last executing test programs:

13.600228807s ago: executing program 2 (id=2974):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0cc5640, &(0x7f0000000540)={0x1, @sliced={0x0, [0x12a9, 0x400, 0xea, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0x9, 0x200, 0x7, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x7, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc00, 0x10, 0xfff, 0x9, 0x23, 0x38, 0x4, 0xfff4, 0x675, 0xa, 0x6, 0x800, 0x8], 0x3}})
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
mount$9p_unix(&(0x7f0000000000)='\x00', &(0x7f0000000040)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200))
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f0000000180)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
r7 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000f1d000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0xfffffffffffffffd, 0x0, 0x0, 0x96f, 0x32, 0x20, 0x1, 0x21}) (fail_nth: 1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x8, 0x0, 0x3017, 0x1, 0x7, 0x2, 0xc, 0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x44}}, 0x0)

12.669836674s ago: executing program 2 (id=2977):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x502, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="660a00000000df0061115d0000000000850000004c00000095"], &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff, @void, @value}, 0x94)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x0, @empty, 'vlan0\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev, 'rose0\x00'}}, 0x1e)
r3 = syz_open_dev$rtc(&(0x7f0000000140), 0xfff, 0x8901)
ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000200)={0xfffffffb, 0xd6, 0x5, 0x5, 0xa32, 0x8, 0x6})
r4 = socket$rxrpc(0x21, 0x2, 0x2)
r5 = socket$inet(0x2, 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x40880, 0x0)
r6 = syz_io_uring_setup(0x4973, &(0x7f0000000380)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
syz_io_uring_setup(0xd2, &(0x7f0000000480), 0x0, 0x0)
io_uring_enter(r6, 0x567, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r9, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f931", 0x38}], 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="040000000000000008003f006563060008001b"], 0x30}}, 0x0)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, 0xfffffffffffffffe, 0x11)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x10)

11.111453663s ago: executing program 2 (id=2984):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000580)=0xc)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r5], 0x448}}, 0x0)
sendmmsg$inet(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x1000, 0x10, 0x76, 0x9, 0x0, "23f555d9ad9506000000000000beaa82dc1ecf", 0xa4, 0xfffffffe})
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)

7.598183218s ago: executing program 4 (id=2992):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, 0xffffffffffffffff, 0x0, 0x4004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0)
openat$smackfs_load(0xffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load\x00', 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r6=>0x0}, 0x0)
setregid(0xffffffffffffffff, r6)
faccessat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
mount$nfs(0x0, &(0x7f0000000640)='.\x00', &(0x7f0000000680), 0x0, 0x0)

6.306446603s ago: executing program 4 (id=2996):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002fc0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20, 0x2, [@TCA_CAKE_TARGET={0x8}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x80000000}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}]}}]}, 0x50}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
syz_io_uring_setup(0x20fe, &(0x7f0000001a80)={0x0, 0x0, 0x10100}, &(0x7f0000001b00)=<r6=>0x0, 0x0)
syz_io_uring_submit(r6, 0x0, 0x0)
write$dsp(r5, 0x0, 0x0)
syz_io_uring_setup(0x5c90, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000600)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r7, r8, &(0x7f0000000740)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0})
listen(r9, 0x0)
shutdown(r9, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000080)={0x0, @remote, @local}, 0x0)
r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_DEL(r10, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x1, 'none\x00', 0x20}, 0x2c)

5.948383443s ago: executing program 1 (id=2998):
syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x10040044}, 0x40800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
io_setup(0x7, &(0x7f0000000280)=<r5=>0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f0000000580)='/sys/kernel/crash_elfcorehdr_size', 0x103700, 0x55)
io_submit(r5, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x0, 0x0, r6, &(0x7f0000000000), 0xfffffc98}])
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'wg1\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffc, 0x7, 0x0, 0x4, [0x0, 0x80000002]}})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x3000002, 0x2000011, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)

5.739938344s ago: executing program 4 (id=3001):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6e, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe4}}, 0x1)
r5 = dup(r1)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000"])
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r6, 0x9)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r7, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000100)={0x0, 0xfffffffffffffe61, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r9, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r10, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r11, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, r10, {0x1}}, './file0\x00'})
r12 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r12, 0x84, 0x10, &(0x7f0000001600)=@sack_info={0x0, 0xe0eb, 0x2}, &(0x7f0000001640)=0xc)

5.729754425s ago: executing program 2 (id=3002):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000580)=0xc)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r5], 0x448}}, 0x0)
sendmmsg$inet(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x1000, 0x10, 0x76, 0x9, 0x0, "23f555d9ad9506000000000000beaa82dc1ecf", 0xa4, 0xfffffffe})
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)

4.615199273s ago: executing program 1 (id=3005):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(r4, 0x8901, 0x2000ff04)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0xf51)
readv(r5, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
sendmmsg$inet(r5, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000480)}], 0x1}}], 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000040)=0x8000001)
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffd}]})
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f00000001c0)={0x0, 0x0})
sendmmsg$unix(r8, &(0x7f0000000c40)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000002c0), 0x0, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [r3, 0xffffffffffffffff, r4, r7, 0xffffffffffffffff, r5, r4, r8, r8]}}, @rights={{0x1c, 0x1, 0x1, [r0, r8, r8]}}], 0x118}}, {{&(0x7f0000000b00)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001100)=[{&(0x7f0000000980)="6e17b0e56dc1f2ed2eca27ce06bf385de6f8caa4ce4f77e52aeb63fa6feb0dbaeb53b250224f9a7fc63b28edc0b5218f54e209ecd095702f315839b74d315a14cd5f715452eb55963cd0c68dca023cad9d8bfdc01f65d421557d4df1034738bcbb8811839b425a986d2f7a34e2360119b2e9dc39acc6805c48336653ef3ddb0a4535c0bb845e060e7cb961246f0ccb981d36eee15a83b783bef67a48ba685f7d5cc618ec07aca5b6eaa01c04421ccb525f506bfcc088df4450048fb953c0a3b2ef27c927d32c541853ca11a5b930f49e3338ade42f7b840cdb7365aa458bca865584f6cb2d03", 0xe6}, {&(0x7f0000000cc0)="a076da5ded8089dce2d8bbe7d9fcd4858d711fb49f4f1bddd166a54b5cf9b0729b58b5a6bd7921afcac6458e49391412422df4ca58e1fcb65c44e465c9d4627d09fa078dfd085cc4e601fe987803d5fcde7c64b4e9b547f35f063aa6e839999ac7c1005a90754d3327cf595cddff4579729326e003178d9ea90a232004d01a3fc28414634c66877fd6d4d23e0eb81d8235e0f1dfc6ec1303b29354045f6ab7adfffb6e7773bffbdc2ca97b3633279d8f3d972c8f67c0d3abf69444ef96c2cd835db8", 0xc2}, {&(0x7f00000012c0)="2003ce94e7aacb01614119753bc877c0bd6b6196d7bc4ab8484c9b3062cf57f320058e06008c7d7dc7e1e4fb502ef1c86ab3b08564d5b6fd7d6a7c4599d446f735b020877ad04e06bf4f9e412ea01350aa38e02bc0d085fcf41c0f00000000000000e12c9251b42a930456fa1242ec0c7560f40231626520216102b1b7e57989d4de6f44586099321875ba29270bd2f08d5b4a237592bd52aabb7bfa8181331937a7e1992b76b99888297716b9df0882a02a203994cccd3f0867b70199590399424fd9cb27c21527bd0c5112d7f3c9a9ca34dcaddf0178160634b5d6c248ce0ee7c235135d1be805d0419c46b9c8ee5d01c2a8564a22654974c45641e926cf14ee5fadb11ed3b14861c8bb94473225b8877731ae037ff96184", 0x119}, {&(0x7f0000000a80)="e464e40d3d1b4fca2d10a0409ae61961fd85684ed87298eafb06a2bdf4ff710651db3126f621d88e7f58aa22a1a6005640f60c9e64e9748f9b10e6b6499fd2888d5b4e81fc678bca646e55ca622fcb145d5ea8b6b4a9c3b8174bd14ebb850d6adc8ce01882ec2699ce7094a91dff79da70553ecf8483ca", 0x77}, {&(0x7f0000000e80)}, {&(0x7f0000000840)="2182351478473f76d3b248fbc4d0cc5f9c947726af2a2a9b865464dd703d940af2c715175ac94db3a147fb670400aa4af108cd", 0x33}, {&(0x7f0000000f00)="25ae8a5dd40fd78a5c484aa0fd46454c230e2963d2e711da151fbbb42ba7deda66d143d6027cab654658b30768cbd7b97adef7dad0e5b207ec94e9b260b25691a5431b04518589e4eb8cdd22e992d4e3ed82c28f", 0x54}, {&(0x7f0000000b80)="0499193562025ca943265ee34083dd35d61f2b83bc317b4a04a060087238a1b1db758347c55c5c6530fc0637d2e346ea26e21f959095dd955b2dfd77", 0x3c}, {&(0x7f0000000f80)="55aa416e3ca2f5a6f52fb1dd355e8c2397dc1b44d117d5a48a5a96fef364595fd50fe45d68d62618ad16410b99f3a166b79ef5d613b86b11f56b29e08c90bca7b6668e27230e94c6a6845cb32ae6", 0x4e}], 0x9, &(0x7f0000001540)=[@rights={{0x2c, 0x1, 0x1, [r0, 0xffffffffffffffff, r5, r5, r1, r2, r9]}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @rights={{0x24, 0x1, 0x1, [r4, r2, r7, 0xffffffffffffffff, r9]}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @rights={{0x24, 0x1, 0x1, [r1, r8, r2, r5, r7]}}, @rights={{0x2c, 0x1, 0x1, [r0, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x110, 0x40000}}], 0x2, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

4.298167106s ago: executing program 4 (id=3010):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x2c, r1, 0x801, 0x70bd21, 0x25ffdbfe, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2}]}, 0x2c}, 0x1, 0x0, 0x6000}, 0x20004804)

4.200891953s ago: executing program 4 (id=3011):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRESOCT=0x0, @ANYRES64=<r1=>0x0], 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYRES8=r2], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f00000000c0)={0xc, r4})
ioctl$IOMMU_VFIO_IOAS$GET(r3, 0x3b88, &(0x7f0000000100)={0xc, <r5=>0x0})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r3, 0x3b88, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000180)={0x20, r4, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f0000000200)={0xc, r4})
ioctl$IOMMU_VFIO_GET_API_VERSION(r3, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r3, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x1c})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f0000000800)=ANY=[@ANYRES16=r0, @ANYBLOB="6e8247cdc03cf2b5ac852829c3dc601ebd6dde04afd0c75ef2027cd23bf3f8e546b471f7c7e88e08cf8a027ee78eef4676597a211a2b8248ab11ab18d61854b2a3a2f59448deb1030397a237849cbb48a69ed7a169", @ANYRES8=r4, @ANYRES8=r1, @ANYRESHEX=r5, @ANYRESOCT=r4, @ANYBLOB="815ecb40bf4fa299185d22e692c8f071d12ea608212aa10609a5b7439a5f43cb2cd07301788383dc7e0b6a9cf053915f332b49dd9244608bf7dfff3311b87e0fd6a0232d3f1463b8321924c78f12a8f54d76f7582085671bae221d570ccf91e2bddc6c99ac603c5e9ce3"])
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, &(0x7f0000000340)={0x18, r4})
ioctl$IOMMU_DESTROY$ioas(r3, 0x3b80, &(0x7f0000000380)={0x8, r4})
close(r3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
socket$unix(0x1, 0x1, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x6, 0x4000)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB="2c779ca86e6f3ded257dbd0af5f8d78401315bfde604dc9c80c1f78954ba80dcd187b26906575774c84a9c54303855f34a433fbf9009bef0d8096e3715f50a6e67cd43ab9cad2ae05cab8bd1f09e0fec6b20e2e727616caa7fe8de5fa24e5fd15089a362dbdb423b7148eaac8bcb48f1c982468a9c482b122a44676e6dbfa869061d4ad3b242979118b13885f40357182cb86633efb163505a7f4db043e36081aacb20069a87a30b8823e5f96dad8d5fbb54683d742e6572", @ANYRESHEX=r0, @ANYBLOB=',\x00'])
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3dd13847ffe63e554076e6792a291ceffd7015d2387105dc5e10264b618635fc3305518a2149f6098e9e75bb818d5c98d16aff44f25186d7c458062ff86da234c9ca1e1942c1c947fc346d10f95f4c3b8e094557b706c2197e0420ed1dded20d224385c4b4caae7face2fffbc4fd99a1d34365453bf5b41d1b5cfbcae282bc2b1ac5165934574016038fb84b29cf9c7f", @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00'])

3.887666855s ago: executing program 3 (id=3015):
syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x10040044}, 0x40800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
io_setup(0x7, &(0x7f0000000280)=<r5=>0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f0000000580)='/sys/kernel/crash_elfcorehdr_size', 0x103700, 0x55)
io_submit(r5, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x0, 0x0, r6, &(0x7f0000000000), 0xfffffc98}])
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'wg1\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffc, 0x7, 0x0, 0x4, [0x0, 0x80000002]}})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x3000002, 0x2000011, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)

2.839553477s ago: executing program 2 (id=3017):
r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x30]}}}}]})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r3=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0xee, r3, 0x1, 0x0, 0x6, @random="71b2ca929713"}, 0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000400), &(0x7f0000000440)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0, <r4=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000580)=r0}, 0x20)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000640)=@o_path={&(0x7f0000000600)='./file0\x00', 0x0, 0x4008, r4}, 0x18)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0xffffffffffffff33, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000200)={'gre0\x00', <r7=>0x0, 0x7, 0x40, 0x81, 0x0, {{0x3a, 0x4, 0x0, 0x8, 0xe8, 0x64, 0x0, 0x4, 0x4, 0x0, @rand_addr=0x64010101, @empty, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x1c, 0xf3, 0x1, 0x6, [{@multicast2, 0x7}, {@multicast2, 0x75}, {@empty, 0x4}]}, @ssrr={0x89, 0x1f, 0xed, [@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x32}, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @rr={0x7, 0x1f, 0xb5, [@loopback, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote]}, @ssrr={0x89, 0x7, 0xb7, [@empty]}, @generic={0x86, 0xc, "c4027292be3b8dc753f6"}, @timestamp_prespec={0x44, 0x3c, 0xa6, 0x3, 0x9, [{@loopback, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9}, {@rand_addr=0x64010102, 0x1}, {@broadcast, 0x81}, {@remote, 0xf}, {@loopback, 0x9}, {@loopback, 0xcf25}]}, @timestamp_addr={0x44, 0x24, 0xde, 0x1, 0xc, [{@multicast2, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x100}, {@loopback, 0x2}, {@loopback, 0x6}]}]}}}}})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@RTM_DELMDB={0x0, 0x55, 0x400, 0x70bd29, 0x25dfdbfb, {0x7, r3}, [@MDBA_SET_ENTRY={0x0, 0x1, {r6, 0x0, 0x3, 0x4, {@in6_addr=@private1={0xfc, 0x1, '\x00', 0x1}}}}, @MDBA_SET_ENTRY={0x0, 0x1, {r7, 0x1, 0x0, 0x3, {@in6_addr=@rand_addr=' \x01\x00', 0x86dd}}}, @MDBA_SET_ENTRY={0x0, 0x1, {r8, 0x1, 0x1, 0x2, {@in6_addr=@private0, 0x8edd}}}]}, 0x24}}, 0x4004005)

2.748999805s ago: executing program 0 (id=3018):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db6", 0xb}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x0)

2.700199075s ago: executing program 3 (id=3019):
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x40, 0x1, 0x4}}, 0x10)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000000)={<r3=>0x0, 0x8a3, 0x10, 0x7, 0x7}, &(0x7f00000000c0)=0x18)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={r3, @in={{0x2, 0x0, @private=0xa010100}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r4, &(0x7f0000000840)={0x796e6564, {0x0, 0x0, 0x0}}, 0x7)

2.645331699s ago: executing program 1 (id=3020):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000340)={0x0, 0x6d89, 0x8, 0x0, 0xf0}, &(0x7f00000000c0), &(0x7f0000000040))
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r1, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=[@tclass={{0x14, 0x29, 0x43, 0x8}}], 0x18}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x0, r3, 0x6, {0x1, 0x8000000000000001}, 0x54}, 0x1)

2.580230584s ago: executing program 2 (id=3021):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a40000002300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x11)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="44010000210001"], 0x144}}, 0x0)

2.422612005s ago: executing program 32 (id=3021):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a40000002300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x11)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="44010000210001"], 0x144}}, 0x0)

2.419132379s ago: executing program 0 (id=3023):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800600011140100000000000000000008005a0001000000080003000100000008004a000100000008004b001300000008006be702000000080001"], 0x48}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

2.418680821s ago: executing program 1 (id=3024):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x502, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="660a00000000df0061115d0000000000850000004c00000095"], &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff, @void, @value}, 0x94)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
connect$pppoe(r1, &(0x7f0000000900)={0x18, 0x0, {0x0, @empty, 'vlan0\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x0, @dev, 'rose0\x00'}}, 0x1e)
r3 = syz_open_dev$rtc(&(0x7f0000000140), 0xfff, 0x8901)
ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000200)={0xfffffffb, 0xd6, 0x5, 0x5, 0xa32, 0x8, 0x6})
r4 = socket$rxrpc(0x21, 0x2, 0x2)
r5 = socket$inet(0x2, 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x40880, 0x0)
r6 = syz_io_uring_setup(0x4973, &(0x7f0000000380)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
syz_io_uring_setup(0xd2, &(0x7f0000000480), 0x0, 0x0)
io_uring_enter(r6, 0x567, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r9, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, 0x0, 0x0)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, 0xfffffffffffffffe, 0x11)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x10)

