last executing test programs:

2m28.35442483s ago: executing program 3 (id=458):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffc000/0x3000)=nil)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000080)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001ac1414aa000000000020000000000000002e49e7d1635f36d5980a89bd00e7ffffffffff0900000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f4000020000000000000800000000000000000100000044000500ac1414aa000000000000000000000000000000003c00000002000000ac1414aa00000000000000000000000006000000040300"/176], 0xfc}}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r1, 0xc0105500, &(0x7f00000000c0)={0x80, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000050000000100000007"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={<r8=>0xffffffffffffffff}, 0x111, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r7, &(0x7f0000000240)={0x4, 0x8, 0xfa00, {r8, 0x4}}, 0x10)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x40, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3}], 0x1c)
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001600)={0x30, r5, 0x1, 0x70bd2c, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x4)

2m26.920144579s ago: executing program 3 (id=462):
pipe(&(0x7f00000001c0))
syz_open_procfs(0x0, &(0x7f00000002c0)='fd/3\x00')
r0 = getpgid(0x0)
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
setresuid(0xee01, 0xee01, 0x0)
setns(r2, 0x20000000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0xffff, 0x7, 0x520f, 0x3, 0x17e8}, 0x14)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00', <r5=>0x0})
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ffd26f10cb060600eb9a0102030109022400010000000009040001020a16d1000905070000000000000905", @ANYRES32=<r7=>r5], 0x0)
pipe(&(0x7f00000003c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
write(r9, &(0x7f0000000140)="6d527cd53870164a3a0d4b64fb0d7bebad2dce076e7768215970e33adf15173c9e665cff10727f6273ef2aace367c13b8e834788d7da2d60077ebc24a796b221a2f39fd294dc01861206b499138d02ebf3cfc3b11f0e18858568476bac483df9c4d0a61da2d2f9b7c4cb601c0141f209fc9e06d9457920a9a749a23ccd52eb91db50189627774719cf91bd6e63a2b8a3b657c0e438ffc3e275b03ef0f384a0c1f20143b7b87f2e34729b000000805e0ad338423d4200f349c545516c46bb9f104a3816b12950faa20fab5827bc62a8d4cc12c4c8954308a933d63aa66cdb3646a37626de7361b5338c197dd3e6844dafcb4338dce0b79ee41da150eca12fbd36b4873ce8e4747b63e8830ee6c32f254d37792053e2b77cc86279ea843600"/297, 0x3accf8d5)
vmsplice(r9, &(0x7f0000001a40)=[{&(0x7f00000000c0)='7', 0x1}], 0x1, 0x0)
close(r8)
r10 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r10, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r10, 0x2)
r11 = socket$unix(0x1, 0x4, 0x0)
connect$unix(r11, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)="90", 0x1}], 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="000200"/12, @ANYRES32=r11, @ANYRES32=r11], 0x14, 0x8801}}], 0x1, 0x20004031)
syz_usb_control_io$printer(r6, 0x0, 0x0)
openat$mice(0xffffff9c, &(0x7f0000000000), 0x18b201)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x30}}, 0x4090)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4400046, r5})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c0009000800000049e78f1a38bfdb80f236", @ANYRESHEX=r11, @ANYBLOB="1400050000000000000000000000000000000002", @ANYRES8=r7, @ANYRESOCT=r5], 0x3c}, 0x1, 0x11, 0x0, 0x4}, 0x0)
r12 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r12, &(0x7f0000000140), 0x4924b68, 0x0)

2m26.22016508s ago: executing program 3 (id=468):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f000026d000/0x2000)=nil, 0x2000, 0x16)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=""/235, 0x0, 0x0, 0x9000})
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x402)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x11, r3, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000001c0), 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001300)={'nat\x00', 0x0, [0x10005, 0x88980000, 0x2, 0x4, 0xa]}, &(0x7f0000000140)=0x54)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000180)={0x6, 0x0, 0x1fd, 0x7d, 0xfffffffffffffffd, 0x7f, 0x104, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xae07, 0x9, 0x4, 0x15, 0x80000006, 0x8}, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)

2m25.019515138s ago: executing program 3 (id=473):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x9)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x602, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)="139776ff010070", 0x7}], 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x997, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x40}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x68000000}, 0x4024081)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$inet(r2, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000240)='K', 0x1}], 0x1}, 0x4000)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1f, &(0x7f0000000100), 0x120)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$sock(r6, &(0x7f0000001580)={0x0, 0x0, 0x0}, 0x20000000)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020f00090a00000000000000fdffffff0300060000000e0002000000e03140df370000000000000002000100000000000000000200000000030005000000000002004e2000"/78], 0x35}}, 0x0)

2m24.050545395s ago: executing program 3 (id=477):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000300)={0x2, &(0x7f0000000280)=[{0x0, 0xf8, 0x0, 0x2}, {0xe7, 0x3, 0x2, 0x4}]})
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
socket(0x10, 0x803, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
unshare(0x6a040000)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000600)={r1, r1, 0x2008, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000010000000900010073797a3000000000140000001100010000000000070000000000000a"], 0x48}, 0x1, 0x0, 0x0, 0xf3021be2a65b013}, 0x0)

2m20.548645371s ago: executing program 3 (id=483):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0xf000000)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) (fail_nth: 10)

2m5.507000514s ago: executing program 32 (id=483):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0xf000000)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) (fail_nth: 10)

8.230299396s ago: executing program 1 (id=968):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000037}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
syz_create_resource$binfmt(0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800009d7a1274ffffffffff000a0000931b5af046"], 0x18}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff1, 0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34}]}}]}, 0x68}}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)

5.448182314s ago: executing program 1 (id=979):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000040)={0x60, 0xffe4, &(0x7f0000003000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0xb, 0x0, 0x0, 0x3, 0x2, 0x0, 0x2f})

5.067358866s ago: executing program 1 (id=983):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

4.849922413s ago: executing program 2 (id=985):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001240)="cc5fd2518c506ebf347763559129e729164723d0e47c59f1b71a169d2bf45153816f628ff44cbe57e3b69377793663b2d7f0c39319dd2d25cf661253e80493fe43d4bd2521579cc80e15640e30cfedcde5be166f87dd93bc68ac7b179df08a08b19ec17b48e6ffa0026287ca02aec3d811c6262f219143baf964dd95c9ac5055ae4a8714ed7e524ab664ace9643ce2a56eb25288920ade7434d6be5cb5815dec81828de98e5f28bf5c536cff85314a25b345304ef6e35281f75d0e4fffb4effaf0ce6b4d689681dbd4fc160090761f1ee1", 0x7fbc}], 0x1}}], 0x1, 0x2090)

4.84934869s ago: executing program 2 (id=987):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x53)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f00000001c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @void}}}]})
openat$vimc0(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

4.747413826s ago: executing program 2 (id=988):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x1, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x1c)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000000000000000000000000000008500000018000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x609, 0xe, 0x0, &(0x7f0000000140)="dd800000000000005d8ec6f10000", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000280)=@ccm_128={{0x185}, "bf40f02b623302f6", "286f08fa003a04745285c5b443a2bc3c", '\x00', "7c57d9c1f52d5453"}, 0x28)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)=@mpls_newroute={0xf4, 0x18, 0x300, 0x70bd2c, 0x25dfdbfc, {0x1c, 0x0, 0x14, 0x6, 0xff, 0x2, 0x0, 0x3}, [@RTA_MULTIPATH={0xc, 0x9, {0x5, 0x3a, 0x4}}, @RTA_VIA={0x14, 0x12, {0x5, "ff40e0bcbd0821f2faf48765c2d0"}}, @RTA_NEWDST={0x84, 0x13, [{0x800}, {0x8ff, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x4ef}, {0xd}, {0x7795, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x100, 0x0, 0x1}, {}, {0x8001}, {0x100}, {0x8, 0x0, 0x1}, {}, {0xfff}, {0x4, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x2}, {0x4, 0x0, 0x1}, {0xffffc, 0x0, 0x1}, {0xff, 0x0, 0x1}, {0x3}, {0xd}, {0x8b}, {}, {0xffb4d}, {0x1ff, 0x0, 0x1}, {0x40, 0x0, 0x1}, {0x5}, {0x92a, 0x0, 0x1}, {0x2, 0x0, 0x1}]}, @RTA_MULTIPATH={0xc, 0x9, {0xb8e, 0x14, 0x91}}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0x5}, @RTA_MULTIPATH={0xc, 0x9, {0x9, 0x10, 0x9}}, @RTA_MULTIPATH={0xc, 0x9, {0x1b2f, 0x0, 0x4}}, @RTA_OIF={0x8}]}, 0xf4}, 0x1, 0x0, 0x0, 0x48040}, 0x40080)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000880)={0x1, 0x58, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f00000008c0)={@initdev, <r4=>0x0}, &(0x7f0000000900)=0x14)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000033c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000003380)={&(0x7f0000003240)={0x12c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x20}, 0x4824)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r5)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendto$rose(r7, &(0x7f0000000340)="bf0eb4f21718c52ee41a2f7b52728d97e3311dac0f42c6da285f94221439de28e848b24d9308fe1b7d3a3ee511867d75b52516d9bebcc627789e6048785643c7f67deba02f2d16", 0x47, 0x4020091, &(0x7f00000003c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000)
io_setup(0x6, &(0x7f0000000180))
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r8, 0x227b, &(0x7f00000001c0)=0x1)
r9 = fcntl$dupfd(r8, 0x0, r8)
read$FUSE(r9, &(0x7f0000001200)={0x2020}, 0x3f)

3.795946942s ago: executing program 2 (id=993):
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$XFS_IOC_AG_GEOMETRY(0xffffffffffffffff, 0xc080583d, &(0x7f0000000100)={0x2, 0xc8, 0x6, 0x8, 0xe, 0x7, 0x7, 0x8})
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000014c0)=ANY=[@ANYRES32=r1, @ANYRESDEC=r1, @ANYRESOCT=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESHEX=r1, @ANYBLOB="9bf8ffb5da9d8edbe350e61f1e7211e84b34cb3857a260ddb53ae517462426c4d92b3b4909ca4d61391798a98e400a5fba4f07241282", @ANYRESOCT=r1], &(0x7f0000000340)='GPL\x00', 0x6, 0xbb, &(0x7f00000003c0)=""/187, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r2, 0x5000)
write$binfmt_aout(r2, 0x0, 0xffffffdb)
r3 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x46c, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2a0, 0x2e8, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x4c8)
syz_usb_control_io$hid(r3, 0x0, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r5, &(0x7f00000003c0)='0', 0x1)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, 0x0)
syz_usb_disconnect(r3)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r6, 0x29, 0x3a, 0x0, &(0x7f0000001c40))
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f00000000c0))
recvmmsg(r0, &(0x7f0000007a00)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000015c0)=""/133, 0x85}], 0x1}, 0xb}], 0x2, 0x60, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

3.729783252s ago: executing program 4 (id=995):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000002cc0)={0x0, [{0x0, 0x4d88, 0x6, &(0x7f0000000640)="7a650e526bd0998268bb5847d9beacc47a22df873eab4b8b91133675482eaa56ace8db59bed9aa07d4e390c7c9f98c462b55612196911e3c4e510ede3efde35eec990f22a76cf752e507c1e2de2920a9fc0790cc176bd2b901e4127b09835ae6d0d196048bb19a64d26f20a05b95c69f371882ef2e20c5606ed1b2ebcf09a4a333f6e1c3c4fb64d8182df4ab09d0a381d966977fc041cea9bdf0aa31fe51efe9211b9b8e6e4551b6438f8efcc41265574ff6504435eb22a678a99768f0327ded8fdcb41f27c2024d2b923f7dc5df5bf62af447b121dd9f94d766d6cebdeb02f611ab10e57af4b3268fb3f9777373bd5fd6b82f730e67c4eab113d8e65d7405be3e5d92dc5e7e85d34bb8b7c894cbed629ecc25c288b3d4556a85a1e2150cac5b686a8de29ab7c35040b77875bfa0e451dc0869cfe105bd115e7cf48f44dfdf26be65f3b727fd88d6395d051e49c060998e84b19377fcb20fe2eb392335e5a9d84555ef037aab37169ce761aa8a8ec08ea87e3a3b896f3d1b2380bc8256e0f7ea7dc488382e6112b53a7bb269d6261f87e0e0e0cef9152f8a67f412148f34880c970101fbd7b0e8fc49d6a5c87e487b7b175b15be26b6b8e1ed8527614dcefcfd80f8392560c8b706418b7de8fbb7a666a7e7f322dc70373606bf39efa04616cb99d662dfc591061bde5ed27a66aa7edbfec1eb0b1e843c372b84c3ed514a0aadf523b8669e526765d429824aeaa0a6f4c185754d437d977a1f586431dc256ce5aa7c25be259de3a0ae6e5bcdf56b4c7e8199fe6b461e78467cfac19de6956056ef57e93d3a7df8f646f4a9002b100edb0a6caa72b3f6eb29dc54de58120d27daff9cd61c64107e1bcb3b3212e1e2aa24fb24dc2dafc636c82ad25da9d934e46c7783d8f915337612feb348857ce2262240dfe51ec94d9d61074959f167b9840b20f003883bf167149228d7f03eafde851427cd1966a96aeae05b51ae4cd82f4b4dad60a070c01a8b500e2683f7136e331602e76845262825d7f3764cf1a05ad95d88aab71d41484f63fa6a43c044c7f03130552321933bc40b888fd0cc55939ff79a5059516f3b80c7ba8188ffb6a259a34567ee52c1f9df0f6c91737d688e36d076a49d1045cac30d5ed52a10381c96d9f22e469cc531bb06853d18b8f8625d2a917e795ffa4407fa75713510a3f5370e1ecbf7a5ff68a90a1eda077531cf4d399d4908f138c936e1931c72240070c6a6255f5fd03966e9a06c1d481e8e3d128e880776e572177780a3481c49bd86c174e152bafed245d58ef3428c645b08e48833960d1b5223d7be0c67a2b2c7531390d1837a84ed004a00cb4b0cd6e78824da032b48c49ec006d14206dc3d0c67d7ca87e9ea0faddc3e0b0c917c64eefeebf79e3a16c958db63a08a5d4d7210273aba3e56a4cd4cccb044750ff97749505ff1332b2dd30990849ab1500e1947d0abfb0c59760f0a502806ee1bce56fbb42251dd6ac8b709c73a6b8c548c2b23cf351dc498810e477bd082464e76702703b56d3cd2f3d8a2e00f19d8ffa3c236d3601f169c9dfe9c316f8cbe63c3801a51ea5ac785694a0c653cd28d68c5a81c2590d2aeea8c8688b2e88f46c4f99890e51b42cce485fcb4d91557fb3912b36b0dbeac8df44e945eb9937141402fb2aa1476185e1f8c37f6c98bc937f36d9c7237135132a54a03067b002b9c657ab0daa253af66eee78b0309cb8532dd2dee800c8349b731da0efa66ead82eebe0102279df5aa281fe1d86c0dbf154910d5e8a113ecbddbd046367b9e2acfa7cc406f61b472bbec6919534615ed81b664da956ce6586bf4c92d63ef371dfec5f9ce748931d585cadc9372a95a1372c7213e2c52fca253945afeee02e9f2de2d9452c85fd2dbdc87cb6c25697dfcbed8a0eba381835e6c360f3861367ec98a9a9ccf956d6cbfb706fee0d391cf82a0d4662792274f52fc2b5d72a43ec74a86400e62d3652f607774cfad1504bc0476570d532b527bf0d7012804b2e6fdf9a9414f10b16c9374f2b065348d865b309e37750d3a7e12394e356c48c9fa0d4a9a43f689f6cbf70b09a3b9782cc3d5d93480f8a7a21a049780fc6bf21f1eca938a37afcbb2b929a0c502e164d2571e78d214b359d97e3edc0ad5c7fd1625b4ece33e1f569676e9a7262ead857873f77ef149d2f8c5a09ab19ae384a7f957f612a24283c35327aa969b20711309644c5b3e6c89da94e1f5da54246bd771468a1adc8a8d601e0b12769604f0f07ca43ce2a8a2f4b5654c0b76b146c49038e07db54dae702580b97096911f034fc1797029de8b7c213c902d1d754e77ff85e6222e745db9d5d2d45c5d29a8b6de0f27e5701fdf12b09fd6c70baa0f85a424c21ce0796dbe1fd366b94fcdf64ea232b3e88b89a38d728de77e84decc804f07a48f2716ca6f76b24923cea1a4da0d1f1dc73611269e784c4fd921f9b26c11f35b5cda45842a81b603ce2155d95c273fa0743a571b52e68c9ea3f28009fc37406b9e329ce50fedfb20dfb4cdf3a94769aee2586c2a17e68a07abfcd18aceddfd3876b14558e4d092eadb9120796c44e89610494085117bc41b5c4619a8c160b97811df49fc7d9bf222d7a002640644337ef5af53ed50661131f7c042665b276c0adf0c9a74f3542729beb7632a6027e65eddff7bb27915826701ec9b6a4c672f08877eefd859e0aa6e75a2e841e1ea98dff994e5a58be628df86bff17497a4d0f92ab39db421eb1062a2a393656bbb1d92becbb91a59619156b51585cd2eafd8a18d6326166312efeaa7258bddad63e0c7372ffb7ce1f1adf1ac2ffa0f278e4be6684d762f8971ed7bb04096b96f8126bf5fd32142e745d421f495327dde0f1e2d9a1d8ba63c1453101396a2e54e89cdabac2c6a01f23a5c1d5a2dfa2a3c634176e97c9c62b41ea28102b5a08af2fba1d311bb323df086ea97726c9d8c7b7b53a3399a80f040d434fdcc2148fb1da3b7d7f0f3e3fd56471a310ee275da611c79f86be8ed6343f6ed0ad91dfeffebc3ab6389d0566d6db904c1db499ae7d2698fdc7170320f85cc3d3d0d9d0d0c7d45db7b53c5eb79a2fed2a048d9d74419532122fac62f6315a9e13b461cb4e26514491debd366927987271be963ea5805a49b8b480c6a393fda1b11fd5634890cf02948cb5bfea237afb30d081c7403cd334a02e5bb8db542c4d5fa5ec5c8a0dd36b62156881c98e01948b4775a502c5d8453439fd930df52caac9d71c28b712000b306b913c10918ca0bc194f2533334462e5cd2b2e6c978a4838febfbc2d4375b8108bd0aa32aeaf05e7ba30c781cace6470ead574f5cbfa68aa8c8d835e9b3ab2bd7dd90b5e3e6cd62d8e04c3b45326e1f560a8dd8f3db4177e9e5ccd61f21dacb5c40c8030559cdfe88f7aa98bdcde90c1214cf293b3df093d0630bc3073cbaffa025b1f5537b49d799731745de7d36cded4a9db25915a511ba505b4ddd885cd226c24ea37fd926dbd90b887"}, {0x0, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x100d5b6, 0x0}, {0x2, 0x0, 0xfffffff8, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x1, 0x0, 0x3, 0x0}, {0x2, 0x0, 0xa2d, 0x0}, {0x0, 0x0, 0x1, 0x0}, {0x3, 0x0, 0xf3f, 0x0}, {0x4, 0x0, 0x1000, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x1000, 0x0}, {0x2, 0x0, 0x7fff, 0x0}, {0x0, 0x0, 0x1545, 0x0}, {0x2, 0x0, 0x9, 0x0}, {0x1, 0x0, 0x40007, 0x0}]})
r2 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000280)={'vlan1\x00', &(0x7f0000000000)=@ethtool_cmd={0x1, 0x9b03, 0xfffffffe, 0xfe, 0x7, 0x13, 0x1, 0x6, 0xfa, 0x55, 0x1, 0x40, 0xfff8, 0x80, 0x7, 0x80, [0x6, 0x8e]}})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_int(r4, &(0x7f00000001c0)='cgroup.max.descendants\x00', 0x2, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r4, 0x400c330d, &(0x7f0000000140)={0x5, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1000)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
symlink(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='./file0\x00')
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r6, 0xffffffffffffffff, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r7 = socket(0x11, 0x17, 0xfffffffd)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x28000, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r9=>0x0})
bind$packet(r7, &(0x7f0000000180)={0x11, 0x0, r9}, 0x14)

