last executing test programs:

1m50.904476619s ago: executing program 1 (id=2):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="34000000120001000000000000000000e0000002000000000000000000000000b4c90537627eeec77e740210da8ee2990000008ce2ac6f3f00000032000c001500000000"], 0x34}}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x1412, 0x10, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r3)
socket$kcm(0x29, 0x2, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000000))

1m49.782432475s ago: executing program 1 (id=14):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
syz_emit_ethernet(0xa4, &(0x7f00000002c0)={@empty, @link_local, @void, {@ipv4={0x800, @generic={{0xd, 0x4, 0x1, 0x2, 0x96, 0x65, 0x0, 0x6, 0x2, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ssrr={0x89, 0x17, 0x29, [@local, @local, @rand_addr=0x64010100, @multicast2, @remote]}, @rr={0x7, 0x7, 0x99, [@rand_addr=0x64010101]}, @end]}}, "948f5c8c3f55b26378149c322976f18ba588dcbe437abab2e0d99b82bd9166316f67b8ef5c451f3af6c04482293bccd0b4b345877be7aed8c6f58db79fee38dfb8a5e005d87074bc3566c01b9d878dc1dce8b02cd27ae49e8a9857c00166aa4a0a5a"}}}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x3, 0x1, 0x0, 0x3}, 0x20)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/dev\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000100)=""/170, 0xaa}], 0x1, 0x1239, 0x4b4a)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001100010100000000fcdbdf2500000000", @ANYRES32, @ANYBLOB="895003000000000008001c00", @ANYRES32, @ANYBLOB='\b'], 0x30}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
r8 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000002c80)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="ec8799852b90091c9a8b6661d307f6", 0xf}], 0x1, 0x0, 0x0, 0xc011}], 0x1, 0x0)
read$alg(r8, &(0x7f0000001400)=""/18, 0x12)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)

1m48.830533607s ago: executing program 1 (id=18):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, &(0x7f00000002c0)=ANY=[@ANYRES16=r0], &(0x7f0000000040)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r5, 0x10c, 0x4, &(0x7f00000018c0), &(0x7f00000079c0)=0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000340)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e24, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}, @in6={0xa, 0x4e24, 0x80, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, @in6={0xa, 0x4e23, 0x9, @local, 0x80}, @in6={0xa, 0x4e21, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, @in6={0xa, 0x4e22, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xce}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e21, @multicast2}]}, &(0x7f0000000440)=0x11)
mkdir(&(0x7f00000009c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000003d0007010000000000000000017c0000040008800c00018006000600800a000008000280040012"], 0x76}}, 0xc000)

1m46.562217728s ago: executing program 1 (id=20):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000010000000080007000000000018000180140002006e657464657673696d300000000000000800060000000000080008"], 0x44}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'})
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f00000005c0)={0x0, 0x2, 0x0, &(0x7f00000001c0)=[{}, {}], 0x2, 0x0, &(0x7f00000004c0)=[{}, {}], 0x2, 0x0, &(0x7f0000000280)=[{}, {}], 0x1, 0x0, &(0x7f00000002c0)=[{}]})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xf, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0xb, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = syz_io_uring_setup(0xd3f, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x220}, &(0x7f0000000700)=<r7=>0x0, &(0x7f00000002c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r6, 0xce3, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r6, 0x4ac9, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000cb37aa0c1fb303758a3e106bc0ff8000b7080000000000007b8af8ff00000000b708001f010000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0d3b5b19afb573ba03e6b1a51a2546b85b5b49aa75caf9061c054b4892677b9c504841bc5cb9510b556eb47d5f4aa1a81a18df184bbbbaf48efd266ce60ea474b7071a80eed8b1ccf2295d2", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020020000000c80900000000060015000200000014001680100008800c000280"], 0x38}}, 0x0)
r10 = semget(0x0, 0x1, 0x400)
semctl$SETALL(r10, 0x0, 0x11, &(0x7f0000000080)=[0x8, 0x40, 0x6, 0x9])
syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing]}}}}}}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5b, 0x57, 0xd5, 0x20, 0xfd9, 0x2c, 0x7101, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xfd, 0x20, 0x0, [{{0x9, 0x4, 0x8c, 0x0, 0x0, 0xf6, 0x7b, 0xbf}}]}}]}}, 0x0)

1m42.645575053s ago: executing program 1 (id=35):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
clock_gettime(0xfffffffffffffff1, &(0x7f0000000000))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x40010, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000280)=0x1001e4d, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000400000000000100000000b69ec0d285738d2303b4c1de009520000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
pwritev2(r1, &(0x7f00000005c0)=[{&(0x7f0000000440)="63c100527be9114b68faaf96648400389894804904a54ddb6631e685add27db7beb85a891f1a77b494f5151ddfaad64a68fe40d5cb4f5dccdb3e", 0x3a}], 0x1, 0x6e45, 0x80, 0x0)
r3 = fanotify_init(0x0, 0x0)
write$binfmt_elf64(r3, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4622"], 0x18)
clock_adjtime(0x0, &(0x7f0000000000)={0x66b6, 0x200000000, 0x3, 0x0, 0x7ff, 0xffffffffffffffff, 0x4000000, 0x0, 0x0, 0x4, 0x0, 0x248a, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x2, 0x1, 0x8000, 0x8})
ioctl$USBDEVFS_REAPURB(r2, 0x4004550c, &(0x7f0000002680))
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYBLOB="8c000000", @ANYRES16=0x0, @ANYBLOB="00022bbd7000ffdbdf25010000000800020007000000080003000200000008000400730090d27155f93f4d55223a788889cd000038000180060001000200", @ANYRES32=0x0, @ANYBLOB="050002000c00000014000400fe8800000000000000000000000001012000018008000300e000000114000400fe8000000000000000000000000000200800020004000000"], 0x8c}, 0x1, 0x0, 0x0, 0xc401}, 0x20000000)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"])
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0xfffffffffffffdaa)
syz_open_procfs(0x0, &(0x7f0000000780)='task\x00')
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil)

1m41.960791762s ago: executing program 1 (id=37):
creat(&(0x7f0000000040)='./bus\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01080000c582b61bdd04878800080103"], 0x2c}}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYBLOB="ff830500000700ffffff", @ANYRES32=r3], 0x4}}, 0x0)
sendfile(r5, r4, 0x0, 0x100000002)

1m25.529526134s ago: executing program 32 (id=37):
creat(&(0x7f0000000040)='./bus\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01080000c582b61bdd04878800080103"], 0x2c}}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYBLOB="ff830500000700ffffff", @ANYRES32=r3], 0x4}}, 0x0)
sendfile(r5, r4, 0x0, 0x100000002)

24.752669022s ago: executing program 5 (id=197):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0xc45, 0x760b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x85}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x7fd, @remote, 0x81}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0x3, [@enum={0x5, 0x6, 0x0, 0x6, 0x4, [{0xe, 0x7f}, {0xd, 0xa45}, {0xa, 0x4}, {0x6}, {0xf, 0x4}, {0x2, 0x4d2}]}, @var={0x4, 0x0, 0x0, 0xe, 0x4, 0x1}, @restrict={0x10, 0x0, 0x0, 0xb, 0x1}, @typedef={0xe, 0x0, 0x0, 0x8, 0x3}, @type_tag={0xb, 0x0, 0x0, 0x12, 0x1}, @int={0x1, 0x0, 0x0, 0x1, 0x0, 0x69, 0x0, 0x47, 0x4}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0xa, 0x1}, {0x3, 0x5}]}]}, {0x0, [0x5f]}}, &(0x7f0000000240)=""/69, 0xb7, 0x45, 0x1, 0x7fffffff, 0x0, @void, @value}, 0x28)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000c000000200001801400020073797a5f74756e00000000000000000008000300030000001400038010000380"], 0x48}}, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)={0x14, 0x1, 0x2, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}}, 0x14}}, 0x880)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r7, @ANYBLOB="080026008f0900000800b7"], 0x50}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x18, &(0x7f0000000440)={0x0, 0x21, 0x85, {0x85, 0xa, "62fe9785d8f2d201a703e47d72a005b7cea16727d1d4cede97965f3de2587774d8029fa9d10b47e356249835a54ad4e3d5c08ba5ba0a78d9b7e5b1fbec62d57262e0ba20670850163c9c42a9fd97b34d82c413c60118ad8a7b46323d1f26171c2585465e3c686fd889c2e4d36a95cd81e8b475156cc3a12565e97e3efb3b2cdf4c339a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

18.226935253s ago: executing program 0 (id=203):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x40043d0d, &(0x7f0000000040)={0x17})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r3, 0x10d, 0xc3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000000440)=""/158, 0x9e)

16.948371384s ago: executing program 5 (id=204):
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x110, 0x3e, 0x8, 0x3f, 0x10, 0x4cc, 0x2533, 0xfc58, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x5, 0x9, 0x40, 0x19, [{{0x9, 0x4, 0xa8, 0x7, 0x1, 0x8, 0x55, 0xfe, 0x98, [], [{{0x9, 0x5, 0x67037027c940c0eb, 0x2, 0x400, 0x2, 0x2, 0x5}}]}}]}}]}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_connect(0x2, 0x3f0, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000072771c40e00500069bf9010203010902de0301000000000904af00100de1130009050900400000b208ab035ac996787ecb440a6cd869ab0f7077064618a072d7bb7916a199dedaf7708866e5233e204dd14444c3ee6b718038526c6bd45123a28131dc5c483de3e462a652473d558e27e67a040b3ce5b78166e74a0f16f9df02be33a9b200b92587ba73bd6c540e25637c4e8e6a381c9d3ee1e8521863c2d3ceb4a3a28d93fec28c8604a378f65ff31e903b4b79031a4301e0244b2ff9f0b469afb99f40f79a6de21f2f29bc61cf090aa1e112da07250101000300090507080800040406b505bce3"], 0x0)
ioctl$EVIOCGABS20(r1, 0x40044591, 0x0)
syz_io_uring_setup(0x2508, &(0x7f0000000340)={0x0, 0x0, 0x10100, 0x0, 0x800000}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x2}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000002000005000000000000000001000000000000000000000000ef"], &(0x7f0000001f40)=""/4089, 0x3e, 0xff9, 0xa, 0x0, 0x0, @void, @value}, 0x28)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x88800, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r4, 0x800c5011, &(0x7f0000000180))

16.755064043s ago: executing program 0 (id=207):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0xdc9c7fdefa656b51, 0xc, 0x2, {0x2}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000100)={0x0, 0xa, 0xf8, "2fc57fc0b0f0bea24069d2686455c14db3ebb0012f20ba898c1b8869e47818e3e83bf0943cc4e7485bdc584a2a6c8b71112cfc95e060086358f44db2dea5f3311a4bf7f8fd150f0fd69724087b8b988a38a7a469836bed8470f83d43b879bdf86d57f499a9b908b22637b4be46d160a37b690c80ad5a6dc1a657383456938d167ac27d62d9b3c6fcb403522ae34bb546ad1d9d42b99cc0617a7497f98dfe8e52c5c74aae58f472bcc094b9cc1d6d96739bb9f8fc5e79ddcc7ad7437da031afbcd935d99f832988c449badaeac4a016681916ac46f641849a378d2bf380e707030556d8c25a36f8d86919e9d90449f7c626622af989fea646"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xd, 0x8034, 0x5, 0xfff9, 0x81, 0x9, 0x3, 0x6e7, 0x9, 0x4, 0x800, 0x8}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x3d}, &(0x7f0000000340)={0x20, 0x83, 0x2}, &(0x7f00000003c0)={0x20, 0x87, 0x2, 0x5}, &(0x7f0000000400)={0x20, 0x89, 0x2, 0x1}})
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x74, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_SYNPROXY={0x44, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7fff}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x61971a93}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xb}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x60fe}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x4)
socket$alg(0x26, 0x5, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e)
ioctl$EVIOCGMASK(r2, 0x5b01, 0x0)

12.731372748s ago: executing program 5 (id=217):
r0 = syz_io_uring_setup(0x295d, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x1}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0)
ioctl$SG_GET_PACK_ID(r3, 0x227c, &(0x7f0000000180))
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r4 = socket$inet6(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="784e8532bc51d9778e4bbb81e255693d2832f3802728ed763aacf318e80e1b19cf30c5f4214185052aab22dea830553c6db324352d6edce6927f9e747f08a659c1365f8b318c734936b24ccb80c8b9892cf2d5f5e6f9bd14951b8dac37e3c51873f21eb6a3d5b0f6852ef05a094926bd00f74ab5d68f2dbec3a6471ec5517ea7973b0eadd203e9d651881048bf4102cc30729aae5c8a1b3a4223a29d92aa550723d99f6596f26bfc66e02de540c397a62d50bb060246300520caddf20ae6701bac03fe94aec0bb32b8ee92dd974bb54ea2ccc2959f4f07e91cb2f22e8e16b11cee681e1f909bc6edfd7d05f7c914a76c9c99879bc728e358d8fcd7e3767117482364ed76b0bd26fca5cc821dfcc0320e2da567cf8e266adcfa020bdc376bb0e3a3cc9725682a957265884a6705f12b04414779837b8fe1ac5457fc005d8609efe3a00007d08ac5a9c7442bbd775f9d7ff490b3fb820e2f4e64c31cfa2101de770ad8d0903c2cf7f907fccfadad58b54d3e76d855ccc9e69fa067578ef929d153e148f0e611a40fe480ee02c2c6880a3ebf78f949e53ffef9aab25fb2816e2933f480d6d60a91c045b70211934ace2695a867eb88d29b2253174baaa56ce64db43e4f5cc822d371c92fd49dec3ac483d904343b3549e529cac2b8be9532f073d7e7c742cf7fa09b030b36671b397e03b9aca2dea714e57b7b429bd064b3c5406b960dfceba3b624c67490309875a87a93250a9113c7e051c506ecb935ed7beef8b644e7725c473250b4b88c78a33c7329ae801e09fed0a408a4e7af19c2fe674b1a56da16c8aad062b00dc84ea79442cfca1645ee35e9bc22ce3199862506cb15cd79c2704c5b86bd992045fe4f8b3e07a9fe59f7b829a232a5fa15b8bcc971857e036afa9651cf114ac34600be4f663f07067e1e55ed8aa1641f6381cb6ce2cb751f032bd6588835acf67ddf7a3af75526ca75bdcfc7a5566044af497610e79987c61d8e5d8292a88107a5b4ee93a34eac880433585092356f76f2633db86b1a1412e10d3932bb7a52d3007dd635bda34a82769e5a9bdade27aed4f9c68f8527924b07749980e1e15c708010274a6c6ebc5213fe31d3bc459051823b7ee6c32797239e40d4821209b498c95080a2ca90c479da86c164304e02a7e71b8f55586292cc9fafa4c5bda285a9de792d6a6a03e5a1f2a13eac02a95f87f13fbfbedc6533b78cf5ac5ce562ef504f95465814f9bb35495196b73780c0a5fc7c6a006ee2d34123c1224d9c08baf0611ba9e7ceb3ccf887e58a78fe236947c4a486c83e49e0070d4fa81a9652e690dcdae169ebd65c281a863905a7ecf9c8f19fe059b2022ef75ab1e9c7c1ad532ff25da12c5e250f601ce95844223310d9959fddc0e684979c6f15d7673512237239b9eb48f72a930e5cc64c382c662db18581eb0069b2242058812f1ae092e139411fc8ec242e8f7dd4da10bcd3f92c0715edf775ffaabd181a36d2a39ceb192e3ebdff02c0c75bd259e725fd4cd5c2722efc41f37ab25706485a265d683c8569c3209a930e05047074b3941f41003d550d923e6dd50110e18d965763727739902067e73a520270c5cb53d6fd22ec4ea8853d113451cb3da2a7a698c807ec394c1da0b9de2a1d62f24a2292c65640ef6a0924191133e80aa60e4f8f5adbae3131956b38c997085f25f54338653d65847f1602e1ad7eb9501f9867e1bfc2410c3fc6402a1f605c0088ef13db8cf967a868e7ae2713b1dc297a5ab33b27566df656d954ee44ffed8a15bac40262099a3287f40425cd146c4a9639321fd46dd85dab9000bce3558f7c99de2849d57041d79082b82faf85abf5ac0c325ca3645500d2bb04809ac3ab33c24b738765d80c610c917b756a1cd4da3ce0921ae1789ea8c3f00532fe97c435cda5a2f5013b90ea596389af1fbba1510ce50d3476019d70be6634ddabdc925324e0bf6914a803c9bccb9f4daa61e9250e05a0d6e906d68418f906dfdcc416441828680bc9160a932168adf51240bce901a1eee84f69dce9cee3378f8414188afc484cfb92043b352271552a152ecac0ec1ba19f1dc72db5d4155d5bf6a63aee9a702f1e194082e609bb30419901349d244a11617795b4580a849196f5c67ed4b060e42b394bbfb4bbfa601d2c8ddff5986563df99b5f02a0f61d56d11a47095651d7337c7c167a04e4a71596fe58486d74bc8ef0a82c370c9ed24e58ed5950b119664767fd6742e967199c4671f5b48a2d723dabc77fc7f9ac57cc36d95b0e336032ccb4647a5502e44db059bb0bce58e4ed4bdd6931cc92c782c75d44d4a1f25e6f6ca076f2ea586ac5daadc5599aa6e5bb26206ffc1310779cba10d72bdbb7ef62b9d22bec948b2153afa5a8e1c1d8d724fc673069c74564102400417452c5eb5350e2a50a732f76122a5648525fa1793a0af6e0a3dcb568a598f7c179e908b40f19fc10a16d53b112692adc1e4dc954009f726057acf04a9740f6bb66327e746dcd7b8b8851e622f9da2c9ddd124e300f03f07e77cf04a263329b435ed04eadb9dc91cfe396f41114283eccbf58f2dccfe32f908cea6678f7490bacbe60c75eb2754e9722b2c58771537966bfe1066c4d28bcceccdca07eb60ddc355aa710266da85e456aa83739fea4ad7dadf461c682201391fa550e12e01be5a2a2c55c3b697aa2e176aad4be5a8dbfb8043f72c5743992e5c7000608a2cf86d88885bf6e1e2173b1361cec282ef35bde24cf99c11110c16c1678c38b74738911ec3eac23067500103f0f5d7dff122fca66852126ce9ac10c7c065992b3fcd81f7d94adad6fcb45872d3fa97f5d704f1653dad962c16daa6978e2fcf41f10257c306fc05fe4cd20e30989b37b19e874f27a065c8d62f2b4194a1540199be22b7e267ce6d2ffc8243421d9f629f5048587ff5d91f8c7bbb9049b40d859e6d382926ba8f005deb18727cefd76198d00d92ef680b56864c9eea9dca35b0e90d0afe1440af704bf00bd68ca088c568088d6aa34a42d66645743ad481b9e5490cfcee486f456490a0e9c3a0bff49b528871a4dfb104a18ba6a22df288349b6fca36b1908c548e90cec26fa28a0772fa4e9418c8d02a3319bc9e8f3892fc933f465ccb6ec683fdc9dd5854bb1295d114bde2e84d04513897ed3ee41ecc1d6d0354c57046c58e390836f11b3e6d4712f7d61b221aa147a58c3903b319a3da746296e576ae21bca4c1c939986fe04145093c4b9173e1936e54c4bfd9aaa4efdd39f2a39e9554fe1bfee4597ce8c798b6233e22a8dcdc7e610ddf6a8c810e7429bb2fcd60f7108119112b3cc5a71fef1fac311afa0d034fd00954111ded4cf381d6a73cc4f6165052325e04566fbb2c644e8bd7e7cf3923af608af8f3537deaaef891bdc258a8341e742f62727444c2cb28ccf8c7e3d79d1162c29af2914627830fe3433c8beb27efc8e08f14581ee0acb0a761a2b0a1f219601c9bae3c6d92f2d3d712e9c239d2910e9ea0f539bc069b7e8a1e36abb4e3ec20ca1677fa0cf3c4d2d3180d15a3c808d0421b564fcb180316df4f46b33df1e57ca2644d8b3fcdd13fef43a3ab76982887a4751615e7665d639854c8c3a8bdceb6cee0fb00fb19f98c42cd6a555da3c4d6a5c6c3ca9f7ccece5bee4907e8676a05aaf4213d4e60c4f5f0bf1a8126b6555ec137dc5f7ca56901bf21329da5a6ad30ebd1d454d7ee3110ae88de0109084e1cdc6342b68883a5205ef763645cdf26815e9f99f8c4bcc5227142ba4e9da752abe3ce3a11f2df8aff40ea3db731c8c1992fc0ab2681c9613861f61f8173d7fafd7a3516e169a8c0541d7632a59641ad3c67ca2cde8dcfcababaa676e25f113d0a6bf3274fc532fafb6042b633051039d682d87477f3a14fa77a7966a6f019738c0a8eb737eea7464d4477f7be1a4553ae736f0dde836688cd4d90e0d207cb82b33f1207d893b1c720d3070c73d6a9b1e52634aea9117ba6a3c063c28e46a687ab0e239b0d95cc2eb76f2b1b6fa6963bb11489e490e70d7f2394cb350f952170a0f6c6338e8460579a1013d9bbc9cc438f617551803af00700e636d0545a4a6877698441b5961cf86d5c40fbbf95775d13dbb50de6a565bd98c3fc8db86278de0bdada8860917ae00345191f96cdffb43216705048851b9bb9cca1e14d394bd9ecd6f567cb16a17592535b0322d143e14f0f982262d5ea7f6790e16c49f6e8740c40be3ae70bf21e5691a175b0060e72c8025f46a439732b8cb8239a5e6823846838f54cb939beca1ca0425c3e43027b3526fc1ffe5e71b72a908002e2e5090e343e87c82cbf2f162f2fef4081c4212b9e4eed4f746a85859f33bcca464667b850851c6e6aafacf930c2f70e777133c651c1851ea8015a9f01cf7c41bf37af677dcd6ad9b0a8eb235f73db7f72007b9d12044451725c559f47deb4bf5054f154e805788a39e69754a054aff979122800365765843cce90a93a3bc6955963594e02da9f7fad62743419870c04751fcd7d8800fc17d6c1566fd1c35f9b464d235d7569f2d0cceeee1c5adbff3e87f3e67bc4beaa4a3fb948b2241b315d0d2a2060bdb2514eaae67a0add5ff446c8291c69d3acd9b7ffa4d01490994bf0135759ba56973d703883c4736c76f5dacb2629bdb429e41bce829bf72b13c0c3d0163efff66b3cde89a61ec6d4a0c3269924934575ff6a6656fc89e9d0d5a5d2a093022b9791763c14a76581e5e1e9f0cf56803e3a29fa93610cff5473a9299dff90e5bfd0e078bc0c4f48a7e379c63b5b048a5ddaeddb495c1631b871f053ad863e832fdc250c1de5242375734feb2895f905d77a1cb3219bb48c3a1403173e401f99d30e5af3731a08fc47186657353cef9e0a628cbf2f67bbe297c9e5bc1b99968f6d744e338a9b3618f180e49d1b641290b2beeaba720abdf6ef0391ab5499d15b5ee5480060e05bb1b50e6516f1f28588343c73c037f410a413cddaecaca9", 0xdcf}], 0x1}}], 0x1, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0f85403, &(0x7f0000000080)={{0x3, 0x3, 0x80000000, 0x1, 0x1}, 0x8, 0x80000000, 'id1\x00', 'timer1\x00', 0x0, 0x2, 0xfffffffffffeffff, 0x400, 0x8})
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x20})
io_uring_enter(r0, 0x27e2, 0x0, 0x0, 0x0, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r7 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002000)=ANY=[@ANYBLOB="300000003d00090000000000000000000100000004000000100001800c001080080001000a01010008000200", @ANYRES32, @ANYBLOB="d47696b268f029ea06eae08f254368e273dab83469246712fb3fa7d2aca2b92404ab0ec0fb1ba7bfac136bb2c28bc32e4bb49fff30246bf841e3be1701b0d7c78ad2ae6339d20cdbd1501aba9fb69a180f415b5c4d22f9c6d4e96017fd1713a16c87eeaf024c09a42c613c03b6e7cfe827dbe8e375"], 0x30}}, 0x0)
syz_open_dev$midi(&(0x7f0000000100), 0x3ff, 0x2000)
syz_usb_disconnect(r7)
close_range(r6, 0xffffffffffffffff, 0x0)

