last executing test programs:

9.876428617s ago: executing program 3 (id=6395):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000404f0453b600000000000109022400010000000009040000ff0300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="002207000000ab34f5ac1d95"], 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1a10716, &(0x7f0000000880), 0xff, 0x46d, &(0x7f0000001bc0)="$eJzs289vVEUcAPDve7sFBGUrIgqCVNGk8UdLCyoHE6PRxIMmJnrAY20LQRZqaE2ENFqNwaMh8W48mvgXePJk1JOJVzyaGBKixAT04pq3+17pLrullYXddD+fZGFm3+zMfPvevJ2d2Q1gYI1k/yQRd0fExYioNLLNBUYa/127sjj995XF6SRqtTf/SOrlrl5ZnK7litdty+scTSPST5O8kRhaWe382XMnp6rV2TN5fnzh1Hvj82fPPX3i1NTx2eOzpyePHDl8aOK5ZyefadPr3y6sN84svqt7Ppzbu/vVty+8Pn30wjs/fpP1d9e+xvEsjvXWeTMjWeB/Nv42rcce73ZjPfZv7XqcSbnXvWGtShFRzgfnxahEKa6fvEq88klPOwfcVtk9e3Pnw0s1YANLotc9AHqjeKPPPv8Wjzs09egLl19sfADK4r6WPxpHypE2Pho1L1x02UhEHF3658vsES3rELU26wYAALfqu2z+81S7+V8au1aU257vDQ1HxL0RsSMi7ouInRFxf0S97AMR8WCnhjpMokZa8jfOP9NL/zu4Ncjmf8/ne1vN87+0KDJcynP31OMfSo6dqM4ezP8mozG0OctPtKu8qOLlXz7v1P7K+V/2yNov5oJ5JZfKjQW6LcUzM1MLU92alF7+OGJPuV38yfJOQBIRuyNiz/qq3l4kTjzx9d5OhW4e/yq6sM9U+6qoZHEpWuIvJKvvT45vierswfHiqrjRTz+ff6NT+7cUfxdk539r8/XfUqLyV7Jyv3Z++cALa23j/K+fdfxMWV779b8su/43JW/V93Q35c99MLWwcGYiYlPyWj3f9Pzk9dcW+aJ8Fv/ogfbjf0f+miz+hyIiu4j3RcTDEbE/P3ePRMSjEXFglfh/eOmxdzsd64fzP9P2/rd8/Q83n//1J0onv/+2U/tru/8drqdG82fq97+b6Nyd4jbacjUDAADABpbWvxufpGPL6TQdG2t8h39nbE2rc/MLTx6be//0TOM79MMxlBYrXZUV66ETyVJeYyM/ma8VF8cP5evGX5TuqufHpueqMz2OHQbdtg7jP/N7qde9A247v9eCwdU6/tMe9QO487z/w+Ay/mFwGf8wuNqN/49a8vYCYCOqVXrdA6B3zP9hcBn/MLiMfxhIt/K7/tuVKK/y632JfklE2hfd6JvE/j4aTeUujO4e35gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC65L8AAAD///Uk+Ss=")
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r8}, &(0x7f0000000280), &(0x7f0000000300)}, 0x20)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
setsockopt$sock_int(r9, 0x1, 0x29, &(0x7f0000000000)=0x202, 0x4)

6.68271951s ago: executing program 4 (id=6411):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x4, 0x600, 0x9, 0x408, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0xc}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
socket(0x0, 0x80000, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000540)="68d4cee035cebde691db361ccf7811ad6c6183c01250a336fb86dc70caddd6f907b60989a189130b7c4db2681ec8163d525d57ab9418275b8ea4562412b02bdbf9245a4b42476c00248d765993ae81e22c1eaf42c3bd674c377be4526be9a3e7fc01f94eafeec16a22344c711d76486e5d13821b4dd4409c90033b0e8137bd4f743782e40c4c8c6325aac6b53acf1db0a69cc3506b7cd932ecd52083f0ef5e4352a0c77a", 0xa4}, {&(0x7f0000000600)="9e3a1816edcbf5cfd931b409dbc2a9337b113d4cd93c05fd59a713dc43b26f96dc444492ea8d3f9753d32b48d5e77c6bf7f52848d8aa6cd4373ef58ae764c59d5fdf6dc99e2a84ef681443d47d19e81825d84f0f7eab24154f15931b2caa07e07f8dd2cf046159ccbbb14bb7c53f8a98a49f9b587e9e5d2b0e1469f558052b5a486ce7f5ce8a46d2677fb6f7dec5de1dc1d0ec634d829e9b7a", 0x99}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$inet6(0xa, 0x0, 0x87)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bind$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xa}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc00c004}, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @rand_addr, {[@timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@private}, {@rand_addr=0x64010101}, {@remote}, {@multicast2}]}]}}}}}}}, 0x0)
setns(r1, 0x24020000)
syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

5.458039641s ago: executing program 0 (id=6413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff430500001100630377fbac141414e000000162079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

5.260651687s ago: executing program 4 (id=6414):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
poll(&(0x7f0000000040)=[{r1, 0x81}], 0x1, 0x800)

5.240050478s ago: executing program 0 (id=6415):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x32}], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

5.239608009s ago: executing program 0 (id=6416):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x7, 0x4, 0x3f0, 0x110, 0x1f8, 0x0, 0x110, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @multicast2, @empty}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @multicast2, @dev}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x119a}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}, 0x90)

5.236721109s ago: executing program 4 (id=6417):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x4, 0x600, 0x9, 0x408, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0xc}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000540)="68d4cee035cebde691db361ccf7811ad6c6183c01250a336fb86dc70caddd6f907b60989a189130b7c4db2681ec8163d525d57ab9418275b8ea4562412b02bdbf9245a4b42476c00248d765993ae81e22c1eaf42c3bd674c377be4526be9a3e7fc01f94eafeec16a22344c711d76486e5d13821b4dd4409c90033b0e8137bd4f743782e40c4c8c6325aac6b53acf1db0a69cc3506b7cd932ecd52083f0ef5e4352a0c77a", 0xa4}, {&(0x7f0000000600)="9e3a1816edcbf5cfd931b409dbc2a9337b113d4cd93c05fd59a713dc43b26f96dc444492ea8d3f9753d32b48d5e77c6bf7f52848d8aa6cd4373ef58ae764c59d5fdf6dc99e2a84ef681443d47d19e81825d84f0f7eab24154f15931b2caa07e07f8dd2cf046159ccbbb14bb7c53f8a98a49f9b587e9e5d2b0e1469f558052b5a486ce7f5ce8a46d2677fb6f7dec5de1dc1d0ec634d829e9b7a", 0x99}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$inet6(0xa, 0x0, 0x87)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bind$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xa}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc00c004}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @rand_addr, {[@timestamp_prespec={0x44, 0x4}]}}}}}}}, 0x0)
setns(r1, 0x24020000)
syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

5.214432191s ago: executing program 3 (id=6418):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_usb_connect$uac1(0x2, 0xac, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffed1, 0x3, 0x1, 0xc, 0x60, 0x40, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xb1}, [@input_terminal={0x24, 0x24, 0x2, 0x0, 0x205, 0x0, 0x0, 0x0, 0x0, 0x2}, @input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xfe}, @processing_unit={0xd, 0x24, 0x7, 0x0, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x2, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0xfc, 0x0, 0xb, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="05010000000000107d1e222e00000000000109022400010000000009040000020300020009210000000122020009058103"], 0x0)

5.083174092s ago: executing program 1 (id=6419):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8", &(0x7f0000000380), 0x9, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000880)={0x78, 0x2d, 0x300, 0x70bd26, 0x25dfdbfe, {0x10}, [@nested={0xc, 0x7f, 0x0, 0x1, [@typed={0x6, 0x36, 0x0, 0x0, @str='\xce\x00'}]}, @typed={0x50, 0xcf, 0x0, 0x0, @binary="c5f84c8d22471ccd5815e146ff25a8dabd87a7d409f7c82bc57f858fa76d6a155fb1b94e414e4ff917651871ad8a6a96e53210f8c1526779e40b0d4bfb4901f91c6c8223967d110d4c65e9c5"}, @typed={0x8, 0xc5, 0x0, 0x0, @pid}]}, 0x78}, 0x1, 0x0, 0x0, 0x22000090}, 0x2000c000)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000380))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1, <r2=>0xffffffffffffffff}, 0x0, 0x0}, 0x59)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000280), 0x40000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, &(0x7f0000000400)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
syz_emit_ethernet(0xa2, &(0x7f00000002c0)={@local, @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "ee527e", 0x6c, 0x3c, 0x0, @empty, @mcast2, {[@dstopts={0x0, 0x3, '\x00', [@ra, @hao={0xc9, 0x10, @mcast1}, @pad1]}]}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xd, &(0x7f0000000a40)=ANY=[@ANYBLOB="1861000008000000000000000600000018400000f9ffffff0000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000060000008500000006000000851000000400000040e0f89dff19e2003cf983e05e4656a4d143ec1d8dabd75833a139ea0447045a25850e6ea19feb29e228b93affdd8b5eb279c8a232470572bc38423bb6a73adcddcc14f674d1be0cb67d76496f217922390d0d25d0654787fadcc14c9cbc149af6bff00b23f3e7a00475b61e79e5e01c970153737969b5438ba25d66338ceca7e67aafd9f6592cb7804a58c3f09fc311210fecba53a977cdfc2b837e5bd715aa8c30a543f28bda836e1f0293a2b7c77752e52a9e8db0159583eb401a01f10905c4d8eb6c73fc77789330413e372cb8ce1abc33a9ef714dc84e417434b6a8bc91f8cd8a988bfc33f2e1b7a56cd69c2ae99a47ad388322268f16f2fdd8c6c0fc81746749c1f845d72442b8ba2790e024352001939039cb07d47109119ef5aa724cb9944777980f5db2b942cd95e93b048c9d9260ac0948d0cc3417f12bdb70c59d14023003123c43c49c58cb7c460e90c800faadcff7ae7ca51ce2fd6a63e66c945ec29c3f2429ad20c3ad85e66e62bded32ec321cfc0418f1e7974e4c938ddbd56312d54dcfb7cd1830d7063e0273329bc5068f54833a02817ab4fa856a78bcd1d8bef2cae9032c1ea7"], &(0x7f00000003c0)='GPL\x00', 0x80000000, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0xf, r2, 0x8, &(0x7f0000000700)={0x8, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x1, &(0x7f0000000740)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r2, r1], &(0x7f0000000780)=[{0x4, 0x3, 0xd, 0xb}]}, 0x90)

3.465961785s ago: executing program 4 (id=6420):
syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000093876493506c8ef2ff00b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000f8ffffffbfa400ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10)
syz_usb_disconnect(0xffffffffffffffff)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000380)={0x11, 0x4, r4, 0x1, 0x80, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x11, &(0x7f0000001f00)=ANY=[@ANYBLOB="01"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000940), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000002740)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000002700)={&(0x7f0000002640)={0xc0, r6, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x28}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4020040}, 0x408c0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)=""/74, 0x4a}], 0x1, &(0x7f00000003c0)=""/120, 0x78}, 0x4}, {{&(0x7f0000000440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000840)=""/253, 0xfd}, {&(0x7f0000000740)=""/188, 0xbc}, {&(0x7f0000000a40)=""/205, 0xcd}, {&(0x7f00000001c0)=""/52, 0x34}, {&(0x7f0000000300)=""/15, 0xf}, {&(0x7f0000000b40)=""/200, 0xc8}, {&(0x7f0000000640)=""/94, 0x5e}, {&(0x7f0000000980)=""/61, 0x3d}, {&(0x7f0000000c40)=""/231, 0xe7}, {&(0x7f0000000d40)=""/130, 0x82}], 0xa, &(0x7f0000000ec0)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000001f40)=@x25, 0x80, &(0x7f0000002480)=[{&(0x7f0000000980)}, {&(0x7f0000001fc0)=""/254, 0xfe}, {&(0x7f00000020c0)=""/86, 0x56}, {&(0x7f0000002140)=""/122, 0x7a}, {&(0x7f00000021c0)=""/174, 0xae}, {&(0x7f0000002280)=""/247, 0xf7}, {&(0x7f0000002380)=""/212, 0xd4}], 0x7, &(0x7f0000002500)=""/94, 0x5e}, 0x9f9}], 0x3, 0x2002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002780)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x80000001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x3e, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000001ec0), 0x8000000000000000, 0x72741)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0xa8}}, 0x0)

3.459431455s ago: executing program 2 (id=6421):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rt_sigpending(&(0x7f0000000040), 0x8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
readv(r4, &(0x7f0000002140)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
mremap(&(0x7f0000934000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000a6f000/0x4000)=nil)
mlockall(0x3)
mlockall(0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
setpriority(0x0, 0x0, 0xf17)

3.391296122s ago: executing program 0 (id=6422):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f0000000a00)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}], [{@euid_lt}, {@measure}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000ac0), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="240000006800b9f900000000000000000a00000000000000080001001200000004000b"], 0x24}}, 0x0)
creat(&(0x7f0000000040)='./file1\x00', 0x47)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x1, 0x1d1, 0x1}, 0x48)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaccaaaaaaaaaaaaaa080045e0001c00000000000290787f000001e00000011100907800000000"], 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4c", 0x4}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)

3.16409618s ago: executing program 1 (id=6423):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getgid()
mkdir(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(0x0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000440)='./file0/../file0/../file0\x00', &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:hwclock_exec_t:s0\x00', 0x24, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
memfd_create(&(0x7f0000000000)='secer\x03\x00\x00\x00selin\x8cB\xabl\xa6e\x15ux\x00\xab', 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')

2.609341976s ago: executing program 0 (id=6424):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x4, 0x600, 0x9, 0x408, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0xc}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
socket(0x0, 0x80000, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000540)="68d4cee035cebde691db361ccf7811ad6c6183c01250a336fb86dc70caddd6f907b60989a189130b7c4db2681ec8163d525d57ab9418275b8ea4562412b02bdbf9245a4b42476c00248d765993ae81e22c1eaf42c3bd674c377be4526be9a3e7fc01f94eafeec16a22344c711d76486e5d13821b4dd4409c90033b0e8137bd4f743782e40c4c8c6325aac6b53acf1db0a69cc3506b7cd932ecd52083f0ef5e4352a0c77a", 0xa4}, {&(0x7f0000000600)="9e3a1816edcbf5cfd931b409dbc2a9337b113d4cd93c05fd59a713dc43b26f96dc444492ea8d3f9753d32b48d5e77c6bf7f52848d8aa6cd4373ef58ae764c59d5fdf6dc99e2a84ef681443d47d19e81825d84f0f7eab24154f15931b2caa07e07f8dd2cf046159ccbbb14bb7c53f8a98a49f9b587e9e5d2b0e1469f558052b5a486ce7f5ce8a46d2677fb6f7dec5de1dc1d0ec634d829e9b7a", 0x99}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$inet6(0xa, 0x0, 0x87)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bind$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xa}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc00c004}, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @rand_addr, {[@timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@private}, {@dev}, {@remote}, {@multicast2}]}]}}}}}}}, 0x0)
setns(r1, 0x24020000)
syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

