: entered allmulticast mode
[  615.720927][T11594] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1613'.
[  615.819773][   T43] IPVS: starting estimator thread 0...
[  615.932902][T11606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1618'.
[  615.940708][T11602] IPVS: using max 26 ests per chain, 62400 per kthread
[  615.960888][T11606] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1618'.
[  616.138619][T11615] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20001
[  616.673680][T11628] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1624'.
[  619.466964][T11656] syzkaller0: entered promiscuous mode
[  619.472515][T11656] syzkaller0: entered allmulticast mode
[  619.500288][T11655] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1633'.
[  620.477786][T11658] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20001
[  622.011334][T11655] syz.3.1633 (11655): drop_caches: 2
[  623.831162][T11708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1652'.
[  623.888298][T11708] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1652'.
[  623.986407][T11717] netlink: 196 bytes leftover after parsing attributes in process `syz.5.1653'.
[  624.582936][ T5893] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  624.773370][ T5893] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  624.791527][T11726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1656'.
[  624.800692][ T5893] usb 4-1: config 0 interface 0 has no altsetting 0
[  624.816757][ T5893] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  624.831192][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  624.850061][ T5893] usb 4-1: Product: syz
[  624.851530][T11726] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1656'.
[  624.863613][ T5893] usb 4-1: Manufacturer: syz
[  624.863637][ T5893] usb 4-1: SerialNumber: syz
[  625.038780][ T5893] usb 4-1: config 0 descriptor??
[  625.065597][ T5893] usb 4-1: selecting invalid altsetting 0
[  625.180111][   T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  626.715346][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.742180][   T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  626.763442][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  626.772893][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.785844][   T24] usb 5-1: config 0 descriptor??
[  626.890115][   T24] usb 4-1: USB disconnect, device number 28
[  627.019287][T11717] syz.5.1653 (11717): drop_caches: 2
[  627.101249][ T5833] usb 5-1: USB disconnect, device number 20
[  627.397407][T11743] netlink: 'syz.0.1662': attribute type 16 has an invalid length.
[  627.405589][T11743] netlink: 'syz.0.1662': attribute type 17 has an invalid length.
[  628.180432][T11743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  629.085570][T11760] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20001
[  629.226764][T11764] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1668'.
[  629.593402][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  629.790804][T11782] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1674'.
[  629.819423][T11782] syz.4.1674 (11782): drop_caches: 2
[  631.023161][    T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  631.042169][T11791] netlink: 'syz.1.1679': attribute type 1 has an invalid length.
[  631.238943][T11795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1679'.
[  631.312644][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  631.323247][    T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  631.332574][    T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  631.389949][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.569143][T11801] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1680'.
[  631.900509][    T9] usb 6-1: config 0 descriptor??
[  631.934416][T11796] 8021q: adding VLAN 0 to HW filter on device bond5
[  631.985627][T11796] bond4: (slave bond5): making interface the new active one
[  632.001141][T11796] bond4: (slave bond5): Enslaving as an active interface with an up link
[  632.021534][T11795] 8021q: adding VLAN 0 to HW filter on device bond4
[  632.150044][    T9] usb 6-1: USB disconnect, device number 16
[  633.969268][T11831] netlink: 'syz.1.1692': attribute type 1 has an invalid length.
[  634.128854][T11831] 8021q: adding VLAN 0 to HW filter on device bond7
[  634.138217][T11831] bond6: (slave bond7): making interface the new active one
[  634.146642][T11831] bond6: (slave bond7): Enslaving as an active interface with an up link
[  634.177340][T11831] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1692'.
[  634.242816][T11831] 8021q: adding VLAN 0 to HW filter on device bond6
[  634.314916][T11846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'.
[  634.653861][T11803] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  634.692062][T11869] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1708'.
[  634.740231][T11873] syzkaller0: entered promiscuous mode
[  634.746074][T11873] syzkaller0: entered allmulticast mode
[  634.841775][T11803] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  634.852494][T11803] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  634.864069][T11803] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  634.874139][T11803] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.893907][T11879] netlink: 'syz.1.1712': attribute type 1 has an invalid length.
[  634.898978][T11803] usb 4-1: config 0 descriptor??
[  635.053157][T11879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1712'.
[  635.120848][T11803] usb 4-1: USB disconnect, device number 29
[  635.212625][T11881] 8021q: adding VLAN 0 to HW filter on device bond9
[  635.224410][T11881] bond8: (slave bond9): making interface the new active one
[  635.232743][T11881] bond8: (slave bond9): Enslaving as an active interface with an up link
[  635.291435][T11886] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  635.480012][T11879] 8021q: adding VLAN 0 to HW filter on device bond8
[  635.897667][T11905] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1722'.