3.429355681s ago: executing program 4 (id=996):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000004c0)={0x1, 0x1, 0x0, 0x1})
fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x1, 0x3, 0x80, 0x7})
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r0, 0xc01c5868, &(0x7f0000000340)={<r1=>r0, &(0x7f0000000240)='o-&%%@:/\x00', 0x80080, &(0x7f0000000280)={@_ha_fsid={[0x4, 0x2]}, {0x0, 0x2, 0x8b9e, 0x1000000000000000}}, 0x8, &(0x7f00000002c0)={@_ha_fsid}, &(0x7f0000000300)=0x4})
fcntl$lock(r0, 0x5, &(0x7f00000000c0)={0x0, 0x0, 0x1000000000000002, 0x162d})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRESOCT=r3, @ANYRES16=r1, @ANYBLOB="000000000000000014011a80100102803c0001"], 0x134}}, 0x4c004)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000440)=@req3={0x7, 0xe71, 0x2, 0x400, 0x100, 0xbc7a, 0x2}, 0x1c)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r5 = getpgrp(0x0)
sched_setscheduler(r5, 0x0, &(0x7f00000003c0)=0x2)
write(r4, &(0x7f0000000540)="88a96c864653156bc81f0d51131cf90d056c26f9fbb61532bc6dbea9cf3e8933cd9550e8fae9e4688070d97f50f7e1e959b6411e171bd9708386cb030000c17b510db0c6f5b5fbe4847f46eb3ef68724a9aeab0400372a360060e3fd5bd34c18f74b2a3b19da94b50e639c7f7e1d45faeb182e192dfcf93a57cc1da493981dba1639551626185e1546e26a10157fdb825f5ff6ab936e560749b021b1d4e52345c9029b3016c78835f2f8d8249c1e0c2f228a0a30a65610c34402750616f99b31315d", 0xc2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000400)=ANY=[@ANYBLOB="080008000000000000001400000045b8c4c11d6f001c00660037a76fac3ceef8481f535b14124e204e2000089078"], 0x2a)

3.33971232s ago: executing program 0 (id=998):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000032c0)={&(0x7f0000003100), 0xc, &(0x7f0000003280)={&(0x7f0000001240)=ANY=[@ANYBLOB="300100000906030000000000000000000000000a48000880100007800900120073797a3100000000100007800900120073797a31000000000c00078005000300010000001800078011001a004e4c424c5f434950534f7634000000002c000880100007800a001100d912a662de7b00000c00078005000300070000000c000780050007003300000005000100070000004c0007801400170069705f7674693000000000000000000008001c40000000080900120073797a310000000008000840000000140c00194000000000000000000c0019400000000000000008280008800c00078006001a002e0000000c00078006001d40000200000c00078005000300090000000900020073797a32000000000900020073797a32000000000900020073797a3000000000080009400000000c54d8603b52a430f64fb2ac54d271494cc1ace08dfb4a868e8ea8a2e77173de0a9ef50539f2dd8545300903e986930cc29511cfdfe70592892edebd16511b7166f6c49e7e0eae8191f62f4f0b5c08ed26c44228954bd917957d1a2032b3c81391c201fc9ca134669dc3467a9bdbb6012ddaf37b11aa4d8dda4d5a6df54c05694b0b49f69270ea4ec5cb5ae3d0363fabc737ab0562522807661af258d48095042d7aab096043aa046e2aee3e56308f07e4b8d3d76d1179f295a7539bb86f7b66b586ff44215ac7294c09779e0c3b54baf363af8d21510f545df862a2a64225547aa4ed51206d96fa30bc12416d01f290f0dcf61b2cfa93"], 0x130}, 0x1, 0x0, 0x0, 0x1}, 0x810)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0xfff, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
listen(r0, 0x5)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x80047601, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r4=>0x0})
move_pages(r4, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x18000000000002a0, 0x30, 0x0, &(0x7f00000011c0)="b9ffddc10000000000000008888edfcef6e296510cff24fc83423368", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x128}, 0x1, 0x0, 0x0, 0x44a839f4917e57a0}, 0x53ec5ff145b70a1b)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4054)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
mount$binderfs(0x0, &(0x7f0000000480)='./binderfs\x00', 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB])
ioctl$sock_netdev_private(r2, 0x89fa, &(0x7f00000003c0)="06ffc7583e038ced1ae250d26875150c7c82bfaafc591943aae6df3025f77027de2af74211d2f16ac47bbe38b77dda2ab2779687b6ed03c354dd5208feaeb6204d2b0922e1ef7751c3d5")
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRESOCT, @ANYBLOB="01002dbd7000fbdbdf250c00000008000300", @ANYRES32=r7, @ANYBLOB="0a5a060008021100000000000c0050804db1d38500000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000100}, 0x800)
openat$tcp_congestion(0xffffff9c, &(0x7f0000002000), 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket(0x400000000010, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r8)
close(0x3)

3.338701861s ago: executing program 4 (id=999):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x2000877d, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x6, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b03", 0x3b, 0x0, 0x0, 0x0)

3.250438197s ago: executing program 4 (id=1000):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xd1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001240)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x24, r2, 0x1, 0x70bd23, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x20000000)

3.25015286s ago: executing program 4 (id=1001):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000340)={<r1=>0x0, 0x1000, "abd538cbbb2aa576081b56396e0066e27153735f8016ec1b6fa6907ab41fd7e3f7f8a779c49ca311b25f31df580a4c6515c3f961ef74bd1b8538cddd4398eb04b997b52b02ff128fbbad779ac1f50f7c00b5f9a7469ae1058168e96a104d97ff4da1ac598c08d3135c35e568c8d539e8e8f3e024071e6f5484e1ee53a590d6eed3be672aff180862b0785859de479f68d2302975f00052005c8e7bca92f8b317d9a5bd858eacffa8cdde3b790f59b3873d0bab3ae7ca821ff1b50caccb471a7fd7ad9f66bbde1ac83a9a90667e72a6719d5cfd31c2a6740df7c0d2b1a0e38ea9265dc2fea6f698a6f972379ddbbc20795071e465e52116cd0d02c02f8585d7a0fd48886f907e51f74a9ca15fa9b382cbc20c8f8d5ee001b76cf0a550dfbbc07121757864e8e7f446d3103301c4e8035a4253a0f932343827893082e2917f8e6d116d4fbe823d42f642b12de05686001e79edaf192dc30f0d301db0e5cb73928e89e4affedfc2e05d3fcf801798f91b3da7ec944ec713351cd15e658b3ab29def6c232da72ef7782821760561eb87687d29862f36a79a24e7c81b64689633e58813a8a90d4c080a036d5391e44ec11b1dbb4040be132aaa51ae9ba18218fe69459d7039ec1b4cfa817ac781381d18cd46ca20a94dd682923953c70da0abc532773021baa04a9c01f5e524ad0d65d2c723fd4ce0edfd3cf681cef59131eb7ffa799a5485cbd33e2685a895c9ac37e17f350ca5764817e9a62c7442535982aeea487e01c44c1b51060ce87d17c77b820bfc32bd51a22f011ca5ddfc726f84052ebe83049db63cd67138e797bf89bb1eae2adb62304f0ab9552765308a87194a86acf4b1b96a43d23a182986571fe5325603e1fc443015ccde4f03d04a34376fdc12354e6559eb6b24e77b023ebd968617b2b265841c1beb12fe61ef5349fad68b2214deb23235b92adf943fb5255ea6b0e53e0d50f0a72d0e8b6b57bda232e5c068bf6899ccc7e63d078693036a5751e751397e94400b8aa17e63681b26c8f306a105324ba966dee542b2ac21ece74b2e04a75996aba19d9c5e8360ee3f0519eaa0c8bad16f99fde5c460096fa08b9e063785458e6d96555d183bb44195f4516056e3ab0c322731b1e1c604a9d1cb292088a57c3387f3905efeccbb2eb7ab0a2c325af5bbf898c8a8151815994d2ca47f7e2f676a83d753a47e3aa8c7440f92bfab7363d1c0cd5bb0a0c4078f333a9b1648b9833f174a458aa608ced736daa6a3777959612d170913b15f37d10e1c3aca1e66d647988e2392ad18fee4cf3d24f42820022407595de154b08ecfaacffaf5040fc4f8dff645c75afd44258199f13439caed0c2fb3878a4d5bec6e569b4e23675454b761dffd020e65ec1f3e1cf44153746625c23884b3c2f569c906ad317130273468f2438ac6ae5d1614b71fccd441ad5066e2b3aba00ab115453d002137a6e10879e599434e945f018b879ff4e4a3a7be32a9b990d7d7dfbced5faec1982b778cf8e2b5b96b05a9d3a45597fda050a9601c7d23f585442279c8948a722d297e3ae2b9358f4a760ba94785cc261e19d2b4333dc1fed94d140455fe268ec8cb51eaace8aa748725e3176012e125e4944a7dd05b6951517224209552b8e6a2d635cbfc902e33aef0aed1a656144bf84e23048c846fff5c7945d7889feeeb4fd08a50512ec0af8547853a16e8f556a7e9b6c92e3cb2305ef0e154630ab3f0f415350e1e21fb91d68e1da521a5c6786058b5baada2cc04e57e11a3a9b5c533a7f4b9f98240ae4a8314b149b3c3dd3853860fda679eac6d6a5aee133c735dcfb2124ffd410e10c1370c616fb77823c08af60e7ad540ccd74bd527636ce3d886451d213cff3d345a0f3a40fae2b653b4639d5ec2355ec19afc1db1cabf8ca0c50247aa400bbe1bc05308a411b8ceae7513f5e450a97bb71b54aa807a4ad224d35ea35f6121c9921e1614015599495087e5ab765e1cd4195b554d298ce82b3b02ad8a107d04c3ebc74f1d2e53d8405ce418fccbf1c49459d749c606481fd2fa93c928b68d8763d8137e96220c1c9732ad97c2335b111f8a7150494e156d51840b9f606df6e179813cd766beb98a3eb057676e6f973b352b0e4336c5efb43de09197c72ffd533bc65eb1fd7df573e7dab95bc7f6dd00dc9e8f9f33a381f382bed23d634a07ba5ee473c8689f1395d56491097c005c2cf4959a0f92f9cfc553c64627df4ac5dbb43dcee5b0c147a188d719daba8346ff37c1e71d04a4090190e8c4e58bd2c7b479e988485a33c681df587507af981123bf6abbca041eea4fb8efe51bf4fe5d3542bf05afb4ac0b02e9c608760662910adb5a69f6f6d1efb4470be8b25c386f41d18d8561fe21cee17f29db5257ea2dfb28b8700b7296f6e762b38a0e9636adaaf924a34d55704dcdecf919ac9cdce9ca4962b160929b770b4226fa78e9ace044bb9412963361af274f7669a0e9dd3d514acad3affc87540c4324532d9c3a6b276a68d9fff1086c45c889d8dfbacbbb82c23a22d8f7d4059561d22989e617480cc18b23d7256db96ae8d965bcf32c78446c8f4264aabd031d48c559a73e8b1e7e28856c292c381a758ccb279fdd99f868a8b8234df7546bfc67bb7f0d93b30686ad8244fccf4d57cddec93c4af565396561e654e2366d6f3adeae0b8756acd91f3380a1c82b74d56272797adc2a6ed39e011a0adbd61718eedb700c25974362cf3f3669a436f1b4a508fc6e85111e6ecd036c8aa213c8e15a82442b23fd97f6eb16e80c79b0844fc595d7c680f3e7e0296114784dcdcfba20f1bf57bd0cfdfeb35d6878c662e734c05bc90ca6ef47c8b45e17ea60c0c049db625124f4b067e2013d111af0dd4f5f9569283d4ff88dfeff8141b2a00639273f405b52009547531f5ad6b8b9fa03f19dc70e6aebbd4128689732dc6d263ada0aeef478c529e90ef1c5a967a923634842cea02dc716d5c753a936c8a3ef1ced58561d63eecedbec332e066a20caedc852d62117470471b4e2253d22779f5040da8bb1069f94fd1f9849d5afbc824903459e70b88887b3d8ceb4ce8f34c1fa3a2928b9a15926ef4a88dcd000bb9c1eb9a0c6f44bc6a8de429a9126536d4840f2448ecce2f957d8d3e7b78bb5e4d6da4ac0b2f74bdabb0ebbb555d2b211989bd408b57bf3ba7e511c23e867c32cfad9d2a4e7f9355e209e08da0dc65e6f97529c7ccb437c68df5f889a42e378e8818ea2c9053da47bdede620bbaae1d8d87d436c248f337d486a638f724248f0710530613385908efdd7f129c810c364b54710e33c4c28753989e86e3fca9c910ced6622a80589462a3673b58bc99596330776f8b6721cdca0181fd31bc8336b9ab5b61b5e12efd1dba895eaf6e50df61f5cf822925ffaafd5e4d7e756e481448e558ba29b3f06df9cc0d418c278c39597985674b0bf718f713a631015321f7bc6cdc70c6f550597ef31e57f240ff1df710081a205c4602df79af65ef1dd52323ba9f0dd10dca17d75f913d34ce0b6eeb524614296fbd7fa287952eef36f79bdd856efd47812f571d2952ef1e3df3429a4312c8ad14f31fcda1836d4711766b95604cf8a5783ac88d874d2d8c06cc858cb162e8250e3061a113d4ca79f3c628ce12d79acc9a0f732abb67cf9a0c9c715dd7cb74f8d38f1715eddc326f05fad2993388326afdd068779a6152e4fbe60989d018b1c47ca44c45c986697869d78937b2900dd8b4a471c658ff817e736f233cf3d39aa211342f92640ea9b885260ad965e66d49388feb683f87b515a84ab53b82c063a91d2bb696e3daff07368f355dbcc2c835eb38bf2eccdaf9db381cc4e7d95934c6e4583e275ae05286f9ab1fe8e4d85af141738d07502e918a2c404dc273fb799882136aabd47e2a870a7ec7f035558bb29a274507555f63e3bdc52b5dd8bf97260023897e0d74daccee3daedfb8fdb38fa25fb9c7ace31dfe6e65e3b3d5539086715a3320665a35e417bbb05b66fc229a1d5a0b1db0ce891f4ba6d7c069e6e04f488dcaf27bd88ab802cfc96c36a96f5bf209ed37b3f5b73f3663696aebd004fdad7a3948d623fb95c773cf8b1773e1b602201f2b232c9123268765110be95356cbeb78f76c91f7a5a202763490fae7d2fc1a230d1276ab2ac5bc725e4b741a310cc0e38406c56bb1be725b8311e4eae402b28d5afe1f33bca08ff266d42c4d2f57b903c0afca0cb65e6ed66f433b0f15f5e175f9b1b88fc0d7d80c14b8660180f1ec71ec54cfa400d24188331b2d242c89ef0d37b9150b521344d741769da196aab21e59ad8761b704b582983949868c7759a27c9d65671acc0c34bee7d31e0fd5a53f337711d33bd491889e53e3249e50883192b2a38f04ef85a703a17b2591589cfd92b2debdc017e7845d2e672d617f9fabf4446bf6c8ab456a0d7eff57844f11d78eba213dc8b6a1f9cab6e3757d377608c09604af01624c0081edff98f0e763c23300eea685ea4e5577e9a6b6ed653f16345f3b2c034214604d0004f2ba62132f11ea44e6b0259855a5e67dde170274387ee559a96698c8fb2c9bc3a966884ef757e067979d932ac6a5f6e20402d3c87f5cc03149802582abc942dddd20492574da075a7115e7e1b272fb25b03a10dd55b0730ae44c4b887c0bf37fd741584086f112b81c41e149a194043ed38dcf69e0eb34a76299d3c99d5cf26d106ae4b581fc5defeb60c6ecf4199642c4608362ac8f62089c007b2254fb99cd7ca7b2ba340511dc2b9982b776dd582d2ebfb99ea453f216c27b8542445c1cc58d2e85081db8681e38e4065925230a328ef9e408d98372d81fab2d9a55ce1d476ae6d76b976e1acbe8c7bd13a8677d109ab64bf28073018a0df22cc10ebe5dc9f5fe7b3031920ce9f32ed30b8197f77060e4c3504be207a1841c148e024175eb7b8b923bbc0fa1e1ef70da6753139f7d7aab87a87a1b84728bbe24f83cd28e4938d0ed4cc0ecedb8d6ec839cb73cc32ab0d93a6d338651b38536d1593ffde61557bcfaf3615c75debba3bfa60b8eefde63d9f4e59a84104574bcd1d3af76c0516e2a46d32a90b5415ec008a938e0970182054b5aaf33b4edafc239d301ad7f98c2b64df54e015f06096e4104557029bdf90596bff1ee1b1d2e3fde5af9ed7af9c4d871d7f851da53cec63108da7da6a35104882785ba1dcf3904f03b180cf62942639e233c50944514f43db538a8b142e5ba6f09fe4912aad0d84d64164ae2a3a2f35348843352bf4a24d9b01e3d258b2b759d262475fd02b29f743e1800964ef4aff69adf0604446a3abd0d58b925ea69b3029afb531351e351bddae94112386e610f4adb7a092af7750d796f257844379e0f03801f271abc1901e3eab741b5e413ed6a7e1dcb3763aace26fe267bc42d5931327146b51f45546bbad2a7519945ec28ec3d7aeca8e208e69779a558c45441f3c62febc1ffc18443b3727bbd7422cc2bc034b78d260296a4eb45fcd330d2d393a2a5c20b435354f6be0f49ef00ff52461db103a6375e0f887feefd2c4d86934152c22cf93ceca18fce64cceab60d36ba0923e2aa0930fff0e554ae4fbb89c6c64bb39e593145901691b1d1752ee99774a40f0f263d445390c3416e7810625b92f79b774a143bd0671d0d3b02b3b9b07dbbdf8c9336e6b8f8996122322448d9b8cf1e51df23ef98d412dc76008fd1401e9908161efb19a06466416651adefb95490bddd04171c24361c38cdee6e42b2ce40958d091b488f24827ae127a19aa863394d85bf"}, &(0x7f0000001380)=0x1008)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000013c0)={r1, @in6={{0xa, 0x4e21, 0x7bd, @dev={0xfe, 0x80, '\x00', 0x42}, 0x401}}, 0x5, 0xe, 0x8, 0x10000, 0xfffffe00}, &(0x7f0000001480)=0x98)
syz_open_procfs(0x0, &(0x7f0000000300)='cpuset\x00')
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x2400cc00, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000240)=[0xffe7, 0x5, 0xdbb5, 0x40])