2.507630344s ago: executing program 2 (id=6425):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff430500001100630377fbac141414e000000162079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

2.455125228s ago: executing program 2 (id=6426):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
getpid()
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r3 = inotify_init1(0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, <r4=>0x0})
r5 = syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0xc0406618, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r7, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p\x00\x00\x00\x00\x00\x00\x00v'], 0x70}}], 0x1, 0x2000c044)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r10}}, 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r6, 0x0, 0x7151, 0x0)

2.19671393s ago: executing program 3 (id=6427):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
poll(&(0x7f0000000040)=[{r1, 0x81}], 0x1, 0x800)

1.855765197s ago: executing program 1 (id=6428):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = eventfd2(0xfffffff1, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000001c0)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x2f}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
write$eventfd(r1, &(0x7f00000000c0)=0x7, 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x78, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}]}, 0x78}}, 0x8840)

1.780137354s ago: executing program 0 (id=6429):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000ecff0000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$inet6(0xa, 0x80002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f00000103c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6(0xa, 0x200000000003, 0x87)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00102b00fc020000000000000000000000000000fe8000000000000000000000000000aa8701"], 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r4, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r4, r2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r5, 0x0, 0x0)
mount$incfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

1.757334106s ago: executing program 4 (id=6430):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ")
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000025c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000ecff0000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000200000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x1013a, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, 0x1, 0x2, 0x101}, 0x14}}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f0000000200)="3f030e00031b12000000000089e9aaa911d7c2290f00810000008100642c4a1b78610000", 0x24, 0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

1.070855652s ago: executing program 2 (id=6431):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014001100b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x404040, 0x0)
ioctl$VT_RESIZE(r5, 0x5609, &(0x7f00000001c0)={0x60b, 0x8, 0xad0c})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
sched_setscheduler(r1, 0x1, &(0x7f0000000500)=0x80)
close(r6)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000e80)={0x768, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0xa8, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x14, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x6, 0xab, 0x7ff, 0x8, 0xb34e, 0x6, 0x1]}}]}, @NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xa952, 0x4, 0x3, 0x7, 0x9, 0x9, 0x42, 0x2]}}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x5, 0x4}, {0x0, 0x3}, {0x3, 0x8}, {0x5, 0x3}, {0x5, 0x8}, {0x3, 0x1}, {0x7, 0xa}, {0x2, 0x8}, {0x3, 0x1}, {0x5}, {0x6}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0xa}, {0x4, 0x6}, {0x6, 0x3}, {0x0, 0xa}, {0x7, 0x1}, {0x4, 0x9}, {0x2, 0x4}, {0x5, 0x4}, {0x6, 0x8}, {0x5, 0x3}, {0x0, 0x7}, {0x4, 0x1}, {0x4}, {0x5, 0x7}, {0x7, 0x6}, {0x7, 0x1}, {0x7, 0x2}, {0x1, 0x6}, {0x7, 0x1}, {0x7, 0x8}, {0x0, 0x3}, {0x0, 0xa}, {0x0, 0x4}, {0x0, 0x1}, {0x4, 0x5}, {0x4, 0x2}, {0x1, 0x1}, {0x0, 0x6}, {0x3, 0x1}, {0x4, 0x2}, {0x5, 0xa}]}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffe, 0x6, 0x6, 0x0, 0x0, 0x1, 0x7]}}]}]}, @NL80211_ATTR_TX_RATES={0x184, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x38, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x13, 0x1, [0x0, 0xb, 0x36, 0x16, 0x15, 0x4, 0xbb761201023368c0, 0x9, 0x24, 0x5, 0xe60d68d813046f15, 0x2, 0x4, 0x3, 0x12]}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x5, 0x6}, {0x0, 0x5}, {0x5, 0xa}, {0x1, 0x7}, {0x1, 0x8}, {0x6, 0x3}, {0x5}, {0x0, 0x7}, {0x0, 0x9}, {0x1, 0x3}, {0x3, 0x7}, {0x0, 0x6}, {0x0, 0x3}, {0x4, 0x3}, {0x7, 0xa}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x48, 0x24, 0x48, 0x0, 0x6c, 0x48, 0x36, 0x18]}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x18, 0x1, [0x24, 0x12, 0x24, 0x30, 0x2, 0x5, 0x6c, 0x9, 0x48, 0x24, 0x1b, 0x36, 0x4, 0x48, 0x6, 0x48, 0x24, 0xc, 0x48, 0x1]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9f, 0x2, 0x9, 0x3, 0x2, 0x200, 0x7, 0xddae]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5e29, 0x6, 0x7, 0x5, 0x2, 0x4, 0x0, 0x8000]}}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x44, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xb, 0x1, [0x60, 0x60, 0x48, 0x6c, 0x1b, 0x1, 0x30]}, @NL80211_TXRATE_LEGACY={0x10, 0x1, [0x5, 0xb, 0x5, 0xb, 0x1e, 0x36, 0x9, 0x2, 0x4, 0x1c, 0x4, 0x48]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xed31, 0x6, 0x8001, 0x5, 0x3, 0x5, 0x2, 0xfffd]}}]}, @NL80211_BAND_2GHZ={0x2c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x522, 0x81, 0x6, 0xb, 0xcd, 0x1, 0x2ab, 0x8]}}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x6, 0x1b, 0x2, 0x16, 0x9, 0x1, 0x2, 0x2, 0x3, 0x2, 0xc, 0x2, 0x1]}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0xb, 0x16, 0x36, 0x1b, 0x24, 0x60, 0x36]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x34, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x20, 0x1, [0x3, 0x1, 0x0, 0x6, 0x0, 0x6, 0xc, 0x36, 0x42abc52bf9fef0bf, 0x6, 0x18, 0x6c, 0x1b, 0x6c, 0x12, 0x16, 0x6c, 0x4, 0x3, 0x4, 0x36, 0x4, 0x4, 0x6c, 0x24, 0x6, 0x2, 0x9]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x100, 0x6, 0x0, 0x9, 0x6, 0x8000, 0xc9b]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x18, 0xb, 0x3, 0x48, 0x37, 0x16, 0x2, 0x30, 0x0, 0x30, 0x12]}]}]}, @NL80211_ATTR_TX_RATES={0xdc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x68, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1000, 0x7, 0x7, 0x1, 0x9, 0x8, 0x8e60, 0xfff8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x2, 0xc1, 0x5, 0x7, 0x81, 0x2, 0x2cea]}}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x3, 0x9}, {0x3, 0x2}, {0x2, 0x7}, {0x6, 0x2}, {0x3}, {0x5}, {0x1, 0x6}, {0x6, 0x7}, {0x7, 0xa}, {0x0, 0x5}, {0x4, 0x5}, {0x2, 0x6}, {0x2, 0x5}, {0x0, 0x8}, {0x7, 0x1}, {0x1, 0x6}, {0x3, 0x3}, {0x4, 0x7}, {0x2, 0x6}, {0x0, 0x8}, {0x7, 0x6}, {0x2, 0x4}, {0x5, 0x1}, {0x1, 0x2}, {0x0, 0xa}, {0x2, 0x7}, {0x3, 0x2}, {0x3, 0x8}, {0x2, 0x6}, {0x0, 0x3}, {0x2, 0x7}, {}, {0x7, 0x6}, {0x5, 0x2}, {0x3, 0x4}, {0x1, 0x7}, {0x6, 0xa}, {0x4, 0x3}, {0x6, 0x4}, {0x4, 0x7}, {0x3, 0x1}, {0x6, 0x6}, {0x2, 0x6}, {0x6, 0x3}, {0x2, 0x2}, {0x0, 0x9}, {0x5, 0x6}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x70, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7ff, 0xf, 0x1, 0x6, 0x9, 0x6, 0x9d3]}}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x60, 0x8007f6dec72450cf, 0x9, 0x12, 0x30, 0x6d, 0x6c, 0x4, 0x12, 0x30, 0x30, 0x30, 0x4, 0x12, 0x12, 0x6e, 0x36, 0x4, 0x5, 0xc, 0x60, 0x12, 0x9, 0x16, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff, 0x4, 0x3, 0x7, 0xffff, 0xff, 0x8, 0x5]}}, @NL80211_TXRATE_HT={0x1c, 0x2, [{0x0, 0x2}, {0x3, 0xa}, {0x3, 0x5}, {0x3, 0x7}, {0x6, 0xa}, {0x0, 0x4}, {0x2, 0x3}, {0x1, 0x8}, {0x0, 0x5}, {0x0, 0x6}, {0x3, 0x6}, {0x3, 0x1}, {0x4, 0xa}, {0x1, 0x4}, {0x0, 0x8}, {0x6, 0x5}, {0x6, 0x1}, {0x0, 0x8}, {0x5, 0xa}, {0x6, 0x5}, {0x6, 0x1}, {0x0, 0x6}, {0x5, 0x7}, {0x6, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x218, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0xe, 0x2, [{0x0, 0x9}, {0x6, 0x1}, {0x3, 0x6}, {0x2, 0x1}, {0x5, 0x4}, {0x1, 0x4}, {0x4, 0x4}, {0x3, 0x4}, {0x1, 0xa}, {0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x5, 0xd2b6, 0x1, 0x6, 0x8, 0x1, 0x3]}}]}, @NL80211_BAND_2GHZ={0x44, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x2, 0x1, 0xbf97, 0x0, 0x80, 0xffff, 0x8000]}}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x6}, {0x7, 0xa}, {0x4, 0x9}, {0x1, 0x3}, {0x3, 0xa}, {0x7, 0x5}, {0x3}, {0x5, 0x9}, {0x4, 0x9}, {0x1, 0x7}, {0x7, 0xa}, {0x3, 0xa}, {}, {0x4}, {0x6, 0x5}, {0x2, 0x1}, {}, {0x4, 0x9}, {0x0, 0x3}, {0x6, 0x6}, {0x4}, {0x5, 0x4}, {0x7, 0x2}, {0x4, 0x2}, {0x2, 0x6}, {}, {0x3}, {0x1, 0x3}, {0x0, 0x9}, {0x4, 0x6}, {0x6, 0xa}, {0x3, 0x4}, {0x5}, {0x7, 0x1}, {0x5, 0x7}, {0x7, 0x8}, {0x5, 0x1}, {0x1, 0x4}]}]}, @NL80211_BAND_60GHZ={0x60, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x17, 0x2, [{0x1, 0x1c}, {0x0, 0x4}, {0x0, 0x9}, {0x3, 0xa}, {0x2, 0x9}, {0x7, 0x8}, {0x6, 0x3}, {0x0, 0x1}, {0x4, 0x9}, {0x2, 0x8}, {0x0, 0x3}, {0x6, 0x7}, {0x5, 0x1}, {0x2, 0x7}, {0x5, 0x9}, {0x6, 0x4}, {0x0, 0x4}, {0x1, 0x8}, {0x4, 0xa}]}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x12, 0x6, 0x0, 0x16, 0x9, 0x24, 0x12, 0x60, 0x36, 0x5, 0x24, 0x24, 0xc, 0x5, 0x4, 0x1b, 0x24, 0x2, 0x24, 0x30, 0x4, 0x1b, 0x36, 0x2, 0x30, 0x6]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1ff, 0xc702, 0xea, 0x8, 0x6, 0x401, 0x6, 0x8]}}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x36, 0x16, 0x22, 0x5]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}, @NL80211_BAND_2GHZ={0xcc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3a, 0x2, [{0x2, 0x9}, {0x7, 0x9}, {0x3, 0xa}, {0x6, 0x2}, {0x4, 0x3}, {0x4}, {0x1, 0x6}, {0x7, 0x4}, {0x6, 0x9}, {0x4, 0x3}, {0x7, 0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x0, 0x8}, {0x3}, {0x6, 0x4}, {0x3, 0xa}, {0x1, 0x7}, {0x0, 0x4}, {0x6, 0x9}, {0x0, 0x6}, {0x5, 0x4}, {0x4, 0x2}, {0x2, 0x5}, {0x0, 0xa}, {0x5, 0x7}, {0x3, 0x4}, {0x0, 0x2}, {}, {0x0, 0x9}, {0x3, 0x3}, {0x2}, {0x0, 0x8}, {0x0, 0x7}, {0x0, 0x9}, {0x2, 0x5}, {}, {0x0, 0xa}, {0x7, 0x2}, {0x6, 0x3}, {0x5, 0x3}, {0x0, 0x5}, {0x0, 0xa}, {0x3, 0x9}, {0x4, 0x1}, {0x2, 0x1}, {0x7, 0x2}, {0x0, 0x5}, {0x6, 0x2}, {0x3, 0x6}, {0x1, 0x3}, {0x7, 0x9}, {0x7, 0x8}, {0x1, 0x2}]}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x7, 0x8}, {0x3, 0x8}, {0x3, 0x3}, {}, {0x1, 0xa}, {0x6, 0x8}, {0x1, 0x4}, {0x2, 0x8}, {0x1, 0x9}, {0x3, 0x1}, {0x0, 0x4}, {0x7, 0xa}, {0x2, 0x4}, {0x6, 0x7}, {0x0, 0x9}, {0x5, 0x8}, {0x7, 0x5}, {0x0, 0x9}, {0x2, 0x5}, {0x0, 0x4}, {0x1, 0x4}, {0x5, 0x3}, {0x0, 0x3}, {0x1, 0x7}, {0x4, 0x2}, {0x1, 0x7}, {0x0, 0x4}, {0x7, 0x5}, {0x0, 0x5}, {0x4}, {0x5, 0xa}, {0x4, 0x3}, {0x0, 0x3}, {0x2, 0x6}, {0x1, 0x6}, {0x7, 0x3}, {0x2, 0x6}, {0x7, 0x4}, {0x0, 0x8}, {0x1, 0x8}, {0x5, 0x8}, {0x0, 0x2}, {0x5}, {0x2, 0x3}, {0x7, 0x7}, {0x3, 0x6}, {0x1, 0x4}, {0x1, 0x4}, {0x0, 0x7}, {0x0, 0x6}, {0x4, 0x9}, {0x0, 0x1}, {}, {0x6, 0x3}, {}, {0x3, 0x4}, {0x6, 0x3}, {0x6, 0x8}, {0x5, 0x3}, {0x7, 0x5}, {}, {0x7, 0x7}, {0x3, 0x1}, {0x5, 0x3}, {0x2, 0x8}, {0x2}, {0x1, 0xa}, {0x6, 0x3}, {0x2, 0x2}, {0x6, 0x5}, {0x4, 0xa}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x4, 0x81, 0x572d, 0xe, 0x1000, 0xd9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa9f, 0x7ff, 0xb, 0x3, 0xb, 0x6, 0x4, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x4}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xa, 0x8001, 0x7, 0x9, 0x4, 0x40, 0x9, 0x2]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x12, 0x12, 0x3, 0x60, 0x24, 0x6c, 0x18, 0xc, 0x78, 0x0, 0x30, 0x2, 0x4, 0x18, 0xb, 0x12]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x8000, 0x96, 0x6f1a, 0x1e0, 0x0, 0x0, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0xfff9, 0x6, 0xd0, 0x8, 0x1, 0x2, 0x6]}}]}]}, @NL80211_ATTR_TX_RATES={0x40, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x3c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x10, 0x4, 0x9, 0x7, 0x40, 0x6, 0x9, 0x3]}}, @NL80211_TXRATE_HT={0xf, 0x2, [{0x7, 0x6}, {0x5, 0x9}, {0x3, 0x2}, {0x2, 0x5}, {0x5, 0x1}, {0x4, 0x7}, {0x1, 0x2}, {0x2, 0x7}, {0x3, 0x9}, {0x7, 0x5}, {0x7, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xb3, 0x10, 0x12aa, 0xf, 0x6, 0xa, 0x6, 0xfff8]}}]}]}, @NL80211_ATTR_TX_RATES={0x4}, @NL80211_ATTR_TX_RATES={0x1b0, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x88, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x1, 0x16, 0x12, 0x3, 0xb, 0x2d, 0x5, 0x1, 0x30, 0x9, 0x3, 0x16, 0x24, 0xc, 0xc, 0x36, 0x1b, 0x36, 0x3, 0xc, 0x18, 0xb]}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x1b, 0x1, 0xc, 0x30, 0x6c, 0x18, 0xb, 0x1, 0x36, 0x1e, 0x3, 0x3, 0x5, 0xb, 0x5, 0x2, 0x60, 0x60, 0xb, 0xc, 0x3, 0x12, 0x9, 0x60, 0x18, 0x30, 0x30, 0x3a, 0x4, 0x1]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2b5, 0x3, 0x5, 0x1, 0x5, 0x0, 0x2, 0x7fff]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x4, 0x4035e889af16487a, 0x36, 0x2, 0x30]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0xdd, 0x2, 0x3, 0xd, 0x2f1, 0x40]}}]}, @NL80211_BAND_5GHZ={0x1c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_5GHZ={0xa4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x59b, 0x6, 0x6, 0x2, 0xc0b, 0x8, 0x8, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffd, 0x53, 0x7fff, 0xa, 0x2, 0x5, 0x1, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x4c2d, 0xdd9, 0x2, 0x1ff, 0x5, 0xd, 0x4]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x3b, 0x2, [{0x6, 0x5}, {0x6, 0x3}, {0x1, 0x7}, {0x7}, {0x5}, {0x0, 0x2}, {}, {0x0, 0x7}, {0x5, 0x5}, {0x4, 0x3}, {0x7, 0xa}, {0x6}, {0x4, 0x8}, {0x0, 0x3}, {0x5, 0x3}, {0x4, 0x8}, {0x3, 0x9}, {0x3}, {0x1, 0x4}, {0x3, 0x5}, {0x6, 0xa}, {0x5, 0x4}, {0x1, 0x5}, {0x2, 0x1}, {0x2, 0x5}, {0x7, 0x6}, {0x0, 0x1}, {0x7, 0xa}, {0x0, 0xa}, {0x6, 0x2}, {0x3, 0x2}, {0x3, 0x2}, {0x0, 0xa}, {0x5, 0x7}, {0x1, 0x8}, {0x0, 0x5}, {0x0, 0x5}, {0x7, 0x2}, {0x0, 0x1}, {0x4, 0x1}, {0x6, 0x1}, {0x2, 0x7}, {0x1, 0x7}, {0x0, 0x7}, {0x0, 0x5}, {0x1, 0x3}, {0x7, 0x1}, {0x6}, {0x3, 0xa}, {0x0, 0xa}, {0x1, 0x9}, {0x2, 0x8}, {0x1, 0xa}, {0x7}, {0x0, 0x2}]}]}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x3, 0x7ab9, 0x59, 0x9, 0x3, 0x6, 0x401]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x1, 0x3, 0xe9, 0xfff, 0x8, 0x9, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x72, 0x80, 0x4, 0x6cb5, 0xf6e2, 0xa67d, 0x10, 0x200]}}, @NL80211_TXRATE_HT={0x12, 0x2, [{0x0, 0x3}, {0x4, 0x6}, {0x2, 0xa}, {0x6, 0x7}, {0x0, 0x5}, {0x0, 0x3}, {0x7, 0xa}, {0x2, 0x6}, {0x5, 0x2}, {0x5, 0x5}, {0x5, 0x8}, {0x3, 0x2}, {0x7, 0xa}, {0x7, 0x3}]}]}]}, @NL80211_ATTR_TX_RATES={0x38, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x10, 0x2, [{0x2, 0x6}, {0x5, 0x5}, {0x1, 0x4}, {0x1, 0xa}, {0x6, 0x5}, {0x2, 0x8}, {0x7, 0x7}, {0x0, 0x5}, {0x3, 0xa}, {0x7, 0x6}, {0x7, 0x9}, {0x3, 0x3}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x3, 0x6}, {0x5, 0x2}, {0x4, 0x7}, {0x7, 0x2}, {0x7, 0x6}, {0x4, 0x7}, {0x6, 0x6}, {0x5, 0x5}, {0x3, 0x1}, {0x5, 0xa}, {0x2, 0x6}, {0x0, 0x7}, {0x0, 0x4}, {0x1, 0x2}, {0x7, 0x7}, {0x5, 0x6}, {0x0, 0x1}, {0x6, 0x9}, {0x5, 0x3}, {0x0, 0x2}]}]}]}]}, 0x768}, 0x1, 0x0, 0x0, 0xc1}, 0x4090)
fcntl$lock(r7, 0x26, &(0x7f0000000000))
fcntl$lock(r7, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x4004, 0xffffffffffffffff})
close(r7)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x4004e57e, &(0x7f00000021c0)=r0)