[  637.013557][T11932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1730'.
[  637.522966][    T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  637.690510][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  637.701489][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  637.711184][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  637.721836][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.743100][    T9] usb 4-1: config 0 descriptor??
[  637.820366][T11952] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  637.831353][T11951] tipc: Disabling bearer <eth:syzkaller0>
[  637.955489][   T43] usb 4-1: USB disconnect, device number 30
[  638.430725][T11962] syzkaller0: entered promiscuous mode
[  638.456332][T11962] syzkaller0: entered allmulticast mode
[  638.619216][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1743'.
[  639.513421][T11987] ubi: mtd0 is already attached to ubi31
[  640.118551][T11989] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1750'.
[  640.814117][ T5920] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  640.985500][ T5920] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  640.994042][   T24] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  641.000076][ T5920] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  641.055831][ T5920] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  641.067146][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.081114][ T5920] usb 5-1: config 0 descriptor??
[  641.232567][T12015] syzkaller0: entered promiscuous mode
[  641.238688][T12015] syzkaller0: entered allmulticast mode
[  641.266724][   T24] usb 2-1: Using ep0 maxpacket: 8
[  641.282018][   T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  641.296292][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.298618][T12001] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1755'.
[  641.328117][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  641.337924][   T24] pvrusb2: **********
[  641.344620][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  641.355072][   T24] pvrusb2: Important functionality might not be entirely working.
[  641.363223][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  641.374782][   T24] pvrusb2: **********
[  641.378760][ T5920] usb 5-1: USB disconnect, device number 21
[  641.702495][ T2345] pvrusb2: Invalid write control endpoint
[  641.711043][   T24] usb 2-1: USB disconnect, device number 19
[  641.764185][ T2345] pvrusb2: Invalid write control endpoint
[  641.770238][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  641.780767][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  641.788765][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  641.799554][ T2345] pvrusb2: Device being rendered inoperable
[  641.806248][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  641.814325][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  641.823419][ T2345] pvrusb2: Attached sub-driver cx25840
[  641.829198][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  641.839502][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  642.147827][T12023] netlink: 14212 bytes leftover after parsing attributes in process `syz.5.1760'.
[  642.766214][T12046] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1767'.
[  643.470929][T12058] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1770'.
[  643.562659][T12061] netlink: 'syz.5.1771': attribute type 1 has an invalid length.
[  643.717939][T12066] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1771'.
[  643.810616][T12066] 8021q: adding VLAN 0 to HW filter on device bond3
[  643.992708][T12064] 8021q: adding VLAN 0 to HW filter on device bond4
[  644.017207][T12075] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1773'.
[  644.060949][T12075] syz.1.1773 (12075): drop_caches: 2
[  644.126597][T12064] bond3: (slave bond4): making interface the new active one
[  644.156155][T12064] bond3: (slave bond4): Enslaving as an active interface with an up link
[  644.943713][   T24] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  644.970742][T12088] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1781'.
[  645.103181][   T24] usb 4-1: Using ep0 maxpacket: 8
[  645.116157][   T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  645.133500][T12090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1782'.
[  645.142672][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.190023][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  645.221204][   T24] pvrusb2: **********
[  645.234323][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  645.256736][   T24] pvrusb2: Important functionality might not be entirely working.
[  645.274111][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  645.288126][   T24] pvrusb2: **********
[  646.521019][ T2345] pvrusb2: Invalid write control endpoint
[  646.549319][   T24] usb 4-1: USB disconnect, device number 31
[  646.668534][T12101] tipc: Started in network mode
[  646.674127][T12101] tipc: Node identity , cluster identity 4711
[  646.680264][T12101] tipc: Failed to obtain node identity
[  646.686480][T12101] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  646.717933][ T2345] pvrusb2: Invalid write control endpoint
[  646.735019][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  646.748141][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  646.757118][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  646.776837][ T2345] pvrusb2: Device being rendered inoperable
[  646.793070][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  646.804732][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  646.830949][ T2345] pvrusb2: Attached sub-driver cx25840
[  646.857165][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  646.884997][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  646.900415][T12109] netlink: 'syz.4.1788': attribute type 1 has an invalid length.
[  647.051832][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1788'.