2.418366927s ago: executing program 3 (id=3025):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002fc0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20, 0x2, [@TCA_CAKE_TARGET={0x8}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x80000000}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}]}}]}, 0x50}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
syz_io_uring_setup(0x20fe, &(0x7f0000001a80)={0x0, 0x0, 0x10100}, &(0x7f0000001b00)=<r6=>0x0, 0x0)
syz_io_uring_submit(r6, 0x0, 0x0)
write$dsp(r5, 0x0, 0x0)
syz_io_uring_setup(0x5c90, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000600)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r7, r8, &(0x7f0000000740)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r9, 0x0})
listen(r9, 0x0)
shutdown(r9, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000080)={0x0, @remote, @local}, &(0x7f00000000c0)=0xc)
r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_DEL(r10, 0x0, 0x483, 0x0, 0x0)

2.334427703s ago: executing program 0 (id=3026):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
shutdown(0xffffffffffffffff, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x1)
shutdown(0xffffffffffffffff, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x4, 0x4, 0x4, 0x10005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r6, 0x58, &(0x7f0000000340)={0x0, <r7=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r7}, 0xc)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000180)={<r8=>0x0, 0x101}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000340)={r8, 0xad, "93ba3d13d68a1c72d19a12fcc54ce95c6012416cdf6ed66cddf6e57dc74ae217da28a765ee5770ffac3bf7209ea20e5ee1f8f0b60e2e972298865fa8ea1b23a0e76c4f828732698fa5e5f3d98a608ae41b289f2b78f6c082a58a216f6719fb674e63654e51c9def88d49e7776d20e9f6be624ac814d8d59c4b2523d883bc3ff56160a84e1a9f9046fa0f3bee08c0386947de923dd517095e06cffe13468756367613a27d1e8ea177b59137ee00"}, &(0x7f0000000400)=0xb5)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r9, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @broadcast}}, 0x27c0}, 0x90)
r10 = openat$cgroup_devices(r0, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r10, &(0x7f0000000000)=ANY=[@ANYBLOB='b *:* r\nw'], 0x9)

2.236551035s ago: executing program 3 (id=3027):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000580)=0xc)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r5], 0x448}}, 0x0)
sendmmsg$inet(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x1000, 0x10, 0x76, 0x9, 0x0, "23f555d9ad9506000000000000beaa82dc1ecf", 0xa4, 0xfffffffe})
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)

2.232558114s ago: executing program 1 (id=3028):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f00000000c0)='./file0\x00', 0x6400000c)
ioprio_set$uid(0x3, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1458c2, 0x0)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x15)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x44, r5, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x44}}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r8, &(0x7f0000000200), 0xf000)
ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000240)=r8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='neigh_update\x00', r0, 0x0, 0x5d4b}, 0x18)

1.318765616s ago: executing program 0 (id=3029):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)=0x3)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PPPIOCATTACH(r2, 0x4004743d, &(0x7f0000000040)=0x3)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r2, @ANYBLOB=',wfdno=', @ANYRESDEC=r0])

716.130772ms ago: executing program 4 (id=3030):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(r4, 0x8901, 0x2000ff04)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0xf51)
readv(r5, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
sendmmsg$inet(r5, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000480)}], 0x1}}], 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000040)=0x8000001)
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffd}]})
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f00000001c0)={0x0, 0x0})
sendmmsg$unix(r8, &(0x7f0000000c40)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000002c0), 0x0, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [r3, 0xffffffffffffffff, r4, r7, 0xffffffffffffffff, r5, r4, r8, r8]}}, @rights={{0x1c, 0x1, 0x1, [r0, r8, r8]}}], 0x118}}, {{&(0x7f0000000b00)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001100)=[{&(0x7f0000000980)="6e17b0e56dc1f2ed2eca27ce06bf385de6f8caa4ce4f77e52aeb63fa6feb0dbaeb53b250224f9a7fc63b28edc0b5218f54e209ecd095702f315839b74d315a14cd5f715452eb55963cd0c68dca023cad9d8bfdc01f65d421557d4df1034738bcbb8811839b425a986d2f7a34e2360119b2e9dc39acc6805c48336653ef3ddb0a4535c0bb845e060e7cb961246f0ccb981d36eee15a83b783bef67a48ba685f7d5cc618ec07aca5b6eaa01c04421ccb525f506bfcc088df4450048fb953c0a3b2ef27c927d32c541853ca11a5b930f49e3338ade42f7b840cdb7365aa458bca865584f6cb2d03", 0xe6}, {&(0x7f0000000cc0)="a076da5ded8089dce2d8bbe7d9fcd4858d711fb49f4f1bddd166a54b5cf9b0729b58b5a6bd7921afcac6458e49391412422df4ca58e1fcb65c44e465c9d4627d09fa078dfd085cc4e601fe987803d5fcde7c64b4e9b547f35f063aa6e839999ac7c1005a90754d3327cf595cddff4579729326e003178d9ea90a232004d01a3fc28414634c66877fd6d4d23e0eb81d8235e0f1dfc6ec1303b29354045f6ab7adfffb6e7773bffbdc2ca97b3633279d8f3d972c8f67c0d3abf69444ef96c2cd835db8", 0xc2}, {&(0x7f00000012c0)="2003ce94e7aacb01614119753bc877c0bd6b6196d7bc4ab8484c9b3062cf57f320058e06008c7d7dc7e1e4fb502ef1c86ab3b08564d5b6fd7d6a7c4599d446f735b020877ad04e06bf4f9e412ea01350aa38e02bc0d085fcf41c0f00000000000000e12c9251b42a930456fa1242ec0c7560f40231626520216102b1b7e57989d4de6f44586099321875ba29270bd2f08d5b4a237592bd52aabb7bfa8181331937a7e1992b76b99888297716b9df0882a02a203994cccd3f0867b70199590399424fd9cb27c21527bd0c5112d7f3c9a9ca34dcaddf0178160634b5d6c248ce0ee7c235135d1be805d0419c46b9c8ee5d01c2a8564a22654974c45641e926cf14ee5fadb11ed3b14861c8bb94473225b8877731ae037ff96184", 0x119}, {&(0x7f0000000a80)="e464e40d3d1b4fca2d10a0409ae61961fd85684ed87298eafb06a2bdf4ff710651db3126f621d88e7f58aa22a1a6005640f60c9e64e9748f9b10e6b6499fd2888d5b4e81fc678bca646e55ca622fcb145d5ea8b6b4a9c3b8174bd14ebb850d6adc8ce01882ec2699ce7094a91dff79da70553ecf8483ca", 0x77}, {&(0x7f0000000e80)="0183520c32fe653a4ed039eb848b439a4520bf3abc6088ea9f66be596e803c61f78d533ca67592773974827cf4bda9f0bb4570bddfa20a884b28805864404420", 0x40}, {&(0x7f0000000840)="2182351478473f76d3b248fbc4d0cc5f9c947726af2a2a9b865464dd703d940af2c715175ac94db3a147fb670400aa4af108cd", 0x33}, {&(0x7f0000000f00)="25ae8a5dd40fd78a5c484aa0fd46454c230e2963d2e711da151fbbb42ba7deda66d143d6027cab654658b30768cbd7b97adef7dad0e5b207ec94e9b260b25691a5431b04518589e4eb8cdd22e992d4e3ed82c28f", 0x54}, {&(0x7f0000000b80)="0499193562025ca943265ee34083dd35d61f2b83bc317b4a04a060087238a1b1db758347c55c5c6530fc0637d2e346ea26e21f959095dd955b2dfd77", 0x3c}, {&(0x7f0000000f80)="55aa416e3ca2f5a6f52fb1dd355e8c2397dc1b44d117d5a48a5a96fef364595fd50fe45d68d62618ad16410b99f3a166b79ef5d613b86b11f56b29e08c90bca7b6668e27230e94c6a6845cb32ae6", 0x4e}], 0x9, &(0x7f0000001540)=[@rights={{0x2c, 0x1, 0x1, [r0, 0xffffffffffffffff, r5, r5, r1, r2, r9]}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @rights={{0x24, 0x1, 0x1, [r4, r2, r7, 0xffffffffffffffff, r9]}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @cred={{0x1c, 0x1, 0x2, {r6}}}, @rights={{0x24, 0x1, 0x1, [r1, r8, r2, r5, r7]}}, @rights={{0x2c, 0x1, 0x1, [r0, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x110, 0x40000}}], 0x2, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

656.228043ms ago: executing program 1 (id=3031):
syz_io_uring_setup(0xf3d, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
rt_sigqueueinfo(r0, 0x10, &(0x7f0000000380)={0x32, 0x4, 0x5})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x7f, 0x1)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, &(0x7f0000002100)=0x10000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet6(0xa, 0x40000080806, 0x0)
listen(r3, 0x20000005)
r4 = syz_open_dev$video4linux(&(0x7f0000000400), 0x800000000401, 0x0)
keyctl$reject(0x14, 0x0, 0x1ffffffd, 0x80, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0x8000, 0x5, 0xe948bd69b1fd09f, 0x1, 0x5, 0x1, 0x3}})
recvfrom(r1, &(0x7f0000000280)=""/213, 0xd5, 0x0, &(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x75, @mcast2, 0x5}, 0x80)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$inet6(r5, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000500)=@polexpire={0xd8, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@private0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, [@sec_ctx={0xc, 0x8, {0x8}}, @mark={0xc}]}, 0xd8}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r7 = fsopen(&(0x7f0000000040)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)

284.959704ms ago: executing program 3 (id=3032):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x448}}, 0x0)
sendmmsg$inet(r1, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e5", 0x16}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x0)

227.310442ms ago: executing program 0 (id=3033):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0x8a21, 0x10)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db6", 0xb}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x0)

263.088µs ago: executing program 3 (id=3034):
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x40, 0x1, 0x4}}, 0x10)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000000)={<r3=>0x0, 0x8a3, 0x10, 0x7, 0x7}, &(0x7f00000000c0)=0x18)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={r3, @in={{0x2, 0x0, @private=0xa010100}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r4, &(0x7f0000000840)={0x796e6564, {0x0, 0x0, 0x0}}, 0x7)

0s ago: executing program 0 (id=3035):
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
r1 = timerfd_create(0x0, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8000000})
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000240)=""/84, 0x118000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @private2}}, 0x0, 0x0, 0x26, 0x0, "8ddbb51a3cfd954e41e8ccb21f650fa6a867fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71bc4b828c7de258b6b9ca1fc52bcc83e2a016a"}, 0xd8)
syz_emit_ethernet(0x4a, &(0x7f0000000680)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x10, 0x0, 0x0, 0x4, {[@md5sig={0x13, 0x12, "623eebe039a1f617fd02722e3486ebd9"}]}}}}}}}, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_SIOCOUTQ(r5, 0x5411, &(0x7f00000001c0))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r6=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
getpid()
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x7, r6, 0x1, r2}, 0x10)
mmap$xdp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000004, 0x11, r2, 0x100000000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000003b0007010000000000000000037c0000040000000c000180cd4f"], 0x24}}, 0x0)

kernel console output (not intermixed with test programs):

