last executing test programs:

5m9.404645213s ago: executing program 1 (id=214):
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x24fd, 0x0, &(0x7f0000000100)=<r2=>0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x6, @empty}, 0x1c)
write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x118)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000380)=0x7, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x8000, &(0x7f0000000180)={0xa, 0x4e24, 0x400, @dev}, 0x1c)
recvmsg(r6, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2001)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, 0x0)
connect$ax25(r4, &(0x7f0000000040)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x3}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r8 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f0000000280), 0x4)

5m9.263166826s ago: executing program 1 (id=217):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="3692c92a01", 0x5, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000180))
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000100), 0x3ff, 0x2000)
r1 = socket$igmp(0x2, 0x3, 0x2)
sendto$inet(r1, &(0x7f00000001c0)="9295d59646a6d9eab42369856aafe40128f7c6eb8491da917be27d2cde447eec94dfba311cb91b2e5903a7a528a7bd58e584496423f0416d5db728b0ff9b10ec22831a875d7d98fa3c4f1ac8df91e6b5131dbddb47199e3c08aee2985c3a995e1639c494ccd78a91f9337dcbc96d6e9c3ee5083da596b1f329da046e76bac88a4911d33fab749943819e29d9b1d9f735b405c1ce02e61dad48e44e02774c8b503cee2a388ab34e9940837647d15d640e71211d91dade736acf3612d0df5759558fccbd45e9ee1e88d055bb1ae5ec5811f0efa46044241b495c189263b75ed828e9b73634bc4e0286d4", 0xe9, 0x4bef71a3bc4a500c, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957608d766cfff5c3a6653d8900", 0x0, 0x0, {0x4, 0xc}, {0x7, 0xc00000}, 0x5, [0x3, 0x6, 0x9, 0x6, 0x0, 0x10000400, 0x9, 0x2, 0x8, 0x6, 0xfffe, 0x8000081, 0x10, 0x8de, 0x7]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

5m5.789788128s ago: executing program 1 (id=224):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x28, 0x5, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0x1, 0x8)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
r3 = syz_io_uring_setup(0x44b7, &(0x7f0000010400)={0x0, 0x7168, 0x10, 0x3, 0x80, 0x0, r2}, &(0x7f0000000140), &(0x7f0000000580))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000800)={0x2, 0x0, @local}, 0x10)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r4, 0x3b82, &(0x7f00000000c0)={0x18, r5, 0x2, 0x0, &(0x7f0000000280)=[{0x18001, 0x8000000000dbd}, {0x8000000000000000, 0xffffffffffff7ffe}]})

5m5.263613226s ago: executing program 1 (id=229):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x20040000) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x29}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r5, r4, 0x25, 0x2, @void}, 0x10) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r4, 0x25, 0x0, @void}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r6=>0x0}) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}}, 0x0) (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r9, 0x0)
quotactl_fd$Q_GETFMT(r7, 0xffffffff80000401, r9, &(0x7f0000000000))

5m3.537530046s ago: executing program 1 (id=236):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1900000004000000040000000200020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/25], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000006980)={0x2020, 0x0, 0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
fchown(r3, r5, r6)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x10)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000003100)=@gcm_128={{0x303}, "0400", "0d07080d004fcf0000e8ffff1a8600", "cf0d00", "865703b7e43b34e4"}, 0x28)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000003c0)='\a\f', 0x2}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x0, 0x0)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'})
write$sndseq(r8, 0x0, 0x0)
poll(&(0x7f0000000100)=[{r8}], 0x1, 0x9d)
write$sndseq(r8, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001400010400000000000000000a1f0000", @ANYRES32, @ANYBLOB="1400060004000000220000000700000b000000801400020000000000000000000000ff"], 0x40}}, 0x10)

5m3.204415485s ago: executing program 1 (id=239):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x28, 0x5, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0x1, 0x8)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
r3 = syz_io_uring_setup(0x44b7, &(0x7f0000010400)={0x0, 0x7168, 0x10, 0x3, 0x80, 0x0, r2}, &(0x7f0000000140), &(0x7f0000000580))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000800)={0x2, 0x0, @local}, 0x10)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r4, 0x3b82, &(0x7f00000000c0)={0x18, r5, 0x2, 0x0, &(0x7f0000000280)=[{0x18001, 0x8000000000dbd}, {0x8000000000000000, 0xffffffffffff7ffe}]})

4m48.126837249s ago: executing program 32 (id=239):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x28, 0x5, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0x1, 0x8)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
r3 = syz_io_uring_setup(0x44b7, &(0x7f0000010400)={0x0, 0x7168, 0x10, 0x3, 0x80, 0x0, r2}, &(0x7f0000000140), &(0x7f0000000580))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000800)={0x2, 0x0, @local}, 0x10)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r4, 0x3b82, &(0x7f00000000c0)={0x18, r5, 0x2, 0x0, &(0x7f0000000280)=[{0x18001, 0x8000000000dbd}, {0x8000000000000000, 0xffffffffffff7ffe}]})

2m45.854153795s ago: executing program 5 (id=606):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$kcm(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x1)
sendmsg$kcm(r1, &(0x7f0000000340)={&(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x33}, 0x7}, 0x80, 0x0}, 0x200ce0c0)
write$cgroup_subtree(r0, &(0x7f0000000280)=ANY=[], 0xfe33)

2m44.670054711s ago: executing program 5 (id=609):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff}, 0xc)
bind$netlink(r3, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x1}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c000000fc00835e0000000000000000"], 0x2c}, 0x1, 0xffffff7f}, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000340)={'vcan0\x00'})
fcntl$lock(r2, 0x24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r5, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x0, 0x0, 0xc1}}}}, 0x30}}, 0x20040010)

2m42.026668007s ago: executing program 5 (id=614):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x27a)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32], 0x44}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r4, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x0, @empty}}}, 0x108)
getsockopt$inet_buf(r4, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r0, &(0x7f0000000180)="ca0e808bb35bdabb49f35c25d456591f0c15a08769bcd5107053ea1f85250ac10e50c14ffda0a7a98740f8cb9694c01f2babb95936415d219753d982b3e6ab52070adabe6f61dce71ee97249cf86cdd7b9a6b4b3d24ddebcf8ea9f1ae197c9a9cd65f15210181d73", 0x68)
write$binfmt_misc(r0, &(0x7f0000000300)="38ad09ec60e9ba971eb5010a3c39e65d3f54ec4d9f07e60c45dceaf6d30e56ccf90edb8cf95119f3324635fe7ae835923a9a1fe4e2cc02992bb9c7567468078a12a82c41fd5b", 0x46)
write$FUSE_IOCTL(r0, &(0x7f0000000240)={0x20, 0xffffffffffffffda, 0x0, {0x18d, 0x0, 0x74, 0xfff}}, 0x20)
setsockopt$MRT_ASSERT(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000280), 0x4)
write$qrtrtun(r0, &(0x7f0000000900)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35c498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c1761f1322b03cc9ea586d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de58850", 0x38f)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)

2m41.181533398s ago: executing program 5 (id=618):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
sendmsg$inet(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="aa663b6d9a940db214ec2bbffa1ac15bca251336fbff014c1b0e4537d9e4ac46ef1a40d6809e2ccdd5f54388f8f44b104a148791b5fe619ddfc7969122ba96384773b1993c528a60c3f1", 0x4a}], 0x1, &(0x7f0000000180)=[@ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x18}, 0x20008020)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6(0xa, 0x80000, 0x0)
r5 = syz_io_uring_setup(0x4240, &(0x7f0000000140)={0x0, 0x8f33, 0x20, 0x1, 0x3be}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000480)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0xdb4, 0x0, 0x0, 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24, 0x2}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="ac", 0x1}], 0x1}}], 0x1, 0xc8000)
sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0)
splice(r4, 0x0, r3, 0x0, 0x800000000000045, 0x0)
listen(r2, 0x4)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket(0x2, 0x80805, 0x0)
r11 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r11, 0x10c, 0x1, &(0x7f0000002100)=0x80008, 0x4)
sendmmsg$inet_sctp(r10, &(0x7f00000032c0)=[{&(0x7f0000000300)=@in6={0xa, 0x4e21, 0xf, @private1, 0x100}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r10, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0x1}], 0x1, &(0x7f0000000200)=ANY=[@ANYRES64=r8, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
writev(r8, &(0x7f0000000340)=[{&(0x7f0000000440)='K', 0x1}], 0x1)
r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004d80), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r12, @ANYRES64=r10], 0x30}}, 0x10)

2m39.941691355s ago: executing program 5 (id=622):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00')
unshare(0x400)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, r1, 0x10, 0x0, 0x0, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r2}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x804)
getpid()

2m39.21295579s ago: executing program 5 (id=624):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff}, 0xc)
bind$netlink(r3, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x1}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c000000fc00835e0000000000000000"], 0x2c}, 0x1, 0xffffff7f}, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000340)={'vcan0\x00'})
fcntl$lock(r2, 0x24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r5, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x0, 0x0, 0xc1}}}}, 0x30}}, 0x20040010)

2m23.364064518s ago: executing program 33 (id=624):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff}, 0xc)
bind$netlink(r3, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x1}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c000000fc00835e0000000000000000"], 0x2c}, 0x1, 0xffffff7f}, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000340)={'vcan0\x00'})
fcntl$lock(r2, 0x24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r5, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x0, 0x0, 0xc1}}}}, 0x30}}, 0x20040010)

14.352901373s ago: executing program 4 (id=966):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x4250)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0xf2)
socket(0x40000000015, 0x5, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e07000220"], 0xa)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x40, r4, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'geneve1\x00'}]}, 0x40}}, 0x0)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r4, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)

11.789654046s ago: executing program 4 (id=970):
sched_setscheduler(0x0, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0xfffffffffffffe32, 0x0, &(0x7f0000000540), 0x0, 0x0, 0x0})
r7 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r7)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)

11.294468389s ago: executing program 0 (id=973):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
pipe(0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
accept4(r4, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
mkdir(0x0, 0x4f)
mount$bind(0x0, 0x0, 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
pivot_root(&(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000280)='./file0/../file0\x00')
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="280000002c00010000000000000000000400008014"], 0x28}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
fsync(r5)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ZERO(r6, 0x0, 0x48f, &(0x7f0000000040)={0x6c, @rand_addr=0x64010102, 0x4e22, 0x0, 'sh\x00', 0x0, 0x7, 0x5f}, 0x2c)

9.601648652s ago: executing program 0 (id=974):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x44)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000000000000000dc15781fd21102a6fdf8706a730000007b0000"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioprio_get$pid(0x3, 0x0)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3a8, 0x140, 0x0, 0x94, 0x140, 0x94, 0x314, 0x314, 0x314, 0x314, 0x314, 0x6, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x1c}}}, {{@uncond, 0x0, 0x70, 0xac, 0x0, {0x100000000000000}}, @inet=@TPROXY1={0x3c}}, {{@uncond, 0x0, 0x70, 0xac}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x404)
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r1, 0x4002f516, &(0x7f0000000440)={0x9, 0xbd})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x54)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, &(0x7f0000000180)={r8, @in={{0x2, 0x0, @empty}}}, 0x90)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14000052}, 0x4000084)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x40, 0x7, 0x0, @private1, @loopback, 0x1, 0x8, 0x7f, 0x8}})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x18)

9.541874094s ago: executing program 6 (id=975):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0)
r0 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000001840)={r1}, 0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x200000d1)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x981d41)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000000)=0x193b7ba2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x0)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x1410)
syz_usb_connect$cdc_ecm(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000082505a1a4400001020301090250000101000000090400000002060000052406000005240009000d00000000a200000900fcff07152412"], 0x0)

9.358815711s ago: executing program 3 (id=977):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xd)
ioctl$TCFLSH(r0, 0x8924, 0x4000000000000)
socket$nl_route(0x10, 0x3, 0x0)
r1 = accept4$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote, @bcast, 0x1, @netrom}, &(0x7f0000000080)=0x1c, 0x80800)
recvfrom$rose(r1, &(0x7f0000000140)=""/57, 0x39, 0x10060, &(0x7f0000000180)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004"], 0x528}}, 0xc000)
socket$packet(0x11, 0x3, 0x300)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000130001002abd7000fcdbdf2500000000", @ANYRES32=r4, @ANYBLOB="000100000004000008000a00", @ANYRES32=r4, @ANYBLOB="164076773e5f1b4a27d1bfe9330892335fb38bfe5d220a5eb34363a12cec91e14042ba68d268a52284facff7a783382842c7f03e9abc827a8c059e8735a49379eedefd5490bdbb7136bb266e5d3a23db3721436ac48d8cb219b1a89715a6092994f9326641"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x10)
setsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, &(0x7f00000003c0), 0x4)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000480)=0xe)
write$binfmt_misc(r5, &(0x7f0000000dc0), 0x386)
syz_open_dev$mouse(&(0x7f00000001c0), 0x3, 0x440002)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)

7.966864729s ago: executing program 0 (id=979):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
shutdown(r3, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10)
sendto$inet(r3, &(0x7f0000002640)="01", 0x1, 0x0, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0xe4d4, 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=@bridge_dellink={0x44, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0x24, 0x1a, 0x0, 0x1, [@AF_INET={0x20, 0x5, 0x0, 0x1, {0x1c, 0x4, 0x0, 0x1, [{0x8, 0x2}, {0x8, 0x1}, {0x8, 0x3}]}}]}]}, 0x44}}, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0xe)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r10, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c)

7.902519651s ago: executing program 2 (id=980):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r0}, 0x10)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1200, 0x0, 0x3) (fail_nth: 1)

7.901945799s ago: executing program 3 (id=981):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$kcm(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ptrace$ARCH_MAP_VDSO_32(0x1e, r2, 0x4, 0x2002)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0)
r5 = userfaultfd(0x801)
ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000000)={0x3, 0x1})
ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
sendmsg$kcm(r1, &(0x7f0000000340)={&(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x33}, 0x7}, 0x80, 0x0}, 0x200ce0c0)
write$cgroup_subtree(r0, &(0x7f0000000280)=ANY=[], 0xfe33)

7.47753289s ago: executing program 4 (id=982):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/fscaps', 0x24400, 0x4)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NET_DM_CMD_START(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x0, 0x100, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x805)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, r3, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000600)={'wpan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r7)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x2c, r8, 0x101, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}, @NFC_ATTR_LLC_PARAM_MIUX={0x6}]}, 0x2c}}, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r7, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x58, r1, 0xa09, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070600000000000000002d00000005002e00000000000c000500000000000000000008000200", @ANYRES32=r6, @ANYBLOB="08002f000000000005002b"], 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x0)

6.156280365s ago: executing program 2 (id=983):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r4}, 0x18)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, 0x0, 0xb, 0x101, 0x0, 0x0, {0x1}, [@NFTA_COMPAT_NAME={0xa, 0x1, 'vegas\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0x8, 0x1, ':&,\x00'}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_REV={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40080c0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0)
bind$inet6(r5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='vegas\x00', 0x6)
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000040))
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x40000)

6.064336672s ago: executing program 3 (id=984):
unshare(0xa000200)
r0 = semget$private(0x0, 0x4000, 0x0)
semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000100)=""/219)
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x55)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f00000003c0)=ANY=[@ANYBLOB="e33110495bfde212e4ccaa00961c3b57f13b8e033afffc020000000000000000000000000000fe8000000000000000000000000000aa890090780000000020010000000000000000000000000000fc0100"/94], 0x0)
recvmmsg(r3, &(0x7f0000003540)=[{{&(0x7f0000000440)=@tipc=@name, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000000500)=""/226, 0xe2}, {&(0x7f0000000600)=""/73, 0x49}, {&(0x7f0000000680)=""/241, 0xf1}, {&(0x7f0000000780)=""/131, 0x83}, {&(0x7f0000000840)=""/83, 0x53}, {&(0x7f0000000340)=""/38, 0x26}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000900)=""/137, 0x89}, {&(0x7f00000009c0)=""/4, 0x4}, {&(0x7f0000003700)=""/137, 0x89}], 0xa, &(0x7f0000000a80)=""/67, 0x43}, 0x6}, {{&(0x7f0000002080)=@nfc_llcp, 0x80, &(0x7f0000002640)=[{&(0x7f0000002100)=""/91, 0x5b}, {&(0x7f0000002180)=""/213, 0xd5}, {&(0x7f0000002300)=""/181, 0xb5}, {&(0x7f00000023c0)=""/182, 0xb6}, {&(0x7f0000002480)=""/130, 0x82}, {&(0x7f00000037c0)=""/247, 0xf7}], 0x6, &(0x7f0000002280)=""/9, 0x9}, 0x1}, {{&(0x7f00000026c0)=@in, 0x80, &(0x7f0000002840)=[{&(0x7f0000002740)=""/202, 0xca}], 0x1, &(0x7f0000002880)=""/138, 0x8a}, 0x53}, {{&(0x7f0000002940)=@tipc=@id, 0x80, &(0x7f0000002a80)=[{&(0x7f00000029c0)=""/78, 0x4e}, {&(0x7f0000002a40)=""/4, 0x4}], 0x2, &(0x7f0000002ac0)=""/237, 0xed}, 0xf8}, {{&(0x7f0000002bc0)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000002d40)=[{&(0x7f0000002c40)=""/196, 0xc4}], 0x1, &(0x7f0000002d80)=""/134, 0x86}, 0xeb3e}, {{&(0x7f0000000a00)=@alg, 0x80, &(0x7f0000003100)=[{&(0x7f0000002ec0)=""/97, 0x61}, {&(0x7f0000002f40)=""/31, 0x1f}, {&(0x7f0000002f80)=""/218, 0xda}, {&(0x7f0000003080)=""/118, 0x76}], 0x4, &(0x7f0000003140)=""/124, 0x7c}, 0x4}, {{&(0x7f00000031c0)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000003440)=[{&(0x7f0000003240)=""/70, 0x46}, {&(0x7f00000032c0)=""/227, 0xe3}, {&(0x7f00000033c0)=""/128, 0x80}], 0x3, &(0x7f0000003480)=""/190, 0xbe}, 0x5}], 0x7, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
recvmmsg(0xffffffffffffffff, &(0x7f0000003380), 0x0, 0x12141, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000022c0)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c0000006807010000000000000000150a0000000000000008000500", @ANYRES32=r7, @ANYRES16=r8], 0x2c}}, 0x0)
r9 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt(r9, 0x9, 0x7, &(0x7f0000000240)=""/242, &(0x7f0000000040)=0xf2)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r1)
r10 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r10, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x5, 0x14, 0xa, @local}, 0x10)

5.821636026s ago: executing program 4 (id=985):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a00000000000000"], 0x24}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timer_create(0x2, &(0x7f0000000000)={0x0, 0x29, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='io_uring_file_get\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\x00'], 0x48)
r3 = syz_io_uring_setup(0x3676, &(0x7f000000a9c0), &(0x7f000000aa40), &(0x7f000000aa80))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x2, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES2(r3, 0x6, &(0x7f0000001480)={0x0, 0x0, 0x20000000, 0x0, 0x0}, 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000300)={{@hyper}, {@any, 0x7}, 0x400, "93b432553ef478430ef4f5fc615f9225b1f091bf387ac5922f313b40eb69c4a822c4c3c0f1bffdb7278db56ce16238cd1f35bcce53b5721729f137da351f3e6ebd0f0d9a979976729cca464976855c1c6abaa412d548874f226175c75905923cfb76978e8b2df6138fe9d8e93526c8547ead39fd63f0a9cb8a1568bb0d1aa4a320661bc921f9511742111a96c4567e321684abcbaa54cf6ef32638689934ba084f9b050f17b81dfa7bf40bc6755c7e87f80da82f029f64f77cab427cd8076caf848bd47a19cc305f34ba29504012bb01bbfdf733289c5d21e6871dfc9a9b2707d81fa291a090e194d2ca7cdb4a7bfecb3363a110bbd7b22fb9766b004815c2fac9bf41ca06b55bc2e7829c3bd56fc604cf070d73ecd5cd8abb7b8bf63641095bfd83a04f46d7d5bb6377cb283d77360520f8d072c08250974549d968b4c005bd18a8817c8c71f85783db397e9a17d843e5aa1b764e5f98988ae80725e4f1b700159fb3d3da589b1d78260fa3b7bcbf6fb3f2afc9557c11ea3e6b943c3b4ec79c693e79f38db41281286be946fc1ed7f5bbadfa1eb8f6d036a634c8b6b1ef85f61bec779cdecfd3eca0a26ebab73f4ac21d5980cdba0e38cd77b286653da88e3740a01dfa74144b838a902872ed10ce23dde92baa586930b94b45e582d01acf86606a42d714d6dae6fdc00ce11e33e68d1d08be739d24fb3894b3dbb5bb79d7344ea5df92509b2a879ed4a935baf5eb33bcce6257f32bbda7737903e85136b2841ff74d1deab1c3df74990c6ba0f78a2d2ee6c7efba6c72bab0893561b6e4514b545e48fc2823301146b370bd17d897f8623d7529b27deccdf0a8e57634a6d26bf71800596ac6a2a78c7fe56985761668f1a65fec4da0ebcb4eb466fb0d7b64e23376b2a18853333877f3d7769e741be7d1260ccca900cc3b7360451e653a8d9505c84792b82e696d01ed7e3f3c0d0befb0bffe4ce5651ef64d1569c8bf4a7b4639b5e70cfab121c8b7509cbb8c06fd0de4799d80eb1ee0d598f24b358c91b4ef89f9b24ca3aa8173ca66dca9d84e4ce60b0c35ec2be344ce0d3629a516d83c35292318d62cbb1f772da07951123a00cf42f6d4e232b493a733e051813d27a46fbe90487c24238af2619dca44fa0d386e82162b75b948d2aa679296a706c7fe624cd17767809b0145842d6480dcb5b085aef56f03d4da53ea87b1b3b8d3dad260b7a3087cde0e40d44f8ce4bbe6faaba272048bec2e37515e2217751caa8fd114ec91f6a5c3235b4e4219dca473438084da04e87223d8eb7982505c8b36a331339053a2993da1575017addee0363d7d723f203e96f150c7f35609136230f30e218f6492d9a58182961d5db820847fb92f38e87e3c880b9b5f334b8cd80954a2674b5e6d2b35fda008408238475464876f9d84186b4374e128a7931c8d985d4468"}, 0x418, 0x5})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f00000000c0)={{@local, 0x101}, 0x1, 0x2, 0x4})
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x10000)

