last executing test programs:

3m8.160595044s ago: executing program 1 (id=1247):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000340))
sched_setscheduler(0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f907, 0x5})
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

3m4.250190284s ago: executing program 1 (id=1258):
unshare(0x22020600)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x22102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)

3m3.940057794s ago: executing program 1 (id=1259):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x3a0, 0xffffffff, 0x1f8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, &(0x7f00000003c0), {[{{@ipv6={@mcast1, @mcast2, [0xff000000, 0xff, 0xff, 0xff], [0xff000000, 0x0, 0x0, 0xff], 'veth1\x00', 'ip6tnl0\x00', {0xff}, {0xff}, 0x2c, 0x7f, 0x0, 0x18}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ipv6={@empty, @dev={0xfe, 0x80, '\x00', 0x39}, [0x0, 0xffffffff, 0xffffff00, 0xff], [0xff, 0xff, 0xffffffff, 0xff], 'ip6gretap0\x00', 'bond_slave_0\x00', {}, {}, 0xc, 0x2, 0x4, 0x5a}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x3, 0x4fff, 0x2}}}, {{@ipv6={@loopback, @private1, [0xff, 0xffffffff, 0xffffff00], [0xffffffff, 0xffffff00, 0xff], 'gre0\x00', 'geneve0\x00', {}, {0xff}, 0x3c, 0x45, 0x4, 0x42}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d4], 0x1000, 0x0, 0x3}}, @common=@icmp6={{0x28}, {0x12, '@x', 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0x8001}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000100)={0x6, 0x2, 0x3, "0e00000000000300000026d174932d46919a84df00000000efffff7f00", 0x35315241})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000400)={@local, @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x3e8}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x4, {{}, 0x2, {0x4}}}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8)
ioperm(0x3, 0x4, 0x1000008)
r7 = semget$private(0x0, 0x3, 0x0)
semop(r7, 0x0, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x8, 0x2, [@TCA_MATCHALL_ACT={0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

3m2.517987591s ago: executing program 1 (id=1261):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x10a)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file1\x00'})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="26000000030000000000000000000000040000000000000005000000000000003a254fa12124202b5d7d400030819a54449f5464025a27bd376e506f45b2fd6534ee129c0e2fce8808"], 0x26)
syz_open_dev$vim2m(0x0, 0x8, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000580)=""/102392, 0x18ff8)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
readv(r3, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000240)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

3m0.735469799s ago: executing program 1 (id=1263):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x0, 0x0, 0x1, 0x1}, 0x21)
unshare(0x24060400)
r2 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x3, {{0x43, 0x100000}}}, 0x10, 0x0, 0x0, 0x0, 0xfe56, 0x10}, 0x44895)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r3 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000002840)=[{&(0x7f0000000400)=""/69, 0x45}, {&(0x7f0000000480)=""/95, 0x5f}, {&(0x7f0000000680)=""/190, 0xbe}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/250, 0xfa}], 0x6, &(0x7f0000002a40)=[@zcopy_cookie={0x18, 0x114, 0xc, 0xffffffff}, @fadd={0x58, 0x114, 0x6, {{0x5, 0x3}, &(0x7f00000000c0), &(0x7f00000001c0)=0x4, 0x4, 0xfc3, 0x0, 0x10, 0x8, 0x6}}, @rdma_args={0x48, 0x114, 0x1, {{0x80, 0xfffffffc}, {&(0x7f00000028c0)=""/136, 0x88}, &(0x7f0000000240)=[{&(0x7f0000002980)=""/151, 0x97}], 0x1, 0x5, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x9}, @zcopy_cookie={0x18, 0x114, 0xc, 0x10001}, @rdma_dest={0x18, 0x114, 0x2, {0x200, 0x1}}, @cswp={0x58, 0x114, 0x7, {{0xb, 0x8}, &(0x7f0000000500)=0xb, &(0x7f0000000580)=0x5, 0x67ad, 0x6e1, 0xd4f, 0x8000, 0xb, 0x10000}}], 0x158, 0x4000000}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'wg0\x00', <r4=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1a, 0x0, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0xff}, 0x14)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000030c0), 0x800, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000003180)={'syztnl0\x00', &(0x7f0000003100)={'syztnl2\x00', r4, 0x8000, 0x7f60, 0x8, 0x3, {{0x10, 0x4, 0x0, 0x5, 0x40, 0x68, 0x0, 0x2, 0x2f, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x2a}, {[@timestamp={0x44, 0x10, 0x50, 0x0, 0x7, [0x101, 0x800, 0xfba]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @generic={0x7, 0x11, "291c9235ba75b02cf6bd5d7ab0e889"}, @end]}}}}})
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x8400, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000003080)={0x7, r1, 0x1})
write$cgroup_int(r6, &(0x7f0000000080)=0x1, 0x12)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
read(r0, &(0x7f0000003000)=""/125, 0x7d)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000002c00)={{{@in6=@initdev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={""/10, ""/2, @broadcast}}}, &(0x7f0000002d00)=0xe8)
sendmsg$nl_xfrm(r7, &(0x7f0000002fc0)={&(0x7f0000002bc0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000002f80)={&(0x7f0000002d40)=@flushpolicy={0x238, 0x1d, 0x400, 0x70bd2c, 0x25dfdbff, "", [@tmpl={0x144, 0x5, [{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d6, 0x3c}, 0x0, @in=@local, 0x3505, 0x2, 0x2, 0x1, 0x10000, 0x0, 0xc}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d2, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x1b}, 0x3507, 0x3, 0x3, 0x92, 0x5, 0xfffffff8, 0xffff}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d4, 0xff}, 0x2, @in=@rand_addr=0x64010102, 0x0, 0x2, 0x1, 0x0, 0xdf13, 0xb0e, 0x7}, {{@in=@multicast2, 0x4d4, 0x2b}, 0xa, @in6=@local, 0x0, 0x2, 0x1, 0x81, 0x8, 0x9, 0x4}, {{@in=@multicast1, 0x4d6}, 0x2, @in6=@mcast2, 0x0, 0x2, 0x2, 0x80, 0x10, 0x3fd, 0x3}]}, @sa={0xe4, 0x6, {{@in6=@private0, @in=@empty, 0x4e23, 0x0, 0x4e22, 0x0, 0xa, 0x20, 0x80, 0x32, 0x0, r8}, {@in6=@local, 0x4d5, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x6, 0x1, 0x5, 0x7fffffff, 0x1, 0x800}, {0x7ff, 0x46, 0x1, 0xcfa}, {0x0, 0xffffffff, 0x7fff}, 0x70bd28, 0x0, 0xa, 0x2, 0x4, 0x4}}]}, 0x238}, 0x1, 0x0, 0x0, 0x80}, 0x404c014)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x1001402, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

2m59.620412965s ago: executing program 1 (id=1266):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = creat(0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = accept$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000140)=0x1c)
listen(r3, 0x5)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000200)={0x3ff, "4fcb813fd28b42bee2b0b7a3de6dbfd30a45d50500", <r5=>0xffffffffffffffff})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1b)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
gettid()
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0xd, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0xb, 0x0, &(0x7f00000000c0))

2m58.992345153s ago: executing program 32 (id=1266):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = creat(0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = accept$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000140)=0x1c)
listen(r3, 0x5)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000200)={0x3ff, "4fcb813fd28b42bee2b0b7a3de6dbfd30a45d50500", <r5=>0xffffffffffffffff})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1b)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
gettid()
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0xd, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0xb, 0x0, &(0x7f00000000c0))

1m9.61652876s ago: executing program 4 (id=1536):
unshare(0x20000400)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x80)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (fail_nth: 9)

1m9.026105594s ago: executing program 4 (id=1538):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8c1)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000280)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/90, 0x5a})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r1, 0x84, 0x1, &(0x7f0000000080)=""/4054, &(0x7f0000001180)=0xfd6)

1m8.196234086s ago: executing program 4 (id=1543):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x3f0, 0xffffffff, 0x1f8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, &(0x7f00000003c0), {[{{@ipv6={@mcast1, @mcast2, [0xff000000, 0xff, 0xff, 0xff], [0xff000000, 0x0, 0x0, 0xff], 'veth1\x00', 'ip6tnl0\x00', {0xff}, {0xff}, 0x2c, 0x7f, 0x0, 0x18}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ipv6={@empty, @dev={0xfe, 0x80, '\x00', 0x39}, [0x0, 0xffffffff, 0xffffff00, 0xff], [0xff, 0xff, 0xffffffff, 0xff], 'ip6gretap0\x00', 'bond_slave_0\x00', {}, {}, 0xc, 0x2, 0x4, 0x5a}, 0x0, 0xf8, 0x128, 0x0, {}, [@common=@inet=@length={{0x28}, {0x3, 0x80}}, @common=@ipv6header={{0x28}, {0x18, 0x50}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x3, 0x4fff, 0x2}}}, {{@ipv6={@loopback, @private1, [0xff, 0xffffffff, 0xffffff00], [0xffffffff, 0xffffff00, 0xff], 'gre0\x00', 'geneve0\x00', {}, {0xff}, 0x3c, 0x45, 0x4, 0x42}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d4], 0x1000, 0x0, 0x3}}, @common=@icmp6={{0x28}, {0x12, '@x', 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0x8001}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0x6, 0x2, 0x3, "0e00000000000300000026d174932d46919a84df00000000efffff7f00", 0x35315241})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000400)={@local, @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x3e8}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x4, {{}, 0x2, {0x4}}}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002700)=""/102392, 0x18ff8)
ioperm(0x3, 0x4, 0x1000008)
semop(0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[], 0xfc}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x8, 0x2, [@TCA_MATCHALL_ACT={0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1m6.362578612s ago: executing program 4 (id=1545):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x4)
statfs(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
sigaltstack(&(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xfffffffffffffefa}, &(0x7f0000000080)={&(0x7f0000000040)})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x80882)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x200000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r3, 0x0)
setpgid(0x0, r3)
mount$cgroup2(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x141010, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x80200, 0xc2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00')

1m5.050037477s ago: executing program 4 (id=1548):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
time(0xfffffffffffffffc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, 0x7, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x4d92, 0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x541b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0xff, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x81, 0x82000)
ioctl$sock_rose_SIOCDELRT(r6, 0x890c, &(0x7f0000000440)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @default, @netrom={'nr', 0x0}, 0x8, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @null, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]})
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)

1m4.801686304s ago: executing program 4 (id=1550):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000400)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, 0x0, 0x48000)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0xa0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
ioprio_get$pid(0x1, r0)
setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000280)=0x3, 0x4)
write$P9_RSTATu(r5, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(0xffffffffffffffff, r6, 0x0, 0x8)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000700)=@nat={'nat\x00', 0x1b, 0x5, 0x6f0, 0x118, 0x0, 0xffffffff, 0x118, 0x0, 0x620, 0x620, 0xffffffff, 0x620, 0x620, 0x5, &(0x7f0000000180), {[{{@ipv6={@local, @private0={0xfc, 0x0, '\x00', 0x1}, [0x0, 0xff000000, 0xff, 0xff], [0xffffffff, 0xffffffff, 0xff, 0xff], 'pim6reg\x00', 'team_slave_0\x00', {0xff}, {}, 0x2f, 0xe2, 0x5, 0x40}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x4}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x1, @ipv6=@mcast2, @ipv4=@private=0xa010101, @port=0x4e21, @port=0x4e20}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x13}, @local, [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], [0x0, 0xff000000, 0x0, 0xffffffff], 'veth1_to_bridge\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x2b, 0x4, 0x4, 0x1}, 0x0, 0x138, 0x180, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x6, 0x0, 0xce, 0x2, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, @mcast2, [0x0, 0xffffffff, 0xff, 0xff000000], [0xffffff00, 0xff000000, 0xffffff00], [0xff, 0xff000000, 0xff, 0xff000000], 0x820}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x11, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @gre_key=0x40, @port=0x4e24}}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@hbh={{0x48}, {0x7ff, 0x0, 0x0, [0x8001, 0xeb71, 0xff, 0x1, 0x200, 0xdb71, 0x8, 0x6f, 0x5, 0x72, 0x1, 0x3, 0x101, 0x7fff, 0x5, 0x7ff], 0x5}}, @common=@icmp6={{0x28}, {0xb, "955c", 0x1}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x17, @ipv4=@broadcast, @ipv6=@local, @icmp_id=0x65, @icmp_id=0x66}}}, {{@ipv6={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0xff, 0xff, 0xffffff00], [0xffffff, 0xffffffff, 0xffffffff, 0xff000000], 'dvmrp0\x00', 'batadv_slave_0\x00', {}, {}, 0x2b, 0x8, 0x0, 0xd}, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x2, [0xa2, 0x80], 0x3, 0x2, 0x8, [@remote, @mcast1, @loopback, @private0, @ipv4={'\x00', '\xff\xff', @local}, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @local, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @private0], 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf2, 'syz1\x00', {0xe06}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x750)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000000000000003000095000000000000000642d767c295b1d5eb49e36133"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x11, &(0x7f00000002c0), 0x2)
read$char_usb(r3, &(0x7f0000000300)=""/130, 0x82)

1m2.74353082s ago: executing program 33 (id=1550):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000400)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, 0x0, 0x48000)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0xa0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = io_uring_setup(0x28fe, &(0x7f0000000080)={0x0, 0x0, 0x2})
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
ioprio_get$pid(0x1, r0)
setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000280)=0x3, 0x4)
write$P9_RSTATu(r5, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(0xffffffffffffffff, r6, 0x0, 0x8)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000700)=@nat={'nat\x00', 0x1b, 0x5, 0x6f0, 0x118, 0x0, 0xffffffff, 0x118, 0x0, 0x620, 0x620, 0xffffffff, 0x620, 0x620, 0x5, &(0x7f0000000180), {[{{@ipv6={@local, @private0={0xfc, 0x0, '\x00', 0x1}, [0x0, 0xff000000, 0xff, 0xff], [0xffffffff, 0xffffffff, 0xff, 0xff], 'pim6reg\x00', 'team_slave_0\x00', {0xff}, {}, 0x2f, 0xe2, 0x5, 0x40}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x4}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x1, @ipv6=@mcast2, @ipv4=@private=0xa010101, @port=0x4e21, @port=0x4e20}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x13}, @local, [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], [0x0, 0xff000000, 0x0, 0xffffffff], 'veth1_to_bridge\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x2b, 0x4, 0x4, 0x1}, 0x0, 0x138, 0x180, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x6, 0x0, 0xce, 0x2, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, @mcast2, [0x0, 0xffffffff, 0xff, 0xff000000], [0xffffff00, 0xff000000, 0xffffff00], [0xff, 0xff000000, 0xff, 0xff000000], 0x820}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x11, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @gre_key=0x40, @port=0x4e24}}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@hbh={{0x48}, {0x7ff, 0x0, 0x0, [0x8001, 0xeb71, 0xff, 0x1, 0x200, 0xdb71, 0x8, 0x6f, 0x5, 0x72, 0x1, 0x3, 0x101, 0x7fff, 0x5, 0x7ff], 0x5}}, @common=@icmp6={{0x28}, {0xb, "955c", 0x1}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x17, @ipv4=@broadcast, @ipv6=@local, @icmp_id=0x65, @icmp_id=0x66}}}, {{@ipv6={@mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0xff, 0xff, 0xffffff00], [0xffffff, 0xffffffff, 0xffffffff, 0xff000000], 'dvmrp0\x00', 'batadv_slave_0\x00', {}, {}, 0x2b, 0x8, 0x0, 0xd}, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x2, [0xa2, 0x80], 0x3, 0x2, 0x8, [@remote, @mcast1, @loopback, @private0, @ipv4={'\x00', '\xff\xff', @local}, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @local, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @private0], 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf2, 'syz1\x00', {0xe06}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x750)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000000000000003000095000000000000000642d767c295b1d5eb49e36133"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x11, &(0x7f00000002c0), 0x2)
read$char_usb(r3, &(0x7f0000000300)=""/130, 0x82)

21.827792473s ago: executing program 5 (id=1640):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = getpid()
r4 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
kcmp(r3, r4, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)

20.717162405s ago: executing program 5 (id=1643):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="c0000000190001000000000000080000e00000030000001c0000000000000000000000000000000000000000000000000000fffd000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000000000001000000010000000000000000000000000000000000000073b4ffffffffffffffffffffffffffff00000000000000000000000010000000000000000000002000000000000000000000000000000000feffffff00000000000000000000000008000c0003000000"], 0xc0}}, 0x4004)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000005ab546a7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff00"/112], 0xb8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x23fe, 0x8, 0x2, 0x8000306}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000300)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r3, 0x0})
io_uring_enter(r4, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

14.732085459s ago: executing program 3 (id=1668):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40081)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
ioctl$TIOCL_SETVESABLANK(r3, 0x560e, &(0x7f0000000140))
ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000000))
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x4, &(0x7f00000000c0)=[{0x7}, {0x3, 0x5, 0x2c, 0x6}, {0xfac3, 0x2, 0x4, 0x2}, {0x7, 0x11, 0xcf, 0x7}]})
write$bt_hci(r4, &(0x7f0000000040)=ANY=[], 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote, 0x3}, {@in=@multicast1, 0x0, 0x32}, @in6=@mcast1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0)

14.166873195s ago: executing program 6 (id=1670):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x48, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x4)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x41, 0x3, 0x3, '\x00', 0x8})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

