last executing test programs:

12.197196654s ago: executing program 1 (id=433):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000392000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000003c0)='percpu_alloc_percpu\x00'}, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000001380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)="745290251c43d0415dc108b48383e113153b8f5bc87375ab81cbba919604e67f74e42871072fab3c1329f05a247bf022cd387133febeff0d3bac0c9a4d528b5fe2e4c857844ff7309345e036bb12bbfc0fa65b5af1cb524c223bbaaf46372c3805f4b0769931eefdf370474d5eae92c044f4ea080baacfa86c447b656d7001", 0x7f}, {&(0x7f0000000180)="af", 0x1}], 0x2}, 0x10)

10.233961259s ago: executing program 1 (id=436):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000100)=ANY=[@ANYBLOB="12015002183b9220b113420985580102030109022b0001fd0ac0050904ca00027a8bb50409050510200001b70407057359a4410209050f101000067b08"], &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
request_key(&(0x7f0000000240)='blacklist\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0xfffffffffffffffd)
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$FUSE(r2, &(0x7f00000003c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_ATTR(r0, &(0x7f00000002c0)={0x78, 0x0, r3, {0x5, 0x800, 0x0, {0x5, 0xe6e0, 0x4, 0xffff, 0x1, 0x7, 0x3, 0x3, 0xd, 0x2000, 0x401, 0x0, 0x0, 0x8, 0x5}}}, 0x78)
sendfile(r2, r1, 0x0, 0x7572)
request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)={0x80})
ioctl$KVM_REINJECT_CONTROL(r5, 0xae71, &(0x7f0000000000)={0x8})
request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58)

8.854156761s ago: executing program 2 (id=441):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000350000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000000), &(0x7f0000000140)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fcntl$lock(r6, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x4000000})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000680)={0x13, 0x10, 0xfa00, {&(0x7f0000004f40), r8, 0x2}}, 0x18)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r9, 0xc0a85320, &(0x7f0000000480)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x3})
r10 = getpid()
sendmsg$unix(r1, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002740)=[@cred={{0x1c, 0x1, 0x2, {r10, 0xee01, 0xee01}}}], 0x20, 0x20000000}, 0x8000)

8.711012951s ago: executing program 2 (id=444):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0})

8.533079154s ago: executing program 3 (id=446):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0xfffffda9)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1, 0x0, '\x00', r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r6 = fsopen(&(0x7f0000000040)='ntfs3\x00', 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000380)={r1, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000a80)={r1, &(0x7f0000000940)="18", &(0x7f0000000980)=""/235}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={0x0, &(0x7f0000000200)=""/169, &(0x7f0000000040), &(0x7f00000003c0), 0x2, r1}, 0x38)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r7, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x34, r8, 0x403, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x81}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x41b}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x200}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004084}, 0x4000090)
openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

8.532857454s ago: executing program 2 (id=447):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000392000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = fsopen(&(0x7f0000000640)='jffs2\x00', 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000003c0)='percpu_alloc_percpu\x00'}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000001380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)="745290251c43d0415dc108b48383e113153b8f5bc87375ab81cbba919604e67f74e42871072fab3c1329f05a247bf022cd387133febeff0d3bac0c9a4d528b5fe2e4c857844ff7309345e036bb12bbfc0fa65b5af1cb524c223bbaaf46372c3805f4b0769931eefdf370474d5eae92c044f4ea080baacfa86c447b656d7001", 0x7f}, {&(0x7f0000000180)="af", 0x1}], 0x2}, 0x10)

7.423004203s ago: executing program 3 (id=449):
fallocate(0xffffffffffffffff, 0x40, 0x325, 0x7)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000080)={0x14, &(0x7f0000000380)={0x0, 0xb, 0xf0, {0xf0, 0xc, "b93f7d19376446333fbe1e06c24264d0a19c4fe6586c86870b733475e9ed1b05471d20b0accec68f1fea4d3ffdfb8e7b075874baef63e500479e77687a7c53225c3e528671d0161610945a45b2050295ec6302975fc61ae1d851c9fcaa4739e4a6bc48184b051cad0e36279e06385d174696b0095d1e6103f064f3f4905124115c5c171a5eabd621bb86b5500c6e226be7218500578649abd900711a90fd6a268b09d6d434eb4dac8166fe17aaa36e222c3b4b746f5ea0bf3fe300f8d0a0ce6d943e07382254df2ec7432cded0ea30b6bc9554b971045ce825d388bd47c38f34a240ad3dffb3a02f906e476ebfb9"}}, &(0x7f0000000480)={0x0, 0x3, 0x7a, @string={0x7a, 0x3, "d924611a9c29a70488199e9f7f5d10025ef66c9c22b37c12ea827dd4a3650f9ea898fcaee4c91391c9df3cebc7182c75375109eb8e36e60ad141375e7a5de118d21d783da74151bfc3cfe6c95068a04028b45aa72b81be954287aac33c9fa2935423fc3ff9765f58a1a8588f520b4b08e1e0b6d16e41cbaa"}}}, &(0x7f0000000780)={0x34, &(0x7f0000000500)={0x0, 0xb, 0xa9, "fe25879ccf55fbcef7e7b7344260e7ba0224eddd3827981b6783ccfe90686e26c009b6ebc34873b2d3a9f172044b51eeb4de136064165f4f5c2423b6a3e50a77cfa4927947d43ca70e62d82a117262eafea8cfe19bcfa19a1402662b08b47da57adf068a8a12ac78d447a04a330be877e4949076ab002982e2d9eb2ce64aa5a3fd0fd320fd1da82898b7242f80bea4002697bb930cdaedd87f1e0ccfb2fba1941614ece72af60367dd"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x10}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000600)={0x20, 0x0, 0xbd, {0xbb, "87497d49459b651b1e0dd510a3c7dd2fa9e0a4e8d8f7c4de8d2b44404fd2a7522c3d59cd25c4f6127628d49f06457d7c1dbccbb86a2f7eb894661ae30d2830ef5b31614e673ddce2754093cc62be7a2d77ea03098309e4dd4b6485985dd002276ba2a69728612e58798d675a8c49f459b90a3ecea67e7fbb1b4f69f0c6de6015d54151381f2d293f7edabea89dfb060ba53c6ebcc09219adf64299b2a4ec833dbf6c36497276524ef19d6032c0e0fdf62b1dc4d6dfd5382c2f2f13"}}, &(0x7f0000000700)={0x20, 0x1, 0x1, 0xb}, &(0x7f0000000740)={0x20, 0x0, 0x1, 0xb}})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x20008000)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000001980)={{0x2000, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222000100000000090400030103e9000009050c0000000000000705d7"], 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x4387bd0b891b3e8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
accept4(r3, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000940)={0x1b, 0x0, 0x0, 0x5f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000009c0)={&(0x7f00000007c0)="821686572f24922a68d842f3bcd15bacbffd327c1e6a5ecb73ba706e9885ad8644a3bcc44930ea752bd4628ccc8e902f63734e8205060275216ce21545e3dfcf2fb7548b34c56a48", &(0x7f0000000840)=""/37, &(0x7f0000000880)="73aaaa8c1ac654c8674ff892495e4656cfd4415c6492836b39f574c3ec4781cb2adc1b5c454a077c472b4b359d0f336c61ae39a3679456003f53e2edeebc15121dc8e897ed0d2d3a0ea0f4df13bcf8c18018", &(0x7f0000000900)="b721070a8e6ef4e95d2176dbae524063e0f9e882b3913e359312efad73e3", 0xaf4a, r4, 0x4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\f'], 0x0}, 0x0)

7.291206889s ago: executing program 2 (id=451):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd609fbbb000006c00fc010000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@func={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x5f, 0x2e]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = syz_open_dev$evdev(&(0x7f0000000780), 0x9, 0x2000)
dup2(r2, r4)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r9}, 0x10)
setxattr(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.opaque\x00', &(0x7f0000000280)='\x00', 0x1, 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)

7.016743867s ago: executing program 1 (id=453):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x2266c0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = syz_io_uring_setup(0x340b, &(0x7f0000000480)={0x0, 0x6cff, 0x20, 0x20000000, 0x1002, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffd}})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
mremap(&(0x7f00006ba000/0x2000)=nil, 0x2000, 0x4000, 0xf, &(0x7f00004af000/0x4000)=nil)
socket$inet(0x2, 0x3, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x6, 0x1fb}, 0x0)
eventfd(0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000280)={0x1d, r6}, 0x18)
sendmmsg(r5, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
pidfd_send_signal(r8, 0x0, 0x0, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mremap(&(0x7f000035b000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000292000/0x3000)=nil)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x1)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)

6.304612999s ago: executing program 2 (id=454):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x18d542, 0x2)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50080}, 0x20000800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000000)={<r6=>0x0, <r7=>0x0}, 0x0)
close(r6)
close(r7)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000002200)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000cc0)={0x1c, r4, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r9, r9, 0x0, 0x2f)

6.205731243s ago: executing program 1 (id=455):
r0 = add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000616161616161616161616161616161616d29a1cc6161616161616161616161613131313131313131313131313131313131313131313131313131313131313131"], 0x48, 0xffffffffffffffff)
keyctl$read(0xb, r0, &(0x7f0000000140)=""/138, 0x8a)
openat$smackfs_logging(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)

5.86871262s ago: executing program 4 (id=456):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
unshare(0x8020400)
r2 = mq_open(&(0x7f0000001100)='*a%\xff\x00\xf1\fNC\x84\xe0\x99\x1e-\x9a\x0f\x1a\x90\xee\x10\xfeARsO\xae\xd6\x05K\xe2D\x8d\xa4H8\xcf:\a;\xd8\xc7\xc8\\C\xcf\xa7\xcb\xb4\xe4\x8dY\xe3\xa5K&\xe5\xc4\x84v\xfa\xe7\x11\xc4\x99\x10,\xe3M\x80\xd3\xc2\x1c\xb0\x84\xb83', 0x41, 0x0, 0x0)
mq_timedreceive(r2, 0x0, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x0, 0x0, {0x54}, [@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0)

5.48910461s ago: executing program 1 (id=457):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="16000000000000000400000001000000000000006167b417cfb230e5ef3d5d1279e4861dda3a74c210284d544645d83128d91febed903598fb5d6ee9264c11c66866b66f55178be6c24c6183f5e33c6b75cbdf48e9fb460dfda94ffda9ea47b1502beb807a8cf5b319853853df43bef8478b6d21d8f63a442bb1d17fba2ddd508ea5411f59a7732aa08df4add2a00a2f3e8ed6e07d37f1ee5898e33b25fba98d4bca8850fbd6ad683ea7d227201beed078594876c8b67f4cdbe14fc77f5b32af", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
close(r2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x1c0, 0x3, 0xd0e7500, 0x0, 0x60, 0x250, 0x1d8, 0x1d8, 0x250, 0x1d8, 0x3, 0x0, {[{{@ip={@private, @dev={0xac, 0x14, 0xd}, 0x0, 0x0, 'nr0\x00', 'vxcan1\x00', {}, {}, 0x11}, 0x0, 0x128, 0x190, 0x0, {0x60000000}, [@common=@unspec=@conntrack1={{0xb8}, {{@ipv6=@mcast2, [], @ipv6=@remote, [], @ipv4=@multicast2, [], @ipv4=@empty}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x36c, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@loopback, @private, 0x0, 0x0, 'tunl0\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1f00000000000000000000000010000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00f3cb339844000000000000000000000000000000000053db0000000000000000"], 0x48)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r8, 0x1000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r9 = syz_pidfd_open(0x0, 0x0)
setns(r9, 0x24020000)
syz_clone(0x12081000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.363024169s ago: executing program 4 (id=458):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0xfff, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3b}, 0x659}, {@broadcast, 0x8004}, {@loopback}, {@multicast1, 0xffd200}, {@private=0xfffffffd, 0x7}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@multicast2, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5.356634376s ago: executing program 2 (id=459):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x18d542, 0x2)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50080}, 0x20000800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000000)={<r6=>0x0, <r7=>0x0}, 0x0)
close(r6)
close(r7)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000002200)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000cc0)={0x1c, r4, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r9, r9, 0x0, 0x2f)

5.164697328s ago: executing program 0 (id=460):
memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
futex(0x0, 0xb, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='\x00', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000540), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, r2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x401, 0x0)
dup3(r3, r4, 0x0)

4.828767247s ago: executing program 4 (id=461):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000392000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = fsopen(&(0x7f0000000640)='jffs2\x00', 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000003c0)='percpu_alloc_percpu\x00'}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000001380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)="745290251c43d0415dc108b48383e113153b8f5bc87375ab81cbba919604e67f74e42871072fab3c1329f05a247bf022cd387133febeff0d3bac0c9a4d528b5fe2e4c857844ff7309345e036bb12bbfc0fa65b5af1cb524c223bbaaf46372c3805f4b0769931eefdf370474d5eae92c044f4ea080baacfa86c447b656d7001", 0x7f}, {&(0x7f0000000180)="af", 0x1}], 0x2}, 0x10)

4.814869s ago: executing program 0 (id=462):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xe7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000540)={0x0, 0x33524742})
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="01"])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x5, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x8, 0x4, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000540), 0x10005, r5}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000b7000004381a03031100009500000000ca79e99402f907592038a07b9b15689d91c43d4fcb3b9d612902c3b5ce316e305a330d6b896f75bd248aae44c936104f6a855f0cc6dc153e632588df13fce4909d011e8712106ec8200d07c0efebeb7e996170cc8eb6051ce5d66b231777388c3b42134e350f1132f18a8cfa8e3510d53e1300adf7897ddd6eadda18c6e783da143ccfc0a7954feb5801ff10d50ca5258aafe93de0847f164f920f82da69df4824490100000002305312f4c93a143c45f3afe05a321c3b4478282765170d68dec943269f7c44f1ae7b3e53b20f0460a33b9aa4e0bc1e87ea666b01291e5bf8e2b7b81c468e"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x3f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

4.416638058s ago: executing program 3 (id=463):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000300), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
write$P9_RMKNOD(r6, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
r7 = syz_open_dev$video4linux(&(0x7f0000000000), 0x100000000, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r7, 0xc038563c, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x7f, 0x0, 0x61f89ac7}})
r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
dup(r8)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@default, @bcast, @netrom, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)

4.167593035s ago: executing program 4 (id=464):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd609fbbb000006c00fc010000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@func={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x5f, 0x2e]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = syz_open_dev$evdev(&(0x7f0000000780), 0x9, 0x2000)
dup2(r2, r4)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r9}, 0x10)
setxattr(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.opaque\x00', &(0x7f0000000280)='\x00', 0x1, 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)

2.965098528s ago: executing program 0 (id=465):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x2266c0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = syz_io_uring_setup(0x340b, &(0x7f0000000480)={0x0, 0x6cff, 0x20, 0x20000000, 0x1002, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffd}})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
mremap(&(0x7f00006ba000/0x2000)=nil, 0x2000, 0x4000, 0xf, &(0x7f00004af000/0x4000)=nil)
socket$inet(0x2, 0x3, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0x7, &(0x7f0000000080)={0x6, 0x1fb}, 0x0)
eventfd(0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000240)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000280)={0x1d, r6}, 0x18)
sendmmsg(r5, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
pidfd_send_signal(r8, 0x0, 0x0, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mremap(&(0x7f000035b000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000292000/0x3000)=nil)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x1)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)