5.645668407s ago: executing program 0 (id=986):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f608000000011800"], 0x44}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x0, @empty}}}, 0x108)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000240)={0x20, 0xffffffffffffffda, 0x0, {0x18d, 0x0, 0x74, 0xfff}}, 0x20)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000900)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35c498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c1761f1322b03cc9ea586d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de58850", 0x38f)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)

5.334591078s ago: executing program 6 (id=987):
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3002, 0x6, &(0x7f0000000000)=0xa636, 0x9, 0x0)
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
r0 = socket$kcm(0x10, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r4, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4)
recvmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003700)=[{{&(0x7f0000000400)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/90, 0x5a}, {&(0x7f0000000340)=""/137, 0x89}], 0x2, &(0x7f00000002c0)=""/4, 0x4}, 0x6}, {{&(0x7f0000002680)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000a00), 0x0, &(0x7f0000002700)=""/4096, 0x1000}, 0x5}], 0x2, 0x100, &(0x7f00000037c0)={0x77359400})
getsockopt$nfc_llcp(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x2000e863)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9)

4.946401924s ago: executing program 3 (id=988):
r0 = syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x2200, 0x40}, &(0x7f0000000500)='./file0\x00', 0x18})
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)={0x0, 0x0, 0x1, "03"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

4.65109941s ago: executing program 2 (id=989):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
pselect6(0x40, &(0x7f00000001c0)={0x3, 0x0, 0x3ff, 0x9, 0x0, 0x0, 0x0, 0x8001}, 0x0, &(0x7f00000002c0)={0x3fc, 0x0, 0x0, 0x9, 0x3, 0x0, 0x7fffffff}, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x6)
r4 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000000080), 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x5e, @multicast2, 0x0, 0x2, 'sh\x00', 0x1a, 0x5, 0x4000067}, 0x2c)

3.319586696s ago: executing program 6 (id=990):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x101000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x1008, 0x2, 0x5, 0x1, 0x3, 0x2, 0x2, 0x5})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
bind$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
getgroups(0x2, &(0x7f0000001080)=[0xee01, <r4=>0xffffffffffffffff])
keyctl$chown(0x4, r3, 0xee01, r4)

2.569073444s ago: executing program 2 (id=991):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_tables_names\x00')
lseek(r0, 0x200000002, 0x0)

2.555925758s ago: executing program 4 (id=992):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x9ee4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
getsockopt$IP6T_SO_GET_INFO(r2, 0x10d, 0xc0, &(0x7f0000002400)={'nat\x00', 0x0, [0xfffffffe]}, &(0x7f0000002480)=0x54)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r4], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file1/file4/file7\x00', 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r6, 0x560a, &(0x7f0000000140)={0x0, 0x0, 0x8, 0x100, 0x4, 0x0})
r7 = socket$netlink(0x10, 0x3, 0x4)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xe, &(0x7f0000000080)=0x7, 0x4)
setsockopt$packet_int(r8, 0x107, 0xf, 0x0, 0x0)
write(r7, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000800)={0x9})
socket$nl_generic(0x10, 0x3, 0x10)

2.530245929s ago: executing program 6 (id=993):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc0042, 0x1fe)
syz_open_dev$loop(&(0x7f0000000080), 0x1000, 0x20001)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x680201, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r4], 0x20)

2.38723531s ago: executing program 2 (id=994):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x0, 0x31, 0x7d, 0x55}}]}}]}}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x0, 0xb5, 0xe1, 0x45}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)

1.337931725s ago: executing program 3 (id=995):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
readv(r0, &(0x7f0000002f80)=[{&(0x7f0000002f00)=""/45, 0x2d}, {&(0x7f0000002f40)=""/35, 0x23}], 0x2)

1.260266243s ago: executing program 0 (id=996):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x200000)
ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000600)=""/93)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
semctl$GETPID(0x0, 0x7, 0xb, &(0x7f0000000300)=""/15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
preadv(r5, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/56, 0x38}], 0x1, 0x1000080, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428)
r6 = socket$inet6(0x10, 0x3, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8fffffdb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r8}, 0x10)
sendto$inet6(r6, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="b40000000001010400000000000000000a0000013c0001802c000180140003000000000000000000000000000000000012000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180a2585d560a01010100000200ac1e00010c0002800500010000000000000008400000000e04000f803aa3700d70c786fac62e2c9656249e10eba2c23120dca66172dc518e17de1078b4f9a78c648f8d1408da5a78bb7c06a6094d5e9962aeb0ccbea4f378bb7551f0ad375770e6768010cece1055d7e92ac82a2e6e305226dbc30719deddff1253f5e997e07bd1373480ffdcb79e292b41b6313bac45d7a35d5f37e309315417ad9f3adf127042abcd4b846a672a94ab0a76715ef6b400684ce24f0836a817bbeffb534217338df5997dc7912b768e8a937cb22c2376bd51305c6b96abda023c45e44160f18c02322a8a07bdc78de370e88a5894557a73ad95be649d0b7caa0897f07af3fc4bf33cf22cddb46419005306d7b2678362f0547db537509109f09a89"], 0xb4}}, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r10, 0x3ba0, &(0x7f0000000100)={0x48})

1.108499489s ago: executing program 3 (id=997):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x19, &(0x7f0000001840)={r2}, 0x8)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x200000d1)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x981d41)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000000)=0x193b7ba2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0}, 0x0)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x1410)
syz_usb_connect$cdc_ecm(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000082505a1a4400001020301090250000101000000090400000002060000052406000005240009000d00000000a200000900fcff07152412"], 0x0)

1.107599228s ago: executing program 4 (id=998):
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3002, 0x6, &(0x7f0000000000)=0xa636, 0x9, 0x0)
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
socket$kcm(0x10, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r3, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)

911.910084ms ago: executing program 6 (id=999):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x2, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x100, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
read$FUSE(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}}, 0x40000)

233.623635ms ago: executing program 0 (id=1000):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x0, 0x31, 0x7d, 0x55}}]}}]}}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x53, 0xa, 0x0, "3258c546dacccfae1e008faa00000000f4ff4000"})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000), 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_ADT={0x2c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x4}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x7, 0x1a, ' \x01\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}]}, @IPSET_ATTR_DATA={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x0, 0xb5, 0xe1, 0x45}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)

127.281498ms ago: executing program 6 (id=1001):
syz_usb_connect(0x3, 0xa6, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x6c, 0x1e, 0x38, 0x8, 0x6e0, 0x319, 0x2d6c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x94, 0x1, 0x2, 0xfa, 0xa0, 0xbf, [{{0x9, 0x4, 0xa1, 0x8, 0x2, 0xf5, 0x2f, 0xec, 0x0, [], [{{0x9, 0x5, 0xc, 0x0, 0x200, 0x8, 0x8}}, {{0x9, 0x5, 0xa, 0x10, 0x8, 0xf8, 0x7, 0xff, [@generic={0x70, 0xb, "979044a8b4ba4db7a63bedbdb15c3cf86e5500b2ae55fbc85cc15588727650753d2edef26129ee1ae351707becef3d09d8475350ffe4a83050809a1bcc07bda1e2401772890b6d3f808de63ffad366587ba6d2193399f82c9315ecac5baef0897e28990b6c8c8d5ecd7c2c4915ff"}]}}]}}]}}]}}, 0x0)

0s ago: executing program 2 (id=1002):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a00000000000000"], 0x24}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timer_create(0x2, &(0x7f0000000000)={0x0, 0x29, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='io_uring_file_get\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\x00'], 0x48)
r3 = syz_io_uring_setup(0x3676, &(0x7f000000a9c0), &(0x7f000000aa40), &(0x7f000000aa80))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x2, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES2(r3, 0x6, &(0x7f0000001480)={0x0, 0x0, 0x20000000, 0x0, 0x0}, 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000300)={{@hyper}, {@any, 0x7}, 0x400, "93b432553ef478430ef4f5fc615f9225b1f091bf387ac5922f313b40eb69c4a822c4c3c0f1bffdb7278db56ce16238cd1f35bcce53b5721729f137da351f3e6ebd0f0d9a979976729cca464976855c1c6abaa412d548874f226175c75905923cfb76978e8b2df6138fe9d8e93526c8547ead39fd63f0a9cb8a1568bb0d1aa4a320661bc921f9511742111a96c4567e321684abcbaa54cf6ef32638689934ba084f9b050f17b81dfa7bf40bc6755c7e87f80da82f029f64f77cab427cd8076caf848bd47a19cc305f34ba29504012bb01bbfdf733289c5d21e6871dfc9a9b2707d81fa291a090e194d2ca7cdb4a7bfecb3363a110bbd7b22fb9766b004815c2fac9bf41ca06b55bc2e7829c3bd56fc604cf070d73ecd5cd8abb7b8bf63641095bfd83a04f46d7d5bb6377cb283d77360520f8d072c08250974549d968b4c005bd18a8817c8c71f85783db397e9a17d843e5aa1b764e5f98988ae80725e4f1b700159fb3d3da589b1d78260fa3b7bcbf6fb3f2afc9557c11ea3e6b943c3b4ec79c693e79f38db41281286be946fc1ed7f5bbadfa1eb8f6d036a634c8b6b1ef85f61bec779cdecfd3eca0a26ebab73f4ac21d5980cdba0e38cd77b286653da88e3740a01dfa74144b838a902872ed10ce23dde92baa586930b94b45e582d01acf86606a42d714d6dae6fdc00ce11e33e68d1d08be739d24fb3894b3dbb5bb79d7344ea5df92509b2a879ed4a935baf5eb33bcce6257f32bbda7737903e85136b2841ff74d1deab1c3df74990c6ba0f78a2d2ee6c7efba6c72bab0893561b6e4514b545e48fc2823301146b370bd17d897f8623d7529b27deccdf0a8e57634a6d26bf71800596ac6a2a78c7fe56985761668f1a65fec4da0ebcb4eb466fb0d7b64e23376b2a18853333877f3d7769e741be7d1260ccca900cc3b7360451e653a8d9505c84792b82e696d01ed7e3f3c0d0befb0bffe4ce5651ef64d1569c8bf4a7b4639b5e70cfab121c8b7509cbb8c06fd0de4799d80eb1ee0d598f24b358c91b4ef89f9b24ca3aa8173ca66dca9d84e4ce60b0c35ec2be344ce0d3629a516d83c35292318d62cbb1f772da07951123a00cf42f6d4e232b493a733e051813d27a46fbe90487c24238af2619dca44fa0d386e82162b75b948d2aa679296a706c7fe624cd17767809b0145842d6480dcb5b085aef56f03d4da53ea87b1b3b8d3dad260b7a3087cde0e40d44f8ce4bbe6faaba272048bec2e37515e2217751caa8fd114ec91f6a5c3235b4e4219dca473438084da04e87223d8eb7982505c8b36a331339053a2993da1575017addee0363d7d723f203e96f150c7f35609136230f30e218f6492d9a58182961d5db820847fb92f38e87e3c880b9b5f334b8cd80954a2674b5e6d2b35fda008408238475464876f9d84186b4374e128a7931c8d985d4468"}, 0x418, 0x5})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f00000000c0)={{@local, 0x101}, 0x1, 0x2, 0x4})
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x10000)

kernel console output (not intermixed with test programs):