3.168861553s ago: executing program 1 (id=1002):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80000, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40088d4)
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x4}, 0x1c)
close(0xffffffffffffffff)
r4 = getpgid(0x0)
r5 = syz_pidfd_open(r4, 0x0)
pidfd_getfd(r5, r5, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2185091, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cdrom(0xffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="09032cbd7000000000001f"], 0x14}, 0x1, 0x0, 0x0, 0x10890}, 0x40000)

3.168455278s ago: executing program 0 (id=1003):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x11, 0x0, &(0x7f0000000000)="06ff03076844268cb89e14f0430560e0ff", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c)

3.109792375s ago: executing program 0 (id=1004):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000037}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
syz_create_resource$binfmt(0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
sendto$unix(0xffffffffffffffff, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51", 0xb, 0x800, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtfilter={0x68, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff1, 0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34}]}}]}, 0x68}}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)

2.358069959s ago: executing program 4 (id=1005):
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r2, 0x20)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000180))
shutdown(r2, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f00000001c0)={0x800}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r3, 0x0, 0x200000)
socket$inet(0x2, 0x801, 0x100)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
accept4(r2, &(0x7f0000000240)=@nl, &(0x7f00000002c0)=0x80, 0x80000)
sendmsg$DCCPDIAG_GETSOCK(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000014001105f4590000000000002b00000100"/31, @ANYRES32=0x0], 0x4c}, 0x1, 0x0, 0x0, 0x4000840}, 0x8004)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000140))
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48141, 0x0)
ioctl$sock_SIOCOUTQ(r4, 0x5411, &(0x7f0000000300))
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x2, 0x6, 0x201, 0x6000000, 0x0, {0x0, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x0)

2.058946994s ago: executing program 1 (id=1006):
r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x41982)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000002580)=""/4096, 0x1000}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32=r1], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r5 = syz_open_dev$video(&(0x7f0000000440), 0x3ff, 0x0)
ioctl$VIDIOC_STREAMOFF(r5, 0x40045613, &(0x7f0000000200)=0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r6 = socket$packet(0x11, 0x2, 0x300)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r7], 0x0, 0x1}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000180)=r8, 0x4)
socket$nl_route(0x10, 0x3, 0x0)

1.437630942s ago: executing program 2 (id=1007):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x11, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001300)={'nat\x00', 0x0, [0x10005, 0x88980000, 0x2, 0x4, 0xa]}, &(0x7f0000000140)=0x54)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000180)={0x6, 0x0, 0x1fd, 0x7d, 0xfffffffffffffffd, 0x7f, 0x104, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xae07, 0x9, 0x4, 0x15, 0x80000006, 0x8}, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)

1.332673394s ago: executing program 0 (id=1008):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x2000877d, &(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000000c0)=0x6, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b03", 0x3b, 0x0, 0x0, 0x0)

869.594756ms ago: executing program 0 (id=1009):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000004c0)={0x1, 0x1, 0x0, 0x1})
fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x1, 0x3, 0x80, 0x7})
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r0, 0xc01c5868, &(0x7f0000000340)={<r1=>r0, &(0x7f0000000240)='o-&%%@:/\x00', 0x80080, &(0x7f0000000280)={@_ha_fsid={[0x4, 0x2]}, {0x0, 0x2, 0x8b9e, 0x1000000000000000}}, 0x8, &(0x7f00000002c0)={@_ha_fsid}, &(0x7f0000000300)=0x4})
fcntl$lock(r0, 0x5, &(0x7f00000000c0)={0x0, 0x0, 0x1000000000000002, 0x162d})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRESOCT=r3, @ANYRES16=r1, @ANYBLOB="000000000000000014011a80100102803c0001"], 0x134}}, 0x4c004)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000440)=@req3={0x7, 0xe71, 0x2, 0x400, 0x100, 0xbc7a, 0x2}, 0x1c)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r5 = getpgrp(0x0)
sched_setscheduler(r5, 0x0, &(0x7f00000003c0)=0x2)
write(r4, &(0x7f0000000540)="88a96c864653156bc81f0d51131cf90d056c26f9fbb61532bc6dbea9cf3e8933cd9550e8fae9e4688070d97f50f7e1e959b6411e171bd9708386cb030000c17b510db0c6f5b5fbe4847f46eb3ef68724a9aeab0400372a360060e3fd5bd34c18f74b2a3b19da94b50e639c7f7e1d45faeb182e192dfcf93a57cc1da493981dba1639551626185e1546e26a10157fdb825f5ff6ab936e560749b021b1d4e52345c9029b3016c78835f2f8d8249c1e0c2f228a0a30a65610c34402750616f99b31315d", 0xc2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000400)=ANY=[@ANYBLOB="080008000000000000001400000045b8c4c11d6f001c00660037a76fac3ceef8481f535b14124e204e2000089078"], 0x2a)

597.224792ms ago: executing program 0 (id=1010):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80000, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40088d4)
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x4}, 0x1c)
close(0xffffffffffffffff)
r6 = getpgid(0x0)
r7 = syz_pidfd_open(r6, 0x0)
pidfd_getfd(r7, r7, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2185091, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cdrom(0xffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="09032cbd7000000000001f"], 0x14}, 0x1, 0x0, 0x0, 0x10890}, 0x40000)

339.95974ms ago: executing program 2 (id=1011):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

0s ago: executing program 1 (id=1012):
r0 = fsopen(&(0x7f00000005c0)='cramfs\x00', 0x0)
creat(0x0, 0x0)
r1 = open$dir(0x0, 0x0, 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x140)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r3, r2, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x6)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r1, 0x80000000000000)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