 844.164429][T15176] FAULT_INJECTION: forcing a failure.
[  844.164429][T15176] name failslab, interval 1, probability 0, space 0, times 0
[  844.178346][T15176] CPU: 0 UID: 0 PID: 15176 Comm: syz.4.2397 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  844.188781][T15176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  844.198830][T15176] Call Trace:
[  844.202105][T15176]  <TASK>
[  844.205027][T15176]  dump_stack_lvl+0x241/0x360
[  844.209720][T15176]  ? __pfx_dump_stack_lvl+0x10/0x10
[  844.214913][T15176]  ? __pfx__printk+0x10/0x10
[  844.219501][T15176]  ? kmem_cache_alloc_noprof+0x48/0x380
[  844.225038][T15176]  ? __pfx___might_resched+0x10/0x10
[  844.230327][T15176]  should_fail_ex+0x3b0/0x4e0
[  844.235006][T15176]  should_failslab+0xac/0x100
[  844.239685][T15176]  ? proc_net_ns_init+0x4f/0x390
[  844.244614][T15176]  kmem_cache_alloc_noprof+0x70/0x380
[  844.249983][T15176]  proc_net_ns_init+0x4f/0x390
[  844.254741][T15176]  ops_init+0x31e/0x590
[  844.258892][T15176]  ? __asan_memset+0x23/0x50
[  844.263475][T15176]  ? lockdep_init_map_type+0xa1/0x910
[  844.268839][T15176]  setup_net+0x287/0x9e0
[  844.273081][T15176]  ? __pfx_down_read_killable+0x10/0x10
[  844.278621][T15176]  ? __pfx_setup_net+0x10/0x10
[  844.283386][T15176]  copy_net_ns+0x33f/0x570
[  844.287801][T15176]  create_new_namespaces+0x425/0x7b0
[  844.293093][T15176]  unshare_nsproxy_namespaces+0x124/0x180
[  844.298813][T15176]  ksys_unshare+0x57d/0xa70
[  844.303317][T15176]  ? __pfx_ksys_unshare+0x10/0x10
[  844.308331][T15176]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  844.314648][T15176]  ? do_syscall_64+0x100/0x230
[  844.319410][T15176]  __x64_sys_unshare+0x38/0x40
[  844.324163][T15176]  do_syscall_64+0xf3/0x230
[  844.328659][T15176]  ? clear_bhb_loop+0x35/0x90
[  844.333330][T15176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.339219][T15176] RIP: 0033:0x7f58bd37e819
[  844.343628][T15176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.363228][T15176] RSP: 002b:00007f58be11b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  844.371634][T15176] RAX: ffffffffffffffda RBX: 00007f58bd536160 RCX: 00007f58bd37e819
[  844.379595][T15176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064000600
[  844.387734][T15176] RBP: 00007f58be11b090 R08: 0000000000000000 R09: 0000000000000000
[  844.395700][T15176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  844.403665][T15176] R13: 0000000000000000 R14: 00007f58bd536160 R15: 00007ffd557de2f8
[  844.411637][T15176]  </TASK>
[  844.414754][    C0] vkms_vblank_simulate: vblank timer overrun
[  844.866651][   T12] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  844.942486][   T25] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  845.333379][ T7279] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  845.546120][   T25] usb 3-1: Using ep0 maxpacket: 8
[  845.558288][   T25] usb 3-1: config 0 interface 0 has no altsetting 0
[  845.568880][   T25] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  845.578162][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.362430][T15191] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2403'.
[  846.373485][   T25] usb 3-1: Product: syz
[  846.379533][   T25] usb 3-1: Manufacturer: syz
[  846.385842][T15191] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2403'.
[  846.403199][T15191] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2403'.
[  846.406360][   T25] usb 3-1: SerialNumber: syz
[  846.417328][T15191] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2403'.
[  846.444483][   T25] usb 3-1: config 0 descriptor??
[  846.462464][   T25] hub 3-1:0.0: bad descriptor, ignoring hub
[  846.468410][   T25] hub 3-1:0.0: probe with driver hub failed with error -5
[  846.477506][   T25] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  846.551411][T15200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2405'.
[  846.695339][ T5890] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  846.732842][   T25] gspca_zc3xx: reg_w_i err -71
[  846.846652][T15208] FAULT_INJECTION: forcing a failure.
[  846.846652][T15208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  846.862552][ T5890] usb 1-1: Using ep0 maxpacket: 8
[  846.867822][T15208] CPU: 0 UID: 0 PID: 15208 Comm: syz.1.2409 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  846.878265][T15208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  846.888339][T15208] Call Trace:
[  846.891605][T15208]  <TASK>
[  846.894523][T15208]  dump_stack_lvl+0x241/0x360
[  846.899193][T15208]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.904388][T15208]  ? __pfx__printk+0x10/0x10
[  846.908964][T15208]  ? __pfx_lock_release+0x10/0x10
[  846.913976][T15208]  ? __lock_acquire+0x1397/0x2100
[  846.919075][T15208]  should_fail_ex+0x3b0/0x4e0
[  846.923750][T15208]  _copy_from_user+0x2f/0xc0
[  846.928331][T15208]  kstrtouint_from_user+0xc6/0x190
[  846.933431][T15208]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  846.939137][T15208]  ? __pfx_lock_acquire+0x10/0x10
[  846.944151][T15208]  proc_fail_nth_write+0xaa/0x2d0
[  846.949155][T15208]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  846.955036][T15208]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  846.960652][T15208]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  846.966266][T15208]  vfs_write+0x2a3/0xd30
[  846.970500][T15208]  ? __pfx_vfs_write+0x10/0x10
[  846.975258][T15208]  ? __fget_files+0x2a/0x410
[  846.979849][T15208]  ? __fget_files+0x395/0x410
[  846.984515][T15208]  ? __fget_files+0x2a/0x410
[  846.989092][T15208]  ksys_write+0x18f/0x2b0
[  846.993408][T15208]  ? __pfx_ksys_write+0x10/0x10
[  846.998248][T15208]  ? do_syscall_64+0x100/0x230
[  847.003000][T15208]  ? do_syscall_64+0xb6/0x230
[  847.007666][T15208]  do_syscall_64+0xf3/0x230
[  847.012152][T15208]  ? clear_bhb_loop+0x35/0x90
[  847.016815][T15208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.022699][T15208] RIP: 0033:0x7ffb57f7d2ff
[  847.027105][T15208] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  847.046715][T15208] RSP: 002b:00007ffb58cd1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  847.055133][T15208] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffb57f7d2ff
[  847.063088][T15208] RDX: 0000000000000001 RSI: 00007ffb58cd10a0 RDI: 0000000000000004
[  847.071046][T15208] RBP: 00007ffb58cd1090 R08: 0000000000000000 R09: 0000000000000000
[  847.079005][T15208] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  847.086963][T15208] R13: 0000000000000000 R14: 00007ffb58135fa0 R15: 00007ffc12b664d8
[  847.094931][T15208]  </TASK>
[  847.097946][    C0] vkms_vblank_simulate: vblank timer overrun
[  847.227345][ T5890] usb 1-1: config 0 interface 0 has no altsetting 0
[  847.237715][ T5890] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  847.246950][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.255283][ T5890] usb 1-1: Product: syz
[  847.259743][ T5890] usb 1-1: Manufacturer: syz
[  847.264470][ T5890] usb 1-1: SerialNumber: syz
[  847.270330][ T5890] usb 1-1: config 0 descriptor??
[  847.276832][ T5890] hub 1-1:0.0: bad descriptor, ignoring hub
[  847.284219][ T5890] hub 1-1:0.0: probe with driver hub failed with error -5
[  847.292250][ T5890] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  847.322506][   T25] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  847.332702][   T25] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  848.362875][ T5890] gspca_zc3xx: reg_w_i err -71
[  848.365937][   T25] usb 3-1: USB disconnect, device number 43
[  849.322659][ T5890] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  849.342129][ T5890] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  849.433422][   T55] Bluetooth: hci5: sending frame failed (-49)
[  849.441326][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  849.613232][ T5890] usb 1-1: reset high-speed USB device number 49 using dummy_hcd
[  850.216778][T15193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  850.226047][T15193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  850.242078][ T5890] usb 1-1: failed to restore interface 0 altsetting 6 (error=-71)
[  850.659736][T15251] fuse: Unknown parameter '00000000000000000000'
[  850.673413][ T5890] usb 1-1: USB disconnect, device number 49
[  850.826236][   T12] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  850.963225][T15257] overlayfs: failed to resolve './file1': -2
[  851.034374][T15268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2422'.
[  851.052951][T13668] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  852.105335][T15279] binder: BINDER_SET_CONTEXT_MGR already set
[  852.111606][T15279] binder: 15271:15279 ioctl 4018620d 20000380 returned -16
[  853.982724][   T25] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  854.068593][T15301] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2436'.
[  854.112458][ T5919] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  854.142801][   T25] usb 5-1: Using ep0 maxpacket: 16
[  854.150940][   T25] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  854.153168][T15303] netlink: 'syz.3.2437': attribute type 4 has an invalid length.
[  854.165094][   T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  854.189696][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  854.202836][   T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  854.211908][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  854.220510][   T25] usb 5-1: Product: syz
[  854.225113][   T25] usb 5-1: Manufacturer: syz
[  854.229735][   T25] usb 5-1: SerialNumber: syz
[  854.263816][ T5919] usb 1-1: Using ep0 maxpacket: 8
[  854.271581][ T5919] usb 1-1: config 0 has an invalid interface number: 224 but max is 0
[  854.275015][T15307] overlayfs: failed to resolve './file1': -2
[  854.282778][ T5919] usb 1-1: config 0 has no interface number 0
[  854.292776][ T5919] usb 1-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice= 3.0e
[  854.301842][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.312598][ T5919] usb 1-1: config 0 descriptor??
[  854.417330][T15311] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  854.503398][T15287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  854.515346][T15287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  854.610135][ T5891] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  854.610410][T15292] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2429'.
[  855.227959][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  855.239613][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  855.243148][   T25] usb 5-1: 0:2 : does not exist
[  855.252189][ T5891] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  855.272414][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.298801][ T5891] usb 4-1: config 0 descriptor??
[  855.779291][T15309] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2440'.
[  856.152448][    T8] usb 1-1: USB disconnect, device number 50
[  856.548673][ T5891] usbhid 4-1:0.0: can't add hid device: -71
[  856.555215][ T5891] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  856.566359][ T5891] usb 4-1: USB disconnect, device number 30
[  856.571426][   T25] usb 5-1: 1:0: failed to get current value for ch 0 (-22)
[  856.645054][   T25] usb 5-1: USB disconnect, device number 39
[  856.805468][   T12] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  857.193323][T15339] netlink: 'syz.0.2450': attribute type 4 has an invalid length.
[  857.215249][T15339] infiniband syz0: set active
[  857.225372][ T5919] lo speed is unknown, defaulting to 1000
[  857.233861][ T5919] lo speed is unknown, defaulting to 1000
[  857.250427][T15341] overlayfs: failed to resolve './file1': -2
[  857.291846][T15339] infiniband syz0: set down
[  857.387862][T15350] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2452'.
[  857.426304][T15350] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2452'.
[  857.456530][T15350] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2452'.
[  857.486966][T15350] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2452'.
[  857.499487][ T5919] lo speed is unknown, defaulting to 1000
[  857.516816][ T5919] lo speed is unknown, defaulting to 1000
[  858.328629][T15358] trusted_key: encrypted_key: insufficient parameters specified
[  859.704201][T15368] FAULT_INJECTION: forcing a failure.
[  859.704201][T15368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  859.717641][T15368] CPU: 1 UID: 0 PID: 15368 Comm: syz.2.2458 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  859.728087][T15368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  859.738166][T15368] Call Trace:
[  859.741468][T15368]  <TASK>
[  859.744414][T15368]  dump_stack_lvl+0x241/0x360
[  859.749121][T15368]  ? __pfx_dump_stack_lvl+0x10/0x10
[  859.754350][T15368]  ? __pfx__printk+0x10/0x10
[  859.758973][T15368]  ? vfs_write+0x730/0xd30
[  859.762665][    T8] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  859.763398][T15368]  should_fail_ex+0x3b0/0x4e0
[  859.775624][T15368]  _copy_from_user+0x2f/0xc0
[  859.780235][T15368]  move_addr_to_kernel+0x82/0x150
[  859.785300][T15368]  __sys_bind+0x124/0x290
[  859.789654][T15368]  ? __pfx___sys_bind+0x10/0x10
[  859.794520][T15368]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  859.800876][T15368]  ? do_syscall_64+0x100/0x230
[  859.805674][T15368]  __x64_sys_bind+0x7a/0x90
[  859.810185][T15368]  do_syscall_64+0xf3/0x230
[  859.814710][T15368]  ? clear_bhb_loop+0x35/0x90
[  859.819393][T15368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.825305][T15368] RIP: 0033:0x7f12af17e819
[  859.829738][T15368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  859.849357][T15368] RSP: 002b:00007f12afff3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  859.857783][T15368] RAX: ffffffffffffffda RBX: 00007f12af335fa0 RCX: 00007f12af17e819
[  859.865809][T15368] RDX: 0000000000000067 RSI: 0000000020000040 RDI: 0000000000000004
[  859.873787][T15368] RBP: 00007f12afff3090 R08: 0000000000000000 R09: 0000000000000000
[  859.881773][T15368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  859.889769][T15368] R13: 0000000000000000 R14: 00007f12af335fa0 R15: 00007ffd01136c88
[  859.897767][T15368]  </TASK>
[  860.010755][T15377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2462'.
[  860.020137][T15377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2462'.
[  860.063256][    T8] usb 1-1: Using ep0 maxpacket: 32
[  860.261976][    T8] usb 1-1: unable to read config index 0 descriptor/start: -61
[  860.269956][    T8] usb 1-1: can't read configurations, error -61
[  860.583404][    T8] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  860.677865][T15389] netlink: 'syz.0.2466': attribute type 4 has an invalid length.
[  860.706955][T15389] infiniband syz0: set active
[  860.715206][ T5891] lo speed is unknown, defaulting to 1000
[  860.721422][ T5891] lo speed is unknown, defaulting to 1000
[  860.746185][T15389] infiniband syz0: set down
[  860.758201][ T5891] lo speed is unknown, defaulting to 1000
[  860.771485][ T5891] lo speed is unknown, defaulting to 1000
[  861.759823][T15400] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2469'.
[  861.786494][T15400] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2469'.
[  861.816145][T15400] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2469'.
[  861.825736][T15400] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2469'.
[  862.565124][T13668] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  863.052509][    T8] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  863.175698][T15434] netlink: 'syz.4.2479': attribute type 4 has an invalid length.
[  863.183753][T15435] sp0: Synchronizing with TNC
[  863.205634][    T8] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  863.215292][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.226308][    T8] usb 3-1: config 0 descriptor??
[  863.293500][T15436] fuse: Unknown parameter 'user_i00000000000000000000'
[  863.481911][    T8] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  863.501548][    T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  863.525394][    T8] [drm:udl_init] *ERROR* Selecting channel failed
[  863.549745][    T8] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  863.567278][    T8] [drm] Initialized udl on minor 2
[  863.646134][    T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  863.658596][    T8] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  863.668294][ T5891] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  863.678561][ T5891] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  864.061436][    T8] usb 3-1: USB disconnect, device number 44
[  864.778137][T15460] random: crng reseeded on system resumption
[  864.911197][T15468] binder: 15467:15468 ioctl c0306201 20000580 returned -22
[  865.694774][T15477] netlink: 'syz.0.2491': attribute type 4 has an invalid length.
[  865.715467][T15477] infiniband syz0: set active
[  865.721471][ T5890] lo speed is unknown, defaulting to 1000
[  865.728070][ T5890] lo speed is unknown, defaulting to 1000
[  865.740582][T15477] infiniband syz0: set down
[  865.756110][ T5890] lo speed is unknown, defaulting to 1000
[  865.768945][ T5891] lo speed is unknown, defaulting to 1000
[  865.830695][T15481] netlink: 'syz.0.2493': attribute type 9 has an invalid length.
[  865.839445][T15481] __nla_validate_parse: 4 callbacks suppressed
[  865.839461][T15481] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2493'.
[  865.952502][    T8] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  865.979431][T15483] loop2: detected capacity change from 0 to 7
[  865.991354][T15483] Dev loop2: unable to read RDB block 7
[  865.998190][T15483]  loop2: AHDI p1 p2
[  866.003024][T15483] loop2: partition table partially beyond EOD, truncated
[  866.010316][T15483] loop2: p1 start 693664321 is beyond EOD, truncated
[  866.115966][    T8] usb 3-1: config 0 interface 0 has no altsetting 0
[  866.123178][    T8] usb 3-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  866.152897][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.189227][    T8] usb 3-1: config 0 descriptor??
[  866.275069][    T8] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 found
[  866.980917][    T8] snd_usb_toneport 3-1:0.0: set_interface failed
[  866.987626][    T8] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 now disconnected
[  866.996005][    T8] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  867.007421][    T8] usb 3-1: USB disconnect, device number 45
[  868.178514][T15510] netlink: 'syz.2.2503': attribute type 4 has an invalid length.
[  868.322776][   T53] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  868.738703][   T29] kauditd_printk_skb: 41 callbacks suppressed
[  868.745921][   T29] audit: type=1326 audit(1732638835.015:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  868.768342][   T29] audit: type=1326 audit(1732638835.015:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  868.824192][   T29] audit: type=1326 audit(1732638835.015:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  868.887141][   T29] audit: type=1326 audit(1732638835.015:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  868.947891][   T29] audit: type=1326 audit(1732638835.015:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  868.969314][    C0] vkms_vblank_simulate: vblank timer overrun
[  869.432105][   T29] audit: type=1326 audit(1732638835.015:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  869.453598][    C0] vkms_vblank_simulate: vblank timer overrun
[  869.498763][   T29] audit: type=1326 audit(1732638835.015:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  869.520200][    C0] vkms_vblank_simulate: vblank timer overrun
[  869.526953][   T29] audit: type=1326 audit(1732638835.015:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  869.548939][   T29] audit: type=1326 audit(1732638835.015:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  869.570343][    C0] vkms_vblank_simulate: vblank timer overrun
[  869.642835][   T29] audit: type=1326 audit(1732638835.015:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15532 comm="syz.4.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  869.803005][ T5890] usb 1-1: new low-speed USB device number 53 using dummy_hcd
[  869.825040][T15558] loop2: detected capacity change from 0 to 7
[  869.831784][T15558] Dev loop2: unable to read RDB block 7
[  869.838720][T15558]  loop2: AHDI p1 p2
[  869.844616][T15558] loop2: partition table partially beyond EOD, truncated
[  869.853486][T15558] loop2: p1 start 693664321 is beyond EOD, truncated
[  869.922882][T15560] netlink: 'syz.4.2517': attribute type 4 has an invalid length.
[  869.965376][ T5890] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  869.982635][ T5890] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  870.002931][ T5890] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  870.035201][ T5890] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  870.076693][ T5890] usb 1-1: string descriptor 0 read error: -22
[  870.092515][ T5890] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  870.122135][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.148891][ T5890] usb 1-1: 0:2 : does not exist