1.070438792s ago: executing program 3 (id=6432):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x7, 0x4, 0x3f0, 0x110, 0x1f8, 0x0, 0x110, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @multicast2, @empty}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @multicast2, @dev}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x119a}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}, 0x90)

970.37468ms ago: executing program 1 (id=6433):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000302015b800000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x9, 0x2}, 0x10)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
sendmsg$tipc(r3, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$selinux_context(r8, &(0x7f0000000340)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x4)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)

444.831383ms ago: executing program 4 (id=6434):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f0000000a00)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}], [{@euid_lt}, {@measure}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000ac0), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="240000006800b9f900000000000000000a00000000000000080001001200000004000b"], 0x24}}, 0x0)
creat(&(0x7f0000000040)='./file1\x00', 0x47)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x1, 0x1d1, 0x1}, 0x48)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaccaaaaaaaaaaaaaa080045e0001c00000000000290787f000001e00000011100907800000000"], 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4c", 0x4}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)

307.194465ms ago: executing program 1 (id=6435):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000600)='./bus\x00', 0x1c14744, &(0x7f0000000100), 0xff, 0x490, &(0x7f0000000f40)="$eJzs3M9vFFUcAPDvTLf8VFoRf4AkVtHY+KOlBZSDHjSaeNBEowc81rYQZKGG1kQI0WIMHg2Jd+PRxL/Akyejnky8eNC7ISFKTAAvrpndmba77lT6cxf380kW3tt5M+99++btvr632wB61lD2TxJxR0T8EhEDjWxzgaHGfzeuXZi8ee3CZBK12hu/J/Vy169dmCyKFuftzDPDaUT6cZJX0mz23PlTE9Xq9Nk8Pzp3+t3R2XPnnzp5euLE9InpM+NHjx4+NPbM0+NHms47sso4s/iu7/tgZv/el9+6/Orksctvf/9V1t40P740jvUylAX+R62u9dij611Zh/1dW4wzqXS6NdyqvojIuqu/Pv4Hoi8WO28gXvqoo40DNlT2mr21/PB8DfgfS6LTLQA6o3ijz37/zR/9mzT16ApXn2/8ApTFfiN/NI5UFtYGNvIHMhQRx+b/+jx7RMs6RK3NugEAwFp9k81/nmya/+XzjzTuXVJuV743NBgRd0XE7oi4OyL2RMQ9EfWy90XE/Susv3Vr6N/7MOmVVQV2i7L537P53lbz/K+Y/cVgX567sx5/f3L8ZHX6YP4zGY7+rVl+rN3Fi0u8+NOnZfUvnf9lj6z+Yi6YX+RKpWWBbmpibmK9JqVXL0bsq7SLP1nYCUgiYm9E7FvZpXcViZOPf7m/rNB/x7+Mddhnqn0R8Vij/+ejJf5Csvz+5Oi2qE4fHG3cFX1t6vjhx0uvldW/pvjXQdb/O5rv/5YSA38mS/drZ1dex6VfPyndW62s8v7fkrxZ39Pdkj/3/sTc3NmxiC3JK/V80/Pji+cW+aJ8Fv/wgfbjf3d+Thb/AxGxP+LnYtg9mPfdQxHxcEQcWCb+71545J2yY93Q/1NtX/8W7v/B5v5feaLv1Ldfl9XfGn+S5xdLZP1/uJ4azp+pv/7ltpdct7w52/ISq72bAQAA4PaT1j8bn6QjC+k0HRlpfIZ/T+xIqzOzc08cn3nvzFTjM/SD0Z8W658DS9ZDx5L5/IqN/Hi+VlwcP5SvG3/Wtz1Jojo9MjlTnepw7NDrdpaM/8xv7RazI+K5TW0hsKF8Xwt6V+v4TzvUDmDzef+H3mX8Q+8y/qF3FeP/9SXPfdhSpmQvALjNef+H3mX8Q+9aGP8XO9sOYPN5/4ee1O5L8sXfOFjDV/7XlKgs8+39Lk0Uq6Pd0p5TSURsbBWRdkekpYnI/4hFt7Rn5YmbtVWeXllmdN9qojOvRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOvtnwAAAP//aP7lHQ==")
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
getsockopt$inet_opts(0xffffffffffffffff, 0x6, 0x0, 0xffffffffffffffff, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x20040600)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e00)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x2}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
unshare(0x22020400)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x8, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000100000000000000000001163014000000100009500000000000000e3d2eb3cdb656091ae127ea6d8caea855406dd53fff9a390118b2981a1ee1250c828c3620232919c1b4b5e65c5953aed1fb8ab425e8daa9181a7f1151b5c798997a1ca3c8067a789f45dd670c5f531f01eed05720408bebff188bc5f56d86a11364b54b66cffcabba12725a594008d2928294b7af82a84ebdb63a5201ff78ad8307d09ca4f7983e519689a4ec0190e6bf95c57f4"], &(0x7f0000000100)='GPL\x00'}, 0x2a)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1400, 0x0)

250.73528ms ago: executing program 2 (id=6436):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x32}], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

237.468361ms ago: executing program 3 (id=6437):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x52, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x32}], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

85.312093ms ago: executing program 2 (id=6438):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d041bc700000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@bloom_filter={0x1e, 0xffff3ced, 0xc4, 0x2892, 0x1500, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x5, 0xa}, 0x48)
chmod(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="000000000000b708418dd5795f96a4c7000000000000bfa2000000000000ff010000f8ffffffb703000008000004000000000000850000000100000095000000000000000000000000cb43ff8f84c7772469cce264690876a15ee0dc8fc3222859f140167f14e0f7a6b384dd5da786ce63054327ad440fe954d154f3e62f80be4de1d3c6c377a3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000e80)={'vxcan0\x00', <r5=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000ec0)={0x1d, r5}, 0x10, &(0x7f0000001000)={&(0x7f0000000f80)={0x4, 0x210, 0x4, {0x0, 0x2710}, {0x0, 0xea60}, {0x4, 0x0, 0x1, 0x1}, 0x1, @can={{0x2}, 0x1, 0x7, 0x0, 0x0, "1f9eca5d28e12659"}}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x4)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x10, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000013000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000580)=[@efer={0x2, 0x800}], 0x1)
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[], 0x1c}}, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x1000, 0x5, 0x1012, r3, 0xb, '\x00', r5, r6, 0x5, 0x0, 0x1, 0x4}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
syz_usb_control_io(r2, &(0x7f00000002c0)={0x2c, &(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f0000000400)={0x2c, &(0x7f0000001080)=ANY=[@ANYBLOB="2008820000008208cf88ec8998df0fa402f859294857832535154f096bdbb65a6ab86734bbb1ee7a6686d0063b4345775dc457759d890859818ea6c96435cad83e74027b6f6cc0af9d09d862b195d2553fdb67013597ef8b877344d2642af428396bf9f2df43efed2535b95755bad7d72d44098b8f56eb343ff392004482513d33cf9251d87222ec969f44d3a442fcd9ce8c0c9d1df258188128a0c34cf260dccaa4d1e210ef1ea61f968ad50555b58534ef832d79cba0473e034a52ee8e757d6ca37ed4758f6d2146a5d84399599d33b370750b89f82c640a6caedeac81e95e2ac1b361b01020260ce2af7cd5db46fa2fe703e3a142d1e044d4f7e02b78ff2f8e69f515cd96e80d8a4881aec54d4fd999faa937b7da6d820932bfe0a2eca07a61f758a275d9be70567e775b49351c34b76059b53553af840ef7e39dc546b97fad673fcb1acbacc45febf72256ee7a31efa0274159732f3eb4d71348e53c46c475daab10f70bf6190f55ed3deaf523c1afb27f3655d9052a62f793ba0681a8b464c6df1f4154c0e222e9e1e7a1506523a9355416e94d2af36cb7ae"], &(0x7f0000000780)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f0000000080)={0x0, 0xf, 0x28, {0x5, 0xf, 0x28, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x7, 0x5, 0x3, 0x0, 0x34, [0xff3f, 0xffc0c0, 0xc000, 0xaccf629628bf8567, 0x24869007e0442f2f]}, @ptm_cap={0x3}]}}, &(0x7f0000000340)={0x20, 0x29, 0xf, {0xf, 0x29, 0x40, 0x4, 0x20, 0x6, "17307d44", "a7609f55"}}, &(0x7f0000000380)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x8, 0x30, 0xc1, 0xd0, 0xe1dd, 0x4}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000580)={0x20, 0xa, 0x83, "c34a31151953e22466b88f0d21a13fcad387a8429d44f4bbdbfd441324ce25ed316217802a43340e6cb7dd4ec13e560c116d453dbc03b3609812b16beb835050815c9cc1037f4ae8e6875ab6128cc728866f62209c780b0168453d08f5527bb7d4851b4ca29f3384f6ca6036bfbfd24bfe943dbbbe641856d8d0f60c090d1f9005b7e1"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x76}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x3, 0x1}}, &(0x7f0000000880)={0x20, 0x0, 0x8, {0x200, 0x5f, [0xff00]}}, &(0x7f00000008c0)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000900)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000940)={0x40, 0xb, 0x2, "168f"}, &(0x7f0000000980)={0x40, 0xf, 0x2, 0x84}, &(0x7f00000009c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000a00)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "fbb6"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x7f}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0x80}, &(0x7f0000000c00)={0x40, 0x21, 0x1, 0x8}})