an1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.002958][   T40] audit: type=1804 audit(1776942176.628:191): pid=8211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.537" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0
[  199.012246][ T8213] netlink: 'syz.1.549': attribute type 5 has an invalid length.
[  199.056746][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  199.058978][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  199.658162][ T8228] netlink: 12 bytes leftover after parsing attributes in process `syz.4.552'.
[  200.008007][ T5967] Bluetooth: hci0: command 0x0c1a tx timeout
[  200.088050][ T5318] Bluetooth: hci5: command 0x1003 tx timeout
[  200.092711][   T62] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  200.577870][   T62] Bluetooth: hci4: command tx timeout
[  201.562719][ T8243] wlan1 speed is unknown, defaulting to 1000
[  201.729456][ T8246] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input56
[  202.658146][   T62] Bluetooth: hci4: command tx timeout
[  202.748697][ T5963] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  202.907891][  T854] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  202.939726][ T5963] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.965395][ T5963] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  202.999235][ T5963] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  203.014562][ T5963] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.031620][ T5963] usb 7-1: Product: syz
[  203.041188][ T5963] usb 7-1: Manufacturer: syz
[  203.051762][ T5963] usb 7-1: SerialNumber: syz
[  203.058243][  T854] usb 9-1: Using ep0 maxpacket: 8
[  203.063518][  T854] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  203.066851][  T854] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  203.070815][  T854] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  203.075230][  T854] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  203.079687][  T854] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  203.085582][  T854] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  203.089518][  T854] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.205521][ T5963] cdc_mbim 7-1:1.0: skipping garbage
[  203.387831][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  203.457825][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  203.465067][ T8263] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  204.070742][ T8263] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  204.073912][ T5963] cdc_mbim 7-1:1.0: setting tx_max = 184
[  204.080925][ T5963] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  204.095095][ T5963] wwan wwan0: port wwan0mbim0 attached
[  204.117259][ T5963] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 22:fa:84:cd:11:27
[  204.274387][    C0] wdm_int_callback: 93 callbacks suppressed
[  204.274407][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.279281][    C0] wdm_int_callback: 93 callbacks suppressed
[  204.279293][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.283327][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.285530][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.287860][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.290090][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.294837][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.297272][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.299549][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.301678][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.303869][    C0] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  204.305902][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  204.308873][    C0] cdc_mbim 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  204.314846][ T6138] usb 7-1: USB disconnect, device number 15
[  204.321281][ T6138] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  204.324946][ T8286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.566'.
[  204.445191][ T6138] wwan wwan0: port wwan0mbim0 disconnected
[  204.727887][   T62] Bluetooth: hci4: command tx timeout
[  205.780802][  T854] usb 9-1: usb_control_msg returned -71
[  205.782618][  T854] usbtmc 9-1:16.0: can't read capabilities
[  205.792080][  T854] usb 9-1: USB disconnect, device number 2
[  205.840015][ T8298] wlan1 speed is unknown, defaulting to 1000
[  205.943877][ T8298] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input57
[  206.425050][ T8312] wlan1 speed is unknown, defaulting to 1000
[  206.461421][ T8317] overlayfs: failed to set uuid (139/file1, err=-1); falling back to uuid=null.
[  206.468712][ T8317] overlayfs: failed to verify upper root origin
[  207.176785][ T8334] netlink: 8 bytes leftover after parsing attributes in process `syz.4.577'.
[  207.238157][   T39] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  207.386643][ T8334] bond1: Unable to set down delay as MII monitoring is disabled
[  207.397950][   T39] usb 6-1: Using ep0 maxpacket: 8
[  207.401077][   T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.405153][   T39] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.409221][   T39] usb 6-1: config 0 interface 0 has no altsetting 0
[  207.411633][   T39] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  207.415379][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.420640][   T39] usb 6-1: config 0 descriptor??
[  207.449030][ T8334] bond1 (unregistering): Released all slaves
[  208.283294][   T39] usbhid 6-1:0.0: can't add hid device: -71
[  208.422818][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  208.426298][   T39] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  208.435856][   T39] usb 6-1: USB disconnect, device number 15
[  208.558052][ T8360] netlink: 'syz.4.585': attribute type 7 has an invalid length.
[  208.563398][ T8360] netlink: 40 bytes leftover after parsing attributes in process `syz.4.585'.
[  208.571786][ T8360] netlink: 20 bytes leftover after parsing attributes in process `syz.4.585'.
[  208.580544][ T8362] netlink: 'syz.4.585': attribute type 7 has an invalid length.
[  208.621730][ T8367] input: syz1 as /devices/virtual/input/input58
[  208.927880][   T39] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  209.097913][   T39] usb 9-1: Using ep0 maxpacket: 32
[  209.101975][   T39] usb 9-1: config index 0 descriptor too short (expected 156, got 27)
[  209.105820][   T39] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  209.109846][   T39] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  209.114696][   T39] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  209.120035][   T39] usb 9-1: config 0 interface 0 has no altsetting 0
[  209.125292][   T39] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  209.128436][   T39] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  209.131184][   T39] usb 9-1: Product: syz
[  209.132671][   T39] usb 9-1: Manufacturer: syz
[  209.134216][   T39] usb 9-1: SerialNumber: syz
[  209.137460][   T39] usb 9-1: config 0 descriptor??
[  209.141529][   T39] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  209.146589][   T39] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  209.346417][  T854] usb 9-1: USB disconnect, device number 3
[  209.358393][  T854] ldusb 9-1:0.0: LD USB Device #0 now disconnected
[  210.457851][ T8385] comedi: valid board names for 8255 driver are:
[  210.469231][ T8385]  8255
[  210.470419][ T8385] comedi: valid board names for vmk80xx driver are:
[  210.472793][ T8385]  vmk80xx
[  210.474163][ T8385] comedi: valid board names for usbduxsigma driver are:
[  210.477237][ T8385]  usbduxsigma
[  210.478981][ T8385] comedi: valid board names for usbduxfast driver are:
[  210.482422][ T8385]  usbduxfast
[  210.484187][ T8385] comedi: valid board names for usbdux driver are:
[  210.487024][ T8385]  usbdux
[  210.488425][ T8385] comedi: valid board names for ni6501 driver are:
[  210.491163][ T8385]  ni6501
[  210.492484][ T8385] comedi: valid board names for dt9812 driver are:
[  210.495513][ T8385]  dt9812
[  210.496902][ T8385] comedi: valid board names for ni_labpc_cs driver are:
[  210.499718][ T8385]  ni_labpc_cs
[  210.501285][ T8385] comedi: valid board names for ni_daq_700 driver are:
[  210.503651][ T8385]  ni_daq_700
[  210.504718][ T8385] comedi: valid board names for labpc_pci driver are:
[  210.507035][ T8385]  labpc_pci
[  210.508515][ T8385] comedi: valid board names for adl_pci9118 driver are:
[  210.511355][ T8385]  pci9118dg
[  210.513047][ T8385]  pci9118hg
[  210.514807][ T8385]  pci9118hr
[  210.516435][ T8385] comedi: valid board names for 8255_pci driver are:
[  210.519375][ T8385]  8255_pci
[  210.520633][ T8385] comedi: valid board names for s526 driver are:
[  210.522797][ T8385]  s526
[  210.523824][ T8385] comedi: valid board names for multiq3 driver are:
[  210.526215][ T8385]  multiq3
[  210.527710][ T8385] comedi: valid board names for pcmuio driver are:
[  210.530803][ T8385]  pcmuio48
[  210.532287][ T8385]  pcmuio96
[  210.534189][ T8385] comedi: valid board names for pcmmio driver are:
[  210.537635][ T8385]  pcmmio
[  210.539121][ T8385] comedi: valid board names for pcmda12 driver are:
[  210.542036][ T8385]  pcmda12
[  210.543418][ T8385] comedi: valid board names for pcmad driver are:
[  210.546170][ T8385]  pcmad12
[  210.547557][ T8385]  pcmad16
[  210.549055][ T8385] comedi: valid board names for ni_labpc driver are:
[  210.552446][ T8385]  lab-pc-1200
[  210.554107][ T8385]  lab-pc-1200ai
[  210.555724][ T8385]  lab-pc+
[  210.557142][ T8385] comedi: valid board names for atmio16 driver are:
[  210.560088][ T8385]  atmio16
[  210.561494][ T8385]  atmio16d
[  210.563027][ T8385] comedi: valid board names for ni_at_ao driver are:
[  210.566383][ T8385]  at-ao-6
[  210.568311][ T8385]  at-ao-10
[  210.569928][ T8385] comedi: valid board names for ni_at_a2150 driver are:
[  210.573041][ T8385]  ni_at_a2150
[  210.574770][ T8385] comedi: valid board names for adq12b driver are:
[  210.577695][ T8385]  adq12b
[  210.577891][   T62] Bluetooth: hci0: command 0x0c1a tx timeout
[  210.687812][ T8385] comedi: valid board names for mpc624 driver are:
[  210.690420][ T8385]  mpc624
[  210.691531][ T8385] comedi: valid board names for c6xdigio driver are:
[  210.693819][ T8385]  c6xdigio
[  210.694878][ T8385] comedi: valid board names for aio_iiro_16 driver are:
[  210.697313][ T8385]  aio_iiro_16
[  210.698786][ T8385] comedi: valid board names for aio_aio12_8 driver are:
[  210.701759][ T8385]  aio_aio12_8
[  210.703079][ T8385]  aio_ai12_8
[  210.704385][ T8385]  aio_ao12_4
[  210.706054][ T8385] comedi: valid board names for fl512 driver are:
[  210.708906][ T8385]  fl512
[  210.710198][ T8385] comedi: valid board names for dmm32at driver are:
[  210.712662][ T8385]  dmm32at
[  210.713901][ T8385] comedi: valid board names for dt282x driver are:
[  210.716396][ T8385]  dt2821
[  210.717686][ T8385]  dt2821-f
[  210.719011][ T8385]  dt2821-g
[  210.720188][ T8385]  dt2823
[  210.721201][ T8385]  dt2824-pgh
[  210.722431][ T8385]  dt2824-pgl
[  210.723683][ T8385]  dt2825
[  210.724862][ T8385]  dt2827
[  210.726306][ T8385]  dt2828
[  210.727863][ T8385]  dt2829
[  210.729248][ T8385]  dt21-ez
[  210.730692][ T8385]  dt23-ez
[  210.732105][ T8385]  dt24-ez
[  210.733483][ T8385]  dt24-ez-pgl
[  210.735099][ T8385] comedi: valid board names for dt2817 driver are:
[  210.738227][ T8385]  dt2817
[  210.739661][ T8385] comedi: valid board names for dt2815 driver are:
[  210.742662][ T8385]  dt2815
[  210.744056][ T8385] comedi: valid board names for dt2814 driver are:
[  210.746855][ T8385]  dt2814
[  210.748310][ T8385] comedi: valid board names for dt2811 driver are:
[  210.751161][ T8385]  dt2811-pgh
[  210.752785][ T8385]  dt2811-pgl
[  210.754397][ T8385] comedi: valid board names for dt2801 driver are:
[  210.757646][ T8385]  dt2801
[  210.759036][ T8385] comedi: valid board names for das6402 driver are:
[  210.761900][ T8385]  das6402-12
[  210.763351][ T8385]  das6402-16
[  210.764854][ T8385] comedi: valid board names for das1800 driver are:
[  210.768017][ T8385]  das-1701st
[  210.769643][ T8385]  das-1701st-da
[  210.771270][ T8385]  das-1702st
[  210.772782][ T8385]  das-1702st-da
[  210.774424][ T8385]  das-1702hr
[  210.775941][ T8385]  das-1702hr-da
[  210.777650][ T8385]  das-1701ao
[  210.779444][ T8385]  das-1702ao
[  210.781298][ T8385]  das-1801st
[  210.782941][ T8385]  das-1801st-da
[  210.784655][ T8385]  das-1802st
[  210.786153][ T8385]  das-1802st-da
[  210.906118][ T8385]  das-1802hr
[  210.907417][ T8385]  das-1802hr-da
[  210.912172][ T8385]  das-1801hc
[  210.913813][ T8385]  das-1802hc
[  210.915417][ T8385]  das-1801ao
[  210.916976][ T8385]  das-1802ao
[  210.921388][ T8385] comedi: valid board names for das800 driver are:
[  210.925810][ T8385]  das-800
[  210.928077][ T8385]  cio-das800
[  210.930137][ T8385]  das-801
[  210.932037][ T8385]  cio-das801
[  210.933819][ T8385]  das-802
[  210.935591][ T8385]  cio-das802
[  211.065697][ T8385]  cio-das802/16
[  211.067173][ T8385] comedi: valid board names for isa-das08 driver are:
[  211.069525][ T8385]  isa-das08
[  211.070683][ T8385]  das08-pgm
[  211.071849][ T8385]  das08-pgh
[  211.072960][ T8385]  das08-pgl
[  211.074034][ T8385]  das08-aoh
[  211.075170][ T8385]  das08-aol
[  211.076317][ T8385]  das08-aom
[  211.077689][ T8385]  das08/jr-ao
[  211.079134][ T8385]  das08jr-16-ao
[  211.080670][ T8385]  pc104-das08
[  211.082114][ T8385]  das08jr/16
[  211.083394][ T8385] comedi: valid board names for das16m1 driver are:
[  211.085765][ T8385]  das16m1
[  211.086902][ T8385] comedi: valid board names for dac02 driver are:
[  211.089049][ T8385]  dac02
[  211.090014][ T8385] comedi: valid board names for rti802 driver are:
[  211.092075][ T8385]  rti802
[  211.093136][ T8385] comedi: valid board names for rti800 driver are:
[  211.095463][ T8385]  rti800
[  211.096601][ T8385]  rti815
[  211.097705][ T8385] comedi: valid board names for pcm3724 driver are:
[  211.100219][ T8385]  pcm3724
[  211.101401][ T8385] comedi: valid board names for pcl818 driver are:
[  211.103647][ T8385]  pcl818l
[  211.104667][ T8385]  pcl818h
[  211.105703][ T8385]  pcl818hd
[  211.106831][ T8385]  pcl818hg
[  211.108040][ T8385]  pcl818
[  211.109082][ T8385]  pcl718
[  211.110173][ T8385]  pcm3718
[  211.111398][ T8385] comedi: valid board names for pcl816 driver are:
[  211.114088][ T8385]  pcl816
[  211.115510][ T8385]  pcl814b
[  211.116649][ T8385] comedi: valid board names for pcl812 driver are:
[  211.118931][ T8385]  pcl812
[  211.119918][ T8385]  pcl812pg
[  211.121035][ T8385]  acl8112pg
[  211.122178][ T8385]  acl8112dg
[  211.123337][ T8385]  acl8112hg
[  211.124472][ T8385]  a821pgl
[  211.125499][ T8385]  a821pglnda
[  211.126748][ T8385]  a821pgh
[  211.127949][ T8385]  a822pgl
[  211.129098][ T8385]  a822pgh
[  211.130260][ T8385]  a823pgl
[  211.131505][ T8385]  a823pgh
[  211.132719][ T8385]  pcl813
[  211.133800][ T8385]  pcl813b
[  211.134946][ T8385]  acl8113
[  211.136044][ T8385]  iso813
[  211.137121][ T8385]  acl8216
[  211.138587][ T8385]  a826pg
[  211.139669][ T8385] comedi: valid board names for pcl730 driver are:
[  211.141955][ T8385]  pcl730
[  211.143140][ T8385]  iso730
[  211.144359][ T8385]  acl7130
[  211.145574][ T8385]  pcm3730
[  211.146738][ T8385]  pcl725
[  211.147911][ T8385]  p8r8dio
[  211.148937][ T8385]  acl7225b
[  211.150193][ T8385]  p16r16dio
[  211.151764][ T8385]  pcl733
[  211.152813][ T8385]  pcl734
[  211.153882][ T8385]  opmm-1616-xt
[  211.155222][ T8385]  pearl-mm-p
[  211.156594][ T8385]  ir104-pbf
[  211.158058][ T8385] comedi: valid board names for pcl726 driver are:
[  211.160529][ T8385]  pcl726
[  211.161499][ T8385]  pcl727
[  211.162530][ T8385]  pcl728
[  211.163599][ T8385]  acl6126
[  211.164685][ T8385]  acl6128
[  211.165694][ T8385] comedi: valid board names for pcl724 driver are:
[  211.167998][ T8385]  pcl724
[  211.169086][ T8385]  pcl722
[  211.170197][ T8385]  pcl731
[  211.171269][ T8385]  acl7122
[  211.172534][ T8385]  acl7124
[  211.173740][ T8385]  pet48dio
[  211.174888][ T8385]  pcmio48
[  211.176028][ T8385]  onyx-mm-dio
[  211.177314][ T8385] comedi: valid board names for pcl711 driver are:
[  211.179625][ T8385]  pcl711
[  211.180669][ T8385]  pcl711b
[  211.181751][ T8385]  acl8112hg
[  211.182893][ T8385]  acl8112dg
[  211.184111][ T8385] comedi: valid board names for amplc_pc263 driver are:
[  211.186888][ T8385]  pc263
[  211.189139][ T8385] comedi: valid board names for amplc_pc236 driver are:
[  211.191715][ T8385]  pc36at
[  211.192808][ T8385] comedi: valid board names for amplc_dio200 driver are:
[  211.195234][ T8385]  pc212e
[  211.196220][ T8385]  pc214e
[  211.197176][ T8385]  pc215e
[  211.198273][ T8385]  pc218e
[  211.199320][ T8385]  pc272e
[  211.200291][ T8385] comedi: valid board names for comedi_parport driver are:
[  211.202819][ T8385]  comedi_parport
[  211.204221][ T8385] comedi: valid board names for comedi_test driver are:
[  211.207004][ T8385]  comedi_test
[  211.209636][ T8385] comedi: valid board names for comedi_bond driver are:
[  211.212340][ T8385]  comedi_bond
[  211.219482][ T8391] netlink: 12 bytes leftover after parsing attributes in process `syz.0.591'.
[  211.806330][   T40] audit: type=1326 audit(1776942189.428:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8418 comm="syz.4.598" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701efcc code=0x0
[  211.837027][ T8419] wlan1 speed is unknown, defaulting to 1000
[  211.925132][ T8419] netlink: 28 bytes leftover after parsing attributes in process `syz.4.598'.
[  212.094498][ T8428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.600'.
[  212.704949][ T8436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.601'.
[  213.158747][ T5963] IPVS: starting estimator thread 0...
[  213.258019][ T8454] IPVS: using max 42 ests per chain, 100800 per kthread
[  213.317889][ T6138] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  213.470243][ T6138] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.473781][ T6138] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  213.479435][ T6138] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  213.483069][ T6138] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.486226][ T6138] usb 9-1: Product: syz
[  213.488749][ T6138] usb 9-1: Manufacturer: syz
[  213.490739][ T6138] usb 9-1: SerialNumber: syz
[  213.497304][ T6138] cdc_mbim 9-1:1.0: skipping garbage
[  213.704511][ T8453] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  214.311772][ T8453] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  214.314673][ T6138] cdc_mbim 9-1:1.0: setting tx_max = 184
[  214.318385][ T6138] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device
[  214.325495][ T6138] wwan wwan0: port wwan0mbim0 attached
[  214.332393][ T6138] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 06:25:62:f3:39:41
[  214.513398][ T5670] 8021q: adding VLAN 0 to HW filter on device wwan0
[  214.520957][    C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  214.523580][    C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  214.525797][    C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  214.527943][    C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  214.530060][    C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  214.532251][    C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  214.534722][    C3] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  214.537387][    C3] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  214.545423][ T5381] usb 9-1: USB disconnect, device number 4
[  214.548127][ T5381] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[  214.683920][ T5381] wwan wwan0: port wwan0mbim0 disconnected
[  214.689147][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.704047][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.714102][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.718953][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.722385][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.725399][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.729440][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.733008][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.736647][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  214.741048][ T8476] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  215.235362][ T8493] wlan1 speed is unknown, defaulting to 1000
[  215.281403][ T8504] binder: 8486:8504 ioctl c0046209 0 returned -22
[  215.303633][ T8493] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input59
[  217.452453][ T8545] FAULT_INJECTION: forcing a failure.
[  217.452453][ T8545] name failslab, interval 1, probability 0, space 0, times 0
[  217.461961][ T8545] CPU: 1 UID: 0 PID: 8545 Comm: syz.2.624 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  217.462007][ T8545] Tainted: [L]=SOFTLOCKUP
[  217.462015][ T8545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  217.462025][ T8545] Call Trace:
[  217.462033][ T8545]  <TASK>
[  217.462041][ T8545]  dump_stack_lvl+0x100/0x190
[  217.462072][ T8545]  should_fail_ex.cold+0x5/0xa
[  217.462099][ T8545]  should_failslab+0xc2/0x120
[  217.462124][ T8545]  __kvmalloc_node_noprof+0xfa/0xa00
[  217.462143][ T8545]  ? traverse.part.0.constprop.0+0x397/0x650
[  217.462164][ T8545]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  217.462196][ T8545]  traverse.part.0.constprop.0+0x397/0x650
[  217.462222][ T8545]  seq_read_iter+0x93f/0x1270
[  217.462241][ T8545]  ? aa_file_perm+0x7f3/0x14d0
[  217.462271][ T8545]  seq_read+0x33b/0x4c0
[  217.462289][ T8545]  ? __pfx_seq_read+0x10/0x10
[  217.462312][ T8545]  ? import_ubuf+0x1b6/0x220
[  217.462345][ T8545]  ? __pfx_seq_read+0x10/0x10
[  217.462363][ T8545]  proc_reg_read+0x240/0x330
[  217.462387][ T8545]  ? __pfx_proc_reg_read+0x10/0x10
[  217.462406][ T8545]  vfs_readv+0x5d8/0x8d0
[  217.462434][ T8545]  ? __pfx_vfs_readv+0x10/0x10
[  217.462468][ T8545]  ? __fget_files+0x21f/0x3d0
[  217.462496][ T8545]  ? do_preadv+0x1ac/0x270
[  217.462512][ T8545]  do_preadv+0x1ac/0x270
[  217.462531][ T8545]  ? __pfx_do_preadv+0x10/0x10
[  217.462547][ T8545]  ? ksys_write+0x1ac/0x250
[  217.462567][ T8545]  ? rcu_is_watching+0x12/0xc0
[  217.462594][ T8545]  __do_fast_syscall_32+0xe7/0x950
[  217.462615][ T8545]  ? lockdep_hardirqs_on+0x78/0x100
[  217.462644][ T8545]  do_fast_syscall_32+0x32/0x70
[  217.462662][ T8545]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  217.462685][ T8545] RIP: 0023:0xf7fb8fcc
[  217.462701][ T8545] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  217.462717][ T8545] RSP: 002b:00000000f545550c EFLAGS: 00000292 ORIG_RAX: 000000000000014d
[  217.462736][ T8545] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000100
[  217.462747][ T8545] RDX: 0000000000000001 RSI: 0000000000000036 RDI: 00000000000000f5
[  217.462758][ T8545] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  217.462769][ T8545] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  217.462779][ T8545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  217.462803][ T8545]  </TASK>
[  218.335507][ T8554] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  218.339338][ T8554] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  218.342012][ T8554] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  218.344282][ T8554] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  218.346535][ T8554] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  218.349883][ T8554] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  218.355124][ T8554] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  218.360293][ T8563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.628'.
[  219.927862][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[  220.344497][ T8578] binder: Unknown parameter ''
[  220.409588][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  220.409629][ T5967] Bluetooth: hci2: command 0x0c1a tx timeout