2.525688901s ago: executing program 4 (id=466):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = syz_io_uring_setup(0x2cdf, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0x4}, &(0x7f0000000400)=<r5=>0x0, &(0x7f0000000440)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0xb4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x400}})
keyctl$clear(0x7, r1)
io_uring_enter(r4, 0x5b43, 0x0, 0x0, 0x0, 0x2a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000c33700000000000a74000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c000280080001800000000008000140000000001800018008000100666962000c0e028008000240000000020900010073797a000008000b4000e15f207b16d9c6625895dbed860000041400000011000154630b0764c23a2bc5cae2d46b5570767191fa41edba29ed83e803572183651b371570c00a1a3e6a5bae82ece6da9479376fac35ac2497a12c6e78db5bce0a1de8850ab6a2e6ca87891f6a6df618d115d0499128f29e8ca760a08fbbddf419150b3a9ad57d2b7a4a556a3eb48952ceef1b51b2409f3099e851615253ee728d3a7ea3924d202b000000000000000000007da138fff909c7b470f18e1ea2b7d9e8f51b3f9a4c4b40d5c9acbb0048dd93f1e5285dd5be5b25c7a4490cfb0435f82d7591414f628fd669b3fd52217772d4806146dce1e43657ab01d12b3786e746741812fc2718419d65460ffe14"], 0x9c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
socket$unix(0x1, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000009200)=[@in={0x2, 0x4e21, @remote}], 0x10)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r7, 0x4004556d, 0x3)
ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f00000000c0)={{}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r7, 0x5501)

2.393884565s ago: executing program 3 (id=467):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800050000000000000000000000000071122d000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.157564223s ago: executing program 0 (id=468):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r1)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x44, r2, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x44}, 0x4, 0x700000000000000, 0x0, 0x4000050}, 0x40)

1.937233842s ago: executing program 3 (id=469):
inotify_init1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
inotify_rm_watch(0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="6f59bb69296212101db2d25d7d1550eabd8017f1dcae8582eee7d0417821deba372ff17566312ebdfed0dee4fcaabfcd0f157495460a5f6fcd15448f9fc82323", 0x40}], 0x1}}], 0x1, 0x0)
add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f00000001c0)="f4807c8dd029ff9d4387d3882e09202200c53262d691a4fea7243e671ad60a7d224d72542067d3525b4209a48b866d1c9ec52c3396040a663b7311e524b221a32e558d003b4ba31d7a464084bac79a14a0fbde697ae7ddbde12d1b52d77d5a638057f1f1e39e067f54748f71e3f940bd4ed593267eddb1598cf1ae4cb537cbe57637058aff4e6c7f35ad72c10600e822e0b1739d5a26b1f77ebb43286048d2361df2c1a8e0abf77744597d039041f9a155976600", 0xfffff, 0xffffffffffffffff) (fail_nth: 9)

1.792892115s ago: executing program 0 (id=470):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x83}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ff01000000000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000018004500005c0000000033907800000000ffffffff00000000004890780300000000000000abb99279fd89da307583e654afb42af2dc91b30b60e83d5066eb64f2e8a3742962ae5b2fb03f495701288cf603c82fce63028e0c99be5aab00"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x2f, 0x3, 0x2, 0xffffffff, 0xaaa05794353355d6, @mcast1, @mcast2, 0x0, 0x10, 0xfffffffd, 0x81}})
sendmsg$inet(r2, &(0x7f0000000d40)={0x0, 0x7000000, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0900000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="000000000000000086a6d67b0ddf0bf722b41ed6b5de0000fa", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r5, &(0x7f0000000380), 0x20000000}, 0x20)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8)
r10 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r10, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000a00)={0x4c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x5f}}}}, [@NL80211_ATTR_FRAME={0x20, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x2}, @broadcast, @device_b, @from_mac=@broadcast, {0x0, 0x1}}, @sa_query_req={0x8, 0x0, 0x7}}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x44810)
bind$inet(r10, &(0x7f0000000340)={0x2, 0x4e24, @private=0xa010101}, 0x10)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r9, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x0)
write$nci(r6, &(0x7f0000000200)=ANY=[@ANYBLOB="61050905e504060605010a3d56332f077cecf90ab915e101260d"], 0x1a)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x88, 0x0, @empty}, {0x0, 0x0, 0x8, 0x0, @gue={{0x2}}}}}}}, 0x0)
setrlimit(0x7, &(0x7f0000000540)={0x0, 0xb0})

998.47683ms ago: executing program 4 (id=471):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
socket$xdp(0x2c, 0x3, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = creat(&(0x7f0000001180)='./file0\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mq_open(&(0x7f0000000080)='m$\x00\xdc\xb7\xb8\xd0>,\xb0\x13\x8b3z>K\x84\x05\x00\x00\x00\x9c\x81\xed\xc2\x00', 0x0, 0x0, 0x0)
socket(0x200000100000011, 0x3, 0x4)
ioctl$SG_BLKTRACESETUP(r5, 0xc0481273, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa03e, 0x0, &(0x7f0000006680))
r6 = syz_open_dev$radio(&(0x7f0000000400), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r6, 0xc0405665, &(0x7f0000000080)={0x8000, 0x1, 0x0, 0x0, 0x4, 0xfffffffe})
socket(0x5, 0x3, 0x57)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f00000001c0)=@nullb, 0x0, 0x0)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r7, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x6, 0x6}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)

597.096907ms ago: executing program 0 (id=472):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

596.844415ms ago: executing program 3 (id=473):
memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
futex(0x0, 0xb, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='\x00', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000540), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, r2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x401, 0x0)
dup3(r3, r4, 0x0)

0s ago: executing program 1 (id=474):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000392000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000640)='jffs2\x00', 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000003c0)='percpu_alloc_percpu\x00'}, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000001380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)="745290251c43d0415dc108b48383e113153b8f5bc87375ab81cbba919604e67f74e42871072fab3c1329f05a247bf022cd387133febeff0d3bac0c9a4d528b5fe2e4c857844ff7309345e036bb12bbfc0fa65b5af1cb524c223bbaaf46372c3805f4b0769931eefdf370474d5eae92c044f4ea080baacfa86c447b656d7001", 0x7f}, {&(0x7f0000000180)="af", 0x1}], 0x2}, 0x10)

kernel console output (not intermixed with test programs):