84.833803ms ago: executing program 3 (id=6439):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x4, 0x600, 0x9, 0x408, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0xc}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4)
socket(0x0, 0x80000, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000540)="68d4cee035cebde691db361ccf7811ad6c6183c01250a336fb86dc70caddd6f907b60989a189130b7c4db2681ec8163d525d57ab9418275b8ea4562412b02bdbf9245a4b42476c00248d765993ae81e22c1eaf42c3bd674c377be4526be9a3e7fc01f94eafeec16a22344c711d76486e5d13821b4dd4409c90033b0e8137bd4f743782e40c4c8c6325aac6b53acf1db0a69cc3506b7cd932ecd52083f0ef5e4352a0c77a", 0xa4}, {&(0x7f0000000600)="9e3a1816edcbf5cfd931b409dbc2a9337b113d4cd93c05fd59a713dc43b26f96dc444492ea8d3f9753d32b48d5e77c6bf7f52848d8aa6cd4373ef58ae764c59d5fdf6dc99e2a84ef681443d47d19e81825d84f0f7eab24154f15931b2caa07e07f8dd2cf046159ccbbb14bb7c53f8a98a49f9b587e9e5d2b0e1469f558052b5a486ce7f5ce8a46d2677fb6f7dec5de1dc1d0ec634d829e9b7a", 0x99}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$inet6(0xa, 0x0, 0x87)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bind$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xa}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0xc00c004}, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010102, @rand_addr, {[@timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@private}, {@dev}, {@remote}, {@multicast2}]}]}}}}}}}, 0x0)
setns(r1, 0x24020000)
syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=6440):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200)=<r0=>0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6(0xa, 0x80000, 0x6)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x297880, 0x0)
mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1218024, &(0x7f00000005c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0xee01, @ANYBLOB=',uid=', @ANYRESHEX=0x0])
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000000d80)={0x2020}, 0x2020)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000040), 0x4)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)

kernel console output (not intermixed with test programs):