11.652642778s ago: executing program 0 (id=221):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = epoll_create1(0x0)
r3 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000040)={0x20000006})
close_range(r1, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
ioctl$VIDIOC_S_CROP(0xffffffffffffffff, 0x4014563c, 0x0)
r4 = fanotify_init(0x4, 0x101000)
r5 = open$dir(0x0, 0x0, 0x0)
fanotify_mark(r4, 0x1, 0x8001023, r5, 0x0)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "8b3e4b", 0x2}}}, 0xd)
sched_setscheduler(0x0, 0x0, &(0x7f00000000c0)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)={0x14, 0xd, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4048010)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4)
sched_getparam(r8, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000bc0)=ANY=[@ANYBLOB, @ANYRES32=r7], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000180)=0x5)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r9, 0x107, 0xd, 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)

10.638717715s ago: executing program 0 (id=224):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', <r1=>0x0})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'macvlan1\x00'})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, 0x0, 0x20)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'})
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000000480), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
sendmsg$can_bcm(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0500"/15, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="2ce8"], 0x48}}, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040)
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0xa002, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r7, 0x40096101, 0x0)

10.429824329s ago: executing program 4 (id=226):
r0 = syz_open_dev$radio(&(0x7f0000002480), 0x0, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000000738af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x15, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
close(r6)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x18)
syz_open_dev$loop(0x0, 0x4, 0x445c01)
sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000280), 0xaa481, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r7, 0x800c5012, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000080)=0x10000000)
ioctl$SNDCTL_DSP_GETOSPACE(r7, 0x8010500c, &(0x7f0000000100))
ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000002640)={0x4, "fbf873bc12b7344985ed5c23577aeb3a42920e94b8915eb4a7ecfd00", 0x0, 0x1000, 0x0, 0x80000, 0x0, 0x0, 0xffffffff, 0x100000})

10.307924734s ago: executing program 0 (id=228):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000005c0)='syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000600)={0x86089400, &(0x7f0000000380), &(0x7f0000000400), &(0x7f0000000440), {0xc}, &(0x7f0000000480)=""/12, 0xc, &(0x7f00000004c0)=""/137, &(0x7f0000000580)=[r0, r1, r0], 0x3, {r4}}, 0x58)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents(r6, 0xfffffffffffffffd, 0x0)
r7 = fsmount(r5, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r7}, 0x10)
bpf$ITER_CREATE(0x1d, &(0x7f0000000040)={r8, 0x7}, 0x8)

9.269624145s ago: executing program 5 (id=229):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004e826d4094225a4241d10102030109022b0001000000000904"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001a80), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000001ac0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf25170000001c00068015000300add1c17c6d10a43e2701bcaca9cbc5826b000000"], 0x30}}, 0x0)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x6c, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x0, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x0, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x0, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0x6f}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x0, 0x4, 0xd}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0xe}]}, @TIPC_NLA_BEARER_DOMAIN={0x0, 0x3, 0x1ff}, @TIPC_NLA_BEARER_DOMAIN={0x0, 0x3, 0xffff}]}, @TIPC_NLA_NODE={0x0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x0, 0x6, 0x4}, @TIPC_NLA_NODE_KEY_MASTER, @TIPC_NLA_NODE_ADDR={0x0, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x0, 0x1, 0x2}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000050}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000200)={0xb21, 0xd45f, {<r5=>0xffffffffffffffff}, {}, 0x4, 0x1})
r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$revoke(0x3, r6)
prlimit64(r5, 0x7, &(0x7f0000000240)={0x8000000000000001, 0xfffffffffffffffb}, &(0x7f0000000280))
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="21003300c0800000080211000000080211000001505050505050"], 0x40}}, 0x0)

9.269208363s ago: executing program 4 (id=230):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000500)='bic\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000bc0)='#\x00N', 0x3}], 0x1}}], 0x1, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x0, 0x0, 0x21)

9.069640629s ago: executing program 4 (id=231):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0xdc9c7fdefa656b51, 0xc, 0x2, {0x2}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000100)={0x0, 0xa, 0xfc, "2fc57fc0b0f0bea24069d2686455c14db3ebb0012f20ba898c1b8869e47818e3e83bf0943cc4e7485bdc584a2a6c8b71112cfc95e060086358f44db2dea5f3311a4bf7f8fd150f0fd69724087b8b988a38a7a469836bed8470f83d43b879bdf86d57f499a9b908b22637b4be46d160a37b690c80ad5a6dc1a657383456938d167ac27d62d9b3c6fcb403522ae34bb546ad1d9d42b99cc0617a7497f98dfe8e52c5c74aae58f472bcc094b9cc1d6d96739bb9f8fc5e79ddcc7ad7437da031afbcd935d99f832988c449badaeac4a016681916ac46f641849a378d2bf380e707030556d8c25a36f8d86919e9d90449f7c626622af989fea6467d47f061"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xd, 0x8034, 0x5, 0xfff9, 0x81, 0x9, 0x3, 0x6e7, 0x9, 0x4, 0x800, 0x8}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x3d}, &(0x7f0000000340)={0x20, 0x83, 0x2}, &(0x7f00000003c0)={0x20, 0x87, 0x2, 0x5}, &(0x7f0000000400)={0x20, 0x89, 0x2, 0x1}})
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x74, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_SYNPROXY={0x44, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7fff}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x61971a93}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xb}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x60fe}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x4)
socket$alg(0x26, 0x5, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e)
ioctl$EVIOCGMASK(r2, 0x5b01, 0x0)

7.667275084s ago: executing program 2 (id=233):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40500000000000061100800000000007b01980000000000950000000000000000a709eebcf08aa2c868f35785534739e57aea51f770cea3db96388a99b3a86ee55fa00a3ee760c2ae406bd1bc72e02d2c371ca69022d06291615ddff2603b914b7852a38689d5566c9e0a0b49dfa9333013d929fd8fda0bd13ccaefd8c13b172fd76d625cb067203aac60084404fa0096b6f75d917892b9f0dc2c3244692960e5cd82bc0dbe265a9236891dc2a70fc4929e599856795b3d3d16a1a64c138ee399073ea2343b7d0d3c2f4ba3f15ae562a63b860a863d7658fc958b75543c6d1bedfcf96d3a55e2d850f620b511678e90957191494c0d361563a1206a0077715f31155b311818f588cea7832717d3a56c0ae73b53d7581579ae5b01f6ae0d71f716ab78d356aec1ff7fcf4acbc177a883c50d3194ab8c585f615c51218df4beb707a8513b1368a22423913d031b4e7e7485d4a0b1ec7a10216ecc50c50653c503ba94e921802884f0cb47b54bd9e891c785d14660b4966f190d141fd7ca1ed7456c124a42ac6911ca1e980818c0010f875f46"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
mknod(0x0, 0x8001420, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x10, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000380))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000540)=0x1)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000002c0)=0x200000000)

7.425429275s ago: executing program 5 (id=234):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x123, &(0x7f0000000240)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x111, 0x2, 0x1, 0xb, 0x90, 0x59, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "2416ec"}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x2, 0x5, 0x49}, {0x6, 0x24, 0x1a, 0x7, 0x6}, [@mdlm={0x15, 0x24, 0x12, 0xfffd}, @mbim={0xc, 0x24, 0x1b, 0x8000, 0x4, 0xf, 0x7, 0x1, 0x4}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x4, 0xff}, @mdlm_detail={0x89, 0x24, 0x13, 0x8, "4f5c9eceb68cbe56b5ace79c2f83b17133636dbcf3ec6f3bb77e22b38a0ad6ddcda7dc9906a6a8ddce04fca833ae17c12b8555ec32dbd0eb7eaadce48c0c338b3af023c51c6f7e55b2b25139310d49f931eb9639a01d5d84ed4841a65657299b766469a92633d800f623f1d7e3f7c64843d550aa00c75797534c7d18694b70f850608adfae"}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x6, 0x81, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0xf3, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x98, 0x9, 0x4}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xfb, 0x4, 0x2, 0x10, 0x7}, 0x58, &(0x7f0000000100)={0x5, 0xf, 0x58, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0x4a, 0x10, 0x1, "3a377a1a7a47a65a36e820499b30108af366279e2aed088b7f212fe79ba6dc042b249f9a5b394c234106a17ceed4428c67a1bb2ca6c82f04ab4ebdd334c6d8ea55b409a7e70b5a"}, @ptm_cap={0x3}]}, 0x6, [{0xd1, &(0x7f00000004c0)=@string={0xd1, 0x3, "db0b7ecbac5bbe5aa383b198ba3ec2550af8039bc3e4ed9b665154d10383a7869ec4fcf49cfd0a9bb71699cb56f9a98438312fe81156ea7b6da6034f8d3bdd75c58c2b78331b2153e17006b3154874659d51d9028d1940b3a28fd0e067cbf78ccbee504f0802f50a14840d01a95c81339f5dae0aa4418fee955947d6322be12139d43d05587c1776fd3965d7026ab66ee6624eb2abab9ae51065ac8834a0c16e591bf2d5c781846d005e47506695d3ff4b454ed85175a12a7347e6dcecabdde96c2d477fddeb59a5734abd4b5aa995"}}, {0xcc, &(0x7f0000000380)=@string={0xcc, 0x3, "ceda656594958bbb5acc7919f1b32c1e7694d126544367d751beb341ecb5ee20a9726efb4e6237b608050128d31bdd3229b4b70fb31ea9db9cfa4d9ed5eeae9a4ce1925fa7f7a887b385c838a825ec30631c710a7c878c7864468d4a6945bda58e6c1e5b5095ff68245e8eb2db3803027987a774dad2dbf49a5ed342927874dde7f5fe3c9f5fe96a0592ea81bd531d31f5c00b40ed31eef457a8f15409b936fda4553161c9d3a47c5fa1b0e13b774f96b34248a8a26b1ea224664874b0a72aaf5c2a38377e30e771dc18"}}, {0xa7, &(0x7f00000005c0)=@string={0xa7, 0x3, "dda561ad209d674291c2f3ce028e4d784fe3fe8598ab227afad4d07c26f8b5a031258c712b9a13ed950e6cf26357dc575adf187ac67c11737d2af21b28252bb72f467d82f38e5ba4115800289eeb58ca66d0184054b98b6c67622cd03222c7dceb6fd6d70d865080929fd2450e5b6df027e3fce31b42a27dfea128747affc5d1d682e3bacbce5756f20a35a9bd39182f5bbf7d91480b89b363144b299b48f37c3fc73f831e"}}, {0x4b, &(0x7f0000000680)=@string={0x4b, 0x3, "ed07d2d0cab27fc8b696d4e57b337406ee127236ce19ed75ea8fe117cb8aed2429b83a75056070248273052800fc5e8c701f7dc76d9585b1da5977354ebfa727d593e058f913f6f47f"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2052}}, {0x18, &(0x7f0000000700)=@string={0x18, 0x3, "c29cec20bae15c73627fa020b69a34b9e62c8ba022ef"}}]})
r1 = socket$inet(0x2, 0x3, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f00000000c0)="67e3850f20d86635080000000f22d8bad004b8e6f7ef360fc7b74648baf80c66b8bd9acf8b66efbafc0cb081ee66b9c30200000f32b8d8000f00d0ba2100ec0f01190f35", 0x44}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x80000001, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000200)={0x20, 0x17, 0x23, "5bfcaa8074343a0600000000000000d953239a9e773b5f6a5dda219f43832ea9bd0000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

7.095603665s ago: executing program 2 (id=235):
socket$inet_dccp(0x2, 0x6, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDENABIO(r0, 0x4b36)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
accept4(r6, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x8c, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401, 0x34}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x7, 0x35b, 0xa58]}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x36e}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x8}, @device_a, @broadcast, @random="8a5c45a7c3c3", {0x6, 0x40}, @value=@ver_80211n={0x0, 0x9, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, 0x8, @val={0x8c, 0x18, {0x715, "8087c5e0de92", @long="5f7eaf638accf61e02bffdaacdc05ed9"}}}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xfa0}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x8d1f59ddef891bf3)
recvmmsg(0xffffffffffffffff, &(0x7f0000006b00), 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc9, 0xdc}}}, 0x7)
pselect6(0x0, 0x0, &(0x7f00000000c0)={0x7, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3ff}, 0x0, &(0x7f0000000180)={0x0, 0x3938700}, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc})
setpgid(r1, 0x0)