9.079013][ T7584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.087020][ T7584] R13: 0000000000000000 R14: 00007f42d2b76080 R15: 00007ffd0f8860f8
[  259.095033][ T7584]  </TASK>
[  259.152417][ T7584] bridge_slave_0: left allmulticast mode
[  259.158348][ T7584] bridge_slave_0: left promiscuous mode
[  259.166769][ T7584] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.210641][ T5920] usb 6-1: Product: syz
[  259.339250][ T5920] usb 6-1: Manufacturer: syz
[  259.457704][ T5920] usb 6-1: SerialNumber: syz
[  259.567263][ T7586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.580756][ T5920] usb 6-1: config 0 descriptor??
[  259.586117][ T7586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.636067][ T5920] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  259.645501][ T5920] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  259.688705][ T7584] bridge_slave_1: left allmulticast mode
[  259.794100][ T7584] bridge_slave_1: left promiscuous mode
[  259.801693][ T7584] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.423093][ T7584] bond0: (slave bond_slave_0): Releasing backup interface
[  260.453912][ T7584] bond0: (slave bond_slave_1): Releasing backup interface
[  261.420482][ T5920] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  261.429084][ T5920] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  261.816195][ T7584] team0: Port device team_slave_0 removed
[  261.870375][ T5920] em28xx 6-1:0.0: Unknown AC97 audio processor detected!
[  261.888399][ T7584] team0: Port device team_slave_1 removed
[  261.897106][ T7584] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.904812][ T7584] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.915162][ T7584] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.922845][ T7584] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.004356][ T5920] em28xx 6-1:0.0: couldn't setup AC97 register 2
[  262.022381][ T5920] em28xx 6-1:0.0: couldn't setup AC97 register 4
[  262.030676][ T5920] em28xx 6-1:0.0: couldn't setup AC97 register 6
[  262.302650][ T5920] em28xx 6-1:0.0: AC97 command still being executed: not handled properly!
[  262.306179][ T7613] dccp_v6_rcv: dropped packet with invalid checksum
[  262.319497][ T5920] em28xx 6-1:0.0: couldn't setup AC97 register 54
[  262.338842][ T7613] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  262.354514][ T7613] UDF-fs: Scanning with blocksize 512 failed
[  262.361723][ T7613] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  262.472315][ T7613] UDF-fs: Scanning with blocksize 1024 failed
[  262.497694][ T5920] em28xx 6-1:0.0: couldn't setup AC97 register 56
[  262.505185][ T7613] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  262.509349][ T5920] usb 6-1: USB disconnect, device number 5
[  262.528343][ T7613] UDF-fs: Scanning with blocksize 2048 failed
[  262.575578][ T7613] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  262.584102][ T7613] UDF-fs: Scanning with blocksize 4096 failed
[  262.648441][ T7608] bridge_slave_0: left allmulticast mode
[  262.654994][ T7608] bridge_slave_0: left promiscuous mode
[  262.675498][ T7608] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.286359][ T7622] FAULT_INJECTION: forcing a failure.
[  263.286359][ T7622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.300066][ T7622] CPU: 1 UID: 0 PID: 7622 Comm: syz.5.461 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  263.310718][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  263.320812][ T7622] Call Trace:
[  263.324124][ T7622]  <TASK>
[  263.327076][ T7622]  dump_stack_lvl+0x241/0x360
[  263.331767][ T7622]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.336973][ T7622]  ? __pfx__printk+0x10/0x10
[  263.341568][ T7622]  ? __pfx_lock_release+0x10/0x10
[  263.346713][ T7622]  should_fail_ex+0x3b0/0x4e0
[  263.351416][ T7622]  _copy_from_iter+0x1e9/0x1c20
[  263.354466][ T7608] bridge_slave_1: left allmulticast mode
[  263.356285][ T7622]  ? __virt_addr_valid+0x183/0x530
[  263.362030][ T7608] bridge_slave_1: left promiscuous mode
[  263.367024][ T7622]  ? skb_set_owner_w+0x246/0x380
[  263.373016][ T7608] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.377594][ T7622]  ? __pfx__copy_from_iter+0x10/0x10
[  263.389942][ T7622]  ? __virt_addr_valid+0x183/0x530
[  263.395067][ T7622]  ? __virt_addr_valid+0x183/0x530
[  263.400181][ T7622]  ? __virt_addr_valid+0x45f/0x530
[  263.405298][ T7622]  ? __phys_addr_symbol+0x2f/0x70
[  263.410342][ T7622]  ? __check_object_size+0x47a/0x730
[  263.415639][ T7622]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  263.421366][ T7622]  skb_copy_datagram_from_iter+0xf2/0x6a0
[  263.427096][ T7622]  ? skb_put+0x114/0x1f0
[  263.431390][ T7622]  queue_oob+0x18a/0x680
[  263.435664][ T7622]  ? __pfx_queue_oob+0x10/0x10
[  263.440443][ T7622]  ? smack_socket_getpeersec_dgram+0x306/0x410
[  263.446615][ T7622]  unix_stream_sendmsg+0xd24/0xf80
[  263.451740][ T7622]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[  263.458173][ T7622]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  263.463934][ T7622]  ? __pfx_lock_release+0x10/0x10
[  263.468964][ T7622]  ? __import_iovec+0x590/0x870
[  263.473844][ T7622]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  263.479566][ T7622]  __sock_sendmsg+0x221/0x270
[  263.484271][ T7622]  ____sys_sendmsg+0x52a/0x7e0
[  263.489047][ T7622]  ? __pfx_____sys_sendmsg+0x10/0x10
[  263.494335][ T7622]  ? __fget_files+0x2a/0x410
[  263.498934][ T7622]  ? __fget_files+0x2a/0x410
[  263.503566][ T7622]  __sys_sendmsg+0x269/0x350
[  263.508165][ T7622]  ? __pfx_lock_release+0x10/0x10
[  263.513260][ T7622]  ? __pfx___sys_sendmsg+0x10/0x10
[  263.518386][ T7622]  ? __pfx_vfs_write+0x10/0x10
[  263.523182][ T7622]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  263.529531][ T7622]  ? do_syscall_64+0x100/0x230
[  263.534311][ T7622]  ? do_syscall_64+0xb6/0x230
[  263.539000][ T7622]  do_syscall_64+0xf3/0x230
[  263.543519][ T7622]  ? clear_bhb_loop+0x35/0x90
[  263.548234][ T7622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.554160][ T7622] RIP: 0033:0x7f8639385d19
[  263.558611][ T7622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.578230][ T7622] RSP: 002b:00007f863a1e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.586673][ T7622] RAX: ffffffffffffffda RBX: 00007f8639575fa0 RCX: 00007f8639385d19
[  263.594677][ T7622] RDX: 0000000000004041 RSI: 00000000200001c0 RDI: 0000000000000003
[  263.602675][ T7622] RBP: 00007f863a1e8090 R08: 0000000000000000 R09: 0000000000000000
[  263.610649][ T7622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.618625][ T7622] R13: 0000000000000000 R14: 00007f8639575fa0 R15: 00007ffd90715628
[  263.626614][ T7622]  </TASK>
[  263.633487][ T7608] bond0: (slave bond_slave_0): Releasing backup interface
[  263.672581][ T7608] bond0: (slave bond_slave_1): Releasing backup interface
[  263.695886][ T7608] team0: Port device team_slave_0 removed
[  263.725970][ T7608] team0: Port device team_slave_1 removed
[  263.893291][ T7608] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.900745][ T7608] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.920730][ T7608] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.932055][ T7608] batman_adv: batadv0: Removing interface: batadv_slave_1
[  264.602731][ T7629] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:0
[  264.707016][ T7618] bridge_slave_0: left allmulticast mode
[  264.713148][ T7618] bridge_slave_0: left promiscuous mode
[  264.718879][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.764951][ T7618] bridge_slave_1: left allmulticast mode
[  264.766782][ T7633] FAULT_INJECTION: forcing a failure.
[  264.766782][ T7633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.786159][ T7618] bridge_slave_1: left promiscuous mode
[  264.796880][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.806181][ T7633] CPU: 0 UID: 0 PID: 7633 Comm: syz.2.464 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  264.816836][ T7633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  264.827097][ T7633] Call Trace:
[  264.830422][ T7633]  <TASK>
[  264.833394][ T7633]  dump_stack_lvl+0x241/0x360
[  264.838156][ T7633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.843488][ T7633]  ? __pfx__printk+0x10/0x10
[  264.848195][ T7633]  ? snprintf+0xda/0x120
[  264.852914][ T7633]  should_fail_ex+0x3b0/0x4e0
[  264.857663][ T7633]  _copy_to_user+0x31/0xb0
[  264.862139][ T7633]  simple_read_from_buffer+0xca/0x150
[  264.867546][ T7633]  proc_fail_nth_read+0x1e9/0x250
[  264.872620][ T7633]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.878196][ T7633]  ? rw_verify_area+0x55e/0x6f0
[  264.883083][ T7633]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.888676][ T7633]  vfs_read+0x1fc/0xb70
[  264.892865][ T7633]  ? __pfx___mutex_lock+0x10/0x10
[  264.897930][ T7633]  ? __pfx_vfs_read+0x10/0x10
[  264.902640][ T7633]  ? __fget_files+0x2a/0x410
[  264.907251][ T7633]  ? __fget_files+0x395/0x410
[  264.911969][ T7633]  ? __fget_files+0x2a/0x410
[  264.916611][ T7633]  ksys_read+0x18f/0x2b0
[  264.920882][ T7633]  ? __pfx_ksys_read+0x10/0x10
[  264.925667][ T7633]  ? do_syscall_64+0x100/0x230
[  264.930584][ T7633]  ? do_syscall_64+0xb6/0x230
[  264.935387][ T7633]  do_syscall_64+0xf3/0x230
[  264.939915][ T7633]  ? clear_bhb_loop+0x35/0x90
[  264.944681][ T7633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.950717][ T7633] RIP: 0033:0x7f8e82d8472c
[  264.955150][ T7633] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  264.974775][ T7633] RSP: 002b:00007f8e83af9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  264.983313][ T7633] RAX: ffffffffffffffda RBX: 00007f8e82f75fa0 RCX: 00007f8e82d8472c
[  264.991324][ T7633] RDX: 000000000000000f RSI: 00007f8e83af90a0 RDI: 0000000000000004
[  264.999325][ T7633] RBP: 00007f8e83af9090 R08: 0000000000000000 R09: 0000000000000000
[  265.007333][ T7633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.015344][ T7633] R13: 0000000000000000 R14: 00007f8e82f75fa0 R15: 00007fff2047a1f8
[  265.023380][ T7633]  </TASK>
[  265.037464][ T7618] bond0: (slave bond_slave_0): Releasing backup interface
[  265.065146][ T7618] bond0: (slave bond_slave_1): Releasing backup interface
[  265.100497][ T7618] team0: Port device team_slave_0 removed
[  265.118295][ T7618] team0: Port device team_slave_1 removed
[  265.131341][ T7618] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.140638][ T7618] batman_adv: batadv0: Removing interface: batadv_slave_0
[  265.157499][ T7618] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  265.169526][ T7618] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.452454][ T5883] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  267.207143][ T7673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.215947][ T7673] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.353480][ T5883] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  267.363713][ T5883] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  267.394160][ T5883] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  267.403794][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.412328][ T5883] usb 6-1: Product: syz
[  267.419647][ T5883] usb 6-1: Manufacturer: syz
[  267.722252][ T5883] usb 6-1: SerialNumber: syz
[  268.672415][ T7650] bridge_slave_0: left allmulticast mode
[  268.678338][ T7650] bridge_slave_0: left promiscuous mode
[  268.684566][ T7650] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.773927][ T7650] bridge_slave_1: left allmulticast mode
[  268.779696][ T7650] bridge_slave_1: left promiscuous mode
[  268.785617][ T7650] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.141613][ T7650] bond0: (slave bond_slave_0): Releasing backup interface
[  269.388417][ T7650] bond0: (slave bond_slave_1): Releasing backup interface
[  269.411399][ T7650] team0: Port device team_slave_0 removed
[  269.424128][ T7650] team0: Port device team_slave_1 removed
[  269.430789][ T7650] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  269.438375][ T7650] batman_adv: batadv0: Removing interface: batadv_slave_0
[  269.459479][ T7650] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  269.467057][ T7650] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.412515][ T5883] usb 6-1: 0:2 : does not exist
[  270.508536][ T5883] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  270.551191][ T5883] usb 6-1: USB disconnect, device number 6
[  271.302066][ T5932] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  271.476232][ T5932] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  271.681314][ T7711] netlink: 8 bytes leftover after parsing attributes in process `syz.3.489'.
[  271.748327][ T5932] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  272.487857][ T7714] can0: slcan on ttyS3.
[  272.772052][ T5932] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.354984][ T7715] can0 (unregistered): slcan off ttyS3.
[  273.404314][ T5932] gspca_main: stv0680-2.14.0 probing 041e:4007
[  273.861936][ T7721] can0: slcan on ttyS3.
[  274.593262][ T7729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.602441][ T7721] can0 (unregistered): slcan off ttyS3.
[  274.753424][ T5932] stv0680 6-1:4.0: STV(e): camera ping failed!!
[  274.799020][ T7729] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  275.533313][ T5932] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -110
[  275.534247][ T7729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.543001][ T7704] delete_channel: no stack
[  275.553250][ T7729] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  275.559443][ T5932] stv0680 6-1:4.0: last error: 0,  command = 0x0
[  275.596572][ T5932] usb 6-1: USB disconnect, device number 7
[  279.595696][ T7767] sch_tbf: burst 1127 is lower than device lo mtu (65550) !
[  280.042029][ T5920] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  280.202427][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  280.212026][ T5920] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  280.220589][ T5920] usb 5-1: config 0 has no interface number 0
[  280.248510][ T5920] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  280.259805][ T7780] openvswitch: netlink: Message has 1 unknown bytes.
[  280.283136][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.309099][ T5920] usb 5-1: Product: syz
[  280.328080][ T5920] usb 5-1: Manufacturer: syz
[  280.342699][ T5920] usb 5-1: SerialNumber: syz
[  280.359226][ T5920] usb 5-1: config 0 descriptor??
[  280.652602][ T1211] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  280.842494][ T1211] usb 6-1: Using ep0 maxpacket: 32
[  280.981317][ T1211] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  281.093816][ T5920] radio-si470x 5-1:0.35: si470x_get_report: usb_control_msg returned -110
[  281.140271][ T7771] wg1: entered promiscuous mode
[  281.174800][ T1211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.258771][ T5920] radio-si470x 5-1:0.35: probe with driver radio-si470x failed with error -5
[  281.296694][ T7771] vlan2: entered promiscuous mode
[  281.375342][ T7771] wg1: left promiscuous mode
[  281.513043][ T1211] usb 6-1: config 0 descriptor??
[  281.518828][ T5920] radio-raremono 5-1:0.35: this is not Thanko's Raremono.
[  281.639419][ T1211] as10x_usb: device has been detected
[  281.646252][ T1211] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  281.683467][ T1211] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  281.737757][ T1211] as10x_usb: error during firmware upload part1
[  281.754258][ T1211] Registered device nBox DVB-T Dongle
[  282.052459][ T1211] usb 5-1: USB disconnect, device number 7
[  283.657322][ T5920] usb 6-1: USB disconnect, device number 8
[  283.737402][ T5920] Unregistered device nBox DVB-T Dongle
[  283.743739][ T5920] as10x_usb: device has been disconnected
[  286.732165][ T7849] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:0
[  287.178877][ T7854] FAULT_INJECTION: forcing a failure.
[  287.178877][ T7854] name failslab, interval 1, probability 0, space 0, times 0
[  287.221980][ T7854] CPU: 1 UID: 0 PID: 7854 Comm: syz.4.530 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  287.232777][ T7854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  287.242853][ T7854] Call Trace:
[  287.246150][ T7854]  <TASK>
[  287.249101][ T7854]  dump_stack_lvl+0x241/0x360
[  287.253818][ T7854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.259036][ T7854]  ? __pfx__printk+0x10/0x10
[  287.263659][ T7854]  should_fail_ex+0x3b0/0x4e0
[  287.268365][ T7854]  should_failslab+0xac/0x100
[  287.273070][ T7854]  ? skb_clone+0x20c/0x390
[  287.277502][ T7854]  kmem_cache_alloc_noprof+0x70/0x380
[  287.282951][ T7854]  skb_clone+0x20c/0x390
[  287.287223][ T7854]  __netlink_deliver_tap+0x3cc/0x7f0
[  287.292538][ T7854]  ? netlink_deliver_tap+0x2e/0x1b0
[  287.297756][ T7854]  netlink_deliver_tap+0x19d/0x1b0
[  287.302886][ T7854]  netlink_unicast+0x7c4/0x990
[  287.307687][ T7854]  ? __pfx_netlink_unicast+0x10/0x10
[  287.312995][ T7854]  ? __virt_addr_valid+0x45f/0x530
[  287.318135][ T7854]  ? __phys_addr_symbol+0x2f/0x70
[  287.323182][ T7854]  ? __check_object_size+0x47a/0x730
[  287.328520][ T7854]  netlink_sendmsg+0x8e4/0xcb0
[  287.333322][ T7854]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.338638][ T7854]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.343968][ T7854]  __sock_sendmsg+0x221/0x270
[  287.348695][ T7854]  ____sys_sendmsg+0x52a/0x7e0
[  287.353514][ T7854]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.358832][ T7854]  ? __fget_files+0x2a/0x410
[  287.363472][ T7854]  ? __fget_files+0x2a/0x410
[  287.368085][ T7854]  __sys_sendmsg+0x269/0x350
[  287.372710][ T7854]  ? __pfx_lock_release+0x10/0x10
[  287.377757][ T7854]  ? __pfx___sys_sendmsg+0x10/0x10
[  287.382958][ T7854]  ? __pfx_vfs_write+0x10/0x10
[  287.387762][ T7854]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  287.394109][ T7854]  ? do_syscall_64+0x100/0x230
[  287.399001][ T7854]  ? do_syscall_64+0xb6/0x230
[  287.403708][ T7854]  do_syscall_64+0xf3/0x230
[  287.408239][ T7854]  ? clear_bhb_loop+0x35/0x90
[  287.412948][ T7854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.418893][ T7854] RIP: 0033:0x7f42d2985d19
[  287.423338][ T7854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.442966][ T7854] RSP: 002b:00007f42d3818038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.451402][ T7854] RAX: ffffffffffffffda RBX: 00007f42d2b75fa0 RCX: 00007f42d2985d19
[  287.459388][ T7854] RDX: 0000000004000080 RSI: 0000000020001200 RDI: 0000000000000003
[  287.467369][ T7854] RBP: 00007f42d3818090 R08: 0000000000000000 R09: 0000000000000000
[  287.475382][ T7854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.483368][ T7854] R13: 0000000000000000 R14: 00007f42d2b75fa0 R15: 00007ffd0f8860f8
[  287.491385][ T7854]  </TASK>
[  287.943571][ T7865] FAULT_INJECTION: forcing a failure.
[  287.943571][ T7865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.979487][ T7865] CPU: 0 UID: 0 PID: 7865 Comm: syz.5.535 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  287.990158][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  288.000263][ T7865] Call Trace:
[  288.003586][ T7865]  <TASK>
[  288.006558][ T7865]  dump_stack_lvl+0x241/0x360
[  288.011304][ T7865]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.016556][ T7865]  ? __pfx__printk+0x10/0x10
[  288.021196][ T7865]  ? get_sigframe+0x5e2/0x800
[  288.025936][ T7865]  should_fail_ex+0x3b0/0x4e0
[  288.030675][ T7865]  _copy_to_user+0x31/0xb0
[  288.035145][ T7865]  copy_siginfo_to_user+0x24/0xc0
[  288.040225][ T7865]  x64_setup_rt_frame+0x7b7/0xd20
[  288.045283][ T7865]  ? lockdep_hardirqs_on+0x99/0x150
[  288.050512][ T7865]  ? _raw_spin_unlock_irq+0x2e/0x50
[  288.055753][ T7865]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  288.061332][ T7865]  ? __asan_memset+0x23/0x50
[  288.065982][ T7865]  arch_do_signal_or_restart+0x458/0x860
[  288.071654][ T7865]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  288.077841][ T7865]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  288.083859][ T7865]  ? syscall_exit_to_user_mode+0xa3/0x340
[  288.089612][ T7865]  syscall_exit_to_user_mode+0xce/0x340
[  288.095189][ T7865]  do_syscall_64+0x100/0x230
[  288.099805][ T7865]  ? clear_bhb_loop+0x35/0x90
[  288.104509][ T7865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.110426][ T7865] RIP: 0033:0x7f8639385d19
[  288.114860][ T7865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.134497][ T7865] RSP: 002b:00007f863a1e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012e
[  288.142939][ T7865] RAX: fffffffffffffff2 RBX: 00007f8639575fa0 RCX: 00007f8639385d19
[  288.150930][ T7865] RDX: 0000000020000140 RSI: 000000000000000d RDI: 0000000000000000
[  288.158916][ T7865] RBP: 00007f863a1e8090 R08: 0000000000000000 R09: 0000000000000000
[  288.166905][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.174895][ T7865] R13: 0000000000000000 R14: 00007f8639575fa0 R15: 00007ffd90715628
[  288.182902][ T7865]  </TASK>
[  288.186954][ T5911] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  288.346359][ T5911] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  288.374439][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.419858][ T5911] usb 1-1: Product: syz
[  288.438059][ T5911] usb 1-1: Manufacturer: syz
[  288.444311][ T5911] usb 1-1: SerialNumber: syz
[  288.954762][ T7873] netlink: 763 bytes leftover after parsing attributes in process `syz.5.537'.
[  288.963030][ T5911] usb 1-1: config 0 descriptor??
[  289.037694][ T7875] netlink: 68 bytes leftover after parsing attributes in process `syz.2.539'.
[  289.198456][ T5920] usb 1-1: USB disconnect, device number 11
[  290.140617][ T3483] Bluetooth: hci3: Frame reassembly failed (-84)