14.104053492s ago: executing program 5 (id=1671):
socket(0x18, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = syz_io_uring_setup(0x4337, &(0x7f0000000000)={0x0, 0x8cad, 0x2, 0x1, 0x1c7}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, 0xfffffffffffffffd, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$dri(&(0x7f0000000000), 0x880, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6f}, 0x2c)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009a02"])
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0105b08, &(0x7f0000000040))

13.857554093s ago: executing program 6 (id=1673):
r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000dc0)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000ac0)={0x44, &(0x7f00000008c0)={0x0, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[], 0x76)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r4, 0x0, r4)
munmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0xfffffffa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f0000000200)="0c006a8bcc48edee2667ae79cc37", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000240)=ANY=[@ANYRES16=r0, @ANYRESOCT=r5, @ANYRESHEX=r5], 0x2, 0x3)
dup3(r1, r0, 0x0)
finit_module(r1, 0x0, 0x100000000000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="2b1c52ac82e71ea05b0c5e43ede4", 0x0, 0x41, 0x0, 0x0, 0xad, 0x0, &(0x7f0000000540)="6237ea76a99f1cb66ebd252b7b95139a94ebaf9c9d887302c9056f019edc758989770610205b52a3ecf567d8950f2f726f2e02720c214208051ceefb1c5b94a0570e433db8eb9e59a3fdfdda5e611e51941acde5c4c42d413e0610052faf0badb97669a60e8b9d47c6051c8b30208e6c28e5547e08049b499378594ce8b56e3c8286b5482947abd880cbe18fef47a013da68534cb2286a768c3e88f13fc7c72cc947a465f21c84a807aab2f497", 0x0, 0x0, 0x10}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)

13.689574026s ago: executing program 3 (id=1674):
mkdir(&(0x7f0000000400)='./file0\x00', 0x101)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
migrate_pages(0x0, 0x71, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x3)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@bloom_filter={0x1e, 0x56a1, 0x8, 0x7, 0x1, r2, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0xd, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r6, 0x58, &(0x7f0000000280)={0x0, <r7=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000e00)={r7}, 0xc)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={0x14, 0x0, 0x309, 0x0, 0x25dfdbfc, {0x1d}}, 0x14}, 0x1, 0x0, 0x0, 0xc015}, 0x20040800)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
r9 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r9, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r9, &(0x7f0000000440)={0x2, 0xffff, @multicast2}, 0x10)
sendmmsg(r9, &(0x7f0000007fc0), 0x800001d, 0x0)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x3b, 0x56a0, 0x28}, 0x2c)

11.675709226s ago: executing program 3 (id=1676):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000200)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$dupfd(r0, 0x0, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000100)=0x704, 0x4)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
listen(r3, 0x0)
accept4(r3, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_local\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
sendmsg$nl_route(r1, 0x0, 0x400c840)

10.535923715s ago: executing program 6 (id=1678):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000400", @ANYRES16, @ANYBLOB="01002ebd7000ffdbdf253900000008000300", @ANYRES32, @ANYBLOB="1c005a801800018014000300b4810800081470"], 0x38}, 0x1, 0x0, 0x0, 0x20}, 0x40)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7000000010000100"/20, @ANYRES32=r1, @ANYBLOB="000000002f95abbe480012800e0001006970366772657461700000003400028008000100", @ANYRES32=r1, @ANYBLOB="14000600fe80000000000000000000000000000014000700ff050000000000000000000000000001080004"], 0x70}}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000), 0x111, 0x6}}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000400)='%pB    \x00'}, 0x1c)
r4 = syz_open_dev$audion(&(0x7f00000004c0), 0x1, 0x101000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x0, 0x3, 0x4, 0x42020, r3, 0x40, '\x00', 0x0, r4, 0x3, 0x2, 0x0, 0x8, @void, @value, @void, @value}, 0x50)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1e, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000e000000000000f56dd6805df1160099", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001865000009000000000000000500000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000210000008500000006000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000, @void, @value}, 0x94)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = getpid()
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = dup(r11)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @remote, 0x4e21, 0x3, 'dh\x00', 0xb, 0x32bb, 0x10000071}, {@local, 0x4e21, 0x2000, 0x0, 0xf334, 0x12d5c}}, 0x44)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r13, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x69, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
sendmmsg$unix(r8, &(0x7f0000002740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000026c0)=[@rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {r9, 0xee00, 0xee01}}}], 0x38, 0x4004080}}], 0x1, 0x2204c0a1)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r14, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ff07000000000000ab5becdc7da9", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r15 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r15, 0xc0145401, &(0x7f0000000940)={0x1, 0x2, 0x8aa5, 0x1, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)

10.484892844s ago: executing program 5 (id=1679):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, 0x0, 0x810)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0xe54a, 0x4, 0x3, 0x7e}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0xc, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x36bd, 0xd421, 0x9, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0}]}, 0x1}, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}]}]}, 0xb4}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008e04"])
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xf, 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="18080000054e53054c2c9eb481a7f0e23d0018110000", @ANYRESDEC=r8, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc090000000000004509010000200000950000000000000085000000ba000000bf9800000000000056090000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)

10.139414881s ago: executing program 0 (id=1680):
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='attr/current\x00')
preadv(r0, 0x0, 0x0, 0x3, 0x400)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lseek(0xffffffffffffffff, 0x164, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r4, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000200), r5, 0x0, 0x1, 0x4}}, 0x20)

8.598719547s ago: executing program 0 (id=1682):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001", @ANYRES16, @ANYRESHEX], 0x98}, 0x1, 0x0, 0x0, 0x20008020}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000540)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='contention_begin\x00', r0}, 0x18)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000040100000000000000850041000030000000180109002020702500000000002020207b1af8ff0000700bbfa100000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_setup(0x5d83, &(0x7f0000000240)={0x0, 0xbcd3, 0x3, 0x2, 0x245})
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x121100, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x8001)
sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="3800000002010104000000000000000003000006000000001400018006000500077f000005000300f9ff0f00040000800800074002000040357335544dc1b99726e7d457e611524729c7be18d827b38854d5b82204974e43282c695b644d71fa866f94f3607caa855db58f229bcce3d86daeb77c7cc3f988a56aa69f9510990075f745d9ba6a5d62fc82130f468d158d6e304ff1697aa9d536b23291f82b9c2a13d14995fe102007d183b3b81e5ba66dcf4ef06c546a7897da9a361721c4fca1d0511a4ee82b2b47565d2ec5f88f7bd5450d0ce6149387c80aa417dfa5a3c4c7206870263d7146822f5d45"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x880)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r7, 0x80984120, &(0x7f0000000440))
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r6, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050006000000140004"], 0x58}}, 0x0)
socket$inet6(0xa, 0x3, 0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0x1, 0x900, 0x0, 0xffffff80}})

7.944446494s ago: executing program 2 (id=1683):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x48, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x4)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x41, 0x3, 0x3, '\x00', 0x8})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7.026865327s ago: executing program 0 (id=1684):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000980))
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1a49)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000080))
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1)

6.845119877s ago: executing program 6 (id=1685):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8c1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x1, &(0x7f0000000080)=""/4054, 0x0)
connect$bt_sco(r1, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')

6.772244117s ago: executing program 0 (id=1686):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x20, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x20, 0x0, 0x0, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x20}}, 0x20008000)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}, @IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x7f}}]}]}}}, @IFLA_LINK={0x8}]}, 0x54}, 0x1, 0xba01, 0x0, 0x6000000}, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
creat(&(0x7f00000003c0)='./bus\x00', 0x0)
r2 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
r3 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
ftruncate(r3, 0x2008002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x2b, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)

6.266718452s ago: executing program 2 (id=1687):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x25, 0x800000000004}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = creat(0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, 0x0, 0x0)
r4 = accept$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000140)=0x1c)
listen(r4, 0x5)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000200)={0x3ff, "4fcb813fd28b42bee2b0b7a3de6dbfd30a45d50500", <r6=>0xffffffffffffffff})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x1b)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000180)={"000000149c0286e08ffad43c40fc0a000000ab65a29e23546aad0281b3aff5eb", r6})
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, 0x0)
gettid()
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000), 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0xb, 0x0, &(0x7f00000000c0))

5.907518119s ago: executing program 0 (id=1688):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
r1 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
write$smackfs_cipsonum(r1, &(0x7f00000004c0)=0x5, 0x14)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="ed59040d4d429af5b5c8f557a966588c106d4b52efbe2fef5edebb42f9daa0994313717bbbf59da4c48e49d4c38c219e05edf4221922cda252d73ccf9e8e199f0f4aa79d0d8099f30900b0e4dc8c65ca", 0x50}], 0x1)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) (async)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) (async)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) (async)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x60400) (async)
ioctl$USBDEVFS_SETINTERFACE(r2, 0x80045510, &(0x7f0000000000)) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x260000c0}, 0x4000800) (async)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb8}}, 0x0) (async)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fddbdf2510000000050010000a00000008000100e18f"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x50)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
write$UHID_INPUT(r9, &(0x7f0000001980)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa10100000009b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad7c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c62035822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af801034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eabdb9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2577450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b580011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c7fbd5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64a73a2aca30bda1e3aadc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0xb31)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) (async)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt(r0, 0x626, 0xfc20, &(0x7f0000000540)=""/199, &(0x7f0000000480)=0xc7) (async)
sendmmsg$inet_sctp(r10, &(0x7f00000024c0)=[{&(0x7f00000006c0)=@in={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000780), 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000078b996c3ff9088350000007f000001000046f3"], 0x18, 0x20004004}], 0x1, 0x40804)
request_key(&(0x7f0000000240)='.request_key_auth\x00', 0x0, 0x0, 0x0) (async)
syz_usb_connect(0x5, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="120100004aaf36207205a4580500000003010902120001000000000904010900a37d7e03"], 0x0)

5.875705115s ago: executing program 3 (id=1689):
mkdir(&(0x7f0000000400)='./file0\x00', 0xfa)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
tkill(0x0, 0x4000012)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r4)
chdir(0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22002, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$FICLONE(r6, 0x40049409, r7)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)

5.395952615s ago: executing program 6 (id=1690):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
socket(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040))
syz_open_dev$sndmidi(&(0x7f0000000100), 0x6, 0x410880)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000180)=0x1, 0x4)
getsockopt$inet6_tcp_int(r1, 0x6, 0x6, 0x0, &(0x7f0000000040))

4.439101589s ago: executing program 2 (id=1691):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x25, 0x800000000004}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = creat(0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, 0x0, 0x0)
r4 = accept$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000140)=0x1c)
listen(r4, 0x5)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000200)={0x3ff, "4fcb813fd28b42bee2b0b7a3de6dbfd30a45d50500", <r6=>0xffffffffffffffff})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x1b)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000180)={"000000149c0286e08ffad43c40fc0a000000ab65a29e23546aad0281b3aff5eb", r6})
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
gettid()
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0xb, 0x0, &(0x7f00000000c0))

4.309783949s ago: executing program 5 (id=1692):
mkdir(&(0x7f0000000400)='./file0\x00', 0x101)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
migrate_pages(0x0, 0x71, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x3)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@bloom_filter={0x1e, 0x56a1, 0x8, 0x7, 0x1, r2, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0xd, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r6, 0x58, &(0x7f0000000280)={0x0, <r7=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000e00)={r7}, 0xc)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={0x14, 0x0, 0x309, 0x0, 0x25dfdbfc, {0x1d}}, 0x14}, 0x1, 0x0, 0x0, 0xc015}, 0x20040800)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

4.220562087s ago: executing program 3 (id=1693):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40081)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r2)
ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000000))
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x4, &(0x7f00000000c0)=[{0x7}, {0x3, 0x5, 0x2c, 0x6}, {0xfac3, 0x2, 0x4, 0x2}, {0x7, 0x11, 0xcf, 0x7}]})
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote, 0x3}, {@in=@multicast1, 0x0, 0x32}, @in6=@mcast1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0)

3.889714294s ago: executing program 0 (id=1694):
syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYRES64], 0x0)
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56a, 0xd5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xd5, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x1, 0x3, 0x1, 0x0, 0x4, {0x9, 0x21, 0x6, 0x40, 0x1, {0x22, 0x154}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5f, 0x4, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x8, 0xeb, 0x2}}]}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x5, 0x3, 0x8, 0x10, 0x7}, 0x42, &(0x7f0000000080)={0x5, 0xf, 0x42, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x22, 0x6, 0x6, 0x4000}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0xfb, 0x1, 0x8000}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0xa, 0x5, 0xff}, @ss_container_id={0x14, 0x10, 0x4, 0xf9, "80c31074a2efd76198f05ac8233a534c"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x3, 0x8, 0xff}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x5, 0x3, 0x9}]}, 0xa, [{0xbb, &(0x7f0000000100)=@string={0xbb, 0x3, "8b0a14cb819391154ed3805d2abd622b77c60aa1ab8d251e5eaf8fe866b1dd9a7033fd5c1fcfa17a4bec3d187023986a76bb44e62029f12b2c235f8baa3a1f6306d397bac9ff60a2bd7e8c2685b73c1c3dfb3818369611d926311172270445b7b4efd90a7691c15b2294e812985d6356d29c4ebecd0f55439328a0ade0a1325a65c69fd0e69719aa35115297de7da46f0e0ccfa20d3e1ace79b61053b918d184969824c36f94c148dab5a095b649335ec353690473f406dd3f"}}, {0x38, &(0x7f00000001c0)=@string={0x38, 0x3, "120788aaaaab5a613b59f72c119795b737f65abdf24ebc73b30909d50d3a3857a7d233ab7c388d90d702c0d16ec39882564df3a1015b"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3a5b}}, {0x57, &(0x7f00000002c0)=@string={0x57, 0x3, "430f0cd3017002011d2daf02ee6a55f1d89e0c10b574c0d4be8128b32982be149da89c64f305fdfb7e5319eac8aacafcfce55296e2fae77b27dd74c601705baf28b0054addf81df9d4c785c60cb9ad1a0c6cbaa966"}}, {0x27, &(0x7f0000000340)=@string={0x27, 0x3, "399918c31c767ba2798e4b179a3e3d03f68e41f11bb6769b0a468046dd1f7ec0bb35f13968"}}, {0xdb, &(0x7f0000000700)=@string={0xdb, 0x3, "cbd3810360d876557e48bccc6d647a9dce639891f9c56119b8c6bd62c7d6462cb90481091162a144ee0f2236c44339343ce14aa808cd782f72a6e19d4cf1cd8748c764e9fd0919e89e80e7a13be663080eb4f122a04ec60c0bd1350336819c4b5db35390653925f5ba4f26680b157ea256715554c1614c4882497b47e9b665a8be7494cccd04aadff54c88556161180be82bdd2e34cb475fed427995054fc7844422ce84d473092f7ccc56f9c7c4a8dc3e0e018905921f9a7e59bf19d07d427d5445255e42317e1f53278fb95fb7986cfcbb928d2dd223a496"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x2009}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x302b}}]})

3.18985186s ago: executing program 2 (id=1695):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
connect$unix(r2, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[], 0x1ec}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000001080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
socket(0x10, 0x3, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000001280)=0x15)
setregid(0xffffffffffffffff, 0x0)
read$char_usb(r5, 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
close(0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

2.246896757s ago: executing program 3 (id=1696):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000200)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000100)=0x704, 0x4)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
listen(r4, 0x0)
accept4(r4, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_local\x00'}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x14, 0x2, 0x6, 0x3}, 0x14}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001a000100000000000000000002000000ef0000000000000008000100e000000108000300", @ANYRES32=r2, @ANYBLOB], 0x34}}, 0x400c840)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x3f8, 0xb60, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x1844}, 0x24004080)

2.112679178s ago: executing program 5 (id=1697):
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
write$char_usb(r0, 0x0, 0x0)

1.23651271s ago: executing program 2 (id=1698):
r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000780)={0x0, @local, @dev}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
io_uring_enter(r0, 0x154e, 0x3f4a, 0x51, &(0x7f0000000000)={[0x9e4]}, 0x8)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000006feffff720a00fef8ffffff71a4f0ff0000000072030000000000001d400500000000004704000001ed000072030200000000001d44feff000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.235526161s ago: executing program 6 (id=1699):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prlimit64(0x0, 0x3, &(0x7f0000000200)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$dupfd(r0, 0x0, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000100)=0x704, 0x4)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
listen(r3, 0x0)
accept4(r3, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_local\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
sendmsg$nl_route(r1, 0x0, 0x400c840)

0s ago: executing program 2 (id=1700):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8c1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x1, &(0x7f0000000080)=""/4054, 0x0)
connect$bt_sco(r1, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')

kernel console output (not intermixed with test programs):