6.721951094s ago: executing program 2 (id=237):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x24842, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x2100, 0x0, &(0x7f00000002c0), 0x0, 0x2000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6gre0\x00', <r3=>0x0, 0x4, 0x3, 0x40, 0x2bc4, 0x10, @dev={0xfe, 0x80, '\x00', 0x32}, @private2, 0x1, 0x20, 0x6, 0x4}})
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x0, 0x90, 0x4, 0x40014, r0, 0x0, '\x00', r3, r0, 0x1, 0x4, 0x2, 0x7, @void, @value, @void, @value}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="7425000040000900fffffffffddbdf250200000004001f0059250180b3e163f9dae03684f77201aac6401be93b04001f800c00cf800800278004005080fe9746e00541a115ccd8bb00f83b2526bec59e35d9123580040043000800e700", @ANYRES32, @ANYBLOB="b6f0f730c9bd82d91486e06564e89f21c14e2d1f25770256375617cc4a29edb0a9fccad78c1fa9c525fa0ecb249b7fed115ed0b696dccf7a626e7f3fe31a62053bcf3d898d0b94aba35ec2961e79dae4a0bb1d8fbdd8c3c9cbd634d7e61a83e17b7e9d1332bcb3c65069c8fa47ca4670fdf014d37d64860af34597a3ffbba2daea97da7411c13e4985eda5d7529a8e76e7cf3cc9c33b2f6beb23ba8732e3c19f395afb37b80c204e6949b9be01678215b5c721cf8a1dc0371a41017bd64f306586c9333fc7fc108a80fb55360800ba00", @ANYRES32, @ANYBLOB="04009a80a91883d7d6ded802e0631ebbb69a6d752778a9165af321b6aaf02ca22737e4a6fc387178cca436aeaff9acb1157c79a7bdfcde94e24b7fa05e4d60df03f6bcd29159da523902036f47b10ee6973e0c9ba97568bb743855e2208f6c8ca7bbe17b16f094141031a6e25301650b7f263dacda400fe5b094c759f0f44ff8c4f2e5255ffa403d431e72bef466b267cc21e104b66bf9aa3cc7bde27b46503c844c9e12c4372f18a972a761979a05d7530ca4858ff34543df07e31265a4b335b122c89829dc53149c92c8d6aaa01d67b12d6bc1499e61432301f69007fa507a73b9093c9d910bb6d71874670c3ade14f4bd3a62d0f4c1addd9e06bfc841a9679fe2f35dfdb523879bac0d7edb016c80346bdf701fbc5617b786c8ca9804bc077eeab770c0f972aae867c74df6aa4431abfbc440617203d34952d097759a12ae9cac5395dcd74f7ddcaf8ef09e69f361322a835769c0040d68fedec808c91d8389ee9bd99d3d814251bbbac7e0587d6c27ea2cdc7bcfd004ab62d557b35d56a06509f37cb863d8de05adc97a88c2f5da5cafbc82028c20f9a181a456aeec98620f576cd3e537bd5fe60b5a140977d5227920f80e15332d5322df34ad379306d3f5ee57ed8d0e2577e1027a783199382cbcdec18053d03f6db26d85142f29f077f0afef75b3ddb177de5f44c314b5a224f55f57183e9a99b7adc208cae40c5a2c7e3d77f9643776d762a4bfd54ae501e082e0e36e344ce6880e65e04c46458ae73d4387a527f9bc59120cd9aacccf8348669a28ec24921311bbbec10ed7e1cbde4fd5c95ce8ca2493bebd2a455bfe35f30955f8baecea744a4f3b1929914781763809085b59492322c81e994b3d2f42c699e4e2bc8f472daee479f29f6ddd91efe4f48f628b2bc97cb5c1de4fff705a35344754731d17b039bd08a4864d1a1ccf2d96b1c0f1493e2ee039c0b1f15762001d8390c1b506c729ec8ec63c901f676a3789519ef16835935fa206725a12d315b8a6831e477d027470a5f55f9e9194796a00fc333f4736f1d47f8e6619e595e9212d76ad582e2401b463ace2d56d63ebe82c8f70c2b041fa4f47c8df1df1b1dfbc7182bad86b1b893c0758f5876cad9a095f34f70bc715bc33af8247fe74b04b30dba4cbc928ef4d600c5d541d85d8bfe6f7a6dfc33c067b1e4eebc148b6f6c09c89379950aa770131c47df2860466d4d5fdb3f6700f7210f75db9f52bfec7b6e218792717b060dba991e93150fa37c0b15055a2b502f21516acc6e949b10f3ceaa934f1d58eff13cf865854ea111ff7e288dd304a6c958de84bf942ef407b4efab1ed1a80f557a62dbe01c87b0fdbeceeb95c2dff374818e4a656a7940e8c8f556365cc6ec16de1f535f9b9d0b1b2391fac233c81205c072262920acdb81f540c9ec027eccde63a1f7d22936cf0282682fec05f41d87379d53c53b148a4418e005ce4158d0b0d0e77b559ab8fdc0be13ba4a3ef0363d983f5ff7324c4a6ce135f10c8fee3fc8cb67f8a8ebf996a78cadf87c84a34c82ab8c4b170efeba1fa205158a97aa0cdada4d07209c0a9ce1f3e0fe4795df4b43e2618d0cda3e374fd14829bd0c781daa6f19ac7d888e4e9b5b96be74356988075d7aa003ab5e505fa6abea121d40973e7833bb501d4439d5bda3d7934c913aed4d7ba9eca15905e11b4061dbbf921bdd0f9ccb3531f05284cdb42ca1bbfb7e5c802758b8a71b7b457020c4663a4181fc4c70a3ff8bdd674d1d175ec752ce62d91d746c38426fd7184e4c5f1f7383e22a2d484f8292ae6e781731f405332591910c6c06d983e639a87d9e77448fe8e2111342ac794b6b16627d150b663ab3f7a99d34a07d5c116c6665d802c0dd8826206e0f64f12473a7d4d5131a78ecb7353a281161d1b2338036a74fd1ecefe3c0847b81fdd9706d90dce71cda986cd7c54315987a5df6dac92faafaed294bb5743fb060636c17e839fe680cf5b07ec50bee2ffe621348622ee48e9b077af5813cb2ff71fa974ea0116e19f3587ca10226a7f45d7583bda93299401ba00b53a4431fcbf980355c1d52de8494d57c733fb53824eec53b8b9f4da25ffd1b3da8dcfaf4282f7a08a52279acdd12a24f6c47fc1b1aef95a392f7e88c426732aee6742fcd958c08f759362e81bb8d69b80f74b0da8fa286e0a4822c96f5fa469ade8c042650a09b0ad148c5d4b74f3686a9fa4bce013fda6d66fa3a01f84ff4feeabc42421ef7adf1562516b29cb29efee7aba7897ff99c601c5815929708db3c7ead2958ec2ff38b18813602aed73be7e10d6b0821df5728edfaa1a9ccfceb2bf14d88a62a80fe1516e4ab873355452c1981e31c7f1067a5b862551b246909859eae9dc74628975e0cdf09ab9287078c1e3203d84f3a98f985f8bfc3732f7df026adecf0f4fb7e118e4a8b367a4e6345daaee8358149066a63836d3416ae51e1e490ea2441c15c5db9da2aa9491e7150a720e4486ec8231566f5722048b734bf800386744ec63fa2e7cccda62019fa7f4021616d494f78ba406f2749c21d69294a2b41c0675ae7c8e0f716ea4b229bf2965cd8944db95932165c8e45f57bb570c82bf6984ea53f563ace474719470747cd4d956fb67b3ff0513d3d550efbd21272c9d5c4c1cf8c3f1e7ac02cd49b0e1e62103e25c4f2f977615229a391262bbbc0d31e8e4ade48a293f46d2ecec86315dfe8e725dadb0e5a36735b015f462612b44fb2411bd4018c1950472a3e4ed1e63cc3e8b5e8b80a59818d15a0fb7473f77fdec68f6a3d04095716d5a6d04dc7dac7fbf0f2896f5964fc577a26216767aefb5edea895f4b52e529d81c5311c5ed0b6f07f1a12b3e4a4bfe8ceb934409966e1d3e3e3ca695f61c578638c13a133e5c1b6bb7ac1b459fd4c2a660db1d0255e2393312d66d984c4c7a33dabeea789dc58ff5376af3c8663683ea976e7666044df8140f0b3c7c1fe549ff96b68a7cb11c8c4470177d458d24e235a99be5bf5fdcbed1b3afbcf7289268fcef8e268a3d1872394656758a020c13b11b6171b25ec9a66368ec65ffddab03726d0f2d7acc5a61ca12fce253bbfacce06556eb3c74dd2222b061d88cc647f4d25f7c3fe351dce5bc9324ab8441dd43ef2de23198b5083562cd4e5dc3322dac79fc488275c54f4eae6e85eb165f20408c092a3cb79c91840922b838774605997debd8b66838130de6b5db8fd9a6d80a7b8b63e3a91fd7f44c7c532ba01e173c98451304bdca7a8e5bc231e5362e56a853bd6bb81916a83bea7a0764fd5e837c750d05c1516000d1bc8c2766d33e85824d7545a40996e7d4313a5380b8a304d92d7e29568b70765c3c9bfc8e6dd28f3d6b042229d574b254f3885c7b777409f0bc97aa3b8cb361f2d5a547a6489c2f85dd991064b81fe0cd8f40bb04f119127d8255ce8b31dcc3962fa84482f9204274e8d2c4ca85864f19cb4efd4fd7b768de4152fac760b849b6781e1814d892da1bca234f39600a7d7a4109af1d6e76298945bc7693127ed60b18bf1c7df43a474f47b20eaa3d32d38136921b6a753f9f661278f5b06d159a20f667cf691d1aae3b4992df3b18937c0e32f7731ca89b3bdd7c1f6f50020ceb1680aa07d3d03937e997a8fc5a4335c866f751650226cba0c303c1c24835c695684b1310fdfb4c23fb1fd8237b3c4015eebb46eb73b8b8685d9fa1870a911406eec5d36592cb04a190c4c0c332edf98eb49a794192848a2a15762c3f356732901d0ca0a4a11a4b36b05198b5ad906eed9505ab12e0f29416635f9c8388027eaed504fa34846b279cfc14f0cc348f7fd4d8a63ae4c0a2de69420a9e5d407ca1129389e3cc42dcfc999d87dc37b9263d771b6927db0f3d6afbd60a5949da77797db7c0977e3a1f7a8adba5a72d29f2dc243a7405241b5aa03ebabc56e0887698939e9332756f256f0c7fcc696432254a37bdd058405c30650f819bc6d1c28cf57839a257a2f75e85de2a0b5f5107060a424ee3ce07cb05fde5b0e5df2a7220938377d57c3d7c61460c2ccd2dfd79e4c64b9f8a044b884400e5a0e6f78e8cb3504efca397d6c51991c3e4e8028530296908526a18fe06b0e2403ad6d7c581fd6788e977cc5e77c0db327dd3e1e4594c106e7a981304a1ff9ec8acbd565a060e903fa9222d12e61e781764d9a4408d1fe952e010587bed287000c97a3d4758a506db1173a2c85192311cd4462cc832b52ef6061ce65f43b6e6ed55353217c46d88304cc0b1ce23ab6defd86f1abd01f957460cf87c9c6f5332f80c3174335f05b57254e2b8881e3b9d14268d8120650fc6b25eed90824c268d4d4dd2c630c4ea6f01b0dce96d18ef0a80d9a4ea0032cd096fba435174116e880f24e681f36386dc165a0dff4cfc064d4d2c63f38968a4f414b909f1e6b3bc00ad1fa4c2de6a8e7fe742065a6d69a3f23c2f33c532a61f305f81f316b47e60556e3f035853873c157f88fd72ecce3fe7ccd7e2d23108b6c6ce7f3bddce8443609f363e962a191fe279b98da811ffed229ae784e1d29646247efbef0da0ca9f87d5b60560afd2a126d818b376ea46f1c900c48a3e70345233bb758ab5354ddcbd47920086622f65454c02a6c0877a8fec963eedeadfa8325b1d35f8d391c1b8c2d04f74f3a3c080a82d4b072c000897ef2e0dfdfda9c2deda8e198fc6782afda5df1fc4eac29d06215a3c42b9d35e48bf2bd52a09805702628a6ad7b8f8ab83eae08b32edc578ab4ac13051c18b948cf863b5cb14abe53faa168a60321ba79d44070983437c00013892a8ec7e600b22c8807a8809f503b5c63db89a47b69dcfb273d7f50588bf9c986a01d8960e12043f7f799f546059917e636357053df2cc2598b1b70d45529c393da4fc785930cb508d6c633c0f0fe06a8103bdd9315500d2c380df136d86e795202293c6d3b95c626bbeb98a90d93baa784230b17c9b293204d69c50bf6d9cdb1d3241e82df5290f3a1b74e5dfae40d3c0e416ab6187185799549547f1ee3972043f620abab039d027a9f3b581c3aad2883ea4821a287897b9a94b44554ec8baeb02bc57180b5b1979264c8d1d78ccfc287722a1fd89453515600742cdeedf32ae4b1ca6dca41873c350a6f0efbed0f257b9acee31dfc684059429fe74b19bb2fef943e8505644b26a948ba3a88bc7b3977f396ecb869970165241b8cee073b67619a1085fa6a8508c17c1f63756c90b52ad524da87d9b146366fb92b8e636a8d97063a301433f1952fba54076e946b0f34795e22b1531796f312f41a69e8ec8ad885d2b43d4473c02f64612ba8db7461614394744340ecba26f160c11cdeebb3375b51d80bc83f50ae7a9ce5876336b5b5910106d7056c94579b19efffe90b98d4e8d27ab4eaab23f1d3668de3812b86ef44d03d559370e862c09a28722e982ea3cb48fc80bf2795c44e7bb79a882842f75b7f1a5f4c9a3ab7aacaebd82be18ffce37aa1b8c76dc74024be6ea0049fd67a71fad679467e8c2384449b16f67fd3e5ee6adf7c9cff5910292d3c1528b29cb8dbfbc124dfc24d12f7e4e41afad21efd9380ccd1446c445415cc210d042fd214ed19ab3e29089dbbf05876ee3a18a3ba46fdee13475ffc92f7ba777f8914d333aa27e4a9e884723d53f21407721d859e0c6f6ee4edeb2f3f73b24455c64cb8047cf14c91287bb14f8fbcfd156252147efab475a49738e4542c47766a34c521f8a7af20f4de21ba6c1f5ee20f4af700f57d2694138c1e336a9b6c1ade06912bd4a28be7cab216d331f30a3eec6cd33da01ba21bc32bca3cd3fb79a7bc3cd62c51bed312af13ef750f894a7281683a0b6715ee5e7cf0403be1f5f8c5dfd567efd157a993133e40f300a4a3cd524734e3dcab1d95ea0648e92b6edc50d5c42f03ce2e100d57060899edd47e8218a0c772b87e5d7c86e66754b1dbd9bc60dacd599127a3596124a5b254c8329b0ef02f0493df4ae3ecb5553d981b0f5453ed6f844e892a1bea8b97a94f32def5812aa8f467622f2d58f50f3dbaf79e7ad082bb858924e917c88bff40534b00904b912dbe5214f2eba716214d3d5ee33259a6177cf9a3c53c4f55dd7f540d47c5d9d4b25c2822e7c364f6734174b016bd866a5a3b7a539fe7f73b130150c00db000700000000000000fc0033804cc9676a7f00d87a396eeeade648defac6ed1d5c81def9c782cb563d98497d70be5e8aedb7e3cc8a3d25e7dce6242d66732974e7dce1438bcd873395afebba9b5875e8f6de2d2cf071a90cc8eabdce8698c190a30e3cede3798bcc911212f0f8cc7a1e8425aca4d0bc95c20deebe5e70336e2afaed6a9768eb5b42a6b4178c1ecb6265ad3c14572b958a6a8d9d4b7d26c6ef42e43c761d05333540d1b322235afdba975b291b91919f1ba5c24d053561f6c0d947b73329b7bc03114bfa3dd4d85c5c16c6259d1b3e791d883af5270671e74c74eeea7e606500781bbe968b09566d42e3fa08003700", @ANYRES32, @ANYBLOB="0400b68008006b00", @ANYRES32, @ANYBLOB="0000000800df00", @ANYRES32, @ANYBLOB="3b12328024004c800800cc00", @ANYRES32, @ANYBLOB="08001500", @ANYRES32, @ANYBLOB='\b\x00t\x00', @ANYRES32, @ANYBLOB="0800c2000900000008000300", @ANYRES32, @ANYBLOB="a747ff40e0f6c3c74431c32e0cc7362eef1e7252b98ba7b0dc3700711d65facf669fd4bf85cea29aecbf6985aedf37c641b5891b3460405f1f7e31f58258d6076cb2723a823e1b4a0eb39792d20f18b00c522bd9d75a8feacb9fec4aae98eab0e03052d20a936d9ea2cd96ef0f461f99a6a04f837553b850b8d97f21bacfa3982204e0d80b3fc14e887084376fc9b037b5473634dd9090a7e60b9a90a460dd7db92dae10100a800256b74f4b61783b9d3fb9b6301f8288104981939e357c504a1d59f23d8c30171e9ef3191341efae0f172f57d0adff4351cab0cb4a863cd221f06f7e8cb602d175dfac93efe226efcccf9dd6c96969e23833e487e5c3c0859f8c878b494a778eaa8db6b937f70c5a1448ecf0d593eaa189431dae7ce38628b5a29d46cf695c79a8a1847e2bf28be73350d70116951b3849c5648d32b0e123a3259b959c3728b798a7bb8ed5cd383cd576742a452932eeb5dbfd12888cd09734d6a1ffc8a406b2a936ab1e052b2f66a934c33fe9d4682dce5a8ecda6c16bc2c7a73a3739e42232eb622fad0d36464d22bb8d87f402d398160f5d5b6e87bf0e4955af0f6904c0e3def9fdb5490edc788a91ce51f95425ce45cbb0faf022bc2ba750fb5742838ccb43e0130e9d721e633318eaea2808bdf51b35bfc20c46735bec0417a485c5f7b9145a14ca0ea8909ec2630b266189638d8b661829be6118fb298228411fe38a057d83f31f3d47f0815db3d04d399412d7e97a2287eb867c35d3884b10b2f4fcd96a305f3c7825918fba52ebc97b19aba6764fd5cb4ca5d664a5dced4ff94fc0863214dba0b5f7bfca9cf28102939f14245b40eebbceb5c3fb031aa7375851f0681ca4f9706542187848100ea270e609018110d57fdd8afad20196f32dc597b49ff3100f17e8db22ac21e7256b2dbb3cf83a5714a2e890746198316f2519c611ec492362893446e24ef815f49c5a189daa94be29508854a14a172d5f6540089a4567eb6b007d6675757b60297a79fc53306465e4f3e7a8b1e0b1bb886e2298d26e2dd17cf6f6e9d70403d30fb2352925d537cd88c35e84f1cca6bf896df18d8665e342b5648a369cb53ae2395861a26b9a4fff169154b9983b9fb6a60dd96aac3175dd9435c9db348b4d03e01bbdb1384ea41afbaac2b5f7b2802ad1777f7deb218522e2c4ad7395a33343b2b7b86232f9ba179cc064767d5e56247dca4d0b2ebeb112f925b2db10d744f00a7dca43f279ab39537654ec6acd1ae657de0bcd60b1a2058f007269722d22d8980ac2e0d0fe64579d41c8cafec5d1bc7cc1a25673d5a0f6e6ea6f20cd4ad80c5cb44e4bb4c6c84736eb1605de16259915bd4060ca47e03fdc2e7bb7bb4a7fda6d483aa83569a0f6b912c1e8283d1cb697625f9b2f3e939413f2292ef6d49c3f437d70f530e97d8b2ceb7eb5f72159b2e279b7f50d03ce3483d2d13afc7c5d751082c2175bcc30943da68646624405363a7cdced6eaf7b620eb304721dcb5389a1cf16975fc866349fa07c3c37218f64a866e1b56b4ca9b9e50a525353ba168c513201e30b76879e4ba126c66fbe255c84d29a4368b07cad36da0854f8da122672b75f60e21839d499e5ac2f11e3609000bd71c71d5daa0b76cc9be57c252006afd2f8b773d60178d0dba649cd18091028915a8367031240f8533987949bb752be1061b77acf158eb1b4a0321cd0647f44b5053eb4d16bc1b79c2d2e7d2627343b85a449624c58b6bebab9758abde1720832e0ee482979af0ea2ede3944a244222c41e9b946a95a836fb829e908e060b645d4482e1790ddf1461316004f0374d4f3c9154a0a1c1f8840b26728514a9bdda508b5d5dc3b89c94ba0dfcbbdda42fb1b379301ed3145f56f65cb553cf87dcf7c367e9068d9ae22b968a54403af49f16dd90068aa21a317c438e441ffa79a0fa42bf8848eeb93d03d5d8c27baaa15fb4e67406deb8af933f8b94a1909791b9344c220b9158f6ce0a63c0e1ba5ee640acbe6fa916c177a5b539819398fc4ff17e2e50e3d9f8f9e43c7e4f3bec015bbcc7e1f48c7c221aaf015ccab6e6eabf351c0b1c90762ce20eb46490b00a60c16ffc0ff8f8b85f0bbf380c8897fb980c7f12475204fb0551e7b731232ba3ad95797dcb13b0ecad8117f1d66deba96606a104c51b927034607c92a61b4fe9689b62bfb2a9f849a9c143ca2a670f772a894c0b8f9d5c9c81e09e2700c3e2bd04ee160514f9c0c7fdb971af56a33639d8943c92104fa86eb26728528024528aef0ecb5968b898d28318c6cda94c827599edd718cdd29d0a58d69d044e7e8bc07d6f8923bc591b547983f6e3891c3a0681e0dbdb91d4e3b5591bbd4743feb16de42032884be382d4f78d956f869ff7024ac38ea68d74daf5bf7b5cb0088cd54daf89a02480125c59609744856344befa125de08e62245c3cf9d051890ab1c290f91132ec7b6bfea8b0017cf46093a1946af0c22c6ed71655626b818bd3f204bd1b9fbb520bfec5dbfc7d22c35d7af144adbdbe0ad84e7bb3feee796a2b5d018760b8c5b2657d966285c3123033d938204ee8df18c5f15dcab46b78dff858e5359e5ec5d1afd900a8f4379f58e0764e9f9e77f749e50241e940adc7149c3a38805d1ab701b0ace413045a9e24d51eb4e190fa72289eeb9a12e0632c28ff095072ace73c14aa22723fcc515ba92ac1039f6a3a49daaf1ab7de0c1617b1f086d718abb0928f55c1f2b7cab972b4a3f95180f4c118f5f034e90f6edab82cf9dae031f6ead96c3793fe7c10f1f8a03e4caccfc75083e3e4085a4a139e9a1a5d25c0689b7212c603690315ec8c0fdc1dac425a21b2467e0f87fd569e7e0bdfb4414eff7baa9c819c18edd7cc0820ba0d668a010d0d1deaa2eed7bed5e0baa0129967f39f69859ffe65cb9dceaef0d634e144ec4695d5d1cef5f3c244947776c0e3e398e2bee5ef11bda9bdd574a3856890547d421e710d24b3d505fadbeed07b0c1afb3518f4c25d96efef6a589f9d8188e39e86ff1e7c1c431d187380ed454025071d7cf3ba25d1963444d3232e568f0e807afcf8f2cbb107bef41f6a785c6d0d7e088e80405ed36fe1b4987ec56e5426bfafade742a3defd30a51ef30cf2d8f683408ebf1a81ae89076d2735a861787c507a1fce02a73ed49e5753adf5461ec90d2a3e51743f3dff5dd4ce09812437982c4149774ea49ae71e5c31aad453dace19267a543b9161915bf4e434ed927fac4399c20a512af5760eac5329b82947e2b4398aad319dfcff4838561a661de5d09379517ff8e8c35ba1c56d1f37fa88f7723dfe7882503ccd9ea4c4c088d80a62784d89a5eb53c627120c28570077776c4d6f1cfd707c0bea8fd1821c9e4b4a6d50c8b9f322cc11d849eedde4c3cafb830f44574bb184f9b2a5a3dc86b1211e784656055c0c7f172f61e9af4c0326af74441fd9c2caa1a5b2afb32bbec258d2bbac1d7f85c92661155921625f9262a88da61dca64e8f34fc3113400bd17e1108dd8143b01e8b86c499be7d1535ea76ac9eefc615be2adcab1136aa8ae57200722697765882b2359f4de6aebe5ba72aa0eb0d7f2db06a3658d9ee916a35e784d2b4f0ee7934a2bc54ba0cacf9c60e76c5fde3a839c7689bef4f21e9e4bcaf675f4b27b8a0d9115a6574a5bd6f134c442a5392fec6446fb51c7718e517dfb54a7ca5193ef44f692d83a233d22cfa03d195961f3f82626876bb3ffdf1449120ddd026e5a7d3ae8136be3a964b23cbdb0e5b160f0323e932131dd76189ccdbbf8ab3f6f56da2c1c807aed75ea3753fc720502102914ea4b1d3cc0ec375d53d26cb603f2863d4acfef557ab7a98e1a8f3e65edb7e135744827bc5004c47a01fd14ea8c2c2d1de9e104376cdb84b5ee03570718aa5508f527ba4fa18d6f0bffaaedb6eb43ebf5542694b489a633d4210ac42d862bf7f8a5e6ff923aa877e8b0540f996abe5dbe347ee5a19632bcdc2295376ed06cdece0214f8b4cdb8c8ff77fdd963bcd9fd088644b55d5c4c45cb9391e9c0831ff1ccfe4dce15032c186458156b5c6fe682a63a08e0e27023a23826d1d523c0f1cce82ad55823342e077110611fe95df224fe4a501cfd79605209cc7259f0913bf808aed8e412b31c007e1859a381782bb16f2a27577dd3a2e437d3c844ef1d7c6ecf5d7d594d189239aac02b07d47d509aceff3e11444ecd148e5eca49d804730f83adc7dbdae54c39c62d66d9abb6b570d558415aff063ee1a83dcbf897fad18379ce6ddab7dc0fb70b660f21cf4d6eb0b114753ee9b18a3dbb0e265962fa0a1dadc0f6cc46643cd1f2977add80d9a3aa7dc2cb4714ec5c0bd67b12fd9d3f8889c2a728cea8b2ca327af304a6c446e5a7dfb6bb814250b48a1c5d1f68a252b93b58eb340e6771c6f5f423b4990b2afb847af821a6c2f46d17fd1fcac07a0d46d85eacdd6e6e80593a46979e1e0173cfd95f32569ba3c4fefda4d2f8ce7fc89876c075d30e11ef97fe9ed3c3e84ea20dc60599c47e3b5c0ef3f1b3dd9c48baa81715b626791eee62f46133286f0f41b16cb2c6ef55937055b5094bfe4560357148c0f586aac5432ee15da06ba84b475ef04a6cc032be8349fe7684de4b8b0ca6e7af687a7337751edaaf643677380750abaf954ee7c82cc7470b07d81424e076829bfd31b1ffd5e8e8918d7adc5c558048677daf4b46fd0ecaec81d5dfcb37bbd91fc6e9889819b0d70cd490fd89c96da572a3ab5f3a84377f207d4a0bbe6f9bee9d06710b22d0bfbf89c64bd553e53eaf8f7f7fe8980da59b16ffe8e11f3621f32961f8b4e16b6b56c7522f632b396a050ddd917e04a03d355cdbce0cef6d519ddc742b0a685c8dfd75a1ab5b8b58c5a1fc052a316a5d3563922fbc846b6d93dac45267d9816874734b071f390b2f3d4e521e9608e941919b1a33084b30000d9996871e128ac278c7c56b6ae8a353596f9310128323269537add0fa5b39873f679e2250d3e5db83c817cf275fc4b7bd1611d6bff747d95956ad77a82595b47520082def9b005b667208370fad91747a4581d90f7600ccea76465bd753e1cf6504f52e588a309237d5f8525b819580a790326120e88fd6fa5915d8cc27f75a4ce673df7e623c4a3b42e6309f1a592d204d0312455abdad0d7bceaf20adcf5e02ec6f854bc64dd4df973290dc68bbc3e19fb5f5a90ca03e7642d2da4fcca3b3c22cac36ab3a30cfd3b82960829253d514315498f66d5a1de6a95a94094dae45941e8d301392a33152298746c9c8ae66f10dd2e5f92acdef7f729316c8994652089bfb2f8c0589437bd732b8510abfffda6dcced23c2d788c01d9abd39e9b03cc91ae4671f2373bb25330a71b848fe474d450062a08c2ff4ce757bf46c6f1a6ccfd3cc3850dde5aacdbb89d6e7b766472027e6f783830c56106fbd067d70e203bd3b3a0883d5b92ead4817b204239a3fbfaf70b661170d7a91ad59d69de68d3b6857f8acd4575eaeb0a9bd4b4f052e4806fc7cc2c7468f0391474abe44c3fbcfb0bb4a35c44430a5959f09498c7c0350a66a691fd192c45b9fcb18076fa7a0769c01659e7e41265015821662d8d995115835d05895e6be674ef436746c4002efc3b238c5a3193d1adc706fa6695d33ecf4239d0c19ac9f48cc69286f28e8ffd05a1b6fca99db95394646c4c27af3d3b15715788cae91a5c779d8b300c54177109cb6e2f7f88b1f648535be4519c54276ddc61f0f988a81a81fb763c7f524b592211298683c22f4a367197c9b2e789f57ba21f16341391e7745e7ef922217b874e0b7af050a0d45851ed5da27ef20c43c73514c4c8ba7fb4f655b18110d3daadaa75ed1c18946f29143a87d8035619e4b517a2eb8a31c30b8045e216570e5b9a3680e296c5ec8a1f575997f596bd638751432955aabc4101a1cdcfbe09d6d4c68559c99c2a90225fb31971d748905284807ce6285870d1720a92a5be38acf34e1f7cc154ebad230faa93424d58ec56e223cc7c47d1f60c64b95ab2004006f80080044007f00000120014980034c24c7de607880a239359318168c42f14ed86552a8060de0c9c893c80ad6946af733a13cbbd3d2a6fe2d90a38aa7a0f3f792920a127315fb30443474caa7f2b5507e68ca7d9a4e77a0419ce11692e2ada5d2c8e19506a2b8931411a05d8e5757b86b70ff63208370ccd0590c85f81fa7c1724db93bc107bf9deaf04fcd6d1f1eb27e9589c6fd748d34081dd72cdacb4f06acef6b1fb26432a0fcca4ed9f5b14f3a192f65f3be62338eff0338ad0c17c652fad9b77db6a98a6dbb5a1741909f007b37dce6bcc8ca6775aae8b9183add748fdc944ad5c241f3f368998995080032007f0000010400cd800c005400000000000100000008000a00ffffffffa5769607da3f7ab6f2f2a36d85777d863226c6b4fefa08007000", @ANYRES32, @ANYBLOB="082621bd6b42ff0f0d92f6730278658214f2b349c4a49d5ee8461b3b61"], 0x2574}, 0x1, 0x0, 0x0, 0x4004c004}, 0x0)
r4 = timerfd_create(0x0, 0x0)
read$char_usb(r4, &(0x7f0000000040)=""/194, 0xc2)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESDEC=0x0])
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
chdir(&(0x7f0000000000)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000900, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004107f540f30c7593de1a000000010902240001000000000904000002bee4f900090503000000"], 0x0)

6.423334661s ago: executing program 3 (id=240):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80", 0xb}], 0x1}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) (async)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 64)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r7, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) (async)
readv(r3, &(0x7f0000000240)=[{&(0x7f0000002600)=""/46, 0x2e}, {&(0x7f0000000300)=""/168, 0xa8}, {&(0x7f0000003640)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/4085, 0xff5}], 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000079100000000000006300e0ff0000000095"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r9 = dup(r8)
sendmsg$inet(r9, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="38000000000000000000000007000000940401"], 0x38}, 0x20040010)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01000000000000000000010000000000000001"], 0x38}}, 0x0)