[  292.602061][ T5837] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  294.882211][ T7927] netlink: 28 bytes leftover after parsing attributes in process `syz.4.555'.
[  294.916853][ T7927] netlink: 28 bytes leftover after parsing attributes in process `syz.4.555'.
[  295.057505][   T29] audit: type=1326 audit(1734030186.514:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.081222][   T29] audit: type=1326 audit(1734030186.524:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.109809][   T29] audit: type=1326 audit(1734030186.534:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.181225][   T29] audit: type=1326 audit(1734030186.534:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.342064][   T29] audit: type=1326 audit(1734030186.534:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8e82d847cf code=0x7ffc0000
[  295.422173][   T29] audit: type=1326 audit(1734030186.534:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.514537][   T29] audit: type=1326 audit(1734030186.534:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.615185][   T29] audit: type=1326 audit(1734030186.534:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.642798][   T29] audit: type=1326 audit(1734030186.534:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  295.709593][   T29] audit: type=1326 audit(1734030186.534:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.2.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e82d85d19 code=0x7ffc0000
[  299.559670][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.567'.
[  299.872877][ T5932] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  300.852355][ T5932] usb 1-1: device descriptor read/64, error -71
[  302.369736][ T1211] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  302.412014][ T5932] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  302.547507][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.562152][ T5932] usb 1-1: device descriptor read/64, error -71
[  302.565658][ T1211] usb 6-1: New USB device found, idVendor=056a, idProduct=030a, bcdDevice= 0.00
[  302.594174][ T1211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.659845][ T1211] usb 6-1: config 0 descriptor??
[  302.702321][ T5932] usb usb1-port1: attempt power cycle
[  303.802274][ T1211] wacom 0003:056A:030A.0001: hidraw0: USB HID v0.00 Device [HID 056a:030a] on usb-dummy_hcd.5-1/input0
[  305.144790][ T5883] usb 6-1: USB disconnect, device number 9
[  307.532250][ T1211] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  307.712201][ T1211] usb 6-1: Using ep0 maxpacket: 8
[  307.870012][ T1211] usb 6-1: unable to get BOS descriptor or descriptor too short
[  307.888580][ T1211] usb 6-1: unable to read config index 0 descriptor/start: -71
[  307.914663][ T1211] usb 6-1: can't read configurations, error -71
[  308.653221][ T8035] FAULT_INJECTION: forcing a failure.
[  308.653221][ T8035] name failslab, interval 1, probability 0, space 0, times 0
[  308.666308][ T8035] CPU: 0 UID: 0 PID: 8035 Comm: syz.5.585 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  308.676958][ T8035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  308.687065][ T8035] Call Trace:
[  308.690374][ T8035]  <TASK>
[  308.693337][ T8035]  dump_stack_lvl+0x241/0x360
[  308.698098][ T8035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.703341][ T8035]  ? __pfx__printk+0x10/0x10
[  308.707975][ T8035]  ? __kmalloc_noprof+0xb5/0x4c0
[  308.712953][ T8035]  ? __pfx___might_resched+0x10/0x10
[  308.718298][ T8035]  should_fail_ex+0x3b0/0x4e0
[  308.723032][ T8035]  should_failslab+0xac/0x100
[  308.727764][ T8035]  __kmalloc_noprof+0xdd/0x4c0
[  308.732568][ T8035]  ? cap_capable+0x1b4/0x250
[  308.737195][ T8035]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  308.743493][ T8035]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  308.749660][ T8035]  genl_rcv_msg+0x802/0xec0
[  308.754224][ T8035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  308.759325][ T8035]  ? __pfx_lock_acquire+0x10/0x10
[  308.764391][ T8035]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  308.769992][ T8035]  ? __pfx___might_resched+0x10/0x10
[  308.775344][ T8035]  netlink_rcv_skb+0x1e3/0x430
[  308.780151][ T8035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  308.785226][ T8035]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  308.790582][ T8035]  genl_rcv+0x28/0x40
[  308.794625][ T8035]  netlink_unicast+0x7f6/0x990
[  308.799457][ T8035]  ? __pfx_netlink_unicast+0x10/0x10
[  308.804797][ T8035]  ? __virt_addr_valid+0x45f/0x530
[  308.809966][ T8035]  ? __phys_addr_symbol+0x2f/0x70
[  308.815054][ T8035]  ? __check_object_size+0x47a/0x730
[  308.820492][ T8035]  netlink_sendmsg+0x8e4/0xcb0
[  308.825321][ T8035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.830696][ T8035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.836124][ T8035]  __sock_sendmsg+0x221/0x270
[  308.840872][ T8035]  ____sys_sendmsg+0x52a/0x7e0
[  308.845786][ T8035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  308.851133][ T8035]  ? __fget_files+0x2a/0x410
[  308.855790][ T8035]  ? __fget_files+0x2a/0x410
[  308.860457][ T8035]  __sys_sendmsg+0x269/0x350
[  308.865275][ T8035]  ? __pfx_lock_release+0x10/0x10
[  308.870363][ T8035]  ? __pfx___sys_sendmsg+0x10/0x10
[  308.875552][ T8035]  ? __pfx_vfs_write+0x10/0x10
[  308.880421][ T8035]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  308.886817][ T8035]  ? do_syscall_64+0x100/0x230
[  308.891653][ T8035]  ? do_syscall_64+0xb6/0x230
[  308.896499][ T8035]  do_syscall_64+0xf3/0x230
[  308.901079][ T8035]  ? clear_bhb_loop+0x35/0x90
[  308.905833][ T8035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.911790][ T8035] RIP: 0033:0x7f8639385d19
[  308.916280][ T8035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.936022][ T8035] RSP: 002b:00007f863a1e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  308.936165][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.944464][ T8035] RAX: ffffffffffffffda RBX: 00007f8639575fa0 RCX: 00007f8639385d19
[  308.944516][ T8035] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[  308.944532][ T8035] RBP: 00007f863a1e8090 R08: 0000000000000000 R09: 0000000000000000
[  308.944546][ T8035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.944561][ T8035] R13: 0000000000000000 R14: 00007f8639575fa0 R15: 00007ffd90715628
[  308.944596][ T8035]  </TASK>
[  309.023513][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.878924][ T8042] netlink: 40 bytes leftover after parsing attributes in process `syz.2.583'.
[  310.612656][ T8061] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  311.587088][ T8067] usb usb1: check_ctrlrecip: process 8067 (syz.2.593) requesting ep 01 but needs 81
[  311.600559][ T8067] usb usb1: usbfs: process 8067 (syz.2.593) did not claim interface 0 before use
[  312.344562][ T8075] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  312.414610][ T8075] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  312.424377][ T8075] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  312.487068][ T8075] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  312.598191][ T8075] geneve2: entered promiscuous mode
[  312.627782][ T8075] geneve2: entered allmulticast mode
[  312.889074][ T8075] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  312.951078][ T8075] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.205980][ T8075] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.402128][ T8075] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  313.709680][ T5920] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  315.294215][ T5920] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  315.308230][ T5920] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  315.447040][ T5920] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  315.462041][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.470898][ T5920] usb 5-1: Product: syz
[  315.475380][ T5920] usb 5-1: Manufacturer: syz
[  315.480021][ T5920] usb 5-1: SerialNumber: syz
[  315.510761][ T5920] usb 5-1: selecting invalid altsetting 1
[  316.366137][ T5920] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  316.372420][ T5920] cdc_ncm 5-1:1.0: bind() failure
[  316.862367][ T5932] usb 5-1: USB disconnect, device number 8
[  317.415161][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  317.423245][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  318.208793][ T8111] overlay: ./file1 is not a directory
[  319.806522][ T8144] netlink: 48 bytes leftover after parsing attributes in process `syz.0.612'.
[  319.864682][ T8144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.612'.
[  324.840635][ T8201] fuse: Unknown parameter '	18446744073709551615'
[  329.164448][ T8216] xt_CT: You must specify a L4 protocol and not use inversions on it
[  329.197547][ T8216] syzkaller0: entered allmulticast mode
[  330.524700][ T5910] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  331.158377][ T5910] usb 1-1: Using ep0 maxpacket: 8
[  331.174547][ T5910] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  331.188547][ T5910] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  331.198244][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.208785][ T5910] usb 1-1: Product: syz
[  331.213617][ T5910] usb 1-1: Manufacturer: syz
[  331.218467][ T5910] usb 1-1: SerialNumber: syz
[  331.233363][ T5910] cdc_ether 1-1:1.0: skipping garbage
[  331.243516][ T5910] usb 1-1: bad CDC descriptors
[  331.478330][ T5932] usb 1-1: USB disconnect, device number 15
[  332.422005][ T5883] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  333.764672][ T5883] usb 5-1: config 0 has an invalid interface number: 83 but max is 0
[  333.773020][ T5883] usb 5-1: config 0 has no interface number 0
[  333.779151][ T5883] usb 5-1: config 0 interface 83 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  333.789031][ T5883] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  333.798784][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.833202][ T5883] usb 5-1: config 0 descriptor??
[  333.864864][ T5883] ttusbir 5-1:0.83: cannot find expected altsetting
[  334.110154][ T5883] usb 5-1: USB disconnect, device number 9
[  334.221260][ T8249] netlink: 18 bytes leftover after parsing attributes in process `syz.0.643'.
[  335.460787][ T8258] usb usb1: usbfs: process 8258 (syz.2.646) did not claim interface 3 before use
[  336.285460][ T8264] netlink: 'syz.4.649': attribute type 4 has an invalid length.
[  338.538386][ T8279] netlink: 'syz.0.653': attribute type 5 has an invalid length.
[  338.572234][ T8284] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  338.579925][ T8284] IPv6: NLM_F_CREATE should be set when creating new route
[  338.587384][ T8284] IPv6: NLM_F_CREATE should be set when creating new route
[  339.969351][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  339.989578][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  340.008858][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  340.029993][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  340.041455][ T5837] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  340.082050][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  340.422430][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  340.431635][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  340.441722][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  340.475811][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  340.483997][ T5841] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  340.491587][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  340.642450][ T8302] FAULT_INJECTION: forcing a failure.
[  340.642450][ T8302] name failslab, interval 1, probability 0, space 0, times 0
[  340.692104][ T8302] CPU: 1 UID: 0 PID: 8302 Comm: syz.0.659 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  340.702863][ T8302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  340.712974][ T8302] Call Trace:
[  340.716301][ T8302]  <TASK>
[  340.719268][ T8302]  dump_stack_lvl+0x241/0x360
[  340.724094][ T8302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.729353][ T8302]  ? __pfx__printk+0x10/0x10
[  340.734012][ T8302]  should_fail_ex+0x3b0/0x4e0
[  340.738852][ T8302]  should_failslab+0xac/0x100
[  340.743617][ T8302]  ? skb_clone+0x20c/0x390
[  340.748266][ T8302]  kmem_cache_alloc_noprof+0x70/0x380
[  340.753736][ T8302]  skb_clone+0x20c/0x390
[  340.758035][ T8302]  __netlink_deliver_tap+0x3cc/0x7f0
[  340.763385][ T8302]  ? netlink_deliver_tap+0x2e/0x1b0
[  340.768636][ T8302]  netlink_deliver_tap+0x19d/0x1b0
[  340.773847][ T8302]  netlink_unicast+0x7c4/0x990
[  340.778692][ T8302]  ? __pfx_netlink_unicast+0x10/0x10
[  340.784035][ T8302]  ? __virt_addr_valid+0x45f/0x530
[  340.789180][ T8302]  ? __phys_addr_symbol+0x2f/0x70
[  340.794228][ T8302]  ? __check_object_size+0x47a/0x730
[  340.799547][ T8302]  netlink_sendmsg+0x8e4/0xcb0
[  340.804426][ T8302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.809748][ T8302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.815055][ T8302]  __sock_sendmsg+0x221/0x270
[  340.819761][ T8302]  ____sys_sendmsg+0x52a/0x7e0
[  340.824640][ T8302]  ? __pfx_____sys_sendmsg+0x10/0x10
[  340.829987][ T8302]  ? __fget_files+0x2a/0x410
[  340.834628][ T8302]  ? __fget_files+0x2a/0x410
[  340.839249][ T8302]  __sys_sendmsg+0x269/0x350
[  340.843884][ T8302]  ? __pfx_lock_release+0x10/0x10
[  340.848947][ T8302]  ? __pfx___sys_sendmsg+0x10/0x10
[  340.854086][ T8302]  ? __pfx_vfs_write+0x10/0x10
[  340.858890][ T8302]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  340.865240][ T8302]  ? do_syscall_64+0x100/0x230
[  340.870028][ T8302]  ? do_syscall_64+0xb6/0x230
[  340.874734][ T8302]  do_syscall_64+0xf3/0x230
[  340.879258][ T8302]  ? clear_bhb_loop+0x35/0x90
[  340.884051][ T8302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.889966][ T8302] RIP: 0033:0x7f2daf385d19
[  340.894403][ T8302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.914115][ T8302] RSP: 002b:00007f2daf1f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  340.922552][ T8302] RAX: ffffffffffffffda RBX: 00007f2daf575fa0 RCX: 00007f2daf385d19
[  340.930544][ T8302] RDX: 0000000000000080 RSI: 00000000200002c0 RDI: 0000000000000003
[  340.938531][ T8302] RBP: 00007f2daf1f9090 R08: 0000000000000000 R09: 0000000000000000
[  340.946515][ T8302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.954503][ T8302] R13: 0000000000000000 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  340.962509][ T8302]  </TASK>
[  340.965732][    C1] vkms_vblank_simulate: vblank timer overrun
[  341.341446][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  341.542300][    T9] usb 4-1: Using ep0 maxpacket: 32
[  341.569557][ T8307] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  341.575751][ T8307] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  341.772511][    T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 228, using maximum allowed: 30
[  341.819464][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 228
[  341.973921][    T9] usb 4-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88
[  341.993972][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.019559][    T9] usb 4-1: Product: syz
[  342.047832][    T9] usb 4-1: Manufacturer: syz
[  342.064473][    T9] usb 4-1: SerialNumber: syz
[  342.082842][ T8295] chnl_net:caif_netlink_parms(): no params data found
[  342.157348][    T9] usb 4-1: config 0 descriptor??
[  342.300131][    T9] as10x_usb: device has been detected
[  342.311720][    T9] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan)
[  342.331761][    T9] usb 4-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)...
[  342.346850][    T9] as10x_usb: error during firmware upload part1
[  342.366539][    T9] Registered device Abilis Systems DVB-Titan
[  344.311267][ T1211] usb 4-1: USB disconnect, device number 9
[  344.359423][ T1211] Unregistered device Abilis Systems DVB-Titan
[  344.361479][ T1211] as10x_usb: device has been disconnected
[  345.654733][ T8295] bridge0: port 1(bridge_slave_0) entered blocking state
[  345.693583][ T8295] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.052597][ T8295] bridge_slave_0: entered allmulticast mode
[  346.713428][ T8295] bridge_slave_0: entered promiscuous mode
[  346.726170][ T8295] bridge0: port 2(bridge_slave_1) entered blocking state
[  346.752201][ T8295] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.826064][ T8295] bridge_slave_1: entered allmulticast mode
[  346.877630][ T8295] bridge_slave_1: entered promiscuous mode
[  346.989537][ T8350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  347.008921][ T8350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  347.460770][ T8295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  347.709272][ T8295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.861539][ T8295] team0: Port device team_slave_0 added
[  347.892698][ T8295] team0: Port device team_slave_1 added
[  348.097811][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  348.207430][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.482170][ T8295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.633316][ T8295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.707813][ T8295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.192893][ T8295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.204724][ T8373] FAULT_INJECTION: forcing a failure.
[  350.204724][ T8373] name failslab, interval 1, probability 0, space 0, times 0
[  350.224121][ T8373] CPU: 1 UID: 0 PID: 8373 Comm: syz.0.677 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  350.234814][ T8373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  350.244918][ T8373] Call Trace:
[  350.248248][ T8373]  <TASK>
[  350.251303][ T8373]  dump_stack_lvl+0x241/0x360
[  350.256059][ T8373]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.261322][ T8373]  ? __pfx__printk+0x10/0x10
[  350.265988][ T8373]  ? fs_reclaim_acquire+0x93/0x130
[  350.271255][ T8373]  ? __pfx___might_resched+0x10/0x10
[  350.278730][ T8373]  ? dynamic_dname+0x141/0x1b0
[  350.278781][ T8373]  should_fail_ex+0x3b0/0x4e0
[  350.288279][ T8373]  should_failslab+0xac/0x100
[  350.293024][ T8373]  __kmalloc_noprof+0xdd/0x4c0
[  350.297857][ T8373]  ? tomoyo_encode+0x26f/0x540
[  350.302690][ T8373]  tomoyo_encode+0x26f/0x540
[  350.307445][ T8373]  ? __pfx_sockfs_dname+0x10/0x10
[  350.312886][ T8373]  tomoyo_realpath_from_path+0x59e/0x5e0
[  350.318603][ T8373]  tomoyo_path_number_perm+0x236/0x860
[  350.324215][ T8373]  ? __lock_acquire+0x1397/0x2100
[  350.329399][ T8373]  ? tomoyo_path_number_perm+0x206/0x860
[  350.335283][ T8373]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  350.341413][ T8373]  ? __fget_files+0x2a/0x410
[  350.346069][ T8373]  ? __fget_files+0x2a/0x410
[  350.350867][ T8373]  security_file_ioctl+0xc6/0x2a0
[  350.355935][ T8373]  __se_sys_ioctl+0x46/0x170
[  350.360695][ T8373]  do_syscall_64+0xf3/0x230
[  350.365249][ T8373]  ? clear_bhb_loop+0x35/0x90
[  350.369972][ T8373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.375912][ T8373] RIP: 0033:0x7f2daf385d19
[  350.380344][ T8373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.399978][ T8373] RSP: 002b:00007f2daf1f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  350.408418][ T8373] RAX: ffffffffffffffda RBX: 00007f2daf575fa0 RCX: 00007f2daf385d19
[  350.416408][ T8373] RDX: 0000000020000000 RSI: 0000000000008982 RDI: 0000000000000003
[  350.424583][ T8373] RBP: 00007f2daf1f9090 R08: 0000000000000000 R09: 0000000000000000
[  350.432574][ T8373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.440572][ T8373] R13: 0000000000000000 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  350.448641][ T8373]  </TASK>
[  350.452539][ T8373] ERROR: Out of memory at tomoyo_realpath_from_path.
[  350.540222][ T8295] hsr_slave_0: entered promiscuous mode
[  350.560278][ T8295] hsr_slave_1: entered promiscuous mode
[  350.767505][ T8295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  350.777590][ T8295] Cannot create hsr debugfs directory
[  352.522122][ T1211] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  354.630735][ T1211] usb 5-1: Using ep0 maxpacket: 8
[  355.433442][ T1211] usb 5-1: device descriptor read/all, error -71
[  355.570311][ T8295] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  355.598954][ T8295] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  355.951287][ T8396] netlink: 44 bytes leftover after parsing attributes in process `syz.4.682'.
[  356.222605][ T8295] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  356.353668][ T8295] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  356.502087][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  357.551977][    T9] usb 1-1: Using ep0 maxpacket: 32
[  357.561483][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.579616][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.589642][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  358.546249][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.670913][ T8295] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.143749][ T8419] 
: renamed from bond0 (while UP)
[  359.523483][    T9] usb 1-1: config 0 descriptor??
[  359.627973][ T8295] 8021q: adding VLAN 0 to HW filter on device team0
[  359.658923][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.666124][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.825218][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  359.825240][   T29] audit: type=1400 audit(1734030251.314:25): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=8428 comm="syz.4.690" saddr=172.30.0.5 daddr=172.20.20.170