[  647.096877][T12109] 8021q: adding VLAN 0 to HW filter on device bond7
[  647.156511][T12109] bond6: (slave bond7): making interface the new active one
[  647.190051][T12109] bond6: (slave bond7): Enslaving as an active interface with an up link
[  647.228056][T12117] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  647.254778][T12111] 8021q: adding VLAN 0 to HW filter on device bond6
[  647.295244][T12113] tipc: Resetting bearer <eth:syzkaller0>
[  647.378552][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1790'.
[  647.394918][T12118] syzkaller0: entered promiscuous mode
[  647.401838][T12118] syzkaller0: entered allmulticast mode
[  647.446765][T12112] tipc: Resetting bearer <eth:syzkaller0>
[  647.499122][T12112] tipc: Disabling bearer <eth:syzkaller0>
[  647.542687][T12124] tipc: Started in network mode
[  647.552441][T12124] tipc: Node identity c6c8a3e577a6, cluster identity 4711
[  647.572310][T12124] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  647.639823][T12124] tipc: Resetting bearer <eth:syzkaller0>
[  647.755207][T12123] tipc: Disabling bearer <eth:syzkaller0>
[  648.514532][T12144] syzkaller0: entered promiscuous mode
[  648.543013][T12144] syzkaller0: entered allmulticast mode
[  649.664625][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  649.834665][   T24] usb 1-1: Using ep0 maxpacket: 8
[  649.843508][   T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  649.853615][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.890608][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  649.915218][   T24] pvrusb2: **********
[  649.926561][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  649.966851][   T24] pvrusb2: Important functionality might not be entirely working.
[  649.989469][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  650.020523][   T24] pvrusb2: **********
[  650.489826][T12190] ubi: mtd0 is already attached to ubi31
[  651.404727][ T2345] pvrusb2: Invalid write control endpoint
[  651.478050][   T24] usb 1-1: USB disconnect, device number 17
[  651.552711][T12195] netlink: 'syz.5.1811': attribute type 16 has an invalid length.
[  651.574306][T12195] netlink: 'syz.5.1811': attribute type 17 has an invalid length.
[  651.610823][ T2345] pvrusb2: Invalid write control endpoint
[  651.641674][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  651.667255][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  651.683444][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  651.704014][ T2345] pvrusb2: Device being rendered inoperable
[  651.713338][T12195] 8021q: adding VLAN 0 to HW filter on device bond0
[  651.720249][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  651.732501][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c)
[  651.740786][T12195] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  651.758913][ T2345] pvrusb2: Attached sub-driver cx25840
[  651.766481][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  651.781958][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  651.820864][T12202] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  651.862391][T12201] tipc: Resetting bearer <eth:syzkaller0>
[  651.908191][T12200] tipc: Disabling bearer <eth:syzkaller0>
[  651.924098][T12205] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1814'.
[  651.937791][T12205] netlink: 'syz.5.1814': attribute type 1 has an invalid length.
[  651.947794][T12205] netlink: 208 bytes leftover after parsing attributes in process `syz.5.1814'.
[  653.936548][T12240] x_tables: duplicate underflow at hook 1
[  654.025491][T12243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1825'.
[  654.139264][T12246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1826'.
[  654.195791][T12246] netlink: 'syz.4.1826': attribute type 1 has an invalid length.
[  654.314892][T12246] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1826'.
[  654.552675][T12259] netlink: 600 bytes leftover after parsing attributes in process `syz.4.1830'.
[  654.875220][ T5920] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  655.523403][T12275] ubi: mtd0 is already attached to ubi31
[  656.096639][T12279] syzkaller0: entered promiscuous mode
[  656.112181][T12279] syzkaller0: entered allmulticast mode
[  656.153104][ T5920] usb 4-1: Using ep0 maxpacket: 8
[  656.166607][ T5920] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  656.183706][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.401044][ T5920] pvrusb2: Hardware description: Terratec Grabster AV400
[  656.409978][ T5920] pvrusb2: **********
[  656.414647][ T5920] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  656.425245][ T5920] pvrusb2: Important functionality might not be entirely working.