5.530062751s ago: executing program 3 (id=241):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000064000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000208000140000000000900010073797a300000000008000a40000000021c0008800c00024000000000000000000c0001"], 0xac}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, r0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x9}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0xfffffffc}]}, 0x3c}}, 0x24000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r2}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r3}, 0x10)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r4, 0x58, &(0x7f0000000d40)}, 0x10)
lstat(0x0, 0x0)

5.25542245s ago: executing program 4 (id=242):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x3, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xe, 0x0, 0x3, 0x3ffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000008c0)=""/211, 0xd3}], 0x1, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001db8a0b200d050f012fb2010203010902120001ea015000090406360088787f03"], 0x0)

5.193777145s ago: executing program 3 (id=243):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x8b2a, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000019140)={[&(0x7f0000000380)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x03\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\xdch\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc']}, &(0x7f0000019100)={[&(0x7f0000000200)=' ']})

3.458184997s ago: executing program 3 (id=244):
r0 = socket(0x10, 0x803, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x18, <r1=>r0, {0x5}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000000)={0x1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8e700, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x11, 0x67, &(0x7f0000000040)={0xffff0000, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r5 = dup(r3)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r1)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00000000080004002500000008000200040000000800020003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20004001)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000050000f58d04"])
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000d, 0x13, 0xffffffffffffffff, 0xbfa35000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, &(0x7f0000001700)=""/4100, 0x0, 0x1004, 0xfffffffc, 0x3, 0x0, @void, @value}, 0x28)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000a80)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100000}, 0xffffffffffffff16, &(0x7f00000006c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="88000000031440012bbd7000ffdbdf250900020073797a310000000008004100736977001400330067656e657665300000000000000000000900020073797a3100000000080041007278650014003300677265300000000000000000000000000900020073797a310000000074756e6c3000"/136], 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x20040000)
ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x100)
r8 = socket$igmp6(0xa, 0x3, 0x2)
r9 = socket$kcm(0x2, 0xa, 0x2)
pipe2$9p(&(0x7f0000000240)={<r10=>0xffffffffffffffff}, 0x80)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)
close_range(r10, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r8, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})

2.626074109s ago: executing program 3 (id=245):
syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02)
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80383, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000012c0)='oom_score\x00')
exit(0x0)
lseek(r2, 0x2000, 0x0)
read$midi(r0, 0x0, 0x32)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100)

2.084262516s ago: executing program 2 (id=246):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = socket(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000000080)={@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x44})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key(&(0x7f0000000180)='id_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000040))
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
readv(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0)
socket(0x10, 0x803, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r4, &(0x7f0000000140)="96", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) (fail_nth: 1)

1.032462703s ago: executing program 4 (id=247):
socket$inet_dccp(0x2, 0x6, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDENABIO(r0, 0x4b36)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}, 0xfffffdef}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x8c, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401, 0x34}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x7, 0x35b, 0xa58]}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x36e}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x8}, @device_a, @broadcast, @random="8a5c45a7c3c3", {0x6, 0x40}, @value=@ver_80211n={0x0, 0x9, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, 0x8, @val={0x8c, 0x18, {0x715, "8087c5e0de92", @long="5f7eaf638accf61e02bffdaacdc05ed9"}}}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xfa0}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x8d1f59ddef891bf3)
recvmmsg(0xffffffffffffffff, &(0x7f0000006b00), 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc9, 0xdc}}}, 0x7)
pselect6(0x0, 0x0, &(0x7f00000000c0)={0x7, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3ff}, 0x0, &(0x7f0000000180)={0x0, 0x3938700}, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc})
setpgid(r1, 0x0)

1.001133153s ago: executing program 0 (id=248):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x10}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x29c780})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

950.039222ms ago: executing program 2 (id=249):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', <r1=>0x0})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'macvlan1\x00'})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, 0x0, 0x20)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'})
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000000480), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
sendmsg$can_bcm(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0500"/15, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="2ce8"], 0x48}}, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040)
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0xa002, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r7, 0x40096101, 0x0)

921.139339ms ago: executing program 3 (id=250):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6(0xa, 0x3, 0x6)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x3)
sendfile(r3, r4, 0x0, 0x20000023896)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x61, 0x0, 0x0, 0x500, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x9, 0x7}, 0xffffffffffffffa2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r9, 0x84, 0x15, &(0x7f0000000040)={0xb}, 0x1)
sendto$inet6(r9, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r10 = socket$netlink(0x10, 0x3, 0xefe94e42394ec188)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4)
bind$netlink(r10, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

762.623369ms ago: executing program 5 (id=251):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0xc45, 0x760b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x85}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x7fd, @remote, 0x81}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000c000000200001801400020073797a5f74756e00000000000000000008000300030000001400038010000380"], 0x48}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_EXP_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)={0x14, 0x1, 0x2, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}}, 0x14}}, 0x880)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r8, @ANYBLOB="080026008f0900000800b7"], 0x50}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x18, &(0x7f0000000440)={0x0, 0x21, 0x85, {0x85, 0xa, "62fe9785d8f2d201a703e47d72a005b7cea16727d1d4cede97965f3de2587774d8029fa9d10b47e356249835a54ad4e3d5c08ba5ba0a78d9b7e5b1fbec62d57262e0ba20670850163c9c42a9fd97b34d82c413c60118ad8a7b46323d1f26171c2585465e3c686fd889c2e4d36a95cd81e8b475156cc3a12565e97e3efb3b2cdf4c339a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2.467539ms ago: executing program 2 (id=252):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, &(0x7f0000000000)={0xdc9c7fdefa656b51, 0xc, 0x2, {0x2}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000100)={0x0, 0xa, 0xfc, "2fc57fc0b0f0bea24069d2686455c14db3ebb0012f20ba898c1b8869e47818e3e83bf0943cc4e7485bdc584a2a6c8b71112cfc95e060086358f44db2dea5f3311a4bf7f8fd150f0fd69724087b8b988a38a7a469836bed8470f83d43b879bdf86d57f499a9b908b22637b4be46d160a37b690c80ad5a6dc1a657383456938d167ac27d62d9b3c6fcb403522ae34bb546ad1d9d42b99cc0617a7497f98dfe8e52c5c74aae58f472bcc094b9cc1d6d96739bb9f8fc5e79ddcc7ad7437da031afbcd935d99f832988c449badaeac4a016681916ac46f641849a378d2bf380e707030556d8c25a36f8d86919e9d90449f7c626622af989fea6467d47f061"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xd, 0x8034, 0x5, 0xfff9, 0x81, 0x9, 0x3, 0x6e7, 0x9, 0x4, 0x800, 0x8}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x3d}, &(0x7f0000000340)={0x20, 0x83, 0x2}, &(0x7f00000003c0)={0x20, 0x87, 0x2, 0x5}, &(0x7f0000000400)={0x20, 0x89, 0x2, 0x1}})
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x74, 0x2, 0x1, 0x3, 0x0, 0x0, {}, [@CTA_SYNPROXY={0x44, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7fff}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x61971a93}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xb}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x2}]}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x60fe}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x4)
socket$alg(0x26, 0x5, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e)
ioctl$EVIOCGMASK(r2, 0x5b01, 0x0)

0s ago: executing program 4 (id=253):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000005c0)='syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000600)={0x86089400, &(0x7f0000000380), &(0x7f0000000400), &(0x7f0000000440), {0xc}, &(0x7f0000000480)=""/12, 0xc, &(0x7f00000004c0)=""/137, &(0x7f0000000580)=[r0, r1, r0], 0x3, {r4}}, 0x58)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents(r6, 0xfffffffffffffffd, 0x0)
r7 = fsmount(r5, 0x0, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r6, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x0, 0x10, 0x70bd2d, 0x25dfdbfb}, 0x14}}, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r7}, 0x10)
bpf$ITER_CREATE(0x1d, &(0x7f0000000040)={r8, 0x7}, 0x8)

kernel console output (not intermixed with test programs):