 descriptor too short (expected 65233, got 154)
[ 1090.894396][  T309] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1091.002864][  T309] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1091.017657][  T309] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1091.725078][  T309] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1091.767280][  T309] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1091.775194][  T309] usb 5-1: Product: syz
[ 1091.780917][  T309] usb 5-1: Manufacturer: syz
[ 1091.802725][  T309] usb 5-1: SerialNumber: syz
[ 1092.154690][  T309] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1092.165837][T22255] usb 4-1: new full-speed USB device number 124 using dummy_hcd
[ 1092.181571][  T309] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1092.189071][  T309] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1092.197388][  T309] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1092.484116][  T309] usb 5-1: 2:130: cannot set enable PITCH
[ 1092.511031][  T309] usb 5-1: USB disconnect, device number 117
[ 1092.688046][T22255] usb 4-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1092.698158][T22255] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1092.715194][T22255] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1092.734059][T22255] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1092.949828][T22255] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1092.959269][T22255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1092.967375][T22255] usb 4-1: Product: syz
[ 1092.971380][T22255] usb 4-1: Manufacturer: syz
[ 1092.993118][  T309] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[ 1093.012937][T22255] usb 4-1: SerialNumber: syz
[ 1093.021770][   T25] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1093.140228][T22585] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1093.322774][T22586] syz.0.6291 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1093.332534][T22586] CPU: 0 PID: 22586 Comm: syz.0.6291 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1093.342316][T22586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1093.352207][T22586] Call Trace:
[ 1093.355338][T22586]  dump_stack_lvl+0x1e2/0x24b
[ 1093.359840][T22586]  ? panic+0x812/0x812
[ 1093.363763][T22586]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1093.369042][T22586]  ? ___ratelimit+0x3f7/0x580
[ 1093.373562][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1093.378156][T22586]  dump_stack+0x15/0x17
[ 1093.382146][T22586]  dump_header+0xd8/0x6d0
[ 1093.386320][T22586]  oom_kill_process+0xef/0x2d0
[ 1093.390940][T22586]  out_of_memory+0x9bd/0xe10
[ 1093.395427][T22586]  ? unregister_oom_notifier+0x20/0x20
[ 1093.400720][T22586]  ? mutex_lock_killable+0xa5/0x110
[ 1093.405755][T22586]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1093.412090][T22586]  ? sched_clock_cpu+0x1b/0x3b0
[ 1093.416776][T22586]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1093.422162][T22586]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1093.427545][T22586]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1093.432746][T22586]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1093.438125][T22586]  try_charge+0xff2/0x15f0
[ 1093.442381][T22586]  ? __memcg_kmem_charge+0x180/0x180
[ 1093.447509][T22586]  ? __kasan_check_write+0x14/0x20
[ 1093.452445][T22586]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1093.457826][T22586]  __mem_cgroup_charge+0x147/0x6e0
[ 1093.462777][T22586]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1093.468158][T22586]  ? shmem_alloc_page+0x420/0x420
[ 1093.473021][T22586]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1093.478400][T22586]  ? find_lock_entry+0x1df/0x200
[ 1093.483177][T22586]  shmem_getpage_gfp+0xa65/0x2480
[ 1093.488036][T22586]  ? iov_iter_advance+0x827/0xb20
[ 1093.492892][T22586]  ? shmem_getpage+0xa0/0xa0
[ 1093.497318][T22586]  ? iov_iter_fault_in_readable+0x258/0x4f0
[ 1093.503077][T22586]  ? __kasan_check_write+0x14/0x20
[ 1093.507991][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1093.512601][T22586]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1093.517799][T22586]  shmem_write_begin+0xca/0x1b0
[ 1093.522487][T22586]  generic_perform_write+0x2cd/0x570
[ 1093.527607][T22586]  ? file_remove_privs+0x2af/0x570
[ 1093.532554][T22586]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1093.538192][T22586]  ? file_remove_privs+0x570/0x570
[ 1093.543148][T22586]  ? __kasan_check_write+0x14/0x20
[ 1093.548090][T22586]  __generic_file_write_iter+0x23c/0x560
[ 1093.553556][T22586]  ? generic_write_checks+0x3b9/0x470
[ 1093.558765][T22586]  generic_file_write_iter+0xaf/0x1c0
[ 1093.563974][T22586]  __kernel_write+0x5ab/0x9d0
[ 1093.568489][T22586]  ? vfs_read+0xba0/0xba0
[ 1093.572657][T22586]  ? cgroup_freezing+0x88/0xb0
[ 1093.577252][T22586]  ? freezing_slow_path+0x141/0x190
[ 1093.582284][T22586]  dump_emit+0x261/0x3a0
[ 1093.586454][T22586]  ? wait_for_dump_helpers+0x3b0/0x3b0
[ 1093.591744][T22586]  ? dump_emit+0x26f/0x3a0
[ 1093.595997][T22586]  dump_user_range+0x71/0x1a0
[ 1093.600511][T22586]  elf_core_dump+0x33bd/0x3c10
[ 1093.605234][T22586]  ? load_elf_binary+0x2750/0x2750
[ 1093.610175][T22586]  ? __fsnotify_parent+0x5ed/0x6c0
[ 1093.615120][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1093.619719][T22586]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[ 1093.626318][T22586]  ? shmem_setattr+0x17e/0x8b0
[ 1093.630922][T22586]  ? __kasan_check_read+0x11/0x20
[ 1093.635774][T22586]  ? unshare_files+0x1c5/0x2c0
[ 1093.640377][T22586]  ? cgroup_freezing+0x88/0xb0
[ 1093.644974][T22586]  ? freezing_slow_path+0x141/0x190
[ 1093.650010][T22586]  do_coredump+0x1eb8/0x2d60
[ 1093.654436][T22586]  ? asm_exc_page_fault+0x1e/0x30
[ 1093.659304][T22586]  ? simple_acl_create+0x2c0/0x2c0
[ 1093.664247][T22586]  ? kmem_cache_free+0xa9/0x1e0
[ 1093.668929][T22586]  ? ____kasan_slab_free+0x12c/0x160
[ 1093.674054][T22586]  ? kmem_cache_free+0xa9/0x1e0
[ 1093.678742][T22586]  get_signal+0x102c/0x1410
[ 1093.683080][T22586]  arch_do_signal_or_restart+0xbd/0x17c0
[ 1093.688549][T22586]  ? force_sig_fault+0x125/0x1c0
[ 1093.693319][T22586]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1093.698613][T22586]  ? __bad_area_nosemaphore+0x430/0x430
[ 1093.703997][T22586]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1093.709374][T22586]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1093.714758][T22586]  exit_to_user_mode_loop+0x9b/0xd0
[ 1093.719793][T22586]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1093.725193][T22586]  irqentry_exit+0x12/0x60
[ 1093.729424][T22586]  exc_page_fault+0x33d/0x5b0
[ 1093.733937][T22586]  ? asm_exc_page_fault+0x8/0x30
[ 1093.738709][T22586]  asm_exc_page_fault+0x1e/0x30
[ 1093.743397][T22586] RIP: 0033:0x7f841a194307
[ 1093.747652][T22586] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1093.767093][T22586] RSP: 002b:00007f8418eee120 EFLAGS: 00010202
[ 1093.772996][T22586] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f841a2d19f9
[ 1093.780831][T22586] RDX: 00007f8418eee140 RSI: 00007f8418eee270 RDI: 000000000000000b
[ 1093.788612][T22586] RBP: 00007f841a33f8ee R08: 0000000000000000 R09: 0000000000000000
[ 1093.796425][T22586] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1093.804236][T22586] R13: 0000000000000000 R14: 00007f841a46e130 R15: 00007ffe343633c8
[ 1093.812618][T22586] memory: usage 307200kB, limit 307200kB, failcnt 9748
[ 1093.819274][T22586] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1093.827226][T22586] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1093.833895][T22586] Memory cgroup stats for /syz0:
[ 1093.834021][T22586] anon 335872
[ 1093.834021][T22586] file 313995264
[ 1093.834021][T22586] kernel_stack 0
[ 1093.834021][T22586] percpu 0
[ 1093.834021][T22586] sock 0
[ 1093.834021][T22586] shmem 313995264
[ 1093.834021][T22586] file_mapped 11759616
[ 1093.834021][T22586] file_dirty 135168
[ 1093.834021][T22586] file_writeback 0
[ 1093.834021][T22586] anon_thp 0
[ 1093.834021][T22586] inactive_anon 303013888
[ 1093.834021][T22586] active_anon 11489280
[ 1093.834021][T22586] inactive_file 28672
[ 1093.834021][T22586] active_file 98304
[ 1093.834021][T22586] unevictable 0
[ 1093.834021][T22586] slab_reclaimable 0
[ 1093.834021][T22586] slab_unreclaimable 0
[ 1093.834021][T22586] slab 0
[ 1093.834021][T22586] workingset_refault_anon 0
[ 1093.834021][T22586] workingset_refault_file 22374
[ 1093.834021][T22586] workingset_activate_anon 0
[ 1093.834021][T22586] workingset_activate_file 594
[ 1093.834021][T22586] workingset_restore_anon 0
[ 1093.834021][T22586] workingset_restore_file 297
[ 1093.841029][   T25] usb 3-1: Using ep0 maxpacket: 32
[ 1093.928171][T22586] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6291,pid=22581,uid=0
[ 1093.933666][T22255] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1093.947837][T22586] Memory cgroup out of memory: OOM victim 22581 (syz.0.6291) is already exiting. Skip killing the task
[ 1093.952856][T22586] syz.0.6291 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1093.965865][T22255] usb 4-1: found format II with max.bitrate = 0, frame size=2
[ 1093.966996][T22586] CPU: 0 PID: 22586 Comm: syz.0.6291 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1093.976923][T22255] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1093.984829][T22586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1093.984834][T22586] Call Trace:
[ 1093.984854][T22586]  dump_stack_lvl+0x1e2/0x24b
[ 1093.984862][T22586]  ? panic+0x812/0x812
[ 1093.984880][T22586]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1093.995176][T22255] usb 4-1: found format II with max.bitrate = 0, frame size=2
[ 1094.002891][T22586]  ? ___ratelimit+0x3f7/0x580
[ 1094.002906][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1094.002926][T22586]  dump_stack+0x15/0x17
[ 1094.050137][T22586]  dump_header+0xd8/0x6d0
[ 1094.054293][T22586]  oom_kill_process+0xef/0x2d0
[ 1094.058889][T22586]  out_of_memory+0x9bd/0xe10
[ 1094.063320][T22586]  ? unregister_oom_notifier+0x20/0x20
[ 1094.068609][T22586]  ? mutex_lock_killable+0xa5/0x110
[ 1094.073643][T22586]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1094.079979][T22586]  ? sched_clock_cpu+0x1b/0x3b0
[ 1094.084668][T22586]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1094.090047][T22586]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1094.095428][T22586]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1094.100636][T22586]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1094.106103][T22586]  try_charge+0xff2/0x15f0
[ 1094.110361][T22586]  ? __memcg_kmem_charge+0x180/0x180
[ 1094.115479][T22586]  ? __kasan_check_write+0x14/0x20
[ 1094.120432][T22586]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1094.125891][T22586]  __mem_cgroup_charge+0x147/0x6e0
[ 1094.130841][T22586]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1094.136223][T22586]  ? shmem_alloc_page+0x420/0x420
[ 1094.141083][T22586]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1094.146464][T22586]  ? find_lock_entry+0x1df/0x200
[ 1094.151234][T22586]  shmem_getpage_gfp+0xa65/0x2480
[ 1094.156099][T22586]  ? iov_iter_advance+0x827/0xb20
[ 1094.160954][T22586]  ? shmem_getpage+0xa0/0xa0
[ 1094.165385][T22586]  ? iov_iter_fault_in_readable+0x258/0x4f0
[ 1094.171110][T22586]  ? __kasan_check_write+0x14/0x20
[ 1094.176057][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1094.180681][T22586]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1094.185881][T22586]  shmem_write_begin+0xca/0x1b0
[ 1094.190566][T22586]  generic_perform_write+0x2cd/0x570
[ 1094.195695][T22586]  ? file_remove_privs+0x2af/0x570
[ 1094.200630][T22586]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1094.206268][T22586]  ? file_remove_privs+0x570/0x570
[ 1094.211219][T22586]  ? __kasan_check_write+0x14/0x20
[ 1094.216162][T22586]  __generic_file_write_iter+0x23c/0x560
[ 1094.221629][T22586]  ? generic_write_checks+0x3b9/0x470
[ 1094.226921][T22586]  generic_file_write_iter+0xaf/0x1c0
[ 1094.232131][T22586]  __kernel_write+0x5ab/0x9d0
[ 1094.236641][T22586]  ? vfs_read+0xba0/0xba0
[ 1094.240809][T22586]  ? cgroup_freezing+0x88/0xb0
[ 1094.245422][T22586]  ? freezing_slow_path+0x141/0x190
[ 1094.250438][T22586]  dump_emit+0x261/0x3a0
[ 1094.254521][T22586]  ? wait_for_dump_helpers+0x3b0/0x3b0
[ 1094.259809][T22586]  ? dump_emit+0x26f/0x3a0
[ 1094.264064][T22586]  dump_user_range+0x71/0x1a0
[ 1094.268582][T22586]  elf_core_dump+0x33bd/0x3c10
[ 1094.273183][T22586]  ? load_elf_binary+0x2750/0x2750
[ 1094.278140][T22586]  ? __fsnotify_parent+0x5ed/0x6c0
[ 1094.283074][T22586]  ? _raw_spin_lock+0xa4/0x1b0
[ 1094.287673][T22586]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[ 1094.294275][T22586]  ? shmem_setattr+0x17e/0x8b0
[ 1094.298873][T22586]  ? __kasan_check_read+0x11/0x20
[ 1094.303727][T22586]  ? unshare_files+0x1c5/0x2c0
[ 1094.308331][T22586]  ? cgroup_freezing+0x88/0xb0
[ 1094.312929][T22586]  ? freezing_slow_path+0x141/0x190
[ 1094.317964][T22586]  do_coredump+0x1eb8/0x2d60
[ 1094.322391][T22586]  ? asm_exc_page_fault+0x1e/0x30
[ 1094.327256][T22586]  ? simple_acl_create+0x2c0/0x2c0
[ 1094.332200][T22586]  ? kmem_cache_free+0xa9/0x1e0
[ 1094.336882][T22586]  ? ____kasan_slab_free+0x12c/0x160
[ 1094.342004][T22586]  ? kmem_cache_free+0xa9/0x1e0
[ 1094.346691][T22586]  get_signal+0x102c/0x1410
[ 1094.351034][T22586]  arch_do_signal_or_restart+0xbd/0x17c0
[ 1094.356500][T22586]  ? force_sig_fault+0x125/0x1c0
[ 1094.361271][T22586]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1094.366565][T22586]  ? __bad_area_nosemaphore+0x430/0x430
[ 1094.372082][T22586]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1094.377452][T22586]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1094.382917][T22586]  exit_to_user_mode_loop+0x9b/0xd0
[ 1094.387949][T22586]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1094.393331][T22586]  irqentry_exit+0x12/0x60
[ 1094.397577][T22586]  exc_page_fault+0x33d/0x5b0
[ 1094.402099][T22586]  ? asm_exc_page_fault+0x8/0x30
[ 1094.406865][T22586]  asm_exc_page_fault+0x1e/0x30
[ 1094.411550][T22586] RIP: 0033:0x7f841a194307
[ 1094.415806][T22586] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1094.435245][T22586] RSP: 002b:00007f8418eee120 EFLAGS: 00010202
[ 1094.441146][T22586] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f841a2d19f9
[ 1094.448953][T22586] RDX: 00007f8418eee140 RSI: 00007f8418eee270 RDI: 000000000000000b
[ 1094.456763][T22586] RBP: 00007f841a33f8ee R08: 0000000000000000 R09: 0000000000000000
[ 1094.464664][T22586] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1094.472473][T22586] R13: 0000000000000000 R14: 00007f841a46e130 R15: 00007ffe343633c8
[ 1094.480792][T22586] memory: usage 307200kB, limit 307200kB, failcnt 9819
[ 1094.487713][T22586] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1094.495492][T22586] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1094.502133][T22586] Memory cgroup stats for /syz0:
[ 1094.502254][T22586] anon 335872
[ 1094.502254][T22586] file 314130432
[ 1094.502254][T22586] kernel_stack 0
[ 1094.502254][T22586] percpu 0
[ 1094.502254][T22586] sock 0
[ 1094.502254][T22586] shmem 314130432
[ 1094.502254][T22586] file_mapped 11759616
[ 1094.502254][T22586] file_dirty 135168
[ 1094.502254][T22586] file_writeback 0
[ 1094.502254][T22586] anon_thp 0
[ 1094.502254][T22586] inactive_anon 302608384
[ 1094.502254][T22586] active_anon 12029952
[ 1094.502254][T22586] inactive_file 28672
[ 1094.502254][T22586] active_file 98304
[ 1094.502254][T22586] unevictable 0
[ 1094.502254][T22586] slab_reclaimable 0
[ 1094.502254][T22586] slab_unreclaimable 0
[ 1094.502254][T22586] slab 0
[ 1094.502254][T22586] workingset_refault_anon 0
[ 1094.502254][T22586] workingset_refault_file 22374
[ 1094.502254][T22586] workingset_activate_anon 0
[ 1094.502254][T22586] workingset_activate_file 594
[ 1094.502254][T22586] workingset_restore_anon 0
[ 1094.502254][T22586] workingset_restore_file 297
[ 1094.596323][T22586] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6291,pid=22586,uid=0
[ 1094.596384][T22586] Memory cgroup out of memory: Killed process 22586 (syz.0.6291) total-vm:89164kB, anon-rss:836kB, file-rss:14464kB, shmem-rss:10496kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1094.620427][T22255] usb 4-1: 2:130: cannot set enable PITCH
[ 1094.712693][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1094.717084][  T309] usb 5-1: Using ep0 maxpacket: 8
[ 1094.726961][T22255] usb 4-1: USB disconnect, device number 124
[ 1094.734983][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1094.747784][   T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1094.764871][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.812877][   T25] usb 3-1: config 0 descriptor??
[ 1094.835397][T22595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6292'.
[ 1094.882526][T22576] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1094.966237][   T25] hub 3-1:0.0: USB hub found
[ 1094.983795][  T309] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1094.994790][  T309] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1095.004997][  T309] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1095.018194][  T309] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1095.104391][  T309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1095.113881][  T309] usb 5-1: config 0 descriptor??
[ 1095.214168][   T25] hub 3-1:0.0: 2 ports detected
[ 1095.570942][   T24] kauditd_printk_skb: 37 callbacks suppressed
