last executing test programs:

9.855109839s ago: executing program 2 (id=204):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r5, &(0x7f0000000000)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast]}, 0x48)
close_range(r2, 0xffffffffffffffff, 0x0)

8.02347904s ago: executing program 3 (id=211):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x5, 0x4, 0x6, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r1, &(0x7f00000001c0), &(0x7f0000000280)=@udp6=r0}, 0x20)
dup3(r1, r0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)

7.835269765s ago: executing program 3 (id=212):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x409, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

7.602382816s ago: executing program 4 (id=213):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(0x0, 0x0)
fchdir(r4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x50}}, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, <r6=>0x0})
r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r7, 0x40305839, &(0x7f0000000240)=0x28084)

7.363943453s ago: executing program 2 (id=214):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10)

6.948290214s ago: executing program 3 (id=215):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00'})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0)
r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000100), 0x1, 0x0)
write$binfmt_register(r2, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x8, 0x3a, 'w\x12\xberkdir', 0x3a, 'novrs', 0x3a, './bus/file0', 0x3a, [0x4f, 0x43, 0x43]}, 0x3b)
sendmmsg$inet(r0, &(0x7f0000000bc0), 0x0, 0x4000840)
getrusage(0x0, &(0x7f0000000600))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000020000000080a0104000000000000000007000000090001"], 0x68}}, 0x0)
r6 = eventfd(0x7)
sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x5)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r6, 0x9})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, './cgroup/../file0\x00'}})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

6.506880571s ago: executing program 4 (id=217):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x6, 0x1a, 0x0, 0x20003f00)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0, 0x20}}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = io_uring_setup(0x354a, &(0x7f0000000080))
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x1, r7, 0x0, 0x1, 0x4}}, 0x20)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000040)=0x1, r9, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast2}, r9}}, 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)

6.280418737s ago: executing program 1 (id=218):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = inotify_init1(0x0)
r3 = getpid()
fcntl$setown(r2, 0x8, r3)
fcntl$getownex(r2, 0x10, &(0x7f0000000200)={0x0, <r4=>0x0})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000100)=[r4], 0x1}, 0x58)

5.421403938s ago: executing program 4 (id=219):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x3304, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r2, @ANYRES32=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000003f80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003f40)={&(0x7f0000002240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a600b00000c0a010100000000000000000200000220030380100000800c00054000000000000000085c010080040007800900090073797a3000000000040007800c0004400000000000000006fd000640fcbb68a128cf04519a1cfe7566564c94f408648cca9e4b69959a89f66b96f3bf01bc1d3cbfce98fee59b0148e5cdaf19b9392c1de2b112b484b4d4c0ca83bff43d087fc0557b6a907ee74a8bcdcbbc51d23bd0f1e35d44765efb5511076a9cf65f0389874274a3dfc235d5dfd8bc701a35e0b5233490b70b41439c90b6e098aecb2a956ffc64367ae84d4759d71150ceaa01adbf95ead03bad065568749c98792742ff48b15258387392bd9fff771d987f575541bd373c0b87fc7f6f05fe5d35e6d9308d279f9a67c0115da27ff3587c796e5b33e5a98f67b82d213c52b498f870afba271eb896770dfdd80f0ea916db73c17c2479c83cf1b100000008000340000000010c00044000000000000000070c00044000000000000000090c00044000000000000000000c0004400000000000000007480000800900090073797a30000000000400078008000340000000000c0004400000000000000d010c000440000000000000000908000340000000010c000440000000000000005d680100800c0005400000000000000008f4000180f0000100e4a7881586d5f82fcbcc05b254695e6c6b0b9663043718acfc0fa35a86015901d12b5dbe3d6c3177fdaba69acd7bdcf130f1fa38374a9801b7f9587b1a14206a0f36fa411c3bf0622531a6873d1a64fdf7404cb367f728cce934bd8f0052c067332c9d7027d4074a30d6e8337e2fb154441b50ee219e2e32797f8d3a85f5f368d0c879f1bd5c7595438bf6c3d2de4a6349adb67ee0994f5de50ebb4f7d53cb49eb482ca1fe9afc2ccd26968a701349d716481df829d82001bce1a6007009b9d182f7af152879217d53404452600000000000004452b3e2178fbfa7accaba2381c9dbe85689408baf0f6ce3080c000540000000000000007f040002802e0006401fe757bb66fe79b895a756c5939043ce9b5866dddea97e1ac5095f72e06548aca97b4b737d61e096a584000004000780200002801c00028008000180ffffffff080003400000000108000180ffffffff08000440000000010900020073797a300000000018080380100000800900090073797a3200000000cc040080e8020a805800010090d89c50a644799ced4378f1a19401258b2556ee875ce5cfa8d26d80983e57a87861aad0095bfe1dba4c314b32e1b8bbd90ba78612183ae9e8df590070f2b9d99fdef3ad0b2e4aa26872ab5aeade9e7c266ae0e13800028008000180fffffffd0900020073797a30000000000900020073797a31000000000900020073797a32000000000800034000000007580001004cfd3f1337b83fa5709f88e65c0232f3f0e94f0a64b36c85645370638949682a22ebbe8bcbf347d99be38b7d92dd4448ea70926167ef2b3c0e7154b5ef8e2ae0c159809fad90c632380e27b802f9367c88877fdff00001006b06f8b49ed97bb1daf185d4131457545c73dbc1c5e2b1d1d8f3ba2e647be1d7b7e07b0e00cce71fce4996e0ec1fd8e9c8c6daa2c8b7865ab74673027491199285de518d92cdf6bfde35b41bfb78d1c64fafd9b223fcbc10d9aff1dfc28b359d00afe54fae15a717f887604c2b97b37dbdbb1dfe2bc91ee974570d7b97746eafe60ad8b23baa6b92d2e51e66dfaa24f25db7659c3cc69555027307616e9298666bb9d60440bfccd7d84242a914401d556d66aa1726b4c401d24f67ba5e70e5a7722122e1694698367f621f1786cb53d5595dc08db01339b8855c5d76a57a72ab636f17c05a2cf801bb916c2d8e000100781974fcd318d85d568bfe2cda37530922447d16ded0aff5157b18f7ba7c9b293e9b7ec3c81d5cc1f78378572aacf42d732aa1aabdc0be003aec4acc818c108631133c9585e2b2f85e978837abb0c94e7576b3b4b35a3dfa59f6f6fd38ce3e5edb39c7fa0c5b5502575202ff93c6de37ecf930897755eab0961cbbaa3cec4633ee95cc925d74f596edc200007c0001003487543095e98358249c0fba47f77d09be7960e9322d2871e1353bd54d1bb1dc6ac39d1984a659e001b295f3bb4e9b7ff7bb69104deb756a62d86ce4b7e2a6420f02d901ee4aae39dba3e41ed69b9218441292c5799296cfaf21b9176ca8668b24226f41a322da2115a1c50f5d5f81fc971eaea1985e0c430900090073797a3100000000a8000a801400028008000180fffffffc08000340000000002c00028008000340fffffb520900020073797a310000000008000340000000020900020073797a300000000064000280080003400000020008000180fffffffc0900020073797a32000000000900020073797a310000000008000180fffffffd0800034000000006080003400000000108000340000080000900020073797a32000000000900020073797a32000000000c00054000000000000000001c01018036000100b509d5b2c13a8415b8a604bf7a83c0beae13445aeed927f5fa0ed08fdc76b514cf3b2c87829b495c122d6c5b0ee86d3f61850000df000100b6b5328f41be9a8875839e1926a71cceef09ab70e69bc83e8059465387ea227ad9bb9c23a291f67c2eca92780ace798226d21e5bd742dbffd5f535131d46d9a3963944ec8e473cfdae2b6c44cf1f948cc97c9e7d5cfa97a448bda78d079cf10aaf0398edb31f8e10722d43ccf4ec74cce7c152c692e428c903bbed4094e85758f957f2cfb7b82b9a96a4bfc723cb5943ea20619c4d20d2d92f0dabb531fc5febf1b40b3d9b631d4d56be7439a35e9ecdce838617cc2c90b3a67de69835b9b2b17e71b8e40437f396212919f46fbf2c6a43b7a76f1e197394b811660004000280380300800900090073797a31000000009c000b80240001800b0001007470726f7879000014000280080003400000000008000140000000014000018011000100666c6f775f6f66666c6f616400000000280002800900010073797a31000000000900010073797a32000000000900010073797a32000000000c00018008000100647570000c00018008000100666962001c0001800b00010064796e73657400000c000280080002b7768b6fbf40000000038c02028046000100acbaf4936b7b5981df07000000edc6a50cfab337816e3a29c04b665cd9ec7c117b6fa3b7145750c802ab005d8207bde19aa86b9eb8e3ca4290f522176100000000000000d8000100d112dcc1a765b18262168f24f7f40acf9df3924a7781c2384a14a787929e98c58e212afab28e0546dc2e2c682857957f015b4431a2ff1549587c25bb6b2168e7bd38886e8dec4390ba6906f2658d5f460bbe94008b8a2b6b4aa8cc72b0cd29ad0897d2b4cb1c59e4b972adce86076e64a96daae7463d10001fe7a5ee5851b40c64a62616a23507e984f35d07245676c06701f0259888c8e847eff38dadda9e8356c0e81071542ffaa81ff736d7ccc02881e8d9488fed9145e2b453f2374dbf0447851f750ea2a732b45a0f84d89e3769595964a938000100b2a451f074a37bb670be6f65555b7d864976beb081ac0f41d937c556be6ba47ed0a79157f6489105830336b6c8df15227e7b751acc000100b35c70ee1ec533dd7ab5684472fc926018fa08d90476a45b2d108430fb47d3dc792447e94a1322c28952708aeec087ae7459a7856771f0ba747c87b33ff9e5b8e7b4aa08aa61e6c86ca60dd15ff51839c21e5e7360fd0ceb2c9e127dcff7facbb676082cb081d30a861d14f014f1b6c21a218f524aa89cbd808c4eb310bc7a6c567475ed2fb8aad7220f735a2d73926d8074f6fafea4cf858ad3609a0dae79d7fcfbffba3a37447978bcc3cf3c8d78622500caba50479621082a8bbe0e8f384ad18740ffc77dfd0d0c00028008000180fffffffe5800028008000180fffffffd0900020073797a32000000000800034000000400080003400000000908000180fffffffb08000180ffffffff0900020073797a320000000008000180000000010900020073797a31000000002c000000080a010200000000000000000a0000060900010073797a31000000000900020073797a300000000014010000050a010100000000000000000300000a62000c00fd80f6203af7f90fec2770846fb24054d0827c026c15a6744930e063b69b6524ebd519e8f00d15a02b61beb8a98ec50cf175e180070644a3637eb930368f34f181d99ee3f4981d62e2c55f3dae54a5a5849b43d3d23da52a592c2f9bb82f000079000c006607e1bf8cf355beb486fda907279ca13ef6892ce681ea131b910784478760304d2f54333cbc87c012d41790c89b08c94be219026fb4d4105383a5303f37d3993b846613a445961315b2d25ece7106ed5c0366aa0f95999dd2aab132981080e39a2d7de7b0174bff0bc6cfd0446f5a440f88d7ab0d0000000a000700726f757465000000080007006e6174000900030073797a3100000000140000001100010000000000000000000000000a2a75f5f154df54b43657b728ee67ef2a9e5d18370a193f3a03962ee34daaf71366401427cdb6d04ca0df56b2e71bac8bbd53a9560d40e1a102b13e98bc1a57cb72b438caacefec81db3e2298b6388737d36bae20a0787b80585ed2ddc0517085e92a5c412e646386cf197c8306db44d1428a442c2ae9655dd5935386e98cfc7bd2736f03b9ee0a9c1a7dcdf66228fc3662673b524641c578886466f22c6f9b6af89c53376c14cc927b511d1c7e751781b4883e2d6b7ce15434"], 0xcc8}, 0x1, 0x0, 0x0, 0x20000800}, 0x2200c0c0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udplite6\x00')
r7 = fanotify_init(0x0, 0x400)
readv(r7, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r7, 0x1, 0x40001019, r6, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f0000003fc0)={0x2020}, 0x2020)

