last executing test programs:

8m30.351003457s ago: executing program 1 (id=97):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_open_dev$sndctrl(&(0x7f0000000780), 0x0, 0x140)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
r4 = syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x0, 0x3}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1e0, 0x20a, 0x278, 0x1e0, 0x278, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @empty, [], [], 'macvtap0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@private2, @local, [], [], 'vlan0\x00', 'ip6erspan0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008504"])

8m29.988015697s ago: executing program 1 (id=98):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000140)=ANY=[@ANYBLOB="0401000016000104000000000000050fe000000200"/64, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r1], 0x104}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="400000d386e2000000001c000000008000000000000000", @ANYRES32=0x0, @ANYBLOB="115a0100000000002000128008000100687372001400028008000200", @ANYRES32=r1, @ANYBLOB="080001", @ANYRES32=r4, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x44)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)
add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000c40)='encrypted\x00', &(0x7f0000000c80)={'syz', 0x0}, &(0x7f0000000cc0)='[,\v]@+\x00', 0x0)

8m29.85218225s ago: executing program 1 (id=99):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000034000000090a010400000000000000000100000008000a40000000000900020073797a320000000009"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x40000c0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, 0x1411, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x28}]}, 0x18}, 0x1, 0x0, 0x0, 0x20080}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x884)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000002e0000001600ffff8000fdff95000000000000006884d1d9fe4c9ce4c8b7a8e93bb957f5ac915f7683352dbbdb85d8965f40a9372a85319dc353a5b7b7bf0365836f54ae60375c46827cb4d9f8a15bddba79096be7d495c19b3afaa67d2aea409ea69c67cc026d1f0d509b0055e7a371960c7eef346408d031b1249592ccc129485120730762afd7006f54bd541f8be0902162f15e7539ad6623a985526464b4539a3c1d1514fe832e9c47f1c53ca2614ff008000000000000009a86746c75adf63fe215c2b2ca38e4f62f682ef561ee6352c07f000000000000008f31663bd222d47fd495ad27124c6b0ccd410400000000000000eb2b31bb3d0bb8aebfc7ee0200000000000000f0c100e80c53d628404a42176fb1462bddb96075082e486e0d4907d5764185ce2ebfc911064c1f41425fa8fa3eb9848fb36c85ad4e23b580773e82a135107a73be0d78b5eced63b5e0ad7d6b97b8aedf0f33bc79f3a07034b54afbe4ca46e0f64222976090809c7912fa0c112ac3d25141472a7ba550d62c34abc4915fa6cbf0da8d9c3139a6d5b3c8b371c4c25c53350edc8521676bbec5ad4ed0b7eca73574fddbfbccfbed5c9da52fe13fe0d91ce27382ae93353af09acc490c6ef108867e79b444d8a46e20fb2b28a3f0cf39596c20df5e5d5846ba2db1d14e862be6327f22aa774b4dc16e7dec7093d83f211c51df5c170765dbc048f655e6d7ad1134837556d1f8f88b59ca5a26e5908f04ed3f4ec22b3d6e41e9a703bff1f2b34bdeed501a4762605edc7bcc2fcdd2fff4f65db191e5e4b8b33cc093c5e2ec369276c40aaaebd2d5b095bd3d636aa74546968b7b2f41818d03a4a6058a19ad6d96f085f057efdb575b07d3a610fb1bb82a9ce8cf39d6bac2024eb1be3c6f2a24c251728aaf71dcc7f3d01493587a880ef951461a53040a288871ae85b3b06e9ede18b1d9c18e2b100c7943c96723e4a190d3bab1fc9ebeef1024986c494bdfcee8b8a0fbb4e5b807fd27caf63eda9dfcc0d64ba6a74406aa0e1c0b0b7bb1e22fd0c910b03d52f5dc675bfb690d41edbb776e4dc22af46bf5f1edaa5a487b9f1dd0b135de877fd837dfd2"], &(0x7f0000000880)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020300001000000000000000fdffffff05000600000000000a0000000000000000000000000000000000000000000001000000000000000002000100000000000000000c0200006005000500000000000a004e220000000000000000a07ea5270000000000000001000000000000000002001300f700000028bd70003e02"], 0x80}, 0x1, 0x7}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x5a, 0x1}, 0x14}}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000000c0)=0x7, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x2, 0x6, 0x201, 0x0, 0x0, {0xfc9a4b6d3fcd6713, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xf}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40041)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x88, 0x64}, [@call={0x45}]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x64)

8m28.9485654s ago: executing program 1 (id=101):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
memfd_create(0x0, 0x2)
ioperm(0x8, 0xbe, 0x5e)
msync(&(0x7f0000954000/0x4000)=nil, 0x4000, 0x7)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
ppoll(&(0x7f0000000000)=[{}, {}], 0x2, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, @void}, 0x10)
recvmmsg(r2, 0x0, 0x0, 0x10002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2, 0xd59f83, 0x4, 0x5, 0xb, 0x9, 0x8, 0x722, 0x6, 0x7, 0x8, 0x8da04cae68c6f21, 0x0, {0xffff945a, 0x1}, 0x7, 0x6}})

8m27.897901556s ago: executing program 1 (id=107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xf, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x6, 0x0, 0x0, 0x2}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000240)=0x5)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0)

8m25.156569236s ago: executing program 1 (id=109):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000034000000090a010400000000000000000100000008000a40000000000900020073797a320000000009"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x40000c0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, 0x1411, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x28}]}, 0x18}, 0x1, 0x0, 0x0, 0x20080}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x884)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000002e0000001600ffff8000fdff95000000000000006884d1d9fe4c9ce4c8b7a8e93bb957f5ac915f7683352dbbdb85d8965f40a9372a85319dc353a5b7b7bf0365836f54ae60375c46827cb4d9f8a15bddba79096be7d495c19b3afaa67d2aea409ea69c67cc026d1f0d509b0055e7a371960c7eef346408d031b1249592ccc129485120730762afd7006f54bd541f8be0902162f15e7539ad6623a985526464b4539a3c1d1514fe832e9c47f1c53ca2614ff008000000000000009a86746c75adf63fe215c2b2ca38e4f62f682ef561ee6352c07f000000000000008f31663bd222d47fd495ad27124c6b0ccd410400000000000000eb2b31bb3d0bb8aebfc7ee0200000000000000f0c100e80c53d628404a42176fb1462bddb96075082e486e0d4907d5764185ce2ebfc911064c1f41425fa8fa3eb9848fb36c85ad4e23b580773e82a135107a73be0d78b5eced63b5e0ad7d6b97b8aedf0f33bc79f3a07034b54afbe4ca46e0f64222976090809c7912fa0c112ac3d25141472a7ba550d62c34abc4915fa6cbf0da8d9c3139a6d5b3c8b371c4c25c53350edc8521676bbec5ad4ed0b7eca73574fddbfbccfbed5c9da52fe13fe0d91ce27382ae93353af09acc490c6ef108867e79b444d8a46e20fb2b28a3f0cf39596c20df5e5d5846ba2db1d14e862be6327f22aa774b4dc16e7dec7093d83f211c51df5c170765dbc048f655e6d7ad1134837556d1f8f88b59ca5a26e5908f04ed3f4ec22b3d6e41e9a703bff1f2b34bdeed501a4762605edc7bcc2fcdd2fff4f65db191e5e4b8b33cc093c5e2ec369276c40aaaebd2d5b095bd3d636aa74546968b7b2f41818d03a4a6058a19ad6d96f085f057efdb575b07d3a610fb1bb82a9ce8cf39d6bac2024eb1be3c6f2a24c251728aaf71dcc7f3d01493587a880ef951461a53040a288871ae85b3b06e9ede18b1d9c18e2b100c7943c96723e4a190d3bab1fc9ebeef1024986c494bdfcee8b8a0fbb4e5b807fd27caf63eda9dfcc0d64ba6a74406aa0e1c0b0b7bb1e22fd0c910b03d52f5dc675bfb690d41edbb776e4dc22af46bf5f1edaa5a487b9f1dd0b135de877fd837dfd2"], &(0x7f0000000880)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020300001000000000000000fdffffff05000600000000000a0000000000000000000000000000000000000000000001000000000000000002000100000000000000000c0200006005000500000000000a004e220000000000000000a07ea5270000000000000001000000000000000002001300f700000028bd70003e02"], 0x80}, 0x1, 0x7}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x5a, 0x1}, 0x14}}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000000c0)=0x7, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x2, 0x6, 0x201, 0x0, 0x0, {0xfc9a4b6d3fcd6713, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xf}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40041)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x88, 0x64}, [@call={0x45}]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x64)

8m9.773467659s ago: executing program 32 (id=109):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000034000000090a010400000000000000000100000008000a40000000000900020073797a320000000009"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x40000c0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, 0x1411, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x28}]}, 0x18}, 0x1, 0x0, 0x0, 0x20080}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x884)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000002e0000001600ffff8000fdff95000000000000006884d1d9fe4c9ce4c8b7a8e93bb957f5ac915f7683352dbbdb85d8965f40a9372a85319dc353a5b7b7bf0365836f54ae60375c46827cb4d9f8a15bddba79096be7d495c19b3afaa67d2aea409ea69c67cc026d1f0d509b0055e7a371960c7eef346408d031b1249592ccc129485120730762afd7006f54bd541f8be0902162f15e7539ad6623a985526464b4539a3c1d1514fe832e9c47f1c53ca2614ff008000000000000009a86746c75adf63fe215c2b2ca38e4f62f682ef561ee6352c07f000000000000008f31663bd222d47fd495ad27124c6b0ccd410400000000000000eb2b31bb3d0bb8aebfc7ee0200000000000000f0c100e80c53d628404a42176fb1462bddb96075082e486e0d4907d5764185ce2ebfc911064c1f41425fa8fa3eb9848fb36c85ad4e23b580773e82a135107a73be0d78b5eced63b5e0ad7d6b97b8aedf0f33bc79f3a07034b54afbe4ca46e0f64222976090809c7912fa0c112ac3d25141472a7ba550d62c34abc4915fa6cbf0da8d9c3139a6d5b3c8b371c4c25c53350edc8521676bbec5ad4ed0b7eca73574fddbfbccfbed5c9da52fe13fe0d91ce27382ae93353af09acc490c6ef108867e79b444d8a46e20fb2b28a3f0cf39596c20df5e5d5846ba2db1d14e862be6327f22aa774b4dc16e7dec7093d83f211c51df5c170765dbc048f655e6d7ad1134837556d1f8f88b59ca5a26e5908f04ed3f4ec22b3d6e41e9a703bff1f2b34bdeed501a4762605edc7bcc2fcdd2fff4f65db191e5e4b8b33cc093c5e2ec369276c40aaaebd2d5b095bd3d636aa74546968b7b2f41818d03a4a6058a19ad6d96f085f057efdb575b07d3a610fb1bb82a9ce8cf39d6bac2024eb1be3c6f2a24c251728aaf71dcc7f3d01493587a880ef951461a53040a288871ae85b3b06e9ede18b1d9c18e2b100c7943c96723e4a190d3bab1fc9ebeef1024986c494bdfcee8b8a0fbb4e5b807fd27caf63eda9dfcc0d64ba6a74406aa0e1c0b0b7bb1e22fd0c910b03d52f5dc675bfb690d41edbb776e4dc22af46bf5f1edaa5a487b9f1dd0b135de877fd837dfd2"], &(0x7f0000000880)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020300001000000000000000fdffffff05000600000000000a0000000000000000000000000000000000000000000001000000000000000002000100000000000000000c0200006005000500000000000a004e220000000000000000a07ea5270000000000000001000000000000000002001300f700000028bd70003e02"], 0x80}, 0x1, 0x7}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x5a, 0x1}, 0x14}}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000000c0)=0x7, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x2, 0x6, 0x201, 0x0, 0x0, {0xfc9a4b6d3fcd6713, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xf}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40041)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x88, 0x64}, [@call={0x45}]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x64)

6m35.896634156s ago: executing program 3 (id=385):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$inet6(0xa, 0x3, 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xc8fc1c6b21dc91e4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x2a800c0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
syz_open_dev$mouse(&(0x7f0000000080), 0x6, 0x240a03)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0x0)
ftruncate(r3, 0x2008002)
r4 = syz_open_procfs(0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_fuse_handle_req(r4, 0x0, 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x80000001)
gettid()
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x349241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

6m30.932621187s ago: executing program 3 (id=396):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a2e35ec63a078e61ec74648edcbe0da895583ae57d58b0c8a7db6152df4185f569de74379f34a02d0593e10189dcaf00"], 0xa9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socket$inet(0x2, 0x5, 0x7)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
fchdir(r2)
close(r2)
mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='nilfs2\x00', 0x0, 0x0)

6m26.019428806s ago: executing program 3 (id=408):
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x5fb5, 0x0, 0xfffffffd}, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000000)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_io_uring_setup(0x5bbd, &(0x7f00000002c0)={0x0, 0xc627, 0x2}, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000feb000/0x14000)=nil, 0x14000, 0x0, 0x107030, 0xffffffffffffffff, 0x29a11000)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x9, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(r3, 0x0, 0x0, 0x0, 0xfff)
symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
open(0x0, 0x1c1242, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
lseek(r4, 0xae7e, 0x0)

6m24.981983099s ago: executing program 3 (id=410):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x8142, 0x0)
r1 = dup(r0)
ioctl$BLKTRACESTART(r1, 0x1274, 0x0) (fail_nth: 2)

6m23.956916268s ago: executing program 3 (id=412):
syz_usb_connect(0x3, 0x1e4, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b1a4c208cc043325634b0102030109028c0101000000000904260007569ffb0009050e"], 0x0)
unshare(0x8000400)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_hci(r0, 0x0, 0x0)

6m21.105759541s ago: executing program 3 (id=422):
pipe(0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x400300, 0x0)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r2, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x3}}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = userfaultfd(0x801)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600))
syz_io_uring_submit(r4, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000280), 0xb, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000340)={0x0, 0x7, 0x0, 0xc6, 0x0, [], [0xfd, 0x5, 0x40, 0x10], [0x0, 0x0, 0x400000a, 0xfffffff6], [0x80000000000bf0, 0x8000000000000, 0xf95000400000, 0x8000]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
r8 = socket$inet(0x2, 0x80003, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r8, 0x0, 0x80, &(0x7f0000000140)=@broute={'broute\x00', 0x20, 0x2, 0x330, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0100000019000000000000000000726f7365300000000000000000000000726f736530000000cc000000000000007465616d5f736c6176655f310000000064756d6d7930000000000000000000000180c2000000000000000000ffffffffffff0000000000000000d00000000801000038010000706b74747970650000000000000000000000000000000000000000000000000008000000000000000000000000000000706b747479706500000000000000000000000000000000000000000000000000080000000000000000000000000000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000ddffffff00000000726564697265637400000000396c27db39b2eedb0000000000000000000000000800000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000030000000000000080357665746831000000000000000000000074756e6c30000000000000000000000074756e6c300000000005000000000000006c616e300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa0000000000000000000001000000010000380100006367726f757000000000000000000000000000000000000000000000000000000800000000000000000000000000000061727000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000007f000001000000f072ce35f34121000000000000000000000000000000000000eaffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fdffffff00000000"]}, 0x3a8)

6m5.307885872s ago: executing program 33 (id=422):
pipe(0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x400300, 0x0)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r2, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x3}}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = userfaultfd(0x801)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600))
syz_io_uring_submit(r4, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000280), 0xb, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000340)={0x0, 0x7, 0x0, 0xc6, 0x0, [], [0xfd, 0x5, 0x40, 0x10], [0x0, 0x0, 0x400000a, 0xfffffff6], [0x80000000000bf0, 0x8000000000000, 0xf95000400000, 0x8000]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
r8 = socket$inet(0x2, 0x80003, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r8, 0x0, 0x80, &(0x7f0000000140)=@broute={'broute\x00', 0x20, 0x2, 0x330, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0100000019000000000000000000726f7365300000000000000000000000726f736530000000cc000000000000007465616d5f736c6176655f310000000064756d6d7930000000000000000000000180c2000000000000000000ffffffffffff0000000000000000d00000000801000038010000706b74747970650000000000000000000000000000000000000000000000000008000000000000000000000000000000706b747479706500000000000000000000000000000000000000000000000000080000000000000000000000000000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000ddffffff00000000726564697265637400000000396c27db39b2eedb0000000000000000000000000800000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000030000000000000080357665746831000000000000000000000074756e6c30000000000000000000000074756e6c300000000005000000000000006c616e300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa0000000000000000000001000000010000380100006367726f757000000000000000000000000000000000000000000000000000000800000000000000000000000000000061727000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000007f000001000000f072ce35f34121000000000000000000000000000000000000eaffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fdffffff00000000"]}, 0x3a8)

3m14.992825063s ago: executing program 4 (id=894):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r1, 0x4b49, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000001e000085000000820000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003})
ioctl$SIOCGIFHWADDR(r6, 0x8927, &(0x7f00000000c0)={'dvmrp0\x00'})

3m12.696313467s ago: executing program 4 (id=898):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x1, 0xfffff038}, {0x50, 0x0, 0x9, 0x3}, {0x6}]}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'veth1_to_team\x00', @link_local})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(r1)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e22, @broadcast}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r4, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r4, &(0x7f0000000100), 0x0, 0x2}, 0x20)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x32, &(0x7f00000048c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc4}, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x11, 0x24, 0x69, 0x0, 0x9, 0x21, 0x0, @rand_addr=0x64010102, @private=0xa010100}, {{0x4e24, 0x4e23, 0x4, 0x1, 0x7, 0x0, 0x0, 0x4, 0x6, "476701", 0x7}}}}}}, 0x0)

3m9.245289228s ago: executing program 4 (id=905):
syz_open_dev$usbfs(&(0x7f00000003c0), 0x77, 0x101301)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b8920000000109029009020000000009"], 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x10}}, './file0\x00'})
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x0, 0x2, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x3, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]})
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="4c0100001e0001000000000000000000ac1e0001000000000000000000000000fe80000000000000442073d3000000aa000000002000"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000006c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffff7ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001060000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001f00030000000c0015005a07350001000000"], 0x14c}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)