[  359.871882][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.879088][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.183001][    T9] usb 1-1: can't set config #0, error -71
[  360.191786][    T9] usb 1-1: USB disconnect, device number 16
[  360.297975][ T8295] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  360.309410][ T8295] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  360.631795][ T8437] FAULT_INJECTION: forcing a failure.
[  360.631795][ T8437] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.645270][ T8437] CPU: 0 UID: 0 PID: 8437 Comm: syz.4.690 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  360.655920][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  360.666009][ T8437] Call Trace:
[  360.669306][ T8437]  <TASK>
[  360.672247][ T8437]  dump_stack_lvl+0x241/0x360
[  360.676951][ T8437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.682171][ T8437]  ? __pfx__printk+0x10/0x10
[  360.686783][ T8437]  ? snprintf+0xda/0x120
[  360.691128][ T8437]  should_fail_ex+0x3b0/0x4e0
[  360.695835][ T8437]  _copy_to_user+0x31/0xb0
[  360.700283][ T8437]  simple_read_from_buffer+0xca/0x150
[  360.705717][ T8437]  proc_fail_nth_read+0x1e9/0x250
[  360.710859][ T8437]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.716442][ T8437]  ? rw_verify_area+0x55e/0x6f0
[  360.721411][ T8437]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.726984][ T8437]  vfs_read+0x1fc/0xb70
[  360.731165][ T8437]  ? __pfx___mutex_lock+0x10/0x10
[  360.736217][ T8437]  ? __pfx_vfs_read+0x10/0x10
[  360.740916][ T8437]  ? __fget_files+0x2a/0x410
[  360.745521][ T8437]  ? __fget_files+0x395/0x410
[  360.750214][ T8437]  ? __fget_files+0x2a/0x410
[  360.754920][ T8437]  ksys_read+0x18f/0x2b0
[  360.759205][ T8437]  ? __pfx_ksys_read+0x10/0x10
[  360.763987][ T8437]  ? do_syscall_64+0x100/0x230
[  360.768790][ T8437]  ? do_syscall_64+0xb6/0x230
[  360.773505][ T8437]  do_syscall_64+0xf3/0x230
[  360.778030][ T8437]  ? clear_bhb_loop+0x35/0x90
[  360.782732][ T8437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.788650][ T8437] RIP: 0033:0x7f42d298472c
[  360.793078][ T8437] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  360.812701][ T8437] RSP: 002b:00007f42d37d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  360.821137][ T8437] RAX: ffffffffffffffda RBX: 00007f42d2b76160 RCX: 00007f42d298472c
[  360.829297][ T8437] RDX: 000000000000000f RSI: 00007f42d37d60a0 RDI: 000000000000000a
[  360.837285][ T8437] RBP: 00007f42d37d6090 R08: 0000000000000000 R09: 0000000000000000
[  360.845268][ T8437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.853256][ T8437] R13: 0000000000000000 R14: 00007f42d2b76160 R15: 00007ffd0f8860f8
[  360.861360][ T8437]  </TASK>
[  360.934402][ T8440] netlink: 1260 bytes leftover after parsing attributes in process `syz.0.691'.
[  360.973019][ T8440] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  361.750122][ T8295] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.837034][ T8295] veth0_vlan: entered promiscuous mode
[  363.878772][ T8295] veth1_vlan: entered promiscuous mode
[  363.959932][ T8295] veth0_macvtap: entered promiscuous mode
[  363.978661][ T8295] veth1_macvtap: entered promiscuous mode
[  364.225101][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  364.238693][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.255797][ T8295] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.287815][ T8295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.315362][ T8295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.465116][ T8295] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.766329][ T8295] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.783642][ T8295] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.793032][ T8295] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.805300][ T8295] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.983247][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.008615][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.087419][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.108956][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.212384][ T5920] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  367.575558][ T8489] loop0: detected capacity change from 0 to 7
[  367.590088][ T8489] Dev loop0: unable to read RDB block 7
[  367.596315][ T8489]  loop0: AHDI p4
[  367.600040][ T8489] loop0: partition table partially beyond EOD, truncated
[  367.814539][ T5920] usb 4-1: config 0 has an invalid interface number: 135 but max is 0
[  367.823151][ T5920] usb 4-1: config 0 has no interface number 0
[  367.829382][ T5920] usb 4-1: config 0 interface 135 altsetting 115 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  367.848203][ T5920] usb 4-1: config 0 interface 135 has no altsetting 0
[  367.858050][ T5920] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=6a.2c
[  367.876066][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.887509][ T5920] usb 4-1: Product: syz
[  367.897179][ T5920] usb 4-1: Manufacturer: syz
[  367.905902][ T5920] usb 4-1: SerialNumber: syz
[  367.913460][ T5920] usb 4-1: config 0 descriptor??
[  368.149466][ T8503] FAULT_INJECTION: forcing a failure.
[  368.149466][ T8503] name failslab, interval 1, probability 0, space 0, times 0
[  368.162465][ T8503] CPU: 1 UID: 0 PID: 8503 Comm: syz.0.703 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  368.176643][ T8503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  368.186835][ T8503] Call Trace:
[  368.190145][ T8503]  <TASK>
[  368.193108][ T8503]  dump_stack_lvl+0x241/0x360
[  368.197844][ T8503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.203116][ T8503]  ? __wake_up_klogd+0xcc/0x110
[  368.208038][ T8503]  should_fail_ex+0x3b0/0x4e0
[  368.212778][ T8503]  should_failslab+0xac/0x100
[  368.217514][ T8503]  ? __d_alloc+0x31/0x700
[  368.221878][ T8503]  kmem_cache_alloc_lru_noprof+0x75/0x390
[  368.227637][ T8503]  ? __pfx_lock_release+0x10/0x10
[  368.232708][ T8503]  __d_alloc+0x31/0x700
[  368.236907][ T8503]  d_alloc_pseudo+0x1f/0xb0
[  368.241451][ T8503]  alloc_file_pseudo+0x123/0x290
[  368.246445][ T8503]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  368.251972][ T8503]  anon_inode_getfd+0xce/0x1e0
[  368.256795][ T8503]  map_create+0xe1f/0x11c0
[  368.261256][ T8503]  __sys_bpf+0x6d1/0x810
[  368.265538][ T8503]  ? __pfx___sys_bpf+0x10/0x10
[  368.270342][ T8503]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  368.276409][ T8503]  __x64_sys_bpf+0x7c/0x90
[  368.280871][ T8503]  do_syscall_64+0xf3/0x230
[  368.285431][ T8503]  ? clear_bhb_loop+0x35/0x90
[  368.290156][ T8503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.296190][ T8503] RIP: 0033:0x7f2daf385d19
[  368.300640][ T8503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.320427][ T8503] RSP: 002b:00007f2daf1b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  368.328977][ T8503] RAX: ffffffffffffffda RBX: 00007f2daf576160 RCX: 00007f2daf385d19
[  368.336986][ T8503] RDX: 0000000000000048 RSI: 0000000020000040 RDI: 0000000000000000
[  368.344996][ T8503] RBP: 00007f2daf1b7090 R08: 0000000000000000 R09: 0000000000000000
[  368.353002][ T8503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.361011][ T8503] R13: 0000000000000001 R14: 00007f2daf576160 R15: 00007ffe8e6e4b08
[  368.369050][ T8503]  </TASK>
[  369.172347][ T8507] GUP no longer grows the stack in syz.4.705 (8507): 20004000-20008000 (20002000)
[  369.182894][ T8507] CPU: 0 UID: 0 PID: 8507 Comm: syz.4.705 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  369.193513][ T8507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  369.203598][ T8507] Call Trace:
[  369.206915][ T8507]  <TASK>
[  369.209852][ T8507]  dump_stack_lvl+0x241/0x360
[  369.214583][ T8507]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.219793][ T8507]  ? __pfx__printk+0x10/0x10
[  369.224474][ T8507]  ? find_vma+0xf9/0x170
[  369.228732][ T8507]  __get_user_pages+0x4385/0x49e0
[  369.233853][ T8507]  ? __lock_acquire+0x1397/0x2100
[  369.240347][ T8507]  ? __pfx___get_user_pages+0x10/0x10
[  369.240544][ T8507]  get_user_pages_remote+0x31e/0xb60
[  369.240584][ T8507]  ? __pfx_get_user_pages_remote+0x10/0x10
[  369.240616][ T8507]  ? __access_remote_vm+0x320/0x800
[  369.240649][ T8507]  __access_remote_vm+0x229/0x800
[  369.240687][ T8507]  ? __pfx___access_remote_vm+0x10/0x10
[  369.240717][ T8507]  ? rep_movs_alternative+0x4c/0x70
[  369.240750][ T8507]  proc_pid_cmdline_read+0x5b2/0x860
[  369.240789][ T8507]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  369.240822][ T8507]  ? rw_verify_area+0x55e/0x6f0
[  369.240854][ T8507]  vfs_readv+0x6bc/0xa80
[  369.240887][ T8507]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  369.240918][ T8507]  ? __pfx_vfs_readv+0x10/0x10
[  369.240958][ T8507]  ? __fget_files+0x2a/0x410
[  369.240977][ T8511] FAULT_INJECTION: forcing a failure.
[  369.240977][ T8511] name failslab, interval 1, probability 0, space 0, times 0
[  369.240983][ T8507]  ? __fget_files+0x395/0x410
[  369.241007][ T8507]  ? __fget_files+0x2a/0x410
[  369.241040][ T8507]  __x64_sys_preadv+0x1b7/0x2d0
[  369.241075][ T8507]  ? __pfx___x64_sys_preadv+0x10/0x10
[  369.241105][ T8507]  ? do_syscall_64+0x100/0x230
[  369.241137][ T8507]  ? do_syscall_64+0xb6/0x230
[  369.241168][ T8507]  do_syscall_64+0xf3/0x230
[  369.241197][ T8507]  ? clear_bhb_loop+0x35/0x90
[  369.241230][ T8507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.241267][ T8507] RIP: 0033:0x7f42d2985d19
[  369.241289][ T8507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.241308][ T8507] RSP: 002b:00007f42d37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  369.241333][ T8507] RAX: ffffffffffffffda RBX: 00007f42d2b76080 RCX: 00007f42d2985d19
[  369.241350][ T8507] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007
[  369.241364][ T8507] RBP: 00007f42d2a01a20 R08: 0000000000000000 R09: 0000000000000000
[  369.241378][ T8507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  369.241391][ T8507] R13: 0000000000000000 R14: 00007f42d2b76080 R15: 00007ffd0f8860f8
[  369.241421][ T8507]  </TASK>
[  369.241432][ T8511] CPU: 1 UID: 0 PID: 8511 Comm: syz.0.706 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  369.241461][ T8511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  369.241475][ T8511] Call Trace:
[  369.241484][ T8511]  <TASK>
[  369.241495][ T8511]  dump_stack_lvl+0x241/0x360
[  369.241531][ T8511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.241561][ T8511]  ? __pfx__printk+0x10/0x10
[  369.241593][ T8511]  ? __kmalloc_noprof+0xb5/0x4c0
[  369.241619][ T8511]  ? __pfx___might_resched+0x10/0x10
[  369.241662][ T8511]  should_fail_ex+0x3b0/0x4e0
[  369.241703][ T8511]  should_failslab+0xac/0x100
[  369.241740][ T8511]  __kmalloc_noprof+0xdd/0x4c0
[  369.241762][ T8511]  ? drm_atomic_state_init+0x9e/0x2f0
[  369.241791][ T8511]  ? __kasan_kmalloc+0x98/0xb0
[  369.241832][ T8511]  drm_atomic_state_init+0x9e/0x2f0
[  369.241867][ T8511]  drm_atomic_state_alloc+0xb9/0x100
[  369.241899][ T8511]  drm_client_modeset_commit_atomic+0xda/0x7d0
[  369.241934][ T8511]  ? __mutex_lock+0x37f/0xee0
[  369.241968][ T8511]  ? __mutex_lock+0x37f/0xee0
[  369.242000][ T8511]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  369.242036][ T8511]  ? trace_contention_end+0x3c/0x120
[  369.242108][ T8511]  drm_client_modeset_commit_locked+0xe0/0x520
[  369.242151][ T8511]  drm_client_modeset_commit+0x4a/0x70
[  369.242180][ T8511]  __drm_fb_helper_restore_fbdev_mode_unlocked+0xc3/0x170
[  369.242222][ T8511]  drm_fb_helper_set_par+0xaf/0x100
[  369.242260][ T8511]  fb_set_var+0x823/0xf10
[  369.242299][ T8511]  ? __pfx_fb_set_var+0x10/0x10
[  369.242323][ T8511]  ? __mutex_trylock_common+0x183/0x2e0
[  369.242375][ T8511]  ? trace_contention_end+0x3c/0x120
[  369.242408][ T8511]  ? __mutex_lock+0x37f/0xee0
[  369.242448][ T8511]  ? __pfx_lock_acquire+0x10/0x10
[  369.242477][ T8511]  ? do_fb_ioctl+0x56d/0x7b0
[  369.242511][ T8511]  ? __pfx___mutex_lock+0x10/0x10
[  369.242546][ T8511]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  369.242580][ T8511]  ? is_console_locked+0x9/0x20
[  369.242616][ T8511]  ? fbcon_modechange_possible+0x3fe/0x490
[  369.242664][ T8511]  do_fb_ioctl+0x643/0x7b0
[  369.242701][ T8511]  ? __pfx_do_fb_ioctl+0x10/0x10
[  369.242760][ T8511]  ? __asan_memset+0x23/0x50
[  369.242790][ T8511]  ? smack_file_ioctl+0x29e/0x3a0
[  369.242827][ T8511]  ? __pfx_smack_file_ioctl+0x10/0x10
[  369.242870][ T8511]  ? __fget_files+0x2a/0x410
[  369.242899][ T8511]  ? __fget_files+0x2a/0x410
[  369.242929][ T8511]  ? __pfx_fb_ioctl+0x10/0x10
[  369.242964][ T8511]  __se_sys_ioctl+0xf5/0x170
[  369.242998][ T8511]  do_syscall_64+0xf3/0x230
[  369.243045][ T8511]  ? clear_bhb_loop+0x35/0x90
[  369.243085][ T8511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.243118][ T8511] RIP: 0033:0x7f2daf385d19
[  369.243140][ T8511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.243192][ T8511] RSP: 002b:00007f2daf1b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  369.243221][ T8511] RAX: ffffffffffffffda RBX: 00007f2daf576160 RCX: 00007f2daf385d19
[  369.243240][ T8511] RDX: 0000000020000040 RSI: 0000000000004601 RDI: 0000000000000007
[  369.243256][ T8511] RBP: 00007f2daf1b7090 R08: 0000000000000000 R09: 0000000000000000
[  369.243272][ T8511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.243288][ T8511] R13: 0000000000000000 R14: 00007f2daf576160 R15: 00007ffe8e6e4b08
[  369.243326][ T8511]  </TASK>
[  371.135019][ T5920] xbox_remote_probe: Unexpected desc.bNumEndpoints: 2
[  371.147258][ T5920] usb 4-1: USB disconnect, device number 10
[  371.652056][ T5920] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  371.824742][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  371.874564][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.910210][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.921416][ T8535] netlink: 84 bytes leftover after parsing attributes in process `syz.6.714'.
[  371.930374][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  371.930432][ T5920] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  371.930461][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.999681][ T8535] vxcan2: entered promiscuous mode
[  372.001378][ T5920] usb 4-1: config 0 descriptor??
[  372.031228][ T8535] vxcan2: entered allmulticast mode
[  372.312926][ T8538] netlink: 'syz.6.714': attribute type 10 has an invalid length.
[  372.320764][ T8538] netlink: 40 bytes leftover after parsing attributes in process `syz.6.714'.
[  372.331072][ T8538] hsr0: entered promiscuous mode
[  372.349289][ T8538] hsr0: entered allmulticast mode
[  372.357911][ T8538] hsr_slave_0: entered allmulticast mode
[  372.377744][ T8538] hsr_slave_1: entered allmulticast mode
[  372.426205][ T5920] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  372.441609][ T5920] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0002/input/input25
[  372.471130][ T8535] =======================================================
[  372.471130][ T8535] WARNING: The mand mount option has been deprecated and
[  372.471130][ T8535]          and is ignored by this kernel. Remove the mand
[  372.471130][ T8535]          option from the mount to silence this warning.
[  372.471130][ T8535] =======================================================
[  372.592465][ T8538] bridge0: port 3(hsr0) entered blocking state
[  372.598807][ T8538] bridge0: port 3(hsr0) entered disabled state
[  372.630385][ T8538] bridge0: port 3(hsr0) entered blocking state
[  372.636877][ T8538] bridge0: port 3(hsr0) entered forwarding state
[  373.182350][ T8547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.717'.
[  373.266013][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.4.717'.
[  373.469456][ T5920] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  373.484283][ T5920] usb 4-1: USB disconnect, device number 11
[  373.495186][ T8535] hugetlbfs: Bad value 'k' for mount option 'nr_inodes'
[  373.495186][ T8535] 
[  373.668620][ T8541] kvm: kvm [8540]: vcpu1, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x9b50000081a
[  374.558551][ T8574] netlink: 'syz.3.724': attribute type 29 has an invalid length.
[  374.647934][ T8574] netlink: 'syz.3.724': attribute type 29 has an invalid length.
[  374.662320][ T8574] netlink: 596 bytes leftover after parsing attributes in process `syz.3.724'.
[  375.926289][ T8598] netlink: 'syz.0.731': attribute type 29 has an invalid length.
[  375.947547][ T8598] netlink: 'syz.0.731': attribute type 29 has an invalid length.
[  376.066230][ T8598] FAULT_INJECTION: forcing a failure.
[  376.066230][ T8598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.103172][ T8598] CPU: 1 UID: 0 PID: 8598 Comm: syz.0.731 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  376.113834][ T8598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  376.120312][ T8602] overlay: ./file1 is not a directory
[  376.123903][ T8598] Call Trace:
[  376.123917][ T8598]  <TASK>
[  376.123927][ T8598]  dump_stack_lvl+0x241/0x360
[  376.123967][ T8598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  376.123997][ T8598]  ? __pfx__printk+0x10/0x10
[  376.124027][ T8598]  ? __pfx_lock_release+0x10/0x10
[  376.124062][ T8598]  should_fail_ex+0x3b0/0x4e0
[  376.124103][ T8598]  _copy_from_iter+0x1e9/0x1c20
[  376.124132][ T8598]  ? __virt_addr_valid+0x183/0x530
[  376.124166][ T8598]  ? __alloc_skb+0x28f/0x440
[  376.124210][ T8598]  ? __pfx__copy_from_iter+0x10/0x10
[  376.124243][ T8598]  ? __virt_addr_valid+0x183/0x530
[  376.185014][ T8598]  ? __virt_addr_valid+0x183/0x530
[  376.190164][ T8598]  ? __virt_addr_valid+0x45f/0x530
[  376.195336][ T8598]  ? __phys_addr_symbol+0x2f/0x70
[  376.200444][ T8598]  ? __check_object_size+0x47a/0x730
[  376.205783][ T8598]  netlink_sendmsg+0x73d/0xcb0
[  376.210600][ T8598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.215936][ T8598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.221257][ T8598]  __sock_sendmsg+0x221/0x270
[  376.225984][ T8598]  ____sys_sendmsg+0x52a/0x7e0
[  376.230804][ T8598]  ? __pfx_____sys_sendmsg+0x10/0x10
[  376.236125][ T8598]  ? __fget_files+0x2a/0x410
[  376.240856][ T8598]  ? __fget_files+0x2a/0x410
[  376.245545][ T8598]  __sys_sendmsg+0x269/0x350
[  376.250201][ T8598]  ? __pfx_lock_release+0x10/0x10
[  376.255282][ T8598]  ? __pfx___sys_sendmsg+0x10/0x10
[  376.260454][ T8598]  ? __pfx_vfs_write+0x10/0x10
[  376.265297][ T8598]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  376.271676][ T8598]  ? do_syscall_64+0x100/0x230
[  376.276497][ T8598]  ? do_syscall_64+0xb6/0x230
[  376.281235][ T8598]  do_syscall_64+0xf3/0x230
[  376.285803][ T8598]  ? clear_bhb_loop+0x35/0x90
[  376.290536][ T8598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.296658][ T8598] RIP: 0033:0x7f2daf385d19
[  376.299590][ T8592] netlink: 60 bytes leftover after parsing attributes in process `syz.3.729'.
[  376.301096][ T8598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.329700][ T8598] RSP: 002b:00007f2daf1f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.338157][ T8598] RAX: ffffffffffffffda RBX: 00007f2daf575fa0 RCX: 00007f2daf385d19
[  376.346188][ T8598] RDX: 0000000000000044 RSI: 0000000020000840 RDI: 0000000000000004
[  376.354173][ T8598] RBP: 00007f2daf1f9090 R08: 0000000000000000 R09: 0000000000000000
[  376.362159][ T8598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.370155][ T8598] R13: 0000000000000000 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  376.378162][ T8598]  </TASK>
[  376.691151][ T8605] FAULT_INJECTION: forcing a failure.
[  376.691151][ T8605] name failslab, interval 1, probability 0, space 0, times 0
[  376.704060][ T8605] CPU: 1 UID: 0 PID: 8605 Comm: syz.4.733 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  376.714717][ T8605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  376.724823][ T8605] Call Trace:
[  376.728137][ T8605]  <TASK>
[  376.731110][ T8605]  dump_stack_lvl+0x241/0x360
[  376.735845][ T8605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  376.741094][ T8605]  ? __pfx__printk+0x10/0x10
[  376.745731][ T8605]  ? fs_reclaim_acquire+0x93/0x130
[  376.750893][ T8605]  ? __pfx___might_resched+0x10/0x10
[  376.756239][ T8605]  should_fail_ex+0x3b0/0x4e0
[  376.760979][ T8605]  should_failslab+0xac/0x100
[  376.765712][ T8605]  __kmalloc_noprof+0xdd/0x4c0
[  376.770514][ T8605]  ? tomoyo_encode+0x26f/0x540
[  376.775328][ T8605]  tomoyo_encode+0x26f/0x540
[  376.779969][ T8605]  tomoyo_mount_permission+0x359/0xb80
[  376.785508][ T8605]  ? tomoyo_mount_permission+0x298/0xb80
[  376.791271][ T8605]  ? __pfx___schedule+0x10/0x10
[  376.796165][ T8605]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  376.802218][ T8605]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  376.808289][ T8605]  ? hook_sb_mount+0x10b/0x420
[  376.813101][ T8605]  ? security_sb_mount+0x22/0x2f0
[  376.818179][ T8605]  security_sb_mount+0xe0/0x2f0
[  376.823091][ T8605]  path_mount+0xb9/0xfa0
[  376.827384][ T8605]  ? kmem_cache_free+0x195/0x410
[  376.832362][ T8605]  ? user_path_at+0x44/0x60
[  376.836924][ T8605]  __se_sys_mount+0x2d6/0x3c0
[  376.841638][ T8605]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  376.847751][ T8605]  ? __pfx___se_sys_mount+0x10/0x10
[  376.853031][ T8605]  ? do_syscall_64+0x100/0x230
[  376.857863][ T8605]  ? __x64_sys_mount+0x20/0xc0
[  376.862675][ T8605]  do_syscall_64+0xf3/0x230
[  376.867235][ T8605]  ? clear_bhb_loop+0x35/0x90
[  376.871973][ T8605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.877917][ T8605] RIP: 0033:0x7f42d2985d19
[  376.882372][ T8605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.902028][ T8605] RSP: 002b:00007f42d37d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  376.910497][ T8605] RAX: ffffffffffffffda RBX: 00007f42d2b76160 RCX: 00007f42d2985d19