[ 1095.570956][   T24] audit: type=1326 audit(1110.106:22069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.601309][   T24] audit: type=1326 audit(1110.106:22070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.625235][   T24] audit: type=1326 audit(1110.117:22071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.649593][   T24] audit: type=1326 audit(1110.117:22072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.673256][   T24] audit: type=1326 audit(1110.117:22073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.679103][  T309] usbhid 5-1:0.0: can't add hid device: -71
[ 1095.699941][   T24] audit: type=1326 audit(1110.117:22074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.703519][  T309] usbhid: probe of 5-1:0.0 failed with error -71
[ 1095.736647][T18997] udevd[18997]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1095.752565][  T309] usb 5-1: USB disconnect, device number 118
[ 1095.760787][   T24] audit: type=1326 audit(1110.117:22075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.795469][   T24] audit: type=1326 audit(1110.117:22076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.797435][T22611] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6299'.
[ 1095.822037][   T24] audit: type=1326 audit(1110.169:22077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.850776][   T24] audit: type=1326 audit(1110.169:22078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22598 comm="syz.3.6296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0052e9f9 code=0x7ffc0000
[ 1095.896859][T22616] device syzkaller0 entered promiscuous mode
[ 1095.906378][T18902] udevd[18902]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1095.964813][   T25] hub 3-1:0.0: set hub depth failed
[ 1096.030892][   T25] usb 3-1: USB disconnect, device number 100
[ 1096.231647][T22217] usb 4-1: new full-speed USB device number 125 using dummy_hcd
[ 1096.622363][T22217] usb 4-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1096.638505][T22217] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1096.657411][T22217] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1096.678233][T22217] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1096.890346][T22646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6309'.
[ 1097.054182][T22217] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1097.063158][T22217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.071396][T22217] usb 4-1: Product: syz
[ 1097.075586][T22217] usb 4-1: Manufacturer: syz
[ 1097.085171][T22217] usb 4-1: SerialNumber: syz
[ 1097.708818][T22622] udc-core: couldn't find an available UDC or it's busy
[ 1097.723865][T22622] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1097.776535][T22661] FAULT_INJECTION: forcing a failure.
[ 1097.776535][T22661] name failslab, interval 1, probability 0, space 0, times 0
[ 1097.793714][T22661] CPU: 1 PID: 22661 Comm: syz.2.6313 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1097.803590][T22661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1097.813481][T22661] Call Trace:
[ 1097.816617][T22661]  dump_stack_lvl+0x1e2/0x24b
[ 1097.821118][T22661]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1097.826430][T22661]  ? lruvec_init+0x140/0x150
[ 1097.830844][T22661]  dump_stack+0x15/0x17
[ 1097.834835][T22661]  should_fail+0x3c6/0x510
[ 1097.839092][T22661]  ? __anon_vma_prepare+0x51/0x430
[ 1097.844036][T22661]  __should_failslab+0xa4/0xe0
[ 1097.848630][T22661]  should_failslab+0x9/0x20
[ 1097.852975][T22661]  kmem_cache_alloc+0x3d/0x2e0
[ 1097.857572][T22661]  __anon_vma_prepare+0x51/0x430
[ 1097.862344][T22661]  ? __kasan_check_write+0x14/0x20
[ 1097.867291][T22661]  ? _raw_spin_lock+0xa4/0x1b0
[ 1097.871893][T22661]  handle_pte_fault+0x3576/0x3e30
[ 1097.876751][T22661]  ? __pmd_alloc+0x374/0x410
[ 1097.881180][T22661]  ? _raw_spin_unlock+0x4d/0x70
[ 1097.885865][T22661]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1097.891254][T22661]  ? __pud_alloc+0x260/0x260
[ 1097.895676][T22661]  ? __this_cpu_preempt_check+0x13/0x20
[ 1097.901054][T22661]  handle_mm_fault+0x11d6/0x1a10
[ 1097.905829][T22661]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1097.910600][T22661]  ? arch_stack_walk+0xf3/0x140
[ 1097.915289][T22661]  ? stack_trace_save+0x113/0x1c0
[ 1097.920147][T22661]  ? follow_page+0x230/0x230
[ 1097.924571][T22661]  ? vmacache_update+0x77/0x120
[ 1097.929259][T22661]  ? find_extend_vma+0xc8/0x260
[ 1097.933945][T22661]  __get_user_pages+0xb31/0x11b0
[ 1097.938723][T22661]  ? populate_vma_page_range+0xf0/0xf0
[ 1097.944014][T22661]  ? avc_has_perm_noaudit+0x158/0x240
[ 1097.949222][T22661]  __get_user_pages_remote+0x2df/0xa10
[ 1097.954517][T22661]  ? __kasan_check_write+0x14/0x20
[ 1097.959466][T22661]  ? _raw_write_lock+0xa4/0x170
[ 1097.964148][T22661]  ? _raw_write_trylock+0x1a0/0x1a0
[ 1097.969183][T22661]  ? get_user_pages_remote+0xb0/0xb0
[ 1097.974303][T22661]  ? trace_raw_output_vm_unmapped_area+0x210/0x210
[ 1097.980640][T22661]  ? _raw_write_unlock+0x2e/0x60
[ 1097.985415][T22661]  get_user_pages_remote+0x74/0xb0
[ 1097.990362][T22661]  get_arg_page+0xf1/0x2b0
[ 1097.994613][T22661]  ? copy_string_kernel+0x390/0x390
[ 1097.999647][T22661]  ? __kasan_check_write+0x14/0x20
[ 1098.004593][T22661]  ? copy_string_kernel+0x26/0x390
[ 1098.009540][T22661]  copy_string_kernel+0x16b/0x390
[ 1098.014413][T22661]  do_execveat_common+0x65d/0xac0
[ 1098.019265][T22661]  __x64_sys_execveat+0xdb/0xf0
[ 1098.023951][T22661]  do_syscall_64+0x34/0x70
[ 1098.028202][T22661]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1098.033932][T22661] RIP: 0033:0x7f11819159f9
[ 1098.038184][T22661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1098.057623][T22661] RSP: 002b:00007f1180593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1098.065869][T22661] RAX: ffffffffffffffda RBX: 00007f1181ab1f80 RCX: 00007f11819159f9
[ 1098.073854][T22661] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c
[ 1098.081663][T22661] RBP: 00007f1180593090 R08: 0000000000000000 R09: 0000000000000000
[ 1098.089475][T22661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1098.097291][T22661] R13: 0000000000000000 R14: 00007f1181ab1f80 R15: 00007ffe45ae96f8
[ 1098.171095][T22675] syz.2.6318[22675] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1098.171144][T22675] syz.2.6318[22675] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1098.195276][T22678] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6315'.
[ 1098.252141][T22217] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1098.260708][T22217] usb 4-1: found format II with max.bitrate = 0, frame size=2
[ 1098.268069][T22217] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1098.276567][T22217] usb 4-1: found format II with max.bitrate = 0, frame size=2
[ 1098.317659][T22217] usb 4-1: 2:130: cannot set enable PITCH
[ 1098.349462][T22217] usb 4-1: USB disconnect, device number 125
[ 1098.461505][T22267] usb 2-1: new full-speed USB device number 121 using dummy_hcd
[ 1098.593822][T15595] usb 3-1: new full-speed USB device number 101 using dummy_hcd
[ 1098.595119][T20634] udevd[20634]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1098.889165][T22267] usb 2-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1098.899850][T22267] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1098.910005][T22267] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1098.921088][T22267] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1099.041600][T15595] usb 3-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1099.049896][T15595] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1099.058417][T15595] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1099.069008][T15595] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1099.077190][T22695] syz.0.6325 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1099.089403][T22695] CPU: 1 PID: 22695 Comm: syz.0.6325 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1099.099203][T22695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1099.109098][T22695] Call Trace:
[ 1099.112239][T22695]  dump_stack_lvl+0x1e2/0x24b
[ 1099.116738][T22695]  ? panic+0x812/0x812
[ 1099.120671][T22695]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1099.125944][T22695]  ? ___ratelimit+0x3f7/0x580
[ 1099.130457][T22695]  ? _raw_spin_lock+0xa4/0x1b0
[ 1099.135051][T22695]  dump_stack+0x15/0x17
[ 1099.139047][T22695]  dump_header+0xd8/0x6d0
[ 1099.143209][T22695]  oom_kill_process+0xef/0x2d0
[ 1099.147816][T22695]  out_of_memory+0x9bd/0xe10
[ 1099.152234][T22695]  ? unregister_oom_notifier+0x20/0x20
[ 1099.157532][T22695]  ? mutex_lock_killable+0xa5/0x110
[ 1099.162570][T22695]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1099.169051][T22695]  ? sched_clock_cpu+0x1b/0x3b0
[ 1099.173855][T22695]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1099.179229][T22695]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1099.184614][T22695]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1099.189821][T22695]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1099.195321][T22695]  try_charge+0xff2/0x15f0
[ 1099.199576][T22695]  ? __alloc_pages_nodemask+0x435/0xaf0
[ 1099.205129][T22695]  ? __memcg_kmem_charge+0x180/0x180
[ 1099.210365][T22695]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1099.215744][T22695]  __mem_cgroup_charge+0x147/0x6e0
[ 1099.220703][T22695]  handle_pte_fault+0x17cb/0x3e30
[ 1099.225561][T22695]  ? __handle_speculative_fault+0x483/0x1e90
[ 1099.231359][T22695]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1099.232186][T15595] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1099.236749][T22695]  ? __this_cpu_preempt_check+0x13/0x20
[ 1099.236763][T22695]  handle_mm_fault+0x11d6/0x1a10
[ 1099.236782][T22695]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1099.236798][T22695]  ? change_protection+0x1680/0x1680
[ 1099.245762][T15595] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.250985][T22695]  ? down_read_trylock+0x179/0x1d0
[ 1099.251010][T22695]  ? __kasan_check_write+0x14/0x20
[ 1099.257672][T15595] usb 3-1: Product: syz
[ 1099.260528][T22695]  ? put_vma+0x8f/0xb0
[ 1099.260539][T22695]  ? can_reuse_spf_vma+0xc5/0xe0
[ 1099.260551][T22695]  exc_page_fault+0x2a6/0x5b0
[ 1099.260564][T22695]  ? asm_exc_page_fault+0x8/0x30
[ 1099.260580][T22695]  asm_exc_page_fault+0x1e/0x30
[ 1099.266181][T15595] usb 3-1: Manufacturer: syz
[ 1099.273544][T22695] RIP: 0033:0x7f841a289166
[ 1099.273557][T22695] Code: 8d 3c 30 4c 89 de 4c 89 54 24 38 e8 64 89 04 00 4c 8b 54 24 38 85 c0 0f 85 57 01 00 00 48 8b 44 24 28 48 89 df 4c 89 54 24 38 <4c> 89 93 98 06 00 00 48 89 83 90 06 00 00 48 8d 83 10 03 00 00 4c
[ 1099.273564][T22695] RSP: 002b:00007ffe34363370 EFLAGS: 00010246
[ 1099.273575][T22695] RAX: 00007f8418f0e000 RBX: 00007f8418f2e6c0 RCX: 00007f841a2d1ab7
[ 1099.273589][T22695] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f8418f2e6c0
[ 1099.278949][T15595] usb 3-1: SerialNumber: syz
[ 1099.283438][T22695] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[ 1099.283445][T22695] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffe343634c0
[ 1099.283451][T22695] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[ 1099.284074][T22695] memory: usage 307076kB, limit 307200kB, failcnt 10778
[ 1099.395230][T22695] memory+swap: usage 307076kB, limit 9007199254740988kB, failcnt 0
[ 1099.403180][T22695] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1099.409871][T22695] Memory cgroup stats for /syz0:
[ 1099.409999][T22695] anon 200704
[ 1099.409999][T22695] file 314130432
[ 1099.409999][T22695] kernel_stack 0
[ 1099.409999][T22695] percpu 0
[ 1099.409999][T22695] sock 0
[ 1099.409999][T22695] shmem 314130432
[ 1099.409999][T22695] file_mapped 11759616
[ 1099.409999][T22695] file_dirty 135168
[ 1099.409999][T22695] file_writeback 0
[ 1099.409999][T22695] anon_thp 0
[ 1099.409999][T22695] inactive_anon 314232832
[ 1099.409999][T22695] active_anon 270336
[ 1099.409999][T22695] inactive_file 163840
[ 1099.409999][T22695] active_file 0
[ 1099.409999][T22695] unevictable 0
[ 1099.409999][T22695] slab_reclaimable 0
[ 1099.409999][T22695] slab_unreclaimable 0
[ 1099.409999][T22695] slab 0
[ 1099.409999][T22695] workingset_refault_anon 0
[ 1099.409999][T22695] workingset_refault_file 23199
[ 1099.409999][T22695] workingset_activate_anon 0
[ 1099.409999][T22695] workingset_activate_file 627
[ 1099.409999][T22695] workingset_restore_anon 0
[ 1099.409999][T22695] workingset_restore_file 297
[ 1099.456490][T22267] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1099.512392][T22695] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6325,pid=22695,uid=0
[ 1099.512563][T22267] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.535063][T22695] Memory cgroup out of memory: Killed process 22695 (syz.0.6325) total-vm:89032kB, anon-rss:664kB, file-rss:15880kB, shmem-rss:11348kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1099.535190][T22267] usb 2-1: Product: syz
[ 1099.556817][   T27] oom_reaper: reaped process 22695 (syz.0.6325), now anon-rss:0kB, file-rss:15132kB, shmem-rss:11480kB
[ 1099.567979][T22267] usb 2-1: Manufacturer: syz
[ 1099.572466][T22267] usb 2-1: SerialNumber: syz
[ 1099.813363][T15595] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1099.822502][T15595] usb 3-1: found format II with max.bitrate = 0, frame size=2
[ 1099.829905][T15595] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1099.838159][T15595] usb 3-1: found format II with max.bitrate = 0, frame size=2
[ 1099.879796][T15595] usb 3-1: 2:130: cannot set enable PITCH
[ 1099.906976][T15595] usb 3-1: USB disconnect, device number 101
[ 1099.935914][T22714] udc-core: couldn't find an available UDC or it's busy
[ 1099.942756][T22714] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1100.023126][T22217] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1100.032866][   T25] usb 5-1: new full-speed USB device number 119 using dummy_hcd
[ 1100.284266][T22722] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6335'.
[ 1100.413456][   T25] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1100.413743][T22217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1100.432884][   T25] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1100.441591][   T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1100.454325][   T25] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1100.465347][T22217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1100.475016][T22217] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[ 1100.483870][T22217] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1100.492652][T22217] usb 1-1: config 0 descriptor??
[ 1100.661012][   T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1100.670040][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.677862][   T25] usb 5-1: Product: syz
[ 1100.681899][   T25] usb 5-1: Manufacturer: syz
[ 1100.686230][   T25] usb 5-1: SerialNumber: syz
[ 1100.930101][T22713] udc-core: couldn't find an available UDC or it's busy
[ 1100.937144][T22713] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1101.072061][T22217] usbhid 1-1:0.0: can't add hid device: -71
[ 1101.078083][T22217] usbhid: probe of 1-1:0.0 failed with error -71
[ 1101.087883][T22217] usb 1-1: USB disconnect, device number 127
[ 1101.156726][T22267] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1101.227273][T22267] usb 2-1: found format II with max.bitrate = 0, frame size=2
[ 1101.252719][T22267] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1101.262088][T22267] usb 2-1: found format II with max.bitrate = 0, frame size=2
[ 1101.375617][T22267] usb 2-1: 2:130: cannot set enable PITCH
[ 1101.422856][T22267] usb 2-1: USB disconnect, device number 121
[ 1101.518911][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1101.527803][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1101.535515][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1101.546639][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1101.681639][   T24] kauditd_printk_skb: 78 callbacks suppressed
[ 1101.681653][   T24] audit: type=1326 audit(1116.699:22157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1101.717137][   T24] audit: type=1326 audit(1116.731:22158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1101.740433][   T24] audit: type=1326 audit(1116.731:22159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1101.764405][   T24] audit: type=1326 audit(1116.731:22160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1101.766486][   T25] usb 5-1: 2:130: cannot set enable PITCH
[ 1101.787831][   T24] audit: type=1326 audit(1116.731:22161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.356357][   T25] usb 5-1: USB disconnect, device number 119
[ 1102.396720][   T24] audit: type=1326 audit(1116.731:22162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.489381][   T24] audit: type=1326 audit(1116.731:22163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.513407][   T24] audit: type=1326 audit(1116.752:22164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.620130][   T24] audit: type=1326 audit(1116.752:22165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.650222][T20634] udevd[20634]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1102.689588][   T24] audit: type=1326 audit(1116.752:22166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22741 comm="syz.0.6340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1102.919546][T22265] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1103.070910][   T25] usb 5-1: new full-speed USB device number 120 using dummy_hcd
[ 1103.235177][T22265] usb 3-1: Using ep0 maxpacket: 16