d blocking state
[   69.030655][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.038350][ T5828] bridge_slave_1: entered allmulticast mode
[   69.045333][ T5828] bridge_slave_1: entered promiscuous mode
[   69.052319][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.059366][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.085481][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.098092][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.105198][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.131553][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.150403][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.157423][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.183421][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.196060][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.203029][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.229041][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.291974][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.304218][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.327211][ T5816] hsr_slave_0: entered promiscuous mode
[   69.333695][ T5816] hsr_slave_1: entered promiscuous mode
[   69.340161][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.348232][ T5816] Cannot create hsr debugfs directory
[   69.412124][ T5817] hsr_slave_0: entered promiscuous mode
[   69.418841][ T5817] hsr_slave_1: entered promiscuous mode
[   69.426912][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.435194][ T5821] Bluetooth: hci2: command tx timeout
[   69.435557][ T5821] Bluetooth: hci0: command tx timeout
[   69.441883][ T5817] Cannot create hsr debugfs directory
[   69.456618][ T5828] team0: Port device team_slave_0 added
[   69.493144][ T5828] team0: Port device team_slave_1 added
[   69.510489][ T5824] hsr_slave_0: entered promiscuous mode
[   69.517001][ T5821] Bluetooth: hci1: command tx timeout
[   69.523122][ T5824] hsr_slave_1: entered promiscuous mode
[   69.528937][ T5821] Bluetooth: hci3: command tx timeout
[   69.534365][ T5827] Bluetooth: hci4: command tx timeout
[   69.541357][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.549173][ T5824] Cannot create hsr debugfs directory
[   69.608058][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.615219][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.641734][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.679019][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.686043][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.712068][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.808348][ T5828] hsr_slave_0: entered promiscuous mode
[   69.814899][ T5828] hsr_slave_1: entered promiscuous mode
[   69.821071][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.828789][ T5828] Cannot create hsr debugfs directory
[   69.989937][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   70.023323][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   70.039367][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   70.059629][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   70.109172][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   70.119334][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   70.137284][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   70.150519][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   70.199915][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.212412][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.222813][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.253311][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.313976][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   70.362052][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   70.375097][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   70.397563][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   70.418474][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   70.430322][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   70.450530][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   70.470736][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   70.517119][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.543704][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.588069][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.612452][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   70.628596][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   70.642140][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   70.662151][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.669464][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.696380][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.703508][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.726009][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.733143][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.741865][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.749002][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.761038][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.768144][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.778809][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.786020][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.819356][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.867461][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[   70.913329][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.920566][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.939811][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.946973][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.966865][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.026974][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   71.050930][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.058110][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.130610][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.137791][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.180217][ T5828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   71.237503][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.280918][ T5824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.353710][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.375352][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.398626][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.502460][ T5817] veth0_vlan: entered promiscuous mode
[   71.512962][ T5823] veth0_vlan: entered promiscuous mode
[   71.519559][ T5827] Bluetooth: hci0: command tx timeout
[   71.525598][ T5827] Bluetooth: hci2: command tx timeout
[   71.544210][ T5817] veth1_vlan: entered promiscuous mode
[   71.563445][ T5823] veth1_vlan: entered promiscuous mode
[   71.599607][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[   71.607450][ T5827] Bluetooth: hci3: command tx timeout
[   71.607618][ T5821] Bluetooth: hci1: command tx timeout
[   71.612886][ T5827] Bluetooth: hci4: command tx timeout
[   71.624254][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[   71.720423][ T5817] veth0_macvtap: entered promiscuous mode
[   71.732737][ T5823] veth0_macvtap: entered promiscuous mode
[   71.753899][ T5823] veth1_macvtap: entered promiscuous mode
[   71.766790][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.776519][ T5817] veth1_macvtap: entered promiscuous mode
[   71.812027][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.861347][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.870244][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.881478][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.893009][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.916967][ T5824] veth0_vlan: entered promiscuous mode
[   71.930340][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.940992][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.952045][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.963475][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.989526][ T5817] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.000341][ T5817] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.009777][ T5817] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.019102][ T5817] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.031549][ T5823] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.040748][ T5823] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.049798][ T5823] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.058956][ T5823] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.074314][ T5816] veth0_vlan: entered promiscuous mode
[   72.088942][ T5816] veth1_vlan: entered promiscuous mode
[   72.117338][ T5824] veth1_vlan: entered promiscuous mode
[   72.161373][ T5828] veth0_vlan: entered promiscuous mode
[   72.213433][ T5824] veth0_macvtap: entered promiscuous mode
[   72.249589][ T5828] veth1_vlan: entered promiscuous mode
[   72.285363][ T5824] veth1_macvtap: entered promiscuous mode
[   72.298835][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.302418][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.319301][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.329950][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.336820][ T5816] veth0_macvtap: entered promiscuous mode
[   72.368303][ T5816] veth1_macvtap: entered promiscuous mode
[   72.388123][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.401565][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.411898][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.423430][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.437072][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.453111][ T5828] veth0_macvtap: entered promiscuous mode
[   72.462964][ T5828] veth1_macvtap: entered promiscuous mode
[   72.479583][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.489688][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.521030][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.526136][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.534613][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.539758][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.560766][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.571628][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.583188][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.592693][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.609219][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.619150][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.630277][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.640474][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.651226][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.664296][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.687270][ T5824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.699542][ T5824] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.711183][ T5824] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.716406][ T5817] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   72.723896][ T5824] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.749008][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.761072][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.771039][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.781610][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.791609][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.802391][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.813463][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.829896][ T5816] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.839068][ T5816] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.849444][ T5816] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.858609][ T5816] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.968950][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.980367][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.990300][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.000908][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.010824][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.021330][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.031227][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.043172][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.055015][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.158848][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.172475][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.214784][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.235698][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.245712][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.275551][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.292346][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.311844][ T5910] openvswitch: netlink: Duplicate or invalid key (type 0).
[   73.324041][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.329706][ T5910] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   73.343436][ T5912] FAULT_INJECTION: forcing a failure.
[   73.343436][ T5912] name failslab, interval 1, probability 0, space 0, times 1
[   73.348064][ T5910] fuse: Bad value for 'user_id'
[   73.358149][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.368909][ T5910] fuse: Bad value for 'user_id'
[   73.380585][ T5912] CPU: 0 UID: 0 PID: 5912 Comm: syz.0.8 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   73.391080][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   73.401146][ T5912] Call Trace:
[   73.404427][ T5912]  <TASK>
[   73.407361][ T5912]  dump_stack_lvl+0x241/0x360
[   73.412052][ T5912]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.417246][ T5912]  ? __pfx__printk+0x10/0x10
[   73.421832][ T5912]  ? fs_reclaim_acquire+0x93/0x130
[   73.426942][ T5912]  ? __pfx___might_resched+0x10/0x10
[   73.432226][ T5912]  should_fail_ex+0x3b0/0x4e0
[   73.436905][ T5912]  should_failslab+0xac/0x100
[   73.441628][ T5912]  __kmalloc_noprof+0xdd/0x4c0
[   73.446389][ T5912]  ? kstrtouint_from_user+0x128/0x190
[   73.451760][ T5912]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[   73.457484][ T5912]  tomoyo_realpath_from_path+0xcf/0x5e0
[   73.463032][ T5912]  tomoyo_path_number_perm+0x236/0x860
[   73.468488][ T5912]  ? __lock_acquire+0x1397/0x2100
[   73.473508][ T5912]  ? tomoyo_path_number_perm+0x206/0x860
[   73.479140][ T5912]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   73.485150][ T5912]  ? __fget_files+0x2a/0x410
[   73.489742][ T5912]  ? __fget_files+0x2a/0x410
[   73.494331][ T5912]  security_file_ioctl+0xc6/0x2a0
[   73.499445][ T5912]  __se_sys_ioctl+0x46/0x170
[   73.504048][ T5912]  do_syscall_64+0xf3/0x230
[   73.508556][ T5912]  ? clear_bhb_loop+0x35/0x90
[   73.513242][ T5912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.519166][ T5912] RIP: 0033:0x7f690a37ff19
[   73.523597][ T5912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.543204][ T5912] RSP: 002b:00007f690b18a058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.551622][ T5912] RAX: ffffffffffffffda RBX: 00007f690a545fa0 RCX: 00007f690a37ff19
[   73.559599][ T5912] RDX: 0000000020000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[   73.567572][ T5912] RBP: 00007f690b18a0a0 R08: 0000000000000000 R09: 0000000000000000
[   73.575550][ T5912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.583522][ T5912] R13: 0000000000000000 R14: 00007f690a545fa0 R15: 00007fff13667fc8
[   73.591507][ T5912]  </TASK>
[   73.605076][ T5912] ERROR: Out of memory at tomoyo_realpath_from_path.
[   73.613925][ T5827] Bluetooth: hci0: command tx timeout
[   73.613939][ T5821] Bluetooth: hci2: command tx timeout
[   73.616951][ T5913] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   73.675175][ T5827] Bluetooth: hci1: command tx timeout
[   73.675829][ T5821] Bluetooth: hci3: command tx timeout
[   73.681594][ T5827] Bluetooth: hci4: command tx timeout
[   73.816532][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.838928][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.849192][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.858237][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.900187][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.928140][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.957370][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.977771][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.011667][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.044191][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.057022][ T5870] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.086905][ T3565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.110106][ T3565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.161415][ T3565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.173444][ T3565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.250690][ T5870] usb 1-1: config 252 has an invalid interface number: 167 but max is 0
[   74.267884][ T5870] usb 1-1: config 252 has an invalid descriptor of length 246, skipping remainder of the config
[   74.293748][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.303122][ T5921] FAULT_INJECTION: forcing a failure.
[   74.303122][ T5921] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   74.332863][ T5921] CPU: 0 UID: 0 PID: 5921 Comm: syz.4.5 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   74.342881][ T5870] usb 1-1: config 252 has no interface number 0
[   74.343305][ T5921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   74.359627][ T5921] Call Trace:
[   74.362924][ T5921]  <TASK>
[   74.365877][ T5921]  dump_stack_lvl+0x241/0x360
[   74.370609][ T5921]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.373424][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.375821][ T5921]  ? __pfx__printk+0x10/0x10
[   74.375851][ T5921]  ? __pfx_lock_release+0x10/0x10
[   74.383165][ T5870] usb 1-1: config 252 interface 167 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   74.387695][ T5921]  should_fail_ex+0x3b0/0x4e0
[   74.387722][ T5921]  _copy_from_user+0x2f/0xc0
[   74.387753][ T5921]  do_sock_getsockopt+0x1d1/0x7e0
[   74.387777][ T5921]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   74.387793][ T5921]  ? __fget_files+0x2a/0x410
[   74.387814][ T5921]  ? __fget_files+0x395/0x410
[   74.387830][ T5921]  ? __fget_files+0x2a/0x410
[   74.387855][ T5921]  __x64_sys_getsockopt+0x2a1/0x370
[   74.387882][ T5921]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[   74.387903][ T5921]  ? do_syscall_64+0x100/0x230
[   74.387930][ T5921]  ? do_syscall_64+0xb6/0x230
[   74.387954][ T5921]  do_syscall_64+0xf3/0x230
[   74.387976][ T5921]  ? clear_bhb_loop+0x35/0x90
[   74.388007][ T5921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.388031][ T5921] RIP: 0033:0x7ff5d617ff19
[   74.388049][ T5921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.388063][ T5921] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   74.388085][ T5921] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[   74.388099][ T5921] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000004
[   74.388111][ T5921] RBP: 00007ff5d6f5d0a0 R08: 0000000020000000 R09: 0000000000000000
[   74.388124][ T5921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.388135][ T5921] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[   74.388158][ T5921]  </TASK>
[   74.560778][ T5870] usb 1-1: config 252 interface 167 has no altsetting 0
[   74.572112][ T5870] usb 1-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=2d.36
[   74.581510][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.590742][ T5870] usb 1-1: Product: syz
[   74.595122][ T5870] usb 1-1: Manufacturer: syz
[   74.599741][ T5870] usb 1-1: SerialNumber: syz
[   74.791609][ T5930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2'.
[   74.835913][ T5870] gspca_main: vicam-2.14.0 probing 04c1:009d
[   74.976860][ T5870] usb 1-1: Direct firmware load for vicam/firmware.fw failed with error -2
[   75.119406][ T5935] netlink: zone id is out of range
[   75.125704][ T5935] netlink: zone id is out of range
[   75.131204][ T5935] netlink: zone id is out of range
[   75.137656][ T5935] netlink: zone id is out of range
[   75.139384][ T5870] usb 1-1: Falling back to sysfs fallback for: vicam/firmware.fw
[   75.146663][ T5935] netlink: zone id is out of range
[   75.156657][ T5935] netlink: zone id is out of range
[   75.162399][ T5935] netlink: zone id is out of range
[   75.163361][ T5936] netlink: 88 bytes leftover after parsing attributes in process `syz.3.4'.
[   75.187307][ T5935] netlink: zone id is out of range
[   75.324835][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   75.606412][ T5941] FAULT_INJECTION: forcing a failure.
[   75.606412][ T5941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.622198][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: syz.4.13 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   75.632752][ T5941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   75.642836][ T5941] Call Trace:
[   75.646137][ T5941]  <TASK>
[   75.649089][ T5941]  dump_stack_lvl+0x241/0x360
[   75.653812][ T5941]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.659050][ T5941]  ? __pfx__printk+0x10/0x10
[   75.663707][ T5941]  ? __pfx_lock_release+0x10/0x10
[   75.668770][ T5941]  should_fail_ex+0x3b0/0x4e0
[   75.673485][ T5941]  _copy_from_user+0x2f/0xc0
[   75.678093][ T5941]  copy_msghdr_from_user+0xae/0x680
[   75.683308][ T5941]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   75.689118][ T5941]  ? __fget_files+0x2a/0x410
[   75.693715][ T5941]  ? __fget_files+0x2a/0x410
[   75.698317][ T5941]  __sys_sendmsg+0x209/0x350
[   75.702911][ T5941]  ? __pfx_lock_release+0x10/0x10
[   75.707944][ T5941]  ? __pfx___sys_sendmsg+0x10/0x10
[   75.713062][ T5941]  ? __pfx_vfs_write+0x10/0x10
[   75.717856][ T5941]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   75.724182][ T5941]  ? do_syscall_64+0x100/0x230
[   75.728951][ T5941]  ? do_syscall_64+0xb6/0x230
[   75.733634][ T5941]  do_syscall_64+0xf3/0x230
[   75.738146][ T5941]  ? clear_bhb_loop+0x35/0x90
[   75.742830][ T5941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.748726][ T5941] RIP: 0033:0x7ff5d617ff19
[   75.753143][ T5941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.772775][ T5941] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.781201][ T5941] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[   75.789273][ T5941] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[   75.797261][ T5941] RBP: 00007ff5d6f5d0a0 R08: 0000000000000000 R09: 0000000000000000
[   75.805227][ T5941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.813203][ T5941] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[   75.821185][ T5941]  </TASK>
[   75.832799][ T5827] Bluetooth: hci2: command tx timeout
[   75.839363][ T5827] Bluetooth: hci3: command tx timeout
[   75.844898][ T5827] Bluetooth: hci1: command tx timeout
[   75.850437][ T5827] Bluetooth: hci0: command tx timeout
[   75.856079][ T5827] Bluetooth: hci4: command tx timeout
[   75.881001][ T5932] tmpfs: Unknown parameter 'grpquota/#/msr'
[   76.066231][ T5947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'.
[   76.134745][ T5901] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   76.338523][ T5901] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   76.339214][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   76.339266][ T5901] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   76.339328][ T5901] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[   76.339400][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.541764][ T5901] usb 3-1: config 0 descriptor??
[   76.625718][ T5948] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.735626][   T29] audit: type=1326 audit(1733389852.935:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   76.844779][   T29] audit: type=1326 audit(1733389852.995:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   76.896159][ T5949] QAT: failed to copy from user cfg_data.
[   77.035797][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   77.038804][ T5901] ath6kl: Failed to submit usb control message: -71
[   77.062332][ T5901] ath6kl: unable to send the bmi data to the device: -71
[   77.073255][ T5901] ath6kl: Unable to send get target info: -71
[   77.775528][   T29] audit: type=1326 audit(1733389852.995:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   77.804275][ T5901] ath6kl: Failed to init ath6kl core: -71
[   77.811220][ T5901] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[   77.895410][ T5901] usb 3-1: USB disconnect, device number 2
[   77.931529][   T29] audit: type=1326 audit(1733389852.995:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.046097][ T3565] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.063123][   T29] audit: type=1326 audit(1733389852.995:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.088405][   T29] audit: type=1326 audit(1733389853.005:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.110940][   T29] audit: type=1326 audit(1733389853.005:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.132602][   T29] audit: type=1326 audit(1733389853.005:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.154135][   T29] audit: type=1326 audit(1733389853.005:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.176248][   T29] audit: type=1326 audit(1733389853.005:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5951 comm="syz.4.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x7ffc0000
[   78.378410][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.394848][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[   78.547560][ T5969] net_ratelimit: 786 callbacks suppressed
[   78.547602][ T5969] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   79.371215][    T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!!
[   79.434859][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   79.595748][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   79.619508][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.675008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   79.696073][ T5957] DRBG: could not allocate digest TFM handle: hmac(sha512)
[   80.178613][ T5968] netlink: zone id is out of range
[   80.183779][ T5968] netlink: zone id is out of range
[   80.188956][ T5968] netlink: zone id is out of range
[   80.194061][ T5968] netlink: zone id is out of range
[   80.199213][ T5968] netlink: zone id is out of range
[   80.204309][ T5968] netlink: zone id is out of range
[   80.209455][ T5968] netlink: zone id is out of range
[   80.214578][ T5968] netlink: zone id is out of range
[   80.219670][ T5968] netlink: zone id is out of range
[   80.234712][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.285076][ T5988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'.
[   80.364742][ T5992] tmpfs: Unknown parameter 'grpquota/#/msr'
[   80.624328][ T5987] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   80.981910][ T5901] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   81.008772][ T6001] FAULT_INJECTION: forcing a failure.
[   81.008772][ T6001] name failslab, interval 1, probability 0, space 0, times 0
[   81.044674][ T6001] CPU: 0 UID: 0 PID: 6001 Comm: syz.2.25 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   81.055237][ T6001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   81.065325][ T6001] Call Trace:
[   81.068637][ T6001]  <TASK>
[   81.071606][ T6001]  dump_stack_lvl+0x241/0x360
[   81.076322][ T6001]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.081556][ T6001]  ? __pfx__printk+0x10/0x10
[   81.086182][ T6001]  ? fs_reclaim_acquire+0x93/0x130
[   81.091337][ T6001]  ? __pfx___might_resched+0x10/0x10
[   81.092886][ T6007] sctp: [Deprecated]: syz.4.27 (pid 6007) Use of int in max_burst socket option.
[   81.092886][ T6007] Use struct sctp_assoc_value instead
[   81.096642][ T6001]  should_fail_ex+0x3b0/0x4e0
[   81.096683][ T6001]  should_failslab+0xac/0x100
[   81.120462][ T6001]  __kmalloc_noprof+0xdd/0x4c0
[   81.125237][ T6001]  ? kstrtouint_from_user+0x128/0x190
[   81.130614][ T6001]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[   81.136337][ T6001]  tomoyo_realpath_from_path+0xcf/0x5e0
[   81.141897][ T6001]  tomoyo_path_number_perm+0x236/0x860
[   81.147365][ T6001]  ? __lock_acquire+0x1397/0x2100
[   81.152391][ T6001]  ? tomoyo_path_number_perm+0x206/0x860
[   81.158035][ T6001]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   81.164063][ T6001]  ? __fget_files+0x2a/0x410
[   81.168661][ T6001]  ? __fget_files+0x2a/0x410
[   81.173258][ T6001]  security_file_ioctl+0xc6/0x2a0
[   81.178293][ T6001]  __se_sys_ioctl+0x46/0x170
[   81.182890][ T6001]  do_syscall_64+0xf3/0x230
[   81.187397][ T6001]  ? clear_bhb_loop+0x35/0x90
[   81.192078][ T6001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.197976][ T6001] RIP: 0033:0x7fe49117ff19
[   81.202408][ T6001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.222022][ T6001] RSP: 002b:00007fe491ef7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.230441][ T6001] RAX: ffffffffffffffda RBX: 00007fe491345fa0 RCX: 00007fe49117ff19
[   81.238413][ T6001] RDX: 00000000200002c0 RSI: 000000004008af00 RDI: 0000000000000003
[   81.246470][ T6001] RBP: 00007fe491ef70a0 R08: 0000000000000000 R09: 0000000000000000
[   81.254443][ T6001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.262421][ T6001] R13: 0000000000000000 R14: 00007fe491345fa0 R15: 00007fff05d4a688
[   81.270408][ T6001]  </TASK>
[   81.598109][ T6001] ERROR: Out of memory at tomoyo_realpath_from_path.
[   81.605656][ T5901] usb 2-1: config 0 has an invalid interface number: 140 but max is 0
[   81.605689][ T5901] usb 2-1: config 0 has no interface number 0
[   81.738487][ T5901] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=71.01
[   81.738519][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.738537][ T5901] usb 2-1: Product: syz
[   81.738551][ T5901] usb 2-1: Manufacturer: syz
[   81.738565][ T5901] usb 2-1: SerialNumber: syz
[   81.773476][ T5901] usb 2-1: config 0 descriptor??