[  376.918513][ T8605] RDX: 0000000020000100 RSI: 0000000020000000 RDI: 0000000000000000
[  376.926527][ T8605] RBP: 00007f42d37d6090 R08: 0000000000000000 R09: 0000000000000000
[  376.934557][ T8605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.942571][ T8605] R13: 0000000000000000 R14: 00007f42d2b76160 R15: 00007ffd0f8860f8
[  376.950602][ T8605]  </TASK>
[  377.324499][ T8608] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  377.662129][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  377.702141][ T5932] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  377.762316][ T5879] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  377.823719][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.841350][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  377.851197][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.867466][    T9] usb 1-1: config 0 descriptor??
[  377.882196][ T5932] usb 5-1: Using ep0 maxpacket: 8
[  377.889551][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  377.912522][ T5879] usb 7-1: Using ep0 maxpacket: 8
[  377.917792][ T5932] usb 5-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  377.992394][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.000550][ T5932] usb 5-1: Product: syz
[  378.005481][ T5932] usb 5-1: Manufacturer: syz
[  378.069520][ T5879] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  378.080218][ T5932] usb 5-1: SerialNumber: syz
[  378.086837][ T5879] usb 7-1: config 0 has no interfaces?
[  378.103388][ T5932] usb 5-1: config 0 descriptor??
[  378.110299][ T8613] netlink: 48 bytes leftover after parsing attributes in process `syz.0.734'.
[  378.130581][ T5879] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  378.140363][ T5879] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  378.151992][ T5879] usb 7-1: Product: syz
[  378.156213][ T5879] usb 7-1: Manufacturer: syz
[  378.171164][ T5879] usb 7-1: SerialNumber: syz
[  378.187291][ T5879] usb 7-1: config 0 descriptor??
[  378.330070][    T9] logitech 0003:046D:C293.0003: unbalanced collection at end of report description
[  378.341044][    T9] logitech 0003:046D:C293.0003: parse failed
[  378.357593][    T9] logitech 0003:046D:C293.0003: probe with driver logitech failed with error -22
[  378.418843][    T9] usb 7-1: USB disconnect, device number 2
[  379.367522][ T5920] usb 1-1: USB disconnect, device number 17
[  379.383819][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  379.480079][ T8640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.489193][ T8640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.656560][ T5932] usb 5-1: USB disconnect, device number 12
[  379.807553][ T8646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.817588][ T8646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.042068][ T5920] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  380.126943][ T5932] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  380.243605][ T8654] netlink: 16 bytes leftover after parsing attributes in process `syz.3.751'.
[  380.430104][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.475923][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.530043][ T5932] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  380.718456][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.563329][ T5932] usb 5-1: config 0 descriptor??
[  381.582490][ T5920] usb 7-1: config index 0 descriptor too short (expected 3133, got 61)
[  381.590818][ T5920] usb 7-1: config 0 has an invalid interface number: 156 but max is 1
[  381.842232][ T5920] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  381.858553][ T5920] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  381.867683][ T5920] usb 7-1: config 0 has no interface number 0
[  381.873956][ T5920] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  381.885275][ T5920] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  381.895709][ T5920] usb 7-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  381.909387][ T5920] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  381.918791][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.092679][ T5920] usb 7-1: config 0 descriptor??
[  382.154850][ T5920] gspca_main: spca561-2.14.0 probing abcd:cdee
[  382.363750][ T5920] spca561 7-1:0.156: probe with driver spca561 failed with error -22
[  382.376744][ T5920] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  382.390873][ T5920] usb 7-1: MIDIStreaming interface descriptor not found
[  382.508661][ T5920] usb 7-1: USB disconnect, device number 3
[  382.913287][ T8677] netlink: 60 bytes leftover after parsing attributes in process `syz.0.757'.
[  383.190227][ T5932] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0004/input/input27
[  384.567173][ T5932] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0004/input/input28
[  384.631639][ T5932] uclogic 0003:256C:006D.0004: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[  385.045684][ T5932] usb 5-1: USB disconnect, device number 13
[  385.315502][ T8691] netlink: 1260 bytes leftover after parsing attributes in process `syz.4.760'.
[  385.325331][ T8691] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  388.061093][ T8714] netlink: 18 bytes leftover after parsing attributes in process `syz.6.769'.
[  390.035823][ T5932] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  390.161617][ T8738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.170547][ T8738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.481592][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.493123][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.504342][ T5932] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  390.513593][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.534555][ T5932] usb 1-1: config 0 descriptor??
[  390.996955][ T5932] lenovo 0003:17EF:6062.0005: unknown main item tag 0x4
[  391.012708][ T5932] lenovo 0003:17EF:6062.0005: unknown main item tag 0x2
[  391.055050][ T5932] lenovo 0003:17EF:6062.0005: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.0-1/input0
[  391.317673][ T8732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.992146][ T8732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.020279][ T5932] usb 1-1: USB disconnect, device number 18
[  392.208706][ T8759] FAULT_INJECTION: forcing a failure.
[  392.208706][ T8759] name failslab, interval 1, probability 0, space 0, times 0
[  392.233809][ T8759] CPU: 0 UID: 0 PID: 8759 Comm: syz.2.784 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  392.244496][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  392.254608][ T8759] Call Trace:
[  392.257925][ T8759]  <TASK>
[  392.260885][ T8759]  dump_stack_lvl+0x241/0x360
[  392.265620][ T8759]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.270884][ T8759]  ? __pfx__printk+0x10/0x10
[  392.275575][ T8759]  ? __kmalloc_cache_noprof+0x48/0x390
[  392.281093][ T8759]  ? __pfx___might_resched+0x10/0x10
[  392.286440][ T8759]  should_fail_ex+0x3b0/0x4e0
[  392.291179][ T8759]  should_failslab+0xac/0x100
[  392.295933][ T8759]  __kmalloc_cache_noprof+0x70/0x390
[  392.301268][ T8759]  ? genl_start+0x1cb/0x6d0
[  392.305834][ T8759]  genl_start+0x1cb/0x6d0
[  392.310231][ T8759]  __netlink_dump_start+0x45c/0x790
[  392.315485][ T8759]  genl_rcv_msg+0x88c/0xec0
[  392.320136][ T8759]  ? __pfx_genl_rcv_msg+0x10/0x10
[  392.325408][ T8759]  ? __pfx_genl_start+0x10/0x10
[  392.330309][ T8759]  ? __pfx_genl_dumpit+0x10/0x10
[  392.335291][ T8759]  ? __pfx_genl_done+0x10/0x10
[  392.340124][ T8759]  ? __pfx_lock_acquire+0x10/0x10
[  392.345191][ T8759]  ? __pfx_nfc_genl_dump_devices+0x10/0x10
[  392.351040][ T8759]  ? __pfx_nfc_genl_dump_devices_done+0x10/0x10
[  392.357326][ T8759]  ? __pfx___might_resched+0x10/0x10
[  392.362696][ T8759]  netlink_rcv_skb+0x1e3/0x430
[  392.367525][ T8759]  ? __pfx_genl_rcv_msg+0x10/0x10
[  392.372610][ T8759]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  392.377978][ T8759]  genl_rcv+0x28/0x40
[  392.382009][ T8759]  netlink_unicast+0x7f6/0x990
[  392.386864][ T8759]  ? __pfx_netlink_unicast+0x10/0x10
[  392.392205][ T8759]  ? __virt_addr_valid+0x45f/0x530
[  392.397363][ T8759]  ? __phys_addr_symbol+0x2f/0x70
[  392.402442][ T8759]  ? __check_object_size+0x47a/0x730
[  392.407800][ T8759]  netlink_sendmsg+0x8e4/0xcb0
[  392.412716][ T8759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.418076][ T8759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.423411][ T8759]  __sock_sendmsg+0x221/0x270
[  392.428151][ T8759]  ____sys_sendmsg+0x52a/0x7e0
[  392.432971][ T8759]  ? __pfx_____sys_sendmsg+0x10/0x10
[  392.438303][ T8759]  ? __fget_files+0x2a/0x410
[  392.443034][ T8759]  ? __fget_files+0x2a/0x410
[  392.447689][ T8759]  __sys_sendmsg+0x269/0x350
[  392.452411][ T8759]  ? __pfx_lock_release+0x10/0x10
[  392.457487][ T8759]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.463102][ T8759]  ? __pfx_vfs_write+0x10/0x10
[  392.467946][ T8759]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  392.474325][ T8759]  ? do_syscall_64+0x100/0x230
[  392.479145][ T8759]  ? do_syscall_64+0xb6/0x230
[  392.483904][ T8759]  do_syscall_64+0xf3/0x230
[  392.488465][ T8759]  ? clear_bhb_loop+0x35/0x90
[  392.493206][ T8759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.499168][ T8759] RIP: 0033:0x7f8e82d85d19
[  392.503641][ T8759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.523301][ T8759] RSP: 002b:00007f8e83af9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.531859][ T8759] RAX: ffffffffffffffda RBX: 00007f8e82f75fa0 RCX: 00007f8e82d85d19
[  392.539879][ T8759] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000004
[  392.547912][ T8759] RBP: 00007f8e83af9090 R08: 0000000000000000 R09: 0000000000000000
[  392.555938][ T8759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.564042][ T8759] R13: 0000000000000000 R14: 00007f8e82f75fa0 R15: 00007fff2047a1f8
[  392.572092][ T8759]  </TASK>
[  393.044025][ T8764] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:0
[  396.420017][ T8780] netlink: 1260 bytes leftover after parsing attributes in process `syz.0.789'.
[  396.447506][ T8780] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  398.421533][ T8804] FAULT_INJECTION: forcing a failure.
[  398.421533][ T8804] name failslab, interval 1, probability 0, space 0, times 0
[  398.833029][ T8804] CPU: 1 UID: 0 PID: 8804 Comm: syz.0.796 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  398.843816][ T8804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  398.853892][ T8804] Call Trace:
[  398.857185][ T8804]  <TASK>
[  398.860136][ T8804]  dump_stack_lvl+0x241/0x360
[  398.864845][ T8804]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.870059][ T8804]  ? __pfx__printk+0x10/0x10
[  398.874702][ T8804]  ? __kmalloc_cache_noprof+0x48/0x390
[  398.880179][ T8804]  ? __pfx___might_resched+0x10/0x10
[  398.885500][ T8804]  should_fail_ex+0x3b0/0x4e0
[  398.890237][ T8804]  should_failslab+0xac/0x100
[  398.894940][ T8804]  __kmalloc_cache_noprof+0x70/0x390
[  398.900254][ T8804]  ? proc_self_get_link+0xe0/0x170
[  398.905477][ T8804]  proc_self_get_link+0xe0/0x170
[  398.910445][ T8804]  ? __pfx_proc_self_get_link+0x10/0x10
[  398.916028][ T8804]  pick_link+0x631/0xd50
[  398.920294][ T8804]  step_into+0xca9/0x1080
[  398.924647][ T8804]  ? __d_lookup+0x706/0x7b0
[  398.929171][ T8804]  ? __pfx_step_into+0x10/0x10
[  398.933956][ T8804]  ? lookup_fast+0xb5/0x4a0
[  398.938912][ T8804]  link_path_walk+0x7b7/0xea0
[  398.943629][ T8804]  path_openat+0x266/0x3590
[  398.948163][ T8804]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  398.954520][ T8804]  ? lockdep_hardirqs_on+0x99/0x150
[  398.959741][ T8804]  ? __pfx_path_openat+0x10/0x10
[  398.964704][ T8804]  ? kernel_tmpfile_open+0x41/0x90
[  398.969832][ T8804]  ? do_filp_open+0x9f/0x4e0
[  398.974460][ T8804]  ? kasan_check_range+0x14a/0x290
[  398.979602][ T8804]  do_filp_open+0x27f/0x4e0
[  398.984125][ T8804]  ? __pfx_do_filp_open+0x10/0x10
[  398.989170][ T8804]  ? do_raw_spin_lock+0x14f/0x370
[  398.994256][ T8804]  do_sys_openat2+0x13e/0x1d0
[  398.998952][ T8804]  ? __pfx_do_sys_openat2+0x10/0x10
[  399.004168][ T8804]  ? __fget_files+0x2a/0x410
[  399.008788][ T8804]  __x64_sys_openat+0x247/0x2a0
[  399.013660][ T8804]  ? __pfx___x64_sys_openat+0x10/0x10
[  399.019164][ T8804]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  399.025518][ T8804]  ? do_syscall_64+0xb6/0x230
[  399.030226][ T8804]  do_syscall_64+0xf3/0x230
[  399.034757][ T8804]  ? clear_bhb_loop+0x35/0x90
[  399.039460][ T8804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.045406][ T8804] RIP: 0033:0x7f2daf384680
[  399.049836][ T8804] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  399.069552][ T8804] RSP: 002b:00007f2daf1f8f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  399.078455][ T8804] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2daf384680
[  399.086447][ T8804] RDX: 0000000000000002 RSI: 00007f2daf1f8fa0 RDI: 00000000ffffff9c
[  399.094436][ T8804] RBP: 00007f2daf1f8fa0 R08: 0000000000000000 R09: 0000000000000000
[  399.102452][ T8804] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  399.110435][ T8804] R13: 0000000000000000 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  399.118455][ T8804]  </TASK>
[  402.110876][ T8814] netlink: 60 bytes leftover after parsing attributes in process `syz.3.798'.
[  402.861994][  T119] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  403.092068][  T119] usb 1-1: Using ep0 maxpacket: 16
[  403.152003][  T119] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  403.172076][  T119] usb 1-1: config 0 has no interface number 0
[  403.396777][  T119] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  403.412086][  T119] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.420362][  T119] usb 1-1: Product: syz
[  404.346771][  T119] usb 1-1: Manufacturer: syz
[  404.351619][  T119] usb 1-1: SerialNumber: syz
[  404.436393][  T119] usb 1-1: config 0 descriptor??
[  404.882184][  T119] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  405.520432][ T8845] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  407.053824][  T119] gspca_spca1528: reg_r err -71
[  407.058895][  T119] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71
[  407.078486][  T119] usb 1-1: USB disconnect, device number 19
[  409.157140][ T8876] netlink: 60 bytes leftover after parsing attributes in process `syz.2.819'.
[  409.873578][ T8886] syz.6.822 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  412.839523][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  413.032268][    T9] usb 4-1: device descriptor read/64, error -71
[  413.272221][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  414.326882][    T9] usb 4-1: device descriptor read/64, error -71
[  414.799301][    T9] usb usb4-port1: attempt power cycle
[  415.352026][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  415.572031][    T9] usb 4-1: device not accepting address 14, error -71
[  416.444249][ T5920] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  416.613842][ T5920] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  416.624465][ T5920] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  416.646558][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.157564][ T5920] gspca_main: stv0680-2.14.0 probing 041e:4007
[  418.682067][ T5920] stv0680 7-1:4.0: STV(e): camera ping failed!!
[  420.024645][ T5920] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -110
[  420.036043][ T5920] stv0680 7-1:4.0: last error: 0,  command = 0x0
[  420.290673][ T5920] usb 7-1: USB disconnect, device number 4
[  420.336261][ T8961] netlink: 'syz.3.843': attribute type 3 has an invalid length.
[  420.352326][ T8961] netlink: 224 bytes leftover after parsing attributes in process `syz.3.843'.
[  420.564101][ T8960] block nbd2: shutting down sockets
[  422.393483][ T1211] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  422.396383][ T8982] FAULT_INJECTION: forcing a failure.
[  422.396383][ T8982] name failslab, interval 1, probability 0, space 0, times 0
[  422.436957][ T8982] CPU: 0 UID: 0 PID: 8982 Comm: syz.4.850 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  422.447341][ T8987] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:0
[  422.447606][ T8982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  422.464134][ T8982] Call Trace:
[  422.467460][ T8982]  <TASK>
[  422.470433][ T8982]  dump_stack_lvl+0x241/0x360
[  422.475169][ T8982]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.480422][ T8982]  ? __pfx__printk+0x10/0x10
[  422.485079][ T8982]  ? kmem_cache_alloc_noprof+0x48/0x380
[  422.490688][ T8982]  ? __pfx___might_resched+0x10/0x10
[  422.496045][ T8982]  should_fail_ex+0x3b0/0x4e0
[  422.500756][ T8982]  should_failslab+0xac/0x100
[  422.505462][ T8982]  ? getname_flags+0xb7/0x540
[  422.510262][ T8982]  kmem_cache_alloc_noprof+0x70/0x380
[  422.515679][ T8982]  getname_flags+0xb7/0x540
[  422.520289][ T8982]  path_setxattrat+0x400/0x510
[  422.525071][ T8982]  ? __pfx_path_setxattrat+0x10/0x10
[  422.530370][ T8982]  ? vfs_write+0x730/0xd30
[  422.534846][ T8982]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  422.540848][ T8982]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  422.547229][ T8982]  __x64_sys_lsetxattr+0xbf/0xe0
[  422.552187][ T8982]  do_syscall_64+0xf3/0x230
[  422.556709][ T8982]  ? clear_bhb_loop+0x35/0x90
[  422.561410][ T8982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.567319][ T8982] RIP: 0033:0x7f42d2985d19
[  422.571747][ T8982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.591369][ T8982] RSP: 002b:00007f42d3818038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  422.599801][ T8982] RAX: ffffffffffffffda RBX: 00007f42d2b75fa0 RCX: 00007f42d2985d19
[  422.607986][ T8982] RDX: 00000000200001c0 RSI: 0000000020000180 RDI: 0000000000000000
[  422.616006][ T8982] RBP: 00007f42d3818090 R08: 0000000000000003 R09: 0000000000000000
[  422.623993][ T8982] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  422.631977][ T8982] R13: 0000000000000000 R14: 00007f42d2b75fa0 R15: 00007ffd0f8860f8
[  422.639978][ T8982]  </TASK>
[  422.775925][ T1211] usb 1-1: device descriptor read/64, error -71
[  423.092372][ T1211] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  423.238554][ T1211] usb 1-1: device descriptor read/64, error -71
[  423.407305][ T1211] usb usb1-port1: attempt power cycle
[  424.182208][ T1211] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  425.400043][ T1211] usb 1-1: device descriptor read/8, error -71
[  425.622155][   T25] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  425.845035][ T9022] batadv_slave_1: entered promiscuous mode
[  426.682806][ T1211] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  426.726191][ T9018] batadv_slave_1: left promiscuous mode
[  426.865778][   T25] usb 7-1: config 0 has an invalid interface number: 128 but max is 0
[  426.882224][   T25] usb 7-1: config 0 has no interface number 0
[  426.888484][   T25] usb 7-1: config 0 interface 128 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  426.898763][   T25] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  426.908084][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.945367][ T1211] usb 1-1: device descriptor read/8, error -71
[  427.052269][ T1211] usb usb1-port1: unable to enumerate USB device
[  427.097072][   T25] usb 7-1: config 0 descriptor??
[  427.103023][   T25] usb 7-1: can't set config #0, error -71
[  427.112116][   T25] usb 7-1: USB disconnect, device number 5
[  427.131309][ T9025] FAULT_INJECTION: forcing a failure.
[  427.131309][ T9025] name failslab, interval 1, probability 0, space 0, times 0
[  427.144937][ T9025] CPU: 1 UID: 0 PID: 9025 Comm: syz.0.864 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  427.155594][ T9025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  427.165701][ T9025] Call Trace:
[  427.169023][ T9025]  <TASK>
[  427.171996][ T9025]  dump_stack_lvl+0x241/0x360
[  427.176749][ T9025]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.182017][ T9025]  ? __pfx__printk+0x10/0x10
[  427.186665][ T9025]  ? __kmalloc_noprof+0xb5/0x4c0
[  427.191836][ T9025]  ? __pfx___might_resched+0x10/0x10
[  427.197188][ T9025]  should_fail_ex+0x3b0/0x4e0
[  427.201939][ T9025]  should_failslab+0xac/0x100
[  427.206713][ T9025]  __kmalloc_noprof+0xdd/0x4c0
[  427.211523][ T9025]  ? security_prepare_creds+0x53/0x360
[  427.217094][ T9025]  ? rcu_is_watching+0x15/0xb0
[  427.221893][ T9025]  security_prepare_creds+0x53/0x360
[  427.227219][ T9025]  prepare_creds+0x467/0x640
[  427.231840][ T9025]  lookup_user_key+0x373/0x1500
[  427.236722][ T9025]  ? __pfx_lookup_user_key+0x10/0x10
[  427.242030][ T9025]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  427.248211][ T9025]  ? __might_fault+0xc6/0x120
[  427.252906][ T9025]  __se_sys_add_key+0x2fa/0x490
[  427.257775][ T9025]  ? __pfx___se_sys_add_key+0x10/0x10
[  427.263185][ T9025]  ? do_syscall_64+0x100/0x230
[  427.267970][ T9025]  ? __x64_sys_add_key+0x20/0xc0
[  427.272921][ T9025]  do_syscall_64+0xf3/0x230
[  427.277444][ T9025]  ? clear_bhb_loop+0x35/0x90
[  427.282157][ T9025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.288105][ T9025] RIP: 0033:0x7f2daf385d19
[  427.292552][ T9025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.312197][ T9025] RSP: 002b:00007f2daf1f9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  427.320650][ T9025] RAX: ffffffffffffffda RBX: 00007f2daf575fa0 RCX: 00007f2daf385d19
[  427.328633][ T9025] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000020000200