[  220.412271][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  220.416385][ T5318] Bluetooth: hci4: command 0x0c1a tx timeout
[  222.183552][   T40] audit: type=1804 audit(1776942199.808:193): pid=8617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.645" name="/newroot/27/file0" dev="tmpfs" ino=158 res=1 errno=0
[  222.188052][ T7996] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  222.527928][ T5318] Bluetooth: hci4: command 0x0c1a tx timeout
[  223.269239][ T7996] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  223.274709][ T7996] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  223.280804][ T7996] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  223.289544][ T7996] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  223.294499][ T7996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  223.299374][ T7996] usb 5-1: Product: syz
[  223.301905][ T7996] usb 5-1: Manufacturer: syz
[  223.303884][ T7996] usb 5-1: SerialNumber: syz
[  223.335099][ T8665] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.647'.
[  223.340040][ T8665] X: default FDB implementation only supports local addresses
[  223.926738][ T7996] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  224.217443][ T8676] FAULT_INJECTION: forcing a failure.
[  224.217443][ T8676] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  224.222834][ T8676] CPU: 3 UID: 0 PID: 8676 Comm: syz.2.650 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.222857][ T8676] Tainted: [L]=SOFTLOCKUP
[  224.222862][ T8676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.222870][ T8676] Call Trace:
[  224.222875][ T8676]  <TASK>
[  224.222881][ T8676]  dump_stack_lvl+0x100/0x190
[  224.222909][ T8676]  should_fail_ex.cold+0x5/0xa
[  224.222924][ T8676]  ? prepare_alloc_pages+0x16d/0x5f0
[  224.222944][ T8676]  should_fail_alloc_page+0xeb/0x140
[  224.222960][ T8676]  prepare_alloc_pages+0x1f0/0x5f0
[  224.222981][ T8676]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  224.223005][ T8676]  ? rcu_is_watching+0x12/0xc0
[  224.223023][ T8676]  ? trace_mm_page_alloc+0x163/0x1d0
[  224.223040][ T8676]  ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0
[  224.223062][ T8676]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  224.223084][ T8676]  ? __pfx_stack_trace_save+0x10/0x10
[  224.223103][ T8676]  ? stack_depot_save_flags+0x27/0x9d0
[  224.223118][ T8676]  ? is_bpf_text_address+0x8a/0x1a0
[  224.223138][ T8676]  ? is_bpf_text_address+0x8a/0x1a0
[  224.223156][ T8676]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  224.223176][ T8676]  ? kasan_save_stack+0x3f/0x50
[  224.223189][ T8676]  ? kasan_save_stack+0x30/0x50
[  224.223200][ T8676]  ? kasan_save_track+0x14/0x30
[  224.223211][ T8676]  ? kmem_cache_alloc_node_noprof+0x25a/0x6f0
[  224.223231][ T8676]  ? __get_vm_area_node+0x1ca/0x330
[  224.223273][ T8676]  ? __vmalloc_node_range_noprof+0x228/0x1630
[  224.223290][ T8676]  ? __vmalloc_node_noprof+0xad/0xf0
[  224.223305][ T8676]  ? __vmalloc_noprof+0xa3/0x120
[  224.223319][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.223335][ T8676]  ? bpf_prog_alloc+0x3b/0x200
[  224.223350][ T8676]  ? bpf_prog_load+0x48c/0x2b30
[  224.223361][ T8676]  ? __sys_bpf+0x223a/0x4b90
[  224.223372][ T8676]  ? __ia32_sys_bpf+0x79/0xf0
[  224.223387][ T8676]  alloc_pages_bulk_noprof+0x657/0x1390
[  224.223413][ T8676]  ? policy_nodemask+0xed/0x4f0
[  224.223429][ T8676]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  224.223458][ T8676]  __kasan_populate_vmalloc+0xf0/0x210
[  224.223483][ T8676]  alloc_vmap_area+0x95d/0x2b70
[  224.223503][ T8676]  ? __pfx_alloc_vmap_area+0x10/0x10
[  224.223521][ T8676]  __get_vm_area_node+0x1ca/0x330
[  224.223540][ T8676]  __vmalloc_node_range_noprof+0x228/0x1630
[  224.223557][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.223574][ T8676]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  224.223596][ T8676]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  224.223618][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.223638][ T8676]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  224.223654][ T8676]  ? __lock_acquire+0x4a5/0x2630
[  224.223673][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.223704][ T8676]  __vmalloc_node_noprof+0xad/0xf0
[  224.223720][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.223738][ T8676]  __vmalloc_noprof+0xa3/0x120
[  224.223754][ T8676]  ? __pfx___vmalloc_noprof+0x10/0x10
[  224.223772][ T8676]  ? rcu_is_watching+0x12/0xc0
[  224.223786][ T8676]  ? apparmor_capable+0x1d7/0x4d0
[  224.223804][ T8676]  ? unwind_get_return_address+0x59/0xa0
[  224.223825][ T8676]  bpf_prog_alloc_no_stats+0x58/0x640
[  224.223840][ T8676]  ? security_capable+0x80/0x260
[  224.223859][ T8676]  bpf_prog_alloc+0x3b/0x200
[  224.223874][ T8676]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  224.223898][ T8676]  bpf_prog_load+0x48c/0x2b30
[  224.223914][ T8676]  ? __pfx_bpf_prog_load+0x10/0x10
[  224.223947][ T8676]  ? bpf_lsm_bpf+0x9/0x10
[  224.223964][ T8676]  __sys_bpf+0x223a/0x4b90
[  224.223978][ T8676]  ? __pfx___sys_bpf+0x10/0x10
[  224.223989][ T8676]  ? get_pid_task+0x106/0x250
[  224.224010][ T8676]  ? proc_fail_nth_write+0x9f/0x220
[  224.224030][ T8676]  ? find_held_lock+0x2b/0x80
[  224.224049][ T8676]  ? find_held_lock+0x2b/0x80
[  224.224065][ T8676]  ? ksys_write+0x190/0x250
[  224.224083][ T8676]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  224.224104][ T8676]  ? kernel_write+0x633/0x6c0
[  224.224126][ T8676]  ? fput+0x79/0x100
[  224.224143][ T8676]  ? ksys_write+0x1ac/0x250
[  224.224158][ T8676]  __ia32_sys_bpf+0x79/0xf0
[  224.224171][ T8676]  ? lockdep_hardirqs_on+0x78/0x100
[  224.224190][ T8676]  __do_fast_syscall_32+0xe7/0x950
[  224.224202][ T8676]  ? lockdep_hardirqs_on+0x78/0x100
[  224.224221][ T8676]  do_fast_syscall_32+0x32/0x70
[  224.224232][ T8676]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.224247][ T8676] RIP: 0023:0xf7fb8fcc
[  224.224258][ T8676] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  224.224270][ T8676] RSP: 002b:00000000f543450c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  224.224283][ T8676] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000500
[  224.224290][ T8676] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  224.224296][ T8676] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.224303][ T8676] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  224.224310][ T8676] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.224324][ T8676]  </TASK>
[  224.224402][ T8676] syz.2.650: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  224.406957][ T8676] CPU: 3 UID: 0 PID: 8676 Comm: syz.2.650 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.406989][ T8676] Tainted: [L]=SOFTLOCKUP
[  224.406996][ T8676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.407008][ T8676] Call Trace:
[  224.407018][ T8676]  <TASK>
[  224.407026][ T8676]  dump_stack_lvl+0x100/0x190
[  224.407058][ T8676]  warn_alloc.cold+0x95/0x1c1
[  224.407082][ T8676]  ? __pfx_warn_alloc+0x10/0x10
[  224.407111][ T8676]  ? lockdep_hardirqs_on+0x78/0x100
[  224.407146][ T8676]  ? __get_vm_area_node+0x2c5/0x330
[  224.407176][ T8676]  ? __get_vm_area_node+0x208/0x330
[  224.407205][ T8676]  __vmalloc_node_range_noprof+0xccd/0x1630
[  224.407233][ T8676]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  224.407291][ T8676]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  224.407325][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.407360][ T8676]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  224.407384][ T8676]  ? __lock_acquire+0x4a5/0x2630
[  224.407414][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.407465][ T8676]  __vmalloc_node_noprof+0xad/0xf0
[  224.407491][ T8676]  ? bpf_prog_alloc_no_stats+0x58/0x640
[  224.407517][ T8676]  __vmalloc_noprof+0xa3/0x120
[  224.407541][ T8676]  ? __pfx___vmalloc_noprof+0x10/0x10
[  224.407568][ T8676]  ? rcu_is_watching+0x12/0xc0
[  224.407592][ T8676]  ? apparmor_capable+0x1d7/0x4d0
[  224.407618][ T8676]  ? unwind_get_return_address+0x59/0xa0
[  224.407648][ T8676]  bpf_prog_alloc_no_stats+0x58/0x640
[  224.407670][ T8676]  ? security_capable+0x80/0x260
[  224.407717][ T8676]  bpf_prog_alloc+0x3b/0x200
[  224.407740][ T8676]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  224.407760][ T8676]  bpf_prog_load+0x48c/0x2b30
[  224.407777][ T8676]  ? __pfx_bpf_prog_load+0x10/0x10
[  224.407810][ T8676]  ? bpf_lsm_bpf+0x9/0x10
[  224.407826][ T8676]  __sys_bpf+0x223a/0x4b90
[  224.407846][ T8676]  ? __pfx___sys_bpf+0x10/0x10
[  224.407863][ T8676]  ? get_pid_task+0x106/0x250
[  224.407897][ T8676]  ? proc_fail_nth_write+0x9f/0x220
[  224.407927][ T8676]  ? find_held_lock+0x2b/0x80
[  224.407956][ T8676]  ? find_held_lock+0x2b/0x80
[  224.407980][ T8676]  ? ksys_write+0x190/0x250
[  224.408008][ T8676]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  224.408037][ T8676]  ? kernel_write+0x633/0x6c0
[  224.408073][ T8676]  ? fput+0x79/0x100
[  224.408098][ T8676]  ? ksys_write+0x1ac/0x250
[  224.408122][ T8676]  __ia32_sys_bpf+0x79/0xf0
[  224.408142][ T8676]  ? lockdep_hardirqs_on+0x78/0x100
[  224.408170][ T8676]  __do_fast_syscall_32+0xe7/0x950
[  224.408188][ T8676]  ? lockdep_hardirqs_on+0x78/0x100
[  224.408218][ T8676]  do_fast_syscall_32+0x32/0x70
[  224.408233][ T8676]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.408254][ T8676] RIP: 0023:0xf7fb8fcc
[  224.408269][ T8676] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  224.408285][ T8676] RSP: 002b:00000000f543450c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  224.408302][ T8676] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000500
[  224.408312][ T8676] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  224.408322][ T8676] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.408331][ T8676] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  224.408340][ T8676] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.408360][ T8676]  </TASK>
[  224.534534][ T8676] Mem-Info:
[  224.535628][ T8676] active_anon:12688 inactive_anon:2994 isolated_anon:0
[  224.535628][ T8676]  active_file:15985 inactive_file:23326 isolated_file:0
[  224.535628][ T8676]  unevictable:1768 dirty:443 writeback:25
[  224.535628][ T8676]  slab_reclaimable:7745 slab_unreclaimable:57294
[  224.535628][ T8676]  mapped:35841 shmem:11650 pagetables:1230
[  224.535628][ T8676]  sec_pagetables:299 bounce:0
[  224.535628][ T8676]  kernel_misc_reclaimable:0
[  224.535628][ T8676]  free:31196 free_pcp:11965 free_cma:0
[  224.551466][ T8676] Node 0 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:36kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:16kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8352kB pagetables:1612kB sec_pagetables:1124kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  224.562541][ T8676] Node 1 active_anon:50752kB inactive_anon:11976kB active_file:63884kB inactive_file:93268kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:143340kB dirty:1756kB writeback:100kB shmem:43064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5272kB pagetables:3308kB sec_pagetables:72kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  224.574511][ T8676] Node 0 DMA free:2040kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:364kB local_pcp:140kB free_cma:0kB
[  224.585042][ T8676] lowmem_reserve[]: 0 283 283 283 283
[  224.587052][ T8676] Node 0 DMA32 free:19300kB boost:4096kB min:17144kB low:20404kB high:23664kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:36kB unevictable:3536kB writepending:16kB zspages:0kB present:1032196kB managed:290632kB mlocked:0kB bounce:0kB free_pcp:11184kB local_pcp:2920kB free_cma:0kB
[  224.597508][ T8676] lowmem_reserve[]: 0 0 0 0 0
[  224.599478][ T8676] Node 1 DMA32 free:103444kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:50752kB inactive_anon:11976kB active_file:63884kB inactive_file:93268kB unevictable:3536kB writepending:1856kB zspages:2424kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:36312kB local_pcp:2596kB free_cma:0kB
[  224.610462][ T8676] lowmem_reserve[]: 0 0 0 0 0
[  224.612209][ T8676] Node 0 DMA: 80*4kB (U) 15*8kB (U) 2*16kB (U) 19*32kB (UM) 3*64kB (UM) 2*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2040kB
[  224.617663][ T8676] Node 0 DMA32: 197*4kB (UE) 30*8kB (ME) 36*16kB (UME) 211*32kB (UME) 35*64kB (UE) 14*128kB (UME) 13*256kB (UM) 5*512kB (UME) 1*1024kB (U) 0*2048kB 0*4096kB = 19300kB
[  224.623144][ T8676] Node 1 DMA32: 3*4kB (ME) 395*8kB (UME) 707*16kB (UME) 122*32kB (UME) 54*64kB (UME) 93*128kB (UME) 38*256kB (UME) 29*512kB (UME) 18*1024kB (UM) 7*2048kB (M) 3*4096kB (UM) = 103380kB
[  224.629345][ T8676] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  224.633658][ T8676] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  224.636786][ T8676] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  224.640099][ T8676] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  224.643787][ T8676] 51715 total pagecache pages
[  224.645390][ T8676] 758 pages in swap cache
[  224.646962][ T8676] Free swap  = 113288kB
[  224.648552][ T5961] Bluetooth: hci4: command 0x0c1a tx timeout
[  224.650820][ T8676] Total swap = 124996kB
[  224.652286][ T8676] 524155 pages RAM
[  224.653652][ T8676] 0 pages HighMem/MovableOnly
[  224.655477][ T8676] 210604 pages reserved
[  224.657112][ T8676] 0 pages cma reserved
[  225.670180][ T5381] usb 5-1: USB disconnect, device number 5
[  225.683210][ T5381] usblp0: removed
[  225.782118][ T8690] FAULT_INJECTION: forcing a failure.
[  225.782118][ T8690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.791440][ T8690] CPU: 2 UID: 0 PID: 8690 Comm: syz.2.654 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  225.791475][ T8690] Tainted: [L]=SOFTLOCKUP
[  225.791482][ T8690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  225.791494][ T8690] Call Trace:
[  225.791502][ T8690]  <TASK>
[  225.791510][ T8690]  dump_stack_lvl+0x100/0x190
[  225.791538][ T8690]  should_fail_ex.cold+0x5/0xa
[  225.791564][ T8690]  _copy_to_user+0x32/0xd0
[  225.791597][ T8690]  simple_read_from_buffer+0xcb/0x170
[  225.791622][ T8690]  proc_fail_nth_read+0x1af/0x230
[  225.791653][ T8690]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  225.791684][ T8690]  ? rw_verify_area+0xce/0x6d0
[  225.791704][ T8690]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  225.791751][ T8690]  vfs_read+0x1e4/0xb30
[  225.791806][ T8690]  ? __pfx_vfs_read+0x10/0x10
[  225.791823][ T8690]  ? find_held_lock+0x2b/0x80
[  225.791855][ T8690]  ? __fget_files+0x215/0x3d0
[  225.791883][ T8690]  ? __fget_files+0x21f/0x3d0
[  225.791928][ T8690]  ksys_read+0x12a/0x250
[  225.791951][ T8690]  ? __pfx_ksys_read+0x10/0x10
[  225.791970][ T8690]  ? rcu_is_watching+0x12/0xc0
[  225.791994][ T8690]  ? rcu_is_watching+0x12/0xc0
[  225.792018][ T8690]  do_int80_emulation+0x141/0x700
[  225.792042][ T8690]  asm_int80_emulation+0x1a/0x20
[  225.792062][ T8690] RIP: 0023:0xf71b5cab
[  225.792079][ T8690] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  225.792098][ T8690] RSP: 002b:00000000f54554bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  225.792119][ T8690] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00000000f54555d0
[  225.792131][ T8690] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  225.792143][ T8690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  225.792153][ T8690] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  225.792165][ T8690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  225.792192][ T8690]  </TASK>
[  225.959061][ T8709] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  227.234682][ T8722] netlink: 12 bytes leftover after parsing attributes in process `syz.2.656'.
[  227.324458][ T8726] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  227.327009][ T8726] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  227.337932][ T8726] vhci_hcd vhci_hcd.0: Device attached
[  227.408225][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.412345][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.415262][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.470897][ T8731] net_ratelimit: 33018 callbacks suppressed
[  227.470910][ T8731] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.537845][ T8730] infiniband syz1: set active
[  227.538275][   T24] gre0 speed is unknown, defaulting to 1000
[  227.540364][ T8730] infiniband syz1: added gre0
[  227.561790][ T8730] smbdirect: ib_dev[syz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  227.568628][ T8730] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  227.577930][ T5963] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  227.581402][ T8730] smbdirect: ib_dev[syz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  227.588001][   T29] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  227.611384][ T8730] RDS/IB: syz1: added
[  227.614058][ T8730] smc: adding ib device syz1 with port count 1
[  227.616143][ T8730] smc:    ib device syz1 port 1 has no pnetid
[  227.623019][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.627448][   T24] gre0 speed is unknown, defaulting to 1000
[  227.719584][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.740416][   T29] usb 5-1: config 0 has no interfaces?
[  227.742737][   T29] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  227.746264][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.755746][   T29] usb 5-1: config 0 descriptor??
[  227.824851][ T8730] gre0 speed is unknown, defaulting to 1000
[  227.946359][ T8730] gre0 speed is unknown, defaulting to 1000
[  228.082546][ T8730] gre0 speed is unknown, defaulting to 1000
[  228.086493][ T8736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.661'.
[  228.107900][ T5963] usb 37-1: device descriptor read/64, error -71
[  228.134515][ T8736] bond2: Unable to set down delay as MII monitoring is disabled
[  228.201657][ T8736] bond2 (unregistering): Released all slaves
[  228.348184][ T5963] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  228.451474][ T8740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.663'.
[  228.530447][ T8740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.663'.
[  228.578101][   T40] audit: type=1804 audit(1776942206.168:194): pid=8742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.662" name="/newroot/31/file0" dev="tmpfs" ino=180 res=1 errno=0
[  229.049153][ T8750] /dev/sr0: Can't open blockdev
[  229.198022][ T8756] wlan1 speed is unknown, defaulting to 1000
[  229.202565][ T8756] gre0 speed is unknown, defaulting to 1000
[  229.222242][ T8727] vhci_hcd: connection closed
[  229.224627][   T12] vhci_hcd vhci_hcd.0: stop threads
[  229.231487][   T24] usb 5-1: USB disconnect, device number 6
[  229.235162][   T12] vhci_hcd vhci_hcd.0: release socket
[  229.245513][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  229.748115][  T854] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  229.882710][ T8766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.670'.
[  229.921681][  T854] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.927148][  T854] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  229.935902][  T854] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  229.943785][  T854] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.948672][  T854] usb 9-1: Product: syz
[  229.950586][  T854] usb 9-1: Manufacturer: syz
[  229.953900][  T854] usb 9-1: SerialNumber: syz
[  229.965833][  T854] cdc_mbim 9-1:1.0: skipping garbage
[  229.968676][ T8766] bond3: Unable to set down delay as MII monitoring is disabled
[  230.015476][ T8766] bond3 (unregistering): Released all slaves
[  230.225286][ T8763] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  230.242432][ T8770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.671'.
[  231.248378][ T8778] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  231.254557][  T854] cdc_mbim 9-1:1.0: setting tx_max = 184
[  231.260577][  T854] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device
[  231.367824][  T854] wwan wwan0: port wwan0mbim0 attached
[  231.376245][  T854] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, ee:87:8d:26:1d:dd
[  231.471143][ T1037] usb 9-1: USB disconnect, device number 5
[  231.479539][ T1037] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[  231.650455][ T8781] bond2: Unable to set down delay as MII monitoring is disabled
[  231.868135][ T8781] bond2 (unregistering): Released all slaves
[  231.879792][ T1037] wwan wwan0: port wwan0mbim0 disconnected
[  232.037292][ T8791] FAULT_INJECTION: forcing a failure.
[  232.037292][ T8791] name failslab, interval 1, probability 0, space 0, times 0
[  232.041614][ T8788] bond3: Unable to set down delay as MII monitoring is disabled
[  232.045598][ T8791] CPU: 3 UID: 0 PID: 8791 Comm: syz.4.678 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  232.045631][ T8791] Tainted: [L]=SOFTLOCKUP
[  232.045638][ T8791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  232.045650][ T8791] Call Trace:
[  232.045658][ T8791]  <TASK>
[  232.045666][ T8791]  dump_stack_lvl+0x100/0x190
[  232.045696][ T8791]  should_fail_ex.cold+0x5/0xa
[  232.045724][ T8791]  should_failslab+0xc2/0x120
[  232.045748][ T8791]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  232.045780][ T8791]  ? __alloc_skb+0x140/0x710
[  232.045801][ T8791]  ? __alloc_skb+0x5b7/0x710
[  232.045824][ T8791]  __alloc_skb+0x140/0x710
[  232.045841][ T8791]  ? __alloc_skb+0x5b7/0x710
[  232.045859][ T8791]  ? __pfx___alloc_skb+0x10/0x10
[  232.045886][ T8791]  netlink_alloc_large_skb+0x69/0x150
[  232.045917][ T8791]  netlink_sendmsg+0x680/0xda0
[  232.045947][ T8791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.045975][ T8791]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  232.046009][ T8791]  ____sys_sendmsg+0x9e1/0xb70
[  232.046034][ T8791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.046062][ T8791]  ? __pfx_____sys_sendmsg+0x10/0x10
[  232.046100][ T8791]  ___sys_sendmsg+0x190/0x1e0
[  232.046128][ T8791]  ? __pfx____sys_sendmsg+0x10/0x10
[  232.046167][ T8791]  ? find_held_lock+0x2b/0x80
[  232.046209][ T8791]  __sys_sendmsg+0x170/0x220
[  232.046229][ T8791]  ? __pfx___sys_sendmsg+0x10/0x10
[  232.046246][ T8791]  ? __fget_files+0x21f/0x3d0
[  232.046275][ T8791]  ? ksys_write+0x1ac/0x250
[  232.046298][ T8791]  ? rcu_is_watching+0x12/0xc0
[  232.046325][ T8791]  __do_fast_syscall_32+0xe7/0x950
[  232.046344][ T8791]  ? lockdep_hardirqs_on+0x78/0x100
[  232.046373][ T8791]  do_fast_syscall_32+0x32/0x70
[  232.046391][ T8791]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.046416][ T8791] RIP: 0023:0xf701efcc
[  232.046432][ T8791] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  232.046449][ T8791] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  232.046469][ T8791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  232.046481][ T8791] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[  232.046492][ T8791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.046502][ T8791] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  232.046519][ T8791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.046543][ T8791]  </TASK>
[  232.160399][ T8788] bond3 (unregistering): Released all slaves
[  232.444084][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.4.682'.
[  232.503834][ T8804] bond1: Unable to set down delay as MII monitoring is disabled
[  232.514076][ T8804] bond1 (unregistering): Released all slaves
[  233.400441][ T8812] binder: Unknown parameter ''
[  233.498495][ T5963] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  233.683063][ T8823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.688'.
[  233.720473][ T8823] bond2: Unable to set down delay as MII monitoring is disabled
[  233.730382][ T8823] bond2 (unregistering): Released all slaves