5.317340632s ago: executing program 1 (id=220):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$netlink(0x10, 0x3, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x20000)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
write$UHID_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0}}, 0x120)
sigaltstack(0x0, 0x0)

4.195282034s ago: executing program 2 (id=221):
r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, 0x0, 0x0)

4.18769454s ago: executing program 2 (id=222):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0x3, 0x10)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0)

4.132662539s ago: executing program 4 (id=223):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @local, {[@ra={0x94, 0x4}]}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014001100b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1653]}})
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000000000000e10a00002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000084010500ff010000000000000000000000000001000000006c0000000000000000000000000000000000ffff000000000000000000000000000000000000000000000000fc020000000000000000000000000000000000003200000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000003c00000002000000ac1414bb0000000000000000000000000000000001000000000000000000000000000000e0000002000000000000000000000000000000003300000002000000fe800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003300000002000000ff020000000000000000000000000001000000000000000000000000000000000000000020010000000000000000000000000002000000003c00000000000000fe8800000000000000000000000000010000000001"], 0x23c}}, 0x0)

4.05523342s ago: executing program 1 (id=224):
socket(0x11, 0x800000003, 0x0)
io_uring_setup(0x6c33, &(0x7f0000000080))
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000100)=ANY=[@ANYBLOB="0002"], 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'vlan0\x00'}}, 0x1e)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0xd0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1e0, 0x20a, 0x278, 0x1e0, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1a0682)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'})
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r5, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "20e48560d99f00000000000000000000e2ffffffffffffff00"})
write$sndseq(r4, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000160a01020000000000000000020000090c00054000000000000000010900010073797a31000000001c000000120a0101000000000000000005000009080003400000000190010000000a050500000000000000000a0000050900010073797a30000000000800024000000000c900060073b8930cc11c1d6d5cdba17f1f32a3ff2deabb5c82b31c942b931b28a4d63e586cd435e98c2596b2572476234e31950115af09c5670100000000000080ccdba717dd53e076b01b561ce3ab9c8fe7f2389f37b4f0f52cdece7eb00f90d7b1f9a85ffa2507e4bd37e801828338a1fb8c586d9ba3c9a066b0bd7ccab3f89ecf608d6784dfcb374cebaefee73754cfb3802e04b95a25ae48b10577c2ca05556c62c1d5992d90338b2d3891727c00007349533d1f81394dc89325346bf0cc28b9d8f307492e561100000092000600c39698ad3859b71647bb9798b3f11c0c36b3669e27c51a4f17d42fdaaa8ae644cb6d8ccaf2d8c5776aa119ca3135a6b105fe13b72eebd20a6b3464a2c50f99540af8060af9d3a888dce644ac5247fa4c428a266a56512a316f05e2177bd21c1cccfd4a3db4f4923dc860fc8d270e5b2102fb6b413599de8a19a8e4713fcb5ecf2e16b1d0322fbfacb6d200000800024000000001140000001100010000000000000000000000001f4d55179db2c6536509ad0812d767a1eca970deb5e44596fb9730804068286afa7269f1f6a4c0966a41ef46c7ede880a157790b6b6c918029179876da47c41740cd5f54f548b75b835f99ea30861f4d5ca0fd61f77b5a91ddd80edd8f6cfaa33070b3ddef78a2147971c231b8b325dbc5b89942012a6cd1085b350d0419931de270865d86e3942a5db8cbc22427e6a971e2ae1a54d7d56fdd1f5b53228e2b30066e337030381d78b3312347ff5cfb09447ae32d20e8ff9c2ec2a4b5c6eab45855e6ddaa00b51ae686214a3b7c268865dbaaf468830c816347b7"], 0x200}, 0x1, 0x0, 0x0, 0x20048040}, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001dc0), 0x213, 0x0)