[  870.245431][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  870.254495][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  870.260815][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  870.353046][ T5891] usb 1-1: USB disconnect, device number 53
[  870.370648][T15568] IPVS: set_ctl: invalid protocol: 51 100.1.1.1:19997
[  870.407655][ T5890] IPVS: starting estimator thread 0...
[  870.743439][T15571] IPVS: using max 24 ests per chain, 57600 per kthread
[  872.973034][T15594] netlink: 'syz.0.2529': attribute type 4 has an invalid length.
[  873.203277][T15594] infiniband syz0: set active
[  873.226982][T15594] infiniband syz0: set down
[  873.258827][ T5891] lo speed is unknown, defaulting to 1000
[  873.312042][  T972] lo speed is unknown, defaulting to 1000
[  873.318253][  T972] lo speed is unknown, defaulting to 1000
[  873.446674][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  873.557994][T15613] loop2: detected capacity change from 0 to 7
[  873.568457][T15613] Dev loop2: unable to read RDB block 7
[  873.582987][T15613]  loop2: AHDI p1 p2
[  873.592719][T15613] loop2: partition table partially beyond EOD, truncated
[  873.605083][T15613] loop2: p1 start 693664321 is beyond EOD, truncated
[  873.678191][T15616] fuse: Unknown parameter '00000000000000000000'
[  874.308568][ T5891] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  874.464313][ T5891] usb 4-1: Using ep0 maxpacket: 8
[  874.515564][T15623] Invalid ELF header type: 3 != 1
[  875.362982][   T35] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  875.405661][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  875.417418][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  875.427436][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  875.440533][ T5891] usb 4-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice= 0.00
[  875.450129][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  875.464719][ T5891] usb 4-1: config 0 descriptor??
[  875.705878][ T5891] usbhid 4-1:0.0: can't add hid device: -71
[  875.711895][ T5891] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  875.725420][ T5891] usb 4-1: USB disconnect, device number 31
[  876.055416][T15636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  878.341297][T15644] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  878.433221][T15659] netlink: 'syz.4.2545': attribute type 4 has an invalid length.
[  878.528930][T15666] FAULT_INJECTION: forcing a failure.
[  878.528930][T15666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  878.557729][T15666] CPU: 0 UID: 0 PID: 15666 Comm: syz.1.2548 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  878.568195][T15666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  878.578271][T15666] Call Trace:
[  878.581566][T15666]  <TASK>
[  878.584508][T15666]  dump_stack_lvl+0x241/0x360
[  878.589212][T15666]  ? __pfx_dump_stack_lvl+0x10/0x10
[  878.594441][T15666]  ? __pfx__printk+0x10/0x10
[  878.599063][T15666]  ? _raw_spin_unlock+0x28/0x50
[  878.603952][T15666]  ? drm_ioctl_kernel+0x337/0x440
[  878.609009][T15666]  should_fail_ex+0x3b0/0x4e0
[  878.613718][T15666]  _copy_to_user+0x31/0xb0
[  878.618158][T15666]  drm_ioctl+0x635/0xad0
[  878.622421][T15666]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  878.628254][T15666]  ? __pfx_drm_ioctl+0x10/0x10
[  878.633049][T15666]  ? __fget_files+0x2a/0x410
[  878.637663][T15666]  ? __pfx_drm_ioctl+0x10/0x10
[  878.642450][T15666]  __se_sys_ioctl+0xf5/0x170
[  878.647184][T15666]  do_syscall_64+0xf3/0x230
[  878.651706][T15666]  ? clear_bhb_loop+0x35/0x90
[  878.656396][T15666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.662316][T15666] RIP: 0033:0x7ffb57f7e819
[  878.666756][T15666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  878.686389][T15666] RSP: 002b:00007ffb58cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  878.694832][T15666] RAX: ffffffffffffffda RBX: 00007ffb58135fa0 RCX: 00007ffb57f7e819
[  878.702808][T15666] RDX: 0000000020000840 RSI: 00000000c03864bc RDI: 0000000000000003
[  878.710803][T15666] RBP: 00007ffb58cd1090 R08: 0000000000000000 R09: 0000000000000000
[  878.718796][T15666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  878.726791][T15666] R13: 0000000000000000 R14: 00007ffb58135fa0 R15: 00007ffc12b664d8
[  878.734800][T15666]  </TASK>
[  878.918170][T15664] fuse: Unknown parameter '00000000000000000000'
[  880.002697][ T5919] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  880.012415][   T25] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  880.143062][   T25] usb 2-1: device descriptor read/64, error -71
[  880.162464][ T5919] usb 1-1: Using ep0 maxpacket: 8
[  880.169196][ T5919] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  880.177782][ T5919] usb 1-1: config 0 has no interface number 0
[  880.184636][ T5919] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  880.195945][ T5919] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  880.214531][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.238002][ T5919] usb 1-1: config 0 descriptor??
[  880.256159][ T5919] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  880.277602][T15712] netlink: 'syz.3.2559': attribute type 4 has an invalid length.
[  880.369475][T15716] input: syz0 as /devices/virtual/input/input23
[  880.378843][T15716] input: failed to attach handler leds to device input23, error: -6
[  880.385261][T15720] binder: 15719:15720 ioctl c0306201 20000580 returned -22
[  880.394939][   T25] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  880.456355][  T972] usb 1-1: USB disconnect, device number 54
[  880.464179][  T972] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected
[  880.542539][   T25] usb 2-1: device descriptor read/64, error -71
[  880.652502][ T5919] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  880.661822][   T25] usb usb2-port1: attempt power cycle
[  880.823934][ T5919] usb 3-1: config 0 interface 0 has no altsetting 0
[  880.830715][ T5919] usb 3-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  880.839966][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.849356][ T5919] usb 3-1: config 0 descriptor??
[  880.857444][ T5919] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 found
[  880.916544][T15725] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2565'.
[  881.217220][   T25] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  881.240119][ T5919] snd_usb_toneport 3-1:0.0: set_interface failed
[  881.252216][   T25] usb 2-1: device descriptor read/8, error -71
[  881.258695][ T5919] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 now disconnected
[  881.273138][ T5919] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  881.291702][ T5919] usb 3-1: USB disconnect, device number 46
[  882.381547][T15733] 8021q: adding VLAN 0 to HW filter on device bond0
[  882.390535][T15733] bond0: (slave gre1): The slave device specified does not support setting the MAC address
[  882.401892][T15733] bond0: (slave gre1): Error -95 calling set_mac_address
[  882.620246][T15737] trusted_key: encrypted_key: master key parameter '' is invalid
[  882.720692][T15739] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2570'.
[  882.737912][   T25] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  882.749039][T15744] netlink: 'syz.3.2572': attribute type 4 has an invalid length.
[  882.763642][   T25] usb 2-1: device descriptor read/8, error -71
[  882.967350][   T25] usb usb2-port1: unable to enumerate USB device
[  885.531875][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  885.531894][   T29] audit: type=1326 audit(1732638851.805:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15781 comm="syz.1.2585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb57f7e819 code=0x0
[  885.559057][    C0] vkms_vblank_simulate: vblank timer overrun
[  885.565733][ T5891] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  885.585404][T15779] netlink: 'syz.0.2583': attribute type 4 has an invalid length.
[  885.772420][ T5891] usb 4-1: Using ep0 maxpacket: 16
[  885.845638][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  885.859051][   T29] audit: type=1326 audit(1732638852.125:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.2.2587" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12af17e819 code=0x0
[  885.902524][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  885.938113][T15793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2588'.
[  885.943860][ T5891] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  886.131744][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.899213][ T5891] usb 4-1: Product: syz
[  886.903908][ T5891] usb 4-1: Manufacturer: syz
[  886.908906][ T5891] usb 4-1: SerialNumber: syz
[  886.916153][ T5891] usb 4-1: config 0 descriptor??
[  886.924173][ T5891] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  886.937500][ T5891] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  887.002055][   T29] audit: type=1326 audit(1732638853.275:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.024787][   T29] audit: type=1326 audit(1732638853.275:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.053190][   T29] audit: type=1326 audit(1732638853.275:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.080932][   T29] audit: type=1326 audit(1732638853.275:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.106022][   T29] audit: type=1326 audit(1732638853.275:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.132762][   T29] audit: type=1326 audit(1732638853.275:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.201788][   T29] audit: type=1326 audit(1732638853.275:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.230830][   T29] audit: type=1326 audit(1732638853.275:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15803 comm="syz.4.2591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58bd37e819 code=0x7ffc0000
[  887.360956][T15820] netlink: 'syz.1.2598': attribute type 4 has an invalid length.
[  887.537979][T15773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  887.546961][T15773] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  887.625564][ T5891] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  887.639614][ T5891] em28xx 4-1:0.0: Config register raw data: 0x41
[  887.839579][ T5891] usb 4-1: USB disconnect, device number 32
[  887.847538][ T5891] em28xx 4-1:0.0: Disconnecting em28xx
[  887.864685][ T5891] em28xx 4-1:0.0: Freeing device
[  889.642033][    T8] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  889.776514][T15852] netlink: 'syz.4.2609': attribute type 4 has an invalid length.
[  889.867900][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  889.879173][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  889.889131][    T8] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  889.898335][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.908749][    T8] usb 4-1: config 0 descriptor??
[  890.615685][T15847] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2605'.
[  891.312098][T15879] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2615'.
[  892.422428][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  892.438671][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  892.470029][    T8] usb 4-1: USB disconnect, device number 33
[  892.637963][T15896] netlink: 'syz.3.2623': attribute type 4 has an invalid length.
[  892.883738][T15906] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2628'.
[  893.090056][T15908] 9pnet_fd: Insufficient options for proto=fd
[  896.563689][T15936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2633'.
[  897.199699][T15942] dummy0: entered promiscuous mode
[  897.268502][T15942] dummy0: left promiscuous mode
[  897.308552][T15959] netlink: 'syz.0.2637': attribute type 4 has an invalid length.
[  897.534940][T15961] 9pnet_fd: Insufficient options for proto=fd
[  897.891602][T15956] ceph: No mds server is up or the cluster is laggy
[  898.234331][ T5919] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  898.409423][ T5919] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  898.631840][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.641952][ T5919] usb 4-1: config 0 descriptor??
[  898.648884][ T5919] cp210x 4-1:0.0: cp210x converter detected
[  898.798250][T15982] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2649'.
[  899.362093][T15991] fuse: Unknown parameter '00000000000000000000'
[  900.263345][ T5919] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  900.281352][ T5919] usb 4-1: cp210x converter now attached to ttyUSB0
[  900.678204][ T5890] usb 4-1: USB disconnect, device number 34
[  900.693390][ T5890] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  900.713912][ T5890] cp210x 4-1:0.0: device disconnected
[  900.901630][T16003] netlink: 'syz.4.2653': attribute type 4 has an invalid length.
[  901.255847][T16013] 9pnet_fd: Insufficient options for proto=fd
[  901.432740][T16019] ubi: mtd0 is already attached to ubi0
[  901.472883][  T972] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  901.546501][T16023] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2663'.
[  901.565965][T16023] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2663'.
[  901.586071][T16023] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2663'.
[  901.599336][T16031] loop2: detected capacity change from 0 to 7
[  901.605813][T16023] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2663'.
[  901.611501][T16031] Dev loop2: unable to read RDB block 7
[  901.632475][T16031]  loop2: AHDI p1 p2
[  901.640072][T16031] loop2: partition table partially beyond EOD, truncated
[  901.650167][  T972] usb 3-1: Using ep0 maxpacket: 32
[  901.662007][T16031] loop2: p1 start 693664321 is beyond EOD, truncated
[  901.671233][  T972] usb 3-1: config 0 has an invalid interface number: 244 but max is 0
[  901.684373][  T972] usb 3-1: config 0 has no interface number 0
[  901.695531][  T972] usb 3-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  901.719093][  T972] usb 3-1: config 0 interface 244 has no altsetting 0
[  901.739482][  T972] usb 3-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  901.749966][  T972] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  901.766968][  T972] usb 3-1: Product: syz
[  901.777573][  T972] usb 3-1: Manufacturer: syz
[  901.787471][  T972] usb 3-1: SerialNumber: syz
[  901.800729][  T972] usb 3-1: config 0 descriptor??
[  901.818077][  T972] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort found
[  901.915900][T16036] netlink: 'syz.1.2666': attribute type 4 has an invalid length.
[  902.054017][  T972] snd_usb_toneport 3-1:0.244: cannot get proper max packet size
[  902.062703][  T972] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort now disconnected
[  902.071795][  T972] snd_usb_toneport 3-1:0.244: probe with driver snd_usb_toneport failed with error -22
[  902.519958][T16046] binder: 16045:16046 ioctl c0306201 20000580 returned -22
[  902.621468][T16052] 9pnet_fd: Insufficient options for proto=fd
[  902.772437][  T972] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  902.952703][ T5890] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  903.603029][  T972] usb 5-1: config 0 interface 0 has no altsetting 0
[  903.668775][  T972] usb 5-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  903.678255][  T972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.689538][  T972] usb 5-1: config 0 descriptor??
[  903.698362][  T972] snd_usb_toneport 5-1:0.0: Line 6 POD Studio UX1 found
[  903.703141][T16067] netlink: 'syz.1.2677': attribute type 4 has an invalid length.
[  903.713254][ T5890] usb 1-1: device descriptor read/64, error -71
[  903.914745][T16046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.923425][T16046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.952383][ T5890] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  904.057482][T16078] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2680'.
[  904.092414][ T5890] usb 1-1: device descriptor read/64, error -71
[  904.211106][ T5890] usb usb1-port1: attempt power cycle
[  904.220656][ T5919] usb 3-1: USB disconnect, device number 47
[  904.337587][T16087] overlayfs: missing 'lowerdir'
[  904.456256][  T972] snd_usb_toneport 5-1:0.0: set_interface failed
[  904.464515][  T972] snd_usb_toneport 5-1:0.0: Line 6 POD Studio UX1 now disconnected
[  904.483569][  T972] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  904.499416][  T972] usb 5-1: USB disconnect, device number 40
[  904.554087][ T5890] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  904.587910][ T5890] usb 1-1: device descriptor read/8, error -71
[  904.733159][T16098] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2689'.
[  904.760250][T16095] netlink: 'syz.4.2688': attribute type 4 has an invalid length.
[  904.923012][ T5890] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  905.213150][ T5890] usb 1-1: device descriptor read/8, error -71
[  905.300536][T16107] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2693'.
[  905.325827][ T5890] usb usb1-port1: unable to enumerate USB device
[  905.392722][T16108] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2693'.
[  905.487266][T16119] FAULT_INJECTION: forcing a failure.
[  905.487266][T16119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  905.504247][T16119] CPU: 0 UID: 0 PID: 16119 Comm: syz.1.2694 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  905.514708][T16119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  905.524782][T16119] Call Trace:
[  905.528068][T16119]  <TASK>
[  905.531000][T16119]  dump_stack_lvl+0x241/0x360
[  905.535693][T16119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  905.540894][T16119]  ? __pfx__printk+0x10/0x10
[  905.545491][T16119]  ? snprintf+0xda/0x120
[  905.549736][T16119]  should_fail_ex+0x3b0/0x4e0
[  905.554419][T16119]  _copy_to_user+0x31/0xb0
[  905.558865][T16119]  simple_read_from_buffer+0xca/0x150
[  905.564241][T16119]  proc_fail_nth_read+0x1e9/0x250
[  905.569260][T16119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  905.574803][T16119]  ? rw_verify_area+0x55e/0x6f0
[  905.579649][T16119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  905.585192][T16119]  vfs_read+0x1fc/0xb70
[  905.589351][T16119]  ? __pfx___mutex_lock+0x10/0x10
[  905.594376][T16119]  ? __pfx_vfs_read+0x10/0x10
[  905.599593][T16119]  ? __fget_files+0x2a/0x410
[  905.604219][T16119]  ? __fget_files+0x395/0x410
[  905.608911][T16119]  ? __fget_files+0x2a/0x410
[  905.613504][T16119]  ksys_read+0x18f/0x2b0
[  905.617756][T16119]  ? __pfx_ksys_read+0x10/0x10
[  905.622599][T16119]  ? do_syscall_64+0x100/0x230
[  905.627405][T16119]  ? do_syscall_64+0xb6/0x230
[  905.632091][T16119]  do_syscall_64+0xf3/0x230
[  905.636603][T16119]  ? clear_bhb_loop+0x35/0x90
[  905.641277][T16119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  905.647170][T16119] RIP: 0033:0x7ffb57f7d25c
[  905.651579][T16119] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  905.671186][T16119] RSP: 002b:00007ffb58cd1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  905.679598][T16119] RAX: ffffffffffffffda RBX: 00007ffb58135fa0 RCX: 00007ffb57f7d25c
[  905.687564][T16119] RDX: 000000000000000f RSI: 00007ffb58cd10a0 RDI: 0000000000000004
[  905.695527][T16119] RBP: 00007ffb58cd1090 R08: 0000000000000000 R09: 0000000000000000
[  905.703491][T16119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  905.711454][T16119] R13: 0000000000000000 R14: 00007ffb58135fa0 R15: 00007ffc12b664d8
[  905.719428][T16119]  </TASK>
[  905.722541][    C0] vkms_vblank_simulate: vblank timer overrun
[  905.773854][T16123] overlayfs: missing 'lowerdir'
[  905.822415][T16128] binder: 16127:16128 ioctl c0306201 20000580 returned -22
[  906.268520][ T5890] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  906.281001][T16142] binder: 16137:16142 ioctl c0306201 0 returned -14
[  907.205081][ T5890] usb 2-1: config 0 interface 0 has no altsetting 0
[  907.205121][ T5890] usb 2-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  907.205142][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.207158][ T5890] usb 2-1: config 0 descriptor??
[  907.210277][ T5890] snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX1 found
[  907.435616][T16160] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2710'.
[  907.446535][T16128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  907.461292][T16128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  907.534748][T16168] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2711'.
[  907.560449][T16169] overlayfs: missing 'lowerdir'
[  907.859271][T16186] binder: 16184:16186 ioctl c0306201 0 returned -14
[  907.994124][ T5890] snd_usb_toneport 2-1:0.0: set_interface failed
[  908.005845][ T5890] snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX1 now disconnected
[  908.024706][ T5890] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  908.051779][ T5890] usb 2-1: USB disconnect, device number 38
[  908.565676][T16209] binder: 16207:16209 ioctl c0306201 20000580 returned -22
[  908.812427][ T5919] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  908.984129][ T5919] usb 1-1: config 0 interface 0 has no altsetting 0
[  909.003290][ T5919] usb 1-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  909.035750][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  909.047898][T16225] netlink: 'syz.4.2735': attribute type 4 has an invalid length.