[  233.902963][ T5381] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  234.633407][ T5381] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  234.638625][ T5381] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  234.645831][ T5381] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  234.650294][ T5381] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.654282][ T5381] usb 9-1: Product: syz
[  234.656532][ T5381] usb 9-1: Manufacturer: syz
[  234.658763][ T5381] usb 9-1: SerialNumber: syz
[  234.673481][ T5381] cdc_mbim 9-1:1.0: skipping garbage
[  234.887766][ T8818] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  235.497303][ T8818] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  235.504523][ T5381] cdc_mbim 9-1:1.0: setting tx_max = 184
[  235.509609][ T5381] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device
[  235.516367][ T5381] wwan wwan0: port wwan0mbim0 attached
[  235.531011][ T5381] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 42:60:66:b9:d8:28
[  235.698102][ T7996] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  235.706757][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.709307][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.711763][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.713937][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.716161][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.718485][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.720837][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.723376][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.725888][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.728600][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.731679][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.734589][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.737030][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.739447][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.742053][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.744802][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.747989][    C0] cdc_mbim 9-1:1.0: nonzero urb status received: -71
[  235.750333][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - 0 bytes
[  235.752652][    C0] cdc_mbim 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  235.761196][   T24] usb 9-1: USB disconnect, device number 6
[  235.764497][   T24] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[  235.831621][   T24] wwan wwan0: port wwan0mbim0 disconnected
[  235.871025][ T7996] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.889645][ T7996] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  235.898191][ T7996] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  235.902436][ T7996] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.905872][ T7996] usb 6-1: Product: syz
[  235.908709][ T7996] usb 6-1: Manufacturer: syz
[  235.910759][ T7996] usb 6-1: SerialNumber: syz
[  235.921133][ T7996] cdc_mbim 6-1:1.0: skipping garbage
[  235.988413][ T5961] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  236.130505][ T8841] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  236.577835][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  236.616192][   T40] audit: type=1804 audit(1776942214.238:195): pid=8874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.700" name="/newroot/190/file0" dev="tmpfs" ino=1033 res=1 errno=0
[  236.647827][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  236.853947][ T8841] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  237.673433][ T7996] cdc_mbim 6-1:1.0: setting tx_max = 184
[  237.683738][ T7996] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  237.694147][ T7996] wwan wwan0: port wwan0mbim0 attached
[  237.718276][ T7996] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 4e:70:05:12:f8:8b
[  237.733665][ T7996] usb 6-1: USB disconnect, device number 16
[  237.737378][ T7996] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  238.011960][ T8890] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.704'.
[  238.016856][ T8890] X: default FDB implementation only supports local addresses
[  238.018036][ T5961] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  238.102774][ T7996] wwan wwan0: port wwan0mbim0 disconnected
[  238.196802][ T8897] FAULT_INJECTION: forcing a failure.
[  238.196802][ T8897] name failslab, interval 1, probability 0, space 0, times 0
[  238.204849][ T8897] CPU: 0 UID: 0 PID: 8897 Comm: syz.0.707 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  238.204872][ T8897] Tainted: [L]=SOFTLOCKUP
[  238.204877][ T8897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  238.204885][ T8897] Call Trace:
[  238.204890][ T8897]  <TASK>
[  238.204895][ T8897]  dump_stack_lvl+0x100/0x190
[  238.204915][ T8897]  should_fail_ex.cold+0x5/0xa
[  238.204933][ T8897]  should_failslab+0xc2/0x120
[  238.204949][ T8897]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  238.204970][ T8897]  ? sock_alloc_inode+0x26/0x290
[  238.204988][ T8897]  ? __pfx_sock_alloc_inode+0x10/0x10
[  238.205004][ T8897]  sock_alloc_inode+0x26/0x290
[  238.205018][ T8897]  ? __pfx_sock_alloc_inode+0x10/0x10
[  238.205033][ T8897]  alloc_inode+0x68/0x250
[  238.205053][ T8897]  sock_alloc+0x44/0x280
[  238.205065][ T8897]  ? security_socket_create+0x7f/0x250
[  238.205085][ T8897]  __sock_create+0xc2/0x860
[  238.205101][ T8897]  ? __fget_files+0x21f/0x3d0
[  238.205116][ T8897]  __sys_socket+0x14d/0x260
[  238.205133][ T8897]  ? __pfx___sys_socket+0x10/0x10
[  238.205150][ T8897]  ? fput+0x79/0x100
[  238.205166][ T8897]  ? ksys_write+0x1ac/0x250
[  238.205182][ T8897]  __ia32_sys_socket+0x72/0xb0
[  238.205199][ T8897]  ? lockdep_hardirqs_on+0x78/0x100
[  238.205219][ T8897]  __do_fast_syscall_32+0xe7/0x950
[  238.205230][ T8897]  ? lockdep_hardirqs_on+0x78/0x100
[  238.205249][ T8897]  do_fast_syscall_32+0x32/0x70
[  238.205261][ T8897]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  238.205278][ T8897] RIP: 0023:0xf7f74fcc
[  238.205290][ T8897] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  238.205302][ T8897] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000167
[  238.205318][ T8897] RAX: ffffffffffffffda RBX: 000000000000002d RCX: 0000000000000000
[  238.205329][ T8897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  238.205339][ T8897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  238.205349][ T8897] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  238.205360][ T8897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  238.205384][ T8897]  </TASK>
[  238.205395][ T8897] socket: no more sockets
[  240.495895][ T8918] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.713'.
[  240.687230][ T8926] FAULT_INJECTION: forcing a failure.
[  240.687230][ T8926] name failslab, interval 1, probability 0, space 0, times 0
[  240.691204][ T8926] CPU: 2 UID: 0 PID: 8926 Comm: syz.2.717 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  240.691233][ T8926] Tainted: [L]=SOFTLOCKUP
[  240.691238][ T8926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  240.691245][ T8926] Call Trace:
[  240.691250][ T8926]  <TASK>
[  240.691255][ T8926]  dump_stack_lvl+0x100/0x190
[  240.691273][ T8926]  should_fail_ex.cold+0x5/0xa
[  240.691289][ T8926]  ? lsm_blob_alloc+0x68/0x90
[  240.691301][ T8926]  should_failslab+0xc2/0x120
[  240.691315][ T8926]  __kmalloc_noprof+0xe0/0x850
[  240.691332][ T8926]  ? trace_kmalloc+0xe3/0x110
[  240.691367][ T8926]  lsm_blob_alloc+0x68/0x90
[  240.691380][ T8926]  security_sk_alloc+0x2d/0x290
[  240.691396][ T8926]  sk_prot_alloc+0x12a/0x2a0
[  240.691412][ T8926]  sk_alloc+0x36/0xe80
[  240.691422][ T8926]  bpf_prog_test_run_skb+0x4db/0x3540
[  240.691441][ T8926]  ? find_held_lock+0x2b/0x80
[  240.691456][ T8926]  ? __fget_files+0x1a1/0x3d0
[  240.691473][ T8926]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  240.691488][ T8926]  ? fput+0x79/0x100
[  240.691504][ T8926]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  240.691517][ T8926]  __sys_bpf+0x1725/0x4b90
[  240.691530][ T8926]  ? __pfx___sys_bpf+0x10/0x10
[  240.691539][ T8926]  ? get_pid_task+0x106/0x250
[  240.691555][ T8926]  ? proc_fail_nth_write+0x9f/0x220
[  240.691572][ T8926]  ? find_held_lock+0x2b/0x80
[  240.691587][ T8926]  ? find_held_lock+0x2b/0x80
[  240.691601][ T8926]  ? ksys_write+0x190/0x250
[  240.691615][ T8926]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  240.691633][ T8926]  ? kernel_write+0x633/0x6c0
[  240.691651][ T8926]  ? fput+0x79/0x100
[  240.691665][ T8926]  ? ksys_write+0x1ac/0x250
[  240.691678][ T8926]  __ia32_sys_bpf+0x79/0xf0
[  240.691688][ T8926]  ? lockdep_hardirqs_on+0x78/0x100
[  240.691704][ T8926]  __do_fast_syscall_32+0xe7/0x950
[  240.691713][ T8926]  ? lockdep_hardirqs_on+0x78/0x100
[  240.691729][ T8926]  do_fast_syscall_32+0x32/0x70
[  240.691739][ T8926]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  240.691757][ T8926] RIP: 0023:0xf7fb8fcc
[  240.691790][ T8926] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  240.691801][ T8926] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  240.691813][ T8926] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  240.691819][ T8926] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[  240.691825][ T8926] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  240.691831][ T8926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  240.691837][ T8926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  240.691850][ T8926]  </TASK>
[  240.977596][ T8930] block device autoloading is deprecated and will be removed.
[  241.057937][ T5381] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  241.209776][ T5381] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.214735][ T5381] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  241.223616][ T5381] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  241.227565][ T5381] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.231610][ T5381] usb 7-1: Product: syz
[  241.233686][ T5381] usb 7-1: Manufacturer: syz
[  241.236250][ T5381] usb 7-1: SerialNumber: syz
[  241.246169][ T5381] cdc_mbim 7-1:1.0: skipping garbage
[  241.446989][ T8929] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  242.056362][ T8929] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  242.059602][ T5381] cdc_mbim 7-1:1.0: setting tx_max = 184
[  242.065227][ T5381] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  242.069237][ T5381] wwan wwan0: port wwan0mbim0 attached
[  242.074704][ T5381] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, be:08:24:c7:92:d0
[  242.263000][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  242.265919][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  242.269078][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  242.272191][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  242.275383][    C2] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  242.278275][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  242.281130][    C2] cdc_mbim 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  242.289163][ T5670] 8021q: adding VLAN 0 to HW filter on device wwan0
[  242.291840][ T6042] usb 7-1: USB disconnect, device number 16
[  242.295903][ T6042] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  242.414400][ T8914] wlan1 speed is unknown, defaulting to 1000
[  242.425549][ T8914] gre0 speed is unknown, defaulting to 1000
[  242.434350][ T8943] IPv6: NLM_F_REPLACE set, but no existing node found!
[  242.438933][ T8943] FAULT_INJECTION: forcing a failure.
[  242.438933][ T8943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  242.444238][ T8943] CPU: 3 UID: 0 PID: 8943 Comm: syz.4.720 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  242.444258][ T8943] Tainted: [L]=SOFTLOCKUP
[  242.444261][ T8943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  242.444269][ T8943] Call Trace:
[  242.444273][ T8943]  <TASK>
[  242.444278][ T8943]  dump_stack_lvl+0x100/0x190
[  242.444297][ T8943]  should_fail_ex.cold+0x5/0xa
[  242.444313][ T8943]  _copy_to_user+0x32/0xd0
[  242.444333][ T8943]  simple_read_from_buffer+0xcb/0x170
[  242.444347][ T8943]  proc_fail_nth_read+0x1af/0x230
[  242.444365][ T8943]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  242.444383][ T8943]  ? rw_verify_area+0xce/0x6d0
[  242.444394][ T8943]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  242.444410][ T8943]  vfs_read+0x1e4/0xb30
[  242.444424][ T8943]  ? __pfx_vfs_read+0x10/0x10
[  242.444435][ T8943]  ? find_held_lock+0x2b/0x80
[  242.444450][ T8943]  ? __fget_files+0x215/0x3d0
[  242.444465][ T8943]  ? __fget_files+0x21f/0x3d0
[  242.444481][ T8943]  ksys_read+0x12a/0x250
[  242.444492][ T8943]  ? __pfx_ksys_read+0x10/0x10
[  242.444504][ T8943]  ? rcu_is_watching+0x12/0xc0
[  242.444518][ T8943]  ? rcu_is_watching+0x12/0xc0
[  242.444532][ T8943]  do_int80_emulation+0x141/0x700
[  242.444553][ T8943]  asm_int80_emulation+0x1a/0x20
[  242.444565][ T8943] RIP: 0023:0xf7155cab
[  242.444575][ T8943] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  242.444585][ T8943] RSP: 002b:00000000f540d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  242.444598][ T8943] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f540d5d0
[  242.444605][ T8943] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  242.444611][ T8943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  242.444617][ T8943] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  242.444623][ T8943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  242.444637][ T8943]  </TASK>
[  242.542938][ T6042] wwan wwan0: port wwan0mbim0 disconnected
[  244.622152][ T5961] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  244.627708][ T8965] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.724'.
[  244.631259][ T8965] X: default FDB implementation only supports local addresses
[  244.900437][ T8973] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  244.908475][ T8973] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  245.058482][ T8973] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  245.065761][ T8973] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  245.083358][ T8973] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  245.096499][ T8973] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  245.120543][ T8973] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  245.133613][ T8973] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  245.340775][   T10] wlan1 speed is unknown, defaulting to 1000
[  245.359697][   T10] syz0: Port: 1 Link DOWN
[  245.535354][ T8973] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  245.537403][ T8973] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  245.825915][ T8977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.726'.
[  245.830841][ T8976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.725'.
[  245.898914][ T9004] netlink: 24 bytes leftover after parsing attributes in process `syz.4.729'.
[  245.909751][ T9004] netlink: 'syz.4.729': attribute type 1 has an invalid length.
[  245.954960][ T8999] syzkaller0: entered promiscuous mode
[  245.956993][ T8999] syzkaller0: entered allmulticast mode
[  245.978348][ T9007] erspan1: entered allmulticast mode
[  246.229861][ T9004] bond1: entered promiscuous mode
[  246.234535][ T9004] bond1: entered allmulticast mode
[  246.237023][ T9004] 8021q: adding VLAN 0 to HW filter on device bond1
[  246.950328][ T9028] netlink: 12 bytes leftover after parsing attributes in process `syz.4.733'.
[  248.576168][ T9045] FAULT_INJECTION: forcing a failure.
[  248.576168][ T9045] name failslab, interval 1, probability 0, space 0, times 0
[  248.580295][ T9045] CPU: 0 UID: 0 PID: 9045 Comm: syz.2.738 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  248.580314][ T9045] Tainted: [L]=SOFTLOCKUP
[  248.580318][ T9045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  248.580325][ T9045] Call Trace:
[  248.580330][ T9045]  <TASK>
[  248.580336][ T9045]  dump_stack_lvl+0x100/0x190
[  248.580354][ T9045]  should_fail_ex.cold+0x5/0xa
[  248.580370][ T9045]  should_failslab+0xc2/0x120
[  248.580385][ T9045]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  248.580403][ T9045]  ? __alloc_skb+0x140/0x710
[  248.580417][ T9045]  __alloc_skb+0x140/0x710
[  248.580427][ T9045]  ? __alloc_skb+0x5b7/0x710
[  248.580436][ T9045]  ? __pfx___alloc_skb+0x10/0x10
[  248.580450][ T9045]  mgmt_cmd_complete+0x4f/0x5a0
[  248.580472][ T9045]  set_def_system_config+0xd82/0x15b0
[  248.580486][ T9045]  ? __pfx_mgmt_init_hdev+0x10/0x10
[  248.580498][ T9045]  hci_sock_sendmsg+0x154e/0x2620
[  248.580518][ T9045]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  248.580536][ T9045]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  248.580553][ T9045]  sock_write_iter+0x524/0x5a0
[  248.580567][ T9045]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  248.580584][ T9045]  ? __pfx_sock_write_iter+0x10/0x10
[  248.580597][ T9045]  ? get_pid_task+0xfc/0x250
[  248.580618][ T9045]  ? bpf_lsm_file_permission+0x9/0x10
[  248.580629][ T9045]  ? security_file_permission+0x76/0x210
[  248.580641][ T9045]  ? rw_verify_area+0xce/0x6d0
[  248.580654][ T9045]  vfs_write+0x6ac/0x1070
[  248.580666][ T9045]  ? __pfx_sock_write_iter+0x10/0x10
[  248.580682][ T9045]  ? __pfx_vfs_write+0x10/0x10
[  248.580692][ T9045]  ? find_held_lock+0x2b/0x80
[  248.580714][ T9045]  ksys_write+0x1f8/0x250
[  248.580726][ T9045]  ? __pfx_ksys_write+0x10/0x10
[  248.580736][ T9045]  ? ksys_write+0x1ac/0x250
[  248.580748][ T9045]  ? rcu_is_watching+0x12/0xc0
[  248.580764][ T9045]  __do_fast_syscall_32+0xe7/0x950
[  248.580779][ T9045]  ? lockdep_hardirqs_on+0x78/0x100
[  248.580796][ T9045]  do_fast_syscall_32+0x32/0x70
[  248.580806][ T9045]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  248.580821][ T9045] RIP: 0023:0xf7fb8fcc
[  248.580830][ T9045] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  248.580844][ T9045] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  248.580856][ T9045] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000000
[  248.580863][ T9045] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  248.580870][ T9045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  248.580876][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  248.580882][ T9045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  248.580895][ T9045]  </TASK>
[  249.864465][ T9056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.741'.
[  250.848260][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.4.740'.
[  251.438067][   T39] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  251.587896][   T39] usb 7-1: Using ep0 maxpacket: 32
[  251.590933][   T39] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  251.594360][   T39] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  251.598889][   T39] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  251.602252][   T39] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  251.605189][   T39] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  251.611285][   T39] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  251.614760][   T39] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.617460][   T39] usb 7-1: Product: syz
[  251.619095][   T39] usb 7-1: Manufacturer: syz
[  251.620557][   T39] usb 7-1: SerialNumber: syz
[  251.626488][   T39] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  251.631769][   T39] imon 7-1:155.0: unable to initialize intf0, err -90
[  251.634029][   T39] imon:imon_probe: failed to initialize context!
[  251.636029][   T39] imon 7-1:155.0: unable to register, err -19
[  252.380559][ T9064] wlan1 speed is unknown, defaulting to 1000
[  252.393144][ T9064] gre0 speed is unknown, defaulting to 1000
[  252.988599][ T9074] overlay: Unknown parameter '/'
[  254.137971][ T7996] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  254.287967][ T7996] usb 6-1: Using ep0 maxpacket: 8
[  254.293009][ T7996] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  254.296921][ T7996] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  254.301447][ T7996] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  254.304739][ T7996] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  254.308663][ T7996] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  254.313482][ T7996] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  254.316620][ T7996] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.441356][   T29] usb 7-1: USB disconnect, device number 17
[  254.527659][ T7996] usb 6-1: GET_CAPABILITIES returned 0
[  254.529769][ T7996] usbtmc 6-1:16.0: can't read capabilities
[  254.661699][ T9098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.752'.
[  254.939054][ T9100] fuse: Unknown parameter '	'
[  255.529268][ T9098] bond1: Unable to set down delay as MII monitoring is disabled
[  255.616223][ T9098] bond1 (unregistering): Released all slaves
[  256.188348][ T1037] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  256.222532][   T40] audit: type=1804 audit(1776942233.848:196): pid=9111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.755" name="/newroot/186/file0" dev="tmpfs" ino=1012 res=1 errno=0
[  256.295645][ T9109] binder: Unknown parameter ''
[  256.338308][ T1037] usb 9-1: Using ep0 maxpacket: 32
[  256.342424][ T1037] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  256.346904][ T1037] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  256.352084][ T1037] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  256.356809][ T1037] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  256.361565][ T1037] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  256.369385][ T1037] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  256.373204][ T1037] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.377227][ T1037] usb 9-1: Product: syz
[  256.379513][ T1037] usb 9-1: Manufacturer: syz
[  256.381942][ T1037] usb 9-1: SerialNumber: syz
[  256.394908][ T1037] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  256.399248][ T1037] imon 9-1:155.0: unable to initialize intf0, err -90
[  256.402175][ T1037] imon:imon_probe: failed to initialize context!
[  256.404801][ T1037] imon 9-1:155.0: unable to register, err -19
[  256.528002][ T6118] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  256.688577][ T6118] usb 7-1: too many configurations: 11, using maximum allowed: 8
[  256.699016][ T6118] usb 7-1: string descriptor 0 read error: -71
[  256.701121][ T6118] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  256.704039][ T6118] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.706800][ T6118] usb 7-1: can't set config #1, error -71
[  256.709668][ T6118] usb 7-1: USB disconnect, device number 18
[  256.903558][ T7996] usb 6-1: USB disconnect, device number 17
[  257.017923][ T6042] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  257.177933][ T6042] usb 5-1: Using ep0 maxpacket: 32
[  257.183012][ T6042] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  257.186507][ T6042] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  257.190439][ T6042] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  257.194099][ T6042] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  257.197692][ T6042] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  257.203794][ T6042] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  257.206769][ T6042] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.209489][ T6042] usb 5-1: Product: syz
[  257.210926][ T6042] usb 5-1: Manufacturer: syz
[  257.213240][ T6042] usb 5-1: SerialNumber: syz
[  257.219654][ T6042] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  257.222459][ T6042] imon 5-1:155.0: unable to initialize intf0, err -90
[  257.224835][ T6042] imon:imon_probe: failed to initialize context!
[  257.227137][ T6042] imon 5-1:155.0: unable to register, err -19
[  257.439511][ T9134] FAULT_INJECTION: forcing a failure.
[  257.439511][ T9134] name failslab, interval 1, probability 0, space 0, times 0