3m3.702789937s ago: executing program 5 (id=921):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x138, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
r3 = syz_open_dev$sndctrl(&(0x7f00000002c0), 0x2000000000, 0x40000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r3, 0xc1485544, &(0x7f0000000040))
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
getcwd(0x0, 0x0)
r4 = syz_open_procfs(r0, &(0x7f0000000040)='status\x00')
syz_fuse_handle_req(r4, &(0x7f0000006cc0)="e5764a472ca256e4fa5b5c56951c8f08af5d99e71897669c71fa860cf20a75629af1256217099aca1bda14ba0aa9883f48db9ed5a33a3461dbad1b0cb88d915c13c46e3255dbcef87241d6e8bbdc0af465b5e10de7397890f60b7d673da3f4ada9fd0137de4362bb6075b0b60baa3480333acfd9bc4462c5a0ffb0c0db5d5ce6e5417030c6329e4e0668ccd1f4194092e759ed68ff784037033e0506fdcacd90c7f7ab82d418ff94dd32be27529b78f97f5a6e7617bec7306cc9907ced4a784a573da93140b49f73d9ad5d1058eac72ec68148d31397864a0b1050d28785a85a6acc3c646387d2566ff475585803538cb6d0d538505a48750034348a5e59b542c4c447b81e5bb821986f7b7ea2b5d484d0d015c4fe348942338c81fc84e5d3c9176dbfbfaff46d8ffdbe07755c44efdd2b07deae0312853736e0505a57c977334f43d0d7f6330924af8231eaf28da538745381d650ec1c2112eb5559aa618440bb5b32971e86cd5028035ebfe231b056206a13885da986a6ab7eb272f6a9ce00787c55e9d3e89895ccd3c3200b8a6f762c93b92bdea11733c02c07b42570e9eca34963c1e7df374283ab2cb95dfee7b22623cac2e4be2f09a5707b2df557f1e041296a3c830f4b01749e9996afbd9c29db8febca4aa67b541fca5b9a80231ff8f8da50db95870f39c717e14548248af8948ee0c56dd6f85f7d4f1fa3d979029130813ac8ea51d7736434346b387c02fa3b0620d6aa765e58af683dc7cb7e8b4bf4b53ceddc289e3dec9ff8ea5eededf4fbe3e2204b1a3f1f2a70563aa0db8ca938d23aab42570eb97a03e420f14d1e32b2ae3927c4fd58be2154e5bc8b6aca8aafbe9bad78a6d0177c6f42ea763969339d55424b2f84233f4aaf0f51ca58934b4845cc2a91f774a180bf38bc1b7fe917dc1652f924074a7343e7e07bae9de7823b9ac60e06ad9a89749715c3902f644fa284574bfa606f2d4e0113695d51ac90af285aa80647798f7f552786d72ad8251a11022780e5d4eb01255e74f40ca3826b4cbfb2fce8f482bdec9b50b3c1b50751e5424f53d5be1277cd1ddf0f15b452f04011b4de6d6ad5913b76713f527282eb9ff75187b281433df4b121b5b0c75a37e438608a4ae937060d7996b193ad52cc3d8850846273a94e3d718070064757c0374845a81d70ae139fc9af3df467437a0e0a8a058bcc0feeaf8d4379a690e3f7f96757827d1ff02e9dd287715fef9a5bc48399e102e804a4fe6cc7d04a0381a15c15f2409d1421fd52246b95b936be5327f4d03d172faa82d1198f8693b2385aadee482c2e2cfaf674d2d30953d65bd6bc7016fa22cead75c9f0bf24157020aad51c75d1c8b09830adc0f59a0da7ccfac3b0b7518dee240e32c81d30a62b50a170fbd510197ba1bfc4456aff6383d01624779e54131bb5aec4a0c1c09dae5951b5a62a2f8a1742bea3877adef6c8db75ba03f6730d770f460c686cc93032b4ab56db7a61d3b3f6e2d68b60de52daa2e922ae8207069f090261a7fab9d18ba52c1d191dd8949b3ac13082b9a4faffdce6a0fdb61ba07ceefd3242a228408598c4b4d7f5dbddfe3143221ac6bf7ca0cbe917d011cee0d5cf596c649e06fdabe45098b15fc27f3fd5a39ce9cab4bd3efe65837d600c7fbc3e91538dc54722636f918dd236274bd0aaad67f20adda5c565e793d4b24585ec4e4fdb315e3ed3de851a716ae8bcca394b1db7b467f88e490e75ed204cfaf507fb4740fe8b4e2d59f012c7ed42afc62e6ee446efe39c19bd0767f3691fdd5b8dbe89a040f407e7e6be6adc327d4bee9d8f4cc38731f024ec50dea800a18b9eb86643d10ce4cb8a867803d063093eec9df6656d924096a1554dc6ad7d5c5f35bfb51b404b7f6d82d545eea9d5ab6afb885cf59db15bbb6ed8dc8a6f6d6cf296a61308de0f91cf594def1df755db2385760d2973a381f49bc27138bb065ea75d203b25f543d07786d6d7b022785a5bb718dbdcd3021631b34f7722d9e835c235298e12151c59d1fc14fe36adc8257d7d2dd0dd5b02cabaae66dd7d9b18d8c2f45abe593baa6cb06d88bc5e4eeb573064761beb2163a2be2e6d39499d0b4ceaa5cfde49897e84b1fb0fea6a8ae061e90f16054e6cac934584ecac1706972a59de70b140fdd675764f5218b4553c964d095583335b744947de42bd7adaf22ca0199b12593d82ac4661449725fb1ed1693c36e91304c7a7f27357813bb388b5962c11ab282d8ac2e6c1f2f7bdc1838d75dbd67e7961ab4be3f052eb69664829bf85b13621965e72f86ac82992319a9cf70ad965b68f58ed889834c2aa20eec8e89a95bc1a92df6db2264f6ec7133567325b530212b05622225129c0fa5fa47f61fbc01b3d84cdbbe7bc597c953bf6c1c95e70eabe95cfc154d0d8fb9f3364e4c5fa6b2a0220fd2b0b3f472a925491f4b5c0259ee1730169e8503972d42f60b9380533d08750bf69a06913bed2fbfdcdcc2a7b727a33533242effa756ee8ebede0a64da858db32f3b6a9f37d3aea3dbf762a881e183308b41b3cb439ac8908811c3a57a45e65b9b21c25635c2fe4c3aff7da65b9c90ea47a3b906fba85464718c771387e29118f15d54b63694828f6377bc59bf5f1181027dca4c959eb27e060e9039a5f1fb955b332c9aebcc89be493185c15fdf9a9c74f96e5bba7d192d3263aaf701d36c37323780f1037930d2a2cb58591fa29acd2760e0873151c4570959df1106f435d2fc3a4f897186acf0a0f7be957b5b8efdf892abf99e4ec02a8e957707278c9ce279f1aa1c0f6f3f40e876a3b08959ea6a2f1c7ceb17fe599b33851d6fc4b93254379f0bf28e9954c8abc7151e110a38966f11defe13597bb30c003f6b98d88978c242f57ed3022360d686a0e762b035ba6eca21c86701953c2ffb4d0e9e259c29fb922a4f9138898e038e6925543c6c20777e18a5fadfa3a30ad55c6b8ae42489356764a7ada4565a73128dd7686ebd6a5d599c1f87a70e0534f16eb76dbf3c88e87772ebc7eaf27be2d693e86cdbb93029d9174872997bbc884adb46f6f3b7b560eb0da7ce0a2f0643c6271988321fd6a6597cf904beb1bc2c058c631b927b36fb938000031d79fd3e670746f89d0eea812b3f7e3007eb2f9ca952c1f794b1761d8f3f3e92b15869e9ff431d6280821bcaf374e636a16e1bdf721fff722287e135518163c78921b00e593a5d80efce94766cb197f224839ccebb7316c1f9471454eae766c76708e7cfa1f73e178235858e0f507528d63861bd363d639794c0087b12ce94719c5aa4778c0da6eca565b2c880a5b17cd42e852193e1962dd94862ba8e1f44831a8f708fdd8d03933e2967bd54571c0e8c2305288d87586cf621dc95c7e8d3f3264aea0ca799e098f0efb7ca9c42b686907b8a9da68c1e3e53274461ec3f4d1b60e5a6abf5f126d397ee0f6919e20950127ea092bad9af0c295b1133fb1fa39d974e1523d86f3bb23d238db4b5d025aeb59b7ffbce90ad38f4326a2dadc62b4ab9c62451126ab2a19221367f8bdae9abbbee8acd94f644e0cec7b4535bf4885f677400e727db3fa21cffbf5225e8c2c59bd03b09dd6a3141c6c2bacec5e6232e9f2534947d40ee7250e73fa700d475a58781878d46b91ecaa464af77282b5fe4581720e850e6c6cd720eff24e7fdd682cb278e3994ebd2502ef99d41d473244ac1acca4c36a1f2a0667fb784997c229e0ecd9b70bf3925ec1ca6ebaaa2c33a1e21fd099bd964fa1892b08096b7804fd588627ad549a62806352aeb49f4dbd3ff001e8f08f6dbe04aaa73aec27a822a1ccf03f08c08517c1af8111366ddc19fada67ce1c31092421db983a86ad01a974aabac8306929fdcfaeeb60c0527a1a800a1317e569fb6fd88f2245c3334f638b4b6665e7f2c6961b6594792218d3398f3cab22250f4be8e8700a57e1dc044f93701239016638ae6c21d53eb42d235ebe03f891e92111462de50b153e60e34263b09beb1dde74f488333d704bee63f67370de17b86c0541b9f4cb02fa2fc0e61f14273f6a3085068e945634440b65bc55fb48b35d763f27cc21eb37009f37c6548de6e6b75bf5d73ebe77ad4926bf03389a6e69d3d67fd40a821a224fb0b27ec005693aa3fc94cfc9ee8ab2ba3555bf1ec303cda06e2f092dd6be7f36befa648a81d953012fa9d09c9931d3e2cd1bf15449c3f93ce091bf4aa345fde77bde9c01bc0aba57f4a78ff383f96296043a40dcd9585a92aa07338ddeaa6809847ee28388c2bdf24d2ade550b0468648628211a99a5d124460533cf99458b0ac138683bb627b44dd3a93caa7d221d9792d63e2908516577885af4d13e5ab08a12307d4a17bbf84dd32ce5d5700cadf01bc297ed0013e1fd44899e0dab47a468099dfdb231588bf007d1544ea6701037b97746dd975535b1e7e37f285e8f4b56a297921513fef951341a5344384d97245f0269b047e02f2e8c6adcfc4d31721d566e1a5cb1b3e73d3f676c7e50cc1294d265b0c4427878c0b26800a7e9dd7d013912bdecd03be666ee2b540c1d70939c7df13f11a44e7d166c4fd3d60394a91c7a9044d141227b052f73f081141200a713af7f7f218ca478ed4448181e8c02ce0f093899620106af2d0d8896df8c5f075741bdd28571b34d5f0c2f89fc46f0900da9c9ed0bd9ad92aa5ec6e351ab7cf8e6da3242a38543e556f7ca1743b8a9cb983b4be8e4d082cea0862aa3bd9f1a03042db0875d2ea16248430575f8b6cfe03f7f4ee35465fad4c3daa404a22469bd3b422c3a5d537e9a3cf0bac559fd51ed3c090bb7efd0569cea9650a1fd9c4479790055960ea5e81a637a47394f4e8cf708a1651a4b32fd0da280f20f39be7d60804de18a3ac86b54428121614953c74155b885c5eb81e2a846b9f795fd1d218866f668b83484995da516f876f7557133d34345ccf78b06d90b438e924eb0ddcfdb7ec8df40aaf65284037d739b3762b15a926f85e95c2fa10cbd0d36a3d1463723cf28fb9c2fa175de373a5f555ec31d02bccc3fabd973e2f630a8c8bacf29beabfffd13b104158e2469a869294e92f7d682dcef4d5ddd388ce6eb4e10a64eae05d91725413e622dd6d313084d26a89e82e6b1394a1a20ee8c27981079611b56086199e888268a41d9f7a93e4a2e2e2bf6a37ee36112a15143789a38e77794e3c47b3313095448dff6de678ffbae2756a9f74b6d5107f2bb474850b845fc3ea7baa08f652e2d304197418e9d57de2686fd7dff13e3c6b9732597d0c8d15a8b80b99c951c1a2033c98cc6e155244974c420f80b7cb62dd5ce77f95a31c48f79d0353df38dac26ba9243e840dbc4c0ce343df6da7a9228e736baf181ce40adcc34170a56b2fd611de20a0d64f71320d2804ae0bbf937839690a1334358d0e9fb400e41cd718e29f0df31ca07ac5c64eba44ef0d13e362c09440114eabd7c2af6a6a75601fd7bf1d5ca7dd5fe09da13745db73d72792647ee8f3a5f6af295ad2d00df40b936aafd6780fbbcb194576af128ffd24fa5c135b8359f9fdbfbe9c626150528e62169a5f7f8490e90def090422d1f0f6417e38b22e8652181242e15b12b835a7ea89bf2693bfe4cbe486e15dd7e270883e4cb2901f41b3c4531c2c09c62c92ab85d666160f563e05c29c52347c88ac45384ed71bc1d5fdc67def268c2eec5768e1a219f483848be33aa7f508681729b583fc0a9345c1336f8799942214e821f801543fe7c2ab8dc52cb2107ef21ed9ccf4234df0a639b01a2621435a93876b399f07dd0e03ca699aa3aad421ccf84540ec4fc9402fb23bf5c555d3a34c72217d011e92d7e8e477e8786f5dedb503816dbeb5aab92e2888a0ca2da214b972ce0390fa9c7bccdc675bfbf5158ca30bcac7f650f1de05eb0a3846c6480289c28fce600a9d6c3dd9f480904497bbefd98e218347f46de84de345da1843e3f47063635a55645b9f9bb7829cf4ad7b434123593c9c3bce1f662975d37a9896be6dfc1f00b0a566adaecc57b8f5ff1eb9205480d1a6f08b2a46dfe1844a05a060b44bdd85cd93550b3fbc76c628c19bf6ce510e3e021145a8f81997679a6bdf841210101866cf0ebcc9ea2d34f58c0c91ecc813263dbfc72a1c188a42425ad88a8be82b9ea6367a996297c57c7ab89fac931822f501e529e583601ca6ec92613520c78e1baebb72745e4639b21162b6e71bdfd91623ad0633980c94cc733c113f25a8fc9d84c778d9cf0ec8120c2aca29578e8d9709240575e0009cd8fa84c98d9718a1d0d8efffd1229b74fe1d05024778df93b1d2db31ac5f18a06852e402165549ae0942554115b5add3d37b4f89cf78579b05bed44d5f358266abe7c78d79474cb6b3ec62b3ddcb2142bb4a19bb26ab92f66b240c38b0a7ac7c164558606f1bbec6977bf6700fbb3fedc09d4e388251ba8d4bbe7fc1eb5d47dec9a783e4543c664b97fd28a4f59dc3fe2e58e843b1f4aa4e5ccb06ee50608e3d39610f422924884df99c43cf2d5821eb16a476d75126d1107a75b20840873915b492f6e77bf40c09c51ef668ae71669ab49be50a885ed65b7a2641f143a7bdcdd35633779f0913e13d461b6fb1b15d2946ecf22e3008f2ad1fdb856da299e924f96566ce5184812d85641737cfef7aa447bd2c51b1d2e7f4f19a291fb20d1860dac1b0417478e5d0b244aac4262437910fb640a905a7b30853a40b83799e6677f1859ff90c8d7bf885923aa129b6917e5bc1647a99440f3317b5ca68aed8037809034ca38db679f2f108804a02a5383cb0be013849ed4d320e8bd9decdf2f109f6148142b8e5c504e2a01a1f5da2efe4d37712c7257785a2d7d3cb480b2f039768c6ff96a1be03bb0ef231b48d1cc83733387fb8628da569e4ea177e05fd49a6252c54e79bacf456de1dcacd37fd0dff3e763efdb5cd024a0be664af60b818de35206b792c986efec24924fecb2dd4f2b35f62c554572c3a1eed1d358bda4b9f7ba1b57cba1824914346461ed04a5f559fb1f5036179b7862f6a8e0cbb2ffc1190ea1e5172895103a3ad1c9d7e0836da723d88976d54520c045f5aee5c22c904143bd77fcebe94508d1b1cd552786678742c5fb9509b1b0301b997a0812a537a78e08af211b1e5d01c07b59b9b3a5d01850e05941c5d4a2bd5dc3a3c992b45908fa4b0178d838b467463dcff946bc6d48545ae40bb1080cac3c6fd6944d0099bdcab049c0e623e499f4a8799032c61ced17272264234a47edf1b3ae25c2988de8c9b98ded411544ce5eb5a273935eb1a437364d749462a40055ddfa62a8fdbc7a6c26a832a2c189a37348b5a3d24a637371d642d7dc6e6bbc9c937856f496b0e53c2a18bf9eca515d662ac3a9dadb56243e28916938b28af06f54e96a6095003f896a971076d738ca515d32c7e21cab0bd85e496a058d4db29f5ae50353bc61a30a5a517a071358f521fbf0cafb95c1fe1166a1778c15bb43c1288bf7f3bad6feddaeab14de1b8906718f167900bdeab2795323cc4f9a6d77a35176798a3ab27c3355f8a1d023dfc7070906060d0cc4556c04db5bf408beeea7fe7469dfad3c85a153ebade2709066d0e78172fe64e555d41259dd00da545ff59b3367116a46ac22e25ffdcbc3795776f554d978466498c8dd3d2cc115352c8bfca181a2a3fd12ec4b61dcd0e5b1cf02f6d2d490a74bf4ec989800aafcee06df27c968930cc1efe36b415db8171e5bdfb7db49237809e46d38b14199f568a0ffde0b237d753da9e98da14b397d206bcd1c28683a4089e8a37845f4e09a78f6309b533e497000fe128ff013f1f4797245ef4697e1a2e8979937b097eccbb547c7f553ad6eb48c7b1a683243fad52af0a72215909ce913d11e2ee5c2b0567e80ae525bc979c2d7f8535e6b4c615fd5a8486c2856fdf8e2d655bdcbcee6f1e324bcb6eec8329e4e0812e401c6453a118f9f75539cef47357e4a9de9f45e92a1acff4af09418350c735d833374fc5ddb14da4e54e70ce182978d7c2325d16e80d61b19bfe68dd24f5fe3c9561665757c7b6a5bf5e83e10eb516cd05613e4dd92ed3ed88b20d5296415a435597f238e95e2af59b8fb2eaffad91705d065a7ff040f0f8ddd9ee2b061d39dfa25f356dec3c755a1519e812e1974df360136aedd7e7548c87ed166f7baf50e4baae7b5693eeb3ee63f2689ace372d45466cc815cb11605bd453b2d918824c1b2f64e623e291c728a9e2e89c4d9cba3acd26af584c69945908c76259d299d3bb53e5b9ae821cfdde11a3de624cdaf569dc970d9af1174032d707b135e9bed30a638d3e13fe70520ad80e95ef39d5f6fb45b8edb017dd2b82b6c4656c546132df5b1c710e798133b15c4f05202e785c78150820f6ad47f6651c8df21bf5eb6ec851df349b13588e02220cdf25227bc63bf254b1e2364247adec4d5957a958da5577e3884754362d4c04b8985ba7f3827fd135a5978ee8a7ee2c0ca66755c1cbb76039b2821577b05636755e5474929b1db27e7088c0a4fc3f723f4427f4005bf4113d21c5fac806c1b9d0e78b1eba78ea74b55e3a4701d13074ed2324a9cc6dd16b21fe4a0b890cee10669b43775f55c73f38f44cbde28fa7dae1ba3c66ec25845f80be816ef93b66ef9c7b7ae86cc1580aa1ef612de516b302063aee622e03f47b0ba65532156634ac4511efcf53524e13e259f9786aefa745bef9eea6fb8c7a1f7556305f225f4cebb09306a97644112b8611e8e67476596de3db229fa3be432cdb2e1e4131cec8ea8c6d70395b374b85303e52cd6f23ecfea536b405b3aa065856b8530b3049acd7bb31ccbf9e02a8e4cdcca252142adc55563be912edcbc5a7210b7358dc9d9d2c9cdabe80de999de9cd40aa9f87295c549f42734a62df307f18c5d850774aab8df61042dd0add51554f7afaf4deb59f73c7238ddc78fdde7266fe479871f76cc037d822d23b3ccad7b591ee9b0c81eab7fe91a150b13f082674a6d079234ca4c1c2f49bc3b4df95a7ba7e9668c385b344060be72a39518c0685f8834fe1d37aa57a9109258f735a6143217166a2613a985f2e3a721b7e71a30a063c8b4f93898a2e4b478b513649a0cedda2a9f37b58145e0a75907d21a806e524a3f5e45297fd4c46280d951d8ada3a761f359164a5c0abb2573f0c65aac8b3542cc32f6a0bfb9484708a0caeefbf3616d03026c2f0614d17963de26d6db565cc463385d5872b5a865a517f55e0cdd817a8cb4f31aa2b1ea8c099ef96fb6d2e5864031d894b5923c474ff00aec195310b0c1aa82536e8e75dc9aba7605544ed86df31122aca480c22cb715ee8df04180e7d3040501379669f3de4adf2acf49a47b7564b52b85006430633fbcee176970d67857552ced405eae8ac2fa8e0c2d980795e7f854f842b811a919313d63164b04f8521225867d8af3ac59360ee7c5f8d3d0a738071a123a2a599c7e2bdbaa746c42f0af77e7b446ab223a0e585da5f403c9bd55a6af48fc8f2d251d53c49f64652991ca7549e282ab85611898896808fa8249bd600fae28b81ba815a798d12acdc97a2d6bfcae5833b6c0676ce65157675f28f73aeb10443c10c720398e3d75eb2cab9df437af68d25fe0fb282bbebf668da9a082c36889ee22bc13b1c2b9b7125c3270a87f09fe7da289906f7185d84064c5444fce22ab40d57ae504513019fe8e36bfe702083e545b94d1490000f9b5759cded7ca04415200c8e3bdc7a4534d73e8f97a757a2899d69132c3e0a4c7f5deed010e0c4f458c7f379810e304dd47548141ef906a7b96d939f61963d3fbc58b18c9de2903ffb7176025e38941e3e18398c5e387042d4f356d8d009225187cfe77bafb9316fd02e66f3469d4048e5b8f02188ae60f066e32c23ddebb2327996347c974cdf2f215037d96bfacbc7f1f65a95d66e60192d0d9d3902fd73935f281c3b3c50de162d0e9ca250278d32b810797de787fccb79e44e3e1a0a7e188b44971d41cc8fc11e9abb0b9a9cbd220b2c0a4f3fd8d7f8efddfe916bf3df7fc834453d32f61c850061d6d788c63d3f2dc42d0f54a64a09c0e1ffb51c15baef47c36ec8e319daa6ee46b51f2de27817b866a68b78089b5904bf1f9379990ac2a947f4c7dae0db2c17789e07d4b16f054889f6040709c812be047f53cec5fbc71d058772de66f539732abc8c7e75be4bbcec99119007493f6de01f68af52d2dbd594539c44ae4ec34908ef25ba46a02fc90d354a4a83cf2c588c4e1fe41966c0b2443875611cc9f21b08864ffa1f5072720eb756c4ff257e69e6e398b7e84a5904fc69db17879202ceb6c57fe6bd94ca578e3313a9a79538c840af82283a76dd7f53f5c3d8ec17c5be4c36136a53f0c46b14614e71dfe4ba7974ac4494311d4cda2fc7d0402acb637a9a6f491af9068c5c6fe71becfddb9fc07c785da5eddbb3a51043a0ae15aa9ddadd53f35dffed09a2127d3e0c5e1057ccec567791d9ce6e8082f0beb7ae912a4b30804abfa5347be87c6eff4fdb70b3064011950efd0ef30b84ee4b00f9247c2005a2dfa8e1c78ba0006185e2feeaea7f2c77d11c7e85499306ba769e404b6e6f7a7e5b45199817b31423eb439c50d850b22c1b63c4831f8da7ed462b0f8827f44c05df2e24673b360a58477e77b4835fae97e7d6375f0ccb339b4549652f20efeff931d14c0688713e78c81387ca6706258f9589090f2c8a4ef9e2cceb1775673f43f61f68736c966f757e6239ec7eb8ea70140f2c967a5a9f80f88b410f160aa14e083f6ff90f3324c59e4eb043e86117c362469e9c55a4689b137ccb04089e5d1ed875332083c41e8e3b28aad11472190b6dfddc18685e492fcf0a9c1f2ee287f7f1044f0bc98a9ad230978f97710839d1fc3e9f150cb03da9a1f55c608124ed27aa6b4c2c3cb7388432e15b02e55e1fcacee563c11f4f0ed9549fcd95d931243b95b394963da03982228f29a9501d7f1df7e44fec415fa7dc0edc1ec86850feb9f0dcd2d9dba983bbf44ff312462c73afc49519eb7440cd7d26ae73a137ae1c2b166d94730bf964452b4c82a49d110f48a894a427dc2cc4dacd66524b137ff54b49ec2938c829bf8934769c076001b54f280f862935a0cee4d69b3c3bf7773f2a7a235f9f188901f655e7b0bf790cfe49f5f079b90e0bad0fdd25e0c302af3687ba1feb58f3d3e78c34cb11f3dc494ddf4702fc009fd7c9e2671730709f60b83c75c1fea0738cbf87a19eff5698a39ecc8c22218be5f9426b225b52e3020b6782ece5451b716c975996afd0fc20fdad4acd8836ffd14d0ae932589be8ddb2b21328cec26d7321cc4cd5a2a01562b597abdd7f81f326c0a0f849d11053e4909db9cd9d18cbd4bdcea72bda5cc1cea86283c8fdebd5e55087cecced746f424bdf4358b65c958b84a2436025996e105425ed4784e2de1602b3ead37b87f104178f5a9db22ccbdae040b01e69b72aabc59c10af1e7f48b6701705b433fec40bbc07846d4c66b16f300906635e4fbf8ba61f2700b1726c6a4c14573fbb16d1af58f6301b41f7022a4c84651354e057d9383ecc10c32f07d332ddca591fd29", 0x2000, &(0x7f0000009680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m3.572377123s ago: executing program 4 (id=922):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
r3 = socket(0x40000000002, 0x3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4)
bind$inet6(r4, &(0x7f0000000400)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffff010000000000280000000000069078000000f0ff00000000004e220021c50384ba7a00cf25e19b6a2fa6a97dd677dc6d5e8efb5638ef17ea52dc36de83ad26f523959b4cf1ff02a50fe522bdba2ef86db5fd93c70958409a56ec26b19129e182f26ba27bd18f9c0000000000007795ceaa20e50919416680c68b3cacd6c60b126d78349e41a0d8806f059e4253d8f02ad39527dcdcf96c0e4a9fbe0e134c807e8b444e95e9ed32d934ad2646d9b824a533012a3253c4cf2b628f6b4f87ef59ad9362ac1782d1f8cd93823af8002ce3b885dadc939df808dcae375235da6c0f86979feacbdaa741b622921263d3e3d25ac6b76b5d192149f07a1e8321850e0ae80765c5da", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000090780000"], 0x0)
setsockopt$inet_int(r3, 0x0, 0x14, &(0x7f00000007c0)=0x8, 0x31)
recvmmsg(r3, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmsg$inet(r2, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x0)
read$char_usb(r1, &(0x7f0000000280)=""/239, 0xef)
syz_usb_disconnect(r0)