[  909.066806][ T5919] usb 1-1: config 0 descriptor??
[  909.083527][ T5919] snd_usb_toneport 1-1:0.0: Line 6 POD Studio UX1 found
[  909.109424][T16227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2737'.
[  909.272496][  T972] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  909.291907][T16209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  909.323468][T16209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  909.452406][  T972] usb 2-1: Using ep0 maxpacket: 8
[  909.464827][  T972] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  909.473331][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  909.485686][  T972] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  909.498106][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  909.510158][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  909.539150][  T972] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  909.552625][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  909.579191][  T972] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  909.591920][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  909.604148][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  909.624293][  T972] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  909.631924][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  909.654779][  T972] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  909.691550][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  909.722914][  T972] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  909.747501][  T972] usb 2-1: string descriptor 0 read error: -22
[  909.754201][  T972] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  909.765432][  T972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.782860][  T972] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  909.901667][ T5919] snd_usb_toneport 1-1:0.0: set_interface failed
[  909.919261][ T5919] snd_usb_toneport 1-1:0.0: Line 6 POD Studio UX1 now disconnected
[  909.939533][ T5919] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  909.963289][ T5919] usb 1-1: USB disconnect, device number 59
[  910.072685][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  910.072706][   T29] audit: type=1326 audit(1732638876.305:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16228 comm="syz.1.2736" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb57f7e819 code=0x0
[  910.147710][   T25] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  910.464269][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  910.476133][   T25] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  910.485792][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.494641][   T25] usb 5-1: config 0 descriptor??
[  911.500286][T16242] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  911.559437][T16265] netlink: 'syz.2.2748': attribute type 4 has an invalid length.
[  912.162503][ T5919] usb 2-1: USB disconnect, device number 39
[  912.456797][   T25] ath6kl: Failed to submit usb control message: -71
[  912.464647][   T25] ath6kl: unable to send the bmi data to the device: -71
[  912.474090][   T25] ath6kl: Unable to send get target info: -71
[  912.508183][   T25] ath6kl: Failed to init ath6kl core: -71
[  912.644623][   T25] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  912.811657][   T25] usb 5-1: USB disconnect, device number 41
[  913.024490][T16285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2752'.
[  913.063955][T16287] binder: 16286:16287 ioctl c0306201 20000580 returned -22
[  913.312384][ T5919] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  913.464588][ T5919] usb 3-1: config 0 interface 0 has no altsetting 0
[  913.471257][ T5919] usb 3-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  913.491750][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  913.502868][ T5919] usb 3-1: config 0 descriptor??
[  913.509474][T16298] netlink: 'syz.3.2759': attribute type 4 has an invalid length.
[  913.510915][ T5919] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 found
[  914.306895][ T5919] snd_usb_toneport 3-1:0.0: set_interface failed
[  914.337344][ T5919] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 now disconnected
[  914.719038][ T5919] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  915.071131][ T5919] usb 3-1: USB disconnect, device number 48
[  915.197979][T16340] netlink: 'syz.4.2770': attribute type 4 has an invalid length.
[  915.212771][ T5891] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  915.306534][T16346] netlink: 'syz.0.2774': attribute type 12 has an invalid length.
[  915.496018][T16355] binder: 16354:16355 ioctl c0306201 20000580 returned -22
[  915.538744][ T5891] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  915.556799][ T5891] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  915.566996][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  915.576190][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.586350][T16318] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  915.595724][ T5891] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  915.752516][ T5919] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  915.762847][   T25] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  915.852048][ T5891] usb 4-1: USB disconnect, device number 35
[  915.925028][   T25] usb 2-1: config 0 interface 0 has no altsetting 0
[  915.932112][   T25] usb 2-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  915.941410][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.952844][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.962176][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  915.973274][   T25] usb 2-1: config 0 descriptor??
[  915.978578][ T5919] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  915.988248][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.998261][   T25] snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX1 found
[  916.014670][ T5919] usb 1-1: config 0 descriptor??
[  916.257993][T16360] netlink: 'syz.2.2780': attribute type 2 has an invalid length.
[  916.266238][T16360] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2780'.
[  916.438513][ T5919] isku 0003:1E7D:319C.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.0-1/input0
[  916.471411][T16373] FAULT_INJECTION: forcing a failure.
[  916.471411][T16373] name failslab, interval 1, probability 0, space 0, times 0
[  916.492446][T16373] CPU: 0 UID: 0 PID: 16373 Comm: syz.2.2784 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  916.502906][T16373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  916.512977][T16373] Call Trace:
[  916.516287][T16373]  <TASK>
[  916.519234][T16373]  dump_stack_lvl+0x241/0x360
[  916.523952][T16373]  ? __pfx_dump_stack_lvl+0x10/0x10
[  916.529261][T16373]  ? __pfx__printk+0x10/0x10
[  916.533888][T16373]  ? fs_reclaim_acquire+0x93/0x130
[  916.539037][T16373]  ? __pfx___might_resched+0x10/0x10
[  916.544532][T16373]  should_fail_ex+0x3b0/0x4e0
[  916.549249][T16373]  should_failslab+0xac/0x100
[  916.553956][T16373]  __kmalloc_noprof+0xdd/0x4c0
[  916.558747][T16373]  ? kstrtouint_from_user+0x128/0x190
[  916.564129][T16373]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  916.569860][T16373]  tomoyo_realpath_from_path+0xcf/0x5e0
[  916.575412][T16373]  tomoyo_path_number_perm+0x236/0x860
[  916.580872][T16373]  ? rcu_read_lock_any_held+0xb7/0x160
[  916.586359][T16373]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  916.592257][T16373]  ? tomoyo_path_number_perm+0x206/0x860
[  916.597914][T16373]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  916.603542][T16373]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  916.609569][T16373]  ? sb_end_write+0xe9/0x1c0
[  916.614272][T16373]  ? vfs_write+0x730/0xd30
[  916.618734][T16373]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  916.624730][T16373]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  916.631063][T16373]  security_file_ioctl+0xc6/0x2a0
[  916.636127][T16373]  __se_sys_ioctl+0x46/0x170
[  916.640725][T16373]  do_syscall_64+0xf3/0x230
[  916.645238][T16373]  ? clear_bhb_loop+0x35/0x90
[  916.649913][T16373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  916.655823][T16373] RIP: 0033:0x7f12af17e819
[  916.660237][T16373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  916.679972][T16373] RSP: 002b:00007f12afff3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  916.688414][T16373] RAX: ffffffffffffffda RBX: 00007f12af335fa0 RCX: 00007f12af17e819
[  916.696396][T16373] RDX: 0000000000000003 RSI: 0000000040044160 RDI: 0000000000000004
[  916.704381][T16373] RBP: 00007f12afff3090 R08: 0000000000000000 R09: 0000000000000000
[  916.712358][T16373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  916.720331][T16373] R13: 0000000000000000 R14: 00007f12af335fa0 R15: 00007ffd01136c88
[  916.728318][T16373]  </TASK>
[  916.782517][T16373] ERROR: Out of memory at tomoyo_realpath_from_path.
[  916.957747][ T5891] usb 1-1: USB disconnect, device number 60
[  917.023495][   T25] snd_usb_toneport 2-1:0.0: set_interface failed
[  917.034155][   T25] snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX1 now disconnected
[  917.058636][   T25] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  917.073421][   T25] usb 2-1: USB disconnect, device number 40
[  917.081977][T16382] FAULT_INJECTION: forcing a failure.
[  917.081977][T16382] name failslab, interval 1, probability 0, space 0, times 0
[  917.122642][T16382] CPU: 0 UID: 0 PID: 16382 Comm: syz.3.2788 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  917.133119][T16382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  917.143203][T16382] Call Trace:
[  917.146501][T16382]  <TASK>
[  917.149459][T16382]  dump_stack_lvl+0x241/0x360
[  917.154171][T16382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  917.159402][T16382]  ? __pfx__printk+0x10/0x10
[  917.164029][T16382]  ? fs_reclaim_acquire+0x93/0x130
[  917.169183][T16382]  ? __pfx___might_resched+0x10/0x10
[  917.174501][T16382]  should_fail_ex+0x3b0/0x4e0
[  917.179215][T16382]  should_failslab+0xac/0x100
[  917.183917][T16382]  __kmalloc_noprof+0xdd/0x4c0
[  917.188703][T16382]  ? kstrtouint_from_user+0x128/0x190
[  917.194099][T16382]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  917.199847][T16382]  tomoyo_realpath_from_path+0xcf/0x5e0
[  917.205434][T16382]  tomoyo_path_number_perm+0x236/0x860
[  917.210943][T16382]  ? __lock_acquire+0x1397/0x2100
[  917.216008][T16382]  ? tomoyo_path_number_perm+0x206/0x860
[  917.221690][T16382]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  917.227742][T16382]  ? __fget_files+0x2a/0x410
[  917.232366][T16382]  ? __fget_files+0x2a/0x410
[  917.236985][T16382]  security_file_ioctl+0xc6/0x2a0
[  917.242077][T16382]  __se_sys_ioctl+0x46/0x170
[  917.246702][T16382]  do_syscall_64+0xf3/0x230
[  917.251243][T16382]  ? clear_bhb_loop+0x35/0x90
[  917.255943][T16382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  917.261864][T16382] RIP: 0033:0x7f7239d7e819
[  917.266298][T16382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  917.285930][T16382] RSP: 002b:00007f723ab6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  917.294377][T16382] RAX: ffffffffffffffda RBX: 00007f7239f35fa0 RCX: 00007f7239d7e819
[  917.302374][T16382] RDX: 00000000200001c0 RSI: 0000000040107446 RDI: 0000000000000003
[  917.310380][T16382] RBP: 00007f723ab6b090 R08: 0000000000000000 R09: 0000000000000000
[  917.318372][T16382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  917.326366][T16382] R13: 0000000000000000 R14: 00007f7239f35fa0 R15: 00007ffccc57f378
[  917.334379][T16382]  </TASK>
[  917.358965][T16382] ERROR: Out of memory at tomoyo_realpath_from_path.
[  918.345362][T16403] program syz.2.2796 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  918.386549][T16402] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2795'.
[  919.283573][T16411] binder: 16410:16411 ioctl c0306201 20000580 returned -22
[  919.320209][T16414] netlink: 'syz.4.2801': attribute type 11 has an invalid length.
[  919.328254][T16414] netlink: 204 bytes leftover after parsing attributes in process `syz.4.2801'.
[  919.532158][T16422] netlink: 'syz.0.2804': attribute type 10 has an invalid length.
[  919.540269][T16422] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2804'.
[  919.553899][ T5891] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  919.554295][T16422] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[  919.613183][    T8] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  919.722412][   T25] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  919.742035][ T5891] usb 3-1: config 0 interface 0 has no altsetting 0
[  919.755225][ T5891] usb 3-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  919.768147][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.794386][ T5891] usb 3-1: config 0 descriptor??
[  919.806778][    T8] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  919.819975][ T5891] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 found
[  919.828063][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.851848][    T8] usb 4-1: Product: syz
[  919.857185][    T8] usb 4-1: Manufacturer: syz
[  919.862912][    T8] usb 4-1: SerialNumber: syz
[  919.956061][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  919.961375][    T8] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  919.971208][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  919.972109][   T25] usb 5-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  920.080940][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.082306][ T5890] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  920.160682][   T25] usb 5-1: config 0 descriptor??
[  920.644702][   T25] wacom 0003:056A:0027.0011: unknown main item tag 0x0
[  920.669784][   T25] wacom 0003:056A:0027.0011: Unknown device_type for 'HID 056a:0027'. Assuming pen.
[  920.713710][   T25] wacom 0003:056A:0027.0011: hidraw0: USB HID v0.00 Device [HID 056a:0027] on usb-dummy_hcd.4-1/input0
[  920.761286][   T25] input: Wacom Intuos5 touch M Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0027.0011/input/input24
[  920.817458][T16414] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2801'.
[  920.917290][ T5891] snd_usb_toneport 3-1:0.0: set_interface failed
[  920.924324][ T5891] snd_usb_toneport 3-1:0.0: Line 6 POD Studio UX1 now disconnected
[  920.932663][ T5891] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  920.944822][ T5891] usb 3-1: USB disconnect, device number 49
[  921.005102][T16435] loop2: detected capacity change from 0 to 7
[  921.024935][T16435] Dev loop2: unable to read RDB block 7
[  921.117915][   T25] usb 5-1: USB disconnect, device number 42
[  921.124827][T16435]  loop2: unable to read partition table
[  921.144235][T16435] loop2: partition table beyond EOD, truncated
[  921.174466][T16435] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  921.214968][ T5890] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  921.231225][ T5890] ath9k_htc: Failed to initialize the device
[  921.277060][ T5890] usb 4-1: ath9k_htc: USB layer deinitialized
[  921.412536][ T5891] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  921.515371][ T5890] usb 4-1: USB disconnect, device number 36
[  921.593877][ T5891] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  921.642381][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.661311][ T5891] usb 2-1: config 0 descriptor??
[  921.676292][ T5891] cp210x 2-1:0.0: cp210x converter detected
[  921.887476][ T5891] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -32
[  921.906338][ T5891] cp210x 2-1:0.0: querying part number failed
[  921.916937][ T5891] usb 2-1: cp210x converter now attached to ttyUSB0
[  921.927266][ T5891] usb 2-1: USB disconnect, device number 41
[  921.937985][ T5891] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  921.948210][ T5891] cp210x 2-1:0.0: device disconnected
[  922.456358][ T5919] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  922.476122][T16466] binder: 16463:16466 ioctl c0306201 20000580 returned -22
[  922.696783][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  922.707182][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  922.718492][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  922.729339][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  922.759448][ T5919] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  922.809554][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  922.822404][   T25] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  922.862128][ T5919] usb 5-1: Product: syz
[  922.871916][ T5919] usb 5-1: Manufacturer: syz
[  922.942655][ T5919] usb 5-1: SerialNumber: syz
[  923.024333][ T5919] usb 5-1: config 0 descriptor??
[  923.031418][ T5919] garmin_gps 5-1:0.0: Garmin GPS usb/tty converter detected
[  923.039294][ T5919] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  923.046745][ T5919] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  923.596588][   T25] usb 4-1: config 0 interface 0 has no altsetting 0
[  923.603717][   T25] usb 4-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  923.620135][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.664942][   T25] usb 4-1: config 0 descriptor??
[  923.773866][   T25] snd_usb_toneport 4-1:0.0: Line 6 POD Studio UX1 found
[  923.833212][T16476] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2821'.
[  923.857248][T16476] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2821'.
[  923.873782][T16476] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2821'.
[  923.890332][T16476] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2821'.
[  923.934974][T16481] netlink: 'syz.2.2822': attribute type 1 has an invalid length.
[  923.947601][T16481] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  923.966158][T16466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  923.999758][T16466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  924.916751][   T25] snd_usb_toneport 4-1:0.0: set_interface failed
[  924.936901][   T25] snd_usb_toneport 4-1:0.0: Line 6 POD Studio UX1 now disconnected
[  924.955990][   T25] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  924.967507][   T25] usb 4-1: USB disconnect, device number 37
[  925.148280][T16513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2828'.
[  925.166825][ T5890] usb 5-1: USB disconnect, device number 43
[  925.176232][ T5890] garmin_gps 5-1:0.0: device disconnected
[  926.419833][T16530] binder: 16529:16530 ioctl c0306201 20000580 returned -22
[  926.580956][   T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  926.597649][   T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  926.606061][   T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  926.615031][   T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  926.623986][   T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  926.631355][   T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  926.649058][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  926.657509][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  926.689634][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  926.697662][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  926.712434][   T25] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  926.722345][ T5853] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  926.743223][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  926.888042][   T25] usb 5-1: config 0 interface 0 has no altsetting 0
[  926.895560][   T25] usb 5-1: New USB device found, idVendor=0e41, idProduct=4150, bcdDevice=1f.c8
[  926.920034][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.943732][   T25] usb 5-1: config 0 descriptor??
[  926.964007][   T25] snd_usb_toneport 5-1:0.0: Line 6 POD Studio UX1 found
[  926.981344][ T5834] syz_tun (unregistering): left promiscuous mode
[  927.020646][T16534] lo speed is unknown, defaulting to 1000
[  927.154953][T16530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  927.173084][T16530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  927.443124][ T5919] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  927.634962][ T5919] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  927.680833][ T5919] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  927.763575][ T5919] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  927.800081][ T5919] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  927.826510][   T25] snd_usb_toneport 5-1:0.0: set_interface failed
[  927.845305][   T25] snd_usb_toneport 5-1:0.0: Line 6 POD Studio UX1 now disconnected
[  927.862801][   T25] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  927.881746][ T5919] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  927.896486][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.906415][   T25] usb 5-1: USB disconnect, device number 44
[  927.913353][ T5919] usb 4-1: Product: syz
[  927.920538][ T5919] usb 4-1: Manufacturer: syz
[  927.925595][ T5919] usb 4-1: SerialNumber: syz
[  927.929501][T16534] chnl_net:caif_netlink_parms(): no params data found
[  927.937896][ T5919] usb 4-1: config 0 descriptor??
[  927.948397][ T5919] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected
[  927.958605][ T5919] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  928.176618][ T5919] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  928.804485][   T55] Bluetooth: hci5: command tx timeout
[  928.931972][T16534] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.954311][T16534] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.977318][T16534] bridge_slave_0: entered allmulticast mode
[  929.020102][T16534] bridge_slave_0: entered promiscuous mode
[  929.050561][T16534] bridge0: port 2(bridge_slave_1) entered blocking state
[  929.075764][T16534] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.098212][T16534] bridge_slave_1: entered allmulticast mode
[  929.105406][T16534] bridge_slave_1: entered promiscuous mode
[  929.149914][T16534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  929.175255][T16534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  929.249567][T16534] team0: Port device team_slave_0 added
[  929.264836][T16534] team0: Port device team_slave_1 added
[  929.323881][T16534] batman_adv: batadv0: Adding interface: batadv_slave_0
[  929.330868][T16534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  929.382789][T16534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  929.415009][T16534] batman_adv: batadv0: Adding interface: batadv_slave_1
[  929.421996][T16534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  929.437964][ T5919] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  929.449569][T16534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  929.624205][T16534] hsr_slave_0: entered promiscuous mode
[  929.643267][T16534] hsr_slave_1: entered promiscuous mode
[  929.659870][T16534] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  929.679859][T16534] Cannot create hsr debugfs directory
[  929.958220][T16534] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.044388][ T5919] usb 5-1: Using ep0 maxpacket: 16
[  930.074750][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  930.089574][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  930.113524][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  930.133822][ T5919] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  930.154628][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  930.187506][T10982] usb 4-1: USB disconnect, device number 38
[  930.194349][T10982] garmin_gps 4-1:0.0: device disconnected
[  930.205391][ T5919] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  930.211563][T16534] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.215404][ T5919] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  930.251196][ T5919] usb 5-1: Manufacturer: syz
[  930.274085][ T5919] usb 5-1: config 0 descriptor??
[  930.276212][T16581] 9pnet_fd: Insufficient options for proto=fd
[  930.330633][T16534] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.459479][T16534] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode
[  930.583083][ T5919] rc_core: IR keymap rc-hauppauge not found
[  930.604606][ T5919] Registered IR keymap rc-empty
[  930.621827][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.231435][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.238851][   T55] Bluetooth: hci5: command tx timeout
[  931.273379][T16534] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.310397][ T5919] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  931.342698][ T5919] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input27
[  931.550229][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.572519][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.628575][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.693654][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.719100][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  931.726161][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  931.782991][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.815351][T16534] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  931.822618][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.832584][T16534] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  931.842819][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.843248][T16534] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  931.860033][T16534] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  931.865952][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.893314][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.930767][ T5919] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  931.973877][ T5919] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  932.006623][ T5919] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  932.016722][T16534] 8021q: adding VLAN 0 to HW filter on device bond0
[  932.043245][ T5919] usb 5-1: USB disconnect, device number 45
[  932.069011][T16534] 8021q: adding VLAN 0 to HW filter on device team0
[  932.092736][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.099946][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  932.170787][T13668] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.178052][T13668] bridge0: port 2(bridge_slave_1) entered forwarding state
[  932.523045][T16611] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2859'.
[  932.539463][T16614] input: syz1 as /devices/virtual/input/input28
[  932.724210][T16534] 8021q: adding VLAN 0 to HW filter on device batadv0
[  932.877039][T16534] veth0_vlan: entered promiscuous mode
[  932.931973][T16534] veth1_vlan: entered promiscuous mode
[  933.044850][ T5919] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  933.089387][T16534] veth0_macvtap: entered promiscuous mode
[  933.156169][T16534] veth1_macvtap: entered promiscuous mode
[  933.234879][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  933.255605][T16534] batman_adv: batadv0: Interface activated: batadv_slave_0
[  933.283947][ T5853] Bluetooth: hci5: command tx timeout
[  933.289481][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  933.304066][T16534] batman_adv: batadv0: Interface activated: batadv_slave_1
[  933.317708][T16534] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  933.326910][T16534] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  933.335949][T16534] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  933.344856][T16534] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  933.371916][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  933.392402][ T5919] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  933.518306][ T5919] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  933.542427][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.547690][T16628] 9pnet_fd: Insufficient options for proto=fd
[  933.557688][ T5919] usb 5-1: Product: syz
[  933.572073][ T5919] usb 5-1: Manufacturer: syz
[  933.582480][ T5919] usb 5-1: SerialNumber: syz
[  933.590221][ T5919] usb 5-1: config 0 descriptor??
[  933.624418][ T5919] garmin_gps 5-1:0.0: Garmin GPS usb/tty converter detected
[  933.641756][ T5919] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  933.659260][ T5919] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  933.668751][ T6380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.693438][ T6380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  933.870654][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.880243][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  934.876923][T16639] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2868'.
[  934.886961][T16639] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2868'.
[  935.034588][T16639] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  935.371883][ T5853] Bluetooth: hci5: command tx timeout
[  935.528157][T16662] 9pnet_fd: Insufficient options for proto=fd
[  935.804285][T14574] usb 5-1: USB disconnect, device number 46
[  935.811096][T14574] garmin_gps 5-1:0.0: device disconnected
[  935.884670][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  935.954512][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  935.968692][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  935.978905][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  935.988746][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  935.996304][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  936.330758][T16667] lo speed is unknown, defaulting to 1000
[  936.342526][   T25] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  936.510443][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.813965][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.832885][   T25] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  936.852420][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.913494][   T25] usb 4-1: config 0 descriptor??
[  937.025722][T16677] FAULT_INJECTION: forcing a failure.
[  937.025722][T16677] name failslab, interval 1, probability 0, space 0, times 0
[  937.064842][T16677] CPU: 0 UID: 0 PID: 16677 Comm: syz.1.2883 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  937.075309][T16677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  937.085391][T16677] Call Trace:
[  937.088691][T16677]  <TASK>
[  937.091644][T16677]  dump_stack_lvl+0x241/0x360
[  937.096355][T16677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  937.101582][T16677]  ? __pfx__printk+0x10/0x10
[  937.106200][T16677]  ? kmem_cache_alloc_lru_noprof+0x4d/0x390
[  937.112131][T16677]  ? __pfx___might_resched+0x10/0x10
[  937.117450][T16677]  should_fail_ex+0x3b0/0x4e0
[  937.122153][T16677]  should_failslab+0xac/0x100
[  937.126856][T16677]  ? __d_alloc+0x31/0x700
[  937.131233][T16677]  kmem_cache_alloc_lru_noprof+0x75/0x390
[  937.136980][T16677]  __d_alloc+0x31/0x700
[  937.141158][T16677]  d_alloc_parallel+0xdf/0x1600
[  937.146032][T16677]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  937.152050][T16677]  ? __d_lookup+0x64/0x7b0
[  937.156488][T16677]  ? __d_lookup+0x64/0x7b0
[  937.160910][T16677]  ? __pfx_d_alloc_parallel+0x10/0x10
[  937.166281][T16677]  ? __d_lookup+0x706/0x7b0
[  937.170778][T16677]  ? mnt_get_write_access+0x68/0x2b0
[  937.176078][T16677]  path_openat+0x9e6/0x3590
[  937.180600][T16677]  ? __pfx_path_openat+0x10/0x10
[  937.185552][T16677]  do_filp_open+0x27f/0x4e0
[  937.190056][T16677]  ? __pfx_do_filp_open+0x10/0x10
[  937.195075][T16677]  ? do_raw_spin_lock+0x14f/0x370
[  937.200128][T16677]  do_sys_openat2+0x13e/0x1d0
[  937.204814][T16677]  ? __pfx_do_sys_openat2+0x10/0x10
[  937.210025][T16677]  __x64_sys_openat+0x247/0x2a0
[  937.214877][T16677]  ? __pfx___x64_sys_openat+0x10/0x10
[  937.220252][T16677]  ? exc_page_fault+0x590/0x8c0
[  937.225113][T16677]  ? do_syscall_64+0xb6/0x230
[  937.229792][T16677]  do_syscall_64+0xf3/0x230
[  937.234299][T16677]  ? clear_bhb_loop+0x35/0x90
[  937.238972][T16677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  937.244870][T16677] RIP: 0033:0x7f4d29b7d1b0
[  937.249287][T16677] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44
[  937.268890][T16677] RSP: 002b:00007f4d2aa52b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  937.277307][T16677] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4d29b7d1b0
[  937.285283][T16677] RDX: 0000000000000002 RSI: 00007f4d2aa52c10 RDI: 00000000ffffff9c
[  937.293247][T16677] RBP: 00007f4d2aa52c10 R08: 0000000000000000 R09: 0000000000000000
[  937.301216][T16677] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  937.309178][T16677] R13: 0000000000000000 R14: 00007f4d29d35fa0 R15: 00007fffd81355f8
[  937.317162][T16677]  </TASK>
[  937.330419][   T25] hid (null): bogus close delimiter
[  937.392408][ T5919] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  937.497152][T16667] chnl_net:caif_netlink_parms(): no params data found
[  937.536635][   T25] usb 4-1: language id specifier not provided by device, defaulting to English
[  937.564180][ T5919] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[  937.576471][ T5919] usb 5-1: config 0 has no interface number 0
[  937.584802][ T5919] usb 5-1: New USB device found, idVendor=0733, idProduct=0401, bcdDevice=ad.7d
[  937.608265][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  937.646074][ T5919] usb 5-1: config 0 descriptor??
[  937.731459][T16667] bridge0: port 1(bridge_slave_0) entered blocking state
[  937.751518][T16667] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.769669][T16667] bridge_slave_0: entered allmulticast mode
[  937.794296][T16667] bridge_slave_0: entered promiscuous mode
[  937.826621][T16667] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.840800][ T5919] gspca_main: spca501-2.14.0 probing 0733:0401
[  937.855627][T16667] bridge0: port 2(bridge_slave_1) entered disabled state
[  937.872869][T16667] bridge_slave_1: entered allmulticast mode
[  937.889187][T16667] bridge_slave_1: entered promiscuous mode
[  937.958730][T16667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  937.989593][T16667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  938.083337][   T55] Bluetooth: hci1: command tx timeout
[  938.100990][T16667] team0: Port device team_slave_0 added
[  938.125043][T16667] team0: Port device team_slave_1 added
[  938.144580][   T25] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0012/input/input29
[  938.215346][   T25] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0012/input/input30
[  938.853796][   T25] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0012/input/input31
[  938.876118][T16667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  938.894762][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  938.984336][   T25] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0012/input/input32
[  939.007050][   T25] uclogic 0003:256C:006D.0012: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[  939.019045][T16667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  939.021357][   T25] usb 4-1: USB disconnect, device number 39
[  939.058005][T16667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  939.087125][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  939.125289][T16667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  939.167298][ T5919] gspca_spca501: reg write: error -71
[  939.174715][ T5919] spca501 5-1:0.255: Reg write failed for 0x00,0x00,0x05
[  939.188752][ T5919] spca501 5-1:0.255: probe with driver spca501 failed with error -22
[  939.226730][ T5919] usb 5-1: USB disconnect, device number 47
[  939.282062][T16707] netlink: 'syz.3.2889': attribute type 10 has an invalid length.
[  939.290108][T16707] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2889'.
[  939.415911][T16702] pimreg: entered allmulticast mode
[  939.431887][T16707] bridge0: port 1(macvlan1) entered blocking state
[  939.440094][T16707] bridge0: port 1(macvlan1) entered disabled state
[  939.449037][T16707] macvlan1: entered allmulticast mode
[  939.454684][T16707] veth1_vlan: entered allmulticast mode
[  939.483084][T16707] macvlan1: entered promiscuous mode
[  939.504127][T16707] bridge0: port 1(macvlan1) entered blocking state
[  939.510857][T16707] bridge0: port 1(macvlan1) entered forwarding state
[  939.550744][T16667] hsr_slave_0: entered promiscuous mode
[  939.732411][T16667] hsr_slave_1: entered promiscuous mode
[  939.810821][T16667] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  939.888951][T16667] Cannot create hsr debugfs directory
[  939.996312][T16717] FAULT_INJECTION: forcing a failure.
[  939.996312][T16717] name failslab, interval 1, probability 0, space 0, times 0
[  940.023063][T16717] CPU: 0 UID: 0 PID: 16717 Comm: syz.4.2892 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  940.028051][T16719] 9pnet_fd: Insufficient options for proto=fd
[  940.033508][T16717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  940.033546][T16717] Call Trace:
[  940.033555][T16717]  <TASK>
[  940.033564][T16717]  dump_stack_lvl+0x241/0x360
[  940.033597][T16717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  940.033619][T16717]  ? __pfx__printk+0x10/0x10
[  940.033643][T16717]  ? fs_reclaim_acquire+0x93/0x130
[  940.033666][T16717]  ? __pfx___might_resched+0x10/0x10
[  940.033692][T16717]  should_fail_ex+0x3b0/0x4e0
[  940.033719][T16717]  should_failslab+0xac/0x100
[  940.033741][T16717]  __kmalloc_noprof+0xdd/0x4c0
[  940.033760][T16717]  ? kstrtouint_from_user+0x128/0x190
[  940.033777][T16717]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  940.106148][T16717]  tomoyo_realpath_from_path+0xcf/0x5e0
[  940.111749][T16717]  tomoyo_path_number_perm+0x236/0x860
[  940.117241][T16717]  ? __lock_acquire+0x1397/0x2100
[  940.122304][T16717]  ? tomoyo_path_number_perm+0x206/0x860
[  940.122424][ T5919] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  940.127949][T16717]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  940.128016][T16717]  ? __fget_files+0x2a/0x410
[  940.146143][T16717]  ? __fget_files+0x2a/0x410
[  940.150768][T16717]  security_file_ioctl+0xc6/0x2a0
[  940.155832][T16717]  __se_sys_ioctl+0x46/0x170
[  940.160456][T16717]  do_syscall_64+0xf3/0x230
[  940.164986][T16717]  ? clear_bhb_loop+0x35/0x90
[  940.169684][T16717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.175605][T16717] RIP: 0033:0x7f58bd37e819
[  940.180040][T16717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  940.199675][T16717] RSP: 002b:00007f58be15d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  940.208126][T16717] RAX: ffffffffffffffda RBX: 00007f58bd535fa0 RCX: 00007f58bd37e819
[  940.216128][T16717] RDX: 0000000020000000 RSI: 0000000080047456 RDI: 0000000000000003
[  940.224216][T16717] RBP: 00007f58be15d090 R08: 0000000000000000 R09: 0000000000000000
[  940.232228][T16717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  940.240227][T16717] R13: 0000000000000000 R14: 00007f58bd535fa0 R15: 00007ffd557de2f8
[  940.248248][T16717]  </TASK>
[  940.252724][   T55] Bluetooth: hci1: command tx timeout
[  940.252993][T16717] ERROR: Out of memory at tomoyo_realpath_from_path.
[  940.294452][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  940.318388][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  940.330812][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  940.343425][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  940.359137][ T5919] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  940.368578][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.376687][ T5919] usb 2-1: Product: syz
[  940.381047][ T5919] usb 2-1: Manufacturer: syz
[  940.412537][ T5919] usb 2-1: SerialNumber: syz
[  940.426724][ T5919] usb 2-1: config 0 descriptor??
[  940.464270][ T5919] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected
[  940.484664][ T5919] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  940.501127][ T5919] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  940.541325][T16724] 9pnet_fd: Insufficient options for proto=fd
[  940.541431][T16725] FAULT_INJECTION: forcing a failure.
[  940.541431][T16725] name failslab, interval 1, probability 0, space 0, times 0
[  940.640966][T16725] CPU: 0 UID: 0 PID: 16725 Comm: syz.4.2896 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  940.651444][T16725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  940.661533][T16725] Call Trace:
[  940.664841][T16725]  <TASK>
[  940.667792][T16725]  dump_stack_lvl+0x241/0x360
[  940.672509][T16725]  ? __pfx_dump_stack_lvl+0x10/0x10
[  940.677761][T16725]  ? __pfx__printk+0x10/0x10
[  940.682379][T16725]  ? kmem_cache_alloc_noprof+0x48/0x380
[  940.687945][T16725]  ? __pfx___might_resched+0x10/0x10
[  940.693267][T16725]  should_fail_ex+0x3b0/0x4e0
[  940.697976][T16725]  should_failslab+0xac/0x100
[  940.702672][T16725]  ? security_file_alloc+0x32/0x310
[  940.707893][T16725]  kmem_cache_alloc_noprof+0x70/0x380
[  940.713289][T16725]  security_file_alloc+0x32/0x310
[  940.718338][T16725]  init_file+0x91/0x280
[  940.722514][T16725]  alloc_empty_file+0xb8/0x1d0
[  940.727306][T16725]  path_openat+0x107/0x3590
[  940.731841][T16725]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  940.737858][T16725]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  940.744216][T16725]  ? do_raw_spin_unlock+0x13c/0x8b0
[  940.749443][T16725]  ? finish_task_switch+0x1e5/0x870
[  940.754667][T16725]  ? lockdep_hardirqs_on+0x99/0x150
[  940.759873][T16725]  ? __pfx_path_openat+0x10/0x10
[  940.764813][T16725]  ? __schedule+0x1803/0x4be0
[  940.769497][T16725]  do_filp_open+0x27f/0x4e0
[  940.774001][T16725]  ? __pfx_do_filp_open+0x10/0x10
[  940.779034][T16725]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  940.785010][T16725]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  940.791332][T16725]  ? alloc_bprm+0xac/0xe20
[  940.795754][T16725]  alloc_bprm+0x178/0xe20
[  940.800105][T16725]  ? lockdep_hardirqs_on+0x99/0x150
[  940.805326][T16725]  ? __pfx_alloc_bprm+0x10/0x10
[  940.810195][T16725]  ? __phys_addr_symbol+0x2f/0x70
[  940.815239][T16725]  ? __check_object_size+0x48e/0x900
[  940.820548][T16725]  ? __might_fault+0xc6/0x120
[  940.825244][T16725]  do_execveat_common+0x18c/0x6f0
[  940.830285][T16725]  __x64_sys_execveat+0xc4/0xe0
[  940.835144][T16725]  do_syscall_64+0xf3/0x230
[  940.839653][T16725]  ? clear_bhb_loop+0x35/0x90
[  940.844351][T16725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.850257][T16725] RIP: 0033:0x7f58bd37e819
[  940.854672][T16725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  940.874279][T16725] RSP: 002b:00007f58be15d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  940.882736][T16725] RAX: ffffffffffffffda RBX: 00007f58bd535fa0 RCX: 00007f58bd37e819