[   81.972404][   T58] cfg80211: failed to load regulatory.db
[   82.176929][   T29] kauditd_printk_skb: 17 callbacks suppressed
[   82.176947][   T29] audit: type=1326 audit(1733389858.282:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6018 comm="syz.2.30" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe49117ff19 code=0x0
[   82.223670][ T5901] as10x_usb: device has been detected
[   82.226129][ T5901] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[   82.251561][ T5901] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[   82.268361][ T6005] tty tty2: ldisc open failed (-12), clearing slot 1
[   82.369213][ T5901] as10x_usb: error during firmware upload part1
[   82.381381][ T5901] Registered device Elgato EyeTV DTT Deluxe
[   82.389330][ T5901] usb 2-1: USB disconnect, device number 2
[   82.453742][ T5901] Unregistered device Elgato EyeTV DTT Deluxe
[   82.457147][ T5901] as10x_usb: device has been disconnected
[   82.520044][ T6029] netlink: 48 bytes leftover after parsing attributes in process `syz.4.33'.
[   82.538834][ T6029] syz.4.33[6029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   82.538936][ T6029] syz.4.33[6029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   82.555763][ T6029] syz.4.33[6029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   82.571565][   T29] audit: type=1326 audit(1733389858.656:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.33" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5d617ff19 code=0x0
[   82.722205][ T6032] FAULT_INJECTION: forcing a failure.
[   82.722205][ T6032] name failslab, interval 1, probability 0, space 0, times 0
[   82.735085][ T6032] CPU: 1 UID: 0 PID: 6032 Comm: syz.3.34 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   82.745715][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   82.755830][ T6032] Call Trace:
[   82.759138][ T6032]  <TASK>
[   82.762095][ T6032]  dump_stack_lvl+0x241/0x360
[   82.766802][ T6032]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.772028][ T6032]  ? __pfx__printk+0x10/0x10
[   82.776657][ T6032]  ? __pfx_lock_acquire+0x10/0x10
[   82.781709][ T6032]  ? sig_get_ucounts+0x26/0x450
[   82.786585][ T6032]  ? __pfx_lock_release+0x10/0x10
[   82.791632][ T6032]  should_fail_ex+0x3b0/0x4e0
[   82.796335][ T6032]  should_failslab+0xac/0x100
[   82.801035][ T6032]  ? __send_signal_locked+0x245/0xe90
[   82.806431][ T6032]  kmem_cache_alloc_noprof+0x70/0x380
[   82.811835][ T6032]  ? sig_get_ucounts+0x3de/0x450
[   82.816797][ T6032]  __send_signal_locked+0x245/0xe90
[   82.822038][ T6032]  force_sig_info_to_task+0x2ff/0x580
[   82.827461][ T6032]  force_sigsegv+0x19f/0x2a0
[   82.832093][ T6032]  ? __pfx_force_sigsegv+0x10/0x10
[   82.837265][ T6032]  ? __get_user_nocheck_8+0x20/0x20
[   82.842515][ T6032]  __rseq_handle_notify_resume+0x3e2/0x14e0
[   82.848450][ T6032]  ? __pfx___rseq_handle_notify_resume+0x10/0x10
[   82.854814][ T6032]  ? syscall_exit_to_user_mode+0xa3/0x340
[   82.860576][ T6032]  syscall_exit_to_user_mode+0x115/0x340
[   82.866299][ T6032]  do_syscall_64+0x100/0x230
[   82.870933][ T6032]  ? clear_bhb_loop+0x35/0x90
[   82.875645][ T6032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.881569][ T6032] RIP: 0033:0x7f9e4857ff19
[   82.886015][ T6032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.905999][ T6032] RSP: 002b:00007f9e49371058 EFLAGS: 00000246 ORIG_RAX: 000000000000014e
[   82.914434][ T6032] RAX: 0000000000000000 RBX: 00007f9e48745fa0 RCX: 00007f9e4857ff19
[   82.922426][ T6032] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000020000300
[   82.930762][ T6032] RBP: 00007f9e493710a0 R08: 0000000000000000 R09: 0000000000000000
[   82.938745][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.946728][ T6032] R13: 0000000000000000 R14: 00007f9e48745fa0 R15: 00007ffee88cd8b8
[   82.954738][ T6032]  </TASK>
[   83.491185][ T6035] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   84.121591][ T6050] usb usb8: usbfs: process 6050 (syz.4.38) did not claim interface 1 before use
[   84.389416][ T6052] serio: Serial port ttynull
[   84.445297][ T5901] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   84.605687][ T5871] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   84.904876][ T5871] usb 5-1: Using ep0 maxpacket: 16
[   84.929246][ T5871] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[   84.942073][ T5871] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[   84.954065][ T5871] usb 5-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95
[   84.963426][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.979693][ T5871] usb 5-1: Product: syz
[   84.983902][ T5871] usb 5-1: Manufacturer: syz
[   84.988518][ T5871] usb 5-1: SerialNumber: syz
[   85.012271][ T5871] usb 5-1: config 0 descriptor??
[   85.022934][ T6050] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[   85.031546][ T6050] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[   85.276978][ T6050] netlink: 16 bytes leftover after parsing attributes in process `syz.4.38'.
[   85.421121][ T6058] FAULT_INJECTION: forcing a failure.
[   85.421121][ T6058] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.449965][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.41 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   85.460518][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   85.470597][ T6058] Call Trace:
[   85.473888][ T6058]  <TASK>
[   85.476830][ T6058]  dump_stack_lvl+0x241/0x360
[   85.481530][ T6058]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.486745][ T6058]  ? __pfx__printk+0x10/0x10
[   85.491361][ T6058]  ? __pfx_lock_release+0x10/0x10
[   85.496408][ T6058]  should_fail_ex+0x3b0/0x4e0
[   85.501106][ T6058]  _copy_from_user+0x2f/0xc0
[   85.505717][ T6058]  copy_msghdr_from_user+0xae/0x680
[   85.510951][ T6058]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   85.516783][ T6058]  ? __fget_files+0x2a/0x410
[   85.521392][ T6058]  ? __fget_files+0x2a/0x410
[   85.526014][ T6058]  __sys_sendmmsg+0x32b/0x720
[   85.530717][ T6058]  ? __pfx___sys_sendmmsg+0x10/0x10
[   85.535950][ T6058]  ? __pfx_lock_release+0x10/0x10
[   85.540999][ T6058]  ? kstrtouint_from_user+0x128/0x190
[   85.546417][ T6058]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   85.552332][ T6058]  ? ksys_write+0x22a/0x2b0
[   85.556859][ T6058]  ? __pfx_lock_release+0x10/0x10
[   85.561912][ T6058]  ? vfs_write+0x730/0xd30
[   85.566356][ T6058]  ? __mutex_unlock_slowpath+0x21e/0x790
[   85.572032][ T6058]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   85.578040][ T6058]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   85.584471][ T6058]  ? do_syscall_64+0x100/0x230
[   85.589277][ T6058]  __x64_sys_sendmmsg+0xa0/0xb0
[   85.594159][ T6058]  do_syscall_64+0xf3/0x230
[   85.598685][ T6058]  ? clear_bhb_loop+0x35/0x90
[   85.603386][ T6058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.609300][ T6058] RIP: 0033:0x7f690a37ff19
[   85.613817][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.633454][ T6058] RSP: 002b:00007f690b18a058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   85.641994][ T6058] RAX: ffffffffffffffda RBX: 00007f690a545fa0 RCX: 00007f690a37ff19
[   85.649991][ T6058] RDX: 0000000000000001 RSI: 0000000020002600 RDI: 0000000000000003
[   85.657994][ T6058] RBP: 00007f690b18a0a0 R08: 0000000000000000 R09: 0000000000000000
[   85.665984][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.673976][ T6058] R13: 0000000000000000 R14: 00007f690a545fa0 R15: 00007fff13667fc8
[   85.682088][ T6058]  </TASK>
[   85.762970][ T5871] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   85.775177][ T5871] asix 5-1:0.0: probe with driver asix failed with error -71
[   85.789946][ T5871] usb 5-1: USB disconnect, device number 2
[   86.335408][ T6068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.43'.
[   86.874682][ T6067] FAULT_INJECTION: forcing a failure.
[   86.874682][ T6067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   86.962602][ T6067] CPU: 1 UID: 0 PID: 6067 Comm: syz.0.44 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   86.973175][ T6067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   86.983257][ T6067] Call Trace:
[   86.986562][ T6067]  <TASK>
[   86.989505][ T6067]  dump_stack_lvl+0x241/0x360
[   86.994210][ T6067]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.999433][ T6067]  ? __pfx__printk+0x10/0x10
[   87.004047][ T6067]  ? __pfx_lock_release+0x10/0x10
[   87.009089][ T6067]  ? __schedule+0x1803/0x4be0
[   87.013796][ T6067]  should_fail_ex+0x3b0/0x4e0
[   87.018499][ T6067]  _copy_from_user+0x2f/0xc0
[   87.023117][ T6067]  __sys_bpf+0x1a4/0x810
[   87.027387][ T6067]  ? __pfx___sys_bpf+0x10/0x10
[   87.032192][ T6067]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   87.038196][ T6067]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.044548][ T6067]  ? do_syscall_64+0x100/0x230
[   87.049344][ T6067]  __x64_sys_bpf+0x7c/0x90
[   87.053790][ T6067]  do_syscall_64+0xf3/0x230
[   87.058312][ T6067]  ? clear_bhb_loop+0x35/0x90
[   87.063035][ T6067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.068957][ T6067] RIP: 0033:0x7f690a37ff19
[   87.073397][ T6067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.093030][ T6067] RSP: 002b:00007f690b18a058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   87.101477][ T6067] RAX: ffffffffffffffda RBX: 00007f690a545fa0 RCX: 00007f690a37ff19
[   87.109474][ T6067] RDX: 0000000000000010 RSI: 0000000020000540 RDI: 000000000000000f
[   87.117471][ T6067] RBP: 00007f690b18a0a0 R08: 0000000000000000 R09: 0000000000000000
[   87.125470][ T6067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.133463][ T6067] R13: 0000000000000000 R14: 00007f690a545fa0 R15: 00007fff13667fc8
[   87.141481][ T6067]  </TASK>
[   87.188653][ T6073] net_ratelimit: 786 callbacks suppressed
[   87.188682][ T6073] netlink: zone id is out of range
[   87.199593][ T6073] netlink: zone id is out of range
[   87.204748][ T6073] netlink: zone id is out of range
[   87.209853][ T6073] netlink: zone id is out of range
[   87.214986][ T6073] netlink: zone id is out of range
[   87.220428][ T6073] netlink: zone id is out of range
[   87.225685][ T6073] netlink: zone id is out of range
[   87.230800][ T6073] netlink: zone id is out of range
[   87.235954][ T6073] netlink: zone id is out of range
[   87.241060][ T6073] netlink: zone id is out of range
[   87.322068][ T5871] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   87.524868][ T5871] usb 5-1: Using ep0 maxpacket: 8
[   87.544057][ T5871] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   87.544934][ T6079] ip6erspan0: tun_chr_ioctl cmd 1074025675
[   87.558518][ T5871] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   87.558548][ T5871] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   87.558571][ T5871] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   87.558601][ T5871] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   87.558636][ T5871] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   87.558659][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.624256][ T6079] ip6erspan0: persist disabled
[   87.759448][ T5900] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   87.895698][ T6087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.52'.
[   87.941988][ T5900] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   87.958133][ T5871] usb 5-1: usb_control_msg returned -32
[   87.963902][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   87.974190][ T5900] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   87.975663][ T5871] usbtmc 5-1:16.0: can't read capabilities
[   87.987611][ T5900] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[   87.987698][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.080852][ T5900] usb 4-1: config 0 descriptor??
[   88.147363][ T6088] tmpfs: Unknown parameter 'grpquota/#/msr'
[   88.430624][ T5900] ath6kl: Failed to submit usb control message: -71
[   88.437493][ T5900] ath6kl: unable to send the bmi data to the device: -71
[   88.454251][ T5900] ath6kl: Unable to send get target info: -71
[   88.468705][ T5900] ath6kl: Failed to init ath6kl core: -71
[   88.476506][ T5900] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[   88.504893][ T5900] usb 4-1: USB disconnect, device number 2
[   88.539338][ T6094] FAULT_INJECTION: forcing a failure.
[   88.539338][ T6094] name failslab, interval 1, probability 0, space 0, times 0
[   88.552902][ T6094] CPU: 1 UID: 0 PID: 6094 Comm: syz.2.53 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   88.563438][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.573546][ T6094] Call Trace:
[   88.576855][ T6094]  <TASK>
[   88.579780][ T6094]  dump_stack_lvl+0x241/0x360
[   88.584473][ T6094]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.589668][ T6094]  ? __pfx__printk+0x10/0x10
[   88.594249][ T6094]  ? fs_reclaim_acquire+0x93/0x130
[   88.599356][ T6094]  ? __pfx___might_resched+0x10/0x10
[   88.604648][ T6094]  should_fail_ex+0x3b0/0x4e0
[   88.609322][ T6094]  should_failslab+0xac/0x100
[   88.613990][ T6094]  __kmalloc_noprof+0xdd/0x4c0
[   88.618756][ T6094]  ? kstrtouint_from_user+0x128/0x190
[   88.624137][ T6094]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[   88.629856][ T6094]  tomoyo_realpath_from_path+0xcf/0x5e0
[   88.635401][ T6094]  tomoyo_path_number_perm+0x236/0x860
[   88.640862][ T6094]  ? __lock_acquire+0x1397/0x2100
[   88.645941][ T6094]  ? tomoyo_path_number_perm+0x206/0x860
[   88.651583][ T6094]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   88.657591][ T6094]  ? __fget_files+0x2a/0x410
[   88.663480][ T6094]  ? __fget_files+0x2a/0x410
[   88.668081][ T6094]  security_file_ioctl+0xc6/0x2a0
[   88.673132][ T6094]  __se_sys_ioctl+0x46/0x170
[   88.677742][ T6094]  do_syscall_64+0xf3/0x230
[   88.682244][ T6094]  ? clear_bhb_loop+0x35/0x90
[   88.686942][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.692849][ T6094] RIP: 0033:0x7fe49117ff19
[   88.697256][ T6094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.716872][ T6094] RSP: 002b:00007fe491ef7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.725311][ T6094] RAX: ffffffffffffffda RBX: 00007fe491345fa0 RCX: 00007fe49117ff19
[   88.733583][ T6094] RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003
[   88.741557][ T6094] RBP: 00007fe491ef70a0 R08: 0000000000000000 R09: 0000000000000000
[   88.749539][ T6094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.757523][ T6094] R13: 0000000000000000 R14: 00007fe491345fa0 R15: 00007fff05d4a688
[   88.765501][ T6094]  </TASK>
[   88.773188][ T6094] ERROR: Out of memory at tomoyo_realpath_from_path.
[   88.836605][ T6096] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20003
[   88.885778][ T6091] usbtmc 5-1:16.0: INDICATOR_PULSE returned 2f
[   88.988184][ T6072] syz.3.46 (6072) used greatest stack depth: 18736 bytes left
[   89.197340][ T5871] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   89.298795][ T5900] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   89.373717][ T5871] usb 3-1: Using ep0 maxpacket: 8
[   89.383775][ T5871] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[   89.394711][ T5871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.412009][ T5871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.422008][ T5871] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   89.435152][ T5871] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[   89.444308][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.456674][ T5871] usb 3-1: config 0 descriptor??
[   89.459249][ T5900] usb 4-1: Using ep0 maxpacket: 8
[   89.469489][ T5900] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[   89.480917][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.492776][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.502763][ T5900] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   89.516535][ T5900] usb 4-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[   89.530158][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.542200][ T5900] usb 4-1: config 0 descriptor??
[   89.916707][ T6098] netlink: 36 bytes leftover after parsing attributes in process `syz.2.55'.
[   89.935816][ T5871] redragon 0003:0C45:760B.0001: unknown main item tag 0x6
[   89.947256][ T5871] redragon 0003:0C45:760B.0001: item fetching failed at offset 7/133
[   89.959037][ T5871] redragon 0003:0C45:760B.0001: probe with driver redragon failed with error -22
[   90.003622][ T6100] netlink: 36 bytes leftover after parsing attributes in process `syz.3.56'.
[   90.021686][ T5900] redragon 0003:0C45:760B.0002: unknown main item tag 0x6
[   90.030159][ T5900] redragon 0003:0C45:760B.0002: item fetching failed at offset 7/133
[   90.038838][ T5900] redragon 0003:0C45:760B.0002: probe with driver redragon failed with error -22
[   90.159590][ T5871] usb 3-1: USB disconnect, device number 4
[   90.237764][ T5900] usb 4-1: USB disconnect, device number 3
[   90.278090][    T8] usb 5-1: USB disconnect, device number 3
[   90.351394][ T6102] sctp: [Deprecated]: syz.4.57 (pid 6102) Use of int in max_burst socket option.
[   90.351394][ T6102] Use struct sctp_assoc_value instead
[   92.661435][ T6122] FAULT_INJECTION: forcing a failure.
[   92.661435][ T6122] name failslab, interval 1, probability 0, space 0, times 0
[   92.661496][ T6122] CPU: 1 UID: 0 PID: 6122 Comm: syz.4.62 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   92.661519][ T6122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   92.661532][ T6122] Call Trace:
[   92.661540][ T6122]  <TASK>
[   92.661549][ T6122]  dump_stack_lvl+0x241/0x360
[   92.661580][ T6122]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.661604][ T6122]  ? __pfx__printk+0x10/0x10
[   92.661629][ T6122]  ? fs_reclaim_acquire+0x93/0x130
[   92.661654][ T6122]  ? __pfx___might_resched+0x10/0x10
[   92.661684][ T6122]  should_fail_ex+0x3b0/0x4e0
[   92.661708][ T6122]  should_failslab+0xac/0x100
[   92.661730][ T6122]  __kmalloc_noprof+0xdd/0x4c0
[   92.661749][ T6122]  ? __schedule+0x1803/0x4be0
[   92.661770][ T6122]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[   92.661797][ T6122]  tomoyo_realpath_from_path+0xcf/0x5e0
[   92.661832][ T6122]  tomoyo_path_number_perm+0x236/0x860
[   92.661855][ T6122]  ? __pfx___schedule+0x10/0x10
[   92.661874][ T6122]  ? tomoyo_path_number_perm+0x206/0x860
[   92.661896][ T6122]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   92.661914][ T6122]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.661950][ T6122]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.661994][ T6122]  ? security_file_ioctl+0x18/0x2a0
[   92.662022][ T6122]  security_file_ioctl+0xc6/0x2a0
[   92.662044][ T6122]  __se_sys_ioctl+0x46/0x170
[   92.662072][ T6122]  do_syscall_64+0xf3/0x230
[   92.662097][ T6122]  ? clear_bhb_loop+0x35/0x90
[   92.662132][ T6122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.662157][ T6122] RIP: 0033:0x7ff5d617ff19
[   92.662174][ T6122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.662189][ T6122] RSP: 002b:00007ff5d6f3c058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.662212][ T6122] RAX: ffffffffffffffda RBX: 00007ff5d6346080 RCX: 00007ff5d617ff19
[   92.662226][ T6122] RDX: 0000000020000100 RSI: 0000000040103d0b RDI: 0000000000000005
[   92.662239][ T6122] RBP: 00007ff5d6f3c0a0 R08: 0000000000000000 R09: 0000000000000000
[   92.662252][ T6122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.662264][ T6122] R13: 0000000000000000 R14: 00007ff5d6346080 R15: 00007ffca5000ce8
[   92.662292][ T6122]  </TASK>
[   92.662332][ T6122] ERROR: Out of memory at tomoyo_realpath_from_path.
[   94.260751][ T6126] FAULT_INJECTION: forcing a failure.
[   94.260751][ T6126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.260784][ T6126] CPU: 1 UID: 0 PID: 6126 Comm: syz.3.65 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   94.260805][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   94.260817][ T6126] Call Trace:
[   94.260825][ T6126]  <TASK>
[   94.260834][ T6126]  dump_stack_lvl+0x241/0x360
[   94.260865][ T6126]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.260888][ T6126]  ? __pfx__printk+0x10/0x10
[   94.260912][ T6126]  ? __pfx_lock_release+0x10/0x10
[   94.260940][ T6126]  should_fail_ex+0x3b0/0x4e0
[   94.260964][ T6126]  _copy_from_user+0x2f/0xc0
[   94.260991][ T6126]  copy_msghdr_from_user+0xae/0x680
[   94.261023][ T6126]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   94.261045][ T6126]  ? __fget_files+0x2a/0x410
[   94.261070][ T6126]  ? __fget_files+0x2a/0x410
[   94.261105][ T6126]  __sys_sendmmsg+0x32b/0x720
[   94.261138][ T6126]  ? __pfx___sys_sendmmsg+0x10/0x10
[   94.261170][ T6126]  ? __pfx_lock_release+0x10/0x10
[   94.261188][ T6126]  ? kstrtouint_from_user+0x128/0x190
[   94.261231][ T6126]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   94.261257][ T6126]  ? ksys_write+0x22a/0x2b0
[   94.261281][ T6126]  ? __pfx_lock_release+0x10/0x10
[   94.261307][ T6126]  ? vfs_write+0x730/0xd30
[   94.261337][ T6126]  ? __mutex_unlock_slowpath+0x21e/0x790
[   94.261385][ T6126]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   94.261408][ T6126]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.261430][ T6126]  ? do_syscall_64+0x100/0x230
[   94.261458][ T6126]  __x64_sys_sendmmsg+0xa0/0xb0
[   94.261483][ T6126]  do_syscall_64+0xf3/0x230
[   94.261506][ T6126]  ? clear_bhb_loop+0x35/0x90
[   94.261530][ T6126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.261552][ T6126] RIP: 0033:0x7f9e4857ff19
[   94.261568][ T6126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.261582][ T6126] RSP: 002b:00007f9e49371058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.261604][ T6126] RAX: ffffffffffffffda RBX: 00007f9e48745fa0 RCX: 00007f9e4857ff19
[   94.261619][ T6126] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000005
[   94.261632][ T6126] RBP: 00007f9e493710a0 R08: 0000000000000000 R09: 0000000000000000
[   94.261645][ T6126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.261657][ T6126] R13: 0000000000000000 R14: 00007f9e48745fa0 R15: 00007ffee88cd8b8
[   94.261685][ T6126]  </TASK>
[   94.299144][ T5901] IPVS: starting estimator thread 0...
[   94.315592][ T6129] overlay: Unknown parameter 'context'
[   94.479290][ T6128] IPVS: using max 24 ests per chain, 57600 per kthread
[   94.801943][ T6132] netlink: 32 bytes leftover after parsing attributes in process `syz.3.67'.
[   96.386341][ T6143] netlink: 16 bytes leftover after parsing attributes in process `syz.3.68'.
[   96.494720][  T973] IPVS: starting estimator thread 0...
[   96.503001][ T6139] net_ratelimit: 1578 callbacks suppressed
[   96.503096][ T6139] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[   96.633261][ T6149] IPVS: using max 23 ests per chain, 55200 per kthread
[   98.229563][ T6167] qnx4: no qnx4 filesystem (no root dir).
[   98.832194][ T6175] netlink: 'syz.2.79': attribute type 29 has an invalid length.
[   98.899381][ T6172] FAULT_INJECTION: forcing a failure.
[   98.899381][ T6172] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.920853][ T6172] CPU: 0 UID: 0 PID: 6172 Comm: syz.4.77 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[   98.931434][ T6172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   98.941515][ T6172] Call Trace:
[   98.944786][ T6172]  <TASK>
[   98.947728][ T6172]  dump_stack_lvl+0x241/0x360
[   98.952420][ T6172]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.957629][ T6172]  ? __pfx__printk+0x10/0x10
[   98.961201][   T52] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.962206][ T6172]  ? __pfx_lock_release+0x10/0x10
[   98.974669][ T6172]  should_fail_ex+0x3b0/0x4e0
[   98.979337][ T6172]  _copy_from_user+0x2f/0xc0
[   98.983918][ T6172]  do_sock_getsockopt+0x1d1/0x7e0
[   98.989025][ T6172]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   98.994580][ T6172]  ? __fget_files+0x2a/0x410
[   98.999190][ T6172]  ? __fget_files+0x395/0x410
[   99.003873][ T6172]  ? __fget_files+0x2a/0x410
[   99.008460][ T6172]  __x64_sys_getsockopt+0x2a1/0x370
[   99.013655][ T6172]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[   99.019366][ T6172]  ? do_syscall_64+0x100/0x230
[   99.024137][ T6172]  ? do_syscall_64+0xb6/0x230
[   99.028839][ T6172]  do_syscall_64+0xf3/0x230
[   99.033366][ T6172]  ? clear_bhb_loop+0x35/0x90
[   99.038063][ T6172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.043949][ T6172] RIP: 0033:0x7ff5d617ff19
[   99.048363][ T6172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.067984][ T6172] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   99.076405][ T6172] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[   99.084404][ T6172] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   99.092376][ T6172] RBP: 00007ff5d6f5d0a0 R08: 0000000020000240 R09: 0000000000000000
[   99.100519][ T6172] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001
[   99.108485][ T6172] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[   99.116476][ T6172]  </TASK>
[   99.220244][   T52] usb 4-1: Using ep0 maxpacket: 8
[   99.227614][   T52] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[   99.242879][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.270309][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.310448][   T52] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   99.349400][   T52] usb 4-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[   99.382846][   T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.404039][   T52] usb 4-1: config 0 descriptor??
[   99.870127][ T6170] netlink: 36 bytes leftover after parsing attributes in process `syz.3.76'.
[   99.902404][   T52] usbhid 4-1:0.0: can't add hid device: -71
[   99.914616][   T52] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[   99.962360][   T52] usb 4-1: USB disconnect, device number 4
[  101.535354][ T6195] Zero length message leads to an empty skb
[  102.305928][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  102.375532][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  102.384847][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  102.393547][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  102.401522][ T5829] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  102.408902][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  102.464200][ T5829] Bluetooth: hci2: unexpected event for opcode 0x0c47
[  103.565647][ T6196] chnl_net:caif_netlink_parms(): no params data found
[  103.752068][ T6217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.87'.
[  104.699278][ T5829] Bluetooth: hci5: command tx timeout
[  104.876959][ T6227] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  106.492215][ T6230] netlink: 104 bytes leftover after parsing attributes in process `syz.2.91'.
[  106.779459][ T6196] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.786538][ T6196] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.808141][ T6196] bridge_slave_0: entered allmulticast mode
[  106.816261][ T5827] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  106.825588][ T5827] Bluetooth: hci2: Injecting HCI hardware error event
[  106.834080][ T5827] Bluetooth: hci2: hardware error 0x00
[  106.844289][ T6196] bridge_slave_0: entered promiscuous mode
[  106.851196][ T6234] smc: net device wg0 applied user defined pnetid SYZ0
[  106.858577][ T6238] netlink: 'syz.4.92': attribute type 39 has an invalid length.
[  106.859295][ T6196] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.888582][ T6196] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.895879][ T5821] Bluetooth: hci5: command tx timeout
[  106.916027][ T6196] bridge_slave_1: entered allmulticast mode
[  106.924421][ T6196] bridge_slave_1: entered promiscuous mode
[  107.310829][ T6238] smc: removing net device wg0 with user defined pnetid SYZ0
[  107.334281][ T6235] capability: warning: `syz.4.92' uses deprecated v2 capabilities in a way that may be insecure
[  107.363844][ T6196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.397457][ T6196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.492755][ T6196] team0: Port device team_slave_0 added
[  107.508862][ T6196] team0: Port device team_slave_1 added
[  107.515703][    T8] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  107.595976][ T6196] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.642418][ T6196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.693885][    T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  107.715786][    T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  107.965888][ T6196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.243964][ T6196] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.250976][ T6196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.277892][ T6196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.316487][    T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.40
[  108.325693][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.333777][    T8] usb 3-1: Product: syz
[  108.337929][    T8] usb 3-1: Manufacturer: syz
[  108.342558][    T8] usb 3-1: SerialNumber: syz
[  108.379462][ T6240] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  108.406519][ T6240] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  108.417951][ T6196] hsr_slave_0: entered promiscuous mode
[  108.429706][ T6196] hsr_slave_1: entered promiscuous mode
[  108.439312][ T6196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.451411][ T6196] Cannot create hsr debugfs directory
[  108.780834][ T6255] FAULT_INJECTION: forcing a failure.
[  108.780834][ T6255] name failslab, interval 1, probability 0, space 0, times 0
[  108.807724][ T6255] CPU: 0 UID: 0 PID: 6255 Comm: syz.4.97 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  108.818295][ T6255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  108.828385][ T6255] Call Trace:
[  108.831699][ T6255]  <TASK>
[  108.834633][ T6255]  dump_stack_lvl+0x241/0x360
[  108.839315][ T6255]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.844562][ T6255]  ? __pfx__printk+0x10/0x10
[  108.849154][ T6255]  ? fs_reclaim_acquire+0x93/0x130
[  108.854265][ T6255]  ? __pfx___might_resched+0x10/0x10