tered blocking state
[   57.376569][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.384633][ T5835] bridge_slave_0: entered allmulticast mode
[   57.391386][ T5835] bridge_slave_0: entered promiscuous mode
[   57.398031][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.405235][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.412583][ T5829] bridge_slave_1: entered allmulticast mode
[   57.419429][ T5829] bridge_slave_1: entered promiscuous mode
[   57.427873][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.459198][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.466378][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.474645][ T5835] bridge_slave_1: entered allmulticast mode
[   57.481646][ T5835] bridge_slave_1: entered promiscuous mode
[   57.510927][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.524370][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.543467][ T5839] team0: Port device team_slave_0 added
[   57.574236][ T5825] team0: Port device team_slave_0 added
[   57.595133][ T5839] team0: Port device team_slave_1 added
[   57.610960][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.622587][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.633739][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.646964][ T5825] team0: Port device team_slave_1 added
[   57.661696][ T5826] team0: Port device team_slave_0 added
[   57.687002][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.694450][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.722243][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.742344][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.753206][ T5826] team0: Port device team_slave_1 added
[   57.766511][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.773634][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.800935][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.821659][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.828820][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.855704][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.887253][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.894410][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.921412][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.945499][ T5835] team0: Port device team_slave_0 added
[   57.959962][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.966939][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.993205][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.022592][ T5835] team0: Port device team_slave_1 added
[   58.037128][ T5829] team0: Port device team_slave_0 added
[   58.043538][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.050759][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.077136][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.104820][ T5825] hsr_slave_0: entered promiscuous mode
[   58.111431][ T5825] hsr_slave_1: entered promiscuous mode
[   58.127831][ T5829] team0: Port device team_slave_1 added
[   58.162315][ T5839] hsr_slave_0: entered promiscuous mode
[   58.170682][ T5839] hsr_slave_1: entered promiscuous mode
[   58.176765][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.184885][ T5839] Cannot create hsr debugfs directory
[   58.192032][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.199321][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.225467][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.244511][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.251603][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.277904][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.298950][ T5826] hsr_slave_0: entered promiscuous mode
[   58.305158][ T5826] hsr_slave_1: entered promiscuous mode
[   58.312451][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.320823][ T5826] Cannot create hsr debugfs directory
[   58.320957][ T5837] Bluetooth: hci1: command tx timeout
[   58.338097][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.345117][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.371161][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.382982][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.390138][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.416166][ T5837] Bluetooth: hci4: command tx timeout
[   58.416184][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.430416][ T5845] Bluetooth: hci2: command tx timeout
[   58.433510][ T5831] Bluetooth: hci3: command tx timeout
[   58.438386][ T5845] Bluetooth: hci0: command tx timeout
[   58.519011][ T5829] hsr_slave_0: entered promiscuous mode
[   58.525186][ T5829] hsr_slave_1: entered promiscuous mode
[   58.531788][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.540342][ T5829] Cannot create hsr debugfs directory
[   58.608931][ T5835] hsr_slave_0: entered promiscuous mode
[   58.614985][ T5835] hsr_slave_1: entered promiscuous mode
[   58.624131][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.631824][ T5835] Cannot create hsr debugfs directory
[   58.867977][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.880839][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.902913][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.916605][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.956523][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   58.979029][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   58.991356][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   59.007119][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   59.045890][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.064716][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.082729][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.099532][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.177256][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.215371][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.224293][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.251002][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.260755][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.276144][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.326770][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   59.337478][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   59.348232][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   59.362285][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   59.377217][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.384499][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.398835][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   59.410683][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   59.423197][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.439135][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.446445][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.455300][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.462421][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.485836][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.492924][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.541563][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   59.586103][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.593214][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.603197][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.610350][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.710562][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.821704][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   59.854031][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.882009][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.889171][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.966781][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.973968][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.011803][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   60.051525][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.058674][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.083276][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.095185][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.102357][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.129987][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.194448][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.325727][ T5825] veth0_vlan: entered promiscuous mode
[   60.383443][ T5825] veth1_vlan: entered promiscuous mode
[   60.398774][ T5845] Bluetooth: hci1: command tx timeout
[   60.410916][ T5826] veth0_vlan: entered promiscuous mode
[   60.479602][ T5845] Bluetooth: hci0: command tx timeout
[   60.480475][ T5837] Bluetooth: hci4: command tx timeout
[   60.485032][ T5845] Bluetooth: hci3: command tx timeout
[   60.490492][ T5831] Bluetooth: hci2: command tx timeout
[   60.520980][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.538106][ T5826] veth1_vlan: entered promiscuous mode
[   60.555515][ T5825] veth0_macvtap: entered promiscuous mode
[   60.571948][ T5825] veth1_macvtap: entered promiscuous mode
[   60.611204][ T5829] veth0_vlan: entered promiscuous mode
[   60.622820][ T5829] veth1_vlan: entered promiscuous mode
[   60.644138][ T5826] veth0_macvtap: entered promiscuous mode
[   60.657168][ T5826] veth1_macvtap: entered promiscuous mode
[   60.679565][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.711733][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.726630][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.736200][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.747746][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.760201][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.781618][ T5825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.790770][ T5825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.802164][ T5825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.810945][ T5825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.822079][ T5839] veth0_vlan: entered promiscuous mode
[   60.832602][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.844104][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.855255][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.871761][ T5829] veth0_macvtap: entered promiscuous mode
[   60.888763][ T5826] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.897487][ T5826] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.907124][ T5826] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.916242][ T5826] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.944202][ T5839] veth1_vlan: entered promiscuous mode
[   60.953767][ T5829] veth1_macvtap: entered promiscuous mode
[   60.980284][ T5835] veth0_vlan: entered promiscuous mode
[   61.010966][ T5835] veth1_vlan: entered promiscuous mode
[   61.083890][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.100167][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.133042][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.144591][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.156539][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.167179][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.178783][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.197001][ T5839] veth0_macvtap: entered promiscuous mode
[   61.214181][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.224924][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.234985][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.245609][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.257090][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.276954][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.281073][ T5839] veth1_macvtap: entered promiscuous mode
[   61.293026][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.326584][ T5835] veth0_macvtap: entered promiscuous mode
[   61.347659][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.362874][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.367070][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.388160][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.397085][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.411347][ T5835] veth1_macvtap: entered promiscuous mode
[   61.427002][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.444526][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.457952][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.477022][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.507865][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.519991][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.530985][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.541547][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.553192][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.580629][ T5912] FAULT_INJECTION: forcing a failure.
[   61.580629][ T5912] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   61.584367][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.594305][ T5912] CPU: 0 UID: 0 PID: 5912 Comm: syz.2.3 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[   61.606743][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.614497][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   61.614518][ T5912] Call Trace:
[   61.614527][ T5912]  <TASK>
[   61.614535][ T5912]  dump_stack_lvl+0x241/0x360
[   61.624352][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.634364][ T5912]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.634390][ T5912]  ? __pfx__printk+0x10/0x10
[   61.637647][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.640570][ T5912]  should_fail_ex+0x3b0/0x4e0
[   61.640596][ T5912]  _copy_from_user+0x31/0xe0
[   61.645236][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.655612][ T5912]  copy_msghdr_from_user+0xae/0x680
[   61.655640][ T5912]  ? __pfx___might_resched+0x10/0x10
[   61.655665][ T5912]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   61.655690][ T5912]  ? rcu_is_watching+0x15/0xb0
[   61.655712][ T5912]  ? __might_fault+0xaa/0x120
[   61.655736][ T5912]  __sys_sendmmsg+0x36d/0x730
[   61.655766][ T5912]  ? __pfx___sys_sendmmsg+0x10/0x10
[   61.655797][ T5912]  ? __pfx_lock_release+0x10/0x10
[   61.655821][ T5912]  ? kstrtouint_from_user+0x128/0x190
[   61.655859][ T5912]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   61.655882][ T5912]  ? ksys_write+0x229/0x2b0
[   61.655904][ T5912]  ? __pfx_lock_release+0x10/0x10
[   61.655932][ T5912]  ? vfs_write+0x730/0xd30
[   61.655959][ T5912]  ? __mutex_unlock_slowpath+0x21d/0x750
[   61.655987][ T5912]  ? __fget_files+0x3f3/0x470
[   61.656027][ T5912]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.656054][ T5912]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.656080][ T5912]  ? do_syscall_64+0x100/0x230
[   61.656105][ T5912]  __x64_sys_sendmmsg+0xa0/0xb0
[   61.656128][ T5912]  do_syscall_64+0xf3/0x230
[   61.656146][ T5912]  ? clear_bhb_loop+0x35/0x90
[   61.656166][ T5912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.656195][ T5912] RIP: 0033:0x7f3a60b7e719
[   61.670281][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.675723][ T5912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.681639][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.684947][ T5912] RSP: 002b:00007f3a619c6038 EFLAGS: 00000246
[   61.726761][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.730868][ T5912]  ORIG_RAX: 0000000000000133
[   61.730880][ T5912] RAX: ffffffffffffffda RBX: 00007f3a60d35f80 RCX: 00007f3a60b7e719
[   61.730894][ T5912] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005
[   61.730907][ T5912] RBP: 00007f3a619c6090 R08: 0000000000000000 R09: 0000000000000000
[   61.741156][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.741254][ T5912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.747126][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.751600][ T5912] R13: 0000000000000000 R14: 00007f3a60d35f80 R15: 00007ffdfaaa5be8
[   61.751627][ T5912]  </TASK>
[   61.798387][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.804923][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.958238][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.968848][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.980237][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.993339][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.015556][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.027364][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.062156][ T5839] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.071136][ T5839] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.083979][ T5839] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.094569][ T5839] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.137279][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.150369][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.160922][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.171647][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.182088][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.192971][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.204727][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.215682][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.226799][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.240510][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.249453][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.258359][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.277383][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.290365][ T5917] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   62.312082][  T972] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   62.377638][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.401051][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.468945][  T972] usb 3-1: Using ep0 maxpacket: 8
[   62.479201][ T5845] Bluetooth: hci1: command tx timeout
[   62.489535][  T972] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   62.499784][  T972] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   62.511816][  T972] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   62.522361][  T972] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   62.535986][  T972] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   62.545126][  T972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.558458][ T5837] Bluetooth: hci3: command tx timeout
[   62.562932][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.563868][ T5837] Bluetooth: hci0: command tx timeout
[   62.577059][ T5836] Bluetooth: hci4: command tx timeout
[   62.582652][ T5845] Bluetooth: hci2: command tx timeout
[   62.597251][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.620289][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.630303][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.719757][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.727917][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.781629][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.803097][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.904448][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.944700][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.550819][ T5948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9'.