[  940.890708][T16725] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  940.898675][T16725] RBP: 00007f58be15d090 R08: 0000000000001000 R09: 0000000000000000
[  940.906651][T16725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  940.914619][T16725] R13: 0000000000000000 R14: 00007f58bd535fa0 R15: 00007ffd557de2f8
[  940.922596][T16725]  </TASK>
[  942.028974][T16667] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.203944][T16667] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.314057][T16740] netlink: 'syz.4.2902': attribute type 1 has an invalid length.
[  942.322945][   T55] Bluetooth: hci1: command tx timeout
[  942.364203][T16667] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.526046][T16667] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.759265][T16667] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  942.789143][T16667] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  942.827180][T16667] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  942.855733][T16667] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  942.865423][T14574] usb 2-1: USB disconnect, device number 42
[  942.882514][T14574] garmin_gps 2-1:0.0: device disconnected
[  942.970431][T16749] 9pnet_fd: Insufficient options for proto=fd
[  943.002026][T16667] 8021q: adding VLAN 0 to HW filter on device bond0
[  943.027590][T16667] 8021q: adding VLAN 0 to HW filter on device team0
[  943.041014][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  943.048183][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  943.070160][ T6380] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.077355][ T6380] bridge0: port 2(bridge_slave_1) entered forwarding state
[  943.162965][T16752] batman_adv: batadv0: Adding interface: dummy0
[  943.172397][ T5919] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  943.203192][T16752] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  943.239841][T16752] batman_adv: batadv0: Interface activated: dummy0
[  943.322968][ T5919] usb 5-1: Using ep0 maxpacket: 16
[  943.336906][ T5919] usb 5-1: config 0 has an invalid interface number: 180 but max is 0
[  943.362421][ T5919] usb 5-1: config 0 has no interface number 0
[  943.368575][ T5919] usb 5-1: config 0 interface 180 has no altsetting 0
[  943.384731][ T5919] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f
[  943.397112][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.407012][ T5919] usb 5-1: Product: syz
[  943.411571][ T5919] usb 5-1: Manufacturer: syz
[  943.419195][ T5919] usb 5-1: SerialNumber: syz
[  943.427757][ T5919] usb 5-1: config 0 descriptor??
[  943.503475][   T25] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  943.534058][T16667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  943.590288][T16667] veth0_vlan: entered promiscuous mode
[  943.604044][T16667] veth1_vlan: entered promiscuous mode
[  943.613596][    T8] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  943.645637][T16667] veth0_macvtap: entered promiscuous mode
[  943.658358][T16667] veth1_macvtap: entered promiscuous mode
[  943.663117][   T25] usb 3-1: Using ep0 maxpacket: 8
[  943.671355][   T25] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  943.679992][T16667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  943.699820][T16667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.705834][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  943.711277][T16667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  943.735308][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.744109][   T25] usb 3-1: Product: syz
[  943.748383][   T25] usb 3-1: Manufacturer: syz
[  943.753982][T16667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  943.762609][   T25] usb 3-1: SerialNumber: syz
[  943.769096][T16667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.770258][T16667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  943.792655][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  943.810035][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  943.827041][    T8] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  943.838559][T16667] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  943.849049][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  943.861121][T16667] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  943.871736][T16667] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  943.884202][    T8] usb 4-1: config 0 descriptor??
[  943.889366][T16667] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  943.999659][ T6380] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.018245][ T6380] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  944.058765][ T6380] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.067706][ T6380] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  944.302524][ T5838] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  944.333768][T16757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  944.342860][T16757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  944.403118][   T55] Bluetooth: hci1: command tx timeout
[  944.486882][ T5838] usb 2-1: Using ep0 maxpacket: 16
[  944.551105][ T5838] usb 2-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de
[  944.574863][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.575335][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  944.583426][ T5838] usb 2-1: Product: syz
[  944.596332][ T5838] usb 2-1: Manufacturer: syz
[  944.601343][ T5838] usb 2-1: SerialNumber: syz
[  944.601390][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  944.608817][ T5838] usb 2-1: config 0 descriptor??
[  944.630077][ T5838] ems_usb 2-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  944.637103][    T8] usb 4-1: USB disconnect, device number 40
[  944.645820][ T5838] ems_usb 2-1:0.0: probe with driver ems_usb failed with error -22
[  944.845593][   T25] cdc_ncm 3-1:1.0: bind() failure
[  944.864103][   T25] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  944.911811][   T25] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  944.923799][   T25] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  944.935588][   T25] usb 3-1: USB disconnect, device number 50
[  945.945894][ T5919] viperboard 5-1:0.180: version 0.00 found at bus 005 address 048
[  945.971921][ T5919] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  945.980842][ T5919] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  945.998089][ T5919] usb 5-1: USB disconnect, device number 48
[  946.014878][T16783] 9pnet_fd: Insufficient options for proto=fd
[  946.303652][   T29] audit: type=1326 audit(1732638912.585:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16797 comm="syz.3.2921" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7239d7e819 code=0x0
[  946.372276][T16801] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  946.383714][T16801] TCP: tcp_parse_options: Illegal window scaling value 16 > 14 received
[  946.721359][T16804] xt_nat: multiple ranges no longer supported
[  947.278288][    T8] usb 2-1: USB disconnect, device number 43
[  947.472656][   T29] audit: type=1326 audit(1732638913.745:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16813 comm="syz.2.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12af17e819 code=0x7ffc0000
[  947.627359][   T29] audit: type=1326 audit(1732638913.745:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16813 comm="syz.2.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12af17e819 code=0x7ffc0000
[  947.652060][   T29] audit: type=1326 audit(1732638913.745:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16813 comm="syz.2.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f12af17e819 code=0x7ffc0000
[  947.693611][   T29] audit: type=1326 audit(1732638913.755:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16813 comm="syz.2.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12af17e819 code=0x7ffc0000
[  949.852378][   T29] audit: type=1326 audit(1732638913.755:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16813 comm="syz.2.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12af17e819 code=0x7ffc0000
[  950.569252][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  950.581623][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  950.591207][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  950.602100][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  950.612834][ T5853] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  950.623089][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  950.695074][T16846] lo speed is unknown, defaulting to 1000
[  950.804321][T16845] bond0: (slave syz_tun): Releasing backup interface
[  950.884596][T16845] team0: Port device bond0 removed
[  950.921936][T16845] macvlan1: left allmulticast mode
[  950.927359][T16845] veth1_vlan: left allmulticast mode
[  950.933484][T16845] macvlan1: left promiscuous mode
[  950.938919][T16845] bridge0: port 1(macvlan1) entered disabled state
[  951.260342][T16846] chnl_net:caif_netlink_parms(): no params data found
[  952.148250][T16846] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.166160][T16846] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.211031][T16846] bridge_slave_0: entered allmulticast mode
[  952.248358][T16846] bridge_slave_0: entered promiscuous mode
[  952.293238][T16846] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.321497][T16846] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.329369][T16846] bridge_slave_1: entered allmulticast mode
[  952.346407][T16846] bridge_slave_1: entered promiscuous mode
[  952.392469][T16846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  952.414846][T16846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  952.522604][ T5838] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  952.549180][T16846] team0: Port device team_slave_0 added
[  952.572212][T16846] team0: Port device team_slave_1 added
[  952.676721][   T55] Bluetooth: hci0: command tx timeout
[  952.735212][T16846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  952.742895][T16846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  952.748473][ T5838] usb 3-1: Using ep0 maxpacket: 8
[  952.770381][T16846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  952.791870][T16846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  952.804666][T16846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  952.831456][ T5838] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  952.854786][T16846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  952.855768][ T5838] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  952.916345][ T5838] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  952.952367][ T5838] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  952.981146][T16846] hsr_slave_0: entered promiscuous mode
[  952.987125][ T5838] usb 3-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00
[  952.987157][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.013124][ T5838] usb 3-1: config 0 descriptor??
[  953.039975][T16846] hsr_slave_1: entered promiscuous mode
[  953.057325][T16846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  953.065101][T16846] Cannot create hsr debugfs directory
[  953.419901][T16846] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.600590][T16906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2951'.
[  954.191150][T16906] bridge0: port 2(bridge_slave_1) entered disabled state
[  954.194454][T16908] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2952'.
[  954.200488][T16906] bridge0: port 1(bridge_slave_0) entered disabled state
[  954.212592][T16908] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2952'.
[  954.227878][T16908] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2952'.
[  954.244887][T16908] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2952'.
[  954.245433][ T5838] apple 0003:05AC:0246.0013: report_id 0 is invalid
[  954.260907][ T5838] apple 0003:05AC:0246.0013: item 0 1 1 8 parsing failed
[  954.268820][ T5838] apple 0003:05AC:0246.0013: parse failed
[  954.274828][ T5838] apple 0003:05AC:0246.0013: probe with driver apple failed with error -22
[  954.412695][T16846] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.553400][T16913] netlink: 'syz.1.2953': attribute type 4 has an invalid length.
[  954.712896][T16846] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.732448][   T55] Bluetooth: hci0: command tx timeout
[  954.887394][T16918] usb usb8: usbfs: process 16918 (syz.2.2943) did not claim interface 0 before use
[  955.504193][T16846] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  956.839090][T16928] fuse: Unknown parameter '00000000000000000000'
[  957.624256][ T5853] Bluetooth: hci0: command tx timeout
[  957.846730][ T5891] usb 3-1: USB disconnect, device number 51
[  958.349591][T16846] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  958.435923][T16846] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  958.496143][T16846] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  958.516646][T16937] FAULT_INJECTION: forcing a failure.
[  958.516646][T16937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  958.522965][T16846] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  958.541739][T16937] CPU: 1 UID: 0 PID: 16937 Comm: syz.0.2961 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  958.552202][T16937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  958.562281][T16937] Call Trace:
[  958.565572][T16937]  <TASK>
[  958.568504][T16937]  dump_stack_lvl+0x241/0x360
[  958.573192][T16937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.578391][T16937]  ? __pfx__printk+0x10/0x10
[  958.582995][T16937]  ? snprintf+0xda/0x120
[  958.587253][T16937]  should_fail_ex+0x3b0/0x4e0
[  958.591935][T16937]  _copy_to_user+0x31/0xb0
[  958.596357][T16937]  simple_read_from_buffer+0xca/0x150
[  958.601736][T16937]  proc_fail_nth_read+0x1e9/0x250
[  958.606757][T16937]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  958.612299][T16937]  ? rw_verify_area+0x55e/0x6f0
[  958.617149][T16937]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  958.622695][T16937]  vfs_read+0x1fc/0xb70
[  958.626857][T16937]  ? do_sock_setsockopt+0x3e2/0x720
[  958.632059][T16937]  ? __pfx_vfs_read+0x10/0x10
[  958.636732][T16937]  ? udpv6_setsockopt+0x73/0xb0
[  958.641592][T16937]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  958.647481][T16937]  ? do_sock_setsockopt+0x3e2/0x720
[  958.652699][T16937]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  958.658245][T16937]  ksys_read+0x18f/0x2b0
[  958.662489][T16937]  ? __pfx_ksys_read+0x10/0x10
[  958.667250][T16937]  ? do_syscall_64+0x100/0x230
[  958.672012][T16937]  ? do_syscall_64+0xb6/0x230
[  958.676689][T16937]  do_syscall_64+0xf3/0x230
[  958.681187][T16937]  ? clear_bhb_loop+0x35/0x90
[  958.685868][T16937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.691773][T16937] RIP: 0033:0x7f8fecb7d25c
[  958.696182][T16937] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  958.715795][T16937] RSP: 002b:00007f8fed93f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  958.724208][T16937] RAX: ffffffffffffffda RBX: 00007f8fecd35fa0 RCX: 00007f8fecb7d25c
[  958.732173][T16937] RDX: 000000000000000f RSI: 00007f8fed93f0a0 RDI: 0000000000000004
[  958.740163][T16937] RBP: 00007f8fed93f090 R08: 0000000000000000 R09: 0000000000000000
[  958.748129][T16937] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  958.756095][T16937] R13: 0000000000000000 R14: 00007f8fecd35fa0 R15: 00007ffdb02fc9b8
[  958.764080][T16937]  </TASK>
[  958.776232][T16948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2963'.
[  958.813598][T16948] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2963'.
[  958.823903][T16948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2963'.
[  958.838580][T16948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2963'.
[  959.033508][T16951] netlink: 'syz.3.2965': attribute type 4 has an invalid length.
[  959.052169][T16846] 8021q: adding VLAN 0 to HW filter on device bond0
[  959.068445][T16846] 8021q: adding VLAN 0 to HW filter on device team0
[  959.088913][ T6380] bridge0: port 1(bridge_slave_0) entered blocking state
[  959.096077][ T6380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  959.121429][ T6380] bridge0: port 2(bridge_slave_1) entered blocking state
[  959.128618][ T6380] bridge0: port 2(bridge_slave_1) entered forwarding state
[  959.331863][T16846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  959.529637][   T29] audit: type=1326 audit(1732638925.805:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16963 comm="syz.3.2968" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7239d7e819 code=0x0
[  959.723450][T16977] netlink: 'syz.3.2968': attribute type 32 has an invalid length.
[  959.731410][T16977] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2968'.
[  959.784721][ T5853] Bluetooth: hci0: command tx timeout
[  960.204222][T16846] veth0_vlan: entered promiscuous mode
[  960.212820][T16846] veth1_vlan: entered promiscuous mode
[  960.280215][T16846] veth0_macvtap: entered promiscuous mode
[  960.309433][T16846] veth1_macvtap: entered promiscuous mode
[  960.338402][T16846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.419434][T16846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.429762][T16846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.442596][T16846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.453997][T16846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  960.637087][T16987] binder: 16982:16987 ioctl c0306201 0 returned -14
[  961.161435][T16846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  961.316524][T16846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  961.330252][T16846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  961.341092][T16846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  961.353141][T16846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  961.364247][T16846] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  961.373341][T16846] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  961.382693][T16846] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  961.391424][T16846] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  961.681576][   T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  961.708667][   T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  961.740490][T16997] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2976'.
[  961.919489][T17003] FAULT_INJECTION: forcing a failure.
[  961.919489][T17003] name failslab, interval 1, probability 0, space 0, times 0
[  961.932376][T17003] CPU: 1 UID: 0 PID: 17003 Comm: syz.2.2974 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  961.942810][T17003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  961.952882][T17003] Call Trace:
[  961.956171][T17003]  <TASK>
[  961.959111][T17003]  dump_stack_lvl+0x241/0x360
[  961.963815][T17003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  961.969042][T17003]  ? __pfx__printk+0x10/0x10
[  961.973664][T17003]  should_fail_ex+0x3b0/0x4e0
[  961.978365][T17003]  should_failslab+0xac/0x100
[  961.983056][T17003]  __kmalloc_noprof+0xdd/0x4c0
[  961.987848][T17003]  ? lockdep_hardirqs_on+0x99/0x150
[  961.993068][T17003]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  961.998812][T17003]  tomoyo_realpath_from_path+0xcf/0x5e0
[  962.004388][T17003]  tomoyo_path_number_perm+0x236/0x860
[  962.009862][T17003]  ? __lock_acquire+0x1397/0x2100
[  962.014902][T17003]  ? tomoyo_path_number_perm+0x206/0x860
[  962.020554][T17003]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  962.026590][T17003]  ? __fget_files+0x2a/0x410
[  962.031194][T17003]  ? __fget_files+0x2a/0x410
[  962.035889][T17003]  security_file_ioctl+0xc6/0x2a0
[  962.040938][T17003]  __se_sys_ioctl+0x46/0x170
[  962.045553][T17003]  do_syscall_64+0xf3/0x230
[  962.050075][T17003]  ? clear_bhb_loop+0x35/0x90
[  962.054766][T17003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.060673][T17003] RIP: 0033:0x7f12af17e819
[  962.065105][T17003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  962.084983][T17003] RSP: 002b:00007f12affb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  962.093446][T17003] RAX: ffffffffffffffda RBX: 00007f12af336160 RCX: 00007f12af17e819
[  962.101440][T17003] RDX: 0000000020000100 RSI: 00000000c0606610 RDI: 0000000000000008
[  962.109430][T17003] RBP: 00007f12affb1090 R08: 0000000000000000 R09: 0000000000000000
[  962.117416][T17003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.125399][T17003] R13: 0000000000000000 R14: 00007f12af336160 R15: 00007ffd01136c88
[  962.133403][T17003]  </TASK>
[  962.137088][T17003] ERROR: Out of memory at tomoyo_realpath_from_path.
[  962.179779][T16997] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2976'.
[  962.212798][T16997] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2976'.
[  962.249461][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  962.271393][T16997] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2976'.
[  962.276936][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  962.537638][T17007] netlink: 'syz.2.2977': attribute type 4 has an invalid length.
[  964.493100][T17034] FAULT_INJECTION: forcing a failure.