[  656.489825][T12288] autofs: Unknown parameter '0x0000000000000000'
[  657.114908][ T5920] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  657.126527][ T5920] pvrusb2: **********
[  658.380238][ T5920] usb 4-1: USB disconnect, device number 32
[  658.380384][ T2345] pvrusb2: Invalid write control endpoint
[  658.424214][T12316] 
[  658.426610][T12316] ======================================================
[  658.433666][T12316] WARNING: possible circular locking dependency detected
[  658.440720][T12316] syzkaller #0 Not tainted
[  658.445153][T12316] ------------------------------------------------------
[  658.452187][T12316] syz.1.1845/12316 is trying to acquire lock:
[  658.458533][T12316] ffffffff8f639c78 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xa9/0x720
[  658.468067][T12316] 
[  658.468067][T12316] but task is already holding lock:
[  658.475461][T12316] ffffffff8f639c18 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720
[  658.485077][T12316] 
[  658.485077][T12316] which lock already depends on the new lock.
[  658.485077][T12316] 
[  658.495504][T12316] 
[  658.495504][T12316] the existing dependency chain (in reverse order) is:
[  658.504578][T12316] 
[  658.504578][T12316] -> #2 (nr_neigh_list_lock){+...}-{3:3}:
[  658.512600][T12316]        lock_acquire+0x120/0x360
[  658.517656][T12316]        _raw_spin_lock_bh+0x36/0x50
[  658.522958][T12316]        nr_rt_ioctl+0x3b4/0xb00
[  658.527923][T12316]        sock_do_ioctl+0xdc/0x300
[  658.532970][T12316]        sock_ioctl+0x576/0x790
[  658.537835][T12316]        __se_sys_ioctl+0xfc/0x170
[  658.542965][T12316]        do_syscall_64+0xfa/0xfa0
[  658.548006][T12316]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.554525][T12316] 
[  658.554525][T12316] -> #1 (&nr_node->node_lock){+...}-{3:3}:
[  658.562549][T12316]        lock_acquire+0x120/0x360
[  658.567597][T12316]        _raw_spin_lock_bh+0x36/0x50
[  658.572897][T12316]        nr_rt_ioctl+0x1b7/0xb00
[  658.577857][T12316]        sock_do_ioctl+0xdc/0x300
[  658.582984][T12316]        sock_ioctl+0x576/0x790
[  658.587860][T12316]        __se_sys_ioctl+0xfc/0x170
[  658.593179][T12316]        do_syscall_64+0xfa/0xfa0
[  658.598246][T12316]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.604792][T12316] 
[  658.604792][T12316] -> #0 (nr_node_list_lock){+...}-{3:3}:
[  658.612637][T12316]        validate_chain+0xb9b/0x2140
[  658.618140][T12316]        __lock_acquire+0xab9/0xd20
[  658.623378][T12316]        lock_acquire+0x120/0x360
[  658.628424][T12316]        _raw_spin_lock_bh+0x36/0x50
[  658.633723][T12316]        nr_rt_device_down+0xa9/0x720
[  658.639127][T12316]        nr_device_event+0x137/0x150
[  658.644438][T12316]        notifier_call_chain+0x1b6/0x3e0
[  658.650103][T12316]        __dev_notify_flags+0x18d/0x2e0
[  658.655680][T12316]        netif_change_flags+0xe8/0x1a0
[  658.661154][T12316]        dev_change_flags+0x130/0x260
[  658.666544][T12316]        dev_ioctl+0x7b4/0x1150
[  658.671417][T12316]        sock_do_ioctl+0x22c/0x300
[  658.676556][T12316]        sock_ioctl+0x576/0x790
[  658.681443][T12316]        __se_sys_ioctl+0xfc/0x170
[  658.686589][T12316]        do_syscall_64+0xfa/0xfa0
[  658.691631][T12316]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.698060][T12316] 
[  658.698060][T12316] other info that might help us debug this:
[  658.698060][T12316] 
[  658.708308][T12316] Chain exists of:
[  658.708308][T12316]   nr_node_list_lock --> &nr_node->node_lock --> nr_neigh_list_lock
[  658.708308][T12316] 
[  658.722158][T12316]  Possible unsafe locking scenario:
[  658.722158][T12316] 
[  658.729652][T12316]        CPU0                    CPU1
[  658.735028][T12316]        ----                    ----
[  658.740403][T12316]   lock(nr_neigh_list_lock);
[  658.745098][T12316]                                lock(&nr_node->node_lock);
[  658.752484][T12316]                                lock(nr_neigh_list_lock);
[  658.759695][T12316]   lock(nr_node_list_lock);
[  658.764408][T12316] 
[  658.764408][T12316]  *** DEADLOCK ***
[  658.764408][T12316] 
[  658.772685][T12316] 2 locks held by syz.1.1845/12316:
[  658.777892][T12316]  #0: ffffffff8f4e0048 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150
[  658.786806][T12316]  #1: ffffffff8f639c18 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720
[  658.796849][T12316] 
[  658.796849][T12316] stack backtrace:
[  658.802752][T12316] CPU: 1 UID: 0 PID: 12316 Comm: syz.1.1845 Not tainted syzkaller #0 PREEMPT(full) 
[  658.802776][T12316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  658.802788][T12316] Call Trace:
[  658.802796][T12316]  <TASK>
[  658.802804][T12316]  dump_stack_lvl+0x189/0x250
[  658.802831][T12316]  ? __pfx_dump_stack_lvl+0x10/0x10
[  658.802850][T12316]  ? __pfx__printk+0x10/0x10
[  658.802870][T12316]  ? print_lock_name+0xde/0x100
[  658.802888][T12316]  print_circular_bug+0x2ee/0x310
[  658.802917][T12316]  check_noncircular+0x134/0x160
[  658.802946][T12316]  validate_chain+0xb9b/0x2140
[  658.802981][T12316]  __lock_acquire+0xab9/0xd20
[  658.803005][T12316]  ? nr_rt_device_down+0xa9/0x720
[  658.803029][T12316]  lock_acquire+0x120/0x360
[  658.803055][T12316]  ? nr_rt_device_down+0xa9/0x720
[  658.803085][T12316]  ? nr_rt_device_down+0xa9/0x720
[  658.803108][T12316]  _raw_spin_lock_bh+0x36/0x50
[  658.803124][T12316]  ? nr_rt_device_down+0xa9/0x720
[  658.803148][T12316]  nr_rt_device_down+0xa9/0x720
[  658.803173][T12316]  ? do_raw_spin_unlock+0x122/0x240
[  658.803193][T12316]  nr_device_event+0x137/0x150
[  658.803217][T12316]  notifier_call_chain+0x1b6/0x3e0
[  658.803246][T12316]  __dev_notify_flags+0x18d/0x2e0
[  658.803274][T12316]  ? __pfx___dev_notify_flags+0x10/0x10
[  658.803299][T12316]  ? __dev_change_flags+0x4cc/0x6d0
[  658.803328][T12316]  ? __pfx___dev_change_flags+0x10/0x10
[  658.803354][T12316]  ? full_name_hash+0x92/0xe0
[  658.803379][T12316]  netif_change_flags+0xe8/0x1a0
[  658.803396][T12316]  dev_change_flags+0x130/0x260
[  658.803423][T12316]  dev_ioctl+0x7b4/0x1150
[  658.803448][T12316]  sock_do_ioctl+0x22c/0x300
[  658.803468][T12316]  ? __pfx_sock_do_ioctl+0x10/0x10
[  658.803494][T12316]  sock_ioctl+0x576/0x790
[  658.803513][T12316]  ? __pfx_sock_ioctl+0x10/0x10
[  658.803533][T12316]  ? __fget_files+0x3a0/0x420
[  658.803551][T12316]  ? __fget_files+0x2a/0x420
[  658.803571][T12316]  ? bpf_lsm_file_ioctl+0x9/0x20
[  658.803595][T12316]  ? __pfx_sock_ioctl+0x10/0x10
[  658.803612][T12316]  __se_sys_ioctl+0xfc/0x170
[  658.803638][T12316]  do_syscall_64+0xfa/0xfa0
[  658.803656][T12316]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.803673][T12316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.803689][T12316]  ? clear_bhb_loop+0x60/0xb0
[  658.803707][T12316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.803724][T12316] RIP: 0033:0x7f81f358eec9
[  658.803742][T12316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.803757][T12316] RSP: 002b:00007f81f438f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  658.803776][T12316] RAX: ffffffffffffffda RBX: 00007f81f37e5fa0 RCX: 00007f81f358eec9
[  658.803789][T12316] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 000000000000000b
[  658.803801][T12316] RBP: 00007f81f3611f91 R08: 0000000000000000 R09: 0000000000000000
[  658.803811][T12316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  658.803822][T12316] R13: 00007f81f37e6038 R14: 00007f81f37e5fa0 R15: 00007ffd655f8bc8
[  658.803843][T12316]  </TASK>
[  658.803873][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.109167][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.473859][ T2345] pvrusb2: Invalid write control endpoint
[  659.479918][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  659.862928][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  659.873735][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  659.906638][ T2345] pvrusb2: Device being rendered inoperable
[  659.932976][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  659.986607][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c)
[  660.000330][ T2345] pvrusb2: Attached sub-driver cx25840
[  660.010229][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  660.028134][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.