4] usb 3-1: config 0 has no interface number 0
[  469.893443][ T6284] usb 3-1: config 0 interface 4 has no altsetting 0
[  469.900122][ T6284] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  469.910151][ T6284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.931294][ T6284] usb 3-1: config 0 descriptor??
[  469.942250][ T6284] cp210x 3-1:0.4: cp210x converter detected
[  470.352115][ T6284] cp210x 3-1:0.4: failed to get vendor val 0x000e size 3: -32
[  470.399209][ T6284] usb 3-1: cp210x converter now attached to ttyUSB0
[  470.979931][ T4237] usb 5-1: Failed to submit usb control message: -110
[  470.993393][ T4237] usb 5-1: unable to send the bmi data to the device: -110
[  471.048130][ T6271] usb 5-1: USB disconnect, device number 24
[  471.075407][ T4237] usb 5-1: unable to get target info from device
[  471.104879][ T4237] usb 5-1: could not get target info (-110)
[  471.135999][ T4237] usb 5-1: could not probe fw (-110)
[  471.572603][ T6271] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  471.783883][ T6271] usb 5-1: Using ep0 maxpacket: 16
[  471.855859][ T6271] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  471.872240][ T9897] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1127'.
[  471.881367][ T9897] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  471.894453][ T6271] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  471.914815][ T6271] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.936118][ T6271] usb 5-1: Product: syz
[  471.940550][ T6271] usb 5-1: Manufacturer: syz
[  471.946479][ T6271] usb 5-1: SerialNumber: syz
[  471.995815][ T6271] usb 5-1: config 0 descriptor??
[  472.108452][ T6271] usb 3-1: USB disconnect, device number 25
[  472.131901][ T6271] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  472.158123][ T6271] cp210x 3-1:0.4: device disconnected
[  473.021922][ T9910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1130'.
[  474.133142][ T6271] usb 5-1: USB disconnect, device number 25
[  474.359111][ T6284] libceph: connect (1)[a::]:6789 error -101
[  474.447415][ T6284] libceph: mon0 (1)[a::]:6789 connect error
[  474.969054][ T6284] libceph: connect (1)[a::]:6789 error -101
[  474.987170][ T6284] libceph: mon0 (1)[a::]:6789 connect error
[  474.996294][ T9920] ceph: No mds server is up or the cluster is laggy
[  476.163681][ T9942] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1138'.
[  476.172979][ T9942] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  476.508462][ T9944] netlink: 'syz.1.1139': attribute type 21 has an invalid length.
[  476.519925][ T9934] sp0: Synchronizing with TNC
[  476.807243][ T9952] netlink: 'syz.0.1135': attribute type 13 has an invalid length.
[  477.233449][ T6271] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  477.350198][ T9952] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1135'.
[  477.364008][ T6284] libceph: connect (1)[a::]:6789 error -101
[  477.367260][ T9958] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1141'.
[  477.370128][ T6284] libceph: mon0 (1)[a::]:6789 connect error
[  477.435055][ T9958] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1141'.
[  477.453988][ T9954] ceph: No mds server is up or the cluster is laggy
[  477.799094][ T6271] usb 2-1: config 0 has an invalid interface number: 4 but max is 0
[  477.808466][ T6271] usb 2-1: config 0 has no interface number 0
[  477.815284][ T6271] usb 2-1: config 0 interface 4 has no altsetting 0
[  477.822317][ T6271] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  477.831755][ T6271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.872854][ T6271] usb 2-1: config 0 descriptor??
[  477.897619][ T6271] cp210x 2-1:0.4: cp210x converter detected
[  478.112682][ T5894] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  478.276169][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.299647][ T6271] cp210x 2-1:0.4: failed to get vendor val 0x000e size 3: -32
[  478.310106][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.349477][ T6271] usb 2-1: cp210x converter now attached to ttyUSB0
[  478.359693][ T5894] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  478.437420][ T5894] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  478.468875][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.508042][ T5894] usb 4-1: config 0 descriptor??
[  478.572752][ T6284] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  478.733652][ T6284] usb 3-1: Using ep0 maxpacket: 16
[  478.763813][ T6284] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  478.780163][ T6284] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  478.802913][ T6284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.837077][ T6284] usb 3-1: Product: syz
[  478.865275][ T6284] usb 3-1: Manufacturer: syz
[  478.875830][ T6284] usb 3-1: SerialNumber: syz
[  478.884969][ T6284] usb 3-1: config 0 descriptor??
[  478.968261][ T5894] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  478.986100][ T5894] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  479.018332][ T9977] 9pnet_fd: Insufficient options for proto=fd
[  479.024963][ T5894] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  479.551930][ T6284] libceph: connect (1)[a::]:6789 error -101
[  479.574031][ T6284] libceph: mon0 (1)[a::]:6789 connect error
[  479.690565][ T6284] usb 2-1: USB disconnect, device number 26
[  480.049178][ T5889] libceph: connect (1)[a::]:6789 error -101
[  480.058523][ T5889] libceph: mon0 (1)[a::]:6789 connect error
[  480.065305][ T6284] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  480.073923][ T6284] cp210x 2-1:0.4: device disconnected
[  480.087033][ T9981] ceph: No mds server is up or the cluster is laggy
[  480.582885][ T5894] usb 4-1: reset high-speed USB device number 23 using dummy_hcd
[  483.283203][ T6276] usb 3-1: USB disconnect, device number 26
[  483.382763][ T5894] usb 4-1: device descriptor read/64, error -32
[  484.864103][ T6271] usb 4-1: USB disconnect, device number 23
[  485.651914][T10018] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1157'.
[  485.982595][T10024] netlink: 'syz.4.1160': attribute type 21 has an invalid length.
[  486.882522][T10032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1159'.
[  487.352758][ T6271] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  487.382645][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  487.382669][   T30] audit: type=1400 audit(1743748414.379:449): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=10038 comm="syz.3.1164" daddr=fe80::bb
[  487.564699][ T6271] usb 5-1: config 0 has an invalid interface number: 4 but max is 0
[  487.802710][ T6271] usb 5-1: config 0 has no interface number 0
[  487.812987][ T6271] usb 5-1: config 0 interface 4 has no altsetting 0
[  487.830472][T10049] FAULT_INJECTION: forcing a failure.
[  487.830472][T10049] name failslab, interval 1, probability 0, space 0, times 0
[  487.843141][T10049] CPU: 1 UID: 0 PID: 10049 Comm: syz.1.1166 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  487.843157][T10049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  487.843163][T10049] Call Trace:
[  487.843168][T10049]  <TASK>
[  487.843173][T10049]  dump_stack_lvl+0x241/0x360
[  487.843193][T10049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  487.843205][T10049]  ? __pfx__printk+0x10/0x10
[  487.843220][T10049]  ? __pfx___might_resched+0x10/0x10
[  487.843234][T10049]  should_fail_ex+0x424/0x570
[  487.843248][T10049]  should_failslab+0xac/0x100
[  487.843259][T10049]  __kvmalloc_node_noprof+0x170/0x5a0
[  487.843270][T10049]  ? rhashtable_init_noprof+0x534/0xa60
[  487.843286][T10049]  rhashtable_init_noprof+0x534/0xa60
[  487.843302][T10049]  rhltable_init_noprof+0x1c/0x60
[  487.843313][T10049]  nf_tables_newtable+0x806/0x1e80
[  487.843335][T10049]  ? __pfx_nf_tables_newtable+0x10/0x10
[  487.843352][T10049]  ? __nla_parse+0x40/0x60
[  487.843366][T10049]  nfnetlink_rcv+0x12eb/0x28f0
[  487.843381][T10049]  ? __kernel_text_address+0xd/0x40
[  487.843412][T10049]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  487.843435][T10049]  ? __lock_acquire+0xad5/0xd80
[  487.843469][T10049]  ? netlink_deliver_tap+0x2e/0x1b0
[  487.843483][T10049]  ? netlink_deliver_tap+0x2e/0x1b0
[  487.843495][T10049]  netlink_unicast+0x7f8/0x9a0
[  487.843511][T10049]  ? __pfx_netlink_unicast+0x10/0x10
[  487.843523][T10049]  ? skb_put+0x114/0x1f0
[  487.843540][T10049]  netlink_sendmsg+0x8c3/0xcd0
[  487.843559][T10049]  ? __pfx_netlink_sendmsg+0x10/0x10
[  487.843578][T10049]  ? __pfx_netlink_sendmsg+0x10/0x10
[  487.843588][T10049]  __sock_sendmsg+0x221/0x270
[  487.843602][T10049]  ____sys_sendmsg+0x523/0x860
[  487.843617][T10049]  ? __pfx_____sys_sendmsg+0x10/0x10
[  487.843625][T10049]  ? __fget_files+0x2a/0x420
[  487.843637][T10049]  ? __fget_files+0x2a/0x420
[  487.843653][T10049]  __sys_sendmsg+0x271/0x360
[  487.843665][T10049]  ? __pfx___sys_sendmsg+0x10/0x10
[  487.843706][T10049]  ? do_syscall_64+0xb6/0x230
[  487.843718][T10049]  do_syscall_64+0xf3/0x230
[  487.843728][T10049]  ? clear_bhb_loop+0x45/0xa0
[  487.843741][T10049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.843755][T10049] RIP: 0033:0x7fd0e8d8d169
[  487.843769][T10049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  487.843782][T10049] RSP: 002b:00007fd0e9bf0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  487.843799][T10049] RAX: ffffffffffffffda RBX: 00007fd0e8fa6080 RCX: 00007fd0e8d8d169
[  487.843811][T10049] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000006
[  487.843820][T10049] RBP: 00007fd0e9bf0090 R08: 0000000000000000 R09: 0000000000000000
[  487.843829][T10049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.843838][T10049] R13: 0000000000000000 R14: 00007fd0e8fa6080 R15: 00007ffe4d3281e8
[  487.843862][T10049]  </TASK>
[  488.163296][ T6271] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  488.175169][ T6271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.228008][ T6271] usb 5-1: config 0 descriptor??
[  488.560618][ T6271] cp210x 5-1:0.4: cp210x converter detected
[  488.947490][ T6271] cp210x 5-1:0.4: failed to get vendor val 0x000e size 3: -32
[  488.970926][ T6271] usb 5-1: cp210x converter now attached to ttyUSB0
[  489.731797][T10057] kvm: pic: non byte write
[  489.787360][T10062] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1171'.
[  490.390107][ T6271] usb 5-1: USB disconnect, device number 26
[  490.413238][ T6271] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  490.421714][ T6271] cp210x 5-1:0.4: device disconnected
[  491.725483][T10076] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  491.852407][T10086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1175'.
[  492.210224][ T6284] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  492.499293][ T6284] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  492.544797][ T6284] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  493.352386][T10100] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  493.616572][ T6284] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  493.666912][T10107] netlink: 'syz.2.1182': attribute type 1 has an invalid length.
[  493.708323][T10107] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1182'.
[  493.719225][ T6284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  493.738217][ T6284] usb 5-1: SerialNumber: syz
[  493.848588][T10107] netlink: 'syz.2.1182': attribute type 1 has an invalid length.
[  493.950883][T10116] FAULT_INJECTION: forcing a failure.
[  493.950883][T10116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.964531][T10116] CPU: 1 UID: 0 PID: 10116 Comm: syz.1.1183 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  493.964557][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  493.964567][T10116] Call Trace:
[  493.964574][T10116]  <TASK>
[  493.964581][T10116]  dump_stack_lvl+0x241/0x360
[  493.964610][T10116]  ? __pfx_dump_stack_lvl+0x10/0x10
[  493.964631][T10116]  ? __pfx__printk+0x10/0x10
[  493.964652][T10116]  ? lock_acquire+0x167/0x2f0
[  493.964678][T10116]  should_fail_ex+0x424/0x570
[  493.964701][T10116]  _copy_from_user+0x2d/0xb0
[  493.964723][T10116]  snd_ctl_tlv_ioctl+0x141/0xa90
[  493.964747][T10116]  ? __pfx_snd_ctl_tlv_ioctl+0x10/0x10
[  493.964765][T10116]  ? __pfx_snd_power_ref_and_wait+0x10/0x10
[  493.964785][T10116]  ? rcu_is_watching+0x15/0xb0
[  493.964805][T10116]  ? trace_irq_disable+0x3b/0x120
[  493.964827][T10116]  ? preempt_schedule_irq+0x145/0x1c0
[  493.964844][T10116]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  493.964859][T10116]  ? stack_trace_save+0x11a/0x1d0
[  493.964886][T10116]  snd_ctl_ioctl+0x301/0x1c30
[  493.964910][T10116]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  493.964939][T10116]  ? do_vfs_ioctl+0x14b/0x2750
[  493.964965][T10116]  ? do_vfs_ioctl+0x5a6/0x2750
[  493.964985][T10116]  ? do_vfs_ioctl+0xef8/0x2750
[  493.965012][T10116]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  493.965060][T10116]  ? kasan_quarantine_put+0xdc/0x230
[  493.965080][T10116]  ? lockdep_hardirqs_on+0x9d/0x150
[  493.965107][T10116]  ? tomoyo_path_number_perm+0x215/0x790
[  493.965133][T10116]  ? tomoyo_path_number_perm+0x684/0x790
[  493.965157][T10116]  ? tomoyo_path_number_perm+0x215/0x790
[  493.965177][T10116]  ? smack_log+0x132/0x630
[  493.965193][T10116]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  493.965218][T10116]  ? __pfx_smack_log+0x10/0x10
[  493.965235][T10116]  ? ksys_write+0x24e/0x2d0
[  493.965253][T10116]  ? smk_access+0x4ab/0x4e0
[  493.965277][T10116]  ? smk_tskacc+0x300/0x370
[  493.965300][T10116]  ? smack_file_ioctl+0x306/0x3b0
[  493.965321][T10116]  ? __pfx_smack_file_ioctl+0x10/0x10
[  493.965347][T10116]  ? __fget_files+0x2a/0x420
[  493.965369][T10116]  ? __fget_files+0x2a/0x420
[  493.965391][T10116]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  493.965410][T10116]  __se_sys_ioctl+0xf1/0x160
[  493.965434][T10116]  do_syscall_64+0xf3/0x230
[  493.965451][T10116]  ? clear_bhb_loop+0x45/0xa0
[  493.965470][T10116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.965486][T10116] RIP: 0033:0x7fd0e8d8d169
[  493.965501][T10116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.965515][T10116] RSP: 002b:00007fd0e9bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  493.965533][T10116] RAX: ffffffffffffffda RBX: 00007fd0e8fa6160 RCX: 00007fd0e8d8d169
[  493.965545][T10116] RDX: 0000200000005480 RSI: 00000000c008551a RDI: 0000000000000005
[  493.965556][T10116] RBP: 00007fd0e9bcf090 R08: 0000000000000000 R09: 0000000000000000
[  493.965566][T10116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.965577][T10116] R13: 0000000000000000 R14: 00007fd0e8fa6160 R15: 00007ffe4d3281e8
[  493.965605][T10116]  </TASK>
[  494.278153][T10081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.378610][T10081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.572827][ T6284] usb 5-1: 0:2 : does not exist
[  494.577817][ T6284] usb 5-1: unit 5: unexpected type 0x03
[  494.723835][ T6284] usb 5-1: USB disconnect, device number 27
[  494.875194][T10122] kvm: pic: non byte write
[  495.602601][ T5889] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  495.762993][ T5889] usb 1-1: Using ep0 maxpacket: 8
[  495.781629][ T5889] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  495.821759][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.830857][ T5889] usb 1-1: Product: syz
[  495.838860][ T5889] usb 1-1: Manufacturer: syz
[  495.848341][ T5889] usb 1-1: SerialNumber: syz
[  495.901467][ T5889] usb 1-1: config 0 descriptor??
[  496.175796][ T5889] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  496.405478][T10129] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  496.495986][T10139] Invalid ELF header magic: != ELF
[  496.511879][   T30] audit: type=1400 audit(1743748423.509:450): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=10131 comm="syz.2.1190" dest=20002
[  497.044559][T10143] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1191'.
[  497.833376][ T6284] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  497.901908][T10155] Invalid ELF header magic: != ELF
[  498.213479][T10156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1194'.
[  498.623950][ T5889] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  498.638567][ T5889] usb 1-1: USB disconnect, device number 20
[  498.714463][ T6284] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  498.727943][ T6284] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  498.761195][ T6284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.810940][ T6284] usb 3-1: config 0 descriptor??
[  498.825972][T10147] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  498.853158][T10159] 8021q: adding VLAN 0 to HW filter on device bond1
[  498.861538][T10159] bond0: (slave bond1): Enslaving as an active interface with an up link
[  498.890120][T10159] dvmrp0: entered allmulticast mode
[  498.954106][T10161] dvmrp0: left allmulticast mode
[  499.270815][ T6284] elan 0003:04F3:0755.0015: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  499.466361][ T6284] usb 3-1: USB disconnect, device number 27
[  499.483912][ T3020] Bluetooth: Error in BCSP hdr checksum
[  499.591710][T10168] FAULT_INJECTION: forcing a failure.
[  499.591710][T10168] name failslab, interval 1, probability 0, space 0, times 0
[  499.658599][T10168] CPU: 1 UID: 0 PID: 10168 Comm: syz.0.1198 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  499.658623][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  499.658629][T10168] Call Trace:
[  499.658634][T10168]  <TASK>
[  499.658639][T10168]  dump_stack_lvl+0x241/0x360
[  499.658658][T10168]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.658671][T10168]  ? __pfx__printk+0x10/0x10
[  499.658685][T10168]  ? __pfx___might_resched+0x10/0x10
[  499.658700][T10168]  should_fail_ex+0x424/0x570
[  499.658712][T10168]  should_failslab+0xac/0x100
[  499.658724][T10168]  __kmalloc_noprof+0xdf/0x4d0
[  499.658734][T10168]  ? tomoyo_encode+0x26f/0x540
[  499.658746][T10168]  tomoyo_encode+0x26f/0x540
[  499.658759][T10168]  tomoyo_realpath_from_path+0x59e/0x5e0
[  499.658775][T10168]  tomoyo_path_number_perm+0x245/0x790
[  499.658790][T10168]  ? tomoyo_path_number_perm+0x215/0x790
[  499.658804][T10168]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  499.658820][T10168]  ? ksys_write+0x24e/0x2d0
[  499.658837][T10168]  ? __lock_acquire+0xad5/0xd80
[  499.658856][T10168]  ? __fget_files+0x2a/0x420
[  499.658867][T10168]  ? __fget_files+0x2a/0x420
[  499.658878][T10168]  ? __fget_files+0x2a/0x420
[  499.658891][T10168]  security_file_ioctl+0xc6/0x2a0
[  499.658906][T10168]  __se_sys_ioctl+0x46/0x160
[  499.658920][T10168]  do_syscall_64+0xf3/0x230
[  499.658932][T10168]  ? clear_bhb_loop+0x45/0xa0
[  499.658944][T10168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.658953][T10168] RIP: 0033:0x7fd1d0b8d169
[  499.658963][T10168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.658971][T10168] RSP: 002b:00007fd1d1aa0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  499.658983][T10168] RAX: ffffffffffffffda RBX: 00007fd1d0da5fa0 RCX: 00007fd1d0b8d169
[  499.658990][T10168] RDX: 0000000000000000 RSI: 00000000c008551a RDI: 0000000000000003
[  499.658996][T10168] RBP: 00007fd1d1aa0090 R08: 0000000000000000 R09: 0000000000000000
[  499.659002][T10168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.659007][T10168] R13: 0000000000000000 R14: 00007fd1d0da5fa0 R15: 00007ffef4f679b8
[  499.659022][T10168]  </TASK>
[  499.659037][T10168] ERROR: Out of memory at tomoyo_realpath_from_path.