[  964.493100][T17034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  964.506352][T17034] CPU: 0 UID: 0 PID: 17034 Comm: syz.0.2982 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[  964.516785][T17034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  964.526851][T17034] Call Trace:
[  964.530184][T17034]  <TASK>
[  964.533133][T17034]  dump_stack_lvl+0x241/0x360
[  964.537851][T17034]  ? __pfx_dump_stack_lvl+0x10/0x10
[  964.543091][T17034]  ? __pfx__printk+0x10/0x10
[  964.547715][T17034]  ? __pfx_lock_release+0x10/0x10
[  964.552775][T17034]  should_fail_ex+0x3b0/0x4e0
[  964.557573][T17034]  _copy_from_user+0x2f/0xc0
[  964.562201][T17034]  __sys_bpf+0x1a4/0x810
[  964.566542][T17034]  ? __pfx___sys_bpf+0x10/0x10
[  964.571350][T17034]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  964.577366][T17034]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  964.583725][T17034]  ? do_syscall_64+0x100/0x230
[  964.588534][T17034]  __x64_sys_bpf+0x7c/0x90
[  964.592990][T17034]  do_syscall_64+0xf3/0x230
[  964.597525][T17034]  ? clear_bhb_loop+0x35/0x90
[  964.602235][T17034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.608163][T17034] RIP: 0033:0x7f8fecb7e819
[  964.612607][T17034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  964.632238][T17034] RSP: 002b:00007f8fed8fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  964.640685][T17034] RAX: ffffffffffffffda RBX: 00007f8fecd36160 RCX: 00007f8fecb7e819
[  964.648687][T17034] RDX: 0000000000000028 RSI: 0000000020000000 RDI: 0000000000000012
[  964.656685][T17034] RBP: 00007f8fed8fd090 R08: 0000000000000000 R09: 0000000000000000
[  964.664684][T17034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  964.672689][T17034] R13: 0000000000000000 R14: 00007f8fecd36160 R15: 00007ffdb02fc9b8
[  964.680714][T17034]  </TASK>
[  964.683859][    C0] vkms_vblank_simulate: vblank timer overrun
[  966.141821][T17051] MTD: Couldn't look up './file0': -15
[  966.183885][T17052] binder: 17048:17052 ioctl c0306201 0 returned -14
[  966.220743][T17051] bridge_slave_1: left allmulticast mode
[  966.232367][T17051] bridge_slave_1: left promiscuous mode
[  966.253116][T17051] bridge0: port 2(bridge_slave_1) entered disabled state
[  966.383029][T17051] bridge_slave_0: left allmulticast mode
[  966.396902][T17051] bridge_slave_0: left promiscuous mode
[  966.422940][T17051] bridge0: port 1(bridge_slave_0) entered disabled state
[  966.921365][T17061] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2989'.
[  966.961413][T17061] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2989'.
[  967.032364][T17061] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2989'.
[  967.041384][T17061] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2989'.
[  968.029995][T17073] netlink: 'syz.1.2994': attribute type 4 has an invalid length.
[  968.680933][T17082] netlink: 'syz.0.2995': attribute type 10 has an invalid length.
[  968.689220][T17082] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2995'.
[  968.699653][T17082] bridge0: port 3(macvlan1) entered blocking state
[  968.707106][T17082] bridge0: port 3(macvlan1) entered disabled state
[  968.714492][T17082] macvlan1: entered allmulticast mode
[  968.719932][T17082] veth1_vlan: entered allmulticast mode
[  968.726886][T17082] macvlan1: entered promiscuous mode
[  968.773090][T17082] bridge0: port 3(macvlan1) entered blocking state
[  968.781241][T17082] bridge0: port 3(macvlan1) entered forwarding state
[  969.573295][T17099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3001'.
[  969.593718][T17099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3001'.
[  969.614928][T17099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3001'.
[  970.274891][T17099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3001'.
[  970.284453][T17107] kvm: apic: phys broadcast and lowest prio
[  970.552773][T17118] binder: 17113:17118 ioctl c0306201 0 returned -14
[  971.020441][T17127] netlink: 'syz.3.3009': attribute type 4 has an invalid length.
[  971.222581][    T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  972.163128][    T8] usb 5-1: device descriptor read/64, error -71
[  972.512351][    T8] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  972.645902][    T8] usb 5-1: device descriptor read/64, error -71
[  972.752893][    T8] usb usb5-port1: attempt power cycle
[  972.753720][T17156] netlink: 'syz.1.3024': attribute type 4 has an invalid length.
[  972.791610][T17156] netlink: 'syz.1.3024': attribute type 4 has an invalid length.
[  973.103860][    T8] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  973.231678][    T8] usb 5-1: device descriptor read/8, error -71
[  973.730013][    T8] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  973.956026][    T8] usb 5-1: device descriptor read/8, error -71
[  974.198302][T17172] 9pnet_fd: Insufficient options for proto=fd
[  974.303501][    T8] usb usb5-port1: unable to enumerate USB device
[  974.571470][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  974.585640][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  974.595392][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  974.605651][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  974.613385][   T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  974.625308][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  974.737797][T17168] lo speed is unknown, defaulting to 1000
[  974.788617][T17178] binder: 17176:17178 ioctl c0306201 0 returned -14
[ 1080.152207][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1080.159200][    C1] rcu: 	0-...!: (0 ticks this GP) idle=c634/1/0x4000000000000000 softirq=58697/58697 fqs=1
[ 1080.170853][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=56709, q=212 ncpus=2)
[ 1080.178595][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1080.178639][    C0] NMI backtrace for cpu 0
[ 1080.178654][    C0] CPU: 0 UID: 0 PID: 17168 Comm: syz-executor Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[ 1080.178672][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1080.178683][    C0] RIP: 0010:taprio_set_budgets+0x234/0x370
[ 1080.178711][    C0] Code: 00 4c 89 f7 be 04 00 00 00 e8 d8 7c 31 f8 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 31 41 89 2e <4c> 39 64 24 20 0f 84 e8 00 00 00 e8 fc bc c9 f7 49 83 c5 08 48 83
[ 1080.178725][    C0] RSP: 0018:ffffc90000007c10 EFLAGS: 00000046
[ 1080.178741][    C0] RAX: 0000000000000000 RBX: ffff888025214800 RCX: dffffc0000000000
[ 1080.178753][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888025214884
[ 1080.178763][    C0] RBP: 000000007fffffff R08: ffff888025214887 R09: 1ffff11004a42910
[ 1080.178775][    C0] R10: dffffc0000000000 R11: ffffed1004a42911 R12: 0000000000000004
[ 1080.178786][    C0] R13: ffff888025214808 R14: ffff888025214884 R15: 0000000000000001
[ 1080.178798][    C0] FS:  0000555561f31500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1080.178813][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1080.178824][    C0] CR2: 000000110c3793ad CR3: 000000006cfd8000 CR4: 00000000003526f0
[ 1080.178838][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1080.178848][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1080.178859][    C0] Call Trace:
[ 1080.178866][    C0]  <NMI>
[ 1080.178874][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1080.178893][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1080.178912][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1080.178927][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1080.178950][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1080.178971][    C0]  ? nmi_handle+0x14f/0x5a0
[ 1080.178986][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1080.179003][    C0]  ? taprio_set_budgets+0x234/0x370
[ 1080.179018][    C0]  ? default_do_nmi+0x63/0x160
[ 1080.179034][    C0]  ? exc_nmi+0x123/0x1f0
[ 1080.179050][    C0]  ? end_repeat_nmi+0xf/0x53
[ 1080.179069][    C0]  ? taprio_set_budgets+0x234/0x370
[ 1080.179085][    C0]  ? taprio_set_budgets+0x234/0x370
[ 1080.179101][    C0]  ? taprio_set_budgets+0x234/0x370
[ 1080.179117][    C0]  </NMI>
[ 1080.179122][    C0]  <IRQ>
[ 1080.179132][    C0]  advance_sched+0x98d/0xca0
[ 1080.179153][    C0]  ? __pfx_advance_sched+0x10/0x10
[ 1080.179168][    C0]  __hrtimer_run_queues+0x59b/0xd50
[ 1080.179195][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1080.179212][    C0]  ? sched_clock+0x4a/0x70
[ 1080.179232][    C0]  ? read_tsc+0x9/0x20
[ 1080.179249][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[ 1080.179269][    C0]  hrtimer_interrupt+0x403/0xa40
[ 1080.179297][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1080.179316][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1080.179334][    C0]  </IRQ>
[ 1080.179340][    C0]  <TASK>
[ 1080.179346][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1080.179367][    C0] RIP: 0010:unwind_next_frame+0x111/0x22d0
[ 1080.179383][    C0] Code: 0f b6 04 20 84 c0 0f 85 c7 19 00 00 f6 03 03 0f 85 35 18 00 00 48 89 6c 24 50 49 8d 6d 35 48 89 e8 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 b8 19 00 00 4c 0f be 7d 00 48 8b 44 24
[ 1080.179396][    C0] RSP: 0018:ffffc90004c5f2d0 EFLAGS: 00000a03
[ 1080.179409][    C0] RAX: 1ffff9200098be7a RBX: 0000000000000000 RCX: ffffffff8bd37600
[ 1080.179420][    C0] RDX: dffffc0000000000 RSI: ffffffff898fc8ff RDI: ffffffff81421930
[ 1080.179432][    C0] RBP: ffffc90004c5f3d5 R08: 000000000000000a R09: ffffc90004c5f490
[ 1080.179444][    C0] R10: ffffc90004c5f3f0 R11: ffffffff81819f40 R12: dffffc0000000000
[ 1080.179455][    C0] R13: ffffc90004c5f3a0 R14: ffffffff898fc8ff R15: 0000000000000000
[ 1080.179468][    C0]  ? copy_net_ns+0x33f/0x570
[ 1080.179487][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1080.179509][    C0]  ? queued_write_lock_slowpath+0x370/0x44a
[ 1080.179528][    C0]  ? copy_net_ns+0x33f/0x570
[ 1080.179544][    C0]  ? unwind_next_frame+0xb0/0x22d0
[ 1080.179565][    C0]  ? setup_net+0x287/0x9e0
[ 1080.179584][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1080.179604][    C0]  arch_stack_walk+0x11c/0x150
[ 1080.179624][    C0]  ? copy_net_ns+0x33f/0x570
[ 1080.179643][    C0]  stack_trace_save+0x118/0x1d0
[ 1080.179662][    C0]  ? __kernel_text_address+0xd/0x40
[ 1080.179680][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1080.179704][    C0]  ? arch_stack_walk+0xfd/0x150
[ 1080.179726][    C0]  kasan_save_track+0x3f/0x80
[ 1080.179745][    C0]  ? kasan_save_track+0x3f/0x80
[ 1080.179762][    C0]  ? __kasan_kmalloc+0x98/0xb0
[ 1080.179781][    C0]  ? __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 1080.179798][    C0]  ? kvasprintf+0xdf/0x190
[ 1080.179816][    C0]  ? kasprintf+0xd5/0x120
[ 1080.179832][    C0]  ? alloc_workqueue+0x121/0x210
[ 1080.179849][    C0]  ? tipc_crypto_start+0xd2/0x620
[ 1080.179863][    C0]  ? tipc_init_net+0x211/0x330
[ 1080.179881][    C0]  ? ops_init+0x31e/0x590
[ 1080.179898][    C0]  ? setup_net+0x287/0x9e0
[ 1080.179915][    C0]  ? copy_net_ns+0x33f/0x570
[ 1080.179951][    C0]  __kasan_kmalloc+0x98/0xb0
[ 1080.179972][    C0]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 1080.179989][    C0]  ? kasprintf+0xd5/0x120
[ 1080.180009][    C0]  kvasprintf+0xdf/0x190
[ 1080.180029][    C0]  ? __pfx_kvasprintf+0x10/0x10
[ 1080.180047][    C0]  ? lockdep_unlock+0x16a/0x300
[ 1080.180062][    C0]  ? __pfx_lockdep_unlock+0x10/0x10
[ 1080.180075][    C0]  ? preempt_count_add+0x93/0x190
[ 1080.180098][    C0]  kasprintf+0xd5/0x120
[ 1080.180118][    C0]  ? __pfx_kasprintf+0x10/0x10
[ 1080.180142][    C0]  alloc_workqueue+0x121/0x210
[ 1080.180161][    C0]  ? __pfx_alloc_workqueue+0x10/0x10
[ 1080.180178][    C0]  ? __kasan_kmalloc+0x98/0xb0
[ 1080.180197][    C0]  ? tipc_crypto_start+0x97/0x620
[ 1080.180214][    C0]  tipc_crypto_start+0xd2/0x620
[ 1080.180231][    C0]  tipc_init_net+0x211/0x330
[ 1080.180250][    C0]  ops_init+0x31e/0x590
[ 1080.180269][    C0]  ? lockdep_init_map_type+0xa1/0x910
[ 1080.180287][    C0]  setup_net+0x287/0x9e0
[ 1080.180303][    C0]  ? __pfx_down_read_killable+0x10/0x10
[ 1080.180320][    C0]  ? __pfx_setup_net+0x10/0x10
[ 1080.180343][    C0]  copy_net_ns+0x33f/0x570
[ 1080.180363][    C0]  create_new_namespaces+0x425/0x7b0
[ 1080.180390][    C0]  unshare_nsproxy_namespaces+0x124/0x180
[ 1080.180411][    C0]  ksys_unshare+0x57d/0xa70
[ 1080.180431][    C0]  ? __pfx_ksys_unshare+0x10/0x10
[ 1080.180447][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1080.180464][    C0]  ? do_syscall_64+0x100/0x230
[ 1080.180486][    C0]  __x64_sys_unshare+0x38/0x40
[ 1080.180501][    C0]  do_syscall_64+0xf3/0x230
[ 1080.180519][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1080.180535][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.180554][    C0] RIP: 0033:0x7ff927180017
[ 1080.180569][    C0] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1080.180582][    C0] RSP: 002b:00007ffd25853078 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[ 1080.180598][    C0] RAX: ffffffffffffffda RBX: 00007ff927335f40 RCX: 00007ff927180017
[ 1080.180609][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[ 1080.180619][    C0] RBP: 00007ff927336738 R08: 0000000000000000 R09: 0000000000000000
[ 1080.180630][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008
[ 1080.180640][    C0] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1080.180657][    C0]  </TASK>
[ 1080.181627][    C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g56709 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1080.905382][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1080.915356][    C1] rcu: RCU grace-period kthread stack dump:
[ 1080.921244][    C1] task:rcu_preempt     state:R  running task     stack:26072 pid:17    tgid:17    ppid:2      flags:0x00004000
[ 1080.933013][    C1] Call Trace:
[ 1080.936297][    C1]  <TASK>
[ 1080.939255][    C1]  __schedule+0x17fb/0x4be0
[ 1080.943809][    C1]  ? __pfx___schedule+0x10/0x10
[ 1080.948684][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1080.954255][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1080.960602][    C1]  ? schedule+0x90/0x320
[ 1080.964858][    C1]  schedule+0x14b/0x320
[ 1080.969029][    C1]  schedule_timeout+0x15a/0x290
[ 1080.973892][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1080.979277][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1080.984585][    C1]  ? prepare_to_swait_event+0x330/0x350
[ 1080.990143][    C1]  rcu_gp_fqs_loop+0x2df/0x1330
[ 1080.995022][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1081.000266][    C1]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[ 1081.006189][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1081.011492][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1081.017421][    C1]  ? finish_swait+0xd4/0x1e0
[ 1081.022025][    C1]  rcu_gp_kthread+0xa7/0x3b0
[ 1081.026644][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1081.031855][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1081.037762][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1081.042805][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1081.048012][    C1]  kthread+0x2f0/0x390
[ 1081.052091][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1081.057297][    C1]  ? __pfx_kthread+0x10/0x10
[ 1081.061896][    C1]  ret_from_fork+0x4b/0x80
[ 1081.066317][    C1]  ? __pfx_kthread+0x10/0x10
[ 1081.070919][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1081.075714][    C1]  </TASK>
[ 1081.078740][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1081.085069][    C1] CPU: 1 UID: 0 PID: 17187 Comm: syz.0.3035 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[ 1081.095493][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1081.105569][    C1] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2ca0
[ 1081.112360][    C1] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 36 ea 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 e1 e5 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 c5 e5
[ 1081.131980][    C1] RSP: 0018:ffffc9000b6df600 EFLAGS: 00000246
[ 1081.138063][    C1] RAX: ffffffff8189f70b RBX: 1ffff110170c8c65 RCX: 0000000000080000
[ 1081.146042][    C1] RDX: ffffc9000d21a000 RSI: 000000000007ffff RDI: 0000000000080000
[ 1081.154022][    C1] RBP: ffffc9000b6df800 R08: ffffffff8189f6da R09: 1ffffffff285d310
[ 1081.161999][    C1] R10: dffffc0000000000 R11: fffffbfff285d311 R12: dffffc0000000000
[ 1081.169975][    C1] R13: ffff8880b8646328 R14: ffff8880b873f940 R15: 0000000000000000
[ 1081.177950][    C1] FS:  00007f8fed93f6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1081.186884][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1081.193473][    C1] CR2: 000000110c26a197 CR3: 00000000653f2000 CR4: 00000000003526f0
[ 1081.201453][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1081.209429][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1081.217406][    C1] Call Trace:
[ 1081.220689][    C1]  <IRQ>
[ 1081.223539][    C1]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[ 1081.229886][    C1]  ? print_other_cpu_stall+0x1481/0x15c0
[ 1081.235544][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[ 1081.241358][    C1]  ? cgroup_rstat_updated+0x13b/0xc60
[ 1081.246754][    C1]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[ 1081.253018][    C1]  ? rcu_sched_clock_irq+0xa26/0x10e0
[ 1081.258405][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 1081.264059][    C1]  ? update_process_times+0x242/0x2f0
[ 1081.269446][    C1]  ? tick_nohz_handler+0x37c/0x500
[ 1081.274572][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 1081.280045][    C1]  ? __hrtimer_run_queues+0x551/0xd50
[ 1081.285446][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1081.291175][    C1]  ? read_tsc+0x9/0x20
[ 1081.295257][    C1]  ? ktime_get_update_offsets_now+0x393/0x3b0
[ 1081.301509][    C1]  ? hrtimer_interrupt+0x403/0xa40
[ 1081.306653][    C1]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 1081.312816][    C1]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1081.318630][    C1]  </IRQ>
[ 1081.321565][    C1]  <TASK>
[ 1081.324507][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1081.330678][    C1]  ? smp_call_function_many_cond+0x19da/0x2ca0
[ 1081.336843][    C1]  ? smp_call_function_many_cond+0x1a0b/0x2ca0
[ 1081.343011][    C1]  ? smp_call_function_many_cond+0x19f3/0x2ca0
[ 1081.349182][    C1]  ? tcp_v6_send_response+0x7ae/0x2780
[ 1081.354659][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1081.359702][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1081.364655][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1081.369953][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1081.376291][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1081.381594][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1081.386631][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[ 1081.391761][    C1]  text_poke_bp_batch+0x352/0xb30
[ 1081.396809][    C1]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1081.402805][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1081.407847][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1081.413406][    C1]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 1081.419658][    C1]  ? __jump_label_update+0x379/0x3a0
[ 1081.424956][    C1]  text_poke_finish+0x30/0x50
[ 1081.429642][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1081.435633][    C1]  static_key_slow_inc_cpuslocked+0x80/0xf0
[ 1081.441534][    C1]  static_key_slow_inc+0x1a/0x30
[ 1081.446484][    C1]  tcp_md5_do_add+0x228/0x3c0
[ 1081.451177][    C1]  tcp_v6_parse_md5_keys+0x629/0x8b0
[ 1081.456478][    C1]  ? mark_lock+0x9a/0x360
[ 1081.460819][    C1]  ? __pfx_tcp_v6_parse_md5_keys+0x10/0x10
[ 1081.466634][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.472642][    C1]  ? do_tcp_setsockopt+0x954/0x2540
[ 1081.477868][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1081.483625][    C1]  do_tcp_setsockopt+0x1194/0x2540
[ 1081.488761][    C1]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[ 1081.494242][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1081.499280][    C1]  ? tcp_setsockopt+0x3e/0xf0
[ 1081.503977][    C1]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1081.509885][    C1]  do_sock_setsockopt+0x3af/0x720
[ 1081.514933][    C1]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1081.520522][    C1]  ? __fget_files+0x395/0x410
[ 1081.525220][    C1]  ? __fget_files+0x2a/0x410
[ 1081.529831][    C1]  __x64_sys_setsockopt+0x1ee/0x280
[ 1081.535069][    C1]  do_syscall_64+0xf3/0x230
[ 1081.539600][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1081.544293][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.550203][    C1] RIP: 0033:0x7f8fecb7e819
[ 1081.554637][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1081.574264][    C1] RSP: 002b:00007f8fed93f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1081.582713][    C1] RAX: ffffffffffffffda RBX: 00007f8fecd35fa0 RCX: 00007f8fecb7e819
[ 1081.590712][    C1] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000007
[ 1081.598701][    C1] RBP: 00007f8fecbf175e R08: 00000000000000d8 R09: 0000000000000000
[ 1081.606689][    C1] R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
[ 1081.614667][    C1] R13: 0000000000000000 R14: 00007f8fecd35fa0 R15: 00007ffdb02fc9b8
[ 1081.622664][    C1]  </TASK>