[  257.448308][ T9134] CPU: 3 UID: 0 PID: 9134 Comm: syz.2.762 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  257.448337][ T9134] Tainted: [L]=SOFTLOCKUP
[  257.448343][ T9134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  257.448354][ T9134] Call Trace:
[  257.448362][ T9134]  <TASK>
[  257.448370][ T9134]  dump_stack_lvl+0x100/0x190
[  257.448398][ T9134]  should_fail_ex.cold+0x5/0xa
[  257.448423][ T9134]  should_failslab+0xc2/0x120
[  257.448447][ T9134]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  257.448474][ T9134]  ? __alloc_skb+0x140/0x710
[  257.448505][ T9134]  __alloc_skb+0x140/0x710
[  257.448520][ T9134]  ? __alloc_skb+0x5b7/0x710
[  257.448535][ T9134]  ? __pfx___alloc_skb+0x10/0x10
[  257.448561][ T9134]  mgmt_cmd_complete+0x4f/0x5a0
[  257.448593][ T9134]  remove_device+0x73b/0xbf0
[  257.448617][ T9134]  ? find_held_lock+0x2b/0x80
[  257.448641][ T9134]  ? __pfx_remove_device+0x10/0x10
[  257.448662][ T9134]  ? do_raw_read_unlock+0x3f/0x70
[  257.448682][ T9134]  ? _raw_read_unlock+0x28/0x50
[  257.448708][ T9134]  ? __pfx_mgmt_init_hdev+0x10/0x10
[  257.448727][ T9134]  hci_sock_sendmsg+0x154e/0x2620
[  257.448759][ T9134]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  257.448787][ T9134]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  257.448817][ T9134]  sock_write_iter+0x524/0x5a0
[  257.448842][ T9134]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  257.448869][ T9134]  ? __pfx_sock_write_iter+0x10/0x10
[  257.448890][ T9134]  ? get_pid_task+0xfc/0x250
[  257.448925][ T9134]  ? bpf_lsm_file_permission+0x9/0x10
[  257.448942][ T9134]  ? security_file_permission+0x76/0x210
[  257.448961][ T9134]  ? rw_verify_area+0xce/0x6d0
[  257.448982][ T9134]  vfs_write+0x6ac/0x1070
[  257.449002][ T9134]  ? __pfx_sock_write_iter+0x10/0x10
[  257.449027][ T9134]  ? __pfx_vfs_write+0x10/0x10
[  257.449045][ T9134]  ? find_held_lock+0x2b/0x80
[  257.449082][ T9134]  ksys_write+0x1f8/0x250
[  257.449119][ T9134]  ? __pfx_ksys_write+0x10/0x10
[  257.449137][ T9134]  ? ksys_write+0x1ac/0x250
[  257.449158][ T9134]  ? rcu_is_watching+0x12/0xc0
[  257.449185][ T9134]  __do_fast_syscall_32+0xe7/0x950
[  257.449202][ T9134]  ? lockdep_hardirqs_on+0x78/0x100
[  257.449230][ T9134]  do_fast_syscall_32+0x32/0x70
[  257.449249][ T9134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  257.449272][ T9134] RIP: 0023:0xf7fb8fcc
[  257.449288][ T9134] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  257.449306][ T9134] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  257.449324][ T9134] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[  257.449336][ T9134] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  257.449345][ T9134] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  257.449357][ T9134] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  257.449367][ T9134] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  257.449390][ T9134]  </TASK>
[  257.658827][ T9137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.763'.
[  257.715644][ T9137] bond1: Unable to set down delay as MII monitoring is disabled
[  257.721741][ T9137] bond1 (unregistering): Released all slaves
[  258.810423][ T9147] fuse: Bad value for 'rootmode'
[  258.957545][   T39] usb 9-1: USB disconnect, device number 7
[  259.229096][ T9157] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.767'.
[  259.232869][ T9157] bridge_slave_1: default FDB implementation only supports local addresses
[  259.780731][  T854] usb 5-1: USB disconnect, device number 7
[  260.493009][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  260.497690][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  260.965529][ T9180] netlink: 12 bytes leftover after parsing attributes in process `syz.2.773'.
[  261.643179][ T9177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.772'.
[  261.663621][ T9177] bond3: Unable to set down delay as MII monitoring is disabled
[  261.679456][ T9177] bond3 (unregistering): Released all slaves
[  261.748934][ T9184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.776'.
[  261.795870][ T5318] block nbd2: Receive control failed (result -1)
[  261.915903][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.775'.
[  262.210738][ T9186] bridge0: port 2(X) entered disabled state
[  262.213390][ T9186] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.484455][ T9186] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.491586][ T9186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.615712][ T9186] ip6erspan0: left promiscuous mode
[  262.620268][ T9198] netlink: 'syz.0.779': attribute type 1 has an invalid length.
[  262.622931][ T9198] netlink: 288 bytes leftover after parsing attributes in process `syz.0.779'.
[  262.646382][ T9192] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.777'.
[  262.656368][ T1157] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.660692][ T1157] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.670316][ T1157] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.681995][ T1157] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.038106][  T854] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  263.154235][ T9213] netlink: 48 bytes leftover after parsing attributes in process `syz.4.782'.
[  263.310795][ T9211] /dev/sr0: Can't open blockdev
[  264.700157][  T854] usb 6-1: Using ep0 maxpacket: 32
[  264.711673][  T854] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  264.716010][  T854] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  264.728727][  T854] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  264.736747][  T854] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  264.748574][  T854] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  264.754265][  T854] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.758400][  T854] usb 6-1: Product: syz
[  264.761867][  T854] usb 6-1: Manufacturer: syz
[  264.765528][  T854] usb 6-1: SerialNumber: syz
[  264.881115][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  264.887349][  T854] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/input/input62
[  265.107890][  T854] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  265.122831][  T854]  (id 0x00)
[  265.189228][  T854] rc_core: IR keymap rc-imon-pad not found
[  265.197380][  T854] Registered IR keymap rc-empty
[  265.207307][  T854] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  265.218973][  T854] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  265.396125][  T854] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0
[  265.423317][  T854] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0/input63
[  265.455171][  T854] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:18> initialized
[  265.512818][   T24] usb 6-1: USB disconnect, device number 18
[  265.824161][ T9229] netlink: 12 bytes leftover after parsing attributes in process `syz.0.787'.
[  266.606688][ T9238] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.790'.
[  267.888169][ T1037] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  268.098039][ T1037] usb 9-1: Using ep0 maxpacket: 32
[  268.104518][ T1037] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  268.109255][ T1037] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  268.113661][ T1037] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  268.117521][ T1037] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  268.126049][ T1037] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  268.129505][ T1037] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.132158][ T1037] usb 9-1: Product: syz
[  268.133784][ T1037] usb 9-1: Manufacturer: syz
[  268.135479][ T1037] usb 9-1: SerialNumber: syz
[  268.161693][    C1] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  268.171878][ T1037] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input64
[  268.295640][ T9271] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.799'.
[  268.577900][ T1037] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  268.581235][ T1037]  (id 0x00)
[  268.637849][ T1037] rc_core: IR keymap rc-imon-pad not found
[  268.643947][ T1037] Registered IR keymap rc-empty
[  268.655807][ T1037] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  268.670675][ T1037] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  268.709842][ T1037] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  268.740397][ T1037] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input65
[  268.816667][ T1037] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:8> initialized
[  268.888589][ T5381] usb 9-1: USB disconnect, device number 8
[  270.673286][ T9302] netlink: 12 bytes leftover after parsing attributes in process `syz.4.808'.
[  270.743133][ T5318] block nbd3: Receive control failed (result -1)
[  273.369823][ T9328] netlink: 8 bytes leftover after parsing attributes in process `syz.2.815'.
[  273.440568][ T9332] netlink: 8 bytes leftover after parsing attributes in process `syz.0.816'.
[  273.584712][ T9333] bond1: Unable to set down delay as MII monitoring is disabled
[  273.671944][ T9333] bond1 (unregistering): Released all slaves
[  273.712655][ T9335] bond3: Unable to set down delay as MII monitoring is disabled
[  273.735418][ T9335] bond3 (unregistering): Released all slaves
[  274.011811][ T9349] fuse: Bad value for 'fd'
[  274.437586][ T9358] FAULT_INJECTION: forcing a failure.
[  274.437586][ T9358] name failslab, interval 1, probability 0, space 0, times 0
[  274.442173][ T9358] CPU: 1 UID: 0 PID: 9358 Comm: syz.4.821 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  274.442203][ T9358] Tainted: [L]=SOFTLOCKUP
[  274.442208][ T9358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  274.442219][ T9358] Call Trace:
[  274.442267][ T9358]  <TASK>
[  274.442276][ T9358]  dump_stack_lvl+0x100/0x190
[  274.442305][ T9358]  should_fail_ex.cold+0x5/0xa
[  274.442326][ T9358]  ? tomoyo_encode2+0xfb/0x3c0
[  274.442343][ T9358]  should_failslab+0xc2/0x120
[  274.442362][ T9358]  __kmalloc_noprof+0xe0/0x850
[  274.442386][ T9358]  ? d_absolute_path+0x136/0x1b0
[  274.442416][ T9358]  tomoyo_encode2+0xfb/0x3c0
[  274.442437][ T9358]  tomoyo_encode+0x29/0x50
[  274.442453][ T9358]  tomoyo_realpath_from_path+0x18c/0x690
[  274.442477][ T9358]  tomoyo_path_number_perm+0x23c/0x580
[  274.442503][ T9358]  ? tomoyo_path_number_perm+0x22e/0x580
[  274.442530][ T9358]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  274.442558][ T9358]  ? get_pid_task+0x106/0x250
[  274.442615][ T9358]  ? find_held_lock+0x2b/0x80
[  274.442637][ T9358]  ? __fget_files+0x215/0x3d0
[  274.442655][ T9358]  ? hook_file_ioctl_common+0x149/0x410
[  274.442683][ T9358]  ? __fget_files+0x215/0x3d0
[  274.442706][ T9358]  ? __fget_files+0x21f/0x3d0
[  274.442730][ T9358]  security_file_ioctl_compat+0xd3/0x230
[  274.442760][ T9358]  __ia32_compat_sys_ioctl+0xc2/0x360
[  274.442783][ T9358]  __do_fast_syscall_32+0xe7/0x950
[  274.442801][ T9358]  ? lockdep_hardirqs_on+0x78/0x100
[  274.442830][ T9358]  do_fast_syscall_32+0x32/0x70
[  274.442847][ T9358]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  274.442871][ T9358] RIP: 0023:0xf701efcc
[  274.442887][ T9358] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  274.442904][ T9358] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  274.442924][ T9358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72
[  274.442935][ T9358] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  274.442945][ T9358] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  274.442954][ T9358] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  274.442964][ T9358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  274.442986][ T9358]  </TASK>
[  274.443035][ T9358] ERROR: Out of memory at tomoyo_realpath_from_path.
[  275.132059][ T9375] wlan1 speed is unknown, defaulting to 1000
[  275.138597][ T9375] gre0 speed is unknown, defaulting to 1000
[  275.966220][ T9379] netlink: 12 bytes leftover after parsing attributes in process `syz.2.824'.
[  277.367934][  T854] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  277.518245][  T854] usb 6-1: Using ep0 maxpacket: 32
[  277.522442][  T854] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  277.526161][  T854] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  277.531290][  T854] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  277.535562][  T854] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  277.542891][  T854] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  277.546846][  T854] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.554925][  T854] usb 6-1: Product: syz
[  277.557674][  T854] usb 6-1: Manufacturer: syz
[  277.560353][  T854] usb 6-1: SerialNumber: syz
[  277.616210][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  277.645933][  T854] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/input/input66
[  277.827906][  T854] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  277.830846][  T854]  (id 0x00)
[  277.887874][  T854] rc_core: IR keymap rc-imon-pad not found
[  277.890236][  T854] Registered IR keymap rc-empty
[  277.892063][  T854] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  277.895469][  T854] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  278.029569][  T854] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0
[  278.035833][  T854] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0/input67
[  278.043342][  T854] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:19> initialized
[  278.238125][ T1037] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  278.308579][ T9386] imon:send_packet: packet tx failed (-71)
[  278.309047][   T24] usb 6-1: USB disconnect, device number 19
[  278.338104][ T9386] imon:vfd_write: send packet #0 failed
[  278.340582][ T9399] imon:display_open: display port is already open
[  278.469855][ T1037] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.474863][ T1037] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  278.481796][ T1037] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  278.485783][ T1037] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.489201][ T1037] usb 5-1: Product: syz
[  278.490947][ T1037] usb 5-1: Manufacturer: syz
[  278.492733][ T1037] usb 5-1: SerialNumber: syz
[  278.501252][ T1037] cdc_mbim 5-1:1.0: skipping garbage
[  278.681153][ T9405] sd 0:0:0:0: PR command failed: 1026
[  278.683763][ T9405] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  278.686416][ T9405] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  278.704110][ T9398] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  279.101795][ T9411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.836'.
[  279.152796][ T9416] FAULT_INJECTION: forcing a failure.
[  279.152796][ T9416] name failslab, interval 1, probability 0, space 0, times 0
[  279.158867][ T9416] CPU: 2 UID: 0 PID: 9416 Comm: syz.1.837 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  279.158888][ T9416] Tainted: [L]=SOFTLOCKUP
[  279.158893][ T9416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  279.158900][ T9416] Call Trace:
[  279.158904][ T9416]  <TASK>
[  279.158909][ T9416]  dump_stack_lvl+0x100/0x190
[  279.158948][ T9416]  should_fail_ex.cold+0x5/0xa
[  279.158965][ T9416]  ? tomoyo_encode2+0xfb/0x3c0
[  279.158978][ T9416]  should_failslab+0xc2/0x120
[  279.159020][ T9416]  __kmalloc_noprof+0xe0/0x850
[  279.159042][ T9416]  tomoyo_encode2+0xfb/0x3c0
[  279.159056][ T9416]  tomoyo_encode+0x29/0x50
[  279.159068][ T9416]  tomoyo_realpath_from_path+0x18c/0x690
[  279.159084][ T9416]  tomoyo_path_number_perm+0x23c/0x580
[  279.159102][ T9416]  ? tomoyo_path_number_perm+0x22e/0x580
[  279.159120][ T9416]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.159138][ T9416]  ? get_pid_task+0x106/0x250
[  279.159169][ T9416]  ? find_held_lock+0x2b/0x80
[  279.159184][ T9416]  ? __fget_files+0x215/0x3d0
[  279.159197][ T9416]  ? hook_file_ioctl_common+0x149/0x410
[  279.159214][ T9416]  ? __fget_files+0x215/0x3d0
[  279.159229][ T9416]  ? __fget_files+0x21f/0x3d0
[  279.159244][ T9416]  security_file_ioctl_compat+0xd3/0x230
[  279.159263][ T9416]  __ia32_compat_sys_ioctl+0xc2/0x360
[  279.159277][ T9416]  __do_fast_syscall_32+0xe7/0x950
[  279.159289][ T9416]  ? lockdep_hardirqs_on+0x78/0x100
[  279.159307][ T9416]  do_fast_syscall_32+0x32/0x70
[  279.159317][ T9416]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.159333][ T9416] RIP: 0023:0xf7f26fcc
[  279.159344][ T9416] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  279.159357][ T9416] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  279.159370][ T9416] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400452c8
[  279.159377][ T9416] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  279.159383][ T9416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  279.159390][ T9416] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  279.159396][ T9416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  279.159411][ T9416]  </TASK>
[  279.159465][ T9416] ERROR: Out of memory at tomoyo_realpath_from_path.
[  279.290881][ T9418] geneve0: entered allmulticast mode
[  279.297689][   T40] audit: type=1804 audit(1776942256.918:197): pid=9420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.839" name="/newroot/201/file0" dev="tmpfs" ino=1089 res=1 errno=0
[  279.312341][ T9398] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  279.316582][ T1037] cdc_mbim 5-1:1.0: setting tx_max = 184
[  279.330046][ T1037] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  279.335838][ T1037] wwan wwan0: port wwan0mbim0 attached
[  279.345795][ T1037] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, ae:2a:b4:af:75:05
[  279.516920][    C0] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  279.519282][    C0] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  279.521718][    C0] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  279.523883][    C0] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  279.528408][  T854] usb 5-1: USB disconnect, device number 8
[  279.531676][  T854] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  279.624114][ T9437] wlan1 speed is unknown, defaulting to 1000
[  279.626815][ T9437] gre0 speed is unknown, defaulting to 1000
[  280.674181][  T854] wwan wwan0: port wwan0mbim0 disconnected
[  281.869681][ T9450] wlan1 speed is unknown, defaulting to 1000
[  281.931343][ T9450] gre0 speed is unknown, defaulting to 1000
[  282.185338][   T40] audit: type=1804 audit(1776942259.808:198): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.848" name="/newroot/205/file0" dev="tmpfs" ino=1111 res=1 errno=0
[  283.771572][ T9494] wlan1 speed is unknown, defaulting to 1000
[  283.775715][ T9494] gre0 speed is unknown, defaulting to 1000
[  283.948160][ T9496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.853'.
[  287.502683][ T9516] netlink: 12 bytes leftover after parsing attributes in process `syz.1.860'.
[  287.536124][    C3] sd 0:0:0:0: [sda] tag#21 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  287.540418][    C3] sd 0:0:0:0: [sda] tag#21 CDB: Test Unit Ready 
[  287.550811][ T9516] program syz.1.860 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.557676][ T9516] netlink: 36 bytes leftover after parsing attributes in process `syz.1.860'.
[  287.953627][ T9522] binder: Unknown parameter ''
[  289.268158][ T5381] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  289.437871][ T5381] usb 6-1: Using ep0 maxpacket: 16
[  289.442085][ T5381] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  289.446993][ T5381] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  289.454758][ T5381] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  289.459402][ T5381] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  289.463662][ T5381] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  289.472229][ T5381] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  289.476205][ T5381] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  289.481112][ T5381] usb 6-1: Manufacturer: syz
[  289.486345][ T5381] usb 6-1: config 0 descriptor??
[  289.798524][ T5381] rc_core: IR keymap rc-hauppauge not found
[  289.801399][ T5381] Registered IR keymap rc-empty
[  289.803970][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.816500][ T9552] netlink: 12 bytes leftover after parsing attributes in process `syz.4.871'.
[  289.830034][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.848941][ T5381] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  289.857408][ T5381] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input68
[  289.862631][ T5312] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  289.868964][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.887985][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.907939][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.938981][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.961001][ T5318] block nbd4: Receive control failed (result -1)
[  289.968277][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  289.997923][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  290.027977][ T5312] usb 7-1: Using ep0 maxpacket: 32
[  290.030234][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  290.034149][ T5312] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  290.038607][ T5312] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  290.042377][ T5312] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  290.047247][ T5312] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  290.051622][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  290.059070][ T5312] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  290.064503][ T5312] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.067708][ T5312] usb 7-1: Product: syz
[  290.069226][ T5312] usb 7-1: Manufacturer: syz
[  290.071023][ T5312] usb 7-1: SerialNumber: syz
[  290.077955][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  290.081799][    C3] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  290.084979][ T5312] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input69
[  290.107964][ T5381] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  290.140149][ T5381] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  290.143107][ T5381] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  290.148940][ T5381] usb 6-1: USB disconnect, device number 20
[  290.249163][ T9562] FAULT_INJECTION: forcing a failure.
[  290.249163][ T9562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.253863][ T9562] CPU: 3 UID: 0 PID: 9562 Comm: syz.4.873 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  290.253883][ T9562] Tainted: [L]=SOFTLOCKUP
[  290.253887][ T9562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  290.253895][ T9562] Call Trace:
[  290.253902][ T9562]  <TASK>
[  290.253907][ T9562]  dump_stack_lvl+0x100/0x190
[  290.253928][ T9562]  should_fail_ex.cold+0x5/0xa
[  290.253944][ T9562]  _copy_to_user+0x32/0xd0
[  290.253976][ T9562]  mptcp_put_int_option.isra.0+0x1bd/0x250
[  290.253996][ T9562]  ? __pfx_mptcp_put_int_option.isra.0+0x10/0x10
[  290.254009][ T9562]  ? mptcp_getsockopt+0x16a/0xe50
[  290.254021][ T9562]  ? find_held_lock+0x2b/0x80
[  290.254037][ T9562]  ? rcu_is_watching+0x12/0xc0
[  290.254052][ T9562]  ? mptcp_getsockopt+0x16a/0xe50
[  290.254064][ T9562]  ? __local_bh_enable_ip+0x9e/0x120
[  290.254082][ T9562]  mptcp_getsockopt+0xc2b/0xe50
[  290.254095][ T9562]  ? __pfx_mptcp_getsockopt+0x10/0x10
[  290.254112][ T9562]  ? aa_sock_opt_perm+0xfe/0x1b0
[  290.254128][ T9562]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  290.254145][ T9562]  do_sock_getsockopt+0x50a/0x6e0
[  290.254159][ T9562]  ? __lock_acquire+0x4a5/0x2630
[  290.254173][ T9562]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  290.254192][ T9562]  ? find_held_lock+0x2b/0x80
[  290.254210][ T9562]  ? __fget_files+0x21f/0x3d0
[  290.254227][ T9562]  __sys_getsockopt+0x133/0x1d0
[  290.254243][ T9562]  ? __ia32_sys_getsockopt+0xbc/0x160