[   63.679084][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   63.697601][ T5948] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   63.778866][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   63.781395][ T5948] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   63.818965][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   63.844885][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   63.949030][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   63.958443][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   64.017450][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   64.018793][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   64.026951][ T5948] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   64.059782][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   64.068243][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   64.410625][ T5948] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   64.440829][ T5948] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   64.467994][ T5948] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   64.486061][ T5948] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   64.492868][ T5948] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   64.510281][ T5948] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   64.533667][ T5948] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   64.540007][ T5957] fuse: Bad value for 'fd'
[   64.544958][ T5948] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   64.546822][ T5957] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.578966][ T5948] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   64.597885][ T5948] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   64.613569][ T5948] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   64.625905][ T5948] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   65.083092][ T5977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'.
[   65.143044][  T972] usb 3-1: usb_control_msg returned -71
[   65.154619][  T972] usbtmc 3-1:16.0: can't read capabilities
[   65.222302][  T972] usb 3-1: USB disconnect, device number 2
[   65.612992][ T5984] dccp_v4_rcv: dropped packet with invalid checksum
[   65.721567][ T5972] Invalid ELF header magic: != ELF
[   65.778580][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[   66.074763][ T5977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'.
[   66.549011][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[   66.560548][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[   66.567227][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[   66.639754][ T5831] Bluetooth: hci4: command 0x0407 tx timeout
[   67.033538][ T6028] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[   67.119841][  T972] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   67.213313][ T6028] overlay: Unknown parameter 'obj_role'
[   67.258674][  T972] usb 4-1: device descriptor read/64, error -71
[   67.595069][  T972] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   67.888784][  T972] usb 4-1: device descriptor read/64, error -71
[   67.915186][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[   67.998962][  T972] usb usb4-port1: attempt power cycle
[   68.056074][ T6053] syz.1.23 uses obsolete (PF_INET,SOCK_PACKET)
[   68.349625][ T6061] netlink: 20 bytes leftover after parsing attributes in process `syz.1.23'.
[   68.559782][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[   68.658870][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[   68.665077][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[   68.768576][ T5837] Bluetooth: hci4: command 0x0407 tx timeout
[   68.852749][ T5828] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   69.098936][ T5828] usb 5-1: Using ep0 maxpacket: 32
[   69.109751][ T5828] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[   69.142988][ T5828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.182357][ T5828] usb 5-1: config 0 descriptor??
[   69.222240][ T5828] gspca_main: sq930x-2.14.0 probing 041e:403c
[   69.559422][ T6070] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   69.578264][ T5880] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   69.738364][ T5880] usb 4-1: Using ep0 maxpacket: 16
[   69.839058][ T5880] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[   69.987022][ T6071] warning: `syz.4.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   70.149647][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[   70.181768][ T5880] usb 4-1: config 0 has no interface number 0
[   70.221093][ T5880] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   70.280273][ T5880] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   70.331530][ T5880] usb 4-1: config 0 interface 41 has no altsetting 0
[   70.362741][ T5828] gspca_sq930x: ucbus_write failed -110
[   70.369320][ T5828] sq930x 5-1:0.0: probe with driver sq930x failed with error -110
[   70.389782][ T5880] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[   70.430876][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.462525][ T5880] usb 4-1: Product: syz
[   70.468241][ T5880] usb 4-1: Manufacturer: syz
[   70.475291][ T5880] usb 4-1: SerialNumber: syz
[   70.515172][ T5880] usb 4-1: config 0 descriptor??
[   70.593647][ T6066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   70.613491][ T6066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   70.626967][ T6074] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   70.639410][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[   70.718617][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[   70.724827][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[   70.807720][ T5831] Bluetooth: hci4: command 0x0407 tx timeout
[   71.371663][ T6066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.426759][ T6066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   71.476448][ T6082] process 'syz.2.30' launched './file1' with NULL argv: empty string added
[   71.486219][ T6066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   71.503110][  T972] usb 5-1: USB disconnect, device number 2
[   71.544712][ T6066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   71.615245][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[   71.631415][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[   71.748590][ T6093] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[   71.849190][ T6096] overlay: Unknown parameter 'obj_role'
[   72.006584][ T5880] Error reading MAC address
[   72.013294][ T5880] sr9700 4-1:0.41: probe with driver sr9700 failed with error -71
[   72.028969][ T5880] usb 4-1: USB disconnect, device number 5
[   72.812621][ T6104] netlink: 'syz.1.35': attribute type 3 has an invalid length.
[   72.838782][ T6104] netlink: 'syz.1.35': attribute type 3 has an invalid length.
[   72.891275][ T5831] Bluetooth: hci4: command 0x0407 tx timeout
[   74.282908][ T6141] Zero length message leads to an empty skb
[   74.785582][ T5909] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   74.857134][ T6144] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[   74.922142][ T6148] sock: sock_set_timeout: `syz.4.49' (pid 6148) tries to set negative timeout
[   75.452676][ T5909] usb 3-1: Using ep0 maxpacket: 32
[   75.843739][ T5909] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[   75.852938][ T5909] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   75.861681][ T5909] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[   75.878347][ T5909] usb 3-1: config 1 has no interface number 0
[   75.884483][ T5909] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   75.940473][ T5909] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   75.981834][ T5909] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   76.021819][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.523764][ T5909] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[   76.744990][  T969] cfg80211: failed to load regulatory.db
[   76.891439][ T5909] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[   77.428191][ T6132] vlan2: entered allmulticast mode
[   77.472331][ T6179] netlink: 48 bytes leftover after parsing attributes in process `syz.2.45'.
[   77.498742][  T969] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   77.609573][ T5915] usb 3-1: USB disconnect, device number 3
[   77.622617][ T5915] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[   77.658545][  T969] usb 4-1: Using ep0 maxpacket: 16
[   77.674789][  T969] usb 4-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=9c.25
[   77.686336][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.694507][  T969] usb 4-1: Product: syz
[   77.700109][  T969] usb 4-1: Manufacturer: syz
[   77.704744][  T969] usb 4-1: SerialNumber: syz
[   77.713055][  T969] usb 4-1: config 0 descriptor??
[   78.483245][  T969] usb 4-1: Found UVC 0.00 device syz (045e:0721)
[   78.490295][  T969] usb 4-1: No valid video chain found.
[   78.505453][  T969] usb 4-1: USB disconnect, device number 6
[   78.894455][ T6195] vivid-004: =================  START STATUS  =================
[   78.902875][ T6195] vivid-004: Radio HW Seek Mode: Bounded
[   78.908887][ T6195] vivid-004: Radio Programmable HW Seek: false
[   78.915208][ T6195] vivid-004: RDS Rx I/O Mode: Block I/O
[   78.920993][ T6195] vivid-004: Generate RBDS Instead of RDS: false
[   78.927488][ T6195] vivid-004: RDS Reception: true
[   78.932678][ T6195] vivid-004: RDS Program Type: 0 inactive
[   78.938620][ T6195] vivid-004: RDS PS Name:  inactive
[   78.943974][ T6195] vivid-004: RDS Radio Text:  inactive
[   78.949715][ T6195] vivid-004: RDS Traffic Announcement: false inactive
[   78.956675][ T6195] vivid-004: RDS Traffic Program: false inactive
[   78.983173][ T6195] vivid-004: RDS Music: false inactive
[   78.988946][ T6195] vivid-004: ==================  END STATUS  ==================
[   79.499718][ T6191] netlink: 'syz.2.60': attribute type 11 has an invalid length.
[   79.543718][ T5915] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   79.831481][ T5915] usb 1-1: unable to get BOS descriptor or descriptor too short
[   79.846405][ T5915] usb 1-1: config 1 interface 0 altsetting 210 endpoint 0x81 has invalid maxpacket 512, setting to 8
[   80.616263][ T5915] usb 1-1: config 1 interface 0 altsetting 210 endpoint 0x82 is Bulk; changing to Interrupt
[   80.661332][ T5915] usb 1-1: config 1 interface 0 altsetting 210 endpoint 0x3 is Bulk; changing to Interrupt
[   80.748404][ T5915] usb 1-1: config 1 interface 0 has no altsetting 0
[   80.840694][ T5915] usb 1-1: string descriptor 0 read error: -22
[   80.847119][ T5915] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   80.867920][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.912240][ T6190] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   80.928006][ T6190] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   80.951873][ T6190] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   81.008192][ T5915] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[   81.301064][ T5880] usb 1-1: USB disconnect, device number 2
[   81.502794][ T5879] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   81.521936][ T5909] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[   81.958443][ T5909] usb 4-1: device descriptor read/64, error -71
[   81.998915][ T5879] usb 3-1: Using ep0 maxpacket: 8
[   82.035287][ T5879] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[   82.053683][ T5879] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   82.067328][ T5879] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   82.126957][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.136861][ T5879] usb 3-1: Product: syz
[   82.141389][ T5879] usb 3-1: Manufacturer: syz
[   82.146323][ T5879] usb 3-1: SerialNumber: syz
[   82.208599][ T5909] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[   82.442391][ T5879] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   82.456433][ T5879] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[   82.484727][ T6250] input: syz1 as /devices/virtual/input/input5
[   82.546112][ T5879] usb 3-1: USB disconnect, device number 4
[   82.552570][ T5909] usb 4-1: device descriptor read/64, error -71
[   82.629610][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   82.678864][ T5909] usb usb4-port1: attempt power cycle
[   83.023593][ T5909] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[   83.167951][ T5909] usb 4-1: device descriptor read/8, error -71
[   83.408479][ T5909] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[   83.602709][ T5909] usb 4-1: device descriptor read/8, error -71
[   83.719539][ T5909] usb usb4-port1: unable to enumerate USB device
[   84.722375][ T6307] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "&@"
[   84.734379][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[   84.744586][ T5880] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   84.751207][ T5880] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[   86.798916][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[   86.798919][ T5880] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[   86.815063][ T5880] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[   88.879412][ T5880] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[   88.880756][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[   88.885536][ T5880] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[   90.958440][ T5880] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[   90.959611][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[   90.964641][ T5880] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[   93.038499][ T5831] Bluetooth: hci4: command 0x0407 tx timeout
[   93.045481][ T5880] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[   93.052273][ T5880] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[   93.385321][ T6390] FAULT_INJECTION: forcing a failure.
[   93.385321][ T6390] name failslab, interval 1, probability 0, space 0, times 0
[   93.404873][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: syz.1.97 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[   93.415450][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.425528][ T6390] Call Trace:
[   93.428820][ T6390]  <TASK>
[   93.431761][ T6390]  dump_stack_lvl+0x241/0x360
[   93.436467][ T6390]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.441777][ T6390]  ? __pfx__printk+0x10/0x10
[   93.446402][ T6390]  ? __kmalloc_cache_noprof+0x44/0x2c0
[   93.451890][ T6390]  ? __pfx___might_resched+0x10/0x10
[   93.457223][ T6390]  should_fail_ex+0x3b0/0x4e0
[   93.461936][ T6390]  should_failslab+0xac/0x100
[   93.466645][ T6390]  ? nf_tables_newtable+0x52c/0x1e10
[   93.471952][ T6390]  __kmalloc_cache_noprof+0x6c/0x2c0
[   93.477251][ T6390]  ? nft_pernet+0x23/0x240
[   93.481686][ T6390]  nf_tables_newtable+0x52c/0x1e10
[   93.486815][ T6390]  ? nfnl_pernet+0x23/0x240
[   93.491344][ T6390]  ? __pfx_nf_tables_newtable+0x10/0x10
[   93.497000][ T6390]  ? __nla_parse+0x40/0x60
[   93.501442][ T6390]  nfnetlink_rcv+0x14dc/0x2ab0
[   93.506268][ T6390]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   93.511450][ T6390]  ? netlink_deliver_tap+0x2e/0x1b0
[   93.516673][ T6390]  ? skb_clone+0x240/0x390
[   93.521117][ T6390]  ? __pfx_lock_release+0x10/0x10
[   93.526190][ T6390]  ? netlink_deliver_tap+0x2e/0x1b0
[   93.531423][ T6390]  netlink_unicast+0x7f6/0x990
[   93.536225][ T6390]  ? __pfx_netlink_unicast+0x10/0x10
[   93.541533][ T6390]  ? __virt_addr_valid+0x183/0x530
[   93.546672][ T6390]  ? __check_object_size+0x48e/0x900
[   93.551989][ T6390]  netlink_sendmsg+0x8e4/0xcb0
[   93.556770][ T6390]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.562072][ T6390]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.567372][ T6390]  __sock_sendmsg+0x221/0x270
[   93.572078][ T6390]  ____sys_sendmsg+0x52a/0x7e0
[   93.576876][ T6390]  ? __pfx_____sys_sendmsg+0x10/0x10
[   93.582199][ T6390]  __sys_sendmsg+0x292/0x380
[   93.586838][ T6390]  ? __pfx___sys_sendmsg+0x10/0x10
[   93.591982][ T6390]  ? __pfx_vfs_write+0x10/0x10
[   93.596788][ T6390]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   93.603138][ T6390]  ? do_syscall_64+0x100/0x230
[   93.607931][ T6390]  ? do_syscall_64+0xb6/0x230
[   93.612637][ T6390]  do_syscall_64+0xf3/0x230
[   93.617161][ T6390]  ? clear_bhb_loop+0x35/0x90
[   93.621869][ T6390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.627783][ T6390] RIP: 0033:0x7f97bed7e719
[   93.632222][ T6390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.651858][ T6390] RSP: 002b:00007f97bfbee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.660336][ T6390] RAX: ffffffffffffffda RBX: 00007f97bef35f80 RCX: 00007f97bed7e719
[   93.668331][ T6390] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[   93.676329][ T6390] RBP: 00007f97bfbee090 R08: 0000000000000000 R09: 0000000000000000
[   93.684324][ T6390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.693010][ T6390] R13: 0000000000000000 R14: 00007f97bef35f80 R15: 00007fff328622b8
[   93.693065][ T6390]  </TASK>
[   94.250774][ T6397] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[   94.780969][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   94.860791][  T972] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   94.939043][ T5880] usb 1-1: Using ep0 maxpacket: 8
[   94.961587][ T5880] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[   95.015929][ T5880] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[   95.083569][  T972] usb 2-1: Using ep0 maxpacket: 8
[   95.174776][  T972] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[   95.223790][ T5880] usb 1-1: config 135 has no interface number 0
[   95.282806][  T972] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[   95.319669][ T5880] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[   95.574334][  T972] usb 2-1: config 135 has no interface number 0
[   95.580767][ T5880] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[   95.594494][  T972] usb 2-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[   95.606013][ T5880] usb 1-1: config 135 interface 230 has no altsetting 0
[   95.613288][  T972] usb 2-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[   95.627205][  T972] usb 2-1: config 135 interface 230 has no altsetting 0
[   95.642487][  T972] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[   95.651719][ T5880] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[   95.660828][  T972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.668971][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.676983][ T5880] usb 1-1: Product: syz
[   95.681295][  T972] usb 2-1: Product: syz
[   95.685481][  T972] usb 2-1: Manufacturer: syz
[   95.690187][ T5880] usb 1-1: Manufacturer: syz
[   95.694802][ T5880] usb 1-1: SerialNumber: syz
[   95.699499][  T972] usb 2-1: SerialNumber: syz
[   95.709419][ T6420] Cannot find add_set index 3 as target
[   95.718508][  T972] usb 2-1: Found UVC 0.00 device syz (18ec:3288)
[   95.724895][  T972] usb 2-1: No valid video chain found.
[   95.735272][ T6420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.104'.
[   95.750856][ T5880] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[   95.756166][ T6420] netlink: 2 bytes leftover after parsing attributes in process `syz.4.104'.
[   95.757345][ T5880] usb 1-1: No valid video chain found.
[   95.936492][ T5828] usb 2-1: USB disconnect, device number 2
[   96.150297][ T6426] input: syz1 as /devices/virtual/input/input6
[   96.173395][ T6403] binder: 6401:6403 ioctl c0306201 20000080 returned -11
[   96.268854][ T6428] dvmrp0: entered allmulticast mode
[   96.323594][  T972] usb 1-1: USB disconnect, device number 3