[  500.515990][T10177] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  501.182605][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  501.272620][ T5851] Bluetooth: hci5: command 0x1003 tx timeout
[  501.278936][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  501.511565][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  501.526382][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  504.141513][T10206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1211'.
[  504.704322][T10219] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1213'.
[  504.882784][ T6284] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  505.019621][T10222] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  505.168252][ T6284] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  505.246395][ T6284] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  505.279599][ T6284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.291527][ T6284] usb 1-1: config 0 descriptor??
[  505.302882][T10216] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  505.548902][T10224] smk_cipso_doi:679 remove rc = -2
[  505.592724][T10224] smk_cipso_doi:692 cipso add rc = -17
[  505.625835][T10224] smk_cipso_doi:679 remove rc = -2
[  505.672792][T10224] smk_cipso_doi:692 cipso add rc = -17
[  505.746731][ T6284] elan 0003:04F3:0755.0016: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  505.952051][ T6271] usb 1-1: USB disconnect, device number 21
[  506.986153][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1222'.
[  509.422424][T10264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1230'.
[  509.514253][T10264] 8021q: adding VLAN 0 to HW filter on device bond1
[  509.565981][T10266] 8021q: adding VLAN 0 to HW filter on device bond1
[  509.588382][T10266] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  509.600151][T10266] bond1: (slave ip6gre1): Error -95 calling set_mac_address
[  510.497514][ T6284] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  510.662765][ T6284] usb 3-1: Using ep0 maxpacket: 16
[  510.671760][ T6284] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  510.688615][T10274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1233'.
[  510.706248][T10278] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  510.723089][T10278] netlink: 'syz.3.1234': attribute type 20 has an invalid length.
[  510.730965][T10278] netlink: 'syz.3.1234': attribute type 21 has an invalid length.
[  510.764006][ T6284] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  510.813486][ T6284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.842358][ T6284] usb 3-1: Product: syz
[  510.853531][ T6284] usb 3-1: Manufacturer: syz
[  510.858280][ T6284] usb 3-1: SerialNumber: syz
[  510.883217][ T6284] usb 3-1: config 0 descriptor??
[  512.435198][T10289] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1237'.
[  513.610425][ T6271] usb 3-1: USB disconnect, device number 28
[  513.630186][T10295] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  515.926179][T10334] netlink: 'syz.2.1251': attribute type 11 has an invalid length.
[  516.759631][ T6271] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  517.385488][ T6271] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  517.421699][ T6271] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  517.444313][ T6271] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  517.481140][ T6271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.660798][T10346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1255'.
[  517.673115][T10344] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1254'.
[  517.839770][ T6271] usb 4-1: usb_control_msg returned -32
[  517.855942][ T6271] usbtmc 4-1:16.0: can't read capabilities
[  519.761356][ T6271] usb 4-1: USB disconnect, device number 24
[  522.665707][ T5832] syz_tun (unregistering): left promiscuous mode
[  524.239047][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  524.248349][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  524.260699][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  524.286989][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  524.297565][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  524.563227][T10396] lo speed is unknown, defaulting to 1000
[  524.803056][ T6271] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  525.322803][ T6271] usb 3-1: Using ep0 maxpacket: 32
[  525.363893][ T6271] usb 3-1: config 0 interface 0 altsetting 30 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.426384][T10396] chnl_net:caif_netlink_parms(): no params data found
[  525.466207][ T6271] usb 3-1: config 0 interface 0 altsetting 30 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.506352][ T6271] usb 3-1: config 0 interface 0 has no altsetting 0
[  525.513472][ T6271] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  525.522866][ T6271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.555559][ T6271] usb 3-1: config 0 descriptor??
[  525.758079][T10396] bridge0: port 1(bridge_slave_0) entered blocking state
[  525.767024][T10396] bridge0: port 1(bridge_slave_0) entered disabled state
[  525.779567][T10396] bridge_slave_0: entered allmulticast mode
[  525.798233][T10396] bridge_slave_0: entered promiscuous mode
[  525.815026][T10396] bridge0: port 2(bridge_slave_1) entered blocking state
[  525.823662][T10396] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.830992][T10396] bridge_slave_1: entered allmulticast mode
[  525.840388][T10396] bridge_slave_1: entered promiscuous mode
[  525.966790][T10396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.010482][T10396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.041632][ T6271] hkems 0003:2006:0118.0017: bogus close delimiter
[  526.071006][ T6271] hkems 0003:2006:0118.0017: item 0 4 2 10 parsing failed
[  526.096834][ T6271] hkems 0003:2006:0118.0017: parse failed
[  526.106123][ T6271] hkems 0003:2006:0118.0017: probe with driver hkems failed with error -22
[  526.272248][T10396] team0: Port device team_slave_0 added
[  526.375301][T10396] team0: Port device team_slave_1 added
[  526.382729][ T5851] Bluetooth: hci0: command tx timeout
[  526.581394][T10396] batman_adv: batadv0: Adding interface: batadv_slave_0
[  526.605465][T10396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  526.674217][T10396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  526.867408][T10396] batman_adv: batadv0: Adding interface: batadv_slave_1
[  526.896126][T10396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  526.961019][T10396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  527.148181][T10396] hsr_slave_0: entered promiscuous mode
[  527.257893][T10396] hsr_slave_1: entered promiscuous mode
[  527.356084][T10396] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  527.667295][T10396] Cannot create hsr debugfs directory
[  527.694361][T10440] FAULT_INJECTION: forcing a failure.
[  527.694361][T10440] name failslab, interval 1, probability 0, space 0, times 0
[  527.717558][T10440] CPU: 1 UID: 0 PID: 10440 Comm: syz.0.1280 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  527.717585][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  527.717595][T10440] Call Trace:
[  527.717603][T10440]  <TASK>
[  527.717611][T10440]  dump_stack_lvl+0x241/0x360
[  527.717639][T10440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.717658][T10440]  ? __pfx__printk+0x10/0x10
[  527.717692][T10440]  should_fail_ex+0x424/0x570
[  527.717715][T10440]  should_failslab+0xac/0x100
[  527.717735][T10440]  __kmalloc_cache_noprof+0x73/0x370
[  527.717751][T10440]  ? smack_populate_secattr+0xdc/0x330
[  527.717774][T10440]  smack_populate_secattr+0xdc/0x330
[  527.717797][T10440]  smk_import_entry+0x110/0x1d0
[  527.717816][T10440]  smk_write_net6addr+0x76c/0x1910
[  527.717856][T10440]  ? __pfx_smk_write_net6addr+0x10/0x10
[  527.717875][T10440]  ? rcu_read_lock_any_held+0xbb/0x160
[  527.717908][T10440]  ? __pfx_smk_write_net6addr+0x10/0x10
[  527.717931][T10440]  vfs_write+0x2bc/0xd10
[  527.717958][T10440]  ? fdget_pos+0x247/0x310
[  527.717981][T10440]  ? __pfx_vfs_write+0x10/0x10
[  527.718005][T10440]  ? __fget_files+0x2a/0x420
[  527.718025][T10440]  ? __fget_files+0x39d/0x420
[  527.718040][T10440]  ? __fget_files+0x2a/0x420
[  527.718067][T10440]  ksys_write+0x19d/0x2d0
[  527.718090][T10440]  ? __pfx_ksys_write+0x10/0x10
[  527.718117][T10440]  ? do_syscall_64+0xb6/0x230
[  527.718138][T10440]  do_syscall_64+0xf3/0x230
[  527.718163][T10440]  ? clear_bhb_loop+0x45/0xa0
[  527.718182][T10440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.718197][T10440] RIP: 0033:0x7fd1d0b8d169
[  527.718212][T10440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.718223][T10440] RSP: 002b:00007fd1d1aa0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  527.718240][T10440] RAX: ffffffffffffffda RBX: 00007fd1d0da5fa0 RCX: 00007fd1d0b8d169
[  527.718250][T10440] RDX: 00000000000000af RSI: 0000200000000180 RDI: 0000000000000008
[  527.718260][T10440] RBP: 00007fd1d1aa0090 R08: 0000000000000000 R09: 0000000000000000
[  527.718269][T10440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.718278][T10440] R13: 0000000000000000 R14: 00007fd1d0da5fa0 R15: 00007ffef4f679b8
[  527.718306][T10440]  </TASK>
[  527.732799][ T6284] usb 3-1: USB disconnect, device number 29
[  528.501468][ T5851] Bluetooth: hci0: command tx timeout
[  529.545220][T10466] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1285'.
[  530.429303][T10476] input: syz1 as /devices/virtual/input/input27
[  530.542677][ T5851] Bluetooth: hci0: command tx timeout
[  530.608952][ T5889] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  530.664778][T10396] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  531.345327][T10396] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  531.352544][ T5889] usb 1-1: Using ep0 maxpacket: 16
[  531.377248][ T5889] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  531.416243][T10396] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  531.423447][ T5889] usb 1-1: config 0 has no interface number 0
[  531.429540][ T5889] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  531.458489][ T5889] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  531.462555][ T5894] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  531.477027][ T5889] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  531.492226][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  531.493663][T10396] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  531.502499][ T5889] usb 1-1: Product: syz
[  531.532032][ T5889] usb 1-1: SerialNumber: syz
[  531.545400][ T5889] usb 1-1: config 0 descriptor??
[  531.575960][ T5889] cm109 1-1:0.8: invalid payload size 0, expected 4
[  531.602633][ T6284] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  531.610776][ T5889] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input28
[  531.684443][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  531.729182][ T5894] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  531.794308][ T6284] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  531.809904][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  531.822665][ T6284] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  531.856663][ T5894] usb 4-1: config 0 descriptor??
[  531.879075][ T6284] usb 5-1: config 0 has no interface number 0
[  531.925279][T10486] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  531.930992][ T6284] usb 5-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  531.952797][ T6284] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  531.966635][ T6284] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  531.976372][ T6284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.033786][ T6284] usb 5-1: config 0 descriptor??
[  532.045457][T10490] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  532.081172][ T6284] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  532.098723][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  532.098939][ T6276] usb 1-1: USB disconnect, device number 22
[  532.105793][    C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  532.106981][T10396] 8021q: adding VLAN 0 to HW filter on device bond0
[  532.146716][T10396] 8021q: adding VLAN 0 to HW filter on device team0
[  532.198761][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.206035][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  532.222278][ T6276] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  532.340388][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.347644][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  532.391374][ T5894] usbhid 4-1:0.0: can't add hid device: -71
[  532.399495][ T5894] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  532.454691][ T5894] usb 4-1: USB disconnect, device number 25
[  532.623090][ T5851] Bluetooth: hci0: command tx timeout
[  533.105258][   T65] usb 5-1: Failed to submit usb control message: -110
[  533.126345][   T65] usb 5-1: unable to send the bmi data to the device: -110
[  533.163742][   T65] usb 5-1: unable to get target info from device
[  533.185085][T10396] 8021q: adding VLAN 0 to HW filter on device batadv0
[  533.205674][   T65] usb 5-1: could not get target info (-110)
[  533.237091][   T65] usb 5-1: could not probe fw (-110)
[  533.274620][T10520] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1293'.
[  533.737106][ T6284] usb 5-1: USB disconnect, device number 28
[  535.748843][T10529] sp0: Synchronizing with TNC
[  535.752822][   T30] audit: type=1400 audit(1743748462.739:451): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=10547 comm="syz.2.1299" daddr=fe80::
[  535.971863][T10396] veth0_vlan: entered promiscuous mode
[  536.012267][T10396] veth1_vlan: entered promiscuous mode
[  536.804358][T10396] veth0_macvtap: entered promiscuous mode
[  536.860545][T10396] veth1_macvtap: entered promiscuous mode
[  536.919016][T10396] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.931239][T10396] batman_adv: batadv0: Interface activated: batadv_slave_1
[  536.985304][T10396] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  537.174882][T10396] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  537.185708][T10396] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  537.195402][T10396] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  539.822373][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  539.848149][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  539.979118][ T3020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  539.997122][ T3020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.734016][T10580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1306'.
[  540.767450][   T30] audit: type=1400 audit(1743748467.769:452): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=10579 comm="syz.2.1306" daddr=fc02::1 dest=20000
[  540.962924][ T6276] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  541.207350][ T6276] usb 4-1: config 0 has an invalid interface number: 106 but max is 0
[  541.737944][ T6276] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  541.764010][ T6276] usb 4-1: config 0 has no interface number 0
[  541.770461][ T6276] usb 4-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  541.785679][ T6276] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  541.992666][ T6276] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  542.168306][T10625] xt_addrtype: ipv6 does not support BROADCAST matching
[  542.329230][T10627] FAULT_INJECTION: forcing a failure.
[  542.329230][T10627] name failslab, interval 1, probability 0, space 0, times 0
[  542.342323][T10627] CPU: 1 UID: 0 PID: 10627 Comm: syz.4.1312 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  542.342349][T10627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  542.342360][T10627] Call Trace:
[  542.342367][T10627]  <TASK>
[  542.342374][T10627]  dump_stack_lvl+0x241/0x360
[  542.342403][T10627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  542.342426][T10627]  ? __pfx__printk+0x10/0x10
[  542.342449][T10627]  ? __pfx___might_resched+0x10/0x10
[  542.342493][T10627]  should_fail_ex+0x424/0x570
[  542.342516][T10627]  should_failslab+0xac/0x100
[  542.342535][T10627]  __kmalloc_noprof+0xdf/0x4d0
[  542.342552][T10627]  ? tomoyo_encode+0x26f/0x540
[  542.342572][T10627]  tomoyo_encode+0x26f/0x540
[  542.342595][T10627]  tomoyo_mount_permission+0x356/0xbd0
[  542.342624][T10627]  ? stack_depot_save_flags+0x44/0x940
[  542.342639][T10627]  ? tomoyo_mount_permission+0x29d/0xbd0
[  542.342665][T10627]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  542.342745][T10627]  security_sb_mount+0xe0/0x2f0
[  542.342766][T10627]  path_mount+0xb9/0xfa0
[  542.342783][T10627]  ? kmem_cache_free+0x197/0x410
[  542.342798][T10627]  ? user_path_at+0x44/0x60
[  542.342827][T10627]  __se_sys_mount+0x38c/0x400
[  542.342852][T10627]  ? __pfx___se_sys_mount+0x10/0x10
[  542.342877][T10627]  ? __x64_sys_mount+0x20/0xc0
[  542.342897][T10627]  do_syscall_64+0xf3/0x230
[  542.342916][T10627]  ? clear_bhb_loop+0x45/0xa0
[  542.342936][T10627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.342951][T10627] RIP: 0033:0x7fd5f058d169
[  542.342966][T10627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.342981][T10627] RSP: 002b:00007fd5f1457038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  542.342998][T10627] RAX: ffffffffffffffda RBX: 00007fd5f07a6160 RCX: 00007fd5f058d169
[  542.343011][T10627] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000000000000000
[  542.343022][T10627] RBP: 00007fd5f1457090 R08: 0000200000000080 R09: 0000000000000000
[  542.343033][T10627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.343042][T10627] R13: 0000000000000000 R14: 00007fd5f07a6160 R15: 00007ffdda672db8
[  542.343071][T10627]  </TASK>
[  542.565882][ T6276] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.587134][ T6276] usb 4-1: config 0 descriptor??
[  542.593092][T10608] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  542.762765][ T6276] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  543.029129][ T6286] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  543.672559][ T6286] usb 3-1: Using ep0 maxpacket: 32
[  543.694371][ T6286] usb 3-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b2.bf
[  543.800425][ T6286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.834570][   T65] usb 4-1: Failed to submit usb control message: -110
[  543.843365][   T65] usb 4-1: unable to send the bmi data to the device: -110
[  543.850950][   T65] usb 4-1: unable to get target info from device
[  543.858865][   T65] usb 4-1: could not get target info (-110)
[  543.864900][ T6286] usb 3-1: Product: syz
[  543.864922][ T6286] usb 3-1: SerialNumber: syz
[  543.877945][ T6286] usb 3-1: config 0 descriptor??
[  543.890814][ T5889] usb 4-1: USB disconnect, device number 26
[  543.923399][ T6276] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  543.956814][   T65] usb 4-1: could not probe fw (-110)
[  544.103698][ T6276] usb 1-1: Using ep0 maxpacket: 8
[  544.134121][ T6276] usb 1-1: config 6 has an invalid interface number: 2 but max is 0
[  544.160895][ T6276] usb 1-1: config 6 has no interface number 0
[  544.198247][ T6276] usb 1-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  544.211223][ T6271] usb 3-1: USB disconnect, device number 30
[  544.273586][ T6276] usb 1-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  544.321634][ T6276] usb 1-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  544.338612][ T6276] usb 1-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  544.353494][ T6276] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  544.367565][ T6276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.376982][ T6276] usb 1-1: Product: syz