3.897497399s ago: executing program 1 (id=225):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x409, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

2.867857726s ago: executing program 1 (id=226):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x806, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x101, 0x80, 0xfffffffe, 0xffffffff, 0xfffffffe}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404}, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23}, 0x1c)
listen(r0, 0xfffffffd)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
syz_usb_connect$hid(0x1, 0x0, 0x0, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r5 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r5, &(0x7f0000008340)=[{{0x0, 0x0, 0x0}}], 0x20, 0x0)

2.236722098s ago: executing program 3 (id=227):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
lseek(0xffffffffffffffff, 0x4, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x80000003, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x53}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.236238759s ago: executing program 0 (id=228):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000052c0)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=')', 0x1}], 0x1, &(0x7f0000001dc0)=[@iv={0x28, 0x117, 0x2, 0x10, "477bff93f3b4ebb42ac36b458cfe6e1c"}], 0x28}], 0x1, 0x0)

2.234494715s ago: executing program 2 (id=229):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r4, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000640)=[r2, r1], 0x2, 0x800})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f00000002c0)={0x0, 0x0, 0x0})

2.020300151s ago: executing program 4 (id=230):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x6, 0x1a, 0x0, 0x20003f00)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0, 0x20}}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = io_uring_setup(0x354a, &(0x7f0000000080))
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x1, r7, 0x0, 0x1, 0x4}}, 0x20)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000040)=0x1, r9, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast2}, r9}}, 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)

1.751172521s ago: executing program 0 (id=231):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99", 0x8e}, {0x0}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619127cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce9570444c153f9c2903ae4c868074e89477bf6ed2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1de", 0xc2}, {&(0x7f0000000f00)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf169e77257f308227094d569a4326954e50ea185bc6fff0507c5dfd26676de9ddac4fe6db927cd4d03965f42d9c7513eff1631baa83e3daf514c600450374f6d76b8fcf2bc3eca29ce7538f85aa34b2bdcc17ecd080f0850377f771a4e8693703da4e347e0165f00872a21845e17030de0ff47bc869de32ee24ca05e6f805ec0a1d0257e0e6f900e6cfb68e827b515d05bf2cc14e53e04b713a851bd656f20", 0xb4}, {&(0x7f0000000480)="4068745fc217775e9fca3477d3c929c1231d710ed7bb68bf2f127cb83703392703f530", 0x23}], 0x5}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff", 0x29}, {0x0}, {&(0x7f0000000a40)="57f43d3d654f1df092b799441d169633d1d1894111b5a3c8478fae6b707eae36cb8b36766a8655eea82f228813884f36d33c54425ae53fc22d34", 0x3a}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="b5d3838236773268a73daecfa0fdc5beb5a7ac332a11523627b41db31da6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a8139c3ebba62168141343c853896523ffb04131b2786acc44a57f5b1bd33cdaef8dd3c0526b7454eefe5153c5778ce05c77e962fd6bf3a4b9eb05654e64f1867398e20", 0x97}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c7100dc54801b32c3a9a69a238db1f4d16464062d870e812ee381b6b3c234824a4a4475f9ee81286836e549ff446b0004adc6b16981ea546cd24ff6d5739a", 0x6a}, {&(0x7f0000000840)="fbdd17a812c727337dc6c74dcb077562b57a440dbf7711ba245a62b76d46b0f19e6ff608ef9e5fbb4a8cfb02e28403582ceb8031acc767f766772a93a2f00ddde52ce6f7a84db1c66feecdc4a028e7b9e5e27a0057957743cbf196c517bf3ad97859c31205e3a35f435ec338927f53a43fae1907b2c772d9b35b9b3aa61985ea588557", 0x83}, {&(0x7f0000000b80)="8d75938ba9bc695806fede7eee392592a6014e55025d4c6612fbb793e3ed010000000000000007aab6dc2d3668aa974f67dad537a2d75fcac54500000000000000000000000000000000d70f7cae577664b818df8e9b4e81ef2a362d8b04", 0x5e}], 0x4}}], 0x3, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfa", 0x12, 0x11, 0x0, 0x0)

1.384243465s ago: executing program 1 (id=232):
epoll_create1(0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043e01120000"], 0x9)
eventfd2(0xa3a, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000800)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r4, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000002140))
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001", @ANYRES16], 0x0)
r5 = openat$nullb(0xffffffffffffff9c, 0x0, 0x60482, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x13, r6, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
read$FUSE(r6, 0x0, 0x0)
io_setup(0xbc, &(0x7f0000000280))

1.129097374s ago: executing program 3 (id=233):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000480)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2}, r1}}, 0x30)

1.07471874s ago: executing program 0 (id=234):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/warn_count', 0xa40, 0x145)
fchown(r0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000000))
mremap(&(0x7f0000a01000/0x4000)=nil, 0x4000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000075e000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00006a3000/0x1000)=nil)
mremap(&(0x7f000054d000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00003af000/0x2000)=nil)
keyctl$dh_compute(0x17, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000340)="8d0b512691727039668938d9f42ec3e7f1614dc312321e216d22e7e3fa8deb521fcc4f9ed89c7a58a36d62f162fb240fcdfa7a075e1132461ea97c147b8e660a4862", 0x42})
munmap(&(0x7f0000652000/0x1000)=nil, 0x1000)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r1, 0x0)

854.610059ms ago: executing program 0 (id=235):
socket(0x11, 0x800000003, 0x0)
io_uring_setup(0x6c33, &(0x7f0000000080))
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000100)=ANY=[@ANYBLOB="0002"], 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'vlan0\x00'}}, 0x1e)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0xd0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1e0, 0x20a, 0x278, 0x1e0, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1a0682)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'})
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r5, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "20e48560d99f00000000000000000000e2ffffffffffffff00"})
write$sndseq(r4, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000160a01020000000000000000020000090c00054000000000000000010900010073797a31000000001c000000120a0101000000000000000005000009080003400000000190010000000a050500000000000000000a0000050900010073797a30000000000800024000000000c900060073b8930cc11c1d6d5cdba17f1f32a3ff2deabb5c82b31c942b931b28a4d63e586cd435e98c2596b2572476234e31950115af09c5670100000000000080ccdba717dd53e076b01b561ce3ab9c8fe7f2389f37b4f0f52cdece7eb00f90d7b1f9a85ffa2507e4bd37e801828338a1fb8c586d9ba3c9a066b0bd7ccab3f89ecf608d6784dfcb374cebaefee73754cfb3802e04b95a25ae48b10577c2ca05556c62c1d5992d90338b2d3891727c00007349533d1f81394dc89325346bf0cc28b9d8f307492e561100000092000600c39698ad3859b71647bb9798b3f11c0c36b3669e27c51a4f17d42fdaaa8ae644cb6d8ccaf2d8c5776aa119ca3135a6b105fe13b72eebd20a6b3464a2c50f99540af8060af9d3a888dce644ac5247fa4c428a266a56512a316f05e2177bd21c1cccfd4a3db4f4923dc860fc8d270e5b2102fb6b413599de8a19a8e4713fcb5ecf2e16b1d0322fbfacb6d200000800024000000001140000001100010000000000000000000000001f4d55179db2c6536509ad0812d767a1eca970deb5e44596fb9730804068286afa7269f1f6a4c0966a41ef46c7ede880a157790b6b6c918029179876da47c41740cd5f54f548b75b835f99ea30861f4d5ca0fd61f77b5a91ddd80edd8f6cfaa33070b3ddef78a2147971c231b8b325dbc5b89942012a6cd1085b350d0419931de270865d86e3942a5db8cbc22427e6a971e2ae1a54d7d56fdd1f5b53228e2b30066e337030381d78b3312347ff5cfb09447ae32d20e8ff9c2ec2a4b5c6eab45855e6ddaa00b51ae686214a3b7c268865dbaaf468830c816347b7"], 0x200}, 0x1, 0x0, 0x0, 0x20048040}, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001dc0), 0x213, 0x0)