[  427.336616][ T9025] RBP: 00007f2daf1f9090 R08: fffffffffffffffe R09: 0000000000000000
[  427.344596][ T9025] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  427.352581][ T9025] R13: 0000000000000001 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  427.360580][ T9025]  </TASK>
[  431.402418][ T5932] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  431.542464][ T5932] usb 7-1: device descriptor read/64, error -71
[  431.664234][ T9066] netlink: 1260 bytes leftover after parsing attributes in process `syz.0.879'.
[  431.737213][ T9066] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  431.835323][ T5932] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  431.996322][ T9070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  432.018388][ T9070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.144730][ T5932] usb 7-1: device descriptor read/64, error -71
[  433.023425][ T5932] usb usb7-port1: attempt power cycle
[  433.381988][ T5932] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  433.412855][ T5932] usb 7-1: device descriptor read/8, error -71
[  439.272226][ T9128] fuse: Bad value for 'group_id'
[  439.277266][ T9128] fuse: Bad value for 'group_id'
[  439.895314][ T9136] FAULT_INJECTION: forcing a failure.
[  439.895314][ T9136] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.899373][ T9134] netlink: 'syz.3.896': attribute type 10 has an invalid length.
[  439.908653][ T9136] CPU: 1 UID: 0 PID: 9136 Comm: syz.2.899 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  439.926846][ T9136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  439.936951][ T9136] Call Trace:
[  439.940263][ T9136]  <TASK>
[  439.943231][ T9136]  dump_stack_lvl+0x241/0x360
[  439.948055][ T9136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.953308][ T9136]  ? __pfx__printk+0x10/0x10
[  439.957948][ T9136]  ? __pfx_lock_release+0x10/0x10
[  439.963062][ T9136]  should_fail_ex+0x3b0/0x4e0
[  439.963869][ T9134] netlink: 2 bytes leftover after parsing attributes in process `syz.3.896'.
[  439.967788][ T9136]  _copy_from_user+0x2f/0xc0
[  439.981299][ T9136]  copy_msghdr_from_user+0xae/0x680
[  439.986546][ T9136]  ? __pfx___might_resched+0x10/0x10
[  439.991874][ T9136]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  439.997715][ T9136]  ? __fget_files+0x2a/0x410
[  440.002320][ T9136]  ? __sys_sendmmsg+0x392/0x720
[  440.007183][ T9136]  ? __might_fault+0xaa/0x120
[  440.011882][ T9136]  __sys_sendmmsg+0x32b/0x720
[  440.016691][ T9136]  ? __pfx___sys_sendmmsg+0x10/0x10
[  440.021916][ T9136]  ? __pfx_lock_release+0x10/0x10
[  440.026950][ T9136]  ? kstrtouint_from_user+0x128/0x190
[  440.032346][ T9136]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  440.038252][ T9136]  ? ksys_write+0x22a/0x2b0
[  440.042765][ T9136]  ? __pfx_lock_release+0x10/0x10
[  440.047830][ T9136]  ? vfs_write+0x730/0xd30
[  440.052270][ T9136]  ? __mutex_unlock_slowpath+0x21e/0x790
[  440.057936][ T9136]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  440.063928][ T9136]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  440.070276][ T9136]  ? do_syscall_64+0x100/0x230
[  440.075056][ T9136]  __x64_sys_sendmmsg+0xa0/0xb0
[  440.079919][ T9136]  do_syscall_64+0xf3/0x230
[  440.084442][ T9136]  ? clear_bhb_loop+0x35/0x90
[  440.089131][ T9136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.095031][ T9136] RIP: 0033:0x7f8e82d85d19
[  440.099452][ T9136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.119146][ T9136] RSP: 002b:00007f8e83af9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  440.127573][ T9136] RAX: ffffffffffffffda RBX: 00007f8e82f75fa0 RCX: 00007f8e82d85d19
[  440.135569][ T9136] RDX: 0000000000000002 RSI: 0000000020000b00 RDI: 0000000000000004
[  440.143585][ T9136] RBP: 00007f8e83af9090 R08: 0000000000000000 R09: 0000000000000000
[  440.151566][ T9136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  440.159641][ T9136] R13: 0000000000000000 R14: 00007f8e82f75fa0 R15: 00007fff2047a1f8
[  440.167642][ T9136]  </TASK>
[  440.222064][ T9134] team0: entered promiscuous mode
[  440.227354][ T9134] bridge0: port 1(team0) entered blocking state
[  440.238662][ T9134] bridge0: port 1(team0) entered disabled state
[  440.245474][ T9134] team0: entered allmulticast mode
[  440.302901][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  441.868291][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  442.048110][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  442.063632][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  443.041298][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  443.062634][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  443.070805][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  443.112496][ T9138] Dead loop on virtual device ip6_vti0, fix it urgently!
[  444.022714][ T9172] FAULT_INJECTION: forcing a failure.
[  444.022714][ T9172] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  444.043584][ T9172] CPU: 0 UID: 0 PID: 9172 Comm: syz.2.910 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  444.054258][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  444.064366][ T9172] Call Trace:
[  444.067679][ T9172]  <TASK>
[  444.070647][ T9172]  dump_stack_lvl+0x241/0x360
[  444.075390][ T9172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  444.080651][ T9172]  ? __pfx__printk+0x10/0x10
[  444.085309][ T9172]  should_fail_ex+0x3b0/0x4e0
[  444.090051][ T9172]  prepare_alloc_pages+0x1da/0x5b0
[  444.095225][ T9172]  __alloc_pages_noprof+0x16f/0x710
[  444.100477][ T9172]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  444.106280][ T9172]  alloc_pages_mpol_noprof+0x3e8/0x680
[  444.111806][ T9172]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  444.117871][ T9172]  ? alloc_pages_noprof+0xef/0x170
[  444.123052][ T9172]  pte_alloc_one+0x8f/0x510
[  444.123234][ T9170] fuse: Unknown parameter 'ÿÿ@ÿ
[  444.123234][ T9170] à‰Ðº
(y$µœJ¹ÃÅÊe'
[  444.127587][ T9172]  ? blk_cgroup_congested+0x1b/0x200
[  444.140430][ T9170] netlink: 76 bytes leftover after parsing attributes in process `syz.4.907'.
[  444.142075][ T9172]  ? __pfx_pte_alloc_one+0x10/0x10
[  444.142109][ T9172]  ? __folio_throttle_swaprate+0xc7/0x1d0
[  444.142148][ T9172]  ? vma_alloc_anon_folio_pmd+0x20e/0x320
[  444.142183][ T9172]  do_huge_pmd_anonymous_page+0x2fb/0xb30
[  444.142230][ T9172]  handle_mm_fault+0x14ec/0x1ad0
[  444.142282][ T9172]  ? __pfx_handle_mm_fault+0x10/0x10
[  444.142323][ T9172]  ? __pfx_find_vma+0x10/0x10
[  444.188492][ T9172]  ? vma_is_secretmem+0xd/0x50
[  444.193288][ T9172]  ? check_vma_flags+0x52b/0x5a0
[  444.198252][ T9172]  __get_user_pages+0x1c82/0x49e0
[  444.203308][ T9172]  ? mark_lock+0x9a/0x360
[  444.207676][ T9172]  ? __pfx___get_user_pages+0x10/0x10
[  444.213088][ T9172]  ? __pfx_down_read_killable+0x10/0x10
[  444.218667][ T9172]  ? __pfx_lock_acquire+0x10/0x10
[  444.223716][ T9172]  ? try_get_folio+0xf1/0x6f0
[  444.228418][ T9172]  ? __pfx_lock_release+0x10/0x10
[  444.233481][ T9172]  __gup_longterm_locked+0x49a/0x17f0
[  444.238894][ T9172]  ? __pfx___gup_longterm_locked+0x10/0x10
[  444.244722][ T9172]  ? sanity_check_pinned_pages+0x11b2/0x12a0
[  444.250736][ T9172]  gup_fast_fallback+0x2266/0x29c0
[  444.255879][ T9172]  ? mark_lock+0x9a/0x360
[  444.260252][ T9172]  ? __pfx_gup_fast_fallback+0x10/0x10
[  444.266192][ T9172]  ? __pfx_lock_acquire+0x10/0x10
[  444.271273][ T9172]  ? mark_lock+0x9a/0x360
[  444.275653][ T9172]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  444.281666][ T9172]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  444.288027][ T9172]  ? __lruvec_stat_mod_folio+0x7d/0x300
[  444.293639][ T9172]  ? __kasan_kmalloc_large+0x8a/0xa0
[  444.298951][ T9172]  ? is_valid_gup_args+0x124/0x200
[  444.304090][ T9172]  pin_user_pages_fast+0xcc/0x160
[  444.309145][ T9172]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  444.314814][ T9172]  ? trace_kmalloc+0x1f/0xd0
[  444.319427][ T9172]  ? __kvmalloc_node_noprof+0x72/0x190
[  444.324913][ T9172]  io_pin_pages+0xb4/0x1a0
[  444.329346][ T9172]  io_sqe_buffer_register+0x22a/0x28b0
[  444.334859][ T9172]  ? __pfx_io_sqe_buffer_register+0x10/0x10
[  444.340772][ T9172]  ? trace_kmalloc+0x1f/0xd0
[  444.345374][ T9172]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[  444.350852][ T9172]  ? iovec_from_user+0x1b4/0x240
[  444.355819][ T9172]  io_sqe_buffers_register+0x404/0x820
[  444.361309][ T9172]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  444.367315][ T9172]  ? __fget_files+0x395/0x410
[  444.372017][ T9172]  ? __fget_files+0x2a/0x410
[  444.376632][ T9172]  __se_sys_io_uring_register+0xcd4/0x3db0
[  444.382453][ T9172]  ? __pfx_lock_acquire+0x10/0x10
[  444.387496][ T9172]  ? get_pid_task+0x23/0x1f0
[  444.392274][ T9172]  ? __pfx_lock_release+0x10/0x10
[  444.397366][ T9172]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  444.403651][ T9172]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  444.409567][ T9172]  ? ksys_write+0x22a/0x2b0
[  444.414089][ T9172]  ? __pfx_lock_release+0x10/0x10
[  444.419136][ T9172]  ? vfs_write+0x730/0xd30
[  444.423661][ T9172]  ? __mutex_unlock_slowpath+0x21e/0x790
[  444.429404][ T9172]  ? __pfx_vfs_write+0x10/0x10
[  444.434193][ T9172]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  444.440283][ T9172]  ? __fget_files+0x2a/0x410
[  444.444891][ T9172]  ? __fget_files+0x2a/0x410
[  444.449503][ T9172]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  444.455522][ T9172]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  444.461887][ T9172]  ? do_syscall_64+0x100/0x230
[  444.466703][ T9172]  ? do_syscall_64+0xb6/0x230
[  444.471427][ T9172]  do_syscall_64+0xf3/0x230
[  444.475959][ T9172]  ? clear_bhb_loop+0x35/0x90
[  444.480665][ T9172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.486599][ T9172] RIP: 0033:0x7f8e82d85d19
[  444.491067][ T9172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.511054][ T9172] RSP: 002b:00007f8e83af9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  444.519501][ T9172] RAX: ffffffffffffffda RBX: 00007f8e82f75fa0 RCX: 00007f8e82d85d19
[  444.527508][ T9172] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000003
[  444.535513][ T9172] RBP: 00007f8e83af9090 R08: 0000000000000000 R09: 0000000000000000
[  444.543509][ T9172] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[  444.551620][ T9172] R13: 0000000000000000 R14: 00007f8e82f75fa0 R15: 00007fff2047a1f8
[  444.559630][ T9172]  </TASK>
[  448.165046][ T9198] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.452820][ T9198] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.840219][ T9198] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.001348][ T9198] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.311850][ T9198] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  449.333816][ T9198] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  449.349520][ T9198] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  449.366046][ T9198] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  450.993872][ T5879] kernel write not supported for file /audio (pid: 5879 comm: kworker/1:3)
[  454.747669][   T29] audit: type=1326 audit(1734030346.234:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9256 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2daf385d19 code=0x7ffc0000
[  455.100765][   T29] audit: type=1326 audit(1734030346.234:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9256 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2daf385d19 code=0x7ffc0000
[  455.174350][ T9275] FAULT_INJECTION: forcing a failure.
[  455.174350][ T9275] name failslab, interval 1, probability 0, space 0, times 0
[  455.199394][ T9275] CPU: 0 UID: 0 PID: 9275 Comm: syz.4.939 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  455.210104][ T9275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  455.220176][ T9275] Call Trace:
[  455.223467][ T9275]  <TASK>
[  455.226409][ T9275]  dump_stack_lvl+0x241/0x360
[  455.231101][ T9275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.236314][ T9275]  ? __pfx__printk+0x10/0x10
[  455.240930][ T9275]  should_fail_ex+0x3b0/0x4e0
[  455.245661][ T9275]  should_failslab+0xac/0x100
[  455.250376][ T9275]  ? skb_clone+0x20c/0x390
[  455.254819][ T9275]  kmem_cache_alloc_noprof+0x70/0x380
[  455.260312][ T9275]  skb_clone+0x20c/0x390
[  455.264576][ T9275]  __netlink_deliver_tap+0x3cc/0x7f0
[  455.269878][ T9275]  ? netlink_deliver_tap+0x2e/0x1b0
[  455.275090][ T9275]  netlink_deliver_tap+0x19d/0x1b0
[  455.280217][ T9275]  netlink_unicast+0x7c4/0x990
[  455.285095][ T9275]  ? __pfx_netlink_unicast+0x10/0x10
[  455.290410][ T9275]  ? __virt_addr_valid+0x45f/0x530
[  455.295550][ T9275]  ? __phys_addr_symbol+0x2f/0x70
[  455.300593][ T9275]  ? __check_object_size+0x47a/0x730
[  455.305945][ T9275]  netlink_sendmsg+0x8e4/0xcb0
[  455.310996][ T9275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.316332][ T9275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.321624][ T9275]  __sock_sendmsg+0x221/0x270
[  455.326322][ T9275]  ____sys_sendmsg+0x52a/0x7e0
[  455.331104][ T9275]  ? __pfx_____sys_sendmsg+0x10/0x10
[  455.336417][ T9275]  ? __fget_files+0x2a/0x410
[  455.341040][ T9275]  ? __fget_files+0x2a/0x410
[  455.346082][ T9275]  __sys_sendmmsg+0x36a/0x720
[  455.350784][ T9275]  ? __pfx___sys_sendmmsg+0x10/0x10
[  455.356030][ T9275]  ? __pfx_lock_release+0x10/0x10
[  455.361176][ T9275]  ? kstrtouint_from_user+0x128/0x190
[  455.366581][ T9275]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  455.372488][ T9275]  ? ksys_write+0x22a/0x2b0
[  455.377004][ T9275]  ? __pfx_lock_release+0x10/0x10
[  455.382045][ T9275]  ? vfs_write+0x730/0xd30
[  455.386481][ T9275]  ? __mutex_unlock_slowpath+0x21e/0x790
[  455.392144][ T9275]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  455.398181][ T9275]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  455.404538][ T9275]  ? do_syscall_64+0x100/0x230
[  455.409348][ T9275]  __x64_sys_sendmmsg+0xa0/0xb0
[  455.414221][ T9275]  do_syscall_64+0xf3/0x230
[  455.418742][ T9275]  ? clear_bhb_loop+0x35/0x90
[  455.423528][ T9275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.429436][ T9275] RIP: 0033:0x7f42d2985d19
[  455.433885][ T9275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.453506][ T9275] RSP: 002b:00007f42d3818038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  455.461934][ T9275] RAX: ffffffffffffffda RBX: 00007f42d2b75fa0 RCX: 00007f42d2985d19
[  455.469913][ T9275] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  455.477892][ T9275] RBP: 00007f42d3818090 R08: 0000000000000000 R09: 0000000000000000
[  455.485870][ T9275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.493851][ T9275] R13: 0000000000000000 R14: 00007f42d2b75fa0 R15: 00007ffd0f8860f8
[  455.501880][ T9275]  </TASK>
[  455.510276][   T29] audit: type=1326 audit(1734030346.264:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9256 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2daf385d19 code=0x7ffc0000
[  455.792100][   T29] audit: type=1326 audit(1734030346.394:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9256 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2daf385d19 code=0x7ffc0000
[  457.592691][   T29] audit: type=1326 audit(1734030346.404:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9256 comm="syz.0.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2daf385d19 code=0x7ffc0000
[  458.805352][ T9300] netlink: 60 bytes leftover after parsing attributes in process `syz.4.946'.
[  463.369979][ T9316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  463.518927][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.951'.
[  463.941442][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.951'.
[  464.081991][ T5879] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  464.263332][ T5879] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  464.273871][ T5879] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  464.289911][ T5879] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  464.323789][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.399694][ T5879] usb 4-1: config 0 descriptor??
[  464.649880][ T9350] FAULT_INJECTION: forcing a failure.
[  464.649880][ T9350] name failslab, interval 1, probability 0, space 0, times 0
[  464.662768][ T9350] CPU: 1 UID: 0 PID: 9350 Comm: syz.0.958 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  464.673398][ T9350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  464.683496][ T9350] Call Trace:
[  464.686823][ T9350]  <TASK>
[  464.689790][ T9350]  dump_stack_lvl+0x241/0x360
[  464.694521][ T9350]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.699775][ T9350]  ? __pfx__printk+0x10/0x10
[  464.704416][ T9350]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  464.710440][ T9350]  should_fail_ex+0x3b0/0x4e0
[  464.715177][ T9350]  should_failslab+0xac/0x100
[  464.719901][ T9350]  ? dst_alloc+0x12b/0x190
[  464.724352][ T9350]  kmem_cache_alloc_noprof+0x70/0x380
[  464.729777][ T9350]  dst_alloc+0x12b/0x190
[  464.734064][ T9350]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[  464.740233][ T9350]  ip_route_output_key_hash+0x193/0x2b0
[  464.745816][ T9350]  ? ip_route_output_key_hash+0xdf/0x2b0
[  464.751485][ T9350]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  464.757610][ T9350]  ip_route_output_flow+0x29/0x140
[  464.762776][ T9350]  ping_v4_sendmsg+0x13d8/0x2460
[  464.767774][ T9350]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[  464.773099][ T9350]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  464.779478][ T9350]  ? lockdep_hardirqs_on+0x99/0x150
[  464.784725][ T9350]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[  464.790067][ T9350]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  464.795576][ T9350]  ? inet_sendmsg+0x330/0x390
[  464.800328][ T9350]  __sock_sendmsg+0x1a6/0x270
[  464.805086][ T9350]  ____sys_sendmsg+0x52a/0x7e0
[  464.809907][ T9350]  ? __pfx_____sys_sendmsg+0x10/0x10
[  464.815229][ T9350]  ? __fget_files+0x2a/0x410
[  464.819853][ T9350]  ? __fget_files+0x2a/0x410
[  464.824489][ T9350]  __sys_sendmsg+0x269/0x350
[  464.829135][ T9350]  ? __pfx___sys_sendmsg+0x10/0x10
[  464.834345][ T9350]  do_syscall_64+0xf3/0x230
[  464.838900][ T9350]  ? clear_bhb_loop+0x35/0x90
[  464.843625][ T9350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.849572][ T9350] RIP: 0033:0x7f2daf385d19
[  464.854022][ T9350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.873672][ T9350] RSP: 002b:00007f2daf1b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.882135][ T9350] RAX: ffffffffffffffda RBX: 00007f2daf576160 RCX: 00007f2daf385d19
[  464.890155][ T9350] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000008
[  464.898162][ T9350] RBP: 00007f2daf1b7090 R08: 0000000000000000 R09: 0000000000000000
[  464.906163][ T9350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.914179][ T9350] R13: 0000000000000000 R14: 00007f2daf576160 R15: 00007ffe8e6e4b08
[  464.922205][ T9350]  </TASK>
[  465.182868][    T9] usb 4-1: USB disconnect, device number 16
[  465.203780][ T9349] netlink: 60 bytes leftover after parsing attributes in process `syz.4.959'.
[  465.882524][ T9354] netlink: 18 bytes leftover after parsing attributes in process `syz.6.961'.
[  469.912638][ T9392] FAULT_INJECTION: forcing a failure.
[  469.912638][ T9392] name failslab, interval 1, probability 0, space 0, times 0
[  469.954054][ T9392] CPU: 0 UID: 0 PID: 9392 Comm: syz.0.968 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  469.964718][ T9392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  469.975156][ T9392] Call Trace:
[  469.978479][ T9392]  <TASK>
[  469.981436][ T9392]  dump_stack_lvl+0x241/0x360
[  469.986166][ T9392]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.991432][ T9392]  ? __pfx__printk+0x10/0x10
[  469.996099][ T9392]  ? kmem_cache_alloc_noprof+0x48/0x380
[  470.001698][ T9392]  ? __pfx___might_resched+0x10/0x10
[  470.007039][ T9392]  should_fail_ex+0x3b0/0x4e0
[  470.011769][ T9392]  should_failslab+0xac/0x100
[  470.016499][ T9392]  ? vm_area_dup+0x61/0x290
[  470.021043][ T9392]  kmem_cache_alloc_noprof+0x70/0x380
[  470.026471][ T9392]  vm_area_dup+0x61/0x290
[  470.030844][ T9392]  __split_vma+0x1cb/0xc50
[  470.035315][ T9392]  ? __pfx___split_vma+0x10/0x10
[  470.040292][ T9392]  ? mas_find+0x950/0xbb0
[  470.044661][ T9392]  ? __pfx_up_write+0x10/0x10
[  470.049465][ T9392]  ? ima_get_action+0x75/0xb0
[  470.054194][ T9392]  vms_gather_munmap_vmas+0x4c1/0x1600
[  470.059718][ T9392]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  470.065675][ T9392]  ? mas_find+0x8c0/0xbb0
[  470.070050][ T9392]  __mmap_region+0x7de/0x2cd0
[  470.074775][ T9392]  ? __pfx_lock_release+0x10/0x10
[  470.079837][ T9392]  ? __pfx___mmap_region+0x10/0x10
[  470.084988][ T9392]  ? __lock_acquire+0x1397/0x2100
[  470.090102][ T9392]  ? mark_lock+0x9a/0x360
[  470.094480][ T9392]  ? arch_get_unmapped_area_topdown+0x28e/0xc50
[  470.100763][ T9392]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  470.107408][ T9392]  ? cap_mmap_addr+0x163/0x2c0
[  470.112221][ T9392]  mmap_region+0x226/0x2c0
[  470.116698][ T9392]  do_mmap+0x8f0/0x1000
[  470.120907][ T9392]  ? __pfx_do_mmap+0x10/0x10
[  470.125530][ T9392]  ? __pfx_down_write_killable+0x10/0x10
[  470.131206][ T9392]  ? __pfx_lock_acquire+0x10/0x10
[  470.136270][ T9392]  vm_mmap_pgoff+0x1dd/0x3d0
[  470.140906][ T9392]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  470.146057][ T9392]  ? __fget_files+0x2a/0x410
[  470.150689][ T9392]  ? __fget_files+0x395/0x410
[  470.155403][ T9392]  ? __fget_files+0x2a/0x410
[  470.160030][ T9392]  ksys_mmap_pgoff+0x4eb/0x720
[  470.164832][ T9392]  ? __x64_sys_mmap+0x7f/0x140