[  108.859551][ T6255]  should_fail_ex+0x3b0/0x4e0
[  108.864233][ T6255]  should_failslab+0xac/0x100
[  108.868914][ T6255]  __kmalloc_noprof+0xdd/0x4c0
[  108.873682][ T6255]  ? kstrtouint_from_user+0x128/0x190
[  108.879065][ T6255]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  108.884883][ T6255]  tomoyo_realpath_from_path+0xcf/0x5e0
[  108.890438][ T6255]  tomoyo_path_number_perm+0x236/0x860
[  108.895908][ T6255]  ? __lock_acquire+0x1397/0x2100
[  108.900939][ T6255]  ? tomoyo_path_number_perm+0x206/0x860
[  108.906751][ T6255]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  108.912869][ T6255]  ? __fget_files+0x2a/0x410
[  108.917479][ T6255]  ? __fget_files+0x2a/0x410
[  108.922340][ T6255]  security_file_ioctl+0xc6/0x2a0
[  108.927373][ T6255]  __se_sys_ioctl+0x46/0x170
[  108.931992][ T6255]  do_syscall_64+0xf3/0x230
[  108.936512][ T6255]  ? clear_bhb_loop+0x35/0x90
[  108.941201][ T6255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.947115][ T6255] RIP: 0033:0x7ff5d617ff19
[  108.951573][ T6255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.971218][ T6255] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  108.979638][ T6255] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[  108.987610][ T6255] RDX: 0000000020000000 RSI: 000000000000890b RDI: 0000000000000003
[  108.995664][ T6255] RBP: 00007ff5d6f5d0a0 R08: 0000000000000000 R09: 0000000000000000
[  109.003636][ T6255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.011618][ T6255] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[  109.019631][ T6255]  </TASK>
[  109.261876][ T6196] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  109.270062][ T6255] ERROR: Out of memory at tomoyo_realpath_from_path.
[  109.281205][ T5827] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  109.285834][ T5821] Bluetooth: hci5: command tx timeout
[  109.310041][    T8] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input5
[  109.346163][ T5179] bcm5974 3-1:1.0: could not read from device
[  109.443004][ T6196] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  109.511921][    T8] usb 3-1: USB disconnect, device number 5
[  109.623302][ T6196] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  110.107030][ T6196] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  110.250556][ T6272] trusted_key: syz.3.100 sent an empty control message without MSG_MORE.
[  110.788602][ T6196] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.804470][ T6196] 8021q: adding VLAN 0 to HW filter on device team0
[  110.836690][ T6196] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  110.847231][ T6196] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  110.956929][ T3747] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.964152][ T3747] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.150156][ T3747] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.157341][ T3747] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.005639][ T5827] Bluetooth: hci5: command tx timeout
[  112.887640][ T5827] Bluetooth: hci3: command 0x0406 tx timeout
[  114.549428][ T6196] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.595296][ T6301] FAULT_INJECTION: forcing a failure.
[  114.595296][ T6301] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.628535][ T6301] CPU: 1 UID: 0 PID: 6301 Comm: syz.4.107 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  114.639168][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  114.649331][ T6301] Call Trace:
[  114.652626][ T6301]  <TASK>
[  114.655569][ T6301]  dump_stack_lvl+0x241/0x360
[  114.655967][ T6305] netlink: 56 bytes leftover after parsing attributes in process `syz.2.108'.
[  114.660265][ T6301]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.660296][ T6301]  ? __pfx__printk+0x10/0x10
[  114.660319][ T6301]  ? __pfx_lock_release+0x10/0x10
[  114.684005][ T6301]  should_fail_ex+0x3b0/0x4e0
[  114.688722][ T6301]  _copy_from_user+0x2f/0xc0
[  114.693353][ T6301]  copy_msghdr_from_user+0xae/0x680
[  114.698608][ T6301]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  114.704455][ T6301]  ? __fget_files+0x2a/0x410
[  114.709095][ T6301]  ? __fget_files+0x2a/0x410
[  114.713814][ T6301]  __sys_sendmmsg+0x32b/0x720
[  114.718540][ T6301]  ? __pfx___sys_sendmmsg+0x10/0x10
[  114.723793][ T6301]  ? __pfx_lock_release+0x10/0x10
[  114.728846][ T6301]  ? kstrtouint_from_user+0x128/0x190
[  114.734276][ T6301]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  114.740291][ T6301]  ? ksys_write+0x22a/0x2b0
[  114.744833][ T6301]  ? __pfx_lock_release+0x10/0x10
[  114.749865][ T6301]  ? vfs_write+0x730/0xd30
[  114.754290][ T6301]  ? __mutex_unlock_slowpath+0x21e/0x790
[  114.759954][ T6301]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  114.765936][ T6301]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.772263][ T6301]  ? do_syscall_64+0x100/0x230
[  114.777031][ T6301]  __x64_sys_sendmmsg+0xa0/0xb0
[  114.781882][ T6301]  do_syscall_64+0xf3/0x230
[  114.786388][ T6301]  ? clear_bhb_loop+0x35/0x90
[  114.791068][ T6301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.796964][ T6301] RIP: 0033:0x7ff5d617ff19
[  114.801387][ T6301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.821055][ T6301] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  114.829480][ T6301] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[  114.837458][ T6301] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  114.845431][ T6301] RBP: 00007ff5d6f5d0a0 R08: 0000000000000000 R09: 0000000000000000
[  114.853400][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.861385][ T6301] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[  114.869376][ T6301]  </TASK>
[  115.705213][ T6314] netlink: 48 bytes leftover after parsing attributes in process `syz.0.110'.
[  115.717398][ T6314] syz.0.110[6314] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  115.717495][ T6314] syz.0.110[6314] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  115.728942][ T6314] syz.0.110[6314] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  115.790651][   T29] audit: type=1326 audit(1733389889.702:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6313 comm="syz.0.110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f690a37ff19 code=0x0
[  115.962666][ T5869] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  116.308388][ T6320] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  116.371840][ T6196] veth0_vlan: entered promiscuous mode
[  116.387989][ T6196] veth1_vlan: entered promiscuous mode
[  116.443795][ T5869] usb 3-1: config 246 has an invalid interface number: 166 but max is 0
[  116.453037][ T5869] usb 3-1: config 246 has no interface number 0
[  116.464250][ T6196] veth0_macvtap: entered promiscuous mode
[  116.473233][ T5869] usb 3-1: config 246 interface 166 altsetting 118 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  116.495974][ T6196] veth1_macvtap: entered promiscuous mode
[  116.508902][ T5869] usb 3-1: config 246 interface 166 altsetting 118 endpoint 0x8A has invalid wMaxPacketSize 0
[  116.628439][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  116.638969][ T5869] usb 3-1: config 246 interface 166 has no altsetting 0
[  116.656149][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.666835][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  116.677765][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.688105][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  116.698585][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.709467][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  116.719958][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.730016][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  116.740547][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.753771][ T6196] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.776467][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.795037][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.805096][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.825764][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.836137][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.859256][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.869129][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.929515][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.944306][ T5869] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63
[  116.969482][ T6196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.979988][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.999767][ T5869] usb 3-1: Product: syz
[  117.003941][ T5869] usb 3-1: Manufacturer: syz
[  117.008523][ T5869] usb 3-1: SerialNumber: syz
[  117.022854][ T6196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.045105][ T6196] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.078926][ T6196] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.104525][ T6196] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.133316][ T6196] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.318892][ T6196] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.635251][ T6280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.696835][ T6280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.716645][ T5869] usb 3-1: Limiting number of CPorts to U8_MAX
[  117.724668][ T5869] usb 3-1: Unknown endpoint type found, address 0x0b
[  118.505522][ T5869] usb 3-1: Not enough endpoints found in device, aborting!
[  118.652885][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.660864][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.768004][ T6341] netlink: zone id is out of range
[  118.773593][ T6341] netlink: zone id is out of range
[  118.778963][ T6341] netlink: zone id is out of range
[  118.784951][ T6341] netlink: zone id is out of range
[  118.791629][ T6341] netlink: zone id is out of range
[  118.809141][ T6341] netlink: zone id is out of range
[  118.866167][ T6341] netlink: zone id is out of range
[  118.911760][ T6341] netlink: zone id is out of range
[  118.917156][ T6341] netlink: zone id is out of range
[  118.957762][ T6312] warning: `syz.2.111' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  119.020164][ T6341] tmpfs: Unknown parameter 'grpquota/#/msr'
[  119.310327][   T52] usb 3-1: USB disconnect, device number 6
[  120.203971][ T6351] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  122.913512][ T6364] delete_channel: no stack
[  125.312216][ T6379] netlink: 48 bytes leftover after parsing attributes in process `syz.2.125'.
[  125.371376][ T6379] syz.2.125[6379] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.371469][ T6379] syz.2.125[6379] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  126.995508][ T6379] syz.2.125[6379] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.016084][   T29] audit: type=1326 audit(1733389900.216:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6378 comm="syz.2.125" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe49117ff19 code=0x0
[  127.331963][ T6379] net_ratelimit: 785 callbacks suppressed
[  127.332017][ T6379] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  130.799061][ T6419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.135'.
[  134.074694][ T6438] 9pnet_virtio: no channels available for device 
[  135.846312][ T6449] tipc: Started in network mode
[  135.851669][ T6449] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[  135.865412][ T6449] tipc: Enabled bearer <udp:syz0>, priority 10
[  136.232738][ T6453] CUSE: unknown device info ""
[  136.237648][ T6453] CUSE: unknown device info "appraise_type"
[  136.243751][ T6453] CUSE: DEVNAME unspecified
[  136.981590][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  137.008151][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  137.067214][ T5901] tipc: Node number set to 4269801491
[  137.182539][   T52] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  137.397321][   T52] usb 5-1: Using ep0 maxpacket: 16
[  137.419339][   T52] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.438036][   T52] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  137.611725][   T52] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  137.627533][   T52] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  137.639828][   T52] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  137.664131][   T52] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  137.673239][   T52] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  137.702956][   T52] usb 5-1: Manufacturer: syz
[  138.227325][   T52] usb 5-1: config 0 descriptor??
[  138.703869][   T52] rc_core: IR keymap rc-hauppauge not found
[  138.709867][   T52] Registered IR keymap rc-empty
[  138.775231][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  138.818592][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  138.861730][   T52] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  138.904615][   T52] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input6
[  138.991339][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  139.060575][ T6481] netlink: 8 bytes leftover after parsing attributes in process `syz.5.152'.
[  139.976325][ T6483] FAULT_INJECTION: forcing a failure.
[  139.976325][ T6483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.990482][ T6483] CPU: 0 UID: 0 PID: 6483 Comm: syz.3.153 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  140.001116][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  140.002847][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  140.011180][ T6483] Call Trace:
[  140.011210][ T6483]  <TASK>
[  140.011220][ T6483]  dump_stack_lvl+0x241/0x360
[  140.011267][ T6483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.034701][ T6483]  ? __pfx__printk+0x10/0x10
[  140.039345][ T6483]  should_fail_ex+0x3b0/0x4e0
[  140.044045][ T6483]  strncpy_from_user+0x36/0x270
[  140.048933][ T6483]  strncpy_from_user_nofault+0x71/0x140
[  140.054557][ T6483]  bpf_bprintf_prepare+0xc95/0x1530
[  140.055497][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  140.059779][ T6483]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  140.059815][ T6483]  ? bpf_trace_printk+0x115/0x230
[  140.059839][ T6483]  bpf_trace_printk+0x12f/0x230
[  140.059859][ T6483]  ? bpf_trace_run2+0x22d/0x540
[  140.087312][ T6483]  ? __pfx_bpf_trace_printk+0x10/0x10
[  140.092702][ T6483]  ? bpf_trace_run2+0x22d/0x540
[  140.097602][ T6483]  ? __lock_acquire+0x1397/0x2100
[  140.102646][ T6483]  ? bpf_trace_run2+0x1fc/0x540
[  140.107528][ T6483]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x40
[  140.113194][ T6483]  bpf_trace_run2+0x2ec/0x540
[  140.118330][ T6483]  ? __pfx_bpf_trace_run2+0x10/0x10
[  140.123534][ T6483]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  140.129265][ T6483]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  140.134983][ T6483]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  140.140713][ T6483]  kfree+0x382/0x430
[  140.144614][ T6483]  ? kstrtouint_from_user+0x128/0x190
[  140.150009][ T6483]  tomoyo_realpath_from_path+0xc2/0x5e0
[  140.155573][ T6483]  tomoyo_path_number_perm+0x236/0x860
[  140.161038][ T6483]  ? __lock_acquire+0x1397/0x2100
[  140.166072][ T6483]  ? tomoyo_path_number_perm+0x206/0x860
[  140.171717][ T6483]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  140.177738][ T6483]  ? __fget_files+0x2a/0x410
[  140.182339][ T6483]  ? __fget_files+0x2a/0x410
[  140.186935][ T6483]  security_file_ioctl+0xc6/0x2a0
[  140.191969][ T6483]  __se_sys_ioctl+0x46/0x170
[  140.196565][ T6483]  do_syscall_64+0xf3/0x230
[  140.201072][ T6483]  ? clear_bhb_loop+0x35/0x90
[  140.205769][ T6483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.211692][ T6483] RIP: 0033:0x7f9e4857ff19
[  140.216109][ T6483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.235818][ T6483] RSP: 002b:00007f9e49350058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  140.244340][ T6483] RAX: ffffffffffffffda RBX: 00007f9e48746080 RCX: 00007f9e4857ff19
[  140.252400][ T6483] RDX: 0000000020000140 RSI: 000000000000560e RDI: 000000000000000a
[  140.260370][ T6483] RBP: 00007f9e493500a0 R08: 0000000000000000 R09: 0000000000000000
[  140.268346][ T6483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.276318][ T6483] R13: 0000000000000000 R14: 00007f9e48746080 R15: 00007ffee88cd8b8
[  140.284305][ T6483]  </TASK>
[  140.289615][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  140.314544][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  141.900214][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  141.939445][ T6488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.151'.
[  141.986897][ T6492] FAULT_INJECTION: forcing a failure.
[  141.986897][ T6492] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  142.014343][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  142.060524][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  142.075371][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz.5.156 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  142.086035][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  142.096107][ T6492] Call Trace:
[  142.099385][ T6492]  <TASK>
[  142.102313][ T6492]  dump_stack_lvl+0x241/0x360
[  142.106991][ T6492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.112284][ T6492]  ? __pfx__printk+0x10/0x10
[  142.116900][ T6492]  ? snprintf+0xda/0x120
[  142.121166][ T6492]  should_fail_ex+0x3b0/0x4e0
[  142.125874][ T6492]  _copy_to_user+0x31/0xb0
[  142.130325][ T6492]  simple_read_from_buffer+0xca/0x150
[  142.135709][ T6492]  proc_fail_nth_read+0x1e9/0x250
[  142.140737][ T6492]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.146722][ T6492]  ? rw_verify_area+0x55e/0x6f0
[  142.151593][ T6492]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.157489][ T6492]  vfs_read+0x1fc/0xb70
[  142.161657][ T6492]  ? __pfx___mutex_lock+0x10/0x10
[  142.166702][ T6492]  ? __pfx_vfs_read+0x10/0x10
[  142.171395][ T6492]  ? __fget_files+0x2a/0x410
[  142.175996][ T6492]  ? __fget_files+0x395/0x410
[  142.180669][ T6492]  ? __fget_files+0x2a/0x410
[  142.185257][ T6492]  ksys_read+0x18f/0x2b0
[  142.189526][ T6492]  ? __pfx_ksys_read+0x10/0x10
[  142.194359][ T6492]  ? do_syscall_64+0x100/0x230
[  142.199141][ T6492]  ? do_syscall_64+0xb6/0x230
[  142.203838][ T6492]  do_syscall_64+0xf3/0x230
[  142.208516][ T6492]  ? clear_bhb_loop+0x35/0x90
[  142.213211][ T6492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.219144][ T6492] RIP: 0033:0x7f18a277e92c
[  142.223577][ T6492] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  142.243279][ T6492] RSP: 002b:00007f18a05f6050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  142.251715][ T6492] RAX: ffffffffffffffda RBX: 00007f18a2945fa0 RCX: 00007f18a277e92c
[  142.259697][ T6492] RDX: 000000000000000f RSI: 00007f18a05f60b0 RDI: 0000000000000003
[  142.267684][ T6492] RBP: 00007f18a05f60a0 R08: 0000000000000000 R09: 0000000000000000
[  142.275670][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.283639][ T6492] R13: 0000000000000001 R14: 00007f18a2945fa0 R15: 00007ffcc3f15a38
[  142.291612][ T6492]  </TASK>
[  142.295892][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  142.307076][ T5870] gspca_vicam: Failed to load "vicam/firmware.fw": -110
[  142.314237][ T5870] vicam 1-1:252.167: probe with driver vicam failed with error -110
[  142.328453][   T52] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  142.357621][ T5870] usb 1-1: USB disconnect, device number 2
[  142.394181][ T6494] 9pnet_virtio: no channels available for device 
[  142.890244][   T52] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  143.020247][   T52] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  143.077337][   T52] usb 5-1: USB disconnect, device number 4
[  143.326303][ T6506] FAULT_INJECTION: forcing a failure.
[  143.326303][ T6506] name failslab, interval 1, probability 0, space 0, times 0
[  143.339360][ T6506] CPU: 1 UID: 0 PID: 6506 Comm: syz.5.159 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  143.350079][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  143.360162][ T6506] Call Trace:
[  143.363463][ T6506]  <TASK>
[  143.366409][ T6506]  dump_stack_lvl+0x241/0x360
[  143.371126][ T6506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.376384][ T6506]  ? __pfx__printk+0x10/0x10
[  143.381006][ T6506]  ? fs_reclaim_acquire+0x93/0x130
[  143.386147][ T6506]  ? __pfx___might_resched+0x10/0x10
[  143.391463][ T6506]  should_fail_ex+0x3b0/0x4e0
[  143.396177][ T6506]  should_failslab+0xac/0x100
[  143.400872][ T6506]  __kmalloc_noprof+0xdd/0x4c0
[  143.405647][ T6506]  ? kstrtouint_from_user+0x128/0x190
[  143.411031][ T6506]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  143.416771][ T6506]  tomoyo_realpath_from_path+0xcf/0x5e0
[  143.422342][ T6506]  tomoyo_path_number_perm+0x236/0x860
[  143.427814][ T6506]  ? __lock_acquire+0x1397/0x2100
[  143.432862][ T6506]  ? tomoyo_path_number_perm+0x206/0x860
[  143.438515][ T6506]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  143.444568][ T6506]  ? __fget_files+0x2a/0x410
[  143.449193][ T6506]  ? __fget_files+0x2a/0x410
[  143.453800][ T6506]  security_file_ioctl+0xc6/0x2a0
[  143.458842][ T6506]  __se_sys_ioctl+0x46/0x170
[  143.463566][ T6506]  do_syscall_64+0xf3/0x230
[  143.468088][ T6506]  ? clear_bhb_loop+0x35/0x90
[  143.472786][ T6506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.478784][ T6506] RIP: 0033:0x7f18a277ff19
[  143.483210][ T6506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.502837][ T6506] RSP: 002b:00007f18a05f6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  143.511289][ T6506] RAX: ffffffffffffffda RBX: 00007f18a2945fa0 RCX: 00007f18a277ff19
[  143.519295][ T6506] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000003
[  143.527287][ T6506] RBP: 00007f18a05f60a0 R08: 0000000000000000 R09: 0000000000000000
[  143.535269][ T6506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.543259][ T6506] R13: 0000000000000000 R14: 00007f18a2945fa0 R15: 00007ffcc3f15a38
[  143.551269][ T6506]  </TASK>
[  143.610004][ T6506] ERROR: Out of memory at tomoyo_realpath_from_path.
[  144.379362][ T5940] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  144.547864][ T5940] usb 6-1: Using ep0 maxpacket: 8
[  144.554385][ T5940] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  144.607105][ T5940] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  144.628082][ T5940] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  144.821088][ T5940] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  144.890648][ T5940] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  144.985144][ T5940] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  145.051289][ T5940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.928457][ T5940] usb 6-1: usb_control_msg returned -32
[  146.934789][ T5940] usbtmc 6-1:16.0: can't read capabilities
[  147.559616][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.918294][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.948382][ T6543] usbtmc 6-1:16.0: INDICATOR_PULSE returned 2f
[  148.224380][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.483027][ T6549] netlink: 48 bytes leftover after parsing attributes in process `syz.3.171'.
[  148.487834][ T6546] 9pnet_virtio: no channels available for device 
[  149.033971][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.108373][ T6551] syz.3.171[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.108484][ T6551] syz.3.171[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.186558][ T6551] syz.3.171[6551] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.218975][   T29] audit: type=1326 audit(1733389920.991:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6547 comm="syz.3.171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e4857ff19 code=0x0
[  149.315960][ T5821] Bluetooth: hci1: command 0x0406 tx timeout
[  149.420111][ T6551] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  149.488670][   T36] bridge_slave_1: left allmulticast mode
[  149.502742][   T36] bridge_slave_1: left promiscuous mode
[  149.717416][ T5940] usb 6-1: USB disconnect, device number 2
[  150.061130][ T6560] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  150.070379][ T6560] overlayfs: missing 'lowerdir'
[  150.469505][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.620939][   T36] bridge_slave_0: left allmulticast mode
[  150.812589][   T36] bridge_slave_0: left promiscuous mode
[  150.818372][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.122571][ T5940] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  151.507895][ T6573] QAT: failed to copy from user cfg_data.
[  151.691004][ T5940] usb 3-1: config 0 has an invalid interface number: 175 but max is 0
[  151.747281][ T5940] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.774241][ T5940] usb 3-1: config 0 has no interface number 0
[  151.782377][ T5940] usb 3-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  151.800575][ T5940] usb 3-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  151.814651][ T5940] usb 3-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  151.825235][ T5940] usb 3-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  151.858326][ T5940] usb 3-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  151.868004][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.887440][ T5940] usb 3-1: Product: syz
[  151.906315][ T5940] usb 3-1: Manufacturer: syz
[  151.925100][ T5940] usb 3-1: SerialNumber: syz
[  152.000520][ T5940] usb 3-1: config 0 descriptor??
[  152.076905][ T5940] symbolserial 3-1:0.175: symbol converter detected
[  153.039997][ T5940] usb 3-1: symbol converter now attached to ttyUSB0
[  153.379170][ T5869] usb 3-1: USB disconnect, device number 7
[  153.405671][ T5869] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  153.444057][ T5869] symbolserial 3-1:0.175: device disconnected
[  154.014340][ T6583] netlink: zone id is out of range
[  154.119110][ T6583] netlink: zone id is out of range
[  154.142629][ T6583] netlink: zone id is out of range
[  154.186876][ T6583] netlink: zone id is out of range
[  154.222788][ T6583] netlink: zone id is out of range
[  154.255056][ T6583] netlink: zone id is out of range
[  154.260201][ T6583] netlink: zone id is out of range
[  154.265307][ T6583] netlink: zone id is out of range
[  154.344145][ T6583] netlink: zone id is out of range
[  154.345178][ T6582] tmpfs: Unknown parameter 'grpquota/#/msr'
[  154.458922][ T6593] QAT: failed to copy from user cfg_data.
[  154.622656][ T5871] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  154.681435][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.708432][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.730128][   T36] bond0 (unregistering): Released all slaves
[  154.797471][ T6280] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.841328][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.843404][ T6280] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.941973][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  154.954041][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  154.966981][ T5871] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  154.976162][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.995895][ T5871] usb 1-1: config 0 descriptor??
[  155.055512][ T6598] net_ratelimit: 785 callbacks suppressed
[  155.055535][ T6598] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  155.220242][ T5871] ath6kl: Failed to submit usb control message: -71
[  155.226906][ T5871] ath6kl: unable to send the bmi data to the device: -71
[  155.237323][ T5871] ath6kl: Unable to send get target info: -71
[  155.265677][ T5871] ath6kl: Failed to init ath6kl core: -71
[  155.292381][ T5871] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  155.365501][ T5871] usb 1-1: USB disconnect, device number 3
[  155.377463][ T5940] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  155.548702][ T5940] usb 6-1: Using ep0 maxpacket: 8
[  155.598313][ T5940] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  155.612778][ T5940] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  155.665217][ T5940] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  155.706362][ T5940] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  155.769651][ T5940] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.040176][ T5940] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  156.049268][ T5940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.496104][ T6629] netlink: 28 bytes leftover after parsing attributes in process `syz.3.188'.
[  157.833358][    C1] hrtimer: interrupt took 20537 ns
[  158.314815][ T5940] usb 6-1: usb_control_msg returned -32
[  158.324150][ T5940] usbtmc 6-1:16.0: can't read capabilities
[  158.451414][ T6640] FAULT_INJECTION: forcing a failure.
[  158.451414][ T6640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.552664][ T6640] CPU: 0 UID: 0 PID: 6640 Comm: syz.3.191 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  158.563318][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  158.573417][ T6640] Call Trace:
[  158.576721][ T6640]  <TASK>
[  158.579668][ T6640]  dump_stack_lvl+0x241/0x360
[  158.584381][ T6640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.589608][ T6640]  ? __pfx__printk+0x10/0x10
[  158.594230][ T6640]  ? __pfx_lock_release+0x10/0x10
[  158.599288][ T6640]  should_fail_ex+0x3b0/0x4e0
[  158.603982][ T6640]  _copy_from_user+0x2f/0xc0
[  158.608592][ T6640]  __sys_bpf+0x1a4/0x810
[  158.612850][ T6640]  ? __pfx___sys_bpf+0x10/0x10
[  158.617643][ T6640]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  158.623647][ T6640]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  158.629998][ T6640]  ? do_syscall_64+0x100/0x230
[  158.634802][ T6640]  __x64_sys_bpf+0x7c/0x90
[  158.639253][ T6640]  do_syscall_64+0xf3/0x230
[  158.643795][ T6640]  ? clear_bhb_loop+0x35/0x90
[  158.648520][ T6640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.654459][ T6640] RIP: 0033:0x7f9e4857ff19
[  158.658926][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.678662][ T6640] RSP: 002b:00007f9e49371058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  158.687112][ T6640] RAX: ffffffffffffffda RBX: 00007f9e48745fa0 RCX: 00007f9e4857ff19