[   96.549624][ T5828] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   96.708752][ T5828] usb 5-1: Using ep0 maxpacket: 32
[   96.721089][ T5828] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[   96.731846][ T5828] usb 5-1: config 0 has no interface number 0
[   96.741187][ T5828] usb 5-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=d1.34
[   96.760178][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.777972][ T5828] usb 5-1: Product: syz
[   96.788373][ T5828] usb 5-1: Manufacturer: syz
[   96.799455][ T5828] usb 5-1: SerialNumber: syz
[   96.849713][ T5828] usb 5-1: config 0 descriptor??
[   96.861306][ T5828] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state.
[   96.886539][ T5828] usb 5-1: setting power ON
[   96.898062][ T5828] dvb-usb: bulk message failed: -22 (2/0)
[   97.068383][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[   97.205566][ T5828] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   98.076787][ T5828] dvbdev: DVB: registering new adapter (Mygica D689 DMB-TH)
[   98.087898][ T5828] usb 5-1: media controller created
[   98.198202][ T5828] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   98.217282][ T5828] cxusb: set interface failed
[   98.593760][ T5828] dvb-usb: bulk message failed: -22 (3/0)
[   98.599607][ T5828] cxusb: clear tuner gpio failed
[   98.604561][ T5828] dvb-usb: no frontend was attached by 'Mygica D689 DMB-TH'
[   98.773932][ T5828] rc_core: IR keymap rc-d680-dmb not found
[   98.788388][ T5828] Registered IR keymap rc-empty
[   98.795367][ T5828] rc rc0: Mygica D689 DMB-TH as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[   98.849718][ T5828] input: Mygica D689 DMB-TH as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input7
[   98.877081][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.116'.
[   98.929783][ T5828] dvb-usb: schedule remote query interval to 100 msecs.
[   98.979248][ T5828] usb 5-1: setting power OFF
[   99.002818][ T5828] dvb-usb: bulk message failed: -22 (2/0)
[   99.008923][ T5828] dvb-usb: Mygica D689 DMB-TH successfully initialized and connected.
[   99.124871][ T5880] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   99.176033][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[   99.359581][ T6473] capability: warning: `syz.2.117' uses 32-bit capabilities (legacy support in use)
[   99.375794][ T6473] program syz.2.117 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   99.758395][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[   99.978764][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  100.254760][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  100.290931][ T5828] usb 5-1: USB disconnect, device number 3
[  100.506014][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  100.661640][ T5880] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  100.678488][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.686600][ T5880] usb 2-1: Product: syz
[  100.691353][ T5880] usb 2-1: Manufacturer: syz
[  100.696089][ T5880] usb 2-1: SerialNumber: syz
[  100.730686][ T6487] input: syz1 as /devices/virtual/input/input8
[  100.753009][ T5880] usb 2-1: config 0 descriptor??
[  101.335959][ T5828] dvb-usb: Mygica D689 DMB-TH successfully deinitialized and disconnected.
[  101.843165][ T5880] usb 2-1: USB disconnect, device number 3
[  102.243556][ T6504] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  102.952333][ T6045] udevd[6045]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  103.159455][ T6511] netlink: 104 bytes leftover after parsing attributes in process `syz.1.127'.
[  104.149214][ T6525] binder: 6521:6525 ioctl 4018620d 0 returned -22
[  104.360762][ T5881] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  104.512062][ T6540] ipvlan2: entered promiscuous mode
[  104.528652][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  104.537758][ T5881] usb 2-1: no configurations
[  104.550858][ T5881] usb 2-1: can't read configurations, error -22
[  104.668576][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  104.712453][ T5881] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  104.828430][    T9] usb 4-1: Using ep0 maxpacket: 16
[  104.835179][    T9] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.857901][    T9] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.888554][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  104.897838][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  104.909117][ T5881] usb 2-1: no configurations
[  104.913746][ T5881] usb 2-1: can't read configurations, error -22
[  104.930669][    T9] usb 4-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[  104.941491][ T5881] usb usb2-port1: attempt power cycle
[  104.972790][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.991574][    T9] usb 4-1: config 0 descriptor??
[  105.319653][ T5881] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  105.359415][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  105.366304][ T5881] usb 2-1: no configurations
[  105.378934][ T5881] usb 2-1: can't read configurations, error -22
[  105.418676][    T9] kye 0003:0458:500F.0001: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  105.457494][    T9] kye 0003:0458:500F.0001: hidraw0: USB HID vff.fd Device [HID 0458:500f] on usb-dummy_hcd.3-1/input0
[  105.479647][  T972] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  105.481778][    T9] kye 0003:0458:500F.0001: tablet-enabling feature report not found
[  105.513045][    T9] kye 0003:0458:500F.0001: tablet enabling failed
[  105.538417][ T5881] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  105.579027][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  105.585607][ T5881] usb 2-1: no configurations
[  105.592488][ T5881] usb 2-1: can't read configurations, error -22
[  105.604880][ T6555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.609363][ T5881] usb usb2-port1: unable to enumerate USB device
[  105.635953][ T6555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.656819][  T972] usb 5-1: config index 0 descriptor too short (expected 64905, got 67)
[  105.666919][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  105.694005][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  105.706276][    T9] usb 4-1: USB disconnect, device number 11
[  105.769593][  T972] usb 5-1: config index 1 descriptor too short (expected 64905, got 67)
[  105.788204][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  105.824065][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  105.850634][  T972] usb 5-1: config index 2 descriptor too short (expected 64905, got 67)
[  105.868598][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  105.888636][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  105.904670][  T972] usb 5-1: config index 3 descriptor too short (expected 64905, got 67)
[  105.919194][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  105.934443][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  105.950193][  T972] usb 5-1: config index 4 descriptor too short (expected 64905, got 67)
[  105.987917][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  105.998147][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  106.032852][  T972] usb 5-1: config index 5 descriptor too short (expected 64905, got 67)
[  106.049951][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  106.060225][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  106.083669][  T972] usb 5-1: config index 6 descriptor too short (expected 64905, got 67)
[  106.097257][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.142'.
[  106.100218][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  106.119178][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  106.125188][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  106.155158][  T972] usb 5-1: config index 7 descriptor too short (expected 64905, got 67)
[  106.172771][  T972] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  106.198368][  T972] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  106.223777][  T972] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  106.248526][  T972] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.256749][  T972] usb 5-1: Product: syz
[  106.287237][  T972] usb 5-1: Manufacturer: syz
[  106.296838][    T9] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  106.306277][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.308433][  T972] usb 5-1: SerialNumber: syz
[  106.328132][  T972] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  106.497268][    T9] usb 4-1: config 0 descriptor??
[  106.543786][ T5910] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  107.401462][ T5828] usb 5-1: USB disconnect, device number 4
[  107.733966][    T9] pegasus 4-1:0.0: probe with driver pegasus failed with error -71
[  107.760371][ T5910] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  107.762649][    T9] usb 4-1: USB disconnect, device number 12
[  107.810232][ T5910] ath9k_htc: Failed to initialize the device
[  107.902142][ T6575] binder: 6571:6575 ioctl 4018620d 0 returned -22
[  108.009086][ T5828] usb 5-1: ath9k_htc: USB layer deinitialized
[  108.158567][    T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  108.448625][    T8] usb 2-1: Using ep0 maxpacket: 32
[  108.455554][    T8] usb 2-1: config 0 has an invalid interface number: 220 but max is 0
[  108.473632][    T8] usb 2-1: config 0 has no interface number 0
[  108.487724][    T8] usb 2-1: New USB device found, idVendor=13d3, idProduct=3306, bcdDevice=e9.b2
[  108.524098][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.535051][    T8] usb 2-1: Product: syz
[  108.543162][    T8] usb 2-1: Manufacturer: syz
[  108.547890][    T8] usb 2-1: SerialNumber: syz
[  108.558124][    T8] usb 2-1: config 0 descriptor??
[  108.690774][    T8] r8712u: register rtl8712_netdev_ops to netdev_ops
[  108.710907][    T8] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  108.975062][ T6592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.150'.
[  109.263350][    T8] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed
[  109.399684][    T8] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  109.545448][    T8] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  109.600624][    T8] usb 2-1: USB disconnect, device number 8
[  109.758515][ T5915] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  110.006828][ T5915] usb 1-1: Using ep0 maxpacket: 32
[  110.655746][ T5915] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  110.728633][ T5915] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  110.805112][ T5915] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  110.851008][ T5915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  110.863181][ T5915] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  110.873297][ T5915] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  110.897098][ T5915] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  110.921347][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.954173][ T5915] usb 1-1: config 0 descriptor??
[  111.231144][ T6622] binder: 6620:6622 ioctl 4018620d 0 returned -22
[  111.280300][ T5880] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  111.324079][ T5915] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  111.358609][ T5915] usb 1-1: USB disconnect, device number 4
[  111.565216][ T5880] usb 2-1: no configurations
[  111.586766][ T5880] usb 2-1: can't read configurations, error -22
[  111.592141][ T5915] usblp0: removed
[  111.834080][ T5880] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  111.944246][ T6626] netlink: 9352 bytes leftover after parsing attributes in process `syz.0.161'.
[  111.953755][ T6626] netlink: 'syz.0.161': attribute type 1 has an invalid length.
[  111.961751][ T6626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.161'.
[  111.971795][ T6626] 9pnet_fd: Insufficient options for proto=fd
[  111.995012][ T5910] hid-generic 0083:0000:0000.0002: unknown main item tag 0x0
[  112.002735][ T5910] hid-generic 0083:0000:0000.0002: item fetching failed at offset 1/2
[  112.011483][ T5910] hid-generic 0083:0000:0000.0002: probe with driver hid-generic failed with error -22
[  112.213734][ T5880] usb 2-1: no configurations
[  112.219118][ T5880] usb 2-1: can't read configurations, error -22
[  112.227713][ T5880] usb usb2-port1: attempt power cycle
[  112.328907][ T5915] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  112.412571][ T5828] IPVS: starting estimator thread 0...
[  112.775194][ T5880] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  112.783073][ T6636] IPVS: using max 19 ests per chain, 45600 per kthread
[  112.795578][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.809837][ T5915] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[  112.816806][ T5880] usb 2-1: no configurations
[  112.819149][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.823540][ T5880] usb 2-1: can't read configurations, error -22
[  113.439309][ T5915] usb 3-1: config 0 descriptor??
[  113.741451][ T5915] corsair 0003:1B1C:1B3E.0003: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.2-1/input0
[  113.759105][ T6630] xt_connbytes: Forcing CT accounting to be enabled
[  113.765853][ T6630] Cannot find add_set index 0 as target
[  113.868432][ T5880] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  113.870066][ T5915] usb 3-1: USB disconnect, device number 5
[  114.171874][ T5880] usb 2-1: device not accepting address 12, error -71
[  114.208540][ T5880] usb usb2-port1: unable to enumerate USB device
[  114.261656][ T6663] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  114.875767][ T6643] netlink: 240 bytes leftover after parsing attributes in process `syz.4.167'.
[  114.884888][ T6643] netlink: 132 bytes leftover after parsing attributes in process `syz.4.167'.
[  115.524097][ T5880] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  115.730944][ T5880] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  115.749331][ T5880] usb 1-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  115.757556][ T5880] usb 1-1: Manufacturer: syz
[  115.833270][   T29] audit: type=1326 audit(1730217968.517:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  115.940684][   T29] audit: type=1326 audit(1730217968.517:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  115.985977][ T5880] usb 1-1: config 0 descriptor??
[  115.999805][   T29] audit: type=1326 audit(1730217968.527:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  116.022858][   T29] audit: type=1326 audit(1730217968.527:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  116.066169][   T29] audit: type=1326 audit(1730217968.527:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  116.101699][ T6680] overlay: Unknown parameter 'subj_type'
[  116.108972][   T29] audit: type=1326 audit(1730217968.527:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddded80637 code=0x7ffc0000
[  116.163275][   T29] audit: type=1326 audit(1730217968.527:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fddded805ac code=0x7ffc0000
[  116.219083][ T6670] syz.1.172: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  116.283791][ T6670] CPU: 0 UID: 0 PID: 6670 Comm: syz.1.172 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  116.294450][ T6670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  116.296434][   T29] audit: type=1326 audit(1730217968.527:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fddded804e4 code=0x7ffc0000
[  116.305288][ T6670] Call Trace:
[  116.305301][ T6670]  <TASK>
[  116.305311][ T6670]  dump_stack_lvl+0x241/0x360
[  116.305341][ T6670]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.305365][ T6670]  ? __pfx__printk+0x10/0x10
[  116.330150][   T29] audit: type=1326 audit(1730217968.527:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fddded804e4 code=0x7ffc0000
[  116.332693][ T6670]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  116.332735][ T6670]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  116.337606][   T29] audit: type=1326 audit(1730217968.527:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6677 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fddded7d3aa code=0x7ffc0000
[  116.342598][ T6670]  warn_alloc+0x278/0x410
[  116.342635][ T6670]  ? __pfx_warn_alloc+0x10/0x10
[  116.342663][ T6670]  ? translate_table+0x174/0x2260
[  116.342691][ T6670]  ? __get_vm_area_node+0x23d/0x270
[  116.342718][ T6670]  __vmalloc_node_range_noprof+0x691/0x13f0
[  116.342742][ T6670]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  116.342787][ T6670]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  116.342810][ T6670]  ? rcu_is_watching+0x15/0xb0
[  116.342831][ T6670]  ? trace_kmalloc+0x1f/0xd0
[  116.342850][ T6670]  ? __kmalloc_node_noprof+0x247/0x440
[  116.342869][ T6670]  ? __kvmalloc_node_noprof+0x72/0x190
[  116.342896][ T6670]  __kvmalloc_node_noprof+0x142/0x190
[  116.342919][ T6670]  ? translate_table+0x174/0x2260
[  116.342939][ T6670]  translate_table+0x174/0x2260
[  116.342979][ T6670]  ? __pfx_translate_table+0x10/0x10
[  116.343000][ T6670]  ? __might_fault+0xaa/0x120
[  116.343024][ T6670]  ? __pfx_lock_release+0x10/0x10
[  116.343055][ T6670]  ? __might_fault+0xc6/0x120
[  116.343077][ T6670]  ? _copy_from_user+0xab/0xe0
[  116.343107][ T6670]  ? copy_from_sockptr_offset+0x6b/0xb0
[  116.343131][ T6670]  do_ipt_set_ctl+0xe3d/0x1250
[  116.511643][ T6670]  ? __pfx___might_resched+0x10/0x10
[  116.517012][ T6670]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  116.522244][ T6670]  ? __pfx_lock_release+0x10/0x10
[  116.527324][ T6670]  ? __mutex_unlock_slowpath+0x21d/0x750
[  116.532996][ T6670]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  116.538409][ T6670]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  116.544430][ T6670]  nf_setsockopt+0x295/0x2c0
[  116.549039][ T6670]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  116.554937][ T6670]  do_sock_setsockopt+0x3af/0x720
[  116.559977][ T6670]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  116.565524][ T6670]  ? __fget_files+0x29/0x470
[  116.570132][ T6670]  ? __fget_files+0x3f3/0x470
[  116.574810][ T6670]  ? __fget_files+0x29/0x470
[  116.579411][ T6670]  __sys_setsockopt+0x1a2/0x250
[  116.584267][ T6670]  __x64_sys_setsockopt+0xb5/0xd0
[  116.589298][ T6670]  do_syscall_64+0xf3/0x230
[  116.593799][ T6670]  ? clear_bhb_loop+0x35/0x90
[  116.598480][ T6670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.604374][ T6670] RIP: 0033:0x7f97bed7e719
[  116.608793][ T6670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.628399][ T6670] RSP: 002b:00007f97bfbee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  116.636819][ T6670] RAX: ffffffffffffffda RBX: 00007f97bef35f80 RCX: 00007f97bed7e719
[  116.644792][ T6670] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  116.652763][ T6670] RBP: 00007f97bedf132e R08: 0000000000000308 R09: 0000000000000000
[  116.660737][ T6670] R10: 0000000020000800 R11: 0000000000000246 R12: 0000000000000000
[  116.668883][ T6670] R13: 0000000000000000 R14: 00007f97bef35f80 R15: 00007fff328622b8
[  116.676869][ T6670]  </TASK>
[  116.680002][    C0] vkms_vblank_simulate: vblank timer overrun
[  116.689922][ T6670] Mem-Info:
[  116.693156][ T6670] active_anon:349 inactive_anon:7860 isolated_anon:0
[  116.693156][ T6670]  active_file:4520 inactive_file:35458 isolated_file:0
[  116.693156][ T6670]  unevictable:768 dirty:205 writeback:0
[  116.693156][ T6670]  slab_reclaimable:9863 slab_unreclaimable:99433
[  116.693156][ T6670]  mapped:25189 shmem:4311 pagetables:902