3m2.061665751s ago: executing program 5 (id=923):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x8000, 0x2, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0)
r2 = syz_io_uring_setup(0x112, &(0x7f0000000a00)={0x0, 0x0, 0x400}, &(0x7f0000000580)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r2, 0x47f6, 0x95ac, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000078000000030a01010000000000000000010000000900030073797a310000000028000480080002400000000208000140000000051400030076657468315f746f5f626174616476000900010073797a300000000008000a4000000002"], 0xc0}}, 0x0)
r6 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x9, 0x796}, {0x6, 0xd7c0}]})

3m1.756722714s ago: executing program 5 (id=925):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
accept4(r0, 0x0, 0x0, 0x800)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r3 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r3, 0x2)
listen(r2, 0x80)
r4 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
bind$inet(r4, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10)
listen(r4, 0x3a5)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)

3m1.44569785s ago: executing program 5 (id=926):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xc0241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)="9902000012006b9c9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d24460bc24eab556a705251e6182949a36c2151fef08d8cdbf9367b41ad206000000f408000300060100000800050000000000", 0x5c}, {&(0x7f00000000c0)="d557fc16674b56c0a96a733c232d6790c63ca969a688b06e3da58f3c4568bf0a77bdff6f41d7890e18defe94ef1a392dc00dea94a1bfe64982de7cf1c91e1103cc1840210cbb57222bc2bfa30369992a6bc5156c00aeadd359a7991ad1de01feec401dba6d7694a14785839d3c2d67188cd07827c934897de4676743c192c4a4b24f7f8747141a1325d29da89694574c32eba56e5bbc8f80376f3325dd89937e990089294183a4829e21849004c538378d41066cb7de399450b3544067", 0xbd}, {&(0x7f0000000280)="5e191aea3468a5eab1c3d6024b43dece099475c81c53aa9244d866f68b8e31e93b41b432fb0454234620a25706bfb6f01ce01093b7ff634785d8b345ef8f7a928034820bbd37467d1049ac7a724c153c358d6f7efd919bb918734e846598b03733a6f4bbce06471d3a440e14dae67170cbfea76bc33481c28ec2cfad1f3d83ddece3006d5bb30dc4288dd40bd476cc7f94d143c56e54ed4d84b9c1ecc87fc035c7c992767edcfe2218bc6542a6a3a9b879e8aa6d652d277ee640cc15d2e9efe30584ed57ab208ca4db6cf63381804a5ee5950020", 0xd4}, {&(0x7f00000017c0)="fd7617adb877574c4a4489fcaccde0c97bdb2d9d89dba8ab9fc9ebbdcedc770661e1971989a787890de32eebe4008ac8bfafa034add91f6ea4acc741521abecc6cbb4fcfeb61d7d08a8911e59550055d17897194afc1ffd04c18c2506d41bec374a6e5b1ed5fd07db55483fef2dc9ad8ae7c6044b08a303f256ff7e7dd720c72fc0d513110468d44e31a8fc9833d521b95c3b04378ca1c67b4faca350009045628c7f7196510f14ebdc68ba7", 0xac}], 0x4, 0x0, 0x0, 0x1f00c00e}, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd02003200030030000000600000000028290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

3m1.285508395s ago: executing program 4 (id=927):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000005c0), 0x2, 0x201)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x400, 0xffffffff, 0x7fffffff}, 0x2, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x14}}}]}, 0x78}}, 0x0)
r6 = dup(r2)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$inet6_mptcp(0xa, 0x1, 0x106)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
ioctl$VT_RESIZE(r9, 0x5609, &(0x7f00000001c0)={0xfffe, 0x9, 0x4})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$l2tp6(0xa, 0x2, 0x73)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad88000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r12, @ANYBLOB="0a200100b6aa000000"], 0x58}}, 0x0)
write$binfmt_script(r7, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r7, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r6, 0xc0245720, &(0x7f0000000100))
pidfd_getfd(r1, r1, 0x0)

3m1.170600722s ago: executing program 5 (id=928):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xffd8)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x0, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r2, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}}], 0x1, 0x9200000000000000)

3m0.912594155s ago: executing program 4 (id=931):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000100)=@usbdevfs_connect={0x10})
socket$netlink(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f000001a5c0)=[{&(0x7f00000000c0)="1b000000180081054e81f782db4cb904021d0800fe007c05e8fe55", 0x1b}], 0x1}, 0x0)
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4, @remote}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
socket$alg(0x26, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x0, 0x881)

2m59.145310548s ago: executing program 5 (id=937):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
memfd_create(0x0, 0x2)
ioperm(0x8, 0xbe, 0x5e)
msync(&(0x7f0000954000/0x4000)=nil, 0x4000, 0x7)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
ppoll(&(0x7f0000000000)=[{}, {}], 0x2, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, @void}, 0x10)
recvmmsg(r2, 0x0, 0x0, 0x10002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2, 0xd59f83, 0x4, 0x5, 0xb, 0x9, 0x8, 0x722, 0x6, 0x7, 0x8, 0x8da04cae68c6f21, 0x0, {0xffff945a, 0x1}, 0x7, 0x6}})

2m45.473452954s ago: executing program 34 (id=931):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000100)=@usbdevfs_connect={0x10})
socket$netlink(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f000001a5c0)=[{&(0x7f00000000c0)="1b000000180081054e81f782db4cb904021d0800fe007c05e8fe55", 0x1b}], 0x1}, 0x0)
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4, @remote}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
socket$alg(0x26, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x0, 0x881)

2m43.513496887s ago: executing program 35 (id=937):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
memfd_create(0x0, 0x2)
ioperm(0x8, 0xbe, 0x5e)
msync(&(0x7f0000954000/0x4000)=nil, 0x4000, 0x7)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
ppoll(&(0x7f0000000000)=[{}, {}], 0x2, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, @void}, 0x10)
recvmmsg(r2, 0x0, 0x0, 0x10002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2, 0xd59f83, 0x4, 0x5, 0xb, 0x9, 0x8, 0x722, 0x6, 0x7, 0x8, 0x8da04cae68c6f21, 0x0, {0xffff945a, 0x1}, 0x7, 0x6}})

18.212544687s ago: executing program 2 (id=1412):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x547, 0x4)
bind$inet(r0, &(0x7f0000000640)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

17.563154423s ago: executing program 2 (id=1416):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000007c0)={'bridge0\x00', @remote})

12.745374553s ago: executing program 2 (id=1434):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='module_request\x00', r0}, 0x18)
socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0))

11.461967129s ago: executing program 2 (id=1437):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x5}]}}]}, 0x38}}, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0xffffffff})

7.922749988s ago: executing program 0 (id=1455):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000850000005000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000005c0)={@local, @link_local, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @broadcast}, @timestamp_reply={0x11}}}}}, 0x0)

7.797856979s ago: executing program 2 (id=1456):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

7.714497162s ago: executing program 0 (id=1458):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0xb4, &(0x7f0000000b00)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaa3aa0086dd60003a04007e3a00fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)

6.93685906s ago: executing program 0 (id=1462):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket(0x10, 0x3, 0x0)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001580)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6ea1893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb951368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_pidfd_open(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r6, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b0100000000"], 0x38}, 0x0)

6.533229213s ago: executing program 2 (id=1468):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_open_pts(0xffffffffffffffff, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
openat$rtc(0xffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

6.19620154s ago: executing program 7 (id=1470):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000007000000011701000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000640), &(0x7f0000000680)}, 0x20)

5.461843551s ago: executing program 6 (id=1471):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xfd, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
statfs(0x0, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x200)

5.451807544s ago: executing program 7 (id=1472):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x2, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000003c0)={0xaa, 0x101})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x13}, &(0x7f0000000240)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)

5.241539727s ago: executing program 6 (id=1474):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9461a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=@updsa={0x2e8, 0x1a, 0x8, 0x70bd28, 0x25dfdbfc, {{@in=@loopback, @in6=@private1, 0x4e20, 0x0, 0x4e24, 0x10, 0x0, 0xa0, 0x90, 0x3a, r2}, {@in=@private=0xa010102, 0x4d5, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {0xb, 0x8, 0x7, 0x883, 0x400, 0x120000000, 0x1, 0x8}, {0x5cd9, 0x16}, {0x6, 0x76b, 0x5d}, 0x70bd29, 0x3501, 0x2, 0x0, 0x5}, [@replay_esn_val={0x3c, 0x17, {0x8, 0x70bd25, 0x70bd2a, 0x70bd2a, 0x70bd2b, 0x80000000, [0x8000, 0x9, 0x7, 0x9, 0x84e, 0x9, 0xffffff80, 0x8]}}, @lastused={0xc}, @lastused={0xc, 0xf, 0x6}, @encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e20, 0x4e22, @in=@initdev={0xac, 0x1e, 0x1, 0x0}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x10000}, @migrate={0x180, 0x11, [{@in=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@loopback, @in=@loopback, 0x2b, 0x0, 0x0, 0x3502, 0x2, 0x2}, {@in=@loopback, @in6=@rand_addr=' \x01\x00', @in=@broadcast, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x2b, 0x2, 0x0, 0x0, 0x2, 0xa}, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private2, @in=@multicast1, @in=@private=0xa010101, 0x32, 0x1, 0x0, 0x3505, 0x2, 0x2}, {@in6=@mcast2, @in=@broadcast, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3505, 0xa, 0x2}, {@in6=@empty, @in6=@mcast1, @in=@multicast1, @in6=@empty, 0x6c, 0x7, 0x0, 0x3500, 0xe1e02f6d38dba7dc, 0xa}]}]}, 0x2e8}}, 0x64845)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003d68c5ee1768812003208020300ecff3f0002000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ab65761407a681f009cee4a5acb3da400001fb700674f39b44e33bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/180, 0x114)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x40345410, &(0x7f0000000400)={{0x1}})

4.273568091s ago: executing program 7 (id=1475):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="340000006d00010026bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000800000000020014"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)

4.155134133s ago: executing program 6 (id=1476):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)

3.989810025s ago: executing program 7 (id=1477):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x0, 0x0, 0x4}, 0x0, 0x0)

3.835190808s ago: executing program 6 (id=1478):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
unlink(0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600a841d0014060000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
geteuid()
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80045505, &(0x7f0000000340)=@usbdevfs_connect)
ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f0000000080)=0x6)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
dup2(r1, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0)
ptrace$pokeuser(0x6, r2, 0xe8, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

3.56966613s ago: executing program 7 (id=1480):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mount$binderfs(0x0, &(0x7f0000001600)='./binderfs\x00', 0x0, 0x40000, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="ffffbb7f000000000000f2ff000000da0000009d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
gettid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff00000006"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r7}, 0x18)
syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000280)={{{@in=@dev, @in=@private, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x7, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffc, 0x7}, {0x0, 0x10000, 0x0, 0x52b6}}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in=@private=0xa010100}}, 0xe8)
writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000480)="338227904d0b7d12d59f8e40df548ef887734d3e4aa88b7135609f2930d48195bb6e896c29724d", 0x27}], 0x1)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97000288c19e9ace00000000000000002100000002ff020000000000000000000000000001"], 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3.569180815s ago: executing program 8 (id=1481):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000080))
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa00fe80000000000001000000bbfe800000000000000000243c000000aae0ff", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="54c2000090780000"], 0x0)
sendmmsg$inet(r2, &(0x7f0000000f40), 0x0, 0x40488c1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0)

2.420450513s ago: executing program 0 (id=1482):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002a"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r1 = gettid()
rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8)
tkill(r1, 0x16)

2.368639288s ago: executing program 6 (id=1483):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x40}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
stat(&(0x7f00000004c0)='./bus\x00', &(0x7f0000000600))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7528e000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
linkat(r0, &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1400)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace(0x8, r5)
tgkill(r5, r5, 0x1a)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)

2.277896307s ago: executing program 8 (id=1484):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1fffe000, 0x2840)
ioctl$EVIOCGREP(r0, 0x80084503, 0x0)

2.12351704s ago: executing program 8 (id=1485):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@nullb, 0x0, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

2.099766829s ago: executing program 0 (id=1486):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r1=>0x0})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0xffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9461a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=@updsa={0x2e8, 0x1a, 0x8, 0x70bd28, 0x25dfdbfc, {{@in=@loopback, @in6=@private1, 0x4e20, 0x0, 0x4e24, 0x10, 0x0, 0xa0, 0x90, 0x3a, r1}, {@in=@private=0xa010102, 0x4d5, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {0xb, 0x8, 0x7, 0x883, 0x400, 0x120000000, 0x1, 0x8}, {0x5cd9, 0x16}, {0x6, 0x76b, 0x5d}, 0x70bd29, 0x3501, 0x2, 0x0, 0x5}, [@replay_esn_val={0x3c, 0x17, {0x8, 0x70bd25, 0x70bd2a, 0x70bd2a, 0x70bd2b, 0x80000000, [0x8000, 0x9, 0x7, 0x9, 0x84e, 0x9, 0xffffff80, 0x8]}}, @lastused={0xc}, @lastused={0xc, 0xf, 0x6}, @encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e20, 0x4e22, @in=@initdev={0xac, 0x1e, 0x1, 0x0}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x10000}, @migrate={0x180, 0x11, [{@in=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@loopback, @in=@loopback, 0x2b, 0x0, 0x0, 0x3502, 0x2, 0x2}, {@in=@loopback, @in6=@rand_addr=' \x01\x00', @in=@broadcast, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x2b, 0x2, 0x0, 0x0, 0x2, 0xa}, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private2, @in=@multicast1, @in=@private=0xa010101, 0x32, 0x1, 0x0, 0x3505, 0x2, 0x2}, {@in6=@mcast2, @in=@broadcast, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@mcast2, 0x2b, 0x3, 0x0, 0x3505, 0xa, 0x2}, {@in6=@empty, @in6=@mcast1, @in=@multicast1, @in6=@empty, 0x6c, 0x7, 0x0, 0x3500, 0xe1e02f6d38dba7dc, 0xa}]}]}, 0x2e8}}, 0x64845)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r7, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003d68c5ee1768812003208020300ecff3f0002000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ab65761407a681f009cee4a5acb3da400001fb700674f39b44e33bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/180, 0x114)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f0000000400)={{0x1}})

615.173997ms ago: executing program 8 (id=1487):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)

613.566177ms ago: executing program 6 (id=1488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
time(0x0)

260.540737ms ago: executing program 0 (id=1489):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mincore(&(0x7f000028b000/0x3000)=nil, 0x3000, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
wait4(0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)

259.995744ms ago: executing program 7 (id=1490):
fstat(0xffffffffffffffff, 0x0)
stat(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
syz_open_dev$tty20(0xc, 0x4, 0x1)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000040)={0x19, 0x1, 0x9, 0x7, 0x7, 0xd})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESOCT=r0, @ANYRES16=r0], &(0x7f0000000880)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3}, 0x18)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f00000011c0)={0x2c, &(0x7f00000003c0)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r5 = socket(0x18, 0xa, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

370.756µs ago: executing program 8 (id=1491):
lsetxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0, 0x0)

0s ago: executing program 8 (id=1492):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r1, 0x29, 0x40, &(0x7f0000000440)=ANY=[@ANYBLOB="000a0000000000000730000000000a00000200000000010000000000008000000100"/44], 0x60)

kernel console output (not intermixed with test programs):