[  290.254254][ T9562]  __ia32_sys_getsockopt+0xbc/0x160
[  290.254265][ T9562]  ? __do_fast_syscall_32+0x98/0x950
[  290.254276][ T9562]  ? lockdep_hardirqs_on+0x78/0x100
[  290.254293][ T9562]  __do_fast_syscall_32+0xe7/0x950
[  290.254303][ T9562]  ? lockdep_hardirqs_on+0x78/0x100
[  290.254322][ T9562]  do_fast_syscall_32+0x32/0x70
[  290.254332][ T9562]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  290.254348][ T9562] RIP: 0023:0xf701efcc
[  290.254359][ T9562] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  290.254370][ T9562] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  290.254382][ T9562] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006
[  290.254389][ T9562] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 00000000800007c0
[  290.254396][ T9562] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  290.254402][ T9562] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  290.254409][ T9562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  290.254423][ T9562]  </TASK>
[  290.367859][ T5312] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  290.370983][ T5312]  (id 0x00)
[  290.437916][ T5312] rc_core: IR keymap rc-imon-pad not found
[  290.440074][ T5312] Registered IR keymap rc-empty
[  290.441867][ T5312] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  290.445205][ T5312] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  290.569181][ T5312] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  290.574184][ T5312] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input70
[  290.581449][ T5312] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:19> initialized
[  290.743097][ T9568] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  290.857657][ T9547] imon:send_packet: packet tx failed (-71)
[  290.858531][ T6042] usb 7-1: USB disconnect, device number 19
[  290.877962][ T9547] imon:vfd_write: send packet #0 failed
[  290.880390][ T9570] imon:display_open: display port is already open
[  291.101768][ T9573] netlink: 8 bytes leftover after parsing attributes in process `syz.4.874'.
[  291.155090][ T9573] bond2: Unable to set down delay as MII monitoring is disabled
[  291.162387][ T9573] bond2 (unregistering): Released all slaves
[  291.819457][   T24] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  291.884746][   T40] audit: type=1800 audit(1776942269.498:199): pid=9585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.877" name="file1" dev="9p" ino=81264893 res=0 errno=0
[  291.898639][ T9577] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  291.901838][ T9577] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  291.905496][ T9577] vhci_hcd vhci_hcd.0: Device attached
[  291.969353][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.973697][   T24] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  291.981503][   T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  291.983091][ T9577] ieee802154 phy0 wpan0: encryption failed: -90
[  291.985372][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.992086][   T24] usb 6-1: Product: syz
[  291.994077][   T24] usb 6-1: Manufacturer: syz
[  291.996389][   T24] usb 6-1: SerialNumber: syz
[  292.008560][   T24] cdc_mbim 6-1:1.0: skipping garbage
[  292.036531][ T9587] vhci_hcd: connection closed
[  292.037462][   T46] vhci_hcd vhci_hcd.4: stop threads
[  292.042834][   T46] vhci_hcd vhci_hcd.4: release socket
[  292.045629][   T46] vhci_hcd vhci_hcd.4: disconnect device
[  292.210616][ T9579] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  292.817256][ T9579] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  292.850149][   T24] cdc_mbim 6-1:1.0: setting tx_max = 184
[  292.855169][   T24] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  292.862025][   T24] wwan wwan0: port wwan0mbim0 attached
[  292.876059][   T24] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, ea:8a:a1:06:c6:cd
[  293.053989][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.056833][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.060011][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.061913][ T9612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.884'.
[  293.062876][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.063139][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.071141][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.073579][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.075928][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.079276][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.081447][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.084015][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.086806][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.089195][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.091307][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.093887][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.096141][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.098495][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.100758][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.103000][    C3] cdc_mbim 6-1:1.0: nonzero urb status received: -71
[  293.105307][    C3] cdc_mbim 6-1:1.0: wdm_int_callback - 0 bytes
[  293.114850][ T5312] usb 6-1: USB disconnect, device number 21
[  293.122401][ T5312] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  293.171633][ T9612] bond2: Unable to set down delay as MII monitoring is disabled
[  293.180816][ T9612] bond2 (unregistering): Released all slaves
[  293.183777][ T5312] wwan wwan0: port wwan0mbim0 disconnected
[  293.972981][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'.
[  294.006272][ T9635] bond2: Unable to set down delay as MII monitoring is disabled
[  294.015916][ T9635] bond2 (unregistering): Released all slaves
[  294.371637][ T9641] netlink: 4 bytes leftover after parsing attributes in process `syz.1.889'.
[  294.597692][ T9649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'.
[  294.734118][ T5318] block nbd5: Receive control failed (result -1)
[  294.753372][ T9654] binder: Unknown parameter ''
[  294.987960][ T1037] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  295.221195][ T9666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.898'.
[  295.224084][ T9666] netlink: 88 bytes leftover after parsing attributes in process `syz.2.898'.
[  295.260127][ T1037] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.280942][ T1037] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  295.313235][ T1037] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  295.319112][ T1037] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.329366][ T1037] usb 5-1: Product: syz
[  295.345715][ T1037] usb 5-1: Manufacturer: syz
[  295.352027][ T1037] usb 5-1: SerialNumber: syz
[  295.498591][ T1037] cdc_mbim 5-1:1.0: skipping garbage
[  295.723433][ T9655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  296.331048][ T9655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  296.334456][ T1037] cdc_mbim 5-1:1.0: setting tx_max = 184
[  296.341942][ T1037] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  296.345866][ T1037] wwan wwan0: port wwan0mbim0 attached
[  296.355599][ T1037] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, b2:17:b0:90:04:4c
[  296.484424][ T9678] netlink: 20 bytes leftover after parsing attributes in process `syz.2.903'.
[  296.542843][ T5312] usb 5-1: USB disconnect, device number 9
[  296.546432][ T5312] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  297.612505][ T5312] wwan wwan0: port wwan0mbim0 disconnected
[  297.628551][ T9694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'.
[  297.810878][ T9694] bond3: Unable to set down delay as MII monitoring is disabled
[  297.935811][ T9694] bond3 (unregistering): Released all slaves
[  300.548778][ T5999] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  300.698205][ T5999] usb 6-1: Using ep0 maxpacket: 32
[  300.703907][ T5999] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  300.707827][ T5999] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  300.712769][ T5999] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  300.716972][ T5999] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  300.724451][ T5999] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  300.727597][ T5999] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.730538][ T5999] usb 6-1: Product: syz
[  300.732122][ T5999] usb 6-1: Manufacturer: syz
[  300.734259][ T5999] usb 6-1: SerialNumber: syz
[  300.742466][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  300.746283][ T5999] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/input/input71
[  300.957891][ T5999] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  300.961381][ T5999]  (id 0x00)
[  301.037937][ T5999] rc_core: IR keymap rc-imon-pad not found
[  301.040527][ T5999] Registered IR keymap rc-empty
[  301.042862][ T5999] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  301.047021][ T5999] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  301.159993][ T5999] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0
[  301.165496][ T5999] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0/input72
[  301.175253][ T5999] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:22> initialized
[  301.453249][ T9719] imon:send_packet: packet tx failed (-71)
[  301.453750][   T24] usb 6-1: USB disconnect, device number 22
[  301.477951][ T9719] imon:vfd_write: send packet #0 failed
[  301.481205][ T9768] imon:display_open: display port is already open
[  301.976296][ T9773] binder: Unknown parameter ''
[  303.032515][ T9792] netlink: 48 bytes leftover after parsing attributes in process `syz.4.933'.
[  303.140529][ T9796] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.935'.
[  303.158000][ T9796] bridge_slave_1: default FDB implementation only supports local addresses
[  303.288106][ T9799] binder: Unknown parameter ''
[  303.813935][ T9814] FAULT_INJECTION: forcing a failure.
[  303.813935][ T9814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  303.822675][ T9814] CPU: 0 UID: 0 PID: 9814 Comm: syz.4.942 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  303.822707][ T9814] Tainted: [L]=SOFTLOCKUP
[  303.822713][ T9814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  303.822724][ T9814] Call Trace:
[  303.822732][ T9814]  <TASK>
[  303.822740][ T9814]  dump_stack_lvl+0x100/0x190
[  303.822767][ T9814]  should_fail_ex.cold+0x5/0xa
[  303.822822][ T9814]  _copy_to_user+0x32/0xd0
[  303.822853][ T9814]  simple_read_from_buffer+0xcb/0x170
[  303.822896][ T9814]  proc_fail_nth_read+0x1af/0x230
[  303.822924][ T9814]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.822951][ T9814]  ? rw_verify_area+0xce/0x6d0
[  303.822968][ T9814]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  303.822996][ T9814]  vfs_read+0x1e4/0xb30
[  303.823020][ T9814]  ? __pfx_vfs_read+0x10/0x10
[  303.823036][ T9814]  ? find_held_lock+0x2b/0x80
[  303.823058][ T9814]  ? __fget_files+0x215/0x3d0
[  303.823073][ T9814]  ? __fget_files+0x21f/0x3d0
[  303.823089][ T9814]  ksys_read+0x12a/0x250
[  303.823102][ T9814]  ? __pfx_ksys_read+0x10/0x10
[  303.823134][ T9814]  ? rcu_is_watching+0x12/0xc0
[  303.823166][ T9814]  ? rcu_is_watching+0x12/0xc0
[  303.823183][ T9814]  do_int80_emulation+0x141/0x700
[  303.823197][ T9814]  asm_int80_emulation+0x1a/0x20
[  303.823211][ T9814] RIP: 0023:0xf7155cab
[  303.823222][ T9814] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  303.823234][ T9814] RSP: 002b:00000000f540d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  303.823247][ T9814] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f540d5d0
[  303.823254][ T9814] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  303.823260][ T9814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  303.823267][ T9814] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  303.823273][ T9814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  303.823287][ T9814]  </TASK>
[  303.950829][ T9817] netlink: 8 bytes leftover after parsing attributes in process `syz.4.943'.
[  303.955323][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.943'.
[  303.960669][ T9817] netlink: 'syz.4.943': attribute type 12 has an invalid length.
[  303.965277][ T9817] netlink: 'syz.4.943': attribute type 11 has an invalid length.
[  303.993661][ T9819] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.944'.
[  304.307866][ T5312] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  304.470388][ T5312] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.473944][ T5312] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  304.482733][ T5312] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  304.486816][ T5312] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.491115][ T5312] usb 7-1: Product: syz
[  304.493109][ T5312] usb 7-1: Manufacturer: syz
[  304.495372][ T5312] usb 7-1: SerialNumber: syz
[  304.506030][ T5312] cdc_mbim 7-1:1.0: skipping garbage
[  304.707878][ T9821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  305.315886][ T9821] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  305.319388][ T5312] cdc_mbim 7-1:1.0: setting tx_max = 184
[  305.323891][ T5312] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device
[  305.331542][ T5312] wwan wwan0: port wwan0mbim0 attached
[  305.342330][ T5312] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, d2:bd:6f:b6:49:a8
[  305.520971][    C1] wdm_int_callback: 37 callbacks suppressed
[  305.520989][    C1] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  305.525147][    C1] wdm_int_callback: 37 callbacks suppressed
[  305.525161][    C1] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  305.529896][    C1] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  305.532184][    C1] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  305.534392][    C1] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  305.536631][    C1] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  305.539025][    C1] cdc_mbim 7-1:1.0: nonzero urb status received: -71
[  305.541420][    C1] cdc_mbim 7-1:1.0: wdm_int_callback - 0 bytes
[  305.543732][    C1] cdc_mbim 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  305.548891][   T29] usb 7-1: USB disconnect, device number 20
[  305.552373][   T29] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  305.568832][ T5670] 8021q: adding VLAN 0 to HW filter on device wwan0
[  305.653531][   T29] wwan wwan0: port wwan0mbim0 disconnected
[  305.782128][ T9865] netlink: 16 bytes leftover after parsing attributes in process `syz.0.953'.
[  306.236945][ T9887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'.
[  307.418583][ T9896] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.960'.
[  307.423182][ T9896] bridge_slave_1: default FDB implementation only supports local addresses
[  307.729108][ T5312] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  307.877953][ T5312] usb 9-1: Using ep0 maxpacket: 8
[  307.881368][ T5312] usb 9-1: config 0 has an invalid interface number: 186 but max is 0
[  307.884193][ T5312] usb 9-1: config 0 has no interface number 0
[  307.886468][ T5312] usb 9-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  307.890708][ T5312] usb 9-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  307.894738][ T5312] usb 9-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  307.901376][ T5312] usb 9-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  307.905677][ T5312] usb 9-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  307.913756][ T5312] usb 9-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  307.917415][ T5312] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.920441][ T5312] usb 9-1: Product: syz
[  307.922065][ T5312] usb 9-1: Manufacturer: syz
[  307.923841][ T5312] usb 9-1: SerialNumber: syz
[  307.927280][ T5312] usb 9-1: config 0 descriptor??
[  308.143454][ T5312] iowarrior 9-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  308.374089][    C3] iowarrior 9-1:0.186: iowarrior_callback - usb_submit_urb failed with result -1
[  308.381089][ T5312] usb 9-1: USB disconnect, device number 9
[  309.930491][ T9901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.962'.
[  310.245884][ T9923] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.969'.
[  311.166074][ T9940] netlink: 12 bytes leftover after parsing attributes in process `syz.1.968'.
[  312.666295][ T9950] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  312.670515][ T9950] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  312.675282][ T9950] vhci_hcd vhci_hcd.0: Device attached
[  312.692802][ T9950] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  312.965714][ T9956] vhci_hcd: connection closed
[  312.967183][ T3787] vhci_hcd vhci_hcd.2: stop threads
[  312.972483][ T3787] vhci_hcd vhci_hcd.2: release socket
[  312.975361][ T3787] vhci_hcd vhci_hcd.2: disconnect device
[  312.984984][ T9961] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.978'.
[  312.990435][ T9961] bridge_slave_1: default FDB implementation only supports local addresses
[  312.997970][ T1037] usb 42-1: enqueue for inactive port 0
[  313.519432][ T1037] usb usb42-port1: attempt power cycle
[  313.606608][ T9986] tmpfs: Bad value for 'mpol'
[  313.707326][ T9992] netlink: 12 bytes leftover after parsing attributes in process `syz.2.988'.
[  313.804169][ T5318] block nbd6: Receive control failed (result -1)
[  314.204415][ T1037] usb usb42-port1: unable to enumerate USB device
[  314.929550][ T6042] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  315.098018][ T6042] usb 7-1: Using ep0 maxpacket: 32
[  315.101647][ T6042] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  315.105674][ T6042] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  315.109791][ T6042] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  315.113337][ T6042] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  315.121810][ T6042] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  315.124910][ T6042] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.127692][ T6042] usb 7-1: Product: syz
[  315.129649][ T6042] usb 7-1: Manufacturer: syz
[  315.132628][ T6042] usb 7-1: SerialNumber: syz
[  315.143636][    C2] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  315.147224][ T6042] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input73
[  315.369339][ T6042] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  315.373006][ T6042]  (id 0x00)
[  315.437957][ T6042] rc_core: IR keymap rc-imon-pad not found
[  315.440703][ T6042] Registered IR keymap rc-empty
[  315.442597][ T6042] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  315.445947][ T6042] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  315.549998][T10044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1004'.
[  315.568788][ T6042] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  315.576292][ T6042] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input74
[  315.585295][ T6042] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:21> initialized
[  315.855515][T10012] imon:send_packet: packet tx failed (-71)
[  315.855955][ T5999] usb 7-1: USB disconnect, device number 21
[  315.867986][T10012] imon:vfd_write: send packet #0 failed
[  315.870899][T10045] imon:display_open: display port is already open
[  317.598269][T10051] syzkaller1: entered promiscuous mode
[  317.607363][T10051] syzkaller1: entered allmulticast mode
[  318.478035][ T7966] unregister_netdevice: waiting for syz_tun to become free. Usage count = 3
[  318.482372][ T7966] ref_tracker: netdev@ffff88804d630620 has 1/2 users at
[  318.482372][ T7966]      dst_init+0xda/0x5b0
[  318.482372][ T7966]      dst_alloc+0xbb/0x1a0
[  318.482372][ T7966]      rt_dst_alloc+0x35/0x3a0
[  318.482372][ T7966]      ip_route_output_key_hash_rcu+0x87a/0x2870
[  318.482372][ T7966]      ip_route_output_key_hash+0x118/0x2b0
[  318.482372][ T7966]      ip_route_output_flow+0x27/0x150
[  318.482372][ T7966]      geneve_link_config.part.0+0x23e/0x5b0
[  318.482372][ T7966]      geneve_newlink+0x334/0x390
[  318.482372][ T7966]      rtnl_newlink+0x1499/0x2380
[  318.482372][ T7966]      rtnetlink_rcv_msg+0x95e/0xe90
[  318.482372][ T7966]      netlink_rcv_skb+0x159/0x420
[  318.482372][ T7966]      netlink_unicast+0x585/0x850
[  318.482372][ T7966]      netlink_sendmsg+0x8b0/0xda0
[  318.482372][ T7966]      __sys_sendto+0x468/0x4b0
[  318.482372][ T7966]      __ia32_compat_sys_socketcall+0x59a/0x770
[  318.482372][ T7966]      do_int80_emulation+0x141/0x700
[  318.482372][ T7966] 
[  318.518605][ T7966] ref_tracker: netdev@ffff88804d630620 has 1/2 users at
[  318.518605][ T7966]      fib_check_nh+0x271/0x620
[  318.518605][ T7966]      fib_create_info+0x218e/0x4640
[  318.518605][ T7966]      fib_table_insert+0x169/0x1c70
[  318.518605][ T7966]      fib_magic+0x4d4/0x5c0
[  318.518605][ T7966]      fib_add_ifaddr+0x3a1/0x560
[  318.518605][ T7966]      fib_netdev_event+0x3d6/0x710
[  318.518605][ T7966]      notifier_call_chain+0x99/0x400
[  318.518605][ T7966]      call_netdevice_notifiers_info+0xbe/0x110
[  318.518605][ T7966]      __dev_notify_flags+0x12c/0x2e0
[  318.518605][ T7966]      netif_change_flags+0x108/0x160
[  318.518605][ T7966]      do_setlink.isra.0+0x1abb/0x3e50
[  318.518605][ T7966]      rtnl_newlink+0x11c2/0x2380
[  318.518605][ T7966]      rtnetlink_rcv_msg+0x95e/0xe90
[  318.518605][ T7966]      netlink_rcv_skb+0x159/0x420
[  318.518605][ T7966]      netlink_unicast+0x585/0x850
[  318.518605][ T7966]      netlink_sendmsg+0x8b0/0xda0
[  318.518605][ T7966] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  318.767698][ T7806] bond0: (slave syz_tun): Releasing backup interface
[  319.115082][ T1157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.260962][ T1157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.409624][ T1157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.506016][ T1157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.657676][ T1157] bridge_slave_1: left allmulticast mode
[  319.660296][ T1157] bridge_slave_1: left promiscuous mode
[  319.667446][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.675362][ T1157] bridge_slave_0: left allmulticast mode
[  319.677682][ T1157] bridge_slave_0: left promiscuous mode
[  319.681714][ T1157] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.856417][ T1157] batman_adv: batadv0: Removing interface: gretap2
[  320.927653][ T1157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  320.935738][ T1157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  320.941774][ T1157] bond0 (unregistering): Released all slaves
[  320.950050][ T1157] bond1 (unregistering): Released all slaves
[  320.965966][ T1157] bond2 (unregistering): Released all slaves
[  321.203845][ T5670] 8021q: adding VLAN 0 to HW filter on device eth2
[  321.350962][   T13] smbdirect: ib_dev[syz0] removed
[  321.418358][ T5670] 8021q: adding VLAN 0 to HW filter on device eth3
[  321.645603][ T5670] 8021q: adding VLAN 0 to HW filter on device eth4
[  321.706318][ T1157] hsr_slave_0: left promiscuous mode
[  321.718294][ T1157] hsr_slave_1: left promiscuous mode
[  321.721713][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.725281][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.736199][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.739928][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.760631][ T1157] veth1_macvtap: left promiscuous mode
[  321.763679][ T1157] veth0_macvtap: left promiscuous mode
[  321.767118][ T1157] veth1_vlan: left promiscuous mode
[  321.771510][ T1157] veth0_vlan: left promiscuous mode
[  321.933002][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  321.937003][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  322.042170][ T1157] team0 (unregistering): Port device team_slave_1 removed
[  322.056531][ T1157] team0 (unregistering): Port device team_slave_0 removed
[  322.174979][ T5670] 8021q: adding VLAN 0 to HW filter on device eth5