[  470.169637][ T9392]  do_syscall_64+0xf3/0x230
[  470.174191][ T9392]  ? clear_bhb_loop+0x35/0x90
[  470.178913][ T9392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.184877][ T9392] RIP: 0033:0x7f2daf385d19
[  470.189333][ T9392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.208991][ T9392] RSP: 002b:00007f2daf1f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  470.217468][ T9392] RAX: ffffffffffffffda RBX: 00007f2daf575fa0 RCX: 00007f2daf385d19
[  470.223197][ T9394] pimreg3: entered allmulticast mode
[  470.225635][ T9392] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000000020000000
[  470.238948][ T9392] RBP: 00007f2daf1f9090 R08: 0000000000000003 R09: 0000000000000000
[  470.246976][ T9392] R10: 0000000000038011 R11: 0000000000000246 R12: 0000000000000001
[  470.255002][ T9392] R13: 0000000000000000 R14: 00007f2daf575fa0 R15: 00007ffe8e6e4b08
[  470.263040][ T9392]  </TASK>
[  470.421256][ T9393] pimreg3: left allmulticast mode
[  470.622078][ T5911] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  470.802396][ T5911] usb 5-1: Using ep0 maxpacket: 32
[  470.819758][ T5911] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  470.837593][ T9404] netlink: 60 bytes leftover after parsing attributes in process `syz.3.972'.
[  470.844614][ T5911] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  470.981040][ T5911] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  471.081037][ T5911] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  471.973928][ T9408] IPVS: set_ctl: invalid protocol: 108 100.1.1.2:20002
[  472.317572][ T5911] usb 5-1: config 0 interface 0 has no altsetting 0
[  472.444322][ T5911] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  472.453744][ T5911] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  472.462404][ T5911] usb 5-1: Product: syz
[  472.466751][ T5911] usb 5-1: Manufacturer: syz
[  472.471544][ T5911] usb 5-1: SerialNumber: syz
[  472.494132][ T5911] usb 5-1: config 0 descriptor??
[  472.650669][ T5911] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  472.696873][ T5911] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  472.741653][ T9412] netlink: 'syz.2.976': attribute type 10 has an invalid length.
[  472.750016][ T9412] netlink: 2 bytes leftover after parsing attributes in process `syz.2.976'.
[  472.760322][ T9412] team0: entered promiscuous mode
[  472.769795][ T9412] bridge0: port 1(team0) entered blocking state
[  472.776411][ T9412] bridge0: port 1(team0) entered disabled state
[  472.783011][ T9412] team0: entered allmulticast mode
[  472.900823][ T9418] netlink: 1280 bytes leftover after parsing attributes in process `syz.3.977'.
[  472.954744][ T9418] openvswitch: netlink: Flow actions attr not present in new flow.
[  472.993165][ T5911] usb 5-1: USB disconnect, device number 14
[  473.004205][ T1211] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  473.005620][ T5911] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  473.020466][ T9419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  473.038370][ T9419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.032136][ T1211] usb 7-1: Using ep0 maxpacket: 8
[  474.062646][ T1211] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  474.109898][ T1211] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  474.140253][ T1211] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.151248][ T9423] FAULT_INJECTION: forcing a failure.
[  474.151248][ T9423] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  474.165296][ T1211] usb 7-1: Product: syz
[  474.165326][ T1211] usb 7-1: Manufacturer: syz
[  474.165344][ T1211] usb 7-1: SerialNumber: syz
[  474.186402][ T9423] CPU: 1 UID: 0 PID: 9423 Comm: syz.2.980 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  474.197074][ T9423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  474.197802][ T1211] cdc_ether 7-1:1.0: skipping garbage
[  474.207152][ T9423] Call Trace:
[  474.207203][ T9423]  <TASK>
[  474.207215][ T9423]  dump_stack_lvl+0x241/0x360
[  474.207255][ T9423]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.207286][ T9423]  ? __pfx__printk+0x10/0x10
[  474.207325][ T9423]  should_fail_ex+0x3b0/0x4e0
[  474.207367][ T9423]  prepare_alloc_pages+0x1da/0x5b0
[  474.207409][ T9423]  __alloc_pages_noprof+0x16f/0x710
[  474.207444][ T9423]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  474.207495][ T9423]  alloc_pages_mpol_noprof+0x3e8/0x680
[  474.230850][ T1211] usb 7-1: bad CDC descriptors
[  474.233806][ T9423]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  474.233854][ T9423]  ? __pfx_lock_release+0x10/0x10
[  474.233877][ T9423]  ? xas_start+0x3cc/0x7b0
[  474.233911][ T9423]  folio_alloc_mpol_noprof+0x36/0x50
[  474.233968][ T9423]  shmem_alloc_and_add_folio+0x4a0/0x1080
[  474.234015][ T9423]  ? __pfx_filemap_get_entry+0x10/0x10
[  474.234051][ T9423]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  474.234092][ T9423]  ? shmem_allowable_huge_orders+0x580/0x660
[  474.309448][ T9423]  shmem_get_folio_gfp+0x621/0x1840
[  474.314722][ T9423]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  474.320380][ T9423]  ? ktime_get_coarse_real_ts64_mg+0x57/0x220
[  474.326463][ T9423]  ? seqcount_lockdep_reader_access+0x157/0x220
[  474.332727][ T9423]  ? lockdep_hardirqs_on+0x99/0x150
[  474.337946][ T9423]  shmem_write_begin+0x165/0x350
[  474.342911][ T9423]  ? __pfx_shmem_write_begin+0x10/0x10
[  474.348395][ T9423]  ? fault_in_iov_iter_readable+0x229/0x280
[  474.354333][ T9423]  generic_perform_write+0x346/0x990
[  474.359644][ T9423]  ? __pfx_generic_perform_write+0x10/0x10
[  474.365465][ T9423]  ? __pfx_generic_write_checks+0x10/0x10
[  474.371199][ T9423]  ? file_update_time+0x2ab/0x450
[  474.376275][ T9423]  shmem_file_write_iter+0xf9/0x120
[  474.381498][ T9423]  do_iter_readv_writev+0x600/0x880
[  474.386812][ T9423]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  474.392551][ T9423]  ? rcu_read_lock_any_held+0xb7/0x160
[  474.398050][ T9423]  vfs_writev+0x376/0xba0
[  474.402404][ T9423]  ? __pfx_lock_acquire+0x10/0x10
[  474.407501][ T9423]  ? __pfx_vfs_writev+0x10/0x10
[  474.412387][ T9423]  ? vfs_write+0x730/0xd30
[  474.416852][ T9423]  ? __fget_files+0x2a/0x410
[  474.421457][ T9423]  ? __fget_files+0x395/0x410
[  474.426160][ T9423]  ? __fget_files+0x2a/0x410
[  474.430789][ T9423]  __se_sys_pwritev2+0x196/0x2b0
[  474.435756][ T9423]  ? __pfx___se_sys_pwritev2+0x10/0x10
[  474.441239][ T9423]  ? do_syscall_64+0x100/0x230
[  474.446134][ T9423]  ? __x64_sys_pwritev2+0x21/0xf0
[  474.451185][ T9423]  do_syscall_64+0xf3/0x230
[  474.455722][ T9423]  ? clear_bhb_loop+0x35/0x90
[  474.460510][ T9423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.466422][ T9423] RIP: 0033:0x7f8e82d85d19
[  474.470844][ T9423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.490466][ T9423] RSP: 002b:00007f8e83af9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  474.498906][ T9423] RAX: ffffffffffffffda RBX: 00007f8e82f75fa0 RCX: 00007f8e82d85d19
[  474.506925][ T9423] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
[  474.514915][ T9423] RBP: 00007f8e83af9090 R08: 0000000000000000 R09: 0000000000000003
[  474.522905][ T9423] R10: 0000000000001200 R11: 0000000000000246 R12: 0000000000000001
[  474.530893][ T9423] R13: 0000000000000000 R14: 00007f8e82f75fa0 R15: 00007fff2047a1f8
[  474.538891][ T9423]  </TASK>
[  474.550176][ T1211] usb 7-1: USB disconnect, device number 10
[  476.336719][ T9446] netlink: 18 bytes leftover after parsing attributes in process `syz.4.985'.
[  476.626059][ T9451] nft_compat: unsupported protocol 1
[  477.632170][ T5911] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  477.791772][ T5911] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  477.803100][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.960545][ T5911] usb 4-1: config 0 descriptor??
[  478.534250][ T5911] cp210x 4-1:0.0: cp210x converter detected
[  478.651020][ T9467] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:0
[  478.755913][ T5911] usb 4-1: cp210x converter now attached to ttyUSB0
[  479.159086][    T9] usb 4-1: USB disconnect, device number 17
[  479.195241][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  479.205392][    T9] cp210x 4-1:0.0: device disconnected
[  480.692929][ T9486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.701631][ T9486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.945377][ T9486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.014605][ T9492] netlink: 96 bytes leftover after parsing attributes in process `syz.0.996'.
[  481.026623][ T9492] netlink: 40 bytes leftover after parsing attributes in process `syz.0.996'.
[  481.040491][ T9492] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  481.260765][ T9486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.782777][ T9498] netlink: 28 bytes leftover after parsing attributes in process `syz.6.999'.
[  481.792269][ T9498] netlink: 28 bytes leftover after parsing attributes in process `syz.6.999'.
[  481.831455][ T9498] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  481.850302][ T9498] bridge0: entered promiscuous mode
[  482.141432][ T1211] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  482.312417][ T1211] usb 4-1: Using ep0 maxpacket: 8
[  482.406949][ T1211] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.427540][ T9506] netlink: 18 bytes leftover after parsing attributes in process `syz.2.1002'.
[  482.513534][ T1211] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  482.533201][ T3443] 
[  482.535676][ T3443] ============================================
[  482.541849][ T3443] WARNING: possible recursive locking detected
[  482.548014][ T3443] 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Not tainted
[  482.555141][ T3443] --------------------------------------------
[  482.561341][ T3443] kworker/u8:7/3443 is trying to acquire lock:
[  482.567513][ T3443] ffff88805c27cf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210
[  482.576616][ T3443] 
[  482.576616][ T3443] but task is already holding lock:
[  482.584095][ T3443] ffff888031466f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210
[  482.593219][ T3443] 
[  482.593219][ T3443] other info that might help us debug this:
[  482.601292][ T3443]  Possible unsafe locking scenario:
[  482.601292][ T3443] 
[  482.608767][ T3443]        CPU0
[  482.612066][ T3443]        ----
[  482.615370][ T3443]   lock(&hsr->seqnr_lock);
[  482.619901][ T3443]   lock(&hsr->seqnr_lock);
[  482.624411][ T3443] 
[  482.624411][ T3443]  *** DEADLOCK ***
[  482.624411][ T3443] 
[  482.632563][ T3443]  May be due to missing lock nesting notation
[  482.632563][ T3443] 
[  482.640891][ T3443] 11 locks held by kworker/u8:7/3443:
[  482.646261][ T3443]  #0: ffff88814d623948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  482.657979][ T3443]  #1: ffffc9000d24fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  482.670804][ T3443]  #2: ffffffff8fc9f008 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0xd0/0x16f0
[  482.680259][ T3443]  #3: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x563/0x1450
[  482.689798][ T3443]  #4: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x63a/0x17b0
[  482.699680][ T3443]  #5: ffffffff8e937b40 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50
[  482.709652][ T3443]  #6: ffff888031466f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210
[  482.719182][ T3443]  #7: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0xb6/0x2b50
[  482.728701][ T3443]  #8: ffffffff8e937b40 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50
[  482.738652][ T3443]  #9: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: br_dev_xmit+0x21d/0x1b40
[  482.747910][ T3443]  #10: ffffffff8e937b40 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50
[  482.757946][ T3443] 
[  482.757946][ T3443] stack backtrace:
[  482.763841][ T3443] CPU: 0 UID: 0 PID: 3443 Comm: kworker/u8:7 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[  482.774694][ T3443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  482.784849][ T3443] Workqueue: ipv6_addrconf addrconf_dad_work
[  482.790866][ T3443] Call Trace:
[  482.794155][ T3443]  <TASK>
[  482.797100][ T3443]  dump_stack_lvl+0x241/0x360
[  482.801794][ T3443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.807008][ T3443]  ? __pfx__printk+0x10/0x10
[  482.811611][ T3443]  ? lockdep_unlock+0x16a/0x300
[  482.816488][ T3443]  print_deadlock_bug+0x483/0x620
[  482.821538][ T3443]  validate_chain+0x15e2/0x5920
[  482.826423][ T3443]  ? deref_stack_reg+0x17c/0x210
[  482.831372][ T3443]  ? stack_trace_save+0x118/0x1d0
[  482.836437][ T3443]  ? unwind_next_frame+0x18e6/0x22d0
[  482.841735][ T3443]  ? deref_stack_reg+0x17c/0x210
[  482.846684][ T3443]  ? __pfx_validate_chain+0x10/0x10
[  482.851896][ T3443]  ? __asan_memset+0x23/0x50
[  482.856496][ T3443]  ? unwind_next_frame+0x193b/0x22d0
[  482.861797][ T3443]  ? ret_from_fork_asm+0x1a/0x30
[  482.866752][ T3443]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  482.872926][ T3443]  ? __pfx_validate_chain+0x10/0x10
[  482.878143][ T3443]  ? arch_stack_walk+0x11c/0x150
[  482.883173][ T3443]  ? ret_from_fork_asm+0x1a/0x30
[  482.888137][ T3443]  ? mark_lock+0x9a/0x360
[  482.892490][ T3443]  __lock_acquire+0x1397/0x2100
[  482.897405][ T3443]  lock_acquire+0x1ed/0x550
[  482.901918][ T3443]  ? hsr_dev_xmit+0x18a/0x210
[  482.906603][ T3443]  ? __pfx_lock_acquire+0x10/0x10
[  482.911639][ T3443]  ? hsr_dev_xmit+0x18a/0x210
[  482.916323][ T3443]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  482.922149][ T3443]  ? netif_skb_features+0x8b6/0xc90
[  482.927365][ T3443]  ? hsr_dev_xmit+0x18a/0x210
[  482.932053][ T3443]  _raw_spin_lock_bh+0x35/0x50
[  482.936827][ T3443]  ? hsr_dev_xmit+0x18a/0x210
[  482.941514][ T3443]  hsr_dev_xmit+0x18a/0x210
[  482.946029][ T3443]  dev_hard_start_xmit+0x27a/0x7d0
[  482.951163][ T3443]  __dev_queue_xmit+0x1b73/0x3f50
[  482.956204][ T3443]  ? __dev_queue_xmit+0x2f4/0x3f50
[  482.961324][ T3443]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  482.967665][ T3443]  ? __pfx___dev_queue_xmit+0x10/0x10
[  482.973048][ T3443]  ? __local_bh_enable_ip+0x168/0x200
[  482.978436][ T3443]  ? lockdep_hardirqs_on+0x99/0x150
[  482.983650][ T3443]  ? __local_bh_enable_ip+0x168/0x200
[  482.989043][ T3443]  ? ebt_do_table+0x2840/0x2a40
[  482.993912][ T3443]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  482.999670][ T3443]  ? skb_push+0x97/0x100
[  483.003936][ T3443]  br_dev_queue_push_xmit+0x726/0x900
[  483.009348][ T3443]  ? __pfx_lock_release+0x10/0x10
[  483.014425][ T3443]  ? ebt_do_table+0x2840/0x2a40
[  483.019303][ T3443]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  483.025403][ T3443]  NF_HOOK+0x3a7/0x460
[  483.029489][ T3443]  ? NF_HOOK+0x9f/0x460
[  483.033658][ T3443]  ? __pfx_NF_HOOK+0x10/0x10
[  483.038267][ T3443]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  483.044175][ T3443]  ? __pfx_lock_release+0x10/0x10
[  483.049221][ T3443]  ? dev_hard_start_xmit+0x27a/0x7d0
[  483.054519][ T3443]  ? hsr_forward_skb+0x179d/0x2b50
[  483.059642][ T3443]  ? dev_hard_start_xmit+0x27a/0x7d0
[  483.064939][ T3443]  ? ip6_finish_output2+0x12c7/0x17b0
[  483.070326][ T3443]  br_forward_finish+0xd8/0x130
[  483.075198][ T3443]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  483.081102][ T3443]  NF_HOOK+0x3a7/0x460
[  483.085184][ T3443]  ? NF_HOOK+0x9f/0x460
[  483.089352][ T3443]  ? __pfx_NF_HOOK+0x10/0x10
[  483.093972][ T3443]  ? __pfx_br_forward_finish+0x10/0x10
[  483.099448][ T3443]  __br_forward+0x489/0x660
[  483.103964][ T3443]  ? __pfx_br_forward_finish+0x10/0x10
[  483.109438][ T3443]  ? __pfx___br_forward+0x10/0x10
[  483.114471][ T3443]  ? skb_clone+0x240/0x390
[  483.118898][ T3443]  maybe_deliver+0xb3/0x150
[  483.123425][ T3443]  br_flood+0x2e4/0x660
[  483.127609][ T3443]  br_dev_xmit+0x1202/0x1b40
[  483.132228][ T3443]  ? br_dev_xmit+0x21d/0x1b40
[  483.136942][ T3443]  ? __pfx_br_dev_xmit+0x10/0x10
[  483.141901][ T3443]  ? __pfx_validate_xmit_xfrm+0x10/0x10
[  483.147481][ T3443]  ? netif_skb_features+0x8b6/0xc90
[  483.152693][ T3443]  ? validate_xmit_skb+0x9b8/0xff0
[  483.157815][ T3443]  dev_hard_start_xmit+0x27a/0x7d0
[  483.162942][ T3443]  __dev_queue_xmit+0x1b73/0x3f50
[  483.167978][ T3443]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  483.173360][ T3443]  ? __dev_queue_xmit+0x2f4/0x3f50
[  483.178487][ T3443]  ? __build_skb_around+0x245/0x3d0
[  483.183694][ T3443]  ? __pfx___dev_queue_xmit+0x10/0x10
[  483.189077][ T3443]  ? __alloc_skb+0x28f/0x440
[  483.193681][ T3443]  ? __copy_skb_header+0x437/0x5b0
[  483.198805][ T3443]  ? __asan_memcpy+0x40/0x70
[  483.203407][ T3443]  ? __copy_skb_header+0x437/0x5b0
[  483.208552][ T3443]  ? hsr_addr_subst_dest+0x30a/0xac0
[  483.213861][ T3443]  hsr_forward_skb+0x179d/0x2b50
[  483.218846][ T3443]  ? hsr_forward_skb+0xb6/0x2b50
[  483.223794][ T3443]  ? __pfx_hsr_forward_skb+0x10/0x10
[  483.229091][ T3443]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  483.234486][ T3443]  ? netif_skb_features+0x8b6/0xc90
[  483.239725][ T3443]  hsr_dev_xmit+0x195/0x210
[  483.244342][ T3443]  dev_hard_start_xmit+0x27a/0x7d0
[  483.249486][ T3443]  __dev_queue_xmit+0x1b73/0x3f50
[  483.254529][ T3443]  ? __dev_queue_xmit+0x2f4/0x3f50
[  483.259652][ T3443]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  483.265640][ T3443]  ? __pfx___dev_queue_xmit+0x10/0x10
[  483.271018][ T3443]  ? neigh_connected_output+0x1d5/0x450
[  483.276576][ T3443]  ? read_seqbegin+0x157/0x2b0
[  483.281351][ T3443]  ? lockdep_hardirqs_on+0x99/0x150
[  483.286567][ T3443]  ? read_seqbegin+0x208/0x2b0
[  483.291341][ T3443]  ? __pfx_read_seqbegin+0x10/0x10
[  483.296463][ T3443]  ? eth_header+0x11c/0x1f0
[  483.300980][ T3443]  ? neigh_connected_output+0x3a7/0x450
[  483.306551][ T3443]  ip6_finish_output2+0x12c7/0x17b0
[  483.311759][ T3443]  ? ip6_mtu+0x81/0x3f0
[  483.315920][ T3443]  ? ip6_finish_output2+0x63a/0x17b0
[  483.321220][ T3443]  ? __pfx_ip6_finish_output2+0x10/0x10
[  483.326818][ T3443]  ? ip6_mtu+0x81/0x3f0
[  483.330982][ T3443]  ip6_finish_output+0x41e/0x840
[  483.335931][ T3443]  ndisc_send_skb+0xb30/0x1450
[  483.340743][ T3443]  ? ndisc_send_skb+0x563/0x1450
[  483.345697][ T3443]  ? __pfx_ndisc_send_skb+0x10/0x10
[  483.350914][ T3443]  ? __pfx_dst_output+0x10/0x10
[  483.355780][ T3443]  ? __pfx_ndisc_ns_create+0x10/0x10
[  483.361085][ T3443]  ndisc_send_ns+0xcc/0x160
[  483.365630][ T3443]  ? __pfx_ndisc_send_ns+0x10/0x10
[  483.370785][ T3443]  addrconf_dad_work+0xb45/0x16f0
[  483.375847][ T3443]  ? __pfx_addrconf_dad_work+0x10/0x10
[  483.381331][ T3443]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  483.387676][ T3443]  ? process_scheduled_works+0x976/0x1840
[  483.393413][ T3443]  process_scheduled_works+0xa66/0x1840
[  483.398988][ T3443]  ? __pfx_process_scheduled_works+0x10/0x10
[  483.404988][ T3443]  ? assign_work+0x364/0x3d0
[  483.409606][ T3443]  worker_thread+0x870/0xd30
[  483.414208][ T3443]  ? __kthread_parkme+0x169/0x1d0
[  483.419332][ T3443]  ? __pfx_worker_thread+0x10/0x10
[  483.424462][ T3443]  kthread+0x2f0/0x390
[  483.428631][ T3443]  ? __pfx_worker_thread+0x10/0x10
[  483.433836][ T3443]  ? __pfx_kthread+0x10/0x10
[  483.438439][ T3443]  ret_from_fork+0x4b/0x80
[  483.442875][ T3443]  ? __pfx_kthread+0x10/0x10
[  483.447509][ T3443]  ret_from_fork_asm+0x1a/0x30
[  483.452304][ T3443]  </TASK>
[  483.455439][ T5910] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  483.461001][ T1211] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.471296][ T1211] usb 4-1: Product: syz
[  483.475543][ T1211] usb 4-1: Manufacturer: syz
[  483.531978][ T5911] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  483.573741][ T1211] usb 4-1: SerialNumber: syz
[  483.581648][ T1211] cdc_ether 4-1:1.0: skipping garbage
[  483.587218][ T1211] usb 4-1: bad CDC descriptors
[  483.651935][ T5910] usb 1-1: Using ep0 maxpacket: 32
[  483.660348][ T5910] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  483.668604][ T5910] usb 1-1: config 0 has no interface number 0
[  483.677275][ T5910] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  483.686563][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.694822][ T5910] usb 1-1: Product: syz
[  483.699051][ T5910] usb 1-1: Manufacturer: syz
[  483.706171][ T5911] usb 7-1: Using ep0 maxpacket: 8
[  483.711408][ T5910] usb 1-1: SerialNumber: syz
[  483.717969][ T5911] usb 7-1: config 2 has an invalid interface number: 161 but max is 0
[  483.726440][ T5911] usb 7-1: config 2 has no interface number 0
[  483.735863][ T5911] usb 7-1: config 2 interface 161 altsetting 8 endpoint 0xC has invalid maxpacket 512, setting to 64
[  483.747349][ T5910] usb 1-1: config 0 descriptor??
[  483.752502][ T5911] usb 7-1: config 2 interface 161 has no altsetting 0
[  483.761118][ T5910] smsc95xx v2.0.0
[  483.764873][ T5910] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  483.775733][ T5910] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22
[  483.787005][ T5911] usb 7-1: New USB device found, idVendor=06e0, idProduct=0319, bcdDevice=2d.6c
[  483.790436][ T1211] usb 4-1: USB disconnect, device number 18
[  483.796179][ T5911] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.796208][ T5911] usb 7-1: Product: syz
[  483.796224][ T5911] usb 7-1: Manufacturer: syz
[  483.796240][ T5911] usb 7-1: SerialNumber: syz
[  484.010324][ T5911] ti_usb_3410_5052 7-1:2.161: required endpoints missing
[  484.027136][ T5911] usb 7-1: USB disconnect, device number 11
[  484.170404][ T9500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.179307][ T9500] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.189352][ T5910] usb 1-1: USB disconnect, device number 24