772.630444ms ago: executing program 2 (id=236):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x409, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

675.732859ms ago: executing program 0 (id=237):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0})

623.227968ms ago: executing program 3 (id=238):
r0 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x40015b19, 0x0)

131.273128ms ago: executing program 0 (id=239):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0})

0s ago: executing program 4 (id=240):
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', 0x0})
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x17, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.192' (ED25519) to the list of known hosts.
[   49.758438][ T5208] cgroup: Unknown subsys name 'net'
[   49.874893][ T5208] cgroup: Unknown subsys name 'cpuset'
[   49.883039][ T5208] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.178759][ T5208] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.244765][ T5222] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.253865][ T5222] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.262272][ T5236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.282077][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.290730][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.293997][ T5222] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.298120][ T5236] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.305957][ T5222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.313733][ T5236] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.320903][ T5222] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.329374][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.340478][ T5222] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.342254][ T5236] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   53.348510][ T5222] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.354537][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.361901][ T5222] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   53.370027][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.376557][ T5222] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.390734][ T5222] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.398541][ T4614] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.409254][ T5226] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   53.409286][ T5222] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   53.416631][ T5226] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   53.434213][ T5226] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   53.442057][ T4614] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.451440][ T4614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   53.465394][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   53.473442][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   53.481129][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   53.488797][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   53.839364][ T5218] chnl_net:caif_netlink_parms(): no params data found
[   53.879234][ T5229] chnl_net:caif_netlink_parms(): no params data found
[   53.898518][ T5225] chnl_net:caif_netlink_parms(): no params data found
[   53.995687][ T5235] chnl_net:caif_netlink_parms(): no params data found
[   54.055168][ T5220] chnl_net:caif_netlink_parms(): no params data found
[   54.115706][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.123492][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.130727][ T5225] bridge_slave_0: entered allmulticast mode
[   54.138620][ T5225] bridge_slave_0: entered promiscuous mode
[   54.158607][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.165785][ T5229] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.173185][ T5229] bridge_slave_0: entered allmulticast mode
[   54.179948][ T5229] bridge_slave_0: entered promiscuous mode
[   54.187233][ T5218] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.194506][ T5218] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.201626][ T5218] bridge_slave_0: entered allmulticast mode
[   54.208327][ T5218] bridge_slave_0: entered promiscuous mode
[   54.218319][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.226200][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.233692][ T5225] bridge_slave_1: entered allmulticast mode
[   54.240159][ T5225] bridge_slave_1: entered promiscuous mode
[   54.258256][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.265394][ T5229] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.272827][ T5229] bridge_slave_1: entered allmulticast mode
[   54.279308][ T5229] bridge_slave_1: entered promiscuous mode
[   54.291999][ T5218] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.299064][ T5218] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.306458][ T5218] bridge_slave_1: entered allmulticast mode
[   54.313838][ T5218] bridge_slave_1: entered promiscuous mode
[   54.363301][ T5229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.379053][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.388708][ T5235] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.396345][ T5235] bridge_slave_0: entered allmulticast mode
[   54.403521][ T5235] bridge_slave_0: entered promiscuous mode
[   54.410871][ T5235] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.418142][ T5235] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.425360][ T5235] bridge_slave_1: entered allmulticast mode
[   54.432027][ T5235] bridge_slave_1: entered promiscuous mode
[   54.447882][ T5229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.465788][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.496377][ T5218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.510231][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.546275][ T5229] team0: Port device team_slave_0 added
[   54.553693][ T5218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.570805][ T5235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.583859][ T5220] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.590954][ T5220] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.598741][ T5220] bridge_slave_0: entered allmulticast mode
[   54.605577][ T5220] bridge_slave_0: entered promiscuous mode
[   54.614377][ T5229] team0: Port device team_slave_1 added
[   54.620591][ T5220] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.628201][ T5220] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.635733][ T5220] bridge_slave_1: entered allmulticast mode
[   54.642660][ T5220] bridge_slave_1: entered promiscuous mode
[   54.670514][ T5235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.696023][ T5218] team0: Port device team_slave_0 added
[   54.705508][ T5218] team0: Port device team_slave_1 added
[   54.712984][ T5225] team0: Port device team_slave_0 added
[   54.759495][ T5225] team0: Port device team_slave_1 added
[   54.772720][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.779688][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.809346][ T5229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.824301][ T5220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.834155][ T5218] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.841113][ T5218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.867294][ T5218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.879213][ T5218] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.886360][ T5218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.912309][ T5218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.933140][ T5235] team0: Port device team_slave_0 added
[   54.947478][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.955955][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.982079][ T5229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.994706][ T5220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.017259][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.024305][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.050298][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.063139][ T5235] team0: Port device team_slave_1 added
[   55.069501][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.076540][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.102803][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.134498][ T5220] team0: Port device team_slave_0 added
[   55.142895][ T5220] team0: Port device team_slave_1 added
[   55.167239][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.174675][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.201247][ T5235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.235343][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.242551][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.269280][ T5235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.312260][ T5220] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.319222][ T5220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.345699][ T5220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.375641][ T5218] hsr_slave_0: entered promiscuous mode
[   55.383079][ T5218] hsr_slave_1: entered promiscuous mode
[   55.393097][ T5229] hsr_slave_0: entered promiscuous mode
[   55.399219][ T5229] hsr_slave_1: entered promiscuous mode
[   55.405631][ T5229] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.413870][ T5229] Cannot create hsr debugfs directory
[   55.419831][ T5220] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.427140][ T5220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.453514][ T5220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.453713][   T54] Bluetooth: hci0: command tx timeout
[   55.471637][ T5225] hsr_slave_0: entered promiscuous mode
[   55.477896][ T5225] hsr_slave_1: entered promiscuous mode
[   55.486591][ T5225] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.494168][ T5225] Cannot create hsr debugfs directory
[   55.510913][ T5235] hsr_slave_0: entered promiscuous mode
[   55.517551][ T5235] hsr_slave_1: entered promiscuous mode
[   55.523376][ T5222] Bluetooth: hci2: command tx timeout
[   55.529021][   T54] Bluetooth: hci3: command tx timeout
[   55.535253][ T5235] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.543052][ T5235] Cannot create hsr debugfs directory