[  544.381408][ T6276] usb 1-1: Manufacturer: syz
[  544.388933][ T6276] usb 1-1: SerialNumber: syz
[  544.417917][ T6276] hso 1-1:6.2: Failed to find BULK IN ep
[  544.552697][ T5894] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  544.680974][T10641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.780308][T10658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1322'.
[  545.082171][T10641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  545.128725][ T6286] usb 1-1: USB disconnect, device number 23
[  545.131725][ T5894] usb 4-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=fd.0b
[  545.185577][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.247841][ T5894] usb 4-1: config 0 descriptor??
[  545.261109][ T5894] usb 4-1: unsupported MDLM descriptors
[  545.267328][T10660] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  545.472018][ T5894] usb 4-1: USB disconnect, device number 27
[  545.964775][T10670] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1328'.
[  545.996199][T10672] FAULT_INJECTION: forcing a failure.
[  545.996199][T10672] name failslab, interval 1, probability 0, space 0, times 0
[  546.008926][T10672] CPU: 1 UID: 0 PID: 10672 Comm: syz.0.1327 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  546.008949][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  546.008958][T10672] Call Trace:
[  546.008967][T10672]  <TASK>
[  546.008974][T10672]  dump_stack_lvl+0x241/0x360
[  546.009003][T10672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.009023][T10672]  ? __pfx__printk+0x10/0x10
[  546.009047][T10672]  ? __pfx___might_resched+0x10/0x10
[  546.009071][T10672]  should_fail_ex+0x424/0x570
[  546.009087][T10672]  should_failslab+0xac/0x100
[  546.009098][T10672]  __kmalloc_noprof+0xdf/0x4d0
[  546.009108][T10672]  ? tomoyo_encode+0x26f/0x540
[  546.009121][T10672]  tomoyo_encode+0x26f/0x540
[  546.009133][T10672]  tomoyo_mount_permission+0x56a/0xbd0
[  546.009153][T10672]  ? tomoyo_mount_permission+0x29d/0xbd0
[  546.009169][T10672]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  546.009212][T10672]  security_sb_mount+0xe0/0x2f0
[  546.009224][T10672]  path_mount+0xb9/0xfa0
[  546.009234][T10672]  ? kmem_cache_free+0x197/0x410
[  546.009243][T10672]  ? user_path_at+0x44/0x60
[  546.009259][T10672]  __se_sys_mount+0x38c/0x400
[  546.009273][T10672]  ? __pfx___se_sys_mount+0x10/0x10
[  546.009287][T10672]  ? __x64_sys_mount+0x20/0xc0
[  546.009299][T10672]  do_syscall_64+0xf3/0x230
[  546.009310][T10672]  ? clear_bhb_loop+0x45/0xa0
[  546.009322][T10672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.009331][T10672] RIP: 0033:0x7fd1d0b8d169
[  546.009341][T10672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.009349][T10672] RSP: 002b:00007fd1d1a7f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  546.009360][T10672] RAX: ffffffffffffffda RBX: 00007fd1d0da6080 RCX: 00007fd1d0b8d169
[  546.009367][T10672] RDX: 0000200000000140 RSI: 0000200000000040 RDI: 0000000000000000
[  546.009373][T10672] RBP: 00007fd1d1a7f090 R08: 0000000000000000 R09: 0000000000000000
[  546.009379][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.009384][T10672] R13: 0000000000000000 R14: 00007fd1d0da6080 R15: 00007ffef4f679b8
[  546.009406][T10672]  </TASK>
[  546.842644][ T5894] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  547.554425][ T5894] usb 6-1: Using ep0 maxpacket: 32
[  547.556693][T10690] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1333'.
[  547.582076][ T5894] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  547.640010][ T5894] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  547.722612][ T5894] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  547.792375][ T5894] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  547.829815][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.191798][T10694] Invalid ELF header magic: != ELF
[  548.232893][T10694] openvswitch: netlink: EtherType 0 is less than min 600
[  550.685247][T10704] syz.5.1330 (10704): drop_caches: 2
[  550.852534][ T5894] usb 6-1: USB disconnect, device number 2
[  550.919536][T10712] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1340'.
[  551.147185][T10715] netlink: 'syz.0.1341': attribute type 21 has an invalid length.
[  551.548085][T10720] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  551.972910][ T6286] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  552.895771][ T5889] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  553.155080][ T6286] usb 1-1: config 0 has an invalid interface number: 4 but max is 0
[  553.221780][ T6286] usb 1-1: config 0 has no interface number 0
[  553.238728][ T6286] usb 1-1: config 0 interface 4 has no altsetting 0
[  553.709051][ T5889] usb 4-1: Using ep0 maxpacket: 8
[  553.874309][ T5889] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  553.892589][ T6286] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  553.950175][ T6286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.002856][ T5889] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  554.366098][ T5889] usb 4-1: config 0 interface 0 has no altsetting 0
[  554.373623][ T6286] usb 1-1: config 0 descriptor??
[  554.387391][ T5889] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  554.397195][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.413687][ T5889] usb 4-1: config 0 descriptor??
[  554.471407][ T6286] usb 1-1: can't set config #0, error -71
[  554.502179][ T6286] usb 1-1: USB disconnect, device number 24
[  554.659208][T10752] netlink: 'syz.5.1349': attribute type 10 has an invalid length.
[  554.704181][T10752] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1349'.
[  554.745244][T10747] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  554.845271][ T5889] usbhid 4-1:0.0: can't add hid device: -71
[  554.853698][ T5889] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  554.882575][ T5889] usb 4-1: USB disconnect, device number 28
[  554.891046][T10752] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  554.940847][T10752] team0: Failed to send options change via netlink (err -105)
[  554.973663][T10752] team0: Port device geneve0 added
[  554.978899][ T6286] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  555.101914][T10747] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.164648][ T6286] usb 1-1: Using ep0 maxpacket: 8
[  555.188435][ T6286] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  555.205330][ T6286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.236095][ T6286] usb 1-1: Product: syz
[  555.248694][ T6286] usb 1-1: Manufacturer: syz
[  555.262020][ T6286] usb 1-1: SerialNumber: syz
[  555.281391][ T6286] usb 1-1: config 0 descriptor??
[  555.371841][T10747] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.501902][ T6286] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  555.769705][T10771] Bluetooth: MGMT ver 1.23
[  556.116952][T10747] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.562341][T10775] Invalid ELF header magic: != ELF
[  556.891386][ T6286] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  556.920352][ T6286] usb 1-1: USB disconnect, device number 25
[  557.175303][T10778] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1354'.
[  557.203981][T10778] FAULT_INJECTION: forcing a failure.
[  557.203981][T10778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  557.223840][T10778] CPU: 1 UID: 0 PID: 10778 Comm: syz.3.1354 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  557.223858][T10778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  557.223864][T10778] Call Trace:
[  557.223869][T10778]  <TASK>
[  557.223874][T10778]  dump_stack_lvl+0x241/0x360
[  557.223894][T10778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.223906][T10778]  ? __pfx__printk+0x10/0x10
[  557.223925][T10778]  should_fail_ex+0x424/0x570
[  557.223938][T10778]  _copy_to_user+0x31/0xb0
[  557.223953][T10778]  simple_read_from_buffer+0xc4/0x170
[  557.223967][T10778]  proc_fail_nth_read+0x1ef/0x260
[  557.223981][T10778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  557.223994][T10778]  ? rw_verify_area+0x246/0x630
[  557.224007][T10778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  557.224019][T10778]  vfs_read+0x21f/0xb90
[  557.224035][T10778]  ? __pfx___mutex_lock+0x10/0x10
[  557.224046][T10778]  ? __pfx_vfs_read+0x10/0x10
[  557.224060][T10778]  ? __fget_files+0x2a/0x420
[  557.224075][T10778]  ? __fget_files+0x39d/0x420
[  557.224084][T10778]  ? __fget_files+0x2a/0x420
[  557.224099][T10778]  ksys_read+0x19d/0x2d0
[  557.224113][T10778]  ? __pfx_ksys_read+0x10/0x10
[  557.224129][T10778]  ? do_syscall_64+0xb6/0x230
[  557.224141][T10778]  do_syscall_64+0xf3/0x230
[  557.224151][T10778]  ? clear_bhb_loop+0x45/0xa0
[  557.224163][T10778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.224172][T10778] RIP: 0033:0x7f6dff98bb7c
[  557.224182][T10778] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  557.224191][T10778] RSP: 002b:00007f6e007a5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  557.224201][T10778] RAX: ffffffffffffffda RBX: 00007f6dffba5fa0 RCX: 00007f6dff98bb7c
[  557.224208][T10778] RDX: 000000000000000f RSI: 00007f6e007a50a0 RDI: 0000000000000004
[  557.224214][T10778] RBP: 00007f6e007a5090 R08: 0000000000000000 R09: 0000000000000000
[  557.224220][T10778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.224225][T10778] R13: 0000000000000000 R14: 00007f6dffba5fa0 R15: 00007ffdc6a96818
[  557.224240][T10778]  </TASK>
[  557.521116][T10747] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  557.552295][ T6271] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  557.702608][ T6271] usb 3-1: Using ep0 maxpacket: 16
[  557.714818][T10747] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  557.716571][ T6271] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  557.770739][ T6271] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  558.429239][ T6271] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  558.453795][ T6271] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  558.465477][ T6271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.474215][ T6271] usb 3-1: Product: syz
[  558.478513][ T6271] usb 3-1: Manufacturer: syz
[  558.483400][ T6271] usb 3-1: SerialNumber: syz
[  558.637410][    T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  558.877259][T10789] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1357'.
[  558.943220][T10747] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  559.000514][T10747] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  559.267043][    T9] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  559.267098][ T6271] usb 3-1: 0:2 : does not exist
[  559.282875][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  559.301107][    T9] usb 5-1: config 0 has no interface number 0
[  559.308077][    T9] usb 5-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  559.349553][    T9] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  559.382343][    T9] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  559.392565][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.402655][ T5889] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  559.428079][    T9] usb 5-1: config 0 descriptor??
[  559.434121][T10785] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  559.890312][ T5891] IPVS: starting estimator thread 0...
[  559.892640][    T9] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  559.942755][ T5889] usb 4-1: Using ep0 maxpacket: 32
[  559.949872][ T5889] usb 4-1: config 8 has an invalid interface number: 72 but max is 0
[  559.958548][ T5889] usb 4-1: config 8 has no interface number 0
[  559.964936][ T5889] usb 4-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  559.976693][ T5889] usb 4-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  559.987827][ T5889] usb 4-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  559.998048][ T5889] usb 4-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  560.002766][T10802] IPVS: using max 51 ests per chain, 122400 per kthread
[  560.009976][ T5889] usb 4-1: config 8 interface 72 has no altsetting 0
[  560.026513][ T5889] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[  560.035910][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.044024][ T5889] usb 4-1: Product: syz
[  560.048414][ T5889] usb 4-1: Manufacturer: syz
[  560.053416][ T5889] usb 4-1: SerialNumber: syz
[  560.064713][T10788] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  560.073725][T10788] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  560.142604][ T5891] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  560.374704][ T5891] usb 6-1: config 0 has an invalid interface number: 106 but max is 0
[  560.410650][ T5891] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.449042][ T5891] usb 6-1: config 0 has no interface number 0
[  560.575985][ T5891] usb 6-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  560.630523][T10805] sp0: Synchronizing with TNC
[  560.964009][   T36] usb 5-1: Failed to submit usb control message: -110
[  561.001407][ T5889] smsc75xx v1.0.0
[  561.004464][ T6277] usb 5-1: USB disconnect, device number 29
[  561.019479][ T5891] usb 6-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  561.033070][   T36] usb 5-1: unable to send the bmi data to the device: -110
[  561.043771][   T36] usb 5-1: unable to get target info from device
[  561.047299][ T5889] smsc75xx 4-1:8.72 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  561.063915][ T5891] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  561.084899][   T36] usb 5-1: could not get target info (-110)
[  561.093361][ T5889] smsc75xx 4-1:8.72: probe with driver smsc75xx failed with error -71
[  561.105988][   T36] usb 5-1: could not probe fw (-110)
[  561.113674][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.120655][ T5889] usb 4-1: USB disconnect, device number 29
[  561.166193][ T5891] usb 6-1: config 0 descriptor??
[  561.191744][T10796] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  561.216942][ T5891] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  561.361582][ T6271] usb 3-1: 1:0: failed to get current value for ch 0 (-22)
[  561.484902][ T6271] usb 3-1: USB disconnect, device number 31
[  561.704300][ T6803] udevd[6803]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  562.232945][   T36] usb 6-1: Failed to submit usb control message: -110
[  562.303227][   T36] usb 6-1: unable to send the bmi data to the device: -110
[  562.318098][   T36] usb 6-1: unable to get target info from device
[  562.324923][   T36] usb 6-1: could not get target info (-110)
[  562.331078][   T36] usb 6-1: could not probe fw (-110)
[  562.478904][ T6284] usb 6-1: USB disconnect, device number 3
[  562.533591][ T5889] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  562.712577][ T5889] usb 4-1: Using ep0 maxpacket: 32
[  562.725338][ T5889] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  562.832785][ T5889] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  562.852367][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  562.860804][ T5889] usb 4-1: Product: syz
[  562.866141][ T5889] usb 4-1: Manufacturer: syz
[  562.870757][ T5889] usb 4-1: SerialNumber: syz
[  562.892384][ T5889] usb 4-1: config 0 descriptor??
[  562.898298][T10825] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  562.945613][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  562.968827][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  563.005928][T10829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1368'.
[  563.249906][T10834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.259001][T10834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.266890][ T5889] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  563.279649][T10834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.288739][T10834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.303489][T10834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.316825][T10834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.444352][ T5889] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[  563.454869][ T5889] usb 3-1: config 1 descriptor has 1 excess byte, ignoring
[  563.465098][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  563.490367][ T5889] usb 3-1: config 1 has no interface number 0
[  563.546191][ T5889] usb 3-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  563.581588][ T5889] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  563.597824][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.619696][ T5889] usb 3-1: Product: syz
[  563.767774][T10838] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1369'.
[  564.032732][ T5889] usb 3-1: Manufacturer: syz
[  564.038228][ T5889] usb 3-1: SerialNumber: syz
[  564.084705][ T5889] cdc_wdm 3-1:1.128: skipping garbage
[  564.099646][ T5889] cdc_wdm 3-1:1.128: skipping garbage
[  564.115052][ T5889] cdc_wdm 3-1:1.128: probe with driver cdc_wdm failed with error -22
[  564.285923][ T5889] usb 3-1: USB disconnect, device number 32
[  565.086717][T10844] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1371'.
[  565.281034][ T5889] usb 4-1: USB disconnect, device number 30
[  566.632666][ T6276] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  566.822573][ T6276] usb 5-1: Using ep0 maxpacket: 32
[  566.894361][ T6276] usb 5-1: config index 0 descriptor too short (expected 2553, got 27)
[  566.917663][ T6276] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  567.040577][ T6276] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  567.076002][ T6276] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  567.089191][ T6276] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.806209][T10856] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  568.855527][T10856] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  568.902353][T10856] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  568.937013][T10856] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  568.952851][T10856] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  569.072848][T10856] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  569.606581][T10884] syz.4.1372 (10884): drop_caches: 2
[  569.679643][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  569.770265][T10856] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  571.150444][ T5851] Bluetooth: hci2: command 0x0406 tx timeout
[  571.156737][ T5852] Bluetooth: hci4: command 0x0406 tx timeout
[  571.156743][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  571.156781][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout
[  571.241959][ T5889] usb 5-1: USB disconnect, device number 30
[  573.182705][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  573.759677][T10895] Bluetooth: hci0: unexpected event for opcode 0x2040
[  578.372614][T10941] netlink: 'syz.2.1393': attribute type 11 has an invalid length.
[  580.253424][T10951] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  580.925132][T10968] FAULT_INJECTION: forcing a failure.
[  580.925132][T10968] name failslab, interval 1, probability 0, space 0, times 0
[  580.925380][   T30] audit: type=1400 audit(1743748507.929:453): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=10965 comm="syz.4.1403" daddr=fe80::44
[  580.964014][T10968] CPU: 0 UID: 0 PID: 10968 Comm: syz.4.1403 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  580.964060][T10968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  580.964083][T10968] Call Trace:
[  580.964098][T10968]  <TASK>
[  580.964113][T10968]  dump_stack_lvl+0x241/0x360
[  580.964173][T10968]  ? __pfx_dump_stack_lvl+0x10/0x10