[  116.693156][ T6670]  sec_pagetables:0 bounce:0
[  116.693156][ T6670]  kernel_misc_reclaimable:0
[  116.693156][ T6670]  free:1333620 free_pcp:306 free_cma:0
[  116.770084][ T6670] Node 0 active_anon:1396kB inactive_anon:31540kB active_file:18008kB inactive_file:141832kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100856kB dirty:816kB writeback:0kB shmem:15708kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11536kB pagetables:3608kB sec_pagetables:0kB all_unreclaimable? no
[  116.813909][ T6670] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  116.859802][ T6670] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  117.051560][ T5880] gs_usb 1-1:0.0: Couldn't send data format (err=-110)
[  117.058871][ T5880] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -110
[  117.102550][ T6670] lowmem_reserve[]: 0 2465 2466 0 0
[  117.107885][ T6670] Node 0 DMA32 free:1420728kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1404kB inactive_anon:19852kB active_file:17228kB inactive_file:141780kB unevictable:1536kB writepending:820kB present:3129332kB managed:2552504kB mlocked:0kB bounce:0kB free_pcp:1848kB local_pcp:832kB free_cma:0kB
[  117.138501][    C0] vkms_vblank_simulate: vblank timer overrun
[  117.149340][ T6670] lowmem_reserve[]: 0 0 0 0 0
[  117.156467][ T6670] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:780kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB
[  117.207344][ T6691] tipc: Started in network mode
[  117.228483][ T6670] lowmem_reserve[]: 0 0 0 0 0
[  117.234605][ T6691] tipc: Node identity ffffffff, cluster identity 4711
[  117.256940][ T6670] Node 1 Normal free:3908880kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  117.261012][ T5915] usb 1-1: USB disconnect, device number 5
[  117.285860][    C0] vkms_vblank_simulate: vblank timer overrun
[  117.298043][ T6691] tipc: Node number set to 4294967295
[  117.356228][ T6670] lowmem_reserve[]: 0 0 0 0 0
[  117.371749][ T6670] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  117.443763][ T6670] Node 0 DMA32: 12*4kB (M) 127*8kB (ME) 103*16kB (UME) 89*32kB (UME) 81*64kB (UME) 43*128kB (UME) 33*256kB (ME) 8*512kB (UME) 10*1024kB (UME) 3*2048kB (UME) 336*4096kB (UM) = 1421432kB
[  117.478604][ T6670] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  117.492206][ T6670] Node 1 Normal: 230*4kB (UME) 59*8kB (UME) 42*16kB (UME) 214*32kB (UME) 99*64kB (UME) 33*128kB (UME) 15*256kB (UME) 9*512kB (UME) 8*1024kB (UME) 1*2048kB (U) 945*4096kB (M) = 3908880kB
[  117.515610][ T6670] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  117.541945][ T6670] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  117.559396][ T6705] netlink: 'syz.4.186': attribute type 3 has an invalid length.
[  117.567598][ T6670] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  117.577387][ T6705] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.186'.
[  117.738593][ T6670] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  117.764249][ T6670] 41397 total pagecache pages
[  118.579281][ T6670] 0 pages in swap cache
[  118.588591][ T6670] Free swap  = 124996kB
[  118.647015][ T6670] Total swap = 124996kB
[  118.713652][ T6670] 2097051 pages RAM
[  118.717721][ T6670] 0 pages HighMem/MovableOnly
[  118.724525][ T6705] input: syz1 as /devices/virtual/input/input9
[  118.748831][ T6670] 427073 pages reserved
[  118.753059][ T6670] 0 pages cma reserved
[  119.481577][ T6726] =======================================================
[  119.481577][ T6726] WARNING: The mand mount option has been deprecated and
[  119.481577][ T6726]          and is ignored by this kernel. Remove the mand
[  119.481577][ T6726]          option from the mount to silence this warning.
[  119.481577][ T6726] =======================================================
[  120.008451][ T5880] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  120.138488][ T5880] usb 3-1: device descriptor read/64, error -71
[  120.412890][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  120.588573][ T5880] usb 3-1: device descriptor read/64, error -71
[  120.848066][ T5880] usb usb3-port1: attempt power cycle
[  121.448580][ T5828] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  121.768434][ T5828] usb 2-1: Using ep0 maxpacket: 32
[  121.786053][ T5828] usb 2-1: unable to get BOS descriptor or descriptor too short
[  121.805883][ T5828] usb 2-1: config 253 has an invalid interface number: 202 but max is 0
[  121.834943][ T5828] usb 2-1: config 253 has no interface number 0
[  121.863879][ T5828] usb 2-1: config 253 interface 202 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  121.916173][ T5828] usb 2-1: config 253 interface 202 altsetting 0 endpoint 0x3 has invalid maxpacket 16804, setting to 1024
[  121.976903][ T5828] usb 2-1: config 253 interface 202 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  122.042894][ T5828] usb 2-1: New USB device found, idVendor=13b1, idProduct=0942, bcdDevice=58.85
[  122.095697][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.118955][ T5828] usb 2-1: Product: syz
[  122.123163][ T5828] usb 2-1: Manufacturer: syz
[  122.138333][ T5828] usb 2-1: SerialNumber: syz
[  122.338659][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  123.067125][ T5880] usb 3-1: device descriptor read/8, error -71
[  123.388149][ T6767] FAULT_INJECTION: forcing a failure.
[  123.388149][ T6767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.415269][ T6766] netlink: 'syz.2.200': attribute type 29 has an invalid length.
[  123.498634][ T6766] Cannot find add_set index 0 as target
[  123.506060][ T6767] CPU: 1 UID: 0 PID: 6767 Comm: syz.3.198 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  123.516692][ T6767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  123.526771][ T6767] Call Trace:
[  123.530074][ T6767]  <TASK>
[  123.533039][ T6767]  dump_stack_lvl+0x241/0x360
[  123.537748][ T6767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.542957][ T6767]  ? __pfx__printk+0x10/0x10
[  123.547552][ T6767]  ? __pfx_lock_release+0x10/0x10
[  123.552586][ T6767]  should_fail_ex+0x3b0/0x4e0
[  123.557274][ T6767]  _copy_from_user+0x31/0xe0
[  123.561873][ T6767]  copy_from_sockptr_offset+0x6b/0xb0
[  123.567251][ T6767]  do_ipt_set_ctl+0xbdd/0x1250
[  123.572021][ T6767]  ? __pfx___might_resched+0x10/0x10
[  123.577312][ T6767]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  123.582512][ T6767]  ? __pfx_lock_release+0x10/0x10
[  123.587555][ T6767]  ? __mutex_unlock_slowpath+0x21d/0x750
[  123.593192][ T6767]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  123.598564][ T6767]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  123.604554][ T6767]  nf_setsockopt+0x295/0x2c0
[  123.609145][ T6767]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  123.615038][ T6767]  do_sock_setsockopt+0x3af/0x720
[  123.620064][ T6767]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  123.625609][ T6767]  ? __fget_files+0x29/0x470
[  123.630199][ T6767]  ? __fget_files+0x3f3/0x470
[  123.634883][ T6767]  ? __fget_files+0x29/0x470
[  123.639484][ T6767]  __sys_setsockopt+0x1a2/0x250
[  123.644337][ T6767]  __x64_sys_setsockopt+0xb5/0xd0
[  123.649361][ T6767]  do_syscall_64+0xf3/0x230
[  123.653865][ T6767]  ? clear_bhb_loop+0x35/0x90
[  123.658569][ T6767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.664454][ T6767] RIP: 0033:0x7f50a6d7e719
[  123.668871][ T6767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.688472][ T6767] RSP: 002b:00007f50a7c24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  123.696897][ T6767] RAX: ffffffffffffffda RBX: 00007f50a6f36130 RCX: 00007f50a6d7e719
[  123.704869][ T6767] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[  123.712836][ T6767] RBP: 00007f50a7c24090 R08: 0000000000000288 R09: 0000000000000000
[  123.720798][ T6767] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  123.728760][ T6767] R13: 0000000000000000 R14: 00007f50a6f36130 R15: 00007ffceba79948
[  123.736739][ T6767]  </TASK>
[  123.999622][ T6763] netlink: 'syz.3.198': attribute type 8 has an invalid length.
[  124.082191][ T6766] netlink: 'syz.2.200': attribute type 8 has an invalid length.
[  124.211566][ T6777] netlink: 'syz.2.200': attribute type 29 has an invalid length.
[  124.971972][ T6791] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  124.998121][ T5828] usb 2-1: USB disconnect, device number 13
[  125.092221][ T6799] overlay: Unknown parameter 'obj_role'
[  125.218099][ T6805] netlink: 6 bytes leftover after parsing attributes in process `syz.3.207'.
[  125.478476][ T5881] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  125.700225][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.802525][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.952818][ T5881] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  126.115971][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.220577][ T5881] usb 2-1: config 0 descriptor??
[  126.408850][ T6817] kAFS: No cell specified
[  126.496446][ T6821] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.214'.
[  127.420162][ T5881] usb 2-1: string descriptor 0 read error: -22
[  127.604397][ T6833] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  127.695678][ T6838] syz.2.218 (6838): attempted to duplicate a private mapping with mremap.  This is not supported.
[  127.750441][ T5881] uclogic 0003:256C:006D.0004: interface is invalid, ignoring
[  128.282902][ T6838] x_tables: ip_tables: osf match: only valid for protocol 6
[  128.453489][ T6836] exFAT-fs (nullb0): invalid boot record signature
[  128.496331][ T6836] exFAT-fs (nullb0): failed to read boot sector
[  128.512352][ T6836] exFAT-fs (nullb0): failed to recognize exfat type
[  129.092033][ T5910] usb 2-1: USB disconnect, device number 14
[  130.961247][ T6906] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  131.710417][ T6928] sp0: Synchronizing with TNC
[  131.716616][ T5828] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  132.091095][ T5828] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.113707][ T5828] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  132.247828][ T5828] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40
[  132.350380][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  132.413765][ T5828] usb 1-1: Manufacturer: syz
[  133.008493][ T5828] usb 1-1: bad CDC descriptors
[  133.040993][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  133.047328][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  134.685798][ T5828] usb 1-1: USB disconnect, device number 6
[  138.672878][ T6991] netlink: 'syz.0.256': attribute type 2 has an invalid length.
[  138.818399][ T6991] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.256'.
[  139.915598][ T7002] syz.4.261 (7002) used greatest stack depth: 17616 bytes left
[  140.586271][ T7021] proc: Bad value for 'gid'
[  140.663700][ T7025] evm: overlay not supported
[  140.716950][ T7028] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  142.769124][ T7052] smb3: Unknown parameter '*z����'
[  142.841867][ T7052] ieee802154 phy0 wpan0: encryption failed: -22
[  143.091021][ T7056] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  143.267517][ T7056] overlay: Unknown parameter 'obj_role'
[  144.788474][ T5915] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  144.838546][  T969] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  145.108402][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  145.115173][ T5915] usb 5-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  145.128715][ T5915] usb 5-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C
[  145.173852][ T5915] usb 5-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  145.208341][ T5915] usb 5-1: config 6 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  145.240477][ T5915] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  145.263610][  T969] usb 3-1: Using ep0 maxpacket: 32
[  145.292383][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.317549][  T969] usb 3-1: config 0 has no interfaces?
[  145.325842][  T969] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  145.337373][ T5915] usb 5-1: Product: syz
[  145.353136][ T5915] usb 5-1: Manufacturer: syz
[  145.360344][  T969] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  145.384237][ T5915] usb 5-1: SerialNumber: syz
[  145.393240][  T969] usb 3-1: Product: syz
[  145.400688][  T969] usb 3-1: Manufacturer: syz
[  145.407479][ T5915] hso 5-1:6.0: Can't find BULK OUT endpoint
[  145.413633][  T969] usb 3-1: SerialNumber: syz
[  145.438503][  T969] usb 3-1: config 0 descriptor??
[  145.750994][ T7091] input: syz1 as /devices/virtual/input/input11
[  146.197205][  T969] usb 3-1: USB disconnect, device number 10
[  146.763484][ T7097] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  147.144250][ T5828] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  147.192094][ T7107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  147.448074][ T5828] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  147.620972][ T5828] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  147.727798][ T5828] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  147.742733][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.780273][ T5910] usb 5-1: USB disconnect, device number 5
[  147.929319][ T7113] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  147.952529][  T972] IPVS: starting estimator thread 0...
[  148.049042][ T7105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.049097][ T7115] IPVS: using max 26 ests per chain, 62400 per kthread
[  148.081230][ T7105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.123965][ T7113] overlay: Unknown parameter 'obj_role'
[  148.132642][ T5828] usb 4-1: usb_control_msg returned -32
[  148.139674][ T5828] usbtmc 4-1:16.0: can't read capabilities
[  148.989547][ T5828] usb 4-1: USB disconnect, device number 13
[  149.131908][   T29] kauditd_printk_skb: 56 callbacks suppressed
[  149.131921][   T29] audit: type=1326 audit(1730218001.817:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  149.220132][   T29] audit: type=1326 audit(1730218001.817:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  149.312432][   T29] audit: type=1326 audit(1730218001.857:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  149.357637][   T29] audit: type=1326 audit(1730218001.857:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  149.484404][   T29] audit: type=1326 audit(1730218001.857:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  149.506408][   T29] audit: type=1326 audit(1730218001.857:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddded80637 code=0x7ffc0000
[  149.527835][   T29] audit: type=1326 audit(1730218001.857:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fddded805ac code=0x7ffc0000
[  149.549988][   T29] audit: type=1326 audit(1730218001.857:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fddded804e4 code=0x7ffc0000
[  150.331838][   T29] audit: type=1326 audit(1730218001.857:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fddded804e4 code=0x7ffc0000
[  150.388514][   T29] audit: type=1326 audit(1730218001.857:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7125 comm="syz.4.291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fddded7d3aa code=0x7ffc0000
[  151.971704][ T7164] FAULT_INJECTION: forcing a failure.
[  151.971704][ T7164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.985256][ T7164] CPU: 0 UID: 0 PID: 7164 Comm: syz.0.298 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  151.995877][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  152.000952][ T7165] netlink: 132 bytes leftover after parsing attributes in process `syz.4.300'.
[  152.005937][ T7164] Call Trace:
[  152.005975][ T7164]  <TASK>
[  152.021138][ T7164]  dump_stack_lvl+0x241/0x360
[  152.025846][ T7164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.031070][ T7164]  ? __pfx__printk+0x10/0x10
[  152.035691][ T7164]  ? __lock_acquire+0x1384/0x2050
[  152.040765][ T7164]  should_fail_ex+0x3b0/0x4e0
[  152.045479][ T7164]  _copy_from_user+0x31/0xe0
[  152.050104][ T7164]  kstrtouint_from_user+0xc6/0x190
[  152.055235][ T7164]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  152.060956][ T7164]  ? __pfx_lock_acquire+0x10/0x10
[  152.065986][ T7164]  proc_fail_nth_write+0xaa/0x2d0
[  152.071009][ T7164]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  152.076900][ T7164]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  152.082537][ T7164]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  152.088172][ T7164]  vfs_write+0x2a3/0xd30
[  152.092421][ T7164]  ? fdget_pos+0x24e/0x320
[  152.096837][ T7164]  ? __pfx_vfs_write+0x10/0x10
[  152.101600][ T7164]  ? __fget_files+0x3f3/0x470
[  152.106281][ T7164]  ? fdget_pos+0x24e/0x320
[  152.110698][ T7164]  ksys_write+0x183/0x2b0
[  152.115027][ T7164]  ? __pfx_ksys_write+0x10/0x10
[  152.119874][ T7164]  ? do_syscall_64+0x100/0x230
[  152.124635][ T7164]  ? do_syscall_64+0xb6/0x230
[  152.129309][ T7164]  do_syscall_64+0xf3/0x230
[  152.133813][ T7164]  ? clear_bhb_loop+0x35/0x90
[  152.138490][ T7164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.144402][ T7164] RIP: 0033:0x7f4fc357d1ff
[  152.148818][ T7164] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  152.168420][ T7164] RSP: 002b:00007f4fc4327030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  152.176850][ T7164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4fc357d1ff
[  152.184858][ T7164] RDX: 0000000000000001 RSI: 00007f4fc43270a0 RDI: 0000000000000007
[  152.192845][ T7164] RBP: 00007f4fc4327090 R08: 0000000000000000 R09: 0000000000000000
[  152.200822][ T7164] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  152.208811][ T7164] R13: 0000000000000000 R14: 00007f4fc3736058 R15: 00007ffeb97b98b8
[  152.216815][ T7164]  </TASK>
[  152.236266][ T5828] IPVS: starting estimator thread 0...
[  152.336999][ T7166] IPVS: using max 19 ests per chain, 45600 per kthread
[  153.954120][ T7187] FAULT_INJECTION: forcing a failure.
[  153.954120][ T7187] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.980480][ T7187] CPU: 1 UID: 0 PID: 7187 Comm: syz.4.307 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  153.991125][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  154.001211][ T7187] Call Trace:
[  154.004516][ T7187]  <TASK>
[  154.007470][ T7187]  dump_stack_lvl+0x241/0x360
[  154.012173][ T7187]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.017413][ T7187]  ? __pfx__printk+0x10/0x10
[  154.022046][ T7187]  should_fail_ex+0x3b0/0x4e0
[  154.026749][ T7187]  _copy_to_user+0x31/0xb0
[  154.031169][ T7187]  bpf_verifier_vlog+0x31e/0x860
[  154.036129][ T7187]  __btf_verifier_log+0xd5/0x120
[  154.041095][ T7187]  ? __pfx_lock_release+0x10/0x10
[  154.046164][ T7187]  ? bpf_verifier_vlog+0x32b/0x860
[  154.051314][ T7187]  ? __pfx___btf_verifier_log+0x10/0x10
[  154.056889][ T7187]  ? btf_parse_hdr+0x1e3/0x710
[  154.061650][ T7187]  btf_parse_hdr+0x3dd/0x710
[  154.066240][ T7187]  btf_new_fd+0x391/0xd30
[  154.070567][ T7187]  ? __pfx_btf_new_fd+0x10/0x10
[  154.075419][ T7187]  ? bpf_btf_load+0xcf/0x1a0
[  154.080000][ T7187]  __sys_bpf+0x6ef/0x810
[  154.084227][ T7187]  ? __pfx___sys_bpf+0x10/0x10
[  154.088993][ T7187]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  154.094981][ T7187]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  154.101310][ T7187]  ? do_syscall_64+0x100/0x230
[  154.106072][ T7187]  __x64_sys_bpf+0x7c/0x90
[  154.110485][ T7187]  do_syscall_64+0xf3/0x230