[   55.592439][ T5222] Bluetooth: hci1: command tx timeout
[   55.598233][   T54] Bluetooth: hci4: command tx timeout
[   55.671545][ T5220] hsr_slave_0: entered promiscuous mode
[   55.677670][ T5220] hsr_slave_1: entered promiscuous mode
[   55.686791][ T5220] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.694713][ T5220] Cannot create hsr debugfs directory
[   55.940033][ T5218] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.962289][ T5218] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.982238][ T5218] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.997091][ T5218] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.017490][ T5225] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.026318][ T5225] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.053331][ T5225] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.081482][ T5225] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.098435][ T5220] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   56.121412][ T5220] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   56.130800][ T5220] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   56.151343][ T5220] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   56.192624][ T5235] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   56.220817][ T5235] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   56.231622][ T5235] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   56.240867][ T5235] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   56.295117][ T5229] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.311251][ T5229] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.338281][ T5229] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.351480][ T5229] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.416542][ T5218] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.467089][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.493084][ T5218] 8021q: adding VLAN 0 to HW filter on device team0
[   56.525917][ T5220] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.548814][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.556102][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.575782][ T5225] 8021q: adding VLAN 0 to HW filter on device team0
[   56.595314][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.602467][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.621574][ T5220] 8021q: adding VLAN 0 to HW filter on device team0
[   56.640440][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.674872][  T147] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.682037][  T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.694011][  T147] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.701089][  T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.724222][ T5229] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.744753][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.751889][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.761484][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.768639][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.806170][ T5235] 8021q: adding VLAN 0 to HW filter on device team0
[   56.861433][ T5229] 8021q: adding VLAN 0 to HW filter on device team0
[   56.874794][  T147] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.881949][  T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.891331][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.898473][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.969100][ T5225] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.986900][ T5225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.008377][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.015582][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.043033][ T5235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.061133][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.068297][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.161519][ T5218] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.309561][ T5218] veth0_vlan: entered promiscuous mode
[   57.375260][ T5218] veth1_vlan: entered promiscuous mode
[   57.423189][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.481156][ T5218] veth0_macvtap: entered promiscuous mode
[   57.513538][   T54] Bluetooth: hci0: command tx timeout
[   57.526082][ T5218] veth1_macvtap: entered promiscuous mode
[   57.545414][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.589021][ T5225] veth0_vlan: entered promiscuous mode
[   57.594969][   T54] Bluetooth: hci3: command tx timeout
[   57.595986][ T5222] Bluetooth: hci2: command tx timeout
[   57.616591][ T5225] veth1_vlan: entered promiscuous mode
[   57.629424][ T5220] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.643508][ T5218] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.665178][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.674948][ T5222] Bluetooth: hci4: command tx timeout
[   57.674958][   T54] Bluetooth: hci1: command tx timeout
[   57.693657][ T5218] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.734839][ T5225] veth0_macvtap: entered promiscuous mode
[   57.748090][ T5218] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.757456][ T5218] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.767742][ T5218] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.776823][ T5218] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.807808][ T5225] veth1_macvtap: entered promiscuous mode
[   57.891339][ T5220] veth0_vlan: entered promiscuous mode
[   57.929543][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.941007][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.954687][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.965342][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.976084][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.987787][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.010724][ T5220] veth1_vlan: entered promiscuous mode
[   58.048052][ T5225] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.057158][ T5225] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.066687][ T5225] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.076656][ T5225] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.088027][ T5229] veth0_vlan: entered promiscuous mode
[   58.108738][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.122501][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.167832][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.180299][ T5229] veth1_vlan: entered promiscuous mode
[   58.182408][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.201239][ T5235] veth0_vlan: entered promiscuous mode
[   58.264956][ T5220] veth0_macvtap: entered promiscuous mode
[   58.277888][ T5218] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.298001][ T5220] veth1_macvtap: entered promiscuous mode
[   58.310143][ T5235] veth1_vlan: entered promiscuous mode
[   58.319814][ T1065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.340267][ T1065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.366211][ T5229] veth0_macvtap: entered promiscuous mode
[   58.391563][ T5220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.421494][ T5220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.435033][ T5220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.446089][ T5220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.467546][ T5220] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.505307][ T5229] veth1_macvtap: entered promiscuous mode
[   58.563987][ T5220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.601779][ T5220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.622039][ T5220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.641855][ T5220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.665345][ T5220] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.683350][ T5220] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.692904][ T5220] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.701617][ T5220] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.713444][ T5220] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.732886][ T1065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.746852][ T1065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.751016][ T5235] veth0_macvtap: entered promiscuous mode
[   58.807616][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.819205][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.838745][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.855292][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.865180][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.876360][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.888185][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.899473][ T5235] veth1_macvtap: entered promiscuous mode
[   58.922815][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.939167][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.949252][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.963113][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.974871][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.985759][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.011111][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.037717][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.053171][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.063740][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.075096][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.085093][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.095672][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.107809][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.122225][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.142996][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.183563][ T5229] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.203433][ T5229] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.213502][ T5229] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.223327][ T5229] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.235339][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.246618][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.257336][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.268720][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.297604][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.319330][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.341788][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.357282][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.373718][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.429863][ T2943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.439353][ T5235] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.454953][ T5235] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.474589][ T2943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.479382][ T5235] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.500076][ T5235] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.592038][   T54] Bluetooth: hci0: command tx timeout