[ 1103.518665][   T25] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1103.526977][   T25] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1103.535487][   T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1103.546144][T22265] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1103.555024][T22267] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1103.562527][   T25] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1103.573380][T22265] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1103.581133][T22265] usb 3-1: Product: syz
[ 1103.585131][T22265] usb 3-1: Manufacturer: syz
[ 1103.589628][T22265] usb 3-1: SerialNumber: syz
[ 1103.595074][T22265] usb 3-1: config 0 descriptor??
[ 1103.756795][   T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1103.765691][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1103.773778][   T25] usb 5-1: Product: syz
[ 1103.779695][   T25] usb 5-1: Manufacturer: syz
[ 1103.784215][   T25] usb 5-1: SerialNumber: syz
[ 1103.873223][T22780] syz.0.6351 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1103.882925][T22780] CPU: 1 PID: 22780 Comm: syz.0.6351 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1103.892660][T22780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1103.902551][T22780] Call Trace:
[ 1103.905692][T22780]  dump_stack_lvl+0x1e2/0x24b
[ 1103.910192][T22780]  ? panic+0x812/0x812
[ 1103.914098][T22780]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1103.919396][T22780]  ? ___ratelimit+0x3f7/0x580
[ 1103.923916][T22780]  ? _raw_spin_lock+0xa4/0x1b0
[ 1103.928502][T22780]  dump_stack+0x15/0x17
[ 1103.932495][T22780]  dump_header+0xd8/0x6d0
[ 1103.936659][T22780]  oom_kill_process+0xef/0x2d0
[ 1103.941260][T22780]  out_of_memory+0x9bd/0xe10
[ 1103.945689][T22780]  ? unregister_oom_notifier+0x20/0x20
[ 1103.950986][T22780]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1103.956361][T22780]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1103.961745][T22780]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1103.966952][T22780]  ? preempt_schedule_thunk+0x16/0x18
[ 1103.972158][T22780]  try_charge+0xff2/0x15f0
[ 1103.976420][T22780]  ? __alloc_pages_nodemask+0x435/0xaf0
[ 1103.981792][T22780]  ? __memcg_kmem_charge+0x180/0x180
[ 1103.986916][T22780]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1103.992293][T22780]  __mem_cgroup_charge+0x147/0x6e0
[ 1103.997242][T22780]  handle_pte_fault+0x17cb/0x3e30
[ 1104.002106][T22780]  ? __pmd_alloc+0x374/0x410
[ 1104.006528][T22780]  ? _raw_spin_unlock+0x4d/0x70
[ 1104.011213][T22780]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1104.016596][T22780]  ? __pud_alloc+0x260/0x260
[ 1104.021021][T22780]  ? __get_user_pages+0xb07/0x11b0
[ 1104.025970][T22780]  handle_mm_fault+0x11d6/0x1a10
[ 1104.030745][T22780]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1104.035517][T22780]  ? preempt_schedule_irq+0xe7/0x140
[ 1104.040637][T22780]  ? preempt_schedule_notrace+0x140/0x140
[ 1104.046193][T22780]  ? follow_page+0x230/0x230
[ 1104.050617][T22780]  ? __get_user_pages+0xa8a/0x11b0
[ 1104.055563][T22780]  ? __get_user_pages+0xa95/0x11b0
[ 1104.060514][T22780]  __get_user_pages+0xb31/0x11b0
[ 1104.065289][T22780]  ? populate_vma_page_range+0xf0/0xf0
[ 1104.070581][T22780]  ? __get_user_pages_remote+0x26a/0xa10
[ 1104.076049][T22780]  __get_user_pages_remote+0x2df/0xa10
[ 1104.081344][T22780]  ? get_user_pages_remote+0xb0/0xb0
[ 1104.086461][T22780]  ? trace_raw_output_vm_unmapped_area+0x210/0x210
[ 1104.092801][T22780]  get_user_pages_remote+0x74/0xb0
[ 1104.097745][T22780]  get_arg_page+0xf1/0x2b0
[ 1104.101999][T22780]  ? copy_string_kernel+0x390/0x390
[ 1104.107033][T22780]  ? sysvec_reschedule_ipi+0x83/0x160
[ 1104.112238][T22780]  ? copy_string_kernel+0x26/0x390
[ 1104.117187][T22780]  copy_string_kernel+0x16b/0x390
[ 1104.122047][T22780]  do_execveat_common+0x65d/0xac0
[ 1104.126907][T22780]  __x64_sys_execveat+0xdb/0xf0
[ 1104.131596][T22780]  do_syscall_64+0x34/0x70
[ 1104.135851][T22780]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1104.141575][T22780] RIP: 0033:0x7f841a2d19f9
[ 1104.145832][T22780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1104.165433][T22780] RSP: 002b:00007f8418f0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1104.173670][T22780] RAX: ffffffffffffffda RBX: 00007f841a46e130 RCX: 00007f841a2d19f9
[ 1104.181480][T22780] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffffff
[ 1104.189291][T22780] RBP: 00007f841a33f8ee R08: 0000000000001000 R09: 0000000000000000
[ 1104.197105][T22780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1104.204912][T22780] R13: 0000000000000001 R14: 00007f841a46e130 R15: 00007ffe343633c8
[ 1104.212938][T22780] memory: usage 307084kB, limit 307200kB, failcnt 10860
[ 1104.219730][T22780] memory+swap: usage 307084kB, limit 9007199254740988kB, failcnt 0
[ 1104.227478][T22780] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1104.234118][T22780] Memory cgroup stats for /syz0:
[ 1104.234260][T22780] anon 200704
[ 1104.234260][T22780] file 314265600
[ 1104.234260][T22780] kernel_stack 0
[ 1104.234260][T22780] percpu 0
[ 1104.234260][T22780] sock 0
[ 1104.234260][T22780] shmem 314265600
[ 1104.234260][T22780] file_mapped 11759616
[ 1104.234260][T22780] file_dirty 135168
[ 1104.234260][T22780] file_writeback 0
[ 1104.234260][T22780] anon_thp 0
[ 1104.234260][T22780] inactive_anon 314232832
[ 1104.234260][T22780] active_anon 270336
[ 1104.234260][T22780] inactive_file 20480
[ 1104.234260][T22780] active_file 0
[ 1104.234260][T22780] unevictable 0
[ 1104.234260][T22780] slab_reclaimable 0
[ 1104.234260][T22780] slab_unreclaimable 0
[ 1104.234260][T22780] slab 0
[ 1104.234260][T22780] workingset_refault_anon 0
[ 1104.234260][T22780] workingset_refault_file 23265
[ 1104.234260][T22780] workingset_activate_anon 0
[ 1104.234260][T22780] workingset_activate_file 627
[ 1104.234260][T22780] workingset_restore_anon 0
[ 1104.234260][T22780] workingset_restore_file 297
[ 1104.258329][T22267] usb 2-1: device descriptor read/64, error -71
[ 1104.327735][T22780] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6351,pid=22777,uid=0
[ 1104.327816][T22780] Memory cgroup out of memory: Killed process 22777 (syz.0.6351) total-vm:87116kB, anon-rss:672kB, file-rss:15812kB, shmem-rss:11348kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1104.334321][T22265] r8152 3-1:0.0: Unknown version 0x0000
[ 1104.410910][T22265] usb 3-1: USB disconnect, device number 102
[ 1104.456824][T22792] udc-core: couldn't find an available UDC or it's busy
[ 1104.480470][T22792] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1104.814140][T22267] usb 2-1: device descriptor read/64, error -71
[ 1104.908007][T22798] syz.0.6355 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1104.917773][T22798] CPU: 1 PID: 22798 Comm: syz.0.6355 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1104.927545][T22798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1104.937434][T22798] Call Trace:
[ 1104.940576][T22798]  dump_stack_lvl+0x1e2/0x24b
[ 1104.945077][T22798]  ? panic+0x812/0x812
[ 1104.948983][T22798]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1104.954282][T22798]  ? ___ratelimit+0x3f7/0x580
[ 1104.958797][T22798]  ? _raw_spin_lock+0xa4/0x1b0
[ 1104.963389][T22798]  dump_stack+0x15/0x17
[ 1104.967383][T22798]  dump_header+0xd8/0x6d0
[ 1104.971546][T22798]  oom_kill_process+0xef/0x2d0
[ 1104.976147][T22798]  out_of_memory+0x9bd/0xe10
[ 1104.980576][T22798]  ? unregister_oom_notifier+0x20/0x20
[ 1104.985877][T22798]  ? mutex_lock_killable+0xa5/0x110
[ 1104.990903][T22798]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1104.997242][T22798]  ? sched_clock_cpu+0x1b/0x3b0
[ 1105.001930][T22798]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1105.007315][T22798]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1105.012689][T22798]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1105.017902][T22798]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1105.023276][T22798]  try_charge+0xff2/0x15f0
[ 1105.027530][T22798]  ? __memcg_kmem_charge+0x180/0x180
[ 1105.032654][T22798]  ? __kasan_check_read+0x11/0x20
[ 1105.037508][T22798]  ? __vm_enough_memory+0x119/0x2f0
[ 1105.042540][T22798]  ? __kasan_check_write+0x14/0x20
[ 1105.047488][T22798]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1105.052868][T22798]  __mem_cgroup_charge+0x147/0x6e0
[ 1105.057819][T22798]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1105.063200][T22798]  ? shmem_alloc_page+0x420/0x420
[ 1105.068060][T22798]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1105.073440][T22798]  ? find_lock_entry+0x1df/0x200
[ 1105.078209][T22798]  shmem_getpage_gfp+0xa65/0x2480
[ 1105.083072][T22798]  ? __kasan_check_read+0x11/0x20
[ 1105.087935][T22798]  ? iov_iter_advance+0x258/0xb20
[ 1105.092791][T22798]  ? shmem_getpage+0xa0/0xa0
[ 1105.097215][T22798]  ? iov_iter_fault_in_readable+0x31f/0x4f0
[ 1105.102948][T22798]  shmem_write_begin+0xca/0x1b0
[ 1105.107636][T22798]  generic_perform_write+0x2cd/0x570
[ 1105.112758][T22798]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1105.118394][T22798]  ? file_remove_privs+0x570/0x570
[ 1105.123346][T22798]  ? sysvec_reschedule_ipi+0x83/0x160
[ 1105.128548][T22798]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[ 1105.134019][T22798]  __generic_file_write_iter+0x23c/0x560
[ 1105.139486][T22798]  ? generic_write_checks+0x3b9/0x470
[ 1105.144694][T22798]  generic_file_write_iter+0xaf/0x1c0
[ 1105.149899][T22798]  vfs_write+0xb4c/0xe70
[ 1105.153978][T22798]  ? preempt_schedule_notrace+0x140/0x140
[ 1105.159535][T22798]  ? kernel_write+0x3d0/0x3d0
[ 1105.164051][T22798]  ? irqentry_exit+0x4f/0x60
[ 1105.168480][T22798]  ? __fdget_pos+0x11e/0x3a0
[ 1105.172897][T22798]  ? __fdget_pos+0x209/0x3a0
[ 1105.177328][T22798]  ksys_write+0x199/0x2c0
[ 1105.181492][T22798]  ? __ia32_sys_read+0x90/0x90
[ 1105.186112][T22798]  __x64_sys_write+0x7b/0x90
[ 1105.190554][T22798]  do_syscall_64+0x34/0x70
[ 1105.194777][T22798]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1105.200505][T22798] RIP: 0033:0x7f841a2d04df
[ 1105.204757][T22798] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[ 1105.224375][T22798] RSP: 002b:00007f8418f2ddf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1105.232616][T22798] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f841a2d04df
[ 1105.240426][T22798] RDX: 00000000013bd7ef RSI: 00007f8410b0e000 RDI: 0000000000000005
[ 1105.248260][T22798] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000054fc
[ 1105.256045][T22798] R10: 0000000020001c82 R11: 0000000000000293 R12: 0000000000000005
[ 1105.263857][T22798] R13: 00007f8418f2def0 R14: 00007f8418f2deb0 R15: 00007f8410b0e000
[ 1105.275149][T22798] memory: usage 307200kB, limit 307200kB, failcnt 10937
[ 1105.282657][T22798] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1105.307783][T22798] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1105.315047][T22798] Memory cgroup stats for /syz0:
[ 1105.315176][T22798] anon 335872
[ 1105.315176][T22798] file 314130432
[ 1105.315176][T22798] kernel_stack 0
[ 1105.315176][T22798] percpu 0
[ 1105.315176][T22798] sock 0
[ 1105.315176][T22798] shmem 314265600
[ 1105.315176][T22798] file_mapped 0
[ 1105.315176][T22798] file_dirty 135168
[ 1105.315176][T22798] file_writeback 0
[ 1105.315176][T22798] anon_thp 0
[ 1105.315176][T22798] inactive_anon 314232832
[ 1105.315176][T22798] active_anon 270336
[ 1105.315176][T22798] inactive_file 20480
[ 1105.315176][T22798] active_file 0
[ 1105.315176][T22798] unevictable 0
[ 1105.315176][T22798] slab_reclaimable 0
[ 1105.315176][T22798] slab_unreclaimable 0
[ 1105.315176][T22798] slab 0
[ 1105.315176][T22798] workingset_refault_anon 0
[ 1105.315176][T22798] workingset_refault_file 23265
[ 1105.315176][T22798] workingset_activate_anon 0
[ 1105.315176][T22798] workingset_activate_file 627
[ 1105.315176][T22798] workingset_restore_anon 0
[ 1105.315176][T22798] workingset_restore_file 297
[ 1105.408842][T22798] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6355,pid=22790,uid=0
[ 1105.423943][T22798] Memory cgroup out of memory: Killed process 22790 (syz.0.6355) total-vm:224200kB, anon-rss:780kB, file-rss:15944kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[ 1105.443313][   T27] oom_reaper: reaped process 22790 (syz.0.6355), now anon-rss:0kB, file-rss:15188kB, shmem-rss:0kB
[ 1105.495189][T22267] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1105.674368][T22824] FAULT_INJECTION: forcing a failure.
[ 1105.674368][T22824] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1105.687548][T22824] CPU: 0 PID: 22824 Comm: syz.0.6363 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1105.690644][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1105.697324][T22824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1105.697329][T22824] Call Trace:
[ 1105.697351][T22824]  dump_stack_lvl+0x1e2/0x24b
[ 1105.697362][T22824]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1105.697374][T22824]  dump_stack+0x15/0x17
[ 1105.697384][T22824]  should_fail+0x3c6/0x510
[ 1105.697400][T22824]  should_fail_alloc_page+0x52/0x60
[ 1105.697411][T22824]  __alloc_pages_nodemask+0x1b3/0xaf0
[ 1105.697422][T22824]  ? __kasan_check_read+0x11/0x20
[ 1105.697440][T22824]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 1105.713934][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1105.715472][T22824]  ? __mod_node_page_state+0xac/0xf0
[ 1105.722311][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1105.723115][T22824]  ? lru_cache_add+0x15e/0x380
[ 1105.728393][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1105.732389][T22824]  ? __lru_cache_add_inactive_or_unevictable+0x37/0x160
[ 1105.732402][T22824]  handle_pte_fault+0x1782/0x3e30
[ 1105.732414][T22824]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1105.732432][T22824]  ? __handle_speculative_fault+0xd03/0x1e90
[ 1105.812512][T22824]  ? memcpy+0x56/0x70
[ 1105.816318][T22824]  __handle_speculative_fault+0x1370/0x1e90
[ 1105.822044][T22824]  ? finish_fault+0xaf0/0xaf0
[ 1105.826559][T22824]  ? __kasan_check_write+0x14/0x20
[ 1105.831506][T22824]  ? down_read_trylock+0x179/0x1d0
[ 1105.833790][   T25] usb 5-1: 2:130: cannot set enable PITCH
[ 1105.836454][T22824]  ? debug_smp_processor_id+0x17/0x20
[ 1105.836467][T22824]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1105.836483][T22824]  exc_page_fault+0x234/0x5b0
[ 1105.842051][T22267] usb 2-1: device descriptor read/64, error -71
[ 1105.847211][T22824]  ? asm_exc_page_fault+0x8/0x30
[ 1105.847228][T22824]  asm_exc_page_fault+0x1e/0x30
[ 1105.873167][T22824] RIP: 0033:0x7f841a195c10
[ 1105.877417][T22824] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[ 1105.889282][   T25] usb 5-1: USB disconnect, device number 120
[ 1105.896855][T22824] RSP: 002b:00007f8418f4e4a0 EFLAGS: 00010206
[ 1105.896868][T22824] RAX: 0000000000015000 RBX: 00007f8418f4e540 RCX: 0000000000000101
[ 1105.896875][T22824] RDX: 00000000000003e3 RSI: 0000000000000fe4 RDI: 00007f8418f4e5e0
[ 1105.896882][T22824] RBP: 0000000000000102 R08: 00007f8410b2f000 R09: 0000000000000005
[ 1105.896888][T22824] R10: 0000000020000cc2 R11: 00000000000005f8 R12: 0000000000000c01
[ 1105.896903][T22824] R13: 00007f841a3537e0 R14: 0000000000000017 R15: 00007f8418f4e5e0
[ 1105.957859][T22824] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 1106.233847][ T5833] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1106.287995][   T25] usb 5-1: new full-speed USB device number 121 using dummy_hcd
[ 1106.315049][T22836] syz.1.6369 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1106.324836][T22836] CPU: 1 PID: 22836 Comm: syz.1.6369 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1106.334617][T22836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1106.344509][T22836] Call Trace:
[ 1106.347639][T22836]  dump_stack_lvl+0x1e2/0x24b
[ 1106.352145][T22836]  ? panic+0x812/0x812
[ 1106.356042][T22836]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1106.361339][T22836]  ? ___ratelimit+0x3f7/0x580
[ 1106.365855][T22836]  ? _raw_spin_lock+0xa4/0x1b0
[ 1106.370454][T22836]  dump_stack+0x15/0x17
[ 1106.374446][T22836]  dump_header+0xd8/0x6d0
[ 1106.378610][T22836]  oom_kill_process+0xef/0x2d0
[ 1106.383209][T22836]  out_of_memory+0x9bd/0xe10
[ 1106.387635][T22836]  ? unregister_oom_notifier+0x20/0x20
[ 1106.392933][T22836]  ? mutex_lock_killable+0xa5/0x110
[ 1106.397975][T22836]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1106.404308][T22836]  ? sched_clock_cpu+0x1b/0x3b0
[ 1106.408994][T22836]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1106.414384][T22836]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1106.419763][T22836]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1106.424960][T22836]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1106.430338][T22836]  try_charge+0xff2/0x15f0
[ 1106.434595][T22836]  ? __memcg_kmem_charge+0x180/0x180
[ 1106.439714][T22836]  ? __kasan_check_read+0x11/0x20
[ 1106.444576][T22836]  ? __vm_enough_memory+0x119/0x2f0
[ 1106.449613][T22836]  ? __kasan_check_write+0x14/0x20
[ 1106.454563][T22836]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1106.459936][T22836]  __mem_cgroup_charge+0x147/0x6e0
[ 1106.461953][ T5833] usb 1-1: Using ep0 maxpacket: 16
[ 1106.464890][T22836]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1106.464908][T22836]  ? shmem_alloc_page+0x420/0x420
[ 1106.480078][T22836]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1106.485454][T22836]  ? find_lock_entry+0x1df/0x200
[ 1106.490242][T22836]  shmem_getpage_gfp+0xa65/0x2480
[ 1106.495100][T22836]  ? __alloc_pages_nodemask+0xaf0/0xaf0