[  154.114983][ T7187]  ? clear_bhb_loop+0x35/0x90
[  154.119659][ T7187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.125552][ T7187] RIP: 0033:0x7fddded7e719
[  154.129961][ T7187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.149563][ T7187] RSP: 002b:00007fdddebf9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  154.157978][ T7187] RAX: ffffffffffffffda RBX: 00007fdddef35f80 RCX: 00007fddded7e719
[  154.165945][ T7187] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 0000000000000012
[  154.173910][ T7187] RBP: 00007fdddebf9090 R08: 0000000000000000 R09: 0000000000000000
[  154.181873][ T7187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  154.189840][ T7187] R13: 0000000000000000 R14: 00007fdddef35f80 R15: 00007fff8eba4868
[  154.197819][ T7187]  </TASK>
[  154.292877][ T7195] netlink: 'syz.0.308': attribute type 1 has an invalid length.
[  154.328519][ T7195] netlink: 'syz.0.308': attribute type 2 has an invalid length.
[  155.002909][  T972] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  156.030678][  T972] usb 1-1: Using ep0 maxpacket: 8
[  156.045375][  T972] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15
[  156.054632][  T972] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  156.066535][  T972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  156.077792][  T972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  156.089199][ T7220] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  156.120114][  T972] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  156.129637][  T972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.137697][  T972] usb 1-1: Product: syz
[  156.143812][  T972] usb 1-1: Manufacturer: syz
[  156.148887][  T972] usb 1-1: SerialNumber: syz
[  156.155438][  T972] usb 1-1: config 0 descriptor??
[  156.169701][ T7203] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  156.669238][  T972] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  156.724386][  T972] input: Griffin SoundKnob as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input12
[  156.888210][    C1] powermate: config urb returned -71
[  156.895514][    C1] powermate: config urb returned -71
[  156.901101][    C1] powermate: config urb returned -71
[  156.906692][    C1] powermate: config urb returned -71
[  156.917071][  T972] usb 1-1: USB disconnect, device number 7
[  156.923006][    C1] powermate 1-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  157.701988][ T7240] FAULT_INJECTION: forcing a failure.
[  157.701988][ T7240] name failslab, interval 1, probability 0, space 0, times 0
[  157.714858][ T7240] CPU: 0 UID: 0 PID: 7240 Comm: syz.4.321 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  157.725451][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  157.735496][ T7240] Call Trace:
[  157.738771][ T7240]  <TASK>
[  157.741690][ T7240]  dump_stack_lvl+0x241/0x360
[  157.746356][ T7240]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.751543][ T7240]  ? __pfx__printk+0x10/0x10
[  157.756146][ T7240]  ? lockdep_hardirqs_on+0x99/0x150
[  157.761332][ T7240]  ? __pfx___might_resched+0x10/0x10
[  157.766611][ T7240]  should_fail_ex+0x3b0/0x4e0
[  157.771280][ T7240]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  157.776987][ T7240]  should_failslab+0xac/0x100
[  157.781684][ T7240]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  157.787403][ T7240]  __kmalloc_noprof+0xd8/0x400
[  157.792158][ T7240]  tomoyo_realpath_from_path+0xcf/0x5e0
[  157.797696][ T7240]  tomoyo_path_number_perm+0x23a/0x880
[  157.803151][ T7240]  ? tomoyo_path_number_perm+0x208/0x880
[  157.808794][ T7240]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  157.814777][ T7240]  ? __fget_files+0x29/0x470
[  157.819378][ T7240]  ? __fget_files+0x3f3/0x470
[  157.824047][ T7240]  security_file_ioctl+0xc6/0x2a0
[  157.829061][ T7240]  __se_sys_ioctl+0x47/0x170
[  157.833659][ T7240]  do_syscall_64+0xf3/0x230
[  157.838150][ T7240]  ? clear_bhb_loop+0x35/0x90
[  157.842814][ T7240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.848702][ T7240] RIP: 0033:0x7fddded7e719
[  157.853103][ T7240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.872703][ T7240] RSP: 002b:00007fdddebd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  157.881109][ T7240] RAX: ffffffffffffffda RBX: 00007fdddef36058 RCX: 00007fddded7e719
[  157.889082][ T7240] RDX: 0000000020000100 RSI: 000000004188aec6 RDI: 0000000000000004
[  157.897052][ T7240] RBP: 00007fdddebd8090 R08: 0000000000000000 R09: 0000000000000000
[  157.905095][ T7240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.913060][ T7240] R13: 0000000000000000 R14: 00007fdddef36058 R15: 00007fff8eba4868
[  157.921030][ T7240]  </TASK>
[  157.926192][ T7240] ERROR: Out of memory at tomoyo_realpath_from_path.
[  159.958788][  T972] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  160.240655][ T7261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.328'.
[  160.250077][ T7261] FAULT_INJECTION: forcing a failure.
[  160.250077][ T7261] name failslab, interval 1, probability 0, space 0, times 0
[  160.263703][ T7261] CPU: 1 UID: 0 PID: 7261 Comm: syz.1.328 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  160.274316][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  160.284367][ T7261] Call Trace:
[  160.287643][ T7261]  <TASK>
[  160.290573][ T7261]  dump_stack_lvl+0x241/0x360
[  160.295248][ T7261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.300446][ T7261]  ? __pfx__printk+0x10/0x10
[  160.305090][ T7261]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  160.311096][ T7261]  ? __pfx___might_resched+0x10/0x10
[  160.316376][ T7261]  should_fail_ex+0x3b0/0x4e0
[  160.321052][ T7261]  should_failslab+0xac/0x100
[  160.325749][ T7261]  ? __alloc_skb+0x1c3/0x440
[  160.330333][ T7261]  kmem_cache_alloc_node_noprof+0x71/0x320
[  160.336132][ T7261]  __alloc_skb+0x1c3/0x440
[  160.340546][ T7261]  ? __pfx___alloc_skb+0x10/0x10
[  160.345476][ T7261]  ? netlink_ack_tlv_len+0x6e/0x200
[  160.350665][ T7261]  netlink_ack+0x13f/0xa30
[  160.355072][ T7261]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.360533][ T7261]  netlink_rcv_skb+0x262/0x430
[  160.365312][ T7261]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.370767][ T7261]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  160.376054][ T7261]  ? netlink_deliver_tap+0x2e/0x1b0
[  160.381244][ T7261]  netlink_unicast+0x7f6/0x990
[  160.386002][ T7261]  ? __pfx_netlink_unicast+0x10/0x10
[  160.391281][ T7261]  ? __virt_addr_valid+0x183/0x530
[  160.396380][ T7261]  ? __check_object_size+0x48e/0x900
[  160.401662][ T7261]  netlink_sendmsg+0x8e4/0xcb0
[  160.406435][ T7261]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.411728][ T7261]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.417002][ T7261]  __sock_sendmsg+0x221/0x270
[  160.421676][ T7261]  ____sys_sendmsg+0x52a/0x7e0
[  160.426465][ T7261]  ? __pfx_____sys_sendmsg+0x10/0x10
[  160.431755][ T7261]  __sys_sendmsg+0x292/0x380
[  160.436361][ T7261]  ? __pfx___sys_sendmsg+0x10/0x10
[  160.441505][ T7261]  ? __pfx_vfs_write+0x10/0x10
[  160.446283][ T7261]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  160.452634][ T7261]  ? do_syscall_64+0x100/0x230
[  160.457397][ T7261]  ? do_syscall_64+0xb6/0x230
[  160.462074][ T7261]  do_syscall_64+0xf3/0x230
[  160.466573][ T7261]  ? clear_bhb_loop+0x35/0x90
[  160.471243][ T7261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.477132][ T7261] RIP: 0033:0x7f97bed7e719
[  160.481580][ T7261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.501271][ T7261] RSP: 002b:00007f97bfbee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  160.509679][ T7261] RAX: ffffffffffffffda RBX: 00007f97bef35f80 RCX: 00007f97bed7e719
[  160.517652][ T7261] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  160.525635][ T7261] RBP: 00007f97bfbee090 R08: 0000000000000000 R09: 0000000000000000
[  160.533615][ T7261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.541577][ T7261] R13: 0000000000000000 R14: 00007f97bef35f80 R15: 00007fff328622b8
[  160.549574][ T7261]  </TASK>
[  160.648441][  T972] usb 1-1: Using ep0 maxpacket: 8
[  160.655382][  T972] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.668036][  T972] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  160.714310][  T972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.050195][ T7268] mmap: syz.2.329 (7268) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  161.103620][  T972] usb 1-1: Product: syz
[  161.107830][  T972] usb 1-1: Manufacturer: syz
[  161.112555][  T972] usb 1-1: SerialNumber: syz
[  161.806065][  T972] usb 1-1: config 0 descriptor??
[  161.955260][  T972] gspca_main: stk014-2.14.0 probing 05e1:0893
[  161.961569][  T972] usb 1-1: selecting invalid altsetting 1
[  162.114258][ T7255] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  163.795646][ T7285] ebtables: ebtables: counters copy to user failed while replacing table
[  164.626394][ T5828] usb 1-1: USB disconnect, device number 8
[  164.657433][ T7306] netlink: 'syz.4.339': attribute type 1 has an invalid length.
[  164.870664][ T7312] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  164.921163][ T7310] netlink: 32 bytes leftover after parsing attributes in process `syz.0.341'.
[  165.016451][ T7313] netlink: 40 bytes leftover after parsing attributes in process `syz.0.341'.
[  165.123884][ T7315] tmpfs: Bad value for 'mpol'
[  165.275483][ T7321] netlink: 56 bytes leftover after parsing attributes in process `syz.2.346'.
[  165.419254][ T7321] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  166.303973][ T7332] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  166.356178][ T7332] overlay: Unknown parameter 'obj_role'
[  166.652875][ T7331] kvm: emulating exchange as write
[  166.669980][ T5910] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  167.514977][ T5910] usb 3-1: config 0 has an invalid interface number: 156 but max is 0
[  167.523530][ T5910] usb 3-1: config 0 has no interface number 0
[  167.530022][ T5910] usb 3-1: config 0 interface 156 has no altsetting 0
[  167.537196][ T5910] usb 3-1: New USB device found, idVendor=257a, idProduct=2609, bcdDevice=7e.22
[  167.546568][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.576795][ T5910] usb 3-1: config 0 descriptor??
[  167.585026][ T5910] hub 3-1:0.156: bad descriptor, ignoring hub
[  167.591421][ T5910] hub 3-1:0.156: probe with driver hub failed with error -5
[  167.599907][ T5910] option 3-1:0.156: GSM modem (1-port) converter detected
[  167.739869][ T5828] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  167.843193][ T7360] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  167.909502][ T7359] input: syz1 as /devices/virtual/input/input13
[  167.929407][ T5828] usb 4-1: Using ep0 maxpacket: 8
[  167.937558][ T5828] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  167.948459][ T5828] usb 4-1: config 179 has no interface number 0
[  167.962555][ T5828] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  167.979926][ T5915] usb 3-1: USB disconnect, device number 11
[  167.991686][ T5915] option 3-1:0.156: device disconnected
[  168.016097][ T5828] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  168.035384][ T5828] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  168.047543][ T5828] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  168.069131][ T5828] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  168.083746][ T5828] usb 4-1: config 179 interface 65 has no altsetting 0
[  168.091758][ T5828] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  168.107849][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.131801][ T7349] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  168.148126][ T7349] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  168.204142][ T5828] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input14
[  168.330904][ T5188] input input14: unable to receive magic message: -110
[  168.620159][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  168.637805][ T5188] input input14: unable to receive magic message: -32
[  168.960516][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  168.969562][ T5828] usb 4-1: USB disconnect, device number 14
[  168.976929][ T5828] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  170.990707][ T7420] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  171.050329][ T5880] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  171.158408][    T8] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  171.220790][ T5880] usb 1-1: config 0 has an invalid interface number: 224 but max is 0
[  171.241656][ T5880] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  171.263577][ T5880] usb 1-1: config 0 has no interface number 0
[  171.278800][ T5880] usb 1-1: config 0 interface 224 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[  171.308480][ T5881] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  171.323794][ T5880] usb 1-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=c7.bc
[  171.330561][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  171.337769][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.364553][ T5880] usb 1-1: Product: syz
[  171.371473][    T8] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  171.374674][ T5880] usb 1-1: Manufacturer: syz
[  171.395603][ T5880] usb 1-1: SerialNumber: syz
[  171.419423][ T5880] usb 1-1: config 0 descriptor??
[  171.428412][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.487549][ T5881] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  171.511267][    T8] usb 2-1: config 0 descriptor??
[  171.524703][ T5880] ldusb 1-1:0.224: Interrupt in endpoint not found
[  171.548180][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.550026][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  171.735942][ T5881] usb 3-1: config 0 descriptor??
[  171.999819][    T8] pwc: send_video_command error -71
[  172.005195][    T8] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  172.018498][    T8] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  172.035370][    T8] usb 2-1: USB disconnect, device number 15
[  172.123204][ T5880] usb 1-1: USB disconnect, device number 9
[  173.118810][ T7456] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  173.145377][ T7459] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  173.198463][    T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  173.221600][ T7456] overlay: Unknown parameter 'obj_role'
[  173.370146][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.398224][    T8] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  173.420425][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.446060][    T8] usb 2-1: config 0 descriptor??
[  173.483394][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  173.876865][    T8] pwc: recv_control_msg error -32 req 02 val 2b00
[  173.917627][    T8] pwc: recv_control_msg error -32 req 02 val 2700
[  173.934103][ T7485] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  173.973551][    T8] pwc: recv_control_msg error -32 req 02 val 2c00
[  174.005487][    T8] pwc: recv_control_msg error -32 req 04 val 1000
[  174.044234][    T8] pwc: recv_control_msg error -32 req 04 val 1300
[  174.060965][    T8] pwc: recv_control_msg error -32 req 04 val 1400
[  174.082445][ T7416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.094953][    T8] pwc: recv_control_msg error -32 req 02 val 2000
[  174.114656][ T7416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.126647][ T7416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.236881][ T7416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.302605][    T8] pwc: recv_control_msg error -32 req 02 val 2100
[  174.362714][ T5881] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  174.371372][ T5881] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  174.372222][    T8] pwc: recv_control_msg error -32 req 04 val 1500
[  174.379482][ T5881] [drm:udl_init] *ERROR* Selecting channel failed
[  174.410550][    T8] pwc: recv_control_msg error -32 req 02 val 2500
[  174.950143][   T29] kauditd_printk_skb: 52 callbacks suppressed
[  174.950160][   T29] audit: type=1326 audit(1730218027.647:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7494 comm="syz.2.384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a60b7e719 code=0x0
[  174.987889][ T5881] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  175.016379][ T5881] [drm] Initialized udl on minor 2
[  175.065666][    T8] pwc: recv_control_msg error -32 req 02 val 2400
[  175.078101][    T8] pwc: recv_control_msg error -32 req 02 val 2600
[  175.090668][ T5881] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  175.110450][ T5881] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  175.379127][    T8] pwc: recv_control_msg error -71 req 02 val 2800
[  175.395261][    T8] pwc: recv_control_msg error -71 req 04 val 1100
[  175.411655][    T8] pwc: recv_control_msg error -71 req 04 val 1200
[  175.477562][    T8] pwc: Registered as video103.
[  175.497092][ T5880] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  175.508573][ T5880] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  175.516948][ T5880] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  175.524707][    T8] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input15
[  175.547662][ T5881] usb 3-1: USB disconnect, device number 12
[  175.634342][    T8] usb 2-1: USB disconnect, device number 16
[  175.634898][ T7510] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  175.731446][ T7515] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  176.563125][ T7515] overlay: Unknown parameter 'obj_role'
[  177.355172][ T7530] input: syz1 as /devices/virtual/input/input16
[  177.378929][ T5915] IPVS: starting estimator thread 0...
[  177.488453][ T7536] IPVS: using max 33 ests per chain, 79200 per kthread
[  177.509935][ T7523] xt_connbytes: Forcing CT accounting to be enabled
[  177.516567][ T7523] Cannot find add_set index 0 as target
[  177.590691][ T7538] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  178.330875][ T7541] binder: 7540:7541 ioctl 4018620d 0 returned -22
[  178.458388][ T5881] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  178.598427][ T5881] usb 3-1: device descriptor read/64, error -71
[  178.847865][ T5881] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  178.909756][ T7564] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  178.988842][ T5881] usb 3-1: device descriptor read/64, error -71
[  179.168856][ T5881] usb usb3-port1: attempt power cycle
[  179.909713][ T7570] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  180.007763][ T7574] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  180.085314][ T7574] overlay: Unknown parameter 'obj_role'
[  180.198428][ T5881] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  180.229591][ T5881] usb 3-1: device descriptor read/8, error -71
[  180.318674][ T5915] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  180.346070][ T7584] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  180.499021][ T5881] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  180.530481][ T5915] usb 2-1: Using ep0 maxpacket: 32
[  180.530942][ T5881] usb 3-1: device descriptor read/8, error -71
[  180.539313][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short
[  180.816073][ T5915] usb 2-1: config 253 has an invalid interface number: 202 but max is 0
[  180.825333][ T5915] usb 2-1: config 253 has no interface number 0