[  580.964193][T10968]  ? __pfx__printk+0x10/0x10
[  580.964219][T10968]  ? __pfx___might_resched+0x10/0x10
[  580.964243][T10968]  should_fail_ex+0x424/0x570
[  580.964266][T10968]  should_failslab+0xac/0x100
[  580.964285][T10968]  kmem_cache_alloc_noprof+0x78/0x390
[  580.964301][T10968]  ? key_alloc+0x341/0xff0
[  580.964315][T10968]  ? key_user_lookup+0x1b2/0x450
[  580.964335][T10968]  key_alloc+0x341/0xff0
[  580.964368][T10968]  keyring_alloc+0x44/0xb0
[  580.964390][T10968]  lookup_user_key+0x4b0/0x15b0
[  580.964424][T10968]  ? __pfx_lookup_user_key+0x10/0x10
[  580.964449][T10968]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  580.964495][T10968]  __se_sys_add_key+0x300/0x4b0
[  580.964518][T10968]  ? __pfx___se_sys_add_key+0x10/0x10
[  580.964548][T10968]  ? __x64_sys_add_key+0x20/0xc0
[  580.964570][T10968]  do_syscall_64+0xf3/0x230
[  580.964588][T10968]  ? clear_bhb_loop+0x45/0xa0
[  580.964607][T10968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.964623][T10968] RIP: 0033:0x7fd5f058d169
[  580.964638][T10968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.964653][T10968] RSP: 002b:00007fd5f1478038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  580.964671][T10968] RAX: ffffffffffffffda RBX: 00007fd5f07a6080 RCX: 00007fd5f058d169
[  580.964684][T10968] RDX: 0000200000000300 RSI: 0000000000000000 RDI: 0000200000000040
[  580.964695][T10968] RBP: 00007fd5f1478090 R08: ffffffffffffffff R09: 0000000000000000
[  580.964706][T10968] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  580.964717][T10968] R13: 0000000000000000 R14: 00007fd5f07a6080 R15: 00007ffdda672db8
[  580.964744][T10968]  </TASK>
[  580.966231][ T5891] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  581.492690][ T5891] usb 4-1: Using ep0 maxpacket: 32
[  581.509929][ T5891] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  581.538126][ T5891] usb 4-1: config 0 has no interface number 0
[  581.567907][ T5891] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  581.653483][ T5891] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  581.746142][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.837472][ T5891] usb 4-1: Product: syz
[  581.881605][ T5891] usb 4-1: Manufacturer: syz
[  581.938651][ T5891] usb 4-1: SerialNumber: syz
[  581.983462][ T5891] usb 4-1: config 0 descriptor??
[  581.998046][ T5891] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  582.022907][ T5891] em28xx 4-1:0.132: Video interface 132 found:
[  582.762600][T10982] netlink: 'syz.4.1407': attribute type 11 has an invalid length.
[  583.169701][ T5891] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  583.962310][ T5891] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0)
[  584.197894][ T5891] em28xx 4-1:0.132: board has no eeprom
[  584.227535][T10991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1410'.
[  584.272863][ T5891] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  584.288501][T10895] Bluetooth: hci1: unexpected event for opcode 0x2040
[  584.304814][ T5891] em28xx 4-1:0.132: analog set to bulk mode.
[  584.311353][ T6271] em28xx 4-1:0.132: Registering V4L2 extension
[  584.332067][ T5891] usb 4-1: USB disconnect, device number 31
[  584.343138][ T5891] em28xx 4-1:0.132: Disconnecting em28xx
[  585.190935][ T6271] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  585.383139][T11011] netlink: 'syz.3.1414': attribute type 11 has an invalid length.
[  586.211580][ T6271] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  586.537870][ T6271] em28xx 4-1:0.132: No AC97 audio processor
[  586.606749][ T6271] usb 4-1: Decoder not found
[  586.611393][ T6271] em28xx 4-1:0.132: failed to create media graph
[  586.633325][ T6271] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  587.189916][ T6271] em28xx 4-1:0.132: Remote control support is not available for this card.
[  587.214632][ T5891] em28xx 4-1:0.132: Closing input extension
[  587.262659][ T6276] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  587.341128][ T5891] em28xx 4-1:0.132: Freeing device
[  587.422994][ T6286] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  587.454235][ T6276] usb 5-1: config 0 has an invalid descriptor of length 154, skipping remainder of the config
[  587.471360][ T6276] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  587.597027][ T6286] usb 1-1: Using ep0 maxpacket: 32
[  587.616674][ T6286] usb 1-1: config 8 has an invalid interface number: 72 but max is 0
[  587.637050][ T6286] usb 1-1: config 8 has no interface number 0
[  587.658571][ T6286] usb 1-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  587.658974][ T6276] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 27955, setting to 64
[  587.702895][ T6286] usb 1-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  587.706601][ T6276] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  587.723772][ T6286] usb 1-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  587.768907][ T6286] usb 1-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  587.799180][ T6286] usb 1-1: config 8 interface 72 has no altsetting 0
[  587.804667][ T6276] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  587.817315][ T6286] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[  587.836810][ T6286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.837179][ T6276] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  587.852543][ T6286] usb 1-1: Product: syz
[  587.856951][ T6276] usb 5-1: Manufacturer: syz
[  587.872524][ T6286] usb 1-1: Manufacturer: syz
[  587.877162][ T6286] usb 1-1: SerialNumber: syz
[  587.915934][ T6276] usb 5-1: config 0 descriptor??
[  587.928385][T11025] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  587.936107][T11025] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  588.163987][ T6286] smsc75xx v1.0.0
[  588.183538][ T6286] smsc75xx 1-1:8.72 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  588.201979][ T6286] smsc75xx 1-1:8.72: probe with driver smsc75xx failed with error -71
[  588.260532][ T6286] usb 1-1: USB disconnect, device number 26
[  588.353905][ T6276] rc_core: IR keymap rc-hauppauge not found
[  588.371320][ T6276] Registered IR keymap rc-empty
[  588.409277][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  588.854324][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.341661][ T6276] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  589.388587][ T6276] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input31
[  589.453883][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.517478][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.542770][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.572915][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.614434][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.652892][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.693180][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.766464][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.767688][T11062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1428'.
[  589.835610][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  589.909847][ T6276] mceusb 5-1:0.0: Error: mce write urb status = -71
[  590.084606][ T6276] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  590.152225][ T6276] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  590.598416][T11070] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1431'.
[  590.648044][T11070] vlan2: entered promiscuous mode
[  590.658878][T11070] dummy0: entered promiscuous mode
[  591.118470][T11078] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  591.141117][ T5841] Bluetooth: hci4: unexpected event for opcode 0x2040
[  591.402626][    T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  591.576641][    T9] usb 1-1: Using ep0 maxpacket: 32
[  591.619985][    T9] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  591.641419][    T9] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  591.680433][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  592.222582][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  592.231623][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  592.261844][    T9] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  592.277193][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.301254][    T9] usb 1-1: config 0 descriptor??
[  592.306616][ T5889] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  592.472847][ T5889] usb 3-1: Using ep0 maxpacket: 32
[  592.617876][ T5889] usb 3-1: config 8 has an invalid interface number: 72 but max is 0
[  592.712857][ T5889] usb 3-1: config 8 has no interface number 0
[  592.719830][ T5889] usb 3-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  592.802459][ T5889] usb 3-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  592.832663][ T5889] usb 3-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  592.852537][ T5889] usb 3-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  592.872755][ T5889] usb 3-1: config 8 interface 72 has no altsetting 0
[  593.212989][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  593.367360][ T5889] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[  593.389013][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.402545][ T5889] usb 3-1: Product: syz
[  593.407499][ T5889] usb 3-1: Manufacturer: syz
[  593.412923][ T5889] usb 3-1: SerialNumber: syz
[  593.434843][T11087] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  593.448105][T11087] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  594.087080][ T5889] smsc75xx v1.0.0
[  594.097487][ T5889] smsc75xx 3-1:8.72 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  594.113724][ T5889] smsc75xx 3-1:8.72: probe with driver smsc75xx failed with error -71
[  594.362028][ T5889] usb 3-1: USB disconnect, device number 33
[  594.460308][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1440'.
[  594.863292][T11110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1441'.
[  595.266661][T10895] Bluetooth: hci0: command 0x0c1a tx timeout
[  596.444193][T11119] Invalid ELF header magic: != ELF
[  596.782940][ T6276] usb 1-1: USB disconnect, device number 27
[  596.818099][T11098] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  600.963091][ T6276] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  601.272685][ T6276] usb 1-1: Using ep0 maxpacket: 32
[  601.286955][ T6276] usb 1-1: config index 0 descriptor too short (expected 2553, got 27)
[  601.302929][ T6276] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  601.327752][ T6276] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  601.552022][ T6276] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  601.563748][T11149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1453'.
[  601.646357][ T6276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.016061][T11151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1454'.
[  603.282542][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  603.352600][ T5889] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  603.566164][    T9] usb 6-1: Using ep0 maxpacket: 32
[  603.602607][    T9] usb 6-1: config 8 has an invalid interface number: 72 but max is 0
[  603.626935][    T9] usb 6-1: config 8 has no interface number 0
[  603.645503][ T5889] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[  603.654945][    T9] usb 6-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  603.673438][T11172] syz.0.1450 (11172): drop_caches: 2
[  603.691697][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.703049][    T9] usb 6-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  603.722038][ T5889] usb 3-1: config 0 has no interface number 0
[  603.735782][    T9] usb 6-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  603.747636][ T5889] usb 3-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  603.768040][    T9] usb 6-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  603.786038][ T5889] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  603.810593][    T9] usb 6-1: config 8 interface 72 has no altsetting 0
[  603.821856][ T5889] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  603.945223][    T9] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[  603.972621][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.981127][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.991897][    T9] usb 6-1: Product: syz
[  603.997389][ T5889] usb 3-1: config 0 descriptor??
[  604.003941][    T9] usb 6-1: Manufacturer: syz
[  604.008708][    T9] usb 6-1: SerialNumber: syz
[  604.009146][T11163] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  604.027476][T11155] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  604.038682][T11155] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  604.047801][ T5889] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  604.241187][T11183] netlink: 'syz.4.1460': attribute type 32 has an invalid length.
[  604.304889][    T9] smsc75xx v1.0.0
[  604.314620][    T9] smsc75xx 6-1:8.72 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  604.334441][    T9] smsc75xx 6-1:8.72: probe with driver smsc75xx failed with error -71
[  604.358637][    T9] usb 6-1: USB disconnect, device number 4
[  604.939574][ T5891] usb 1-1: USB disconnect, device number 28
[  605.103954][   T53] usb 3-1: Failed to submit usb control message: -110
[  606.712529][   T53] usb 3-1: unable to send the bmi data to the device: -110
[  606.720459][   T53] usb 3-1: unable to get target info from device
[  606.731383][   T53] usb 3-1: could not get target info (-110)
[  606.737627][   T53] usb 3-1: could not probe fw (-110)
[  606.788179][ T5891] usb 3-1: USB disconnect, device number 34
[  610.282112][T11224] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1471'.
[  610.355581][T11224] pim6reg: entered allmulticast mode
[  610.669062][T11226] FAULT_INJECTION: forcing a failure.
[  610.669062][T11226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.682361][T11226] CPU: 0 UID: 0 PID: 11226 Comm: syz.0.1473 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  610.682388][T11226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  610.682398][T11226] Call Trace:
[  610.682405][T11226]  <TASK>
[  610.682412][T11226]  dump_stack_lvl+0x241/0x360
[  610.682439][T11226]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.682457][T11226]  ? __pfx__printk+0x10/0x10
[  610.682486][T11226]  should_fail_ex+0x424/0x570
[  610.682508][T11226]  _copy_from_user+0x2d/0xb0
[  610.682530][T11226]  kstrtouint_from_user+0xce/0x1a0
[  610.682551][T11226]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  610.682572][T11226]  ? __lock_acquire+0xad5/0xd80
[  610.682596][T11226]  proc_fail_nth_write+0xac/0x2d0
[  610.682617][T11226]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  610.682636][T11226]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  610.682660][T11226]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  610.682681][T11226]  vfs_write+0x2bc/0xd10
[  610.682706][T11226]  ? fdget_pos+0x247/0x310
[  610.682728][T11226]  ? __pfx_vfs_write+0x10/0x10
[  610.682751][T11226]  ? __fget_files+0x2a/0x420
[  610.682771][T11226]  ? __fget_files+0x39d/0x420
[  610.682788][T11226]  ? __fget_files+0x2a/0x420
[  610.682816][T11226]  ksys_write+0x19d/0x2d0
[  610.682840][T11226]  ? __pfx_ksys_write+0x10/0x10
[  610.682866][T11226]  ? do_syscall_64+0xb6/0x230
[  610.682888][T11226]  do_syscall_64+0xf3/0x230
[  610.682905][T11226]  ? clear_bhb_loop+0x45/0xa0
[  610.682925][T11226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.682940][T11226] RIP: 0033:0x7fd1d0b8bc1f
[  610.682954][T11226] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  610.682967][T11226] RSP: 002b:00007fd1d1aa0030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  610.682986][T11226] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1d0b8bc1f
[  610.682998][T11226] RDX: 0000000000000001 RSI: 00007fd1d1aa00a0 RDI: 0000000000000004
[  610.683008][T11226] RBP: 00007fd1d1aa0090 R08: 0000000000000000 R09: 0000000000000000
[  610.683018][T11226] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  610.683027][T11226] R13: 0000000000000000 R14: 00007fd1d0da5fa0 R15: 00007ffef4f679b8
[  610.683056][T11226]  </TASK>
[  611.443166][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  612.593496][ T5891] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  612.642890][    T9] usb 1-1: Using ep0 maxpacket: 32
[  612.779228][ T5891] usb 4-1: config 0 has an invalid interface number: 106 but max is 0
[  612.900227][ T5891] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.926285][ T6276] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  612.947651][ T5891] usb 4-1: config 0 has no interface number 0
[  613.160277][    T9] usb 1-1: config 8 has an invalid interface number: 72 but max is 0
[  613.161368][ T5891] usb 4-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  613.179380][    T9] usb 1-1: config 8 has no interface number 0
[  613.189598][ T5891] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  613.193052][    T9] usb 1-1: config 8 interface 72 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  613.223984][ T5891] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  613.253270][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.274791][    T9] usb 1-1: config 8 interface 72 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  613.291878][ T5891] usb 4-1: config 0 descriptor??
[  613.301239][    T9] usb 1-1: config 8 interface 72 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  613.312558][ T6276] usb 6-1: Using ep0 maxpacket: 32
[  613.312649][T11239] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  613.320032][ T6276] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  613.337735][    T9] usb 1-1: config 8 interface 72 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  613.344443][ T6276] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  613.359419][ T6276] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  613.373766][ T6276] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  613.422186][ T5891] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  613.432029][    T9] usb 1-1: config 8 interface 72 has no altsetting 0
[  613.432617][ T6276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.922216][    T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=b7.98
[  613.944198][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.966139][ T6276] usb 6-1: can't set config #1, error -71
[  614.006762][    T9] usb 1-1: Product: syz
[  614.013310][ T6276] usb 6-1: USB disconnect, device number 5
[  614.030227][    T9] usb 1-1: Manufacturer: syz
[  614.041394][    T9] usb 1-1: SerialNumber: syz
[  614.066343][    T9] usb 1-1: can't set config #8, error -71
[  614.099830][    T9] usb 1-1: USB disconnect, device number 29
[  614.463809][   T36] usb 4-1: Failed to submit usb control message: -110
[  614.471367][   T36] usb 4-1: unable to send the bmi data to the device: -110
[  614.718546][ T6286] usb 4-1: USB disconnect, device number 32
[  614.754612][   T36] usb 4-1: unable to get target info from device
[  614.789085][   T36] usb 4-1: could not get target info (-110)
[  614.966017][   T36] usb 4-1: could not probe fw (-110)
[  615.066080][T11273] netlink: 'syz.5.1482': attribute type 11 has an invalid length.
[  616.656732][T11278] lo speed is unknown, defaulting to 1000
[  616.747355][T11291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1489'.
[  618.945940][T11300] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1492'.
[  619.392805][ T6286] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  619.552502][ T6286] usb 3-1: Using ep0 maxpacket: 16