 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.071518][ T5865] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  413.140641][ T9502] netlink: 268 bytes leftover after parsing attributes in process `syz.4.863'.
[  413.579729][   T30] audit: type=1326 audit(1731977375.392:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.800762][   T30] audit: type=1326 audit(1731977375.422:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.804029][ T5865] usb 1-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  413.832820][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.843039][ T5865] usb 1-1: config 0 descriptor??
[  413.861098][   T30] audit: type=1326 audit(1731977375.572:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.883379][   T30] audit: type=1326 audit(1731977375.612:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.908135][   T30] audit: type=1326 audit(1731977375.612:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.933127][   T30] audit: type=1326 audit(1731977375.662:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  413.955788][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.974846][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.999353][   T30] audit: type=1326 audit(1731977375.662:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  414.022439][   T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  414.037036][   T46] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  414.046750][   T30] audit: type=1326 audit(1731977375.662:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  414.101981][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.125231][   T30] audit: type=1326 audit(1731977375.672:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  414.182094][   T46] usb 3-1: config 0 descriptor??
[  414.249047][   T30] audit: type=1326 audit(1731977375.672:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9495 comm="syz.5.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05f717e759 code=0x7ffc0000
[  414.428552][ T5865] hid-alps 0003:044E:120B.000C: item fetching failed at offset 3/5
[  414.464968][ T5865] hid-alps 0003:044E:120B.000C: parse failed
[  414.484374][ T5865] hid-alps 0003:044E:120B.000C: probe with driver hid-alps failed with error -22
[  414.970834][ T9512] netlink: 9412 bytes leftover after parsing attributes in process `syz.5.873'.
[  415.024345][ T5903] usb 5-1: USB disconnect, device number 27
[  415.072807][   T46] usbhid 3-1:0.0: can't add hid device: -71
[  415.079066][   T46] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  415.091881][   T46] usb 3-1: USB disconnect, device number 25
[  415.974789][ T5878] usb 1-1: USB disconnect, device number 26
[  419.864954][ T5878] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  420.119564][ T9572] overlayfs: missing 'lowerdir'
[  420.146398][ T5878] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  420.161252][ T5878] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  420.170939][ T5878] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  420.182036][ T5878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.267404][ T5878] usb 7-1: config 0 descriptor??
[  420.888607][ T9583] netlink: 268 bytes leftover after parsing attributes in process `syz.6.885'.
[  422.082428][ T1202] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  422.915774][ T1202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.960446][ T1202] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.876076][ T1202] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  423.889148][ T1202] usb 6-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  423.898874][ T1202] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.911375][ T1202] usb 6-1: config 0 descriptor??
[  423.916822][    T8] usb 7-1: USB disconnect, device number 10
[  423.979336][ T9601] netlink: 'syz.0.897': attribute type 29 has an invalid length.
[  424.728179][ T9601] netlink: 16 bytes leftover after parsing attributes in process `syz.0.897'.
[  424.786413][ T9606] netlink: 'syz.4.898': attribute type 39 has an invalid length.
[  425.041268][    T8] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  425.162175][ T1202] usbhid 6-1:0.0: can't add hid device: -71
[  425.168959][ T1202] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  425.188228][ T1202] usb 6-1: USB disconnect, device number 18
[  425.203555][    T8] usb 7-1: Using ep0 maxpacket: 16
[  425.225101][    T8] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  425.236171][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.277159][    T8] usb 7-1: config 0 descriptor??
[  425.294830][    T8] gspca_main: sonixj-2.14.0 probing 0471:0327
[  425.379385][ T9611] netlink: 191416 bytes leftover after parsing attributes in process `syz.5.899'.
[  425.389192][ T9611] netlink: zone id is out of range
[  425.395302][ T9611] netlink: zone id is out of range
[  425.400563][ T9611] netlink: zone id is out of range
[  425.405924][ T9611] netlink: zone id is out of range
[  425.412622][ T9611] netlink: zone id is out of range
[  425.417776][ T9611] netlink: zone id is out of range
[  425.423109][ T9611] netlink: zone id is out of range
[  425.428275][ T9611] netlink: zone id is out of range
[  425.433589][ T9611] netlink: zone id is out of range
[  425.438877][ T9611] netlink: zone id is out of range
[  427.357837][    T8] gspca_sonixj: reg_w1 err -110
[  427.381138][    T8] sonixj 7-1:0.0: probe with driver sonixj failed with error -110
[  427.804597][ T5903] usb 7-1: USB disconnect, device number 11
[  429.100934][ T9645] IPVS: set_ctl: invalid protocol: 51 224.0.0.1:20000
[  429.387232][    T8] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  429.548675][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.560256][    T8] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  429.917924][    T8] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  430.118334][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.174823][    T8] usb 5-1: config 0 descriptor??
[  430.797214][ T9665] netlink: 268 bytes leftover after parsing attributes in process `syz.4.905'.
[  432.304887][ T9683] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  432.667029][ T9691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.917'.
[  433.629322][ T5903] usb 5-1: USB disconnect, device number 28
[  433.661083][    T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  433.681760][ T5878] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  433.811299][ T5882] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  433.832220][    T8] usb 3-1: Using ep0 maxpacket: 16
[  433.843297][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.855189][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.866672][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  433.880044][ T5878] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.892160][    T8] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  433.901976][ T5878] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  433.911054][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.920032][ T5878] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  433.921114][ T5903] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  433.931895][    T8] usb 3-1: config 0 descriptor??
[  433.943145][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.965148][ T5878] usb 1-1: config 0 descriptor??
[  433.971141][ T5882] usb 6-1: Using ep0 maxpacket: 16
[  433.979270][ T5878] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  433.986935][ T5878] dvb-usb: bulk message failed: -22 (3/0)
[  433.988264][ T5882] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  434.008150][ T5878] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  434.017261][ T5882] usb 6-1: config 0 interface 0 has no altsetting 0
[  434.024357][ T5882] usb 6-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  434.039167][ T5882] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.047745][ T5878] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  434.055834][ T5878] usb 1-1: media controller created
[  434.062579][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  434.079019][ T5882] usb 6-1: config 0 descriptor??
[  434.102478][ T5878] dvb-usb: bulk message failed: -22 (6/0)
[  434.102821][ T5903] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  434.108874][ T5878] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  434.129984][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  434.133820][ T5878] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input15
[  434.148311][ T5903] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  434.155109][ T5878] dvb-usb: schedule remote query interval to 150 msecs.
[  434.173328][ T5878] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  434.205817][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  434.224275][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  434.414572][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  434.420709][ T5878] dvb-usb: error while querying for an remote control event.
[  434.434149][    T8] shield 0003:0955:7214.000D: collection stack underflow
[  434.441753][    T8] shield 0003:0955:7214.000D: item 0 4 0 12 parsing failed
[  434.445222][ T5932] usb 1-1: USB disconnect, device number 27
[  434.449774][    T8] shield 0003:0955:7214.000D: Parse failed
[  434.461216][    T8] shield 0003:0955:7214.000D: probe with driver shield failed with error -22
[  434.484103][ T5903] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  434.484721][ T5882] usbhid 6-1:0.0: can't add hid device: -71
[  434.491813][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  434.497987][ T5882] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  434.508906][ T5903] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  434.508943][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  434.508975][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  434.556037][ T5882] usb 6-1: USB disconnect, device number 19
[  434.567535][ T5903] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  434.575897][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  434.586897][ T5903] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  434.598766][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  434.610800][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  434.625549][ T5932] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  434.643624][ T5903] usb 5-1: string descriptor 0 read error: -22
[  434.649922][ T5903] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  434.659117][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.703008][ T5903] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  435.138014][ T5882] usb 5-1: USB disconnect, device number 29
[  435.271444][ T9706] netlink: 28 bytes leftover after parsing attributes in process `syz.5.923'.
[  435.457770][ T5882] usb 3-1: USB disconnect, device number 26
[  435.653597][ T9709] kvm: kvm [9708]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x6d00000800
[  435.687993][ T9709] kvm: kvm [9708]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x14500000800
[  436.133804][ T9721] netlink: 12 bytes leftover after parsing attributes in process `syz.4.927'.
[  437.358509][ T9739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.933'.
[  437.506045][ T9742] xt_hashlimit: max too large, truncated to 1048576
[  437.665541][ T9745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.935'.
[  437.798709][ T9750] netlink: 'syz.0.936': attribute type 11 has an invalid length.
[  437.892768][ T9752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.936'.
[  438.424024][ T9764] overlayfs: missing 'lowerdir'
[  438.801243][ T5903] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  439.309726][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  439.330009][ T5903] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  439.341153][ T5903] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0xC has invalid maxpacket 512, setting to 64
[  439.352157][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0xE, skipping
[  439.362787][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  439.373636][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  439.561457][    T8] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  439.563565][ T5903] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  439.580458][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0x1, skipping
[  439.591352][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0x84, skipping
[  439.602549][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0x4, skipping
[  439.613167][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0x1, skipping
[  439.624139][ T5903] usb 3-1: config 0 interface 0 altsetting 3 has a duplicate endpoint with address 0x9, skipping
[  439.635184][ T5903] usb 3-1: config 0 interface 0 has no altsetting 0
[  440.288383][ T9772] tty tty2: ldisc open failed (-12), clearing slot 1
[  440.297356][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  440.297450][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  440.341301][    T8] usb 1-1: Using ep0 maxpacket: 16
[  440.348322][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  440.368154][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  440.378848][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  440.406367][    T8] usb 1-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  440.435685][    T8] usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
[  440.457132][    T8] usb 1-1: Manufacturer: syz
[  440.466224][ T5903] usb 3-1: New USB device found, idVendor=1199, idProduct=9015, bcdDevice=43.95
[  440.468685][    T8] usb 1-1: config 0 descriptor??
[  440.475385][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.475412][ T5903] usb 3-1: Product: syz
[  440.475431][ T5903] usb 3-1: Manufacturer: syz
[  440.475450][ T5903] usb 3-1: SerialNumber: syz
[  440.510626][ T5903] usb 3-1: config 0 descriptor??
[  440.520691][ T9762] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  441.465458][ T5903] hub 3-1:0.0: bad descriptor, ignoring hub
[  441.477277][ T5903] hub 3-1:0.0: probe with driver hub failed with error -5
[  441.480252][    T8] usbhid 1-1:0.0: can't add hid device: -71
[  441.517318][    T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  441.593658][    T8] usb 1-1: USB disconnect, device number 28
[  441.652274][ T5903] usb 3-1: USB disconnect, device number 27
[  446.042217][ T5831] Bluetooth: hci3: command 0x0405 tx timeout
[  446.138695][ T9826] mkiss: ax0: crc mode is auto.
[  446.149494][ T9828] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.955'.
[  446.171137][ T5879] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  446.188266][ T9828] net_ratelimit: 672 callbacks suppressed
[  446.188281][ T9828] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  446.228609][ T9828] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  446.328453][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.359716][ T5879] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  446.389059][ T5879] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  446.438232][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.472609][ T5879] usb 3-1: config 0 descriptor??
[  446.495572][ T5879] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  446.511324][ T5879] dvb-usb: bulk message failed: -22 (3/0)
[  446.536086][ T5879] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  446.571241][ T5879] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  446.587335][ T5879] usb 3-1: media controller created
[  446.606955][ T5879] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  446.651293][ T5879] dvb-usb: bulk message failed: -22 (6/0)
[  446.677370][ T5879] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  446.845291][ T5879] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input16
[  446.865117][ T5879] dvb-usb: schedule remote query interval to 150 msecs.
[  446.872415][ T5879] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  446.967178][ T9838] netlink: 268 bytes leftover after parsing attributes in process `syz.2.954'.
[  447.717206][ T5879] dvb-usb: bulk message failed: -22 (1/0)
[  447.723143][ T5879] dvb-usb: error while querying for an remote control event.
[  447.881270][ T5879] dvb-usb: bulk message failed: -22 (1/0)
[  447.917105][ T5879] dvb-usb: error while querying for an remote control event.
[  448.111690][ T5879] dvb-usb: bulk message failed: -22 (1/0)
[  448.121502][ T5879] dvb-usb: error while querying for an remote control event.
[  448.340109][ T9842] overlayfs: failed to resolve './file0': -2
[  448.349750][ T5879] dvb-usb: bulk message failed: -22 (1/0)
[  448.351713][ T9841] overlayfs: failed to resolve './file0': -2
[  448.358309][ T5879] dvb-usb: error while querying for an remote control event.
[  449.245688][ T5865] usb 3-1: USB disconnect, device number 28
[  449.369638][ T5865] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  450.811812][ T5879] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  450.962162][ T5879] usb 7-1: Using ep0 maxpacket: 8
[  450.993387][ T5879] usb 7-1: config 61 has too many interfaces: 213, using maximum allowed: 32
[  451.026642][ T5879] usb 7-1: config 61 has an invalid descriptor of length 0, skipping remainder of the config
[  451.082837][ T5879] usb 7-1: config 61 has 0 interfaces, different from the descriptor's value: 213
[  451.140015][ T5879] usb 7-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  451.182403][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.232804][ T5879] usb 7-1: Product: syz
[  451.253794][ T5879] usb 7-1: Manufacturer: syz
[  451.278793][ T5879] usb 7-1: SerialNumber: syz
[  451.494414][ T9876] kvm: kvm [9875]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xfe00000000
[  452.145208][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  452.159701][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  452.168452][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  452.177952][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  452.186096][ T5831] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  452.194352][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  452.956626][    T8] usb 7-1: USB disconnect, device number 12
[  452.986402][ T9891] FAULT_INJECTION: forcing a failure.
[  452.986402][ T9891] name failslab, interval 1, probability 0, space 0, times 0
[  452.999245][ T9891] CPU: 0 UID: 0 PID: 9891 Comm: syz.6.971 Not tainted 6.12.0-syzkaller #0
[  453.007772][ T9891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  453.017848][ T9891] Call Trace:
[  453.021136][ T9891]  <TASK>
[  453.024073][ T9891]  dump_stack_lvl+0x241/0x360
[  453.028784][ T9891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.034000][ T9891]  ? __pfx__printk+0x10/0x10
[  453.038622][ T9891]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  453.044094][ T9891]  ? __pfx___might_resched+0x10/0x10
[  453.049396][ T9891]  should_fail_ex+0x3b0/0x4e0
[  453.054085][ T9891]  should_failslab+0xac/0x100
[  453.058782][ T9891]  ? nf_tables_newchain+0x1223/0x3310
[  453.064247][ T9891]  __kmalloc_cache_noprof+0x6c/0x2c0
[  453.069554][ T9891]  nf_tables_newchain+0x1223/0x3310
[  453.074773][ T9891]  ? __pfx_lock_release+0x10/0x10
[  453.079817][ T9891]  ? __pfx_nf_tables_newchain+0x10/0x10
[  453.085385][ T9891]  ? __pfx_lock_acquire+0x10/0x10
[  453.090428][ T9891]  ? nfnl_pernet+0x23/0x240
[  453.095353][ T9891]  ? __pfx_lock_release+0x10/0x10
[  453.100425][ T9891]  ? __nla_parse+0x40/0x60
[  453.104864][ T9891]  nfnetlink_rcv+0x14dc/0x2ab0
[  453.109667][ T9891]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  453.114824][ T9891]  ? netlink_deliver_tap+0x2e/0x1b0
[  453.120031][ T9891]  ? skb_clone+0x240/0x390
[  453.124458][ T9891]  ? __pfx_lock_release+0x10/0x10
[  453.129504][ T9891]  ? netlink_deliver_tap+0x2e/0x1b0
[  453.134728][ T9891]  netlink_unicast+0x7f6/0x990
[  453.139500][ T9891]  ? __pfx_netlink_unicast+0x10/0x10
[  453.144802][ T9891]  ? __virt_addr_valid+0x183/0x530
[  453.149923][ T9891]  ? __check_object_size+0x48e/0x900
[  453.155214][ T9891]  netlink_sendmsg+0x8e4/0xcb0
[  453.160008][ T9891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  453.165399][ T9891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  453.170685][ T9891]  __sock_sendmsg+0x221/0x270
[  453.175372][ T9891]  ____sys_sendmsg+0x52a/0x7e0
[  453.180164][ T9891]  ? __pfx_____sys_sendmsg+0x10/0x10
[  453.185500][ T9891]  __sys_sendmsg+0x292/0x380
[  453.190105][ T9891]  ? __pfx___sys_sendmsg+0x10/0x10
[  453.195267][ T9891]  ? __pfx_vfs_write+0x10/0x10
[  453.200080][ T9891]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  453.206437][ T9891]  ? do_syscall_64+0x100/0x230
[  453.211220][ T9891]  ? do_syscall_64+0xb6/0x230
[  453.215907][ T9891]  do_syscall_64+0xf3/0x230
[  453.220428][ T9891]  ? clear_bhb_loop+0x35/0x90
[  453.225116][ T9891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.231023][ T9891] RIP: 0033:0x7f065d17e759
[  453.235441][ T9891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  453.255059][ T9891] RSP: 002b:00007f065dff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  453.263478][ T9891] RAX: ffffffffffffffda RBX: 00007f065d335f80 RCX: 00007f065d17e759
[  453.271535][ T9891] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  453.279504][ T9891] RBP: 00007f065dff1090 R08: 0000000000000000 R09: 0000000000000000
[  453.287473][ T9891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  453.295444][ T9891] R13: 0000000000000000 R14: 00007f065d335f80 R15: 00007ffd9ab35f58
[  453.303428][ T9891]  </TASK>
[  453.403874][ T9884] chnl_net:caif_netlink_parms(): no params data found
[  453.503259][ T9884] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.510466][ T9884] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.518070][ T9884] bridge_slave_0: entered allmulticast mode
[  453.525355][ T9884] bridge_slave_0: entered promiscuous mode
[  453.533107][ T9884] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.540308][ T9884] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.548263][ T9884] bridge_slave_1: entered allmulticast mode
[  453.555874][ T9884] bridge_slave_1: entered promiscuous mode
[  453.578206][ T9884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.590926][ T9884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  453.617803][ T9884] team0: Port device team_slave_0 added
[  453.625880][ T9884] team0: Port device team_slave_1 added
[  453.670450][ T9884] batman_adv: batadv0: Adding interface: batadv_slave_0
[  453.677581][ T9884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.703805][ T9884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  453.716228][ T9884] batman_adv: batadv0: Adding interface: batadv_slave_1
[  453.723292][ T9884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.749386][ T9884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  453.902047][    T8] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  453.929748][ T9884] hsr_slave_0: entered promiscuous mode
[  453.936769][ T9884] hsr_slave_1: entered promiscuous mode
[  453.946752][ T9884] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  453.971830][ T9884] Cannot create hsr debugfs directory
[  454.057243][    T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  454.079366][    T8] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  454.108102][ T9903] all: renamed from bridge_slave_0 (while UP)
[  454.124653][    T8] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  454.171169][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.222847][    T8] usb 1-1: config 0 descriptor??
[  454.247883][    T8] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  454.306428][ T5831] Bluetooth: hci1: command tx timeout
[  454.360735][    T8] dvb-usb: bulk message failed: -22 (3/0)
[  455.211260][    T8] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  455.220895][    T8] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  455.228080][    T8] usb 1-1: media controller created
[  455.234217][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  455.244996][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  455.257854][    T8] dvb-usb: bulk message failed: -22 (6/0)
[  455.263693][    T8] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  455.271152][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  455.280394][    T8] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input17
[  455.293173][    T8] dvb-usb: schedule remote query interval to 150 msecs.
[  455.300126][    T8] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  455.417835][ T9884] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  455.425352][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  455.434068][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  455.441580][ T5831] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  455.449887][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  455.457052][ T5882] dvb-usb: bulk message failed: -22 (1/0)