[  158.695140][ T6640] RDX: 0000000000000040 RSI: 00000000200002c0 RDI: 0000000000000010
[  158.703154][ T6640] RBP: 00007f9e493710a0 R08: 0000000000000000 R09: 0000000000000000
[  158.711161][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.719261][ T6640] R13: 0000000000000000 R14: 00007f9e48745fa0 R15: 00007ffee88cd8b8
[  158.727287][ T6640]  </TASK>
[  158.933685][   T36] hsr_slave_0: left promiscuous mode
[  158.971673][   T36] hsr_slave_1: left promiscuous mode
[  159.044907][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.052473][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.126829][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.169964][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.240684][ T6653] usbtmc 6-1:16.0: INDICATOR_PULSE returned 2f
[  159.262711][ T6657] netlink: 48 bytes leftover after parsing attributes in process `syz.2.195'.
[  159.590655][ T6659] syz.2.195[6659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.591146][ T6659] syz.2.195[6659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.685922][ T6661] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  159.706834][ T6661] overlayfs: missing 'lowerdir'
[  159.954296][ T6659] syz.2.195[6659] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.956106][   T29] audit: type=1326 audit(1733389931.047:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.2.195" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe49117ff19 code=0x0
[  159.991691][ T6664] QAT: failed to copy from user cfg_data.
[  160.009246][   T36] veth1_macvtap: left promiscuous mode
[  160.015203][   T36] veth0_macvtap: left promiscuous mode
[  160.021766][   T36] veth1_vlan: left promiscuous mode
[  160.027376][   T36] veth0_vlan: left promiscuous mode
[  160.322024][ T6669] netlink: 24 bytes leftover after parsing attributes in process `syz.3.196'.
[  160.839829][ T5940] usb 6-1: USB disconnect, device number 3
[  161.235953][ T5940] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  161.350060][   T36] team0 (unregistering): Port device team_slave_1 removed
[  161.422288][   T36] team0 (unregistering): Port device team_slave_0 removed
[  161.439946][ T5940] usb 6-1: Using ep0 maxpacket: 8
[  161.466887][ T5940] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  161.492593][ T5940] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.504202][ T5940] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.515043][ T5940] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  161.537734][ T5940] usb 6-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  161.553584][ T5940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.606307][ T5940] usb 6-1: config 0 descriptor??
[  162.960312][ T6682] netlink: 36 bytes leftover after parsing attributes in process `syz.5.197'.
[  163.116439][ T5940] redragon 0003:0C45:760B.0003: unknown main item tag 0x6
[  163.124213][ T5940] redragon 0003:0C45:760B.0003: item fetching failed at offset 7/133
[  163.133209][ T5940] redragon 0003:0C45:760B.0003: probe with driver redragon failed with error -22
[  165.059602][ T5940] usb 6-1: USB disconnect, device number 4
[  165.453219][ T6698] netlink: 28 bytes leftover after parsing attributes in process `syz.4.201'.
[  168.081546][ T6707] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  170.324917][ T5940] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  170.412942][ T6736] QAT: failed to copy from user cfg_data.
[  171.457085][ T5940] usb 6-1: Using ep0 maxpacket: 16
[  171.489960][ T5940] usb 6-1: config 5 has an invalid interface number: 168 but max is 0
[  171.498466][ T5940] usb 6-1: config 5 has no interface number 0
[  171.515961][ T5940] usb 6-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  171.562977][ T5940] usb 6-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  171.635458][ T5940] usb 6-1: config 5 interface 168 has no altsetting 0
[  171.777778][ T6396] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.851753][ T5869] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  171.910587][ T5940] usb 6-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  171.919977][ T5940] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.928337][ T5940] usb 6-1: Product: syz
[  171.932690][ T5940] usb 6-1: Manufacturer: syz
[  172.760977][ T5940] usb 6-1: SerialNumber: syz
[  172.886153][ T6754] FAULT_INJECTION: forcing a failure.
[  172.886153][ T6754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  172.899594][ T6754] CPU: 1 UID: 0 PID: 6754 Comm: syz.4.216 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  172.910309][ T6754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  172.920657][ T6754] Call Trace:
[  172.924055][ T6754]  <TASK>
[  172.927030][ T6754]  dump_stack_lvl+0x241/0x360
[  172.931760][ T6754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.937179][ T6754]  ? __pfx__printk+0x10/0x10
[  172.941809][ T6754]  ? __pfx_lock_release+0x10/0x10
[  172.946876][ T6754]  should_fail_ex+0x3b0/0x4e0
[  172.951602][ T6754]  _copy_from_user+0x2f/0xc0
[  172.956230][ T6754]  copy_msghdr_from_user+0xae/0x680
[  172.961639][ T6754]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  172.967607][ T6754]  ? __fget_files+0x2a/0x410
[  172.968899][ T5869] usb 1-1: Using ep0 maxpacket: 8
[  172.972556][ T6754]  ? __fget_files+0x2a/0x410
[  172.972592][ T6754]  __sys_sendmsg+0x209/0x350
[  172.972613][ T6754]  ? __pfx_lock_release+0x10/0x10
[  172.972636][ T6754]  ? __pfx___sys_sendmsg+0x10/0x10
[  172.997235][ T6754]  ? __pfx_vfs_write+0x10/0x10
[  173.002088][ T6754]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  173.008462][ T6754]  ? do_syscall_64+0x100/0x230
[  173.013258][ T6754]  ? do_syscall_64+0xb6/0x230
[  173.017967][ T6754]  do_syscall_64+0xf3/0x230
[  173.022517][ T6754]  ? clear_bhb_loop+0x35/0x90
[  173.027322][ T6754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.033338][ T6754] RIP: 0033:0x7ff5d617ff19
[  173.037793][ T6754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.046474][ T5869] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  173.057668][ T6754] RSP: 002b:00007ff5d6f5d058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.057701][ T6754] RAX: ffffffffffffffda RBX: 00007ff5d6345fa0 RCX: 00007ff5d617ff19
[  173.057715][ T6754] RDX: 0000000000004000 RSI: 0000000020000040 RDI: 0000000000000003
[  173.057726][ T6754] RBP: 00007ff5d6f5d0a0 R08: 0000000000000000 R09: 0000000000000000
[  173.057737][ T6754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.057747][ T6754] R13: 0000000000000000 R14: 00007ff5d6345fa0 R15: 00007ffca5000ce8
[  173.057773][ T6754]  </TASK>
[  173.066477][ T5940] usb 6-1: can't set config #5, error -71
[  173.258527][ T5940] usb 6-1: USB disconnect, device number 5
[  173.430042][ T5869] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  173.440068][ T5869] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  173.450973][ T5869] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  173.461006][ T5869] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.474282][ T5869] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  173.484353][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.689126][ T5869] usb 1-1: can't set config #16, error -71
[  174.213997][ T5869] usb 1-1: USB disconnect, device number 4
[  174.267722][ T5940] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  174.440852][ T5940] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  174.495489][ T5940] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  174.527451][ T5940] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  174.541211][ T5940] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.562308][ T6759] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  174.582935][ T5940] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  174.804445][ T6759] openvswitch: netlink: IPv4 tunnel dst address is zero
[  174.850907][ T5940] usb 6-1: USB disconnect, device number 6
[  175.193873][ T6792] QAT: failed to copy from user cfg_data.
[  176.369234][   T58] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  176.565473][   T58] usb 3-1: Using ep0 maxpacket: 16
[  176.596848][   T58] usb 3-1: config 5 has an invalid interface number: 168 but max is 0
[  176.608972][   T58] usb 3-1: config 5 has no interface number 0
[  176.615133][   T58] usb 3-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  176.619807][ T6814] xt_policy: neither incoming nor outgoing policy selected
[  176.683237][   T58] usb 3-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  176.768501][   T58] usb 3-1: config 5 interface 168 has no altsetting 0
[  176.777945][   T58] usb 3-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  176.790241][   T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.805044][   T58] usb 3-1: Product: syz
[  176.820029][   T58] usb 3-1: Manufacturer: syz
[  176.833481][   T58] usb 3-1: SerialNumber: syz
[  176.861958][ T6799] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  176.940667][ T5940] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  176.948368][ T5870] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  177.015345][   T52] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  177.108081][ T6799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.122232][ T5870] usb 4-1: Using ep0 maxpacket: 32
[  177.129260][ T5940] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.147487][ T6799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.153844][ T5870] usb 4-1: New USB device found, idVendor=2013, idProduct=0248, bcdDevice=75.43
[  177.176785][ T5940] usb 6-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  177.207971][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.216436][ T5870] usb 4-1: Product: syz
[  177.221206][ T5940] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.231387][ T5940] usb 6-1: Product: syz
[  177.239683][ T5940] usb 6-1: Manufacturer: syz
[  177.244485][ T5940] usb 6-1: SerialNumber: syz
[  177.249224][ T5870] usb 4-1: Manufacturer: syz
[  177.254090][   T52] usb 5-1: Using ep0 maxpacket: 8
[  177.264750][ T5940] usb 6-1: config 0 descriptor??
[  177.273495][   T52] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  177.285752][ T5940] usb 6-1: ucan: probing device on interface #0
[  177.292825][ T5870] usb 4-1: SerialNumber: syz
[  177.300298][   T52] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  177.314726][   T58] pn533_usb 3-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint
[  177.323093][ T5940] usb 6-1: ucan: invalid EP count (0)
[  177.323120][ T5940] usb 6-1: ucan: probe failed; try to update the device firmware
[  177.337916][   T52] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  177.349354][ T5870] usb 4-1: config 0 descriptor??
[  177.386588][   T52] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  177.445810][   T58] usb 3-1: USB disconnect, device number 8
[  177.451737][   T52] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  177.505183][   T52] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  177.578064][ T5871] usb 6-1: USB disconnect, device number 7
[  177.603617][   T52] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.678298][ T5870] dvb-usb: found a 'Pinnacle PCTV 282e' in cold state, will try to load a firmware
[  177.737419][ T5870] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  177.749349][ T5870] dib0700: firmware download failed at 7 with -22
[  177.895175][   T58] usb 4-1: USB disconnect, device number 5
[  177.920504][   T52] usb 5-1: usb_control_msg returned -32
[  177.943059][   T52] usbtmc 5-1:16.0: can't read capabilities
[  178.479979][ T5871] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  178.660214][ T5871] usb 6-1: Using ep0 maxpacket: 32
[  178.678198][ T5871] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  178.696596][ T5871] usb 6-1: config 0 has no interface number 0
[  178.713178][ T5871] usb 6-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  178.732889][ T5871] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  178.747251][ T5871] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.755530][ T5871] usb 6-1: Product: syz
[  178.766781][ T5871] usb 6-1: Manufacturer: syz
[  178.777171][ T5871] usb 6-1: SerialNumber: syz
[  178.785754][ T5871] usb 6-1: config 0 descriptor??
[  178.786450][ T6842] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  178.810205][ T5871] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  178.810249][ T5871] em28xx 6-1:0.132: Video interface 132 found: bulk
[  178.836736][ T6859] usbtmc 5-1:16.0: INDICATOR_PULSE returned 2f
[  178.993721][ T6865] QAT: failed to copy from user cfg_data.
[  179.484830][ T5871] em28xx 6-1:0.132: unknown em28xx chip ID (0)
[  179.586200][ T6873] tmpfs: Unknown parameter 'grpquota/#/msr'
[  179.983889][ T6842] kvm: emulating exchange as write
[  180.094282][   T58] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  180.267034][   T58] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  180.294602][   T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  180.318244][   T58] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  180.319359][   T52] usb 5-1: USB disconnect, device number 5
[  180.368687][   T58] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  180.414822][   T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.622283][   T58] usb 3-1: config 0 descriptor??
[  181.707386][ T5871] em28xx 6-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5)
[  181.716638][ T5871] em28xx 6-1:0.132: failed to read eeprom (err=-5)
[  181.723343][ T5871] em28xx 6-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  182.083313][ T5871] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  182.091296][ T5871] em28xx 6-1:0.132: analog set to bulk mode.
[  182.099097][ T5869] em28xx 6-1:0.132: Registering V4L2 extension
[  182.107479][   T58] ath6kl: Failed to submit usb control message: -110
[  182.114250][   T58] ath6kl: unable to send the bmi data to the device: -110
[  182.121671][   T58] ath6kl: Unable to send get target info: -110
[  182.179879][   T58] ath6kl: Failed to init ath6kl core: -110
[  182.186083][   T58] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110
[  182.476396][ T6907] syz.3.244 uses obsolete (PF_INET,SOCK_PACKET)
[  182.523611][   T52] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  182.715605][   T52] usb 5-1: config 234 has an invalid interface number: 6 but max is 0
[  182.746597][   T52] usb 5-1: config 234 has no interface number 0
[  182.786713][   T52] usb 5-1: config 234 interface 6 has no altsetting 0
[  182.817226][   T52] usb 5-1: New USB device found, idVendor=050d, idProduct=010f, bcdDevice=b2.2f
[  182.858376][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.899594][   T52] usb 5-1: Product: syz
[  182.915974][   T52] usb 5-1: Manufacturer: syz
[  182.962094][   T52] usb 5-1: SerialNumber: syz
[  183.440458][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  183.494176][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  183.532021][   T58] usb 3-1: USB disconnect, device number 9
[  183.545352][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  183.595143][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  183.808196][ T6930] FAULT_INJECTION: forcing a failure.
[  183.808196][ T6930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.821746][ T6930] CPU: 0 UID: 0 PID: 6930 Comm: syz.2.246 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  183.832393][ T6930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  183.842471][ T6930] Call Trace:
[  183.845760][ T6930]  <TASK>
[  183.848724][ T6930]  dump_stack_lvl+0x241/0x360
[  183.853441][ T6930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.858767][ T6930]  ? __pfx__printk+0x10/0x10
[  183.863438][ T6930]  should_fail_ex+0x3b0/0x4e0
[  183.868243][ T6930]  _copy_from_user+0x2f/0xc0
[  183.872949][ T6930]  move_addr_to_kernel+0x82/0x150
[  183.878370][ T6930]  __sys_sendto+0x268/0x4c0
[  183.882907][ T6930]  ? __pfx___sys_sendto+0x10/0x10
[  183.887967][ T6930]  ? __fget_files+0x2a/0x410
[  183.892566][ T6930]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  183.898593][ T6930]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  183.904992][ T6930]  __x64_sys_sendto+0xde/0x100
[  183.909826][ T6930]  do_syscall_64+0xf3/0x230
[  183.914366][ T6930]  ? clear_bhb_loop+0x35/0x90
[  183.919373][ T6930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.925414][ T6930] RIP: 0033:0x7fe49117ff19
[  183.929858][ T6930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.950027][ T6930] RSP: 002b:00007fe491eb5058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  183.958581][ T6930] RAX: ffffffffffffffda RBX: 00007fe491346160 RCX: 00007fe49117ff19
[  183.966572][ T6930] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 000000000000000a
[  183.974564][ T6930] RBP: 00007fe491eb50a0 R08: 0000000020000280 R09: 000000000000001c
[  183.982559][ T6930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.990575][ T6930] R13: 0000000000000000 R14: 00007fe491346160 R15: 00007fff05d4a688
[  183.998598][ T6930]  </TASK>
[  184.361854][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  184.410361][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  184.631601][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  184.639483][   T52] usb 5-1: USB disconnect, device number 6
[  184.648077][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  184.657239][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  184.664963][ T5869] em28xx 6-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  184.741362][   T58] usb 6-1: USB disconnect, device number 8
[  184.798774][   T58] em28xx 6-1:0.132: Disconnecting em28xx
[  184.816157][ T5869] em28xx 6-1:0.132: Config register raw data: 0xffffffed
[  184.824206][ T5869] em28xx 6-1:0.132: AC97 chip type couldn't be determined
[  184.840246][ T5869] em28xx 6-1:0.132: No AC97 audio processor
[  184.880180][ T6938] QAT: failed to copy from user cfg_data.
[  184.916308][ T5869] usb 6-1: Decoder not found
[  184.921128][ T5869] em28xx 6-1:0.132: failed to create media graph
[  184.953397][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.072291][ T5869] em28xx 6-1:0.132: V4L2 device video103 deregistered
[  185.971414][ T5869] em28xx 6-1:0.132: Remote control support is not available for this card.
[  185.980380][   T58] em28xx 6-1:0.132: Closing input extension
[  185.987026][   T58] ==================================================================
[  185.995112][   T58] BUG: KASAN: slab-use-after-free in media_device_unregister+0x154/0x470
[  186.003558][   T58] Read of size 8 at addr ffff888059bd4210 by task kworker/0:2/58
[  186.011292][   T58] 
[  186.013624][   T58] CPU: 0 UID: 0 PID: 58 Comm: kworker/0:2 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  186.024340][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  186.024359][   T58] Workqueue: usb_hub_wq hub_event
[  186.039477][   T58] Call Trace:
[  186.042844][   T58]  <TASK>
[  186.045814][   T58]  dump_stack_lvl+0x241/0x360
[  186.050536][   T58]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.055765][   T58]  ? __pfx__printk+0x10/0x10
[  186.060371][   T58]  ? _printk+0xd5/0x120
[  186.064544][   T58]  ? __virt_addr_valid+0x183/0x530
[  186.069658][   T58]  ? __virt_addr_valid+0x183/0x530
[  186.074779][   T58]  print_report+0x169/0x550
[  186.079294][   T58]  ? __virt_addr_valid+0x183/0x530
[  186.084579][   T58]  ? __virt_addr_valid+0x183/0x530
[  186.089688][   T58]  ? __virt_addr_valid+0x45f/0x530
[  186.094908][   T58]  ? __phys_addr+0xba/0x170
[  186.099412][   T58]  ? media_device_unregister+0x154/0x470
[  186.105050][   T58]  kasan_report+0x143/0x180
[  186.109553][   T58]  ? media_device_unregister+0x154/0x470
[  186.115216][   T58]  media_device_unregister+0x154/0x470
[  186.120691][   T58]  em28xx_release_resources+0xa7/0x230
[  186.126151][   T58]  em28xx_usb_disconnect+0x1cc/0x530
[  186.131437][   T58]  usb_unbind_interface+0x25b/0x940
[  186.136637][   T58]  ? kernfs_remove_by_name_ns+0x11b/0x160
[  186.142454][   T58]  ? __pfx_usb_unbind_interface+0x10/0x10
[  186.148256][   T58]  device_release_driver_internal+0x503/0x7c0
[  186.154325][   T58]  bus_remove_device+0x34f/0x420
[  186.159448][   T58]  device_del+0x57a/0x9b0
[  186.164127][   T58]  ? kobject_put+0x272/0x480
[  186.168808][   T58]  ? __pfx_device_del+0x10/0x10
[  186.173661][   T58]  ? kobject_put+0x44d/0x480
[  186.178259][   T58]  usb_disable_device+0x3bf/0x850
[  186.183287][   T58]  usb_disconnect+0x340/0x950
[  186.187967][   T58]  hub_event+0x1ebc/0x5150
[  186.192382][   T58]  ? debug_object_deactivate+0x2d5/0x390
[  186.198023][   T58]  ? do_raw_spin_unlock+0x13c/0x8b0
[  186.203661][   T58]  ? __pfx_hub_event+0x10/0x10
[  186.208428][   T58]  ? __pfx_lock_acquire+0x10/0x10
[  186.213446][   T58]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  186.219421][   T58]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  186.225762][   T58]  ? process_scheduled_works+0x976/0x1840
[  186.231486][   T58]  process_scheduled_works+0xa66/0x1840
[  186.237055][   T58]  ? __pfx_process_scheduled_works+0x10/0x10
[  186.243137][   T58]  ? assign_work+0x364/0x3d0
[  186.247747][   T58]  worker_thread+0x870/0xd30
[  186.252334][   T58]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  186.258226][   T58]  ? __kthread_parkme+0x169/0x1d0
[  186.263248][   T58]  ? __pfx_worker_thread+0x10/0x10
[  186.268410][   T58]  kthread+0x2f0/0x390
[  186.273365][   T58]  ? __pfx_worker_thread+0x10/0x10
[  186.278575][   T58]  ? __pfx_kthread+0x10/0x10
[  186.283260][   T58]  ret_from_fork+0x4b/0x80
[  186.287677][   T58]  ? __pfx_kthread+0x10/0x10
[  186.292269][   T58]  ret_from_fork_asm+0x1a/0x30
[  186.297047][   T58]  </TASK>
[  186.300075][   T58] 
[  186.302392][   T58] Allocated by task 5869:
[  186.306718][   T58]  kasan_save_track+0x3f/0x80
[  186.311403][   T58]  __kasan_kmalloc+0x98/0xb0
[  186.315998][   T58]  __kmalloc_cache_noprof+0x243/0x390
[  186.321389][   T58]  em28xx_v4l2_init+0xfd/0x2f40
[  186.326240][   T58]  em28xx_init_extension+0x120/0x1c0
[  186.331807][   T58]  process_scheduled_works+0xa66/0x1840
[  186.337380][   T58]  worker_thread+0x870/0xd30
[  186.342270][   T58]  kthread+0x2f0/0x390
[  186.346391][   T58]  ret_from_fork+0x4b/0x80
[  186.350827][   T58]  ret_from_fork_asm+0x1a/0x30
[  186.355607][   T58] 
[  186.357947][   T58] Freed by task 5869:
[  186.361936][   T58]  kasan_save_track+0x3f/0x80
[  186.366629][   T58]  kasan_save_free_info+0x40/0x50
[  186.371736][   T58]  __kasan_slab_free+0x59/0x70
[  186.376504][   T58]  kfree+0x196/0x430
[  186.380441][   T58]  em28xx_v4l2_init+0x16d7/0x2f40
[  186.385470][   T58]  em28xx_init_extension+0x120/0x1c0
[  186.390876][   T58]  process_scheduled_works+0xa66/0x1840
[  186.397124][   T58]  worker_thread+0x870/0xd30
[  186.402323][   T58]  kthread+0x2f0/0x390
[  186.406480][   T58]  ret_from_fork+0x4b/0x80
[  186.410985][   T58]  ret_from_fork_asm+0x1a/0x30
[  186.415753][   T58] 
[  186.418164][   T58] The buggy address belongs to the object at ffff888059bd4000
[  186.418164][   T58]  which belongs to the cache kmalloc-8k of size 8192
[  186.432301][   T58] The buggy address is located 528 bytes inside of
[  186.432301][   T58]  freed 8192-byte region [ffff888059bd4000, ffff888059bd6000)
[  186.446194][   T58] 
[  186.448519][   T58] The buggy address belongs to the physical page:
[  186.454939][   T58] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59bd0
[  186.463698][   T58] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  186.472191][   T58] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  186.479745][   T58] page_type: f5(slab)
[  186.483754][   T58] raw: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000
[  186.492335][   T58] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[  186.500929][   T58] head: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000
[  186.509777][   T58] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[  186.518445][   T58] head: 00fff00000000003 ffffea000166f401 ffffffffffffffff 0000000000000000
[  186.527110][   T58] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  186.535791][   T58] page dumped because: kasan: bad access detected
[  186.542205][   T58] page_owner tracks the page as allocated
[  186.548001][   T58] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5488, tgid 5488 (dhcpcd), ts 180315092885, free_ts 180314045829
[  186.568843][   T58]  post_alloc_hook+0x1f3/0x230
[  186.573608][   T58]  get_page_from_freelist+0x3651/0x37a0
[  186.579155][   T58]  __alloc_pages_noprof+0x292/0x710
[  186.584349][   T58]  alloc_pages_mpol_noprof+0x3e8/0x680
[  186.589804][   T58]  alloc_slab_page+0x6a/0x140
[  186.594473][   T58]  allocate_slab+0x5a/0x2f0
[  186.598975][   T58]  ___slab_alloc+0xcd1/0x14b0
[  186.603644][   T58]  __slab_alloc+0x58/0xa0
[  186.607974][   T58]  __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[  186.614381][   T58]  kmalloc_reserve+0x111/0x2a0
[  186.619167][   T58]  __alloc_skb+0x1f3/0x440
[  186.623581][   T58]  netlink_dump+0x1ee/0xe10
[  186.628082][   T58]  netlink_recvmsg+0x6bb/0x11d0
[  186.632927][   T58]  sock_recvmsg+0x22f/0x280
[  186.637433][   T58]  ____sys_recvmsg+0x1c6/0x480
[  186.642193][   T58]  __sys_recvmsg+0x291/0x390
[  186.646785][   T58] page last free pid 5488 tgid 5488 stack trace:
[  186.653138][   T58]  free_unref_page+0xde3/0x1130
[  186.658204][   T58]  __slab_free+0x31b/0x3d0
[  186.663056][   T58]  qlist_free_all+0x9a/0x140
[  186.667774][   T58]  kasan_quarantine_reduce+0x14f/0x170
[  186.673266][   T58]  __kasan_slab_alloc+0x23/0x80
[  186.678149][   T58]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  186.684135][   T58]  __alloc_skb+0x1c3/0x440
[  186.688554][   T58]  netlink_sendmsg+0x638/0xcb0
[  186.693485][   T58]  __sock_sendmsg+0x221/0x270
[  186.698163][   T58]  __sys_sendto+0x363/0x4c0
[  186.702709][   T58]  __x64_sys_sendto+0xde/0x100
[  186.707463][   T58]  do_syscall_64+0xf3/0x230
[  186.711966][   T58]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.717857][   T58] 
[  186.720258][   T58] Memory state around the buggy address:
[  186.725877][   T58]  ffff888059bd4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.733945][   T58]  ffff888059bd4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.742000][   T58] >ffff888059bd4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.750140][   T58]                          ^
[  186.754719][   T58]  ffff888059bd4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.762854][   T58]  ffff888059bd4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.770905][   T58] ==================================================================
[  186.795445][   T58] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  186.802682][   T58] CPU: 0 UID: 0 PID: 58 Comm: kworker/0:2 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
[  186.813667][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  186.823829][   T58] Workqueue: usb_hub_wq hub_event
[  186.828971][   T58] Call Trace:
[  186.832776][   T58]  <TASK>
[  186.835738][   T58]  dump_stack_lvl+0x241/0x360
[  186.840890][   T58]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.846232][   T58]  ? __pfx__printk+0x10/0x10
[  186.850857][   T58]  ? preempt_schedule+0xe1/0xf0
[  186.855740][   T58]  ? vscnprintf+0x5d/0x90
[  186.860121][   T58]  panic+0x349/0x880
[  186.864389][   T58]  ? check_panic_on_warn+0x21/0xb0
[  186.869516][   T58]  ? __pfx_panic+0x10/0x10
[  186.873961][   T58]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  186.879980][   T58]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  186.886525][   T58]  ? print_report+0x502/0x550
[  186.891233][   T58]  check_panic_on_warn+0x86/0xb0
[  186.896725][   T58]  ? media_device_unregister+0x154/0x470
[  186.902396][   T58]  end_report+0x77/0x160
[  186.906674][   T58]  kasan_report+0x154/0x180
[  186.911294][   T58]  ? media_device_unregister+0x154/0x470
[  186.917153][   T58]  media_device_unregister+0x154/0x470
[  186.922809][   T58]  em28xx_release_resources+0xa7/0x230
[  186.928311][   T58]  em28xx_usb_disconnect+0x1cc/0x530
[  186.933922][   T58]  usb_unbind_interface+0x25b/0x940
[  186.939195][   T58]  ? kernfs_remove_by_name_ns+0x11b/0x160
[  186.945058][   T58]  ? __pfx_usb_unbind_interface+0x10/0x10
[  186.950824][   T58]  device_release_driver_internal+0x503/0x7c0
[  186.957126][   T58]  bus_remove_device+0x34f/0x420
[  186.962129][   T58]  device_del+0x57a/0x9b0
[  186.966500][   T58]  ? kobject_put+0x272/0x480
[  186.971147][   T58]  ? __pfx_device_del+0x10/0x10
[  186.976032][   T58]  ? kobject_put+0x44d/0x480
[  186.980759][   T58]  usb_disable_device+0x3bf/0x850
[  186.985830][   T58]  usb_disconnect+0x340/0x950
[  186.990547][   T58]  hub_event+0x1ebc/0x5150
[  186.995012][   T58]  ? debug_object_deactivate+0x2d5/0x390
[  187.000696][   T58]  ? do_raw_spin_unlock+0x13c/0x8b0
[  187.005936][   T58]  ? __pfx_hub_event+0x10/0x10
[  187.010727][   T58]  ? __pfx_lock_acquire+0x10/0x10
[  187.015803][   T58]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  187.022157][   T58]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  187.028680][   T58]  ? process_scheduled_works+0x976/0x1840
[  187.034409][   T58]  process_scheduled_works+0xa66/0x1840
[  187.039981][   T58]  ? __pfx_process_scheduled_works+0x10/0x10
[  187.045980][   T58]  ? assign_work+0x364/0x3d0
[  187.050587][   T58]  worker_thread+0x870/0xd30
[  187.055179][   T58]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  187.061094][   T58]  ? __kthread_parkme+0x169/0x1d0
[  187.066118][   T58]  ? __pfx_worker_thread+0x10/0x10
[  187.071225][   T58]  kthread+0x2f0/0x390
[  187.075814][   T58]  ? __pfx_worker_thread+0x10/0x10
[  187.080921][   T58]  ? __pfx_kthread+0x10/0x10
[  187.085510][   T58]  ret_from_fork+0x4b/0x80
[  187.089926][   T58]  ? __pfx_kthread+0x10/0x10
[  187.094528][   T58]  ret_from_fork_asm+0x1a/0x30
[  187.099297][   T58]  </TASK>
[  187.102613][   T58] Kernel Offset: disabled
[  187.106935][   T58] Rebooting in 86400 seconds..