[  619.566356][ T6286] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  619.598908][ T6286] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  619.608520][ T6286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.616673][ T6286] usb 3-1: Product: syz
[  619.628216][ T6286] usb 3-1: Manufacturer: syz
[  619.642860][ T6286] usb 3-1: SerialNumber: syz
[  619.669757][ T6286] usb 3-1: config 0 descriptor??
[  621.058945][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1499'.
[  622.363756][ T6276] usb 3-1: USB disconnect, device number 35
[  622.542027][T11340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'.
[  623.118657][   T30] audit: type=1400 audit(1743748550.119:454): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=11342 comm="syz.0.1503" daddr=fc00::1 dest=20004
[  624.483165][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  624.489549][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  626.356798][   T30] audit: type=1400 audit(1743748553.349:455): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=11378 comm="syz.3.1512" daddr=fc00:: dest=20004
[  626.554773][T11388] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1515'.
[  626.723355][ T5891] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  626.903076][ T5891] usb 3-1: Using ep0 maxpacket: 16
[  626.967015][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  627.052985][ T5891] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  627.160472][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.202344][ T5891] usb 3-1: Product: syz
[  627.332204][ T5891] usb 3-1: Manufacturer: syz
[  627.463455][ T5891] usb 3-1: SerialNumber: syz
[  627.605948][ T5891] usb 3-1: config 0 descriptor??
[  629.174695][T11414] FAULT_INJECTION: forcing a failure.
[  629.174695][T11414] name failslab, interval 1, probability 0, space 0, times 0
[  629.188067][T11414] CPU: 1 UID: 0 PID: 11414 Comm: syz.3.1525 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  629.188090][T11414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  629.188100][T11414] Call Trace:
[  629.188107][T11414]  <TASK>
[  629.188118][T11414]  dump_stack_lvl+0x241/0x360
[  629.188146][T11414]  ? __pfx_dump_stack_lvl+0x10/0x10
[  629.188166][T11414]  ? __pfx__printk+0x10/0x10
[  629.188190][T11414]  ? __pfx___might_resched+0x10/0x10
[  629.188213][T11414]  should_fail_ex+0x424/0x570
[  629.188234][T11414]  should_failslab+0xac/0x100
[  629.188251][T11414]  __kmalloc_noprof+0xdf/0x4d0
[  629.188266][T11414]  ? tomoyo_encode+0x26f/0x540
[  629.188284][T11414]  tomoyo_encode+0x26f/0x540
[  629.188304][T11414]  tomoyo_realpath_from_path+0x59e/0x5e0
[  629.188332][T11414]  tomoyo_path_perm+0x2be/0x640
[  629.188356][T11414]  ? tomoyo_path_perm+0x28c/0x640
[  629.188375][T11414]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  629.188427][T11414]  ? current_check_access_path+0x203/0x4d0
[  629.188453][T11414]  ? __pfx_current_check_access_path+0x10/0x10
[  629.188474][T11414]  ? lookup_one_qstr_excl+0x1de/0x3a0
[  629.188497][T11414]  tomoyo_path_symlink+0xe0/0x120
[  629.188518][T11414]  ? __pfx_tomoyo_path_symlink+0x10/0x10
[  629.188536][T11414]  ? __pfx_filename_create+0x10/0x10
[  629.188566][T11414]  security_path_symlink+0x16f/0x370
[  629.188589][T11414]  do_symlinkat+0x13c/0x3d0
[  629.188614][T11414]  ? __pfx_do_symlinkat+0x10/0x10
[  629.188626][T11414]  ? strncpy_from_user+0x143/0x280
[  629.188654][T11414]  ? getname_flags+0x1e2/0x530
[  629.188675][T11414]  __x64_sys_symlink+0x7a/0x90
[  629.188692][T11414]  do_syscall_64+0xf3/0x230
[  629.188710][T11414]  ? clear_bhb_loop+0x45/0xa0
[  629.188730][T11414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.188754][T11414] RIP: 0033:0x7f6dff98d169
[  629.188769][T11414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  629.188783][T11414] RSP: 002b:00007f6e00784038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  629.188801][T11414] RAX: ffffffffffffffda RBX: 00007f6dffba6080 RCX: 00007f6dff98d169
[  629.188813][T11414] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000200000000080
[  629.188824][T11414] RBP: 00007f6e00784090 R08: 0000000000000000 R09: 0000000000000000
[  629.188834][T11414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  629.188844][T11414] R13: 0000000000000000 R14: 00007f6dffba6080 R15: 00007ffdc6a96818
[  629.188874][T11414]  </TASK>
[  629.189091][T11414] ERROR: Out of memory at tomoyo_realpath_from_path.
[  631.041201][ T5891] usb 3-1: USB disconnect, device number 36
[  631.560364][T11443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  631.573214][T11443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  631.814802][T11447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1530'.
[  632.961766][T11458] netlink: 'syz.4.1536': attribute type 1 has an invalid length.
[  632.976694][T11458] FAULT_INJECTION: forcing a failure.
[  632.976694][T11458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  632.991959][T11458] CPU: 1 UID: 0 PID: 11458 Comm: syz.4.1536 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  632.991983][T11458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  632.991994][T11458] Call Trace:
[  632.992001][T11458]  <TASK>
[  632.992008][T11458]  dump_stack_lvl+0x241/0x360
[  632.992040][T11458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.992060][T11458]  ? __pfx__printk+0x10/0x10
[  632.992094][T11458]  should_fail_ex+0x424/0x570
[  632.992116][T11458]  _copy_from_user+0x2d/0xb0
[  632.992138][T11458]  kstrtouint_from_user+0xce/0x1a0
[  632.992158][T11458]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  632.992180][T11458]  ? __lock_acquire+0xad5/0xd80
[  632.992207][T11458]  proc_fail_nth_write+0xac/0x2d0
[  632.992227][T11458]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  632.992248][T11458]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  632.992274][T11458]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  632.992312][T11458]  vfs_write+0x2bc/0xd10
[  632.992346][T11458]  ? __pfx_vfs_write+0x10/0x10
[  632.992365][T11458]  ? rcu_is_watching+0x15/0xb0
[  632.992381][T11458]  ? trace_irq_disable+0x3b/0x120
[  632.992401][T11458]  ? preempt_schedule_irq+0x145/0x1c0
[  632.992416][T11458]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  632.992442][T11458]  ksys_write+0x19d/0x2d0
[  632.992464][T11458]  ? __pfx_ksys_write+0x10/0x10
[  632.992484][T11458]  ? trace_irq_enable+0x2c/0x120
[  632.992508][T11458]  do_syscall_64+0xf3/0x230
[  632.992525][T11458]  ? clear_bhb_loop+0x45/0xa0
[  632.992543][T11458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.992558][T11458] RIP: 0033:0x7fd5f058bc1f
[  632.992572][T11458] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  632.992585][T11458] RSP: 002b:00007fd5f1499030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  632.992601][T11458] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5f058bc1f
[  632.992611][T11458] RDX: 0000000000000001 RSI: 00007fd5f14990a0 RDI: 0000000000000004
[  632.992619][T11458] RBP: 00007fd5f1499090 R08: 0000000000000000 R09: 0000000000000000
[  632.992626][T11458] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  632.992636][T11458] R13: 0000000000000000 R14: 00007fd5f07a5fa0 R15: 00007ffdda672db8
[  632.992668][T11458]  </TASK>
[  633.586779][   T30] audit: type=1400 audit(1743748560.569:456): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=11461 comm="syz.5.1537" dest=20000
[  635.463410][    T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  636.072469][    T9] usb 4-1: Using ep0 maxpacket: 16
[  636.088185][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  636.131403][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  636.161717][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.209022][    T9] usb 4-1: Product: syz
[  636.232562][    T9] usb 4-1: Manufacturer: syz
[  636.257817][    T9] usb 4-1: SerialNumber: syz
[  636.283525][    T9] usb 4-1: config 0 descriptor??
[  637.655272][ T5891] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  637.664874][ T6276] usb 5-1: USB disconnect, device number 31
[  637.832765][ T5891] usb 3-1: Using ep0 maxpacket: 32
[  637.843520][ T5891] usb 3-1: config index 0 descriptor too short (expected 2553, got 27)
[  637.877032][ T5891] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  637.911868][ T5891] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  637.940381][ T5891] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  637.962122][T11504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1549'.
[  637.967031][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.988513][T11504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1549'.
[  638.087782][ T3020] bond0: (slave netdevsim0): Releasing backup interface
[  638.173995][T11508] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1544'.
[  638.683337][ T5891] usb 4-1: USB disconnect, device number 33
[  639.323833][T11513] syz.2.1546 (11513): drop_caches: 2
[  639.928277][ T3020] bridge_slave_1: left allmulticast mode
[  639.970085][ T3020] bridge_slave_1: left promiscuous mode
[  639.994902][ T3020] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.057247][ T3020] bridge_slave_0: left allmulticast mode
[  640.078520][ T3020] bridge_slave_0: left promiscuous mode
[  640.118202][ T3020] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.246331][T11525] loop6: detected capacity change from 0 to 64
[  640.309090][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.318491][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.333114][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.342272][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.661267][ T5889] usb 3-1: USB disconnect, device number 37
[  640.680381][ T5891] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  640.689022][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.698234][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.793904][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.803114][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.814967][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.824155][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.858624][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.867923][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.878268][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.887438][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.896602][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.905752][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.913757][T11525] ldm_validate_partition_table(): Disk read failed.
[  640.932790][ T5891] usb 6-1: Using ep0 maxpacket: 32
[  640.946588][ T5891] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  640.958193][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  640.967366][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  640.977951][ T5891] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  640.988293][ T5891] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  640.997464][ T5891] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  641.006636][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.016195][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  641.025402][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  641.041906][T11525] Dev loop6: unable to read RDB block 0
[  641.275131][T11525]  loop6: unable to read partition table
[  641.565718][T11525] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  641.687154][ T5201] ldm_validate_partition_table(): Disk read failed.
[  641.735068][ T5201] Dev loop6: unable to read RDB block 0
[  641.922907][ T5201]  loop6: unable to read partition table
[  642.692122][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  642.732883][T11548] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1557'.
[  642.755050][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  642.770307][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  642.778424][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  642.791118][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  643.127565][T11557] syz.5.1552 (11557): drop_caches: 2
[  644.532040][T11566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1561'.
[  644.866845][ T5841] Bluetooth: hci2: command tx timeout
[  644.876308][ T6271] usb 6-1: USB disconnect, device number 6
[  645.112778][ T5891] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  645.201599][T11573] openvswitch: netlink: EtherType 0 is less than min 600
[  645.442917][ T5891] usb 4-1: Using ep0 maxpacket: 32
[  645.478660][ T5891] usb 4-1: config index 0 descriptor too short (expected 2553, got 27)
[  645.519385][ T5891] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  645.538069][ T5891] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  645.550750][ T5891] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  645.565792][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.673176][ T3020] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  645.687598][ T3020] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  645.698307][ T3020] bond0 (unregistering): Released all slaves
[  645.829901][T11547] lo speed is unknown, defaulting to 1000
[  646.173560][T11582] syz.3.1562 (11582): drop_caches: 2
[  646.943179][ T5841] Bluetooth: hci2: command tx timeout
[  647.242984][ T5891] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  647.325583][T11599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1567'.
[  647.423347][ T5891] usb 6-1: Using ep0 maxpacket: 32
[  647.445309][ T5891] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  647.483047][ T5891] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  647.525872][ T5891] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  647.539676][ T5891] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  647.553177][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.771928][ T6286] usb 4-1: USB disconnect, device number 34
[  647.823024][ T3020] hsr_slave_0: left promiscuous mode
[  647.848024][ T3020] hsr_slave_1: left promiscuous mode
[  647.880117][ T3020] batman_adv: batadv0: Removing interface: batadv_slave_0
[  647.949030][ T3020] batman_adv: batadv0: Removing interface: batadv_slave_1
[  648.016198][ T3020] veth0_macvtap: left allmulticast mode
[  648.316401][T11615] netlink: 'syz.0.1570': attribute type 11 has an invalid length.
[  649.152623][ T5841] Bluetooth: hci2: command tx timeout
[  649.273303][ T5891] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  649.459310][T11621] syz.5.1566 (11621): drop_caches: 2
[  650.012532][ T5891] usb 3-1: Using ep0 maxpacket: 8
[  650.076742][ T5891] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  650.087091][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.108821][ T5891] usb 3-1: Product: syz
[  650.118019][ T5891] usb 3-1: Manufacturer: syz
[  650.123349][ T5891] usb 3-1: SerialNumber: syz
[  650.147991][ T5891] usb 3-1: config 0 descriptor??
[  650.467685][ T5891] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  651.182805][ T5841] Bluetooth: hci2: command tx timeout
[  651.511091][ T3020] team0 (unregistering): Port device team_slave_1 removed
[  651.851902][ T3020] team0 (unregistering): Port device team_slave_0 removed
[  652.109289][ T5891] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  652.134841][ T5891] usb 3-1: USB disconnect, device number 38
[  652.662697][ T6286] usb 6-1: USB disconnect, device number 7
[  652.803673][T11547] chnl_net:caif_netlink_parms(): no params data found
[  653.837560][T11648] netlink: 'syz.5.1574': attribute type 11 has an invalid length.
[  653.912975][T11648] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1574'.
[  654.574021][T11547] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.591658][T11547] bridge0: port 1(bridge_slave_0) entered disabled state
[  654.611994][T11547] bridge_slave_0: entered allmulticast mode
[  654.676161][T11547] bridge_slave_0: entered promiscuous mode
[  654.693746][T11547] bridge0: port 2(bridge_slave_1) entered blocking state
[  654.723536][T11547] bridge0: port 2(bridge_slave_1) entered disabled state
[  654.730821][T11547] bridge_slave_1: entered allmulticast mode
[  654.885696][T11547] bridge_slave_1: entered promiscuous mode
[  654.932704][ T5891] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  655.572667][ T5891] usb 6-1: Using ep0 maxpacket: 32
[  655.579934][ T5891] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  655.629382][ T5891] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  655.752486][ T5891] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  655.771745][ T5891] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  655.801000][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.754080][T11547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  656.850709][T11701] syz.5.1579 (11701): drop_caches: 2
[  657.346568][T11547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.437473][   T30] audit: type=1400 audit(1743748584.429:457): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="^" requested=w pid=11704 comm="syz.3.1585"
[  658.091030][T11547] team0: Port device team_slave_0 added
[  658.114819][T11547] team0: Port device team_slave_1 added
[  658.675203][ T6286] usb 6-1: USB disconnect, device number 8
[  658.864601][T11547] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.896279][T11547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.940891][T11547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  660.097786][T11547] batman_adv: batadv0: Adding interface: batadv_slave_1
[  660.178192][T11547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.275440][T11547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  660.732917][ T6276] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  661.045861][T11547] hsr_slave_0: entered promiscuous mode
[  661.060095][ T6276] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[  661.184527][ T6276] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  661.279808][T11547] hsr_slave_1: entered promiscuous mode
[  661.405405][ T6276] usb 4-1: SerialNumber: syz
[  661.442709][T11547] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  661.626112][T11547] Cannot create hsr debugfs directory
[  661.847874][T11750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.858669][T11750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.919167][ T6276] gspca_main: spca501-2.14.0 probing 0000:0000
[  661.972680][ T6276] gspca_spca501: reg write: error -71
[  662.127511][ T6276] spca501 4-1:14.0: Reg write failed for 0x02,0x0f,0x05
[  662.202288][T11747] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1595'.
[  662.515716][ T6276] spca501 4-1:14.0: probe with driver spca501 failed with error -22
[  662.579417][ T6276] usb 4-1: USB disconnect, device number 35
[  663.159680][T11766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1597'.
[  663.710684][T11547] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  663.894323][T11547] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  663.946197][T11547] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  663.993867][T11547] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  664.072700][ T6276] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  664.273431][ T6276] usb 1-1: Using ep0 maxpacket: 32
[  664.300833][ T6276] usb 1-1: config index 0 descriptor too short (expected 2553, got 27)
[  664.385593][T11785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1602'.
[  664.499079][ T6276] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  664.571967][ T6276] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  664.932529][ T6276] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  664.962056][ T6276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.061168][T11547] 8021q: adding VLAN 0 to HW filter on device bond0