[  455.469267][ T5882] dvb-usb: error while querying for an remote control event.
[  455.640408][ T9888] netlink: 268 bytes leftover after parsing attributes in process `syz.0.970'.
[  455.650774][ T5882] dvb-usb: bulk message failed: -22 (1/0)
[  455.656968][ T5882] dvb-usb: error while querying for an remote control event.
[  455.707441][ T9884] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  455.719507][ T9884] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  455.730024][ T9884] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  455.841248][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  455.847288][ T5878] dvb-usb: error while querying for an remote control event.
[  455.943714][ T9884] 8021q: adding VLAN 0 to HW filter on device bond0
[  456.689392][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  456.695311][ T5878] dvb-usb: error while querying for an remote control event.
[  456.702924][   T46] usb 1-1: USB disconnect, device number 29
[  456.718803][ T5831] Bluetooth: hci1: command tx timeout
[  456.884116][ T9884] 8021q: adding VLAN 0 to HW filter on device team0
[  456.917914][ T9884] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  456.928400][ T9884] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  456.958161][ T6909] bridge0: port 1(bridge_slave_0) entered blocking state
[  456.965289][ T6909] bridge0: port 1(bridge_slave_0) entered forwarding state
[  456.981252][ T6909] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.988364][ T6909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  457.201177][ T5865] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  457.223046][ T9884] 8021q: adding VLAN 0 to HW filter on device batadv0
[  458.047371][   T54] Bluetooth: hci6: command tx timeout
[  458.049722][   T46] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  458.330822][ T9904] chnl_net:caif_netlink_parms(): no params data found
[  458.688031][ T9904] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.696460][ T9904] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.732133][ T9904] bridge_slave_0: entered allmulticast mode
[  458.739635][ T9904] bridge_slave_0: entered promiscuous mode
[  458.761074][   T54] Bluetooth: hci1: command tx timeout
[  458.792818][ T9904] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.800226][ T9904] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.808526][ T9904] bridge_slave_1: entered allmulticast mode
[  458.815710][ T9904] bridge_slave_1: entered promiscuous mode
[  458.833927][ T9884] veth0_vlan: entered promiscuous mode
[  458.844977][ T9884] veth1_vlan: entered promiscuous mode
[  458.865721][ T9884] veth0_macvtap: entered promiscuous mode
[  459.128215][ T9904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.130043][ T9904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.712898][ T9884] veth1_macvtap: entered promiscuous mode
[  460.562980][   T54] Bluetooth: hci6: command tx timeout
[  460.582170][ T9904] team0: Port device team_slave_0 added
[  460.583830][ T9904] team0: Port device team_slave_1 added
[  460.745384][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.745406][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.745416][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.745427][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.745436][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.745448][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.745459][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.745471][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.745481][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.745493][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.746427][ T9884] batman_adv: batadv0: Interface activated: batadv_slave_0
[  460.748144][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  460.748160][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.748170][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  460.748181][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.748190][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  460.748202][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.748214][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  460.748225][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.748236][ T9884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  460.748250][ T9884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.770239][ T9884] batman_adv: batadv0: Interface activated: batadv_slave_1
[  460.774779][ T9904] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.774793][ T9904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.774814][ T9904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  460.776105][ T9904] batman_adv: batadv0: Adding interface: batadv_slave_1
[  460.776118][ T9904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.776138][ T9904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  460.789832][ T9965] netlink: 12 bytes leftover after parsing attributes in process `syz.2.988'.
[  460.833407][ T9884] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  460.833475][ T9884] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  460.833498][ T9884] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  460.833521][ T9884] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  460.859888][ T9966] xt_hashlimit: max too large, truncated to 1048576
[  460.873257][   T54] Bluetooth: hci1: command tx timeout
[  460.892381][ T9904] hsr_slave_0: entered promiscuous mode
[  460.897104][ T9904] hsr_slave_1: entered promiscuous mode
[  460.901483][ T9904] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  460.901546][ T9904] Cannot create hsr debugfs directory
[  461.009865][ T6130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  461.009885][ T6130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  461.132586][ T6899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  461.132670][ T6899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  461.302848][ T9904] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  461.315658][ T9904] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  461.323654][ T9904] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  461.338858][ T9904] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  462.603375][   T54] Bluetooth: hci6: command tx timeout
[  462.933172][ T9904] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.940323][ T9904] 8021q: adding VLAN 0 to HW filter on device team0
[  463.042958][ T6899] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.043041][ T6899] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.087302][ T6919] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.087376][ T6919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  463.098825][ T9989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.994'.
[  463.142346][ T9989] syzkaller1: entered promiscuous mode
[  463.142367][ T9989] syzkaller1: entered allmulticast mode
[  463.203200][ T9904] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  464.221684][T10006] netlink: 32 bytes leftover after parsing attributes in process `syz.7.998'.
[  464.954415][   T54] Bluetooth: hci6: command tx timeout
[  465.191135][ T5882] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  465.702591][ T5882] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  465.711333][ T5882] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  465.731284][ T5882] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  465.771433][ T5882] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  465.784744][ T5882] usb 7-1: config 0 interface 0 has no altsetting 0
[  465.798015][ T9904] 8021q: adding VLAN 0 to HW filter on device batadv0
[  466.077401][T10017] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1000'.
[  466.112819][ T5882] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  466.122560][ T5882] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  466.143012][ T5882] usb 7-1: Product: syz
[  466.179044][ T5882] usb 7-1: Manufacturer: syz
[  466.218766][T10017] xt_hashlimit: max too large, truncated to 1048576
[  466.448475][ T5882] usb 7-1: SerialNumber: syz
[  466.966816][ T5882] usb 7-1: config 0 descriptor??
[  467.007760][ T5882] usb 7-1: can't set config #0, error -71
[  467.452303][ T5882] usb 7-1: USB disconnect, device number 13
[  467.534662][ T9904] veth0_vlan: entered promiscuous mode
[  467.545184][ T9904] veth1_vlan: entered promiscuous mode
[  467.566229][ T9904] veth0_macvtap: entered promiscuous mode
[  467.574978][ T9904] veth1_macvtap: entered promiscuous mode
[  467.589147][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.640435][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.686267][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.708798][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.793656][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.860396][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.906877][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  467.949684][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.977711][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  468.019376][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.053587][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  468.081863][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.127297][ T9904] batman_adv: batadv0: Interface activated: batadv_slave_0
[  468.246491][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.306554][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.367191][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.424689][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.468529][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.509172][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.547725][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.578776][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.609818][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.637808][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.674498][ T9904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  468.708253][ T9904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  468.748106][ T9904] batman_adv: batadv0: Interface activated: batadv_slave_1
[  468.824723][ T9904] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  468.878973][ T9904] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  468.928317][ T9904] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  469.126661][ T9904] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.007369][T10047] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  470.044095][T10055] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1008'.
[  470.371789][T10060] xt_CT: You must specify a L4 protocol and not use inversions on it
[  470.541442][ T6899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.550576][ T6899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.721479][ T5882] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  470.909307][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.075573][ T5882] usb 3-1: Using ep0 maxpacket: 16
[  471.111275][ T5882] usb 3-1: device descriptor read/all, error -61
[  471.131830][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  472.087428][ T5882] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  472.301320][ T5882] usb 3-1: device descriptor read/64, error -71
[  472.414908][ T5882] usb usb3-port1: attempt power cycle
[  473.421143][ T5882] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  473.475328][ T5882] usb 3-1: device descriptor read/8, error -71
[  475.685548][T10111] overlayfs: missing 'lowerdir'
[  475.690748][T10101] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1019'.
[  476.802835][T10122] __vm_enough_memory: pid: 10122, comm: syz.2.1024, bytes: 548988588032 not enough memory for the allocation
[  479.239879][ T6919] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.534216][T10142] FAULT_INJECTION: forcing a failure.
[  479.534216][T10142] name failslab, interval 1, probability 0, space 0, times 0
[  479.549735][T10142] CPU: 0 UID: 0 PID: 10142 Comm: syz.7.1031 Not tainted 6.12.0-syzkaller #0
[  479.558470][T10142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  479.568566][T10142] Call Trace:
[  479.571879][T10142]  <TASK>
[  479.574838][T10142]  dump_stack_lvl+0x241/0x360
[  479.579562][T10142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.584829][T10142]  ? __pfx__printk+0x10/0x10
[  479.589460][T10142]  ? __kmalloc_noprof+0xb0/0x400
[  479.594437][T10142]  ? __pfx___might_resched+0x10/0x10
[  479.599770][T10142]  should_fail_ex+0x3b0/0x4e0
[  479.604486][T10142]  ? sock_kmalloc+0xd7/0x160
[  479.609122][T10142]  should_failslab+0xac/0x100
[  479.613835][T10142]  ? sock_kmalloc+0xd7/0x160
[  479.618490][T10142]  __kmalloc_noprof+0xd8/0x400
[  479.623286][T10142]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  479.629043][T10142]  ? do_raw_spin_unlock+0x13c/0x8b0
[  479.634284][T10142]  sock_kmalloc+0xd7/0x160
[  479.638750][T10142]  hash_recvmsg+0x287/0x7d0
[  479.643290][T10142]  ? __pfx_hash_recvmsg_nokey+0x10/0x10
[  479.648874][T10142]  sock_recvmsg_nosec+0x18e/0x1d0
[  479.653941][T10142]  ____sys_recvmsg+0x3cd/0x480
[  479.658757][T10142]  ? __pfx_____sys_recvmsg+0x10/0x10
[  479.664111][T10142]  ? __might_fault+0xaa/0x120
[  479.668841][T10142]  do_recvmmsg+0x45e/0xad0
[  479.673328][T10142]  ? __pfx_do_recvmmsg+0x10/0x10
[  479.678330][T10142]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  479.684264][T10142]  ? ksys_write+0x229/0x2b0
[  479.688807][T10142]  ? __pfx_lock_release+0x10/0x10
[  479.693884][T10142]  ? vfs_write+0x730/0xd30
[  479.698360][T10142]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  479.704398][T10142]  __x64_sys_recvmmsg+0x199/0x250
[  479.709470][T10142]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  479.715060][T10142]  ? do_syscall_64+0x100/0x230
[  479.719871][T10142]  ? do_syscall_64+0xb6/0x230
[  479.724603][T10142]  do_syscall_64+0xf3/0x230
[  479.729146][T10142]  ? clear_bhb_loop+0x35/0x90
[  479.733876][T10142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.739809][T10142] RIP: 0033:0x7fa7e9d7e759
[  479.744256][T10142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.763897][T10142] RSP: 002b:00007fa7eac47038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  479.772353][T10142] RAX: ffffffffffffffda RBX: 00007fa7e9f35f80 RCX: 00007fa7e9d7e759
[  479.776599][ T6919] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.780341][T10142] RDX: 000000000000049f RSI: 0000000020006100 RDI: 0000000000000004
[  479.798567][T10142] RBP: 00007fa7eac47090 R08: 0000000000000000 R09: 0000000000000000
[  479.806581][T10142] R10: 000000000000f0ff R11: 0000000000000246 R12: 0000000000000002
[  479.814600][T10142] R13: 0000000000000000 R14: 00007fa7e9f35f80 R15: 00007fffa0b55168
[  479.816264][T10149] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.1032'.
[  479.822608][T10142]  </TASK>
[  479.855620][T10149] netlink: zone id is out of range
[  479.867418][T10149] netlink: zone id is out of range
[  479.877232][T10149] netlink: zone id is out of range
[  479.883270][T10149] netlink: zone id is out of range
[  479.962029][T10149] netlink: zone id is out of range
[  480.497388][T10149] netlink: zone id is out of range
[  480.538715][T10149] netlink: zone id is out of range
[  480.544529][T10149] netlink: zone id is out of range
[  480.549690][T10149] netlink: zone id is out of range
[  480.558410][T10149] netlink: zone id is out of range
[  480.669458][ T6919] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.763396][T10154] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1034'.
[  481.638401][ T6919] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.009518][ T6919] gretap0: left allmulticast mode
[  483.098394][ T6919] gretap0: left promiscuous mode
[  483.151595][ T6919] bridge0: port 3(gretap0) entered disabled state
[  483.231122][ T6919] bridge_slave_1: left allmulticast mode
[  483.236840][ T6919] bridge_slave_1: left promiscuous mode
[  483.263054][ T6919] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.282560][ T6919] bridge_slave_0: left allmulticast mode
[  483.288256][ T6919] bridge_slave_0: left promiscuous mode
[  483.301819][ T6919] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.686403][T10197] overlayfs: missing 'lowerdir'
[  483.735176][T10176] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1040'.
[  485.132822][ T6919] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  485.244529][ T6919] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  485.442284][ T6919] bond0 (unregistering): Released all slaves
[  485.592956][T10186] netlink: 80 bytes leftover after parsing attributes in process `syz.6.1043'.
[  485.604354][T10186] netlink: 80 bytes leftover after parsing attributes in process `syz.6.1043'.
[  485.614898][ T6919] ���: left promiscuous mode
[  485.674185][T10176] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1040'.
[  485.683661][T10205] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1047'.
[  485.946005][T10212] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.1049'.
[  485.955845][T10212] net_ratelimit: 672 callbacks suppressed
[  485.955864][T10212] netlink: zone id is out of range
[  485.966900][T10212] netlink: zone id is out of range
[  485.972100][T10212] netlink: zone id is out of range
[  485.977373][T10212] netlink: zone id is out of range
[  485.982569][T10212] netlink: zone id is out of range
[  485.988585][T10212] netlink: zone id is out of range
[  485.994080][T10212] netlink: zone id is out of range
[  485.999255][T10212] netlink: zone id is out of range
[  486.004541][T10212] netlink: zone id is out of range
[  486.011673][T10212] netlink: zone id is out of range
[  486.608752][T10215] team0: Port device team_slave_1 removed
[  487.592320][T10215] syz.6.1048 (10215) used greatest stack depth: 18928 bytes left
[  489.645462][T10248] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  494.106724][T10295] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1065'.
[  495.838113][ T6919] hsr_slave_0: left promiscuous mode
[  495.864366][ T6919] hsr_slave_1: left promiscuous mode
[  496.021410][ T6919] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.028916][ T6919] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.178134][ T6919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.185684][ T6919] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.206815][ T6919] veth1_macvtap: left promiscuous mode
[  496.216884][ T6919] veth0_macvtap: left promiscuous mode
[  496.226285][ T6919] veth1_vlan: left promiscuous mode
[  496.231794][ T6919] veth0_vlan: left promiscuous mode
[  496.311289][ T5865] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  496.497255][ T5865] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  496.534946][ T5865] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  496.544021][ T5865] usb 8-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  496.564077][ T5865] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  496.621799][ T5865] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  496.631128][ T5865] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  496.639164][ T5865] usb 8-1: SerialNumber: syz
[  496.685738][T10309] Falling back ldisc for ptm0.
[  496.839125][T10326] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1073'.
[  496.885531][ T5865] usb 8-1: 0:2 : does not exist
[  496.890628][ T5865] usb 8-1: unit 5 not found!
[  496.935879][ T5865] usb 8-1: USB disconnect, device number 2
[  498.024558][ T6919] team0 (unregistering): Port device team_slave_1 removed
[  498.163847][ T6919] team0 (unregistering): Port device team_slave_0 removed
[  500.567707][ T1202] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[  500.894431][ T1202] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  500.911501][ T1202] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2
[  500.969934][ T1202] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  501.024098][ T1202] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.133438][ T1202] usb 8-1: config 0 descriptor??
[  501.144453][ T1202] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  501.161693][ T1202] dvb-usb: bulk message failed: -22 (3/0)
[  501.222475][ T1202] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  501.242168][ T1202] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  501.249266][ T1202] usb 8-1: media controller created
[  501.270902][ T1202] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  501.294726][ T1202] dvb-usb: bulk message failed: -22 (6/0)
[  501.307631][ T1202] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  501.319271][ T1202] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input18
[  501.343685][ T1202] dvb-usb: schedule remote query interval to 150 msecs.
[  501.350687][ T1202] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  501.552849][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  501.559092][ T5878] dvb-usb: error while querying for an remote control event.
[  501.681960][T10367] netlink: 268 bytes leftover after parsing attributes in process `syz.7.1082'.
[  501.856121][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  501.866466][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  502.408309][ T1202] dvb-usb: bulk message failed: -22 (1/0)
[  502.414510][ T1202] dvb-usb: error while querying for an remote control event.
[  502.581741][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  502.587648][ T5878] dvb-usb: error while querying for an remote control event.
[  502.760219][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  502.777089][ T5878] dvb-usb: error while querying for an remote control event.
[  502.941594][ T5878] dvb-usb: bulk message failed: -22 (1/0)
[  502.947482][ T5878] dvb-usb: error while querying for an remote control event.
[  503.011126][ T5932] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  503.304910][ T5882] dvb-usb: bulk message failed: -22 (1/0)
[  503.307473][ T5932] usb 7-1: Using ep0 maxpacket: 32
[  503.317340][ T5882] dvb-usb: error while querying for an remote control event.
[  503.337066][ T5932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.400048][ T5932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  503.869959][ T5882] dvb-usb: bulk message failed: -22 (1/0)
[  503.877068][ T5882] dvb-usb: error while querying for an remote control event.
[  503.888030][ T5932] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  503.888299][ T5878] usb 8-1: USB disconnect, device number 3
[  503.979733][ T5878] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  504.006281][ T5932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.040019][ T1202] hid-generic 0083:0000:0000.000E: unknown main item tag 0x0
[  504.062723][ T1202] hid-generic 0083:0000:0000.000E: unknown main item tag 0x0
[  504.063965][ T5932] usb 7-1: config 0 descriptor??
[  504.076596][ T1202] hid-generic 0083:0000:0000.000E: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[  504.102210][ T5932] hub 7-1:0.0: USB hub found
[  504.291830][ T5878] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  504.302292][ T5932] hub 7-1:0.0: 1 port detected
[  504.463370][ T5878] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  504.479450][ T5878] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  504.506026][ T5878] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  504.568982][ T5878] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  504.589652][ T5878] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.635024][ T5878] usb 8-1: Product: syz
[  504.662961][ T5878] usb 8-1: Manufacturer: syz
[  504.681696][ T5878] usb 8-1: SerialNumber: syz
[  504.727894][ T5932] usb 7-1: USB disconnect, device number 14
[  504.773808][ T6919] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  504.805535][ T6919] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.906201][ T5878] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  504.970800][ T6919] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  505.010442][ T6919] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.113369][ T1202] usb 8-1: USB disconnect, device number 4
[  505.121961][ T1202] usblp0: removed
[  505.206944][ T6919] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  505.226769][ T6919] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.446382][ T6919] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  505.471658][ T6919] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.702230][T10371] mkiss: ax0: crc mode is auto.
[  505.859281][ T6919] bridge_slave_1: left allmulticast mode
[  505.888937][ T6919] bridge_slave_1: left promiscuous mode