[   59.672278][   T54] Bluetooth: hci2: command tx timeout
[   59.673899][ T5222] Bluetooth: hci3: command tx timeout
[   59.710194][ T5320] netlink: 152 bytes leftover after parsing attributes in process `syz.0.11'.
[   59.727251][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.736657][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.752134][ T5222] Bluetooth: hci4: command tx timeout
[   59.757978][ T5222] Bluetooth: hci1: command tx timeout
[   59.838565][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.858853][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.882821][ T2943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.890663][ T2943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.963378][ T5237] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   60.003632][ T2943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.048343][ T2943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.053913][ T5331] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   60.128567][ T5237] usb 3-1: Using ep0 maxpacket: 8
[   60.132112][ T2943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.145548][ T2943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.153061][ T5237] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   60.153139][ T5237] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   60.153164][ T5237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.214299][ T5237] usb 3-1: config 0 descriptor??
[   60.472767][ T5237] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   60.481266][ T5342] x_tables: ip_tables: udp match: only valid for protocol 17
[   60.686380][    C0] iowarrior 3-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[   60.695593][ T5271] usb 3-1: USB disconnect, device number 2
[   60.702222][   T47] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   60.730744][ T5353] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.21'.
[   60.806028][ T5271] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected
[   60.842135][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   60.861887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   60.873756][   T47] usb 1-1: Using ep0 maxpacket: 16
[   60.901425][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   60.942471][   T47] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   60.996896][   T47] usb 1-1: New USB device found, idVendor=0b97, idProduct=172a, bcdDevice=f7.f4
[   61.016435][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.041523][   T47] usb 1-1: Product: syz
[   61.055243][   T47] usb 1-1: Manufacturer: syz
[   61.062376][   T47] usb 1-1: SerialNumber: syz
[   61.077623][   T47] usb 1-1: config 0 descriptor??
[   61.512698][ T5271] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   61.610738][ T5371] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   61.685571][ T5222] Bluetooth: hci0: command tx timeout
[   61.793171][ T5222] Bluetooth: hci2: command tx timeout
[   61.798791][   T54] Bluetooth: hci3: command tx timeout
[   61.880665][ T5222] Bluetooth: hci4: command tx timeout
[   61.886886][   T54] Bluetooth: hci1: command tx timeout
[   62.265969][ T5271] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   62.286980][ T5271] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[   62.324726][ T5271] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   62.360816][ T5271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.397008][ T5271] usb 4-1: config 0 descriptor??
[   62.422587][ T5271] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[   62.686609][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   62.762063][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   62.935469][ T5386] netlink: 830 bytes leftover after parsing attributes in process `syz.1.31'.
[   63.172245][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   63.319853][ T5393] syz.2.34 uses obsolete (PF_INET,SOCK_PACKET)
[   63.521157][ T5273] usb 1-1: USB disconnect, device number 2
[   63.887789][ T5406] hub 2-0:1.0: USB hub found
[   63.895239][ T5406] hub 2-0:1.0: 1 port detected
[   64.815822][ T5271] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   64.978725][ T5271] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[   65.014549][ T5271] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.027787][    T9] usb 4-1: USB disconnect, device number 2
[   65.076981][ T5271] usb 1-1: config 0 descriptor??
[   65.110220][ T5271] gspca_main: spca508-2.14.0 probing 8086:0110
[   65.515798][ T5435] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.631883][ T5271] gspca_spca508: reg_read err -71
[   65.647296][ T5271] gspca_spca508: reg_read err -71
[   65.663418][ T5271] gspca_spca508: reg_read err -71
[   65.682140][ T5271] gspca_spca508: reg_read err -71
[   65.701906][ T5271] gspca_spca508: reg_read err -71
[   65.712048][ T5271] gspca_spca508: reg write: error -71
[   65.717519][ T5271] spca508 1-1:0.0: probe with driver spca508 failed with error -71
[   65.746876][ T5441] netlink: 904 bytes leftover after parsing attributes in process `syz.1.52'.
[   65.798669][ T5271] usb 1-1: USB disconnect, device number 3
[   66.356135][ T5459] hub 2-0:1.0: USB hub found
[   66.361888][ T5459] hub 2-0:1.0: 1 port detected
[   67.463815][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   67.513378][ T5482] IPv6: NLM_F_REPLACE set, but no existing node found!
[   67.643550][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   67.661641][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.725528][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.901800][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   67.921837][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[   67.977922][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   68.214954][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   68.261222][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   68.270564][    T9] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   68.278769][    T9] usb 2-1: Manufacturer: syz
[   68.303118][    T9] usb 2-1: config 0 descriptor??
[   68.601870][ T5237] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   68.752932][    T9] appleir 0003:05AC:8243.0001: unknown main item tag 0x0
[   68.763722][    T9] appleir 0003:05AC:8243.0001: No inputs registered, leaving
[   68.772692][ T5237] usb 4-1: config 0 has no interfaces?
[   68.780580][ T5237] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   68.789998][ T5237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.801224][ T5237] usb 4-1: Product: syz
[   68.812941][ T5237] usb 4-1: Manufacturer: syz
[   68.818801][    T9] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[   68.834716][ T5237] usb 4-1: SerialNumber: syz
[   68.852402][ T5237] usb 4-1: config 0 descriptor??
[   69.076515][ T5223] usb 4-1: USB disconnect, device number 3
[   69.191943][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.182027][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.978461][ T5237] usb 2-1: USB disconnect, device number 2
[   71.528638][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[   71.541000][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[   72.157836][ T5541] syzkaller0: entered allmulticast mode
[   72.224934][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   73.111772][    T9] usb 5-1: Using ep0 maxpacket: 32
[   73.161809][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.172925][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   73.191772][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   73.204700][    T9] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[   73.213850][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.242865][    T9] usb 5-1: config 0 descriptor??
[   74.058085][    T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input5
[   74.185797][    T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input6
[   74.288994][    T9] kye 0003:0458:5011.0002: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0
[   74.481905][ T5276] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   74.691922][ T5276] usb 1-1: config 0 has no interfaces?
[   74.801285][ T5276] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   74.904690][ T5276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.904918][ T5237] usb 5-1: USB disconnect, device number 2
[   74.928331][ T5276] usb 1-1: Product: syz
[   74.935332][ T5276] usb 1-1: Manufacturer: syz
[   74.940124][ T5276] usb 1-1: SerialNumber: syz
[   74.989483][ T5276] usb 1-1: config 0 descriptor??
[   75.107649][ T5568] nbd: must specify a device to reconfigure
[   75.252811][    T9] usb 1-1: USB disconnect, device number 4
[   75.609305][ T5578] Zero length message leads to an empty skb
[   75.635263][ T5237] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   75.821974][ T5237] usb 3-1: Using ep0 maxpacket: 32
[   75.835123][ T5237] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8
[   75.849843][ T5237] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024
[   75.865264][ T5237] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   75.884611][ T5237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.910105][ T5237] hub 3-1:4.0: USB hub found
[   76.112095][ T5237] hub 3-1:4.0: 2 ports detected
[   76.120808][ T5237] usb 3-1: selecting invalid altsetting 1
[   76.130697][ T5237] hub 3-1:4.0: Using single TT (err -22)
[   76.317811][ T5237] hub 3-1:4.0: hub_hub_status failed (err = -71)
[   76.328958][ T5237] hub 3-1:4.0: config failed, can't get hub status (err -71)
[   76.385048][ T5237] usb 3-1: USB disconnect, device number 3