[  180.844144][ T5915] usb 2-1: config 253 interface 202 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  180.883238][ T5915] usb 2-1: config 253 interface 202 altsetting 0 endpoint 0x3 has invalid maxpacket 16804, setting to 1024
[  180.915600][ T5915] usb 2-1: config 253 interface 202 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  180.948727][ T5881] usb usb3-port1: unable to enumerate USB device
[  181.531945][ T5915] usb 2-1: New USB device found, idVendor=13b1, idProduct=0942, bcdDevice=58.85
[  181.576012][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.650521][ T5915] usb 2-1: Product: syz
[  181.858620][ T5915] usb 2-1: Manufacturer: syz
[  181.863288][ T5915] usb 2-1: SerialNumber: syz
[  183.380907][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.413'.
[  183.514434][ T7612] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  184.917064][ T5915] usb 2-1: USB disconnect, device number 17
[  184.967217][ T7619] xt_hashlimit: Unknown mode mask EB0D38F6, kernel too old?
[  185.205866][ T5881] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  185.378800][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  185.409592][ T5881] usb 3-1: unable to get BOS descriptor or descriptor too short
[  185.919013][ T7636] infiniband s|z1: set active
[  185.924037][ T7636] infiniband s|z1: added bond_slave_1
[  185.986229][ T7636] RDS/IB: s|z1: added
[  186.037764][ T7636] smc: adding ib device s|z1 with port count 1
[  186.158181][ T7636] smc:    ib device s|z1 port 1 has pnetid 
[  187.165332][ T5881] usb 3-1: unable to read config index 0 descriptor/all
[  187.213419][ T5881] usb 3-1: can't read configurations, error -71
[  187.293612][ T7650] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  187.721978][ T7648] xt_connbytes: Forcing CT accounting to be enabled
[  187.728728][ T7648] Cannot find add_set index 0 as target
[  187.739650][ T7650] overlay: Unknown parameter 'obj_role'
[  188.150401][ T5915] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  188.427804][ T7666] tmpfs: Bad value for 'mpol'
[  188.868555][ T5881] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  188.908377][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  188.970935][ T5915] usb 4-1: config 0 has an invalid descriptor of length 17, skipping remainder of the config
[  188.991710][ T5915] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  189.019176][ T5915] usb 4-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  189.038573][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  189.048406][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.048694][ T5881] usb 5-1: unable to get BOS descriptor or descriptor too short
[  189.074806][ T5915] usb 4-1: config 0 descriptor??
[  189.103104][ T5881] usb 5-1: config 253 has an invalid interface number: 202 but max is 0
[  189.133986][ T5881] usb 5-1: config 253 has no interface number 0
[  189.145984][ T5881] usb 5-1: config 253 interface 202 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  189.160541][ T5881] usb 5-1: config 253 interface 202 altsetting 0 endpoint 0x3 has invalid maxpacket 16804, setting to 1024
[  189.173007][ T5881] usb 5-1: config 253 interface 202 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  189.196304][ T5881] usb 5-1: New USB device found, idVendor=13b1, idProduct=0942, bcdDevice=58.85
[  189.205980][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.231673][ T5881] usb 5-1: Product: syz
[  189.240817][ T5881] usb 5-1: Manufacturer: syz
[  189.245613][ T5881] usb 5-1: SerialNumber: syz
[  191.073840][ T5881] usb 5-1: USB disconnect, device number 6
[  191.385656][ T5828] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  191.535299][ T7700] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  191.578596][ T5828] usb 2-1: Using ep0 maxpacket: 32
[  191.587893][ T5828] usb 2-1: unable to get BOS descriptor or descriptor too short
[  191.609371][ T5828] usb 2-1: config 253 has an invalid interface number: 202 but max is 0
[  191.617778][ T5828] usb 2-1: config 253 has no interface number 0
[  191.630059][ T7696] input: syz1 as /devices/virtual/input/input17
[  192.357116][ T5880] usb 4-1: USB disconnect, device number 15
[  192.361679][ T5828] usb 2-1: config 253 interface 202 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  192.375016][ T5828] usb 2-1: config 253 interface 202 altsetting 0 endpoint 0x3 has invalid maxpacket 16804, setting to 1024
[  192.386524][ T5828] usb 2-1: config 253 interface 202 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  192.432264][ T5828] usb 2-1: New USB device found, idVendor=13b1, idProduct=0942, bcdDevice=58.85
[  192.441705][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.455230][ T5828] usb 2-1: Product: syz
[  192.519538][ T5828] usb 2-1: Manufacturer: syz
[  192.569550][ T5828] usb 2-1: SerialNumber: syz
[  192.725289][ T7715] Bluetooth: MGMT ver 1.23
[  194.135397][ T5915] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  194.248547][ T5828] usb 2-1: USB disconnect, device number 18
[  194.600911][ T7742] input: syz1 as /devices/virtual/input/input18
[  194.736835][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.744280][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.774205][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.819043][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.850924][ T5915] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  194.917403][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.965070][ T5915] usb 4-1: config 0 descriptor??
[  195.795703][ T7760] pim6reg1: entered promiscuous mode
[  195.808521][ T7760] pim6reg1: entered allmulticast mode
[  195.819188][ T7733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.844161][ T7733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.871503][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  195.938190][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  195.965713][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  195.991883][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.008481][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.024071][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.058623][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.098190][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.190116][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.207104][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.224942][ T5915] lg-g15 0003:046D:C222.0005: unknown main item tag 0x0
[  196.284462][ T5915] lg-g15 0003:046D:C222.0005: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0
[  196.337444][ T5915] usb 4-1: USB disconnect, device number 16
[  199.026411][ T7807] input: syz1 as /devices/virtual/input/input19
[  199.559732][ T7814] FAULT_INJECTION: forcing a failure.
[  199.559732][ T7814] name failslab, interval 1, probability 0, space 0, times 0
[  199.572569][ T7814] CPU: 0 UID: 0 PID: 7814 Comm: syz.3.469 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  199.583172][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  199.593218][ T7814] Call Trace:
[  199.596506][ T7814]  <TASK>
[  199.599427][ T7814]  dump_stack_lvl+0x241/0x360
[  199.604114][ T7814]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.609296][ T7814]  ? __pfx__printk+0x10/0x10
[  199.613873][ T7814]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  199.619412][ T7814]  ? __pfx___might_resched+0x10/0x10
[  199.624689][ T7814]  should_fail_ex+0x3b0/0x4e0
[  199.629374][ T7814]  ? key_alloc+0x341/0xff0
[  199.633814][ T7814]  should_failslab+0xac/0x100
[  199.638524][ T7814]  ? key_alloc+0x341/0xff0
[  199.642950][ T7814]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  199.648326][ T7814]  ? key_user_lookup+0x1b2/0x450
[  199.653269][ T7814]  key_alloc+0x341/0xff0
[  199.657517][ T7814]  keyring_alloc+0x44/0xb0
[  199.661933][ T7814]  lookup_user_key+0x4b0/0x1500
[  199.666798][ T7814]  ? irqentry_exit+0x63/0x90
[  199.671393][ T7814]  ? __pfx_lookup_user_key+0x10/0x10
[  199.676678][ T7814]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  199.682840][ T7814]  ? _copy_from_user+0x41/0xe0
[  199.687606][ T7814]  ? rep_movs_alternative+0x4a/0x70
[  199.692894][ T7814]  __se_sys_add_key+0x2fa/0x490
[  199.697744][ T7814]  ? __pfx___se_sys_add_key+0x10/0x10
[  199.703117][ T7814]  ? do_syscall_64+0x100/0x230
[  199.707879][ T7814]  ? __x64_sys_add_key+0x20/0xc0
[  199.712817][ T7814]  do_syscall_64+0xf3/0x230
[  199.717315][ T7814]  ? clear_bhb_loop+0x35/0x90
[  199.721988][ T7814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.727875][ T7814] RIP: 0033:0x7f50a6d7e719
[  199.732384][ T7814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.751985][ T7814] RSP: 002b:00007f50a7c45038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  199.760396][ T7814] RAX: ffffffffffffffda RBX: 00007f50a6f36058 RCX: 00007f50a6d7e719
[  199.768537][ T7814] RDX: 00000000200001c0 RSI: 0000000020000140 RDI: 0000000020000040
[  199.776501][ T7814] RBP: 00007f50a7c45090 R08: ffffffffffffffff R09: 0000000000000000
[  199.784498][ T7814] R10: 00000000000fffff R11: 0000000000000246 R12: 0000000000000001
[  199.792468][ T7814] R13: 0000000000000000 R14: 00007f50a6f36058 R15: 00007ffceba79948
[  199.800444][ T7814]  </TASK>
[  200.681029][   T29] audit: type=1326 audit(1730218053.377:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  200.934154][   T29] audit: type=1326 audit(1730218053.377:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  200.955881][   T29] audit: type=1326 audit(1730218053.377:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  200.977608][   T29] audit: type=1326 audit(1730218053.377:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  200.999347][   T29] audit: type=1326 audit(1730218053.377:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.021404][   T29] audit: type=1326 audit(1730218053.377:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.043219][   T29] audit: type=1326 audit(1730218053.377:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.064934][   T29] audit: type=1326 audit(1730218053.377:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.086670][   T29] audit: type=1326 audit(1730218053.377:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.108366][   T29] audit: type=1326 audit(1730218053.377:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7817 comm="syz.4.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddded7e719 code=0x7ffc0000
[  201.318607][ T7830] 
[  201.320945][ T7830] ======================================================
[  201.327940][ T7830] WARNING: possible circular locking dependency detected
[  201.334938][ T7830] 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0 Not tainted
[  201.342025][ T7830] ------------------------------------------------------
[  201.349021][ T7830] syz.0.472/7830 is trying to acquire lock:
[  201.354890][ T7830] ffff8880341f1418 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  201.364554][ T7830] 
[  201.364554][ T7830] but task is already holding lock:
[  201.371898][ T7830] ffff888060db9660 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: shmem_file_write_iter+0x80/0x120
[  201.382578][ T7830] 
[  201.382578][ T7830] which lock already depends on the new lock.
[  201.382578][ T7830] 
[  201.392961][ T7830] 
[  201.392961][ T7830] the existing dependency chain (in reverse order) is:
[  201.401992][ T7830] 
[  201.401992][ T7830] -> #1 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}:
[  201.410675][ T7830]        lock_acquire+0x1ed/0x550
[  201.415713][ T7830]        down_write+0x99/0x220
[  201.420465][ T7830]        process_measurement+0x439/0x1fb0
[  201.426167][ T7830]        ima_file_mmap+0x13d/0x2b0
[  201.431262][ T7830]        security_mmap_file+0x7e7/0xa40
[  201.436795][ T7830]        __se_sys_remap_file_pages+0x6e6/0xa50
[  201.442942][ T7830]        do_syscall_64+0xf3/0x230
[  201.448040][ T7830]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.454453][ T7830] 
[  201.454453][ T7830] -> #0 (&mm->mmap_lock){++++}-{3:3}:
[  201.461993][ T7830]        validate_chain+0x18ef/0x5920
[  201.467343][ T7830]        __lock_acquire+0x1384/0x2050
[  201.472707][ T7830]        lock_acquire+0x1ed/0x550
[  201.477720][ T7830]        down_read_killable+0xca/0xd30
[  201.483162][ T7830]        mmap_read_lock_killable+0x1d/0x70
[  201.488955][ T7830]        lock_mm_and_find_vma+0x29c/0x2f0
[  201.494655][ T7830]        exc_page_fault+0x1bf/0x8c0
[  201.499831][ T7830]        asm_exc_page_fault+0x26/0x30
[  201.505185][ T7830]        fault_in_readable+0x173/0x2d0
[  201.510628][ T7830]        fault_in_iov_iter_readable+0x229/0x280
[  201.516849][ T7830]        generic_perform_write+0x259/0x6d0
[  201.522640][ T7830]        shmem_file_write_iter+0xf9/0x120
[  201.528344][ T7830]        vfs_write+0xaeb/0xd30
[  201.533090][ T7830]        ksys_write+0x183/0x2b0
[  201.537920][ T7830]        do_syscall_64+0xf3/0x230
[  201.542926][ T7830]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.549320][ T7830] 
[  201.549320][ T7830] other info that might help us debug this:
[  201.549320][ T7830] 
[  201.559533][ T7830]  Possible unsafe locking scenario:
[  201.559533][ T7830] 
[  201.566959][ T7830]        CPU0                    CPU1
[  201.572307][ T7830]        ----                    ----
[  201.577668][ T7830]   lock(&sb->s_type->i_mutex_key#11);
[  201.583117][ T7830]                                lock(&mm->mmap_lock);
[  201.589950][ T7830]                                lock(&sb->s_type->i_mutex_key#11);
[  201.597932][ T7830]   rlock(&mm->mmap_lock);
[  201.602331][ T7830] 
[  201.602331][ T7830]  *** DEADLOCK ***
[  201.602331][ T7830] 
[  201.610453][ T7830] 3 locks held by syz.0.472/7830:
[  201.615453][ T7830]  #0: ffff88807b3127f8 (&f->f_pos_lock){+.+.}-{3:3}, at: fdget_pos+0x24e/0x320
[  201.624486][ T7830]  #1: ffff88802a8ac420 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x225/0xd30
[  201.633365][ T7830]  #2: ffff888060db9660 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: shmem_file_write_iter+0x80/0x120
[  201.644482][ T7830] 
[  201.644482][ T7830] stack backtrace:
[  201.650349][ T7830] CPU: 0 UID: 0 PID: 7830 Comm: syz.0.472 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[  201.660932][ T7830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  201.670970][ T7830] Call Trace:
[  201.674232][ T7830]  <TASK>
[  201.677148][ T7830]  dump_stack_lvl+0x241/0x360
[  201.681814][ T7830]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.686993][ T7830]  ? __pfx__printk+0x10/0x10
[  201.691568][ T7830]  print_circular_bug+0x13a/0x1b0
[  201.696577][ T7830]  check_noncircular+0x36a/0x4a0
[  201.701502][ T7830]  ? __pfx_check_noncircular+0x10/0x10
[  201.706941][ T7830]  ? lockdep_lock+0x123/0x2b0
[  201.711601][ T7830]  ? __pfx_bpf_trace_printk+0x10/0x10
[  201.716962][ T7830]  validate_chain+0x18ef/0x5920
[  201.721801][ T7830]  ? __pfx_validate_chain+0x10/0x10
[  201.727014][ T7830]  ? mark_lock+0x9a/0x360
[  201.731325][ T7830]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  201.737290][ T7830]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  201.743602][ T7830]  ? do_raw_spin_unlock+0x13c/0x8b0
[  201.748790][ T7830]  ? mark_lock+0x9a/0x360
[  201.753097][ T7830]  __lock_acquire+0x1384/0x2050
[  201.757936][ T7830]  lock_acquire+0x1ed/0x550
[  201.762423][ T7830]  ? mmap_read_lock_killable+0x1d/0x70
[  201.767867][ T7830]  ? __pfx_lock_acquire+0x10/0x10
[  201.772878][ T7830]  ? __pfx___might_resched+0x10/0x10
[  201.778150][ T7830]  ? lockdep_hardirqs_on+0x99/0x150
[  201.783423][ T7830]  down_read_killable+0xca/0xd30
[  201.788352][ T7830]  ? mmap_read_lock_killable+0x1d/0x70
[  201.793801][ T7830]  ? preempt_schedule+0xe1/0xf0
[  201.798630][ T7830]  ? __pfx_preempt_schedule+0x10/0x10
[  201.803984][ T7830]  ? wake_up_q+0xdc/0x120
[  201.808303][ T7830]  ? cmp_ex_search+0x74/0xa0
[  201.812916][ T7830]  ? mmap_read_lock_killable+0x1d/0x70
[  201.818370][ T7830]  ? bsearch+0x98/0xc0
[  201.822457][ T7830]  ? __pfx_down_read_killable+0x10/0x10
[  201.827986][ T7830]  ? search_extable+0xb3/0x100
[  201.832736][ T7830]  ? __pfx_search_extable+0x10/0x10
[  201.837923][ T7830]  ? fault_in_readable+0x173/0x2d0
[  201.843040][ T7830]  ? __pfx_down_read_trylock+0x10/0x10
[  201.848485][ T7830]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  201.854816][ T7830]  mmap_read_lock_killable+0x1d/0x70
[  201.860087][ T7830]  lock_mm_and_find_vma+0x29c/0x2f0
[  201.865440][ T7830]  exc_page_fault+0x1bf/0x8c0
[  201.870101][ T7830]  asm_exc_page_fault+0x26/0x30
[  201.874940][ T7830] RIP: 0010:fault_in_readable+0x173/0x2d0
[  201.880644][ T7830] Code: 00 fc ff df 4c 89 e8 4f 8d ac 25 ff 0f 00 00 49 81 e5 00 f0 ff ff 49 39 c5 72 7a e8 27 74 b6 ff 4c 39 eb 74 7d 4c 89 64 24 08 <44> 8a 23 43 0f b6 04 3e 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10
[  201.900248][ T7830] RSP: 0018:ffffc9001a8a7a40 EFLAGS: 00050287
[  201.906297][ T7830] RAX: ffffffff81de6435 RBX: 000000002014a000 RCX: 0000000000040000
[  201.914250][ T7830] RDX: ffffc9000ad0e000 RSI: 000000000000b639 RDI: 000000000000b63a
[  201.922204][ T7830] RBP: ffffc9001a8a7af8 R08: ffffffff81de639c R09: ffffffff84b1f5a9
[  201.930162][ T7830] R10: 0000000000000002 R11: ffff88802612bc00 R12: 0000000000200000
[  201.938114][ T7830] R13: 0000000020201000 R14: 1ffff92003514f50 R15: dffffc0000000000
[  201.946071][ T7830]  ? fault_in_iov_iter_readable+0x49/0x280
[  201.951866][ T7830]  ? fault_in_readable+0xfc/0x2d0
[  201.956872][ T7830]  ? fault_in_readable+0x195/0x2d0
[  201.961973][ T7830]  ? seqcount_lockdep_reader_access+0x157/0x220
[  201.968195][ T7830]  ? __pfx_fault_in_readable+0x10/0x10
[  201.973640][ T7830]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  201.979864][ T7830]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  201.986435][ T7830]  ? inode_to_bdi+0x69/0xf0
[  201.990921][ T7830]  fault_in_iov_iter_readable+0x229/0x280
[  201.996624][ T7830]  generic_perform_write+0x259/0x6d0
[  202.001893][ T7830]  ? __pfx_generic_perform_write+0x10/0x10
[  202.007677][ T7830]  ? __pfx_generic_write_checks+0x10/0x10
[  202.013374][ T7830]  ? rcu_read_lock_any_held+0xb7/0x160
[  202.018817][ T7830]  ? file_update_time+0x2a0/0x430
[  202.023823][ T7830]  shmem_file_write_iter+0xf9/0x120
[  202.029001][ T7830]  vfs_write+0xaeb/0xd30
[  202.033230][ T7830]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  202.039018][ T7830]  ? __pfx_vfs_write+0x10/0x10
[  202.043789][ T7830]  ? fdget_pos+0x24e/0x320
[  202.048191][ T7830]  ksys_write+0x183/0x2b0
[  202.052504][ T7830]  ? __pfx_ksys_write+0x10/0x10
[  202.057338][ T7830]  ? do_syscall_64+0x100/0x230
[  202.062086][ T7830]  ? do_syscall_64+0xb6/0x230
[  202.066747][ T7830]  do_syscall_64+0xf3/0x230
[  202.071233][ T7830]  ? clear_bhb_loop+0x35/0x90
[  202.075893][ T7830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.081855][ T7830] RIP: 0033:0x7f4fc357e719
[  202.086278][ T7830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.105895][ T7830] RSP: 002b:00007f4fc4348038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  202.114295][ T7830] RAX: ffffffffffffffda RBX: 00007f4fc3735f80 RCX: 00007f4fc357e719
[  202.122276][ T7830] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005
[  202.130235][ T7830] RBP: 00007f4fc35f132e R08: 0000000000000000 R09: 0000000000000000
[  202.138198][ T7830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  202.146150][ T7830] R13: 0000000000000000 R14: 00007f4fc3735f80 R15: 00007ffeb97b98b8
[  202.154131][ T7830]  </TASK>