[  505.927920][ T6919] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.035363][ T6919] bridge_slave_0: left allmulticast mode
[  506.078891][ T6919] bridge_slave_0: left promiscuous mode
[  506.101888][ T6919] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.375537][T10413] FAULT_INJECTION: forcing a failure.
[  506.375537][T10413] name failslab, interval 1, probability 0, space 0, times 0
[  506.451225][T10413] CPU: 0 UID: 0 PID: 10413 Comm: syz.2.1095 Not tainted 6.12.0-syzkaller #0
[  506.459971][T10413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  506.470038][T10413] Call Trace:
[  506.473335][T10413]  <TASK>
[  506.476265][T10413]  dump_stack_lvl+0x241/0x360
[  506.480965][T10413]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.486204][T10413]  ? __pfx__printk+0x10/0x10
[  506.490839][T10413]  ? ref_tracker_alloc+0x332/0x490
[  506.496012][T10413]  should_fail_ex+0x3b0/0x4e0
[  506.500702][T10413]  ? skb_clone+0x20c/0x390
[  506.505147][T10413]  should_failslab+0xac/0x100
[  506.509858][T10413]  ? skb_clone+0x20c/0x390
[  506.514288][T10413]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  506.519691][T10413]  skb_clone+0x20c/0x390
[  506.523956][T10413]  __netlink_deliver_tap+0x3cc/0x7c0
[  506.529271][T10413]  ? netlink_deliver_tap+0x2e/0x1b0
[  506.534476][T10413]  netlink_deliver_tap+0x19d/0x1b0
[  506.539597][T10413]  netlink_unicast+0x7c4/0x990
[  506.544375][T10413]  ? __pfx_netlink_unicast+0x10/0x10
[  506.549686][T10413]  ? __virt_addr_valid+0x183/0x530
[  506.554810][T10413]  ? __check_object_size+0x48e/0x900
[  506.560122][T10413]  netlink_sendmsg+0x8e4/0xcb0
[  506.564904][T10413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.570216][T10413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.575506][T10413]  __sock_sendmsg+0x221/0x270
[  506.580184][T10413]  ____sys_sendmsg+0x52a/0x7e0
[  506.584971][T10413]  ? __pfx_____sys_sendmsg+0x10/0x10
[  506.590274][T10413]  __sys_sendmsg+0x292/0x380
[  506.594881][T10413]  ? __pfx___sys_sendmsg+0x10/0x10
[  506.600024][T10413]  ? __pfx_vfs_write+0x10/0x10
[  506.604852][T10413]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  506.611236][T10413]  ? do_syscall_64+0x100/0x230
[  506.616024][T10413]  ? do_syscall_64+0xb6/0x230
[  506.620719][T10413]  do_syscall_64+0xf3/0x230
[  506.625266][T10413]  ? clear_bhb_loop+0x35/0x90
[  506.629959][T10413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.635867][T10413] RIP: 0033:0x7fa953b7e759
[  506.640295][T10413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.659929][T10413] RSP: 002b:00007fa954a53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  506.668355][T10413] RAX: ffffffffffffffda RBX: 00007fa953d35f80 RCX: 00007fa953b7e759
[  506.676357][T10413] RDX: 0000000000000000 RSI: 0000000020000dc0 RDI: 0000000000000003
[  506.684337][T10413] RBP: 00007fa954a53090 R08: 0000000000000000 R09: 0000000000000000
[  506.692316][T10413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.700295][T10413] R13: 0000000000000000 R14: 00007fa953d35f80 R15: 00007ffe5c4571d8
[  506.708301][T10413]  </TASK>
[  506.711451][    C0] vkms_vblank_simulate: vblank timer overrun
[  507.403540][T10421] netlink: 'syz.2.1097': attribute type 1 has an invalid length.
[  508.800113][T10428] MTD: Attempt to mount non-MTD device "/dev/nbd2"
[  508.818427][T10428] cramfs: wrong magic
[  509.889310][T10438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1101'.
[  510.360660][ T6919] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  510.388000][ T6919] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  510.408206][ T6919] bond0 (unregistering): Released all slaves
[  510.456441][T10436] netlink: 'syz.0.1101': attribute type 29 has an invalid length.
[  510.475676][T10441] pim6reg: entered allmulticast mode
[  511.788857][T10448] netlink: 'syz.0.1104': attribute type 1 has an invalid length.
[  511.838075][T10448] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1104'.
[  513.558876][T10479] IPv6: NLM_F_CREATE should be specified when creating new route
[  513.591931][T10479] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1109'.
[  515.828861][ T6919] hsr_slave_0: left promiscuous mode
[  515.835500][ T6919] hsr_slave_1: left promiscuous mode
[  515.844324][ T6919] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.852479][ T6919] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.868056][ T6919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  516.681870][ T6919] batman_adv: batadv0: Removing interface: batadv_slave_1
[  516.795094][ T6919] veth1_macvtap: left promiscuous mode
[  516.813188][ T6919] veth0_macvtap: left promiscuous mode
[  516.988000][T10508] tracefs: Unknown parameter '�p0x0000000000000000'
[  517.009486][ T6919] veth1_vlan: left promiscuous mode
[  517.072575][ T6919] veth0_vlan: left promiscuous mode
[  518.876783][ T6919] team0 (unregistering): Port device team_slave_1 removed
[  518.924257][ T6919] team0 (unregistering): Port device team_slave_0 removed
[  519.412650][T10500] netlink: 'syz.8.1117': attribute type 10 has an invalid length.
[  519.420674][T10500] bridge0: port 3(team0) entered blocking state
[  519.429372][T10500] bridge0: port 3(team0) entered disabled state
[  519.435847][T10500] team0: entered allmulticast mode
[  519.441006][T10500] team_slave_0: entered allmulticast mode
[  519.446742][T10500] team_slave_1: entered allmulticast mode
[  519.453725][T10500] team0: entered promiscuous mode
[  519.458765][T10500] team_slave_0: entered promiscuous mode
[  519.464637][T10500] team_slave_1: entered promiscuous mode
[  519.470752][T10500] bridge0: port 3(team0) entered blocking state
[  519.478182][T10500] bridge0: port 3(team0) entered forwarding state
[  519.757303][T10535] tracefs: Unknown parameter '�p0x0000000000000000'
[  521.193342][T10550] netlink: 'syz.8.1131': attribute type 1 has an invalid length.
[  522.050281][T10563] FAULT_INJECTION: forcing a failure.
[  522.050281][T10563] name failslab, interval 1, probability 0, space 0, times 0
[  522.063418][T10563] CPU: 1 UID: 0 PID: 10563 Comm: syz.6.1138 Not tainted 6.12.0-syzkaller #0
[  522.072135][T10563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  522.082218][T10563] Call Trace:
[  522.085529][T10563]  <TASK>
[  522.088495][T10563]  dump_stack_lvl+0x241/0x360
[  522.093222][T10563]  ? __pfx_dump_stack_lvl+0x10/0x10
[  522.098463][T10563]  ? __pfx__printk+0x10/0x10
[  522.103093][T10563]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  522.108678][T10563]  ? __pfx___might_resched+0x10/0x10
[  522.114009][T10563]  should_fail_ex+0x3b0/0x4e0
[  522.118722][T10563]  ? getname_flags+0xb7/0x540
[  522.123458][T10563]  should_failslab+0xac/0x100
[  522.128187][T10563]  ? getname_flags+0xb7/0x540
[  522.132911][T10563]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  522.138328][T10563]  getname_flags+0xb7/0x540
[  522.142876][T10563]  __x64_sys_newlstat+0xdb/0x180
[  522.147851][T10563]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  522.153872][T10563]  ? __pfx___x64_sys_newlstat+0x10/0x10
[  522.159473][T10563]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  522.165849][T10563]  ? do_syscall_64+0x100/0x230
[  522.170656][T10563]  ? do_syscall_64+0xb6/0x230
[  522.175388][T10563]  do_syscall_64+0xf3/0x230
[  522.179934][T10563]  ? clear_bhb_loop+0x35/0x90
[  522.184653][T10563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.190584][T10563] RIP: 0033:0x7f065d17e759
[  522.195033][T10563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  522.214681][T10563] RSP: 002b:00007f065dff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  522.223144][T10563] RAX: ffffffffffffffda RBX: 00007f065d335f80 RCX: 00007f065d17e759
[  522.231153][T10563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000dc0
[  522.239157][T10563] RBP: 00007f065dff1090 R08: 0000000000000000 R09: 0000000000000000
[  522.247169][T10563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  522.255186][T10563] R13: 0000000000000000 R14: 00007f065d335f80 R15: 00007ffd9ab35f58
[  522.263207][T10563]  </TASK>
[  522.266266][    C1] vkms_vblank_simulate: vblank timer overrun
[  524.554501][T10589] tipc: Started in network mode
[  524.571669][T10589] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  524.642018][T10589] tipc: Enabled bearer <udp:syz0>, priority 10
[  524.692095][T10598] netlink: 'syz.2.1149': attribute type 1 has an invalid length.
[  524.740727][T10598] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1149'.
[  524.940390][T10601] tracefs: Unknown parameter '�p0x0000000000000000'
[  524.991792][T10595] netlink: 'syz.2.1149': attribute type 1 has an invalid length.
[  525.121060][T10595] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1149'.
[  525.838986][ T1202] tipc: Node number set to 1
[  526.766507][T10607] IPVS: Error joining to the multicast group
[  528.721078][ T5932] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  528.912285][ T5932] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.961208][ T5932] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  528.991105][ T5932] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  529.000350][ T5932] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.087090][ T5932] usb 9-1: config 0 descriptor??
[  529.133255][ T5932] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  529.157040][ T5932] dvb-usb: bulk message failed: -22 (3/0)
[  529.200486][ T5932] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  529.221848][ T5932] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  529.234715][ T5932] usb 9-1: media controller created
[  529.276591][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  529.320198][ T5932] dvb-usb: bulk message failed: -22 (6/0)
[  529.576334][ T5932] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  529.585787][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input19
[  529.600021][ T5932] dvb-usb: schedule remote query interval to 150 msecs.
[  529.608049][ T5932] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  529.685003][T10638] netlink: 268 bytes leftover after parsing attributes in process `syz.8.1156'.
[  530.326463][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  530.333909][ T5932] dvb-usb: error while querying for an remote control event.
[  530.514881][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  530.520730][ T5932] dvb-usb: error while querying for an remote control event.
[  530.742156][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  530.747978][ T5932] dvb-usb: error while querying for an remote control event.
[  530.945644][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  530.993690][ T5932] dvb-usb: error while querying for an remote control event.
[  531.171163][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  531.176976][ T5932] dvb-usb: error while querying for an remote control event.
[  531.505478][   T46] dvb-usb: bulk message failed: -22 (1/0)
[  531.511394][   T46] dvb-usb: error while querying for an remote control event.
[  531.529045][   T46] usb 9-1: USB disconnect, device number 2
[  531.563246][   T46] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  534.481274][ T5903] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  534.521275][ T5932] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  534.834085][ T5903] usb 8-1: New USB device found, idVendor=0af7, idProduct=0101, bcdDevice=2d.62
[  534.845383][ T5903] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.859246][ T5903] usb 8-1: config 0 descriptor??
[  534.864388][   T46] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  534.872156][ T5932] usb 1-1: Using ep0 maxpacket: 32
[  534.889706][ T5903] usb 8-1: selecting invalid altsetting 1
[  534.895804][ T5903] flexcop_usb: set interface failed.
[  534.902070][ T5903] b2c2_flexcop_usb 8-1:0.0: probe with driver b2c2_flexcop_usb failed with error -22
[  534.974945][T10689] binder: 10688:10689 ioctl c0306201 20000140 returned -14
[  535.043779][   T46] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  535.054934][ T9492] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  535.068342][   T46] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  535.079823][   T46] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  535.090507][   T46] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.105912][   T46] usb 7-1: config 0 descriptor??
[  535.127647][ T5882] usb 8-1: USB disconnect, device number 5
[  535.130105][   T46] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  535.140488][   T46] dvb-usb: bulk message failed: -22 (3/0)
[  535.155797][   T46] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  535.174326][   T46] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  535.182009][   T46] usb 7-1: media controller created
[  535.189237][   T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  535.211688][   T46] dvb-usb: bulk message failed: -22 (6/0)
[  535.217791][   T46] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  535.228388][   T46] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input20
[  535.242091][   T46] dvb-usb: schedule remote query interval to 150 msecs.
[  535.249507][   T46] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  535.262265][ T9492] usb 3-1: config 0 has an invalid interface number: 18 but max is 0
[  535.272202][ T9492] usb 3-1: config 0 has no interface number 0
[  535.280208][ T9492] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.294265][ T9492] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  535.309773][ T9492] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  535.319986][ T9492] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  535.336861][ T9492] usb 3-1: Manufacturer: syz
[  535.338888][T10695] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1179'.
[  535.585821][   T46] dvb-usb: bulk message failed: -22 (1/0)
[  535.592512][   T46] dvb-usb: error while querying for an remote control event.
[  535.602804][ T9492] usb 3-1: config 0 descriptor??
[  535.705480][T10697] netlink: 268 bytes leftover after parsing attributes in process `syz.6.1173'.
[  536.561638][   T46] dvb-usb: bulk message failed: -22 (1/0)
[  536.572367][   T46] dvb-usb: error while querying for an remote control event.
[  536.612016][ T9492] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.18/0003:054C:03D5.000F/input/input21
[  536.634121][ T9492] sony 0003:054C:03D5.000F: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.2-1/input18
[  536.752359][T10706] syz.7.1180: attempt to access beyond end of device
[  536.752359][T10706] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  536.765658][T10706] (syz.7.1180,10706,1):ocfs2_get_sector:1769 ERROR: status = -5
[  536.773539][T10706] (syz.7.1180,10706,1):ocfs2_sb_probe:749 ERROR: status = -5
[  536.781518][   T25] dvb-usb: bulk message failed: -22 (1/0)
[  536.807920][   T25] dvb-usb: error while querying for an remote control event.
[  536.817096][T10706] (syz.7.1180,10706,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  536.823922][ T1202] usb 3-1: USB disconnect, device number 34
[  536.836785][T10706] (syz.7.1180,10706,1):ocfs2_fill_super:1178 ERROR: status = -5
[  536.991519][   T25] dvb-usb: bulk message failed: -22 (1/0)
[  536.997565][   T25] dvb-usb: error while querying for an remote control event.
[  537.061203][ T9492] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  537.161220][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  537.167586][ T5903] dvb-usb: error while querying for an remote control event.
[  537.245644][ T9492] usb 9-1: config 0 has an invalid interface number: 18 but max is 0
[  537.264505][ T9492] usb 9-1: config 0 has no interface number 0
[  537.272456][ T5932] usb 1-1: unable to get BOS descriptor or descriptor too short
[  537.281667][ T5932] usb 1-1: unable to read config index 0 descriptor/start: -71
[  537.289806][ T5932] usb 1-1: can't read configurations, error -71
[  537.331386][ T9492] usb 9-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  537.360482][T10710] Mount JFS Failure: -22
[  537.365857][T10710] jfs_mount failed w/return code = -22
[  537.511572][ T5903] dvb-usb: bulk message failed: -22 (1/0)
[  537.517651][ T9492] usb 9-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  537.566141][ T5903] dvb-usb: error while querying for an remote control event.
[  537.632421][ T1202] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  537.893101][ T1202] usb 8-1: Using ep0 maxpacket: 8
[  537.997583][ T1202] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  538.102556][   T25] usb 7-1: USB disconnect, device number 15
[  538.103101][ T1202] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.113857][ T9492] usb 9-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  538.126027][ T9492] usb 9-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  538.134754][ T9492] usb 9-1: Manufacturer: syz
[  538.141632][ T9492] usb 9-1: config 0 descriptor??
[  538.158713][ T1202] usb 8-1: Product: syz
[  538.168714][ T1202] usb 8-1: Manufacturer: syz
[  538.174245][   T25] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  538.178850][ T1202] usb 8-1: SerialNumber: syz
[  538.225384][ T1202] usb 8-1: config 0 descriptor??
[  538.472349][ T1202] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  538.513440][ T5865] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  538.561322][ T9492] input: syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.18/0003:054C:03D5.0010/input/input22
[  538.576856][ T9492] sony 0003:054C:03D5.0010: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.8-1/input18
[  538.711572][ T5932] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  538.734288][ T5865] usb 3-1: config 0 has an invalid interface number: 18 but max is 0
[  538.750666][ T5865] usb 3-1: config 0 has no interface number 0
[  538.755376][T10705] FAULT_INJECTION: forcing a failure.
[  538.755376][T10705] name failslab, interval 1, probability 0, space 0, times 0
[  538.758562][ T5865] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  538.782259][ T5865] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  538.793670][T10705] CPU: 1 UID: 0 PID: 10705 Comm: syz.8.1181 Not tainted 6.12.0-syzkaller #0
[  538.802405][T10705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  538.812496][T10705] Call Trace:
[  538.815811][T10705]  <TASK>
[  538.818770][T10705]  dump_stack_lvl+0x241/0x360
[  538.823517][T10705]  ? __pfx_dump_stack_lvl+0x10/0x10
[  538.828765][T10705]  ? __pfx__printk+0x10/0x10
[  538.833401][T10705]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  538.838994][T10705]  ? __pfx___might_resched+0x10/0x10
[  538.844345][T10705]  ? 0xffffffffa0003b40
[  538.848540][T10705]  should_fail_ex+0x3b0/0x4e0
[  538.853270][T10705]  ? alloc_empty_file+0x9e/0x1d0
[  538.858252][T10705]  should_failslab+0xac/0x100
[  538.862969][T10705]  ? alloc_empty_file+0x9e/0x1d0
[  538.867954][T10705]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  538.873371][T10705]  alloc_empty_file+0x9e/0x1d0
[  538.878177][T10705]  path_openat+0x107/0x3590
[  538.882739][T10705]  ? stack_trace_save+0x118/0x1d0
[  538.887802][T10705]  ? __lock_acquire+0x1384/0x2050
[  538.892877][T10705]  ? __pfx_stack_trace_save+0x10/0x10
[  538.898302][T10705]  ? mark_lock+0x9a/0x360
[  538.902676][T10705]  ? __lock_acquire+0x1384/0x2050
[  538.907853][T10705]  ? __pfx_path_openat+0x10/0x10
[  538.912866][T10705]  do_filp_open+0x235/0x490
[  538.917434][T10705]  ? __pfx_do_filp_open+0x10/0x10
[  538.922536][T10705]  ? _raw_spin_unlock+0x28/0x50
[  538.927437][T10705]  ? alloc_fd+0x5a1/0x640
[  538.931851][T10705]  do_sys_openat2+0x13e/0x1d0
[  538.936575][T10705]  ? __pfx_do_sys_openat2+0x10/0x10
[  538.941856][T10705]  __x64_sys_openat+0x247/0x2a0
[  538.946798][T10705]  ? __pfx___x64_sys_openat+0x10/0x10
[  538.952229][T10705]  ? do_syscall_64+0x100/0x230
[  538.957081][T10705]  ? do_syscall_64+0xb6/0x230
[  538.961886][T10705]  do_syscall_64+0xf3/0x230
[  538.966439][T10705]  ? clear_bhb_loop+0x35/0x90
[  538.971171][T10705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.977112][T10705] RIP: 0033:0x7f3e8617e759
[  538.981565][T10705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.001223][T10705] RSP: 002b:00007f3e86f8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  539.009694][T10705] RAX: ffffffffffffffda RBX: 00007f3e86335f80 RCX: 00007f3e8617e759
[  539.017720][T10705] RDX: 0000000000000002 RSI: 0000000020000080 RDI: ffffffffffffff9c
[  539.025835][T10705] RBP: 00007f3e86f8b090 R08: 0000000000000000 R09: 0000000000000000
[  539.033883][T10705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.041903][T10705] R13: 0000000000000000 R14: 00007f3e86335f80 R15: 00007ffcc27cb178
[  539.049932][T10705]  </TASK>
[  539.054811][ T5932] usb 1-1: device descriptor read/64, error -71
[  539.067970][ T5865] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  539.079524][ T5865] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  539.099826][ T5865] usb 3-1: Manufacturer: syz
[  539.106706][ T9492] usb 9-1: USB disconnect, device number 3
[  539.121694][ T5865] usb 3-1: config 0 descriptor??
[  539.182064][ T5932] usb usb1-port1: attempt power cycle
[  539.521297][ T5932] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  539.541909][ T5932] usb 1-1: device descriptor read/8, error -71
[  539.577820][ T5865] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.18/0003:054C:03D5.0011/input/input23
[  539.645190][ T5865] sony 0003:054C:03D5.0011: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.2-1/input18
[  539.811823][ T5932] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  539.832661][    T8] usb 3-1: USB disconnect, device number 35
[  539.903035][ T5932] usb 1-1: device descriptor read/8, error -71
[  540.042399][ T5932] usb usb1-port1: unable to enumerate USB device
[  540.363376][ T1202] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  540.405923][T10731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  540.604078][ T5932] usb 8-1: USB disconnect, device number 6
[  540.655119][T10731] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1188'.
[  540.788158][T10737] overlayfs: missing 'lowerdir'
[  541.694320][T10750] tracefs: Unknown parameter '�p0x0000000000000000'
[  546.560987][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  546.561010][   T30] audit: type=1326 audit(1731977508.353:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10785 comm="syz.8.1204" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e8617e759 code=0x0
[  546.658810][T10794] FAULT_INJECTION: forcing a failure.
[  546.658810][T10794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  546.701188][T10794] CPU: 1 UID: 0 PID: 10794 Comm: syz.7.1203 Not tainted 6.12.0-syzkaller #0
[  546.711578][T10794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  546.711618][T10794] Call Trace:
[  546.711629][T10794]  <TASK>
[  546.711641][T10794]  dump_stack_lvl+0x241/0x360
[  546.711683][T10794]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.711717][T10794]  ? __pfx__printk+0x10/0x10
[  546.711754][T10794]  ? snprintf+0xda/0x120
[  546.711793][T10794]  should_fail_ex+0x3b0/0x4e0
[  546.711825][T10794]  _copy_to_user+0x31/0xb0
[  546.711852][T10794]  simple_read_from_buffer+0xca/0x150
[  546.711888][T10794]  proc_fail_nth_read+0x1e9/0x250
[  546.711923][T10794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  546.711959][T10794]  ? rw_verify_area+0x55e/0x6f0
[  546.711989][T10794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  546.712021][T10794]  vfs_read+0x1fc/0xb70
[  546.712055][T10794]  ? fdget_pos+0x24e/0x320
[  546.712090][T10794]  ? __pfx_vfs_read+0x10/0x10
[  546.712116][T10794]  ? __tun_chr_ioctl+0x685/0x2400
[  546.712158][T10794]  ? __fget_files+0x3f3/0x470
[  546.712201][T10794]  ? fdget_pos+0x24e/0x320
[  546.712239][T10794]  ksys_read+0x183/0x2b0
[  546.712273][T10794]  ? __pfx_ksys_read+0x10/0x10
[  546.712316][T10794]  ? do_syscall_64+0x100/0x230
[  546.712352][T10794]  ? do_syscall_64+0xb6/0x230
[  546.712386][T10794]  do_syscall_64+0xf3/0x230
[  546.712418][T10794]  ? clear_bhb_loop+0x35/0x90
[  546.712452][T10794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.712479][T10794] RIP: 0033:0x7fa7e9d7d19c
[  546.712502][T10794] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  546.712524][T10794] RSP: 002b:00007fa7eac47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  546.712552][T10794] RAX: ffffffffffffffda RBX: 00007fa7e9f35f80 RCX: 00007fa7e9d7d19c
[  546.712571][T10794] RDX: 000000000000000f RSI: 00007fa7eac470a0 RDI: 0000000000000005
[  546.712588][T10794] RBP: 00007fa7eac47090 R08: 0000000000000000 R09: 0000000000000000
[  546.712604][T10794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.712620][T10794] R13: 0000000000000000 R14: 00007fa7e9f35f80 R15: 00007fffa0b55168
[  546.712655][T10794]  </TASK>