[  665.427487][T11547] 8021q: adding VLAN 0 to HW filter on device team0
[  665.582110][ T4237] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.589362][ T4237] bridge0: port 1(bridge_slave_0) entered forwarding state
[  665.718550][ T4237] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.725750][ T4237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  665.910326][T11799] syz.0.1599 (11799): drop_caches: 2
[  667.326433][T11824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1607'.
[  667.505962][ T6276] usb 1-1: USB disconnect, device number 30
[  667.815603][T11825] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1606'.
[  668.446652][T11547] 8021q: adding VLAN 0 to HW filter on device batadv0
[  668.488707][T11834] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'.
[  672.589319][T11876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1616'.
[  672.948925][T11547] veth0_vlan: entered promiscuous mode
[  672.972322][T11547] veth1_vlan: entered promiscuous mode
[  673.665453][T11547] veth0_macvtap: entered promiscuous mode
[  673.682631][T11547] veth1_macvtap: entered promiscuous mode
[  673.701753][T11547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  673.722602][T11547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.732796][ T9303] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  673.800492][T11547] batman_adv: batadv0: Interface activated: batadv_slave_0
[  673.842219][T11547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.873079][T11547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.912438][ T9303] usb 1-1: Using ep0 maxpacket: 32
[  673.924441][ T9303] usb 1-1: config index 0 descriptor too short (expected 2553, got 27)
[  673.935608][T11547] batman_adv: batadv0: Interface activated: batadv_slave_1
[  673.944846][ T9303] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  674.232181][ T9303] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  674.245475][T11547] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  674.245545][T11547] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  674.245569][T11547] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  674.245593][T11547] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  674.327694][ T9303] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  674.327726][ T9303] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.067602][ T9369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.101472][ T9369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.120721][ T4237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.151098][ T4237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.374249][T11892] syz.0.1618 (11892): drop_caches: 2
[  675.884683][ T6276] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  675.922762][ T5889] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  676.052826][ T6276] usb 6-1: Using ep0 maxpacket: 32
[  676.084334][ T6276] usb 6-1: config index 0 descriptor too short (expected 2553, got 27)
[  676.087240][ T5889] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  676.115284][ T6276] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  676.137164][ T5889] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  676.147614][ T6276] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 4
[  676.147661][ T6276] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  676.147682][ T6276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.224544][T11944] FAULT_INJECTION: forcing a failure.
[  676.224544][T11944] name failslab, interval 1, probability 0, space 0, times 0
[  676.238071][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  676.252710][T11944] CPU: 0 UID: 0 PID: 11944 Comm: syz.3.1626 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  676.252737][T11944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  676.252748][T11944] Call Trace:
[  676.252755][T11944]  <TASK>
[  676.252762][T11944]  dump_stack_lvl+0x241/0x360
[  676.252792][T11944]  ? __pfx_dump_stack_lvl+0x10/0x10
[  676.252812][T11944]  ? __pfx__printk+0x10/0x10
[  676.252837][T11944]  ? __pfx___might_resched+0x10/0x10
[  676.252860][T11944]  should_fail_ex+0x424/0x570
[  676.252883][T11944]  should_failslab+0xac/0x100
[  676.252901][T11944]  kmem_cache_alloc_noprof+0x78/0x390
[  676.252916][T11944]  ? dqget+0x3a6/0xeb0
[  676.252939][T11944]  dqget+0x3a6/0xeb0
[  676.252966][T11944]  dquot_transfer+0x2d2/0x6f0
[  676.252992][T11944]  ? __pfx_dquot_transfer+0x10/0x10
[  676.253014][T11944]  ? setattr_prepare+0x1f5/0xb20
[  676.253046][T11944]  shmem_setattr+0x79a/0xef0
[  676.253073][T11944]  ? __pfx_shmem_setattr+0x10/0x10
[  676.253096][T11944]  notify_change+0xbca/0xe90
[  676.253126][T11944]  chown_common+0x503/0x850
[  676.253156][T11944]  ? __pfx_chown_common+0x10/0x10
[  676.253173][T11944]  ? rcu_read_lock_any_held+0xbb/0x160
[  676.253208][T11944]  ? sb_start_write+0x110/0x1c0
[  676.253234][T11944]  ksys_fchown+0xe2/0x150
[  676.253253][T11944]  __x64_sys_fchown+0x7a/0x90
[  676.253271][T11944]  do_syscall_64+0xf3/0x230
[  676.253290][T11944]  ? clear_bhb_loop+0x45/0xa0
[  676.253309][T11944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.253325][T11944] RIP: 0033:0x7f6dff98d169
[  676.253340][T11944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.253353][T11944] RSP: 002b:00007f6e007a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000005d
[  676.253372][T11944] RAX: ffffffffffffffda RBX: 00007f6dffba5fa0 RCX: 00007f6dff98d169
[  676.253384][T11944] RDX: 0000000000000000 RSI: 000000000000ee01 RDI: 0000000000000003
[  676.253395][T11944] RBP: 00007f6e007a5090 R08: 0000000000000000 R09: 0000000000000000
[  676.253404][T11944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.253414][T11944] R13: 0000000000000000 R14: 00007f6dffba5fa0 R15: 00007ffdc6a96818
[  676.253443][T11944]  </TASK>
[  676.257772][ T5889] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  676.561907][ T9303] usb 1-1: USB disconnect, device number 31
[  676.581262][ T5889] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  676.595745][ T5889] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  676.843437][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  676.851482][ T5889] usb 3-1: Product: syz
[  677.160872][ T5889] usb 3-1: Manufacturer: syz
[  677.636281][T11960] syz.5.1624 (11960): drop_caches: 2
[  678.205969][ T5889] cdc_wdm 3-1:1.0: skipping garbage
[  678.284965][T11961] syz.0.1628 (11961) used greatest stack depth: 19128 bytes left
[  678.356900][ T5889] cdc_wdm 3-1:1.0: skipping garbage
[  678.386768][ T5889] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  678.411820][ T5889] cdc_wdm 3-1:1.0: Unknown control protocol
[  678.526246][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1631'.
[  678.722449][ T6276] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  678.742629][ T5889] usb 6-1: USB disconnect, device number 9
[  678.894521][ T6276] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  678.957789][ T6276] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  678.990413][T11916] =======================================================
[  678.990413][T11916] WARNING: The mand mount option has been deprecated and
[  678.990413][T11916]          and is ignored by this kernel. Remove the mand
[  678.990413][T11916]          option from the mount to silence this warning.
[  678.990413][T11916] =======================================================
[  679.010122][ T6276] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  679.076402][T11916] Smack: duplicate mount options
[  679.081601][ T6276] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.098360][ T9303] usb 3-1: USB disconnect, device number 39
[  679.106433][ T6276] usb 4-1: config 0 descriptor??
[  679.130302][ T6276] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  679.749816][ T9303] usb 4-1: USB disconnect, device number 36
[  680.830111][T12004] FAULT_INJECTION: forcing a failure.
[  680.830111][T12004] name failslab, interval 1, probability 0, space 0, times 0
[  680.843378][T12004] CPU: 1 UID: 0 PID: 12004 Comm: syz.3.1637 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  680.843401][T12004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  680.843412][T12004] Call Trace:
[  680.843419][T12004]  <TASK>
[  680.843426][T12004]  dump_stack_lvl+0x241/0x360
[  680.843453][T12004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.843473][T12004]  ? __pfx__printk+0x10/0x10
[  680.843498][T12004]  ? __pfx___might_resched+0x10/0x10
[  680.843522][T12004]  should_fail_ex+0x424/0x570
[  680.843545][T12004]  should_failslab+0xac/0x100
[  680.843564][T12004]  __kmalloc_node_track_caller_noprof+0xe2/0x4d0
[  680.843583][T12004]  ? smk_parse_smack+0x187/0x1d0
[  680.843606][T12004]  kstrndup+0x78/0x150
[  680.843631][T12004]  smk_parse_smack+0x187/0x1d0
[  680.843652][T12004]  smk_import_entry+0x1e/0x1d0
[  680.843671][T12004]  smk_fill_rule+0x4d/0x630
[  680.843694][T12004]  smk_parse_long_rule+0x619/0x7f0
[  680.843720][T12004]  ? __pfx_smk_parse_long_rule+0x10/0x10
[  680.843746][T12004]  ? _copy_from_user+0x95/0xb0
[  680.843771][T12004]  smk_write_rules_list+0x302/0x460
[  680.843797][T12004]  ? __pfx_smk_write_rules_list+0x10/0x10
[  680.843814][T12004]  ? smack_privileged_cred+0xb9/0x380
[  680.843835][T12004]  ? smack_privileged_cred+0xb9/0x380
[  680.843856][T12004]  ? __pfx_smk_write_change_rule+0x10/0x10
[  680.843881][T12004]  vfs_write+0x2bc/0xd10
[  680.843907][T12004]  ? fdget_pos+0x247/0x310
[  680.843936][T12004]  ? __pfx_vfs_write+0x10/0x10
[  680.843960][T12004]  ? __fget_files+0x2a/0x420
[  680.843980][T12004]  ? __fget_files+0x39d/0x420
[  680.843996][T12004]  ? __fget_files+0x2a/0x420
[  680.844023][T12004]  ksys_write+0x19d/0x2d0
[  680.844047][T12004]  ? __pfx_ksys_write+0x10/0x10
[  680.844073][T12004]  ? do_syscall_64+0xb6/0x230
[  680.844095][T12004]  do_syscall_64+0xf3/0x230
[  680.844112][T12004]  ? clear_bhb_loop+0x45/0xa0
[  680.844133][T12004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.844148][T12004] RIP: 0033:0x7f6dff98d169
[  680.844163][T12004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.844177][T12004] RSP: 002b:00007f6e007a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  680.844193][T12004] RAX: ffffffffffffffda RBX: 00007f6dffba5fa0 RCX: 00007f6dff98d169
[  680.844205][T12004] RDX: 0000000000000015 RSI: 0000200000000340 RDI: 0000000000000003
[  680.844215][T12004] RBP: 00007f6e007a5090 R08: 0000000000000000 R09: 0000000000000000
[  680.844225][T12004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.844235][T12004] R13: 0000000000000000 R14: 00007f6dffba5fa0 R15: 00007ffdc6a96818
[  680.844264][T12004]  </TASK>
[  684.381768][T12058] FAULT_INJECTION: forcing a failure.
[  684.381768][T12058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.448069][T12058] CPU: 0 UID: 0 PID: 12058 Comm: syz.0.1652 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  684.448097][T12058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  684.448106][T12058] Call Trace:
[  684.448114][T12058]  <TASK>
[  684.448121][T12058]  dump_stack_lvl+0x241/0x360
[  684.448150][T12058]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.448170][T12058]  ? __pfx__printk+0x10/0x10
[  684.448203][T12058]  should_fail_ex+0x424/0x570
[  684.448226][T12058]  _copy_from_user+0x2d/0xb0
[  684.448249][T12058]  kstrtouint_from_user+0xce/0x1a0
[  684.448271][T12058]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  684.448292][T12058]  ? __lock_acquire+0xad5/0xd80
[  684.448319][T12058]  proc_fail_nth_write+0xac/0x2d0
[  684.448340][T12058]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  684.448361][T12058]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  684.448387][T12058]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  684.448408][T12058]  vfs_write+0x2bc/0xd10
[  684.448436][T12058]  ? fdget_pos+0x247/0x310
[  684.448456][T12058]  ? __pfx_vfs_write+0x10/0x10
[  684.448479][T12058]  ? __fget_files+0x2a/0x420
[  684.448499][T12058]  ? __fget_files+0x39d/0x420
[  684.448514][T12058]  ? __fget_files+0x2a/0x420
[  684.448540][T12058]  ksys_write+0x19d/0x2d0
[  684.448563][T12058]  ? __pfx_ksys_write+0x10/0x10
[  684.448589][T12058]  ? do_syscall_64+0xb6/0x230
[  684.448609][T12058]  do_syscall_64+0xf3/0x230
[  684.448625][T12058]  ? clear_bhb_loop+0x45/0xa0
[  684.448645][T12058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.448660][T12058] RIP: 0033:0x7fd1d0b8bc1f
[  684.448675][T12058] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  684.448687][T12058] RSP: 002b:00007fd1d1aa0030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  684.448705][T12058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1d0b8bc1f
[  684.448715][T12058] RDX: 0000000000000001 RSI: 00007fd1d1aa00a0 RDI: 0000000000000004
[  684.448725][T12058] RBP: 00007fd1d1aa0090 R08: 0000000000000000 R09: 0000000000000000
[  684.448735][T12058] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  684.448744][T12058] R13: 0000000000000000 R14: 00007fd1d0da5fa0 R15: 00007ffef4f679b8
[  684.448771][T12058]  </TASK>
[  685.183910][T12069] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1654'.
[  685.836847][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  685.843290][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  688.628153][ T5891] libceph: connect (1)[a::]:6789 error -101
[  688.640149][ T5891] libceph: mon0 (1)[a::]:6789 connect error
[  688.945060][ T5891] libceph: connect (1)[a::]:6789 error -101
[  689.097409][ T5891] libceph: mon0 (1)[a::]:6789 connect error
[  689.265605][T12141] Invalid ELF header magic: != ELF
[  690.092207][T12148] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  690.130041][ T5891] libceph: connect (1)[a::]:6789 error -101
[  690.140694][ T5891] libceph: mon0 (1)[a::]:6789 connect error
[  690.502998][T12128] ceph: No mds server is up or the cluster is laggy
[  692.350065][T12165] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  692.513194][ T5891] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  692.661889][ T5891] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  694.590900][T12185] netlink: 'syz.0.1682': attribute type 11 has an invalid length.
[  697.385435][T12219] new mount options do not match the existing superblock, will be ignored
[  697.982647][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  698.702666][T10895] Bluetooth: hci2: command 0x0405 tx timeout
[  699.542909][ T5891] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  700.358300][ T5891] usb 1-1: device descriptor read/64, error -71
[  701.302669][ T5891] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  701.368593][T12255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1696'.
[  701.483364][ T5891] usb 1-1: device descriptor read/64, error -71
[  702.470782][ T5891] usb usb1-port1: attempt power cycle
[  702.882714][ T5891] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  702.944833][ T5891] usb 1-1: device descriptor read/8, error -71
[  703.204614][T10895]  non-paged memory
[  703.209026][T10895] list_del corruption, ffff88802536af00->next is LIST_POISON1 (dead000000000100)
[  703.221947][T10895] ------------[ cut here ]------------
[  703.227527][T10895] kernel BUG at lib/list_debug.c:58!
[  703.238650][T10895] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  703.244929][T10895] CPU: 1 UID: 0 PID: 10895 Comm: kworker/u9:0 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  703.256825][T10895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  703.266883][T10895] Workqueue: hci2 hci_conn_timeout
[  703.271989][T10895] RIP: 0010:__list_del_entry_valid_or_report+0x10f/0x190
[  703.279008][T10895] Code: 00 e1 a0 8c 4c 89 fe e8 af 1a 23 fc 90 0f 0b 48 89 df e8 e4 0d 04 fd 48 c7 c7 60 e1 a0 8c 4c 89 fe 48 89 da e8 92 1a 23 fc 90 <0f> 0b 48 89 df e8 c7 0d 04 fd 48 c7 c7 c0 e1 a0 8c 4c 89 fe 48 89
[  703.299064][T10895] RSP: 0018:ffffc900031d7a28 EFLAGS: 00010246
[  703.305146][T10895] RAX: 000000000000004e RBX: dead000000000100 RCX: 582d780aacc6e200
[  703.313118][T10895] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  703.321075][T10895] RBP: ffff88802536af20 R08: ffffffff81a2942c R09: 1ffff9200063aee0
[  703.329033][T10895] R10: dffffc0000000000 R11: fffff5200063aee1 R12: dead000000000122
[  703.337014][T10895] R13: dffffc0000000000 R14: dead000000000100 R15: ffff88802536af00
[  703.344972][T10895] FS:  0000000000000000(0000) GS:ffff8881250cc000(0000) knlGS:0000000000000000
[  703.353885][T10895] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  703.360452][T10895] CR2: 0000200000032000 CR3: 0000000057964000 CR4: 00000000003526f0
[  703.368414][T10895] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  703.376367][T10895] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  703.384322][T10895] Call Trace:
[  703.387588][T10895]  <TASK>
[  703.390513][T10895]  hci_cmd_sync_dequeue_once+0x262/0x360
[  703.396136][T10895]  hci_cancel_connect_sync+0xc3/0x120
[  703.401513][T10895]  hci_abort_conn+0x194/0x330
[  703.406195][T10895]  ? process_scheduled_works+0x9cb/0x18e0
[  703.411897][T10895]  ? process_scheduled_works+0x9cb/0x18e0
[  703.417596][T10895]  process_scheduled_works+0xac3/0x18e0
[  703.423158][T10895]  ? __pfx_process_scheduled_works+0x10/0x10
[  703.429120][T10895]  ? assign_work+0x367/0x3d0
[  703.433689][T10895]  worker_thread+0x870/0xd50
[  703.438261][T10895]  ? __kthread_parkme+0x1a8/0x200
[  703.443269][T10895]  ? __pfx_worker_thread+0x10/0x10
[  703.448362][T10895]  kthread+0x7b7/0x940
[  703.452419][T10895]  ? __pfx_worker_thread+0x10/0x10
[  703.457516][T10895]  ? __pfx_kthread+0x10/0x10
[  703.462086][T10895]  ? __pfx_kthread+0x10/0x10
[  703.466666][T10895]  ? __pfx_kthread+0x10/0x10
[  703.471254][T10895]  ? __pfx_kthread+0x10/0x10
[  703.475843][T10895]  ? _raw_spin_unlock_irq+0x23/0x50
[  703.481035][T10895]  ? lockdep_hardirqs_on+0x9d/0x150
[  703.486231][T10895]  ? __pfx_kthread+0x10/0x10
[  703.490816][T10895]  ret_from_fork+0x4b/0x80
[  703.495252][T10895]  ? __pfx_kthread+0x10/0x10
[  703.499827][T10895]  ret_from_fork_asm+0x1a/0x30
[  703.504583][T10895]  </TASK>
[  703.507584][T10895] Modules linked in:
[  703.511886][T10895] ---[ end trace 0000000000000000 ]---
[  703.518287][T10895] RIP: 0010:__list_del_entry_valid_or_report+0x10f/0x190
[  703.525488][T10895] Code: 00 e1 a0 8c 4c 89 fe e8 af 1a 23 fc 90 0f 0b 48 89 df e8 e4 0d 04 fd 48 c7 c7 60 e1 a0 8c 4c 89 fe 48 89 da e8 92 1a 23 fc 90 <0f> 0b 48 89 df e8 c7 0d 04 fd 48 c7 c7 c0 e1 a0 8c 4c 89 fe 48 89
[  703.545190][T10895] RSP: 0018:ffffc900031d7a28 EFLAGS: 00010246
[  703.555409][T10895] RAX: 000000000000004e RBX: dead000000000100 RCX: 582d780aacc6e200
[  703.565631][T10895] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  703.575814][T10895] RBP: ffff88802536af20 R08: ffffffff81a2942c R09: 1ffff9200063aee0
[  703.586022][T10895] R10: dffffc0000000000 R11: fffff5200063aee1 R12: dead000000000122
[  703.598451][T10895] R13: dffffc0000000000 R14: dead000000000100 R15: ffff88802536af00
[  703.608622][T10895] FS:  0000000000000000(0000) GS:ffff8881250cc000(0000) knlGS:0000000000000000
[  703.618816][T10895] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  703.629434][T10895] CR2: 0000200000027000 CR3: 0000000057964000 CR4: 00000000003526f0
[  703.639652][T10895] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  703.647743][T10895] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  703.655841][T10895] Kernel panic - not syncing: Fatal exception
[  703.662329][T10895] Kernel Offset: disabled
[  703.666649][T10895] Rebooting in 86400 seconds..