[   76.647348][    T8] cfg80211: failed to load regulatory.db
[   78.949454][ T5623] syzkaller0: entered allmulticast mode
[   80.641930][ T5273] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   80.841890][ T5273] usb 5-1: Using ep0 maxpacket: 8
[   80.875005][ T5273] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   80.919916][ T5273] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   80.971764][ T5273] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   80.987070][ T5273] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   81.004960][ T5273] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   81.029784][ T5273] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   81.048578][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.271112][ T5273] usb 5-1: GET_CAPABILITIES returned 0
[   81.283515][ T5273] usbtmc 5-1:16.0: can't read capabilities
[   81.484641][   T25] usb 5-1: USB disconnect, device number 3
[   84.331775][ T5237] usb 4-1: new low-speed USB device number 4 using dummy_hcd
[   84.504893][ T5237] usb 4-1: unable to get BOS descriptor or descriptor too short
[   84.522924][ T5237] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 64, setting to 8
[   84.551754][ T5237] usb 4-1: config 1 interface 0 has no altsetting 0
[   84.573491][ T5237] usb 4-1: string descriptor 0 read error: -22
[   84.579960][ T5237] usb 4-1: New USB device found, idVendor=05ac, idProduct=027e, bcdDevice= 0.40
[   84.609836][ T5237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.669895][ T5681] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   84.911462][ T5237] usbhid 4-1:1.0: can't add hid device: -71
[   84.921837][ T5237] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[   84.974037][ T5237] usb 4-1: USB disconnect, device number 4
[   85.350133][ T5700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.134'.
[   85.362217][    T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   85.513476][    T8] usb 2-1: Using ep0 maxpacket: 8
[   85.654765][    T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[   85.691841][    T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   86.322947][    T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   86.338815][    T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   86.556681][    T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   86.575112][    T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   86.584851][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.944411][    T8] usb 2-1: usb_control_msg returned -71
[   87.589759][    T8] usbtmc 2-1:16.0: can't read capabilities
[   87.602425][    T8] usb 2-1: USB disconnect, device number 3
[   88.399113][ T5720] syzkaller0: entered allmulticast mode
[   88.433755][ T5729] vlan2: entered promiscuous mode
[   88.438947][ T5729] vlan2: entered allmulticast mode
[   88.582636][ T5271] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   88.746536][ T5271] usb 4-1: Using ep0 maxpacket: 32
[   88.755338][ T5271] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8
[   88.766706][ T5271] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024
[   88.778114][ T5271] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   88.787264][ T5271] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.807536][ T5271] hub 4-1:4.0: USB hub found
[   89.018258][ T5271] hub 4-1:4.0: config failed, can't read hub descriptor (err -22)
[   89.052535][ T5271] usb 4-1: USB disconnect, device number 5
[   89.981275][ T5276] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[   90.220540][ T5276] usb 4-1: unable to get BOS descriptor or descriptor too short
[   90.234165][ T5276] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 64, setting to 8
[   90.245020][ T5276] usb 4-1: config 1 interface 0 has no altsetting 0
[   90.557424][ T5276] usb 4-1: string descriptor 0 read error: -22
[   90.572283][ T5276] usb 4-1: New USB device found, idVendor=05ac, idProduct=027e, bcdDevice= 0.40
[   90.582530][ T5276] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.046745][ T5739] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   91.127879][ T5764] process 'syz.2.156' launched './file1' with NULL argv: empty string added
[   91.231765][ T5271] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   91.266358][ T5276] usbhid 4-1:1.0: can't add hid device: -71
[   91.272543][ T5276] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[   91.292223][ T5276] usb 4-1: USB disconnect, device number 6
[   91.387539][ T5271] usb 5-1: Using ep0 maxpacket: 8
[   91.394670][ T5271] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   91.406854][ T5271] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   91.416975][ T5271] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   91.433904][ T5271] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   91.446455][ T5271] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   91.461454][ T5271] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   91.475080][ T5271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.531850][   T25] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   91.694204][   T25] usb 3-1: unable to get BOS descriptor or descriptor too short
[   91.697324][ T5271] usb 5-1: usb_control_msg returned -71
[   91.714281][   T25] usb 3-1: not running at top speed; connect to a high speed hub
[   91.716005][ T5271] usbtmc 5-1:16.0: can't read capabilities
[   91.738532][   T25] usb 3-1: config 219 has 1 interface, different from the descriptor's value: 2
[   91.743525][ T5271] usb 5-1: USB disconnect, device number 4
[   91.759642][   T25] usb 3-1: config 219 interface 0 has no altsetting 0
[   91.789468][   T25] usb 3-1: config 219 interface 0 has no altsetting 1
[   91.842307][   T25] usb 3-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[   91.871176][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.902735][   T25] usb 3-1: Manufacturer: ࠔ
[   91.907383][   T25] usb 3-1: SerialNumber: syz
[   92.127634][ T5780] syzkaller0: entered allmulticast mode
[   92.250601][   T25] usb 3-1: selecting invalid altsetting 0
[   92.284302][   T25] usb 3-1: selecting invalid altsetting 0
[   92.645761][   T25] usb 3-1: USB disconnect, device number 4
[   92.726615][ T5648] udevd[5648]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   93.535451][ T5801] hub 2-0:1.0: USB hub found
[   93.541935][ T5801] hub 2-0:1.0: 1 port detected
[   95.711813][    T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   95.781815][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   95.864117][    T8] usb 1-1: Using ep0 maxpacket: 8
[   95.871103][    T8] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[   95.885092][    T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   95.897631][    T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   95.907541][    T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   95.919814][    T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   95.935277][    T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   95.944442][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.952642][    T9] usb 3-1: Using ep0 maxpacket: 16
[   95.959270][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.971272][    T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   95.996066][    T9] usb 3-1: New USB device found, idVendor=0b97, idProduct=172a, bcdDevice=f7.f4
[   96.006963][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.015758][    T9] usb 3-1: Product: syz
[   96.020016][    T9] usb 3-1: Manufacturer: syz
[   96.025127][    T9] usb 3-1: SerialNumber: syz
[   96.033925][    T9] usb 3-1: config 0 descriptor??
[   96.198661][    T8] usb 1-1: usb_control_msg returned -71
[   96.206924][    T8] usbtmc 1-1:16.0: can't read capabilities
[   96.225828][    T8] usb 1-1: USB disconnect, device number 5
[   96.562716][ T5829] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   98.552044][   T29] audit: type=1326 audit(1727980811.068:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5840 comm="syz.3.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92cab7dff9 code=0x7ffc0000
[   98.576664][    T9] usb 3-1: USB disconnect, device number 5
[   98.598766][   T29] audit: type=1326 audit(1727980811.098:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5840 comm="syz.3.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92cab7dff9 code=0x7ffc0000
[   98.862135][   T29] audit: type=1326 audit(1727980811.098:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5840 comm="syz.3.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92cab7dff9 code=0x7ffc0000
[   99.246598][   T29] audit: type=1326 audit(1727980811.098:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5840 comm="syz.3.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92cab7dff9 code=0x7ffc0000
[   99.548870][   T29] audit: type=1326 audit(1727980811.098:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5840 comm="syz.3.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92cab7dff9 code=0x7ffc0000
[  100.713508][ T5884] hub 2-0:1.0: USB hub found
[  100.718574][ T5884] hub 2-0:1.0: 1 port detected
[  101.311762][   T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  101.505411][   T25] usb 5-1: Using ep0 maxpacket: 16
[  101.515994][   T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  101.530727][   T25] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  101.568707][   T25] usb 5-1: New USB device found, idVendor=0b97, idProduct=172a, bcdDevice=f7.f4
[  101.578643][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.591860][   T25] usb 5-1: Product: syz
[  101.602862][   T25] usb 5-1: Manufacturer: syz
[  101.612197][   T25] usb 5-1: SerialNumber: syz
[  101.811368][   T25] usb 5-1: config 0 descriptor??
[  103.200948][ T5918] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  104.243828][ T5927] syzkaller0: entered allmulticast mode
[  104.512388][    T9] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  104.683601][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  104.697709][    T9] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  104.716003][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[  104.735211][    T9] usb 2-1: string descriptor 0 read error: -22
[  104.748216][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=027e, bcdDevice= 0.40