[  546.763674][ T5932] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  546.935997][ T5932] usb 3-1: Using ep0 maxpacket: 8
[  546.944049][ T5932] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  546.944085][ T5932] usb 3-1: config 0 has no interface number 0
[  546.944123][ T5932] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  546.944168][ T5932] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  546.944197][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.946961][ T5932] usb 3-1: config 0 descriptor??
[  546.968802][ T5932] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  547.161169][T10784] loop9: detected capacity change from 0 to 7
[  547.166487][T10784] Dev loop9: unable to read RDB block 7
[  547.166544][T10784]  loop9: unable to read partition table
[  547.166711][T10784] loop9: partition table beyond EOD, truncated
[  547.166735][T10784] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dƤ����ݡ�����
[  547.166735][T10784] 
) failed (rc=-5)
[  547.168382][ T5932] usb 3-1: USB disconnect, device number 36
[  547.171350][ T5932] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected
[  547.933013][T10796] tty tty1: ldisc open failed (-12), clearing slot 0
[  547.935899][T10813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  548.149058][T10817] tracefs: Unknown parameter '�p0x0000000000000000'
[  548.159412][T10813] netlink: 'syz.2.1211': attribute type 1 has an invalid length.
[  548.612880][T10813] netlink: 'syz.2.1211': attribute type 2 has an invalid length.
[  549.873675][T10845] NILFS (loop13): device size too small
[  550.033266][T10848] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  550.240470][T10856] netlink: 191416 bytes leftover after parsing attributes in process `syz.8.1223'.
[  550.283113][T10856] net_ratelimit: 672 callbacks suppressed
[  550.283247][T10856] netlink: zone id is out of range
[  550.297873][T10856] netlink: zone id is out of range
[  550.312348][T10856] netlink: zone id is out of range
[  550.328696][T10856] netlink: zone id is out of range
[  550.448687][T10856] netlink: zone id is out of range
[  550.652136][ T5882] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  550.801930][T10856] netlink: zone id is out of range
[  550.821525][ T5882] usb 1-1: Using ep0 maxpacket: 32
[  550.835725][ T5882] usb 1-1: config 0 has an invalid interface number: 54 but max is 0
[  550.882462][T10856] netlink: zone id is out of range
[  550.925520][ T5882] usb 1-1: config 0 has no interface number 0
[  550.988885][ T5882] usb 1-1: config 0 interface 54 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  551.090582][ T5882] usb 1-1: config 0 interface 54 has no altsetting 0
[  551.121809][T10856] netlink: zone id is out of range
[  551.127576][T10856] netlink: zone id is out of range
[  551.182354][ T5882] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  551.276507][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.311859][T10856] netlink: zone id is out of range
[  551.347377][ T5882] usb 1-1: Product: syz
[  551.354529][ T5882] usb 1-1: Manufacturer: syz
[  551.359445][ T5882] usb 1-1: SerialNumber: syz
[  551.432490][ T5882] usb 1-1: config 0 descriptor??
[  551.438350][T10857] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  552.682677][T10877] overlayfs: missing 'lowerdir'
[  552.852458][ T5882] ums_eneub6250 1-1:0.54: USB Mass Storage device detected
[  553.231759][ T5882] usb 1-1: USB disconnect, device number 34
[  553.465086][T10894] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.895665][T10894] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  554.878013][T10913] kvm: pic: non byte read
[  554.888480][T10913] kvm: pic: non byte read
[  554.897697][T10913] kvm: pic: non byte read
[  554.908143][T10913] kvm: pic: non byte read
[  554.939224][T10919] fuse: Bad value for 'fd'
[  554.988782][T10894] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.006577][T10913] kvm: pic: non byte read
[  555.022140][T10913] kvm: pic: non byte read
[  555.026691][T10913] kvm: pic: non byte read
[  555.081284][T10913] kvm: pic: non byte read
[  555.085914][T10913] kvm: pic: non byte read
[  555.090504][T10913] kvm: pic: non byte read
[  555.142385][T10894] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.862548][T10894] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  555.889288][T10894] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  555.927971][T10894] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  555.945249][T10894] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  556.115390][T10930] FAULT_INJECTION: forcing a failure.
[  556.115390][T10930] name failslab, interval 1, probability 0, space 0, times 0
[  556.143892][T10930] CPU: 0 UID: 0 PID: 10930 Comm: syz.6.1243 Not tainted 6.12.0-syzkaller #0
[  556.152823][T10930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  556.163517][T10930] Call Trace:
[  556.166819][T10930]  <TASK>
[  556.169771][T10930]  dump_stack_lvl+0x241/0x360
[  556.174597][T10930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.179900][T10930]  ? __pfx__printk+0x10/0x10
[  556.184640][T10930]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  556.190779][T10930]  ? __pfx___might_resched+0x10/0x10
[  556.196138][T10930]  should_fail_ex+0x3b0/0x4e0
[  556.200941][T10930]  should_failslab+0xac/0x100
[  556.205667][T10930]  ? __alloc_skb+0x1c3/0x440
[  556.210288][T10930]  kmem_cache_alloc_node_noprof+0x71/0x320
[  556.216123][T10930]  __alloc_skb+0x1c3/0x440
[  556.220573][T10930]  ? __pfx___alloc_skb+0x10/0x10
[  556.225539][T10930]  ? netlink_autobind+0xd6/0x2f0
[  556.230505][T10930]  ? netlink_autobind+0x2b0/0x2f0
[  556.235553][T10930]  netlink_sendmsg+0x638/0xcb0
[  556.240436][T10930]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.245770][T10930]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.251077][T10930]  __sock_sendmsg+0x221/0x270
[  556.256710][T10930]  ____sys_sendmsg+0x52a/0x7e0
[  556.261508][T10930]  ? __pfx_____sys_sendmsg+0x10/0x10
[  556.266830][T10930]  __sys_sendmsg+0x292/0x380
[  556.271493][T10930]  ? __pfx___sys_sendmsg+0x10/0x10
[  556.276641][T10930]  ? __pfx_vfs_write+0x10/0x10
[  556.281455][T10930]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  556.287838][T10930]  ? do_syscall_64+0x100/0x230
[  556.292640][T10930]  ? do_syscall_64+0xb6/0x230
[  556.297340][T10930]  do_syscall_64+0xf3/0x230
[  556.301881][T10930]  ? clear_bhb_loop+0x35/0x90
[  556.306613][T10930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.312555][T10930] RIP: 0033:0x7f065d17e759
[  556.317016][T10930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.336666][T10930] RSP: 002b:00007f065dff1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  556.345114][T10930] RAX: ffffffffffffffda RBX: 00007f065d335f80 RCX: 00007f065d17e759
[  556.353120][T10930] RDX: 0000000020000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  556.361124][T10930] RBP: 00007f065dff1090 R08: 0000000000000000 R09: 0000000000000000
[  556.369167][T10930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.377156][T10930] R13: 0000000000000000 R14: 00007f065d335f80 R15: 00007ffd9ab35f58
[  556.385175][T10930]  </TASK>
[  556.400413][ T5882] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  556.870778][T10938] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1244'.
[  557.155314][T10940] netlink: 76 bytes leftover after parsing attributes in process `syz.8.1245'.
[  557.189097][T10940] ���: entered promiscuous mode
[  558.492265][T10949] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1248'.
[  558.537962][ T5882] usb 8-1: config 0 has an invalid interface number: 69 but max is 0
[  558.553966][ T5882] usb 8-1: config 0 has no interface number 0
[  558.933361][ T5882] usb 8-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  558.953735][ T5882] usb 8-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  559.150452][ T5882] usb 8-1: string descriptor 0 read error: -71
[  559.157400][ T5882] usb 8-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  559.182862][ T5882] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.233949][ T5882] usb 8-1: config 0 descriptor??
[  559.239944][ T5882] usb 8-1: can't set config #0, error -71
[  559.249558][ T5882] usb 8-1: USB disconnect, device number 7
[  559.264909][T10955] fuse: Bad value for 'fd'
[  559.720286][ T5882] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  559.871257][ T5932] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  560.043373][ T5932] usb 3-1: Using ep0 maxpacket: 32
[  560.057474][ T5882] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  560.224957][ T5932] usb 3-1: config 1 interface 0 altsetting 171 bulk endpoint 0x3 has invalid maxpacket 64
[  560.235371][ T5932] usb 3-1: config 1 interface 0 altsetting 171 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  560.265411][ T5932] usb 3-1: config 1 interface 0 has no altsetting 0
[  560.271515][ T5882] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  560.275811][ T5932] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  560.320224][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.514737][ T5882] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  560.671520][ T5932] usb 3-1: Product: syz
[  560.675833][ T5932] usb 3-1: Manufacturer: syz
[  560.681113][ T5932] usb 3-1: SerialNumber: syz
[  561.654865][ T5882] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  561.871148][ T5882] usb 9-1: SerialNumber: syz
[  561.984722][T10961] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  562.027516][T10979] overlayfs: missing 'lowerdir'
[  562.228616][T10961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  562.233871][ T5882] usb 9-1: 0:2 : does not exist
[  562.250776][T10961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  562.812684][ T5882] usb 9-1: USB disconnect, device number 4
[  563.048616][ T5932] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  563.061483][ T5932] usb 3-1: USB disconnect, device number 37
[  563.165340][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  563.172299][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  564.272165][ T1202] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  564.578071][ T1202] usb 8-1: Using ep0 maxpacket: 8
[  564.743881][ T1202] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  564.763289][T11009] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1267'.
[  564.790243][ T1202] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 3
[  564.812810][ T1202] usb 8-1: New USB device found, idVendor=05c6, idProduct=9215, bcdDevice=29.ac
[  564.826680][ T1202] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.933978][ T1202] usb 8-1: config 0 descriptor??
[  564.944963][ T1202] qmi_wwan 8-1:0.0: probe with driver qmi_wwan failed with error -22
[  565.198620][    T8] usb 8-1: USB disconnect, device number 8
[  565.843949][T11019] tracefs: Unknown parameter '�p0x0000000000000000'
[  568.604550][T11044] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  569.635248][T11064] tmpfs: User quota block hardlimit too large.
[  570.639755][T11076] FAULT_INJECTION: forcing a failure.
[  570.639755][T11076] name failslab, interval 1, probability 0, space 0, times 0
[  570.653414][T11076] CPU: 0 UID: 0 PID: 11076 Comm: syz.7.1284 Not tainted 6.12.0-syzkaller #0
[  570.662138][T11076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  570.672219][T11076] Call Trace:
[  570.675524][T11076]  <TASK>
[  570.678485][T11076]  dump_stack_lvl+0x241/0x360
[  570.683214][T11076]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.688454][T11076]  ? __pfx__printk+0x10/0x10
[  570.693082][T11076]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  570.699125][T11076]  ? __pfx___might_resched+0x10/0x10
[  570.704459][T11076]  ? __kasan_kmalloc+0x98/0xb0
[  570.709270][T11076]  should_fail_ex+0x3b0/0x4e0
[  570.713990][T11076]  should_failslab+0xac/0x100
[  570.718700][T11076]  ? alloc_vmap_area+0x24f/0x2400
[  570.723761][T11076]  kmem_cache_alloc_node_noprof+0x71/0x320
[  570.729629][T11076]  alloc_vmap_area+0x24f/0x2400
[  570.734542][T11076]  ? __pfx_alloc_vmap_area+0x10/0x10
[  570.739870][T11076]  ? __kasan_kmalloc+0x98/0xb0
[  570.744666][T11076]  ? __kmalloc_cache_node_noprof+0x1d3/0x300
[  570.750648][T11076]  ? __get_vm_area_node+0x113/0x270
[  570.755856][T11076]  ? xdp_umem_create+0xb37/0xf30
[  570.760795][T11076]  __get_vm_area_node+0x1a9/0x270
[  570.765845][T11076]  vmap+0x119/0x2b0
[  570.769657][T11076]  ? xdp_umem_create+0xb37/0xf30
[  570.774600][T11076]  xdp_umem_create+0xb37/0xf30
[  570.779377][T11076]  xsk_setsockopt+0x732/0x950
[  570.784077][T11076]  ? __pfx_xsk_setsockopt+0x10/0x10
[  570.789285][T11076]  ? __pfx_lock_acquire+0x10/0x10
[  570.794321][T11076]  ? __fget_files+0x29/0x470
[  570.798949][T11076]  ? __pfx_lock_release+0x10/0x10
[  570.803985][T11076]  ? __mutex_unlock_slowpath+0x21d/0x750
[  570.809626][T11076]  ? __pfx_xsk_setsockopt+0x10/0x10
[  570.814831][T11076]  do_sock_setsockopt+0x3af/0x720
[  570.819880][T11076]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  570.825434][T11076]  ? __fget_files+0x29/0x470
[  570.830069][T11076]  ? __fget_files+0x3f3/0x470
[  570.834756][T11076]  ? __fget_files+0x29/0x470
[  570.839359][T11076]  __sys_setsockopt+0x1a2/0x250
[  570.844220][T11076]  __x64_sys_setsockopt+0xb5/0xd0
[  570.849250][T11076]  do_syscall_64+0xf3/0x230
[  570.853760][T11076]  ? clear_bhb_loop+0x35/0x90
[  570.858454][T11076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.864352][T11076] RIP: 0033:0x7fa7e9d7e759
[  570.868768][T11076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.888389][T11076] RSP: 002b:00007fa7eac05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  570.896898][T11076] RAX: ffffffffffffffda RBX: 00007fa7e9f36130 RCX: 00007fa7e9d7e759
[  570.904880][T11076] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000007
[  570.912853][T11076] RBP: 00007fa7eac05090 R08: 0000000000000020 R09: 0000000000000000
[  570.920848][T11076] R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000001
[  570.928841][T11076] R13: 0000000000000000 R14: 00007fa7e9f36130 R15: 00007fffa0b55168
[  570.936860][T11076]  </TASK>
[  570.939955][    C0] vkms_vblank_simulate: vblank timer overrun
[  571.540108][T11081] fuse: Bad value for 'fd'
[  575.486470][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  575.651205][T11117] netlink: 'syz.2.1295': attribute type 1 has an invalid length.
[  575.716652][T11117] netlink: 'syz.2.1295': attribute type 2 has an invalid length.
[  575.881130][   T25] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  576.063652][   T25] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30
[  576.980208][   T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  577.059662][   T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.101077][   T25] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254
[  577.150976][   T25] usb 7-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  577.170971][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.209819][   T25] usb 7-1: config 0 descriptor??
[  577.242230][   T25] usbhid 7-1:0.0: can't add hid device: -22
[  577.250344][   T25] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  577.832903][ T5865] usb 7-1: USB disconnect, device number 16
[  578.438783][   T30] audit: type=1326 audit(1731977540.253:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.485097][   T30] audit: type=1326 audit(1731977540.273:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.512579][   T30] audit: type=1326 audit(1731977540.283:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.650125][   T30] audit: type=1326 audit(1731977540.283:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.671720][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.678547][   T30] audit: type=1326 audit(1731977540.283:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.701807][   T30] audit: type=1326 audit(1731977540.283:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.724987][   T30] audit: type=1326 audit(1731977540.303:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.747963][   T30] audit: type=1326 audit(1731977540.303:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.769527][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.776848][   T30] audit: type=1326 audit(1731977540.363:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  578.801556][   T30] audit: type=1326 audit(1731977540.363:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.6.1309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  579.873384][T11180] wg2: entered promiscuous mode
[  579.889170][T11180] wg2: entered allmulticast mode
[  580.932890][T11202] 9pnet_fd: Insufficient options for proto=fd
[  580.942099][T11202] xt_l2tp: missing protocol rule (udp|l2tpip)
[  581.068312][ T5831] Bluetooth: hci6: command 0x0406 tx timeout
[  582.621095][   T25] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  582.959039][   T25] usb 3-1: Using ep0 maxpacket: 16
[  583.073947][T11240] syz.7.1345[11240] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  583.075727][   T25] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8
[  583.076653][T11240] syz.7.1345[11240] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  583.097315][   T25] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  583.097352][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.097376][   T25] usb 3-1: Product: syz
[  583.097395][   T25] usb 3-1: Manufacturer: syz
[  583.097413][   T25] usb 3-1: SerialNumber: syz
[  583.127674][   T25] usb 3-1: config 0 descriptor??
[  583.141636][T11240] syz.7.1345[11240] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  583.157485][   T25] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  583.192261][   T25] usb 3-1: Detected FT232R
[  583.387333][   T25] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  583.458122][   T30] kauditd_printk_skb: 341 callbacks suppressed
[  583.458142][   T30] audit: type=1326 audit(1731977545.273:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11236 comm="syz.6.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  583.518279][   T30] audit: type=1326 audit(1731977545.333:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11236 comm="syz.6.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  583.577652][   T30] audit: type=1326 audit(1731977545.393:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11236 comm="syz.6.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  583.612353][   T25] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[  583.629801][   T30] audit: type=1326 audit(1731977545.433:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11212 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  583.631237][   T25] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  583.691247][   T25] usb 3-1: USB disconnect, device number 38
[  583.708159][   T25] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  583.738499][   T30] audit: type=1326 audit(1731977545.433:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11212 comm="syz.2.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  583.771324][   T25] ftdi_sio 3-1:0.0: device disconnected
[  583.815136][   T30] audit: type=1326 audit(1731977545.513:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11236 comm="syz.6.1346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  584.898733][T11262] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1353'.
[  585.123305][   T30] audit: type=1326 audit(1731977546.933:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11268 comm="syz.8.1356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8617e759 code=0x7ffc0000
[  585.188740][   T30] audit: type=1326 audit(1731977546.933:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11268 comm="syz.8.1356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8617e759 code=0x7ffc0000
[  585.258799][   T30] audit: type=1326 audit(1731977546.963:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11268 comm="syz.8.1356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e8617e759 code=0x7ffc0000
[  585.319518][   T30] audit: type=1326 audit(1731977546.963:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11268 comm="syz.8.1356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8617e759 code=0x7ffc0000
[  586.951672][ T1202] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  587.131585][ T1202] usb 9-1: Using ep0 maxpacket: 16
[  587.144599][ T1202] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  587.171606][ T1202] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  587.206516][ T1202] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  587.248093][ T1202] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 166
[  587.279361][ T1202] usb 9-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  587.326846][ T1202] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  587.346748][ T1202] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  587.376908][ T1202] usb 9-1: SerialNumber: syz
[  587.424335][T11290] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  587.433844][ T1202] cdc_acm 9-1:1.0: Control and data interfaces are not separated!
[  587.455713][ T1202] cdc_acm 9-1:1.0: probe with driver cdc_acm failed with error -12
[  587.647492][    T8] usb 9-1: USB disconnect, device number 5
[  589.201669][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  589.201689][   T30] audit: type=1326 audit(1731977551.013:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.256150][   T30] audit: type=1326 audit(1731977551.013:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.366671][   T30] audit: type=1326 audit(1731977551.133:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.423842][   T30] audit: type=1326 audit(1731977551.133:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11323 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.700669][   T30] audit: type=1326 audit(1731977551.513:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.750839][   T30] audit: type=1326 audit(1731977551.553:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  589.884196][   T30] audit: type=1326 audit(1731977551.553:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  590.869336][   T30] audit: type=1326 audit(1731977551.553:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  591.579348][   T30] audit: type=1326 audit(1731977551.553:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  591.616680][   T30] audit: type=1326 audit(1731977551.553:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11333 comm="syz.2.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  592.101005][ T5865] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  592.284422][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.308730][ T5865] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  592.329480][ T5865] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  592.343105][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.389532][ T5865] usb 3-1: config 0 descriptor??
[  592.671275][ T5932] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  592.721044][   T25] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  592.817119][ T5865] plantronics 0003:047F:FFFF.0012: unbalanced collection at end of report description
[  592.827855][ T5865] plantronics 0003:047F:FFFF.0012: parse failed
[  592.834673][ T5865] plantronics 0003:047F:FFFF.0012: probe with driver plantronics failed with error -22
[  592.846961][ T5932] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.858336][ T5932] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.868313][ T5932] usb 8-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  592.877720][ T5932] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.890466][ T5932] usb 8-1: config 0 descriptor??
[  592.895561][   T25] usb 9-1: Using ep0 maxpacket: 32
[  592.906437][   T25] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.918131][   T25] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.928257][   T54] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  592.928648][ T5833] Bluetooth: hci2: command 0x1003 tx timeout
[  592.935052][   T25] usb 9-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  592.935085][   T25] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.947296][   T25] usb 9-1: config 0 descriptor??
[  593.041983][ T9492] usb 3-1: USB disconnect, device number 39
[  593.312657][ T5932] hid (null): invalid report_size -1026857444
[  593.328550][ T5932] hid-rmi 0003:06CB:81A7.0013: invalid report_size -1026857444
[  593.528012][ T5932] hid-rmi 0003:06CB:81A7.0013: item 0 4 1 7 parsing failed
[  593.536991][ T5932] hid-rmi 0003:06CB:81A7.0013: parse failed
[  593.544093][ T5932] hid-rmi 0003:06CB:81A7.0013: probe with driver hid-rmi failed with error -22
[  593.557187][   T25] greenasia 0003:0E8F:0012.0014: item fetching failed at offset 0/3
[  593.566099][   T25] greenasia 0003:0E8F:0012.0014: parse failed