[  104.763364][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.806686][ T5929] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  104.927681][ T5271] usb 5-1: USB disconnect, device number 5
[  105.031150][    T9] usbhid 2-1:1.0: can't add hid device: -71
[  105.037743][    T9] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  105.048898][    T9] usb 2-1: USB disconnect, device number 4
[  107.577629][ T5968] hub 2-0:1.0: USB hub found
[  107.583291][ T5968] hub 2-0:1.0: 1 port detected
[  108.872453][ T5979] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.222'.
[  110.273657][ T5954] netdevsim netdevsim3: Firmware load for './cgroup/../file0' refused, path contains '..' component
[  111.942277][    T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  112.376489][ T6021] binder: 6018:6021 ioctl c0306201 20000240 returned -22
[  112.656690][ T5271] ==================================================================
[  112.664792][ T5271] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x140
[  112.673945][ T5271] Read of size 8 at addr ffff888029762988 by task kworker/0:4/5271
[  112.681843][ T5271] 
[  112.684183][ T5271] CPU: 0 UID: 0 PID: 5271 Comm: kworker/0:4 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[  112.694968][ T5271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  112.705042][ T5271] Workqueue: events binder_deferred_func
[  112.710706][ T5271] Call Trace:
[  112.713984][ T5271]  <TASK>
[  112.716904][ T5271]  dump_stack_lvl+0x241/0x360
[  112.721573][ T5271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.726757][ T5271]  ? __pfx__printk+0x10/0x10
[  112.731347][ T5271]  ? _printk+0xd5/0x120
[  112.735495][ T5271]  ? __virt_addr_valid+0x183/0x530
[  112.740594][ T5271]  ? __virt_addr_valid+0x183/0x530
[  112.745695][ T5271]  print_report+0x169/0x550
[  112.750202][ T5271]  ? __virt_addr_valid+0x183/0x530
[  112.755308][ T5271]  ? __virt_addr_valid+0x183/0x530
[  112.760406][ T5271]  ? __virt_addr_valid+0x45f/0x530
[  112.765510][ T5271]  ? __phys_addr+0xba/0x170
[  112.770007][ T5271]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  112.776332][ T5271]  kasan_report+0x143/0x180
[  112.780851][ T5271]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  112.787174][ T5271]  __list_del_entry_valid_or_report+0x2f/0x140
[  112.793322][ T5271]  binder_release_work+0xc7/0x480
[  112.798333][ T5271]  binder_deferred_func+0x1275/0x1460
[  112.803693][ T5271]  ? process_scheduled_works+0x976/0x1850
[  112.809401][ T5271]  process_scheduled_works+0xa63/0x1850
[  112.814946][ T5271]  ? __pfx_process_scheduled_works+0x10/0x10
[  112.820917][ T5271]  ? assign_work+0x364/0x3d0
[  112.825497][ T5271]  worker_thread+0x870/0xd30
[  112.830075][ T5271]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  112.835956][ T5271]  ? __kthread_parkme+0x169/0x1d0
[  112.840971][ T5271]  ? __pfx_worker_thread+0x10/0x10
[  112.846074][ T5271]  kthread+0x2f0/0x390
[  112.850126][ T5271]  ? __pfx_worker_thread+0x10/0x10
[  112.855225][ T5271]  ? __pfx_kthread+0x10/0x10
[  112.859796][ T5271]  ret_from_fork+0x4b/0x80
[  112.864208][ T5271]  ? __pfx_kthread+0x10/0x10
[  112.868783][ T5271]  ret_from_fork_asm+0x1a/0x30
[  112.873542][ T5271]  </TASK>
[  112.876543][ T5271] 
[  112.878846][ T5271] Allocated by task 6023:
[  112.883151][ T5271]  kasan_save_track+0x3f/0x80
[  112.887819][ T5271]  __kasan_kmalloc+0x98/0xb0
[  112.892396][ T5271]  __kmalloc_cache_noprof+0x19c/0x2c0
[  112.897749][ T5271]  binder_ioctl_write_read+0xe7f/0xb560
[  112.903281][ T5271]  binder_ioctl+0x436/0x1cc0
[  112.907859][ T5271]  __se_sys_ioctl+0xf9/0x170
[  112.912436][ T5271]  do_syscall_64+0xf3/0x230
[  112.916921][ T5271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.922800][ T5271] 
[  112.925103][ T5271] Freed by task 5271:
[  112.929061][ T5271]  kasan_save_track+0x3f/0x80
[  112.933723][ T5271]  kasan_save_free_info+0x40/0x50
[  112.938730][ T5271]  __kasan_slab_free+0x59/0x70
[  112.943482][ T5271]  kfree+0x1a0/0x440
[  112.947358][ T5271]  binder_deferred_func+0x11df/0x1460
[  112.952714][ T5271]  process_scheduled_works+0xa63/0x1850
[  112.958244][ T5271]  worker_thread+0x870/0xd30
[  112.962822][ T5271]  kthread+0x2f0/0x390
[  112.966879][ T5271]  ret_from_fork+0x4b/0x80
[  112.971285][ T5271]  ret_from_fork_asm+0x1a/0x30
[  112.976038][ T5271] 
[  112.978345][ T5271] The buggy address belongs to the object at ffff888029762980
[  112.978345][ T5271]  which belongs to the cache kmalloc-64 of size 64
[  112.992221][ T5271] The buggy address is located 8 bytes inside of
[  112.992221][ T5271]  freed 64-byte region [ffff888029762980, ffff8880297629c0)
[  113.005752][ T5271] 
[  113.008070][ T5271] The buggy address belongs to the physical page:
[  113.014484][ T5271] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29762
[  113.023234][ T5271] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  113.030774][ T5271] page_type: f5(slab)
[  113.034744][ T5271] raw: 00fff00000000000 ffff88801ac418c0 0000000000000000 dead000000000001
[  113.043312][ T5271] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[  113.051875][ T5271] page dumped because: kasan: bad access detected
[  113.058276][ T5271] page_owner tracks the page as allocated
[  113.063971][ T5271] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 147, tgid 147 (kworker/u8:5), ts 56929291870, free_ts 56636932963
[  113.083080][ T5271]  post_alloc_hook+0x1f3/0x230
[  113.087839][ T5271]  get_page_from_freelist+0x3039/0x3180
[  113.093373][ T5271]  __alloc_pages_noprof+0x256/0x6c0
[  113.098555][ T5271]  alloc_pages_mpol_noprof+0x3e8/0x680
[  113.104009][ T5271]  alloc_slab_page+0x6a/0x120
[  113.108672][ T5271]  allocate_slab+0x5a/0x2f0
[  113.113163][ T5271]  ___slab_alloc+0xcd1/0x14b0
[  113.117826][ T5271]  __slab_alloc+0x58/0xa0
[  113.122143][ T5271]  __kmalloc_node_track_caller_noprof+0x281/0x440
[  113.128543][ T5271]  kmemdup_noprof+0x2a/0x60
[  113.133033][ T5271]  sctp_addr_wq_mgmt+0x2f8/0x720
[  113.137955][ T5271]  sctp_inet6addr_event+0x566/0x730
[  113.143145][ T5271]  notifier_call_chain+0x19f/0x3e0
[  113.148246][ T5271]  atomic_notifier_call_chain+0xdb/0x180
[  113.153864][ T5271]  ipv6_add_addr+0xde0/0x1090
[  113.158526][ T5271]  addrconf_add_linklocal+0x36c/0xa30
[  113.163884][ T5271] page last free pid 5235 tgid 5235 stack trace:
[  113.170198][ T5271]  free_unref_page+0xcd0/0xf00
[  113.174958][ T5271]  __slab_free+0x31b/0x3d0
[  113.179365][ T5271]  qlist_free_all+0x9a/0x140
[  113.183941][ T5271]  kasan_quarantine_reduce+0x14f/0x170
[  113.189405][ T5271]  __kasan_slab_alloc+0x23/0x80
[  113.194242][ T5271]  __kmalloc_noprof+0x1a6/0x400
[  113.199075][ T5271]  fib_create_info+0xa49/0x24e0
[  113.203909][ T5271]  fib_table_insert+0x1f6/0x1f30
[  113.208830][ T5271]  fib_magic+0x3d8/0x620
[  113.213059][ T5271]  fib_add_ifaddr+0x14c/0x5e0
[  113.217724][ T5271]  fib_inetaddr_event+0x167/0x1f0
[  113.222734][ T5271]  notifier_call_chain+0x19f/0x3e0
[  113.227832][ T5271]  blocking_notifier_call_chain+0x69/0x90
[  113.233538][ T5271]  __inet_insert_ifa+0x9d4/0xc30
[  113.238461][ T5271]  inet_rtm_newaddr+0xc15/0x1b20
[  113.243384][ T5271]  rtnetlink_rcv_msg+0x73f/0xcf0
[  113.248309][ T5271] 
[  113.250615][ T5271] Memory state around the buggy address:
[  113.256222][ T5271]  ffff888029762880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  113.264267][ T5271]  ffff888029762900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  113.272311][ T5271] >ffff888029762980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  113.280354][ T5271]                       ^
[  113.284662][ T5271]  ffff888029762a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  113.292704][ T5271]  ffff888029762a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  113.300744][ T5271] ==================================================================
[  113.309334][ T5271] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  113.316544][ T5271] CPU: 0 UID: 0 PID: 5271 Comm: kworker/0:4 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[  113.327313][ T5271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  113.337377][ T5271] Workqueue: events binder_deferred_func
[  113.343024][ T5271] Call Trace:
[  113.346286][ T5271]  <TASK>
[  113.349193][ T5271]  dump_stack_lvl+0x241/0x360
[  113.353853][ T5271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.359027][ T5271]  ? __pfx__printk+0x10/0x10
[  113.363602][ T5271]  ? vscnprintf+0x5d/0x90
[  113.367911][ T5271]  panic+0x349/0x880
[  113.371789][ T5271]  ? check_panic_on_warn+0x21/0xb0
[  113.376883][ T5271]  ? __pfx_panic+0x10/0x10
[  113.381281][ T5271]  ? mark_lock+0x9a/0x360
[  113.385590][ T5271]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  113.391464][ T5271]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  113.397336][ T5271]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  113.403642][ T5271]  ? print_report+0x502/0x550
[  113.408301][ T5271]  check_panic_on_warn+0x86/0xb0
[  113.413218][ T5271]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  113.419524][ T5271]  end_report+0x77/0x160
[  113.423750][ T5271]  kasan_report+0x154/0x180
[  113.428247][ T5271]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  113.434571][ T5271]  __list_del_entry_valid_or_report+0x2f/0x140
[  113.440706][ T5271]  binder_release_work+0xc7/0x480
[  113.445712][ T5271]  binder_deferred_func+0x1275/0x1460
[  113.451063][ T5271]  ? process_scheduled_works+0x976/0x1850
[  113.456764][ T5271]  process_scheduled_works+0xa63/0x1850
[  113.462296][ T5271]  ? __pfx_process_scheduled_works+0x10/0x10
[  113.468256][ T5271]  ? assign_work+0x364/0x3d0
[  113.472824][ T5271]  worker_thread+0x870/0xd30
[  113.477401][ T5271]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  113.483278][ T5271]  ? __kthread_parkme+0x169/0x1d0
[  113.488288][ T5271]  ? __pfx_worker_thread+0x10/0x10
[  113.493383][ T5271]  kthread+0x2f0/0x390
[  113.497429][ T5271]  ? __pfx_worker_thread+0x10/0x10
[  113.502536][ T5271]  ? __pfx_kthread+0x10/0x10
[  113.507105][ T5271]  ret_from_fork+0x4b/0x80
[  113.511517][ T5271]  ? __pfx_kthread+0x10/0x10
[  113.516084][ T5271]  ret_from_fork_asm+0x1a/0x30
[  113.520835][ T5271]  </TASK>
[  113.524077][ T5271] Kernel Offset: disabled
[  113.528387][ T5271] Rebooting in 86400 seconds..