[  593.572310][   T25] greenasia 0003:0E8F:0012.0014: probe with driver greenasia failed with error -22
[  593.583931][ T5932] usb 8-1: USB disconnect, device number 9
[  593.865167][   T25] usb 9-1: USB disconnect, device number 6
[  595.061004][ T9492] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  595.957142][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  595.957163][   T30] audit: type=1326 audit(1731977557.743:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  595.984966][   T30] audit: type=1326 audit(1731977557.743:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.006893][   T30] audit: type=1326 audit(1731977557.743:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.029206][   T30] audit: type=1326 audit(1731977557.743:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.052258][   T30] audit: type=1326 audit(1731977557.743:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.074109][   T30] audit: type=1326 audit(1731977557.743:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.096063][   T30] audit: type=1326 audit(1731977557.743:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.118007][   T30] audit: type=1326 audit(1731977557.743:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.139720][   T30] audit: type=1326 audit(1731977557.743:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11390 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  596.394295][ T9492] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.405923][ T9492] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.415947][ T9492] usb 9-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  596.425156][ T9492] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.435721][ T9492] usb 9-1: config 0 descriptor??
[  596.640651][T11398] syzkaller0: entered promiscuous mode
[  596.664822][T11398] syzkaller0: entered allmulticast mode
[  596.855128][ T9492] elo 0003:04E7:0030.0015: unknown main item tag 0x0
[  596.882936][ T9492] elo 0003:04E7:0030.0015: unknown main item tag 0x4
[  596.914290][ T9492] elo 0003:04E7:0030.0015: item fetching failed at offset 3/7
[  596.930842][ T9492] elo 0003:04E7:0030.0015: parse failed
[  596.980959][ T9492] elo 0003:04E7:0030.0015: probe with driver elo failed with error -22
[  597.067617][ T9492] usb 9-1: USB disconnect, device number 7
[  597.318617][ T1202] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  597.591476][ T1202] usb 3-1: Using ep0 maxpacket: 8
[  597.741536][ T1202] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d
[  597.750650][ T1202] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.761658][ T1202] usb 3-1: Product: syz
[  597.765868][ T1202] usb 3-1: Manufacturer: syz
[  597.770499][ T1202] usb 3-1: SerialNumber: syz
[  597.782913][ T1202] usb 3-1: config 0 descriptor??
[  597.851580][ T1202] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32
[  598.017621][ T5932] usb 3-1: USB disconnect, device number 40
[  598.044262][ T9492] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  598.232767][ T9492] usb 9-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  598.251891][ T9492] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  598.281305][ T9492] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  598.307264][ T9492] usb 9-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  598.355494][ T9492] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  598.384754][ T9492] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.422676][ T9492] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  598.440238][ T9492] usb 9-1: invalid MIDI out EP 0
[  598.532355][ T9492] snd-usb-audio 9-1:27.0: probe with driver snd-usb-audio failed with error -22
[  598.629882][ T9492] usb 9-1: USB disconnect, device number 8
[  598.833062][   T30] audit: type=1326 audit(1731977560.653:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11413 comm="syz.2.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa953b7e759 code=0x7ffc0000
[  599.799303][T11434] syz.8.1419[11434] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  599.799412][T11434] syz.8.1419[11434] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  599.826103][T11434] syz.8.1419[11434] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  602.785538][T11472] xt_hashlimit: size too large, truncated to 1048576
[  604.293867][T11427] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.301201][T11427] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.321701][T11427] bridge0: entered allmulticast mode
[  606.937070][T11509] ip6gre1: entered allmulticast mode
[  607.650938][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  607.650958][   T30] audit: type=1326 audit(1731977569.463:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.7.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  607.759494][   T30] audit: type=1326 audit(1731977569.463:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.7.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  607.826520][   T30] audit: type=1326 audit(1731977569.463:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.7.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  607.899722][   T30] audit: type=1326 audit(1731977569.463:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.7.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  607.970789][   T30] audit: type=1326 audit(1731977569.463:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11510 comm="syz.7.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  608.158194][   T30] audit: type=1326 audit(1731977569.973:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11520 comm="syz.0.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4753d7e759 code=0x7ffc0000
[  608.183952][T11521] syz.0.1450 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  608.211038][   T30] audit: type=1326 audit(1731977570.003:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11520 comm="syz.0.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f4753d7e759 code=0x7ffc0000
[  608.801184][   T30] audit: type=1326 audit(1731977570.173:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11520 comm="syz.0.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4753d7e759 code=0x7ffc0000
[  608.933622][   T30] audit: type=1326 audit(1731977570.173:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11520 comm="syz.0.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4753d7e759 code=0x7ffc0000
[  609.401790][ T1202] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  609.567989][ T1202] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  609.587078][ T1202] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2
[  609.622754][ T1202] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  609.666819][ T1202] usb 8-1: New USB device found, idVendor=0086, idProduct=0b5b, bcdDevice=e1.c5
[  609.687691][ T1202] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.699474][ T1202] usb 8-1: Product: syz
[  609.714151][ T1202] usb 8-1: Manufacturer: syz
[  609.718890][ T1202] usb 8-1: SerialNumber: syz
[  609.792818][ T1202] usb 8-1: config 0 descriptor??
[  610.248389][ T1202] usb 8-1: USB disconnect, device number 10
[  610.272338][   T30] audit: type=1326 audit(1731977572.083:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11548 comm="syz.6.1461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065d17e759 code=0x7ffc0000
[  610.663831][T11564] xt_hashlimit: size too large, truncated to 1048576
[  616.913506][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  616.913526][   T30] audit: type=1326 audit(1731977578.733:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  616.956648][   T30] audit: type=1326 audit(1731977578.733:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  616.956696][   T30] audit: type=1326 audit(1731977578.733:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  616.956736][   T30] audit: type=1326 audit(2000000000.000:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  616.956783][   T30] audit: type=1326 audit(2000000000.000:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  616.956821][   T30] audit: type=1326 audit(2000000000.000:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7e9d7d0f0 code=0x7ffc0000
[  617.140930][   T30] audit: type=1326 audit(2000000000.160:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  617.169484][   T30] audit: type=1326 audit(2000000000.160:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11633 comm="syz.7.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e9d7e759 code=0x7ffc0000
[  721.980860][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  721.987895][    C1] rcu: 	0-...!: (1 GPs behind) idle=5a8c/1/0x4000000000000000 softirq=44287/44289 fqs=2
[  721.999235][    C1] rcu: 	(detected by 1, t=10506 jiffies, g=42641, q=299 ncpus=2)
[  722.007078][    C1] Sending NMI from CPU 1 to CPUs 0:
[  722.007123][    C0] NMI backtrace for cpu 0
[  722.007138][    C0] CPU: 0 UID: 0 PID: 11564 Comm: syz.2.1468 Not tainted 6.12.0-syzkaller #0
[  722.007158][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  722.007170][    C0] RIP: 0010:debug_deactivate+0x2c/0x220
[  722.007199][    C0] Code: 56 53 48 89 fb e8 84 74 12 00 48 89 df 48 c7 c6 c0 ec 0c 8c e8 d5 24 39 03 0f 1f 44 00 00 e8 6b 74 12 00 65 8b 1d 40 62 81 7e <bf> 07 00 00 00 89 de e8 98 78 12 00 83 fb 07 77 79 e8 4e 74 12 00
[  722.007215][    C0] RSP: 0018:ffffc90000007d40 EFLAGS: 00000006
[  722.007244][    C0] RAX: ffffffff81827545 RBX: 0000000000000000 RCX: ffff888049558000
[  722.007257][    C0] RDX: 0000000000010000 RSI: 0000000000000004 RDI: 0000000000000001
[  722.007268][    C0] RBP: ffffc90000007ea8 R08: ffffffff9a5b755b R09: 1ffffffff34b6eab
[  722.007281][    C0] R10: dffffc0000000000 R11: fffffbfff34b6eac R12: 1ffff110170c595b
[  722.007294][    C0] R13: dffffc0000000000 R14: ffff88807ca75340 R15: ffff8880b862ca80
[  722.007307][    C0] FS:  00007fa954a536c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  722.007322][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.007335][    C0] CR2: 0000001b2ff1fffc CR3: 00000000206e8000 CR4: 00000000003526f0
[  722.007349][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  722.007359][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  722.007370][    C0] Call Trace:
[  722.007378][    C0]  <NMI>
[  722.007386][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  722.007414][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  722.007439][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  722.007464][    C0]  ? nmi_handle+0x2a/0x5a0
[  722.007488][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  722.007510][    C0]  ? nmi_handle+0x14f/0x5a0
[  722.007526][    C0]  ? nmi_handle+0x2a/0x5a0
[  722.007543][    C0]  ? debug_deactivate+0x2c/0x220
[  722.007560][    C0]  ? default_do_nmi+0x63/0x160
[  722.007577][    C0]  ? exc_nmi+0x123/0x1f0
[  722.007592][    C0]  ? end_repeat_nmi+0xf/0x53
[  722.007615][    C0]  ? debug_deactivate+0x25/0x220
[  722.007633][    C0]  ? debug_deactivate+0x2c/0x220
[  722.007651][    C0]  ? debug_deactivate+0x2c/0x220
[  722.007669][    C0]  ? debug_deactivate+0x2c/0x220
[  722.007686][    C0]  </NMI>
[  722.007692][    C0]  <IRQ>
[  722.007698][    C0]  __hrtimer_run_queues+0x305/0xd50
[  722.007715][    C0]  ? ktime_get_update_offsets_now+0x3c/0x250
[  722.007744][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  722.007761][    C0]  ? ktime_get_update_offsets_now+0x22d/0x250
[  722.007791][    C0]  hrtimer_interrupt+0x396/0x990
[  722.007818][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[  722.007837][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  722.007858][    C0]  </IRQ>
[  722.007863][    C0]  <TASK>
[  722.007869][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  722.007890][    C0] RIP: 0010:__local_bh_enable_ip+0x170/0x200
[  722.007913][    C0] Code: 8c e8 74 d9 67 0a 65 66 8b 05 44 4a ac 7e 66 85 c0 75 5d bf 01 00 00 00 e8 2d b2 0b 00 e8 c8 24 45 00 fb 65 8b 05 08 4a ac 7e <85> c0 75 05 e8 07 29 a9 ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
[  722.007927][    C0] RSP: 0018:ffffc9000c257440 EFLAGS: 00000286
[  722.007941][    C0] RAX: 0000000080000000 RBX: 1ffff9200184ae8c RCX: ffffffff9a3a2903
[  722.007953][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0acaa0 RDI: ffffffff8c603860
[  722.007966][    C0] RBP: ffffc9000c2574f8 R08: ffffffff901be1af R09: 1ffffffff2037c35
[  722.007978][    C0] R10: dffffc0000000000 R11: fffffbfff2037c36 R12: dffffc0000000000
[  722.007991][    C0] R13: 1ffff9200184ae90 R14: ffffc9000c257480 R15: 0000000000000201
[  722.008012][    C0]  ? htable_selective_cleanup+0x25f/0x310
[  722.008034][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  722.008056][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  722.008078][    C0]  ? htable_selective_cleanup+0x98/0x310
[  722.008100][    C0]  htable_selective_cleanup+0x25f/0x310
[  722.008124][    C0]  htable_put+0x1f1/0x250
[  722.008143][    C0]  ? __pfx_hashlimit_mt_destroy+0x10/0x10
[  722.008162][    C0]  cleanup_entry+0x20f/0x4c0
[  722.008179][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  722.008203][    C0]  ? __pfx_cleanup_entry+0x10/0x10
[  722.008222][    C0]  ? strcmp+0x37/0xa0
[  722.008246][    C0]  ? xt_find_target+0x1d6/0x200
[  722.008264][    C0]  translate_table+0x213c/0x2330
[  722.008294][    C0]  ? __pfx_translate_table+0x10/0x10
[  722.008311][    C0]  ? __might_fault+0xaa/0x120
[  722.008332][    C0]  ? __pfx_lock_release+0x10/0x10
[  722.008361][    C0]  ? __might_fault+0xc6/0x120
[  722.008382][    C0]  ? _copy_from_user+0x99/0xc0
[  722.008399][    C0]  ? copy_from_sockptr_offset+0x6b/0xb0
[  722.008418][    C0]  do_ip6t_set_ctl+0xe4c/0x1270
[  722.008438][    C0]  ? __pfx___might_resched+0x10/0x10
[  722.008461][    C0]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  722.008478][    C0]  ? __pfx_lock_release+0x10/0x10
[  722.008510][    C0]  ? __mutex_unlock_slowpath+0x21d/0x750
[  722.008533][    C0]  ? mark_lock+0x9a/0x360
[  722.008549][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  722.008578][    C0]  nf_setsockopt+0x295/0x2c0
[  722.008601][    C0]  rawv6_setsockopt+0x327/0x740
[  722.008624][    C0]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  722.008645][    C0]  ? __fget_files+0x29/0x470
[  722.008669][    C0]  ? sock_common_setsockopt+0x37/0xc0
[  722.008689][    C0]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  722.008707][    C0]  do_sock_setsockopt+0x3af/0x720
[  722.008732][    C0]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  722.008752][    C0]  ? __fget_files+0x29/0x470
[  722.008781][    C0]  ? __fget_files+0x3f3/0x470
[  722.008804][    C0]  ? __fget_files+0x29/0x470
[  722.008832][    C0]  __sys_setsockopt+0x1a2/0x250
[  722.008855][    C0]  __x64_sys_setsockopt+0xb5/0xd0
[  722.008878][    C0]  do_syscall_64+0xf3/0x230
[  722.008900][    C0]  ? clear_bhb_loop+0x35/0x90
[  722.008920][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.008940][    C0] RIP: 0033:0x7fa953b7e759
[  722.008955][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.008969][    C0] RSP: 002b:00007fa954a53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  722.008986][    C0] RAX: ffffffffffffffda RBX: 00007fa953d35f80 RCX: 00007fa953b7e759
[  722.008998][    C0] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  722.009009][    C0] RBP: 00007fa953bf175e R08: 0000000000000588 R09: 0000000000000000
[  722.009019][    C0] R10: 00000000200014c0 R11: 0000000000000246 R12: 0000000000000000
[  722.009030][    C0] R13: 0000000000000000 R14: 00007fa953d35f80 R15: 00007ffe5c4571d8
[  722.009049][    C0]  </TASK>
[  722.009115][    C1] rcu: rcu_preempt kthread starved for 10491 jiffies! g42641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  722.656696][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  722.666692][    C1] rcu: RCU grace-period kthread stack dump:
[  722.672601][    C1] task:rcu_preempt     state:R  running task     stack:25984 pid:17    tgid:17    ppid:2      flags:0x00004000
[  722.684396][    C1] Call Trace:
[  722.687697][    C1]  <TASK>
[  722.690683][    C1]  __schedule+0x17fa/0x4bd0
[  722.695261][    C1]  ? __pfx___schedule+0x10/0x10
[  722.700144][    C1]  ? __pfx_lock_release+0x10/0x10
[  722.705218][    C1]  ? __asan_memset+0x23/0x50
[  722.709850][    C1]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  722.715692][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  722.722064][    C1]  ? schedule+0x90/0x320
[  722.726333][    C1]  schedule+0x14b/0x320
[  722.730521][    C1]  schedule_timeout+0x1be/0x310
[  722.735401][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  722.740817][    C1]  ? __pfx_process_timeout+0x10/0x10
[  722.746138][    C1]  ? prepare_to_swait_event+0x330/0x350
[  722.751726][    C1]  rcu_gp_fqs_loop+0x2df/0x1330
[  722.756599][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  722.761835][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  722.768024][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  722.773349][    C1]  rcu_gp_kthread+0xa7/0x3b0
[  722.777965][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  722.783187][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  722.789113][    C1]  ? __kthread_parkme+0x169/0x1d0
[  722.794173][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  722.799396][    C1]  kthread+0x2f0/0x390
[  722.803491][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  722.808713][    C1]  ? __pfx_kthread+0x10/0x10
[  722.813345][    C1]  ret_from_fork+0x4b/0x80
[  722.817798][    C1]  ? __pfx_kthread+0x10/0x10
[  722.822412][    C1]  ret_from_fork_asm+0x1a/0x30
[  722.827221][    C1]  </TASK>
[  722.830258][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  722.836598][    C1] CPU: 1 UID: 0 PID: 11630 Comm: syz.6.1488 Not tainted 6.12.0-syzkaller #0
[  722.845298][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  722.855373][    C1] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2ca0
[  722.862162][    C1] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 86 f3 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 31 ef 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 15 ef
[  722.881791][    C1] RSP: 0018:ffffc9000bdff3e0 EFLAGS: 00000246
[  722.887890][    C1] RAX: ffffffff8188fa9b RBX: 1ffff110170c8ca5 RCX: 0000000000040000
[  722.895886][    C1] RDX: ffffc9000baf2000 RSI: 000000000003ffff RDI: 0000000000040000
[  722.903884][    C1] RBP: ffffc9000bdff5e0 R08: ffffffff8188fa6a R09: 1ffffffff2853700
[  722.911879][    C1] R10: dffffc0000000000 R11: fffffbfff2853701 R12: dffffc0000000000
[  722.919872][    C1] R13: ffff8880b8646528 R14: ffff8880b873fc40 R15: 0000000000000000
[  722.927869][    C1] FS:  00007f065dff16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  722.936833][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.943463][    C1] CR2: 0000555574751808 CR3: 00000000643e6000 CR4: 00000000003526f0
[  722.951486][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  722.959488][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  722.967504][    C1] Call Trace:
[  722.970845][    C1]  <IRQ>
[  722.973734][    C1]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[  722.980153][    C1]  ? print_other_cpu_stall+0x1475/0x15b0
[  722.985859][    C1]  ? notifier_call_chain+0x19f/0x3e0
[  722.991214][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[  722.997064][    C1]  ? cgroup_rstat_updated+0x13b/0xc60
[  723.002492][    C1]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[  723.008787][    C1]  ? rcu_sched_clock_irq+0xa1a/0x10d0
[  723.014207][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  723.019887][    C1]  ? hrtimer_run_queues+0x16c/0x460
[  723.025133][    C1]  ? acct_account_cputime+0xd3/0x210
[  723.030458][    C1]  ? update_process_times+0x1ce/0x230
[  723.035921][    C1]  ? tick_nohz_handler+0x37c/0x500
[  723.041068][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  723.046555][    C1]  ? __hrtimer_run_queues+0x551/0xd50
[  723.051957][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[  723.057983][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  723.063733][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[  723.069864][    C1]  ? hrtimer_interrupt+0x396/0x990
[  723.075029][    C1]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  723.081216][    C1]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[  723.087051][    C1]  </IRQ>
[  723.090002][    C1]  <TASK>
[  723.092960][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  723.099154][    C1]  ? smp_call_function_many_cond+0x19da/0x2ca0
[  723.105331][    C1]  ? smp_call_function_many_cond+0x1a0b/0x2ca0
[  723.111514][    C1]  ? smp_call_function_many_cond+0x19f3/0x2ca0
[  723.117704][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.122754][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  723.127815][    C1]  ? __pfx___text_poke+0x10/0x10
[  723.132781][    C1]  ? __get_immv32+0x19c/0x350
[  723.137528][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  723.143895][    C1]  ? __pfx___might_resched+0x10/0x10
[  723.149233][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  723.154307][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[  723.159453][    C1]  text_poke_bp_batch+0x352/0xb30
[  723.164526][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  723.170115][    C1]  ? __pfx___mutex_trylock_common+0x10/0x10
[  723.176047][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.181100][    C1]  text_poke_bp+0xb0/0x100
[  723.185557][    C1]  ? __pfx_text_poke_bp+0x10/0x10
[  723.190618][    C1]  ? trace_contention_end+0x3c/0x120
[  723.195933][    C1]  ? __mutex_lock+0x2ef/0xd70
[  723.200657][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.205710][    C1]  __static_call_transform+0x51a/0x810
[  723.211193][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.216253][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.222700][    C1]  ? __pfx___static_call_transform+0x10/0x10
[  723.228709][    C1]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  723.234633][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.240998][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.246045][    C1]  arch_static_call_transform+0x141/0x380
[  723.251796][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.258157][    C1]  ? __SCT__tp_func_kfree+0x8/0x8
[  723.263210][    C1]  __static_call_update+0xd8/0x5e0
[  723.268358][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.274724][    C1]  ? synchronize_rcu+0x11b/0x360
[  723.279691][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  723.285006][    C1]  ? __pfx___static_call_update+0x10/0x10
[  723.290762][    C1]  ? tracepoint_add_func+0x2e4/0x9e0
[  723.296076][    C1]  ? rcu_is_watching+0x15/0xb0
[  723.300862][    C1]  ? tracepoint_add_func+0x2e4/0x9e0
[  723.306177][    C1]  ? tracepoint_add_func+0x2e4/0x9e0
[  723.311491][    C1]  ? tracepoint_add_func+0x49a/0x9e0
[  723.316828][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.323199][    C1]  tracepoint_add_func+0x918/0x9e0
[  723.328405][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.334799][    C1]  tracepoint_probe_register_prio_may_exist+0x122/0x190
[  723.341886][    C1]  ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10
[  723.349398][    C1]  ? __pfx___bpf_trace_kmem_cache_free+0x10/0x10
[  723.355774][    C1]  ? anon_inode_getfile+0xff/0x180
[  723.360921][    C1]  ? bpf_probe_register+0x134/0x1f0
[  723.366185][    C1]  bpf_raw_tp_link_attach+0x48b/0x6e0
[  723.371608][    C1]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  723.377580][    C1]  ? fput+0x1a8/0x230
[  723.381606][    C1]  bpf_raw_tracepoint_open+0x177/0x1f0
[  723.387114][    C1]  __sys_bpf+0x3c0/0x810
[  723.391403][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  723.396219][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  723.402241][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  723.408613][    C1]  ? do_syscall_64+0x100/0x230
[  723.413462][    C1]  __x64_sys_bpf+0x7c/0x90
[  723.417995][    C1]  do_syscall_64+0xf3/0x230
[  723.422529][    C1]  ? clear_bhb_loop+0x35/0x90
[  723.427242][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.433165][    C1] RIP: 0033:0x7f065d17e759
[  723.437608][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.457245][    C1] RSP: 002b:00007f065dff1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  723.465694][    C1] RAX: ffffffffffffffda RBX: 00007f065d335f80 RCX: 00007f065d17e759
[  723.473691][    C1] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000011
[  723.481685][    C1] RBP: 00007f065d1f175e R08: 0000000000000000 R09: 0000000000000000
[  723.489693][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  723.497684][    C1] R13: 0000000000000000 R14: 00007f065d335f80 R15: 00007ffd9ab35f58
[  723.505697][    C1]  </TASK>