[ 1106.500472][T22836]  ? iov_iter_advance+0x258/0xb20
[ 1106.505330][T22836]  ? shmem_getpage+0xa0/0xa0
[ 1106.509754][T22836]  ? iov_iter_fault_in_readable+0x31f/0x4f0
[ 1106.515484][T22836]  shmem_write_begin+0xca/0x1b0
[ 1106.520178][T22836]  generic_perform_write+0x2cd/0x570
[ 1106.525292][T22836]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1106.530931][T22836]  ? file_remove_privs+0x570/0x570
[ 1106.535883][T22836]  ? __kasan_check_write+0x14/0x20
[ 1106.540829][T22836]  __generic_file_write_iter+0x23c/0x560
[ 1106.546294][T22836]  ? generic_write_checks+0x3b9/0x470
[ 1106.551503][T22836]  generic_file_write_iter+0xaf/0x1c0
[ 1106.556707][T22836]  vfs_write+0xb4c/0xe70
[ 1106.560787][T22836]  ? kernel_write+0x3d0/0x3d0
[ 1106.565301][T22836]  ? __fdget_pos+0x209/0x3a0
[ 1106.569725][T22836]  ? ksys_write+0x77/0x2c0
[ 1106.573979][T22836]  ksys_write+0x199/0x2c0
[ 1106.578147][T22836]  ? fpu__clear_all+0x20/0x20
[ 1106.582659][T22836]  ? __ia32_sys_read+0x90/0x90
[ 1106.587259][T22836]  ? debug_smp_processor_id+0x17/0x20
[ 1106.592467][T22836]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1106.598369][T22836]  ? irqentry_exit_to_user_mode+0x41/0x80
[ 1106.603922][T22836]  __x64_sys_write+0x7b/0x90
[ 1106.608357][T22836]  do_syscall_64+0x34/0x70
[ 1106.612604][T22836]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1106.618333][T22836] RIP: 0033:0x7f072eb8f4df
[ 1106.622584][T22836] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[ 1106.642026][T22836] RSP: 002b:00007f072d80ddf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1106.650270][T22836] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f072eb8f4df
[ 1106.658077][T22836] RDX: 00000000013bd7ef RSI: 00007f07253ee000 RDI: 0000000000000005
[ 1106.665891][T22836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000005535
[ 1106.673705][T22836] R10: 000000002000ac02 R11: 0000000000000293 R12: 0000000000000005
[ 1106.681510][T22836] R13: 00007f072d80def0 R14: 00007f072d80deb0 R15: 00007f07253ee000
[ 1106.706414][T22836] memory: usage 307200kB, limit 307200kB, failcnt 10776
[ 1106.713506][T22836] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1106.723065][T22836] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1106.730704][T22836] Memory cgroup stats for /syz1:
[ 1106.731328][T22836] anon 217088
[ 1106.731328][T22836] file 314130432
[ 1106.731328][T22836] kernel_stack 0
[ 1106.731328][T22836] percpu 0
[ 1106.731328][T22836] sock 0
[ 1106.731328][T22836] shmem 314130432
[ 1106.731328][T22836] file_mapped 11894784
[ 1106.731328][T22836] file_dirty 0
[ 1106.731328][T22836] file_writeback 0
[ 1106.731328][T22836] anon_thp 0
[ 1106.731328][T22836] inactive_anon 314343424
[ 1106.731328][T22836] active_anon 135168
[ 1106.731328][T22836] inactive_file 98304
[ 1106.731328][T22836] active_file 0
[ 1106.731328][T22836] unevictable 0
[ 1106.731328][T22836] slab_reclaimable 0
[ 1106.731328][T22836] slab_unreclaimable 0
[ 1106.731328][T22836] slab 0
[ 1106.731328][T22836] workingset_refault_anon 0
[ 1106.731328][T22836] workingset_refault_file 18282
[ 1106.731328][T22836] workingset_activate_anon 0
[ 1106.731328][T22836] workingset_activate_file 462
[ 1106.731328][T22836] workingset_restore_anon 0
[ 1106.731328][T22836] workingset_restore_file 396
[ 1106.824712][T22217] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1106.828116][T22836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.6369,pid=22835,uid=0
[ 1106.847039][T22836] Memory cgroup out of memory: Killed process 22835 (syz.1.6369) total-vm:224068kB, anon-rss:772kB, file-rss:15748kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[ 1106.847068][ T5833] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1106.873028][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.880982][ T5833] usb 1-1: Product: syz
[ 1106.884954][ T5833] usb 1-1: Manufacturer: syz
[ 1106.889352][ T5833] usb 1-1: SerialNumber: syz
[ 1106.899790][ T5833] usb 1-1: config 0 descriptor??
[ 1107.062471][   T25] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1107.071034][   T25] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1107.080842][   T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1107.091574][   T25] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1107.148057][ T5833] r8152 1-1:0.0: Unknown version 0x0000
[ 1107.160931][ T5833] usb 1-1: USB disconnect, device number 2
[ 1107.196112][T22267] usb usb2-port1: attempt power cycle
[ 1107.215209][T22217] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1107.226003][T22217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1107.236817][T22217] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1107.247074][T22217] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1107.260005][T22217] usb 3-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00
[ 1107.269439][T22217] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1107.476622][   T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1107.486102][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.494222][T22217] usb 3-1: config 0 descriptor??
[ 1107.499043][   T25] usb 5-1: Product: syz
[ 1107.502986][   T25] usb 5-1: Manufacturer: syz
[ 1107.507382][   T25] usb 5-1: SerialNumber: syz
[ 1107.539992][   T24] kauditd_printk_skb: 25 callbacks suppressed
[ 1107.540004][   T24] audit: type=1326 audit(1122.840:22192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.569243][   T24] audit: type=1326 audit(1122.840:22193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.592775][   T24] audit: type=1326 audit(1122.840:22194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.616286][   T24] audit: type=1326 audit(1122.840:22195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.639382][   T24] audit: type=1326 audit(1122.840:22196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.662396][   T24] audit: type=1326 audit(1122.840:22197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.685501][   T24] audit: type=1326 audit(1122.840:22198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.708864][   T24] audit: type=1326 audit(1122.840:22199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.732161][   T24] audit: type=1326 audit(1122.840:22200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.755309][   T24] audit: type=1326 audit(1122.840:22201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22859 comm="syz.0.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841a2d19f9 code=0x7ffc0000
[ 1107.786089][T22267] usb 2-1: new full-speed USB device number 124 using dummy_hcd
[ 1107.938576][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1107.954180][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1107.964388][T22217] thrustmaster 0003:044F:B653.0069: unbalanced delimiter at end of report description
[ 1107.974156][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1107.982609][T22217] thrustmaster 0003:044F:B653.0069: parse failed
[ 1107.988990][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1107.996340][T22217] thrustmaster: probe of 0003:044F:B653.0069 failed with error -22
[ 1108.005593][T22267] usb 2-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1108.013837][T22267] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1108.022377][T22267] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1108.033021][T22267] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1108.043850][   T25] usb 5-1: 2:130: cannot set enable PITCH
[ 1108.062263][T22866] incfs: Backing dir is not set, filesystem can't be mounted.
[ 1108.069663][T22866] incfs: mount failed -2
[ 1108.077326][   T25] usb 5-1: USB disconnect, device number 121
[ 1108.243348][T22267] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1108.253035][T22267] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1108.260983][T22267] usb 2-1: Product: syz
[ 1108.265513][T22267] usb 2-1: Manufacturer: syz
[ 1108.269963][T22267] usb 2-1: SerialNumber: syz
[ 1108.326794][T20634] udevd[20634]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1108.496107][T22875] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6378'.
[ 1108.505812][T22875] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6378'.
[ 1108.521841][T22875] device bridge1 entered promiscuous mode
[ 1108.527926][T22875] device vlan2 entered promiscuous mode
[ 1108.534036][T22875] bridge1: port 1(vlan2) entered blocking state
[ 1108.540629][T22875] bridge1: port 1(vlan2) entered disabled state
[ 1108.547405][T22875] device bridge1 left promiscuous mode
[ 1108.559287][T22877] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6380'.
[ 1108.596309][T22879] udc-core: couldn't find an available UDC or it's busy
[ 1108.605473][T22879] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1109.426002][  T309] usb 3-1: USB disconnect, device number 103
[ 1109.528586][T22893] x_tables: duplicate underflow at hook 2
[ 1109.564956][T22895] FAULT_INJECTION: forcing a failure.
[ 1109.564956][T22895] name failslab, interval 1, probability 0, space 0, times 0
[ 1109.577639][T22895] CPU: 1 PID: 22895 Comm: syz.4.6386 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1109.587412][T22895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1109.597303][T22895] Call Trace:
[ 1109.600437][T22895]  dump_stack_lvl+0x1e2/0x24b
[ 1109.604941][T22895]  ? panic+0x812/0x812
[ 1109.608850][T22895]  ? stack_trace_save+0x113/0x1c0
[ 1109.613706][T22895]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1109.618999][T22895]  ? stack_trace_snprint+0xf0/0xf0
[ 1109.623947][T22895]  ? stack_trace_save+0x113/0x1c0
[ 1109.628810][T22895]  dump_stack+0x15/0x17
[ 1109.632801][T22895]  should_fail+0x3c6/0x510
[ 1109.637057][T22895]  ? kvm_mmu_topup_memory_cache+0xe5/0x2a0
[ 1109.642697][T22895]  __should_failslab+0xa4/0xe0
[ 1109.647297][T22895]  should_failslab+0x9/0x20
[ 1109.651636][T22895]  kmem_cache_alloc+0x3d/0x2e0
[ 1109.656237][T22895]  kvm_mmu_topup_memory_cache+0xe5/0x2a0
[ 1109.661710][T22895]  kvm_mmu_load+0x7b/0x15d0
[ 1109.666045][T22895]  vcpu_enter_guest+0x7593/0x9330
[ 1109.670904][T22895]  ? memcpy+0x56/0x70
[ 1109.674731][T22895]  ? avc_has_perm_noaudit+0x240/0x240
[ 1109.679932][T22895]  ? local_bh_enable+0x30/0x30
[ 1109.684530][T22895]  ? 0xffffffffa002c000
[ 1109.688523][T22895]  ? is_bpf_text_address+0x172/0x190
[ 1109.693651][T22895]  ? stack_trace_save+0x1c0/0x1c0
[ 1109.698593][T22895]  ? __kernel_text_address+0x9b/0x110
[ 1109.703802][T22895]  ? unwind_get_return_address+0x4d/0x90
[ 1109.709265][T22895]  ? arch_stack_walk+0xf3/0x140
[ 1109.713954][T22895]  ? stack_trace_save+0x113/0x1c0
[ 1109.718814][T22895]  ? terminate_walk+0x407/0x4f0
[ 1109.723587][T22895]  ? stack_trace_snprint+0xf0/0xf0
[ 1109.728537][T22895]  ? kmem_cache_free+0xa9/0x1e0
[ 1109.733220][T22895]  ? kmem_cache_free+0xa9/0x1e0
[ 1109.737994][T22895]  ? kasan_set_track+0x5d/0x70
[ 1109.742709][T22895]  ? kasan_set_track+0x4b/0x70
[ 1109.747277][T22895]  ? kasan_set_free_info+0x23/0x40
[ 1109.752225][T22895]  ? ____kasan_slab_free+0x121/0x160
[ 1109.757345][T22895]  ? __kasan_slab_free+0x11/0x20
[ 1109.762120][T22895]  ? slab_free_freelist_hook+0xc0/0x190
[ 1109.767501][T22895]  ? kmem_cache_free+0xa9/0x1e0
[ 1109.772191][T22895]  ? putname+0xe7/0x140
[ 1109.776180][T22895]  ? do_sys_openat2+0x1fc/0x710
[ 1109.780873][T22895]  ? __x64_sys_openat+0x243/0x290
[ 1109.785731][T22895]  ? do_syscall_64+0x34/0x70
[ 1109.790155][T22895]  ? _kstrtoull+0x3a0/0x4a0
[ 1109.794495][T22895]  ? vmx_vcpu_load_vmcs+0x67e/0x8e0
[ 1109.799530][T22895]  ? kstrtol_from_user+0x310/0x310
[ 1109.804477][T22895]  ? __kasan_check_read+0x11/0x20
[ 1109.809338][T22895]  ? vmx_vcpu_pi_load+0x9b/0x3d0
[ 1109.814108][T22895]  ? memset+0x35/0x40
[ 1109.817931][T22895]  ? __fsnotify_parent+0x4b9/0x6c0
[ 1109.822879][T22895]  ? __local_bh_enable_ip+0x53/0x80
[ 1109.827914][T22895]  ? kvm_load_guest_fpu+0x16c/0x2d0
[ 1109.833031][T22895]  kvm_arch_vcpu_ioctl_run+0x851/0x1a20
[ 1109.838421][T22895]  kvm_vcpu_ioctl+0x7d6/0xce0
[ 1109.842923][T22895]  ? kvm_create_vcpu_debugfs+0x170/0x170
[ 1109.848400][T22895]  ? selinux_file_ioctl+0x3cc/0x540
[ 1109.853517][T22895]  ? selinux_file_alloc_security+0x120/0x120
[ 1109.859328][T22895]  ? __fget_files+0x31e/0x380
[ 1109.863845][T22895]  ? security_file_ioctl+0x84/0xb0
[ 1109.868789][T22895]  ? kvm_create_vcpu_debugfs+0x170/0x170
[ 1109.874256][T22895]  __se_sys_ioctl+0x114/0x190
[ 1109.878770][T22895]  __x64_sys_ioctl+0x7b/0x90
[ 1109.883202][T22895]  do_syscall_64+0x34/0x70
[ 1109.887456][T22895]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1109.893184][T22895] RIP: 0033:0x7fa4b93e79f9
[ 1109.897434][T22895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1109.916870][T22895] RSP: 002b:00007fa4b8065038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.925114][T22895] RAX: ffffffffffffffda RBX: 00007fa4b9583f80 RCX: 00007fa4b93e79f9
[ 1109.932927][T22895] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[ 1109.940738][T22895] RBP: 00007fa4b8065090 R08: 0000000000000000 R09: 0000000000000000
[ 1109.948547][T22895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1109.956358][T22895] R13: 0000000000000000 R14: 00007fa4b9583f80 R15: 00007ffc01405cd8
[ 1110.404172][T22267] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1110.412908][T22267] usb 2-1: found format II with max.bitrate = 0, frame size=2
[ 1110.420263][T22267] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1110.428422][T22267] usb 2-1: found format II with max.bitrate = 0, frame size=2
[ 1110.659947][T22916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1111.580027][T22267] usb 2-1: 2:130: cannot set enable PITCH
[ 1111.634395][   T25] usb 5-1: new full-speed USB device number 122 using dummy_hcd
[ 1111.663689][T22267] usb 2-1: USB disconnect, device number 124
[ 1111.753853][T22923] syz.1.6394 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1111.763933][T22923] CPU: 1 PID: 22923 Comm: syz.1.6394 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1111.773711][T22923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1111.783602][T22923] Call Trace:
[ 1111.786742][T22923]  dump_stack_lvl+0x1e2/0x24b
[ 1111.791240][T22923]  ? panic+0x812/0x812
[ 1111.795146][T22923]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1111.800453][T22923]  ? ___ratelimit+0x3f7/0x580
[ 1111.804954][T22923]  ? _raw_spin_lock+0xa4/0x1b0
[ 1111.809556][T22923]  dump_stack+0x15/0x17
[ 1111.813548][T22923]  dump_header+0xd8/0x6d0
[ 1111.817724][T22923]  oom_kill_process+0xef/0x2d0
[ 1111.822318][T22923]  out_of_memory+0x9bd/0xe10
[ 1111.826746][T22923]  ? unregister_oom_notifier+0x20/0x20
[ 1111.832036][T22923]  ? mutex_lock_killable+0xa5/0x110
[ 1111.837069][T22923]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1111.843408][T22923]  ? sched_clock_cpu+0x1b/0x3b0
[ 1111.848102][T22923]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1111.853479][T22923]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1111.858856][T22923]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1111.864063][T22923]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1111.869442][T22923]  try_charge+0xff2/0x15f0
[ 1111.873697][T22923]  ? __memcg_kmem_charge+0x180/0x180
[ 1111.878818][T22923]  ? __kasan_check_read+0x11/0x20
[ 1111.883678][T22923]  ? __vm_enough_memory+0x119/0x2f0
[ 1111.888710][T22923]  ? __kasan_check_write+0x14/0x20
[ 1111.893657][T22923]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1111.899037][T22923]  __mem_cgroup_charge+0x147/0x6e0
[ 1111.903989][T22923]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1111.909368][T22923]  ? shmem_alloc_page+0x420/0x420
[ 1111.914229][T22923]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1111.919607][T22923]  ? find_lock_entry+0x1df/0x200
[ 1111.924381][T22923]  shmem_getpage_gfp+0xa65/0x2480
[ 1111.929245][T22923]  ? iov_iter_advance+0x258/0xb20
[ 1111.934101][T22923]  ? shmem_getpage+0xa0/0xa0
[ 1111.938526][T22923]  ? iov_iter_fault_in_readable+0x31f/0x4f0
[ 1111.944257][T22923]  shmem_write_begin+0xca/0x1b0
[ 1111.948943][T22923]  generic_perform_write+0x2cd/0x570
[ 1111.954071][T22923]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1111.959792][T22923]  ? file_remove_privs+0x570/0x570
[ 1111.964740][T22923]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 1111.970210][T22923]  ? __kasan_check_write+0x14/0x20
[ 1111.975156][T22923]  __generic_file_write_iter+0x23c/0x560
[ 1111.980643][T22923]  ? generic_write_checks+0x3b9/0x470
[ 1111.985829][T22923]  generic_file_write_iter+0xaf/0x1c0
[ 1111.991040][T22923]  vfs_write+0xb4c/0xe70
[ 1111.995116][T22923]  ? kernel_write+0x3d0/0x3d0
[ 1111.999634][T22923]  ? __fdget_pos+0x209/0x3a0
[ 1112.004052][T22923]  ? ksys_write+0x77/0x2c0
[ 1112.008372][T22923]  ksys_write+0x199/0x2c0
[ 1112.012477][T22923]  ? __kasan_check_write+0x14/0x20
[ 1112.017421][T22923]  ? __ia32_sys_read+0x90/0x90
[ 1112.022024][T22923]  ? debug_smp_processor_id+0x17/0x20
[ 1112.027229][T22923]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1112.033130][T22923]  ? irqentry_exit_to_user_mode+0x41/0x80
[ 1112.038687][T22923]  __x64_sys_write+0x7b/0x90
[ 1112.043109][T22923]  do_syscall_64+0x34/0x70
[ 1112.047369][T22923]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1112.053091][T22923] RIP: 0033:0x7f072eb8f4df
[ 1112.057348][T22923] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[ 1112.076961][T22923] RSP: 002b:00007f072d80ddf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1112.085204][T22923] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f072eb8f4df
[ 1112.093018][T22923] RDX: 00000000013bd7ef RSI: 00007f07253ee000 RDI: 0000000000000003
[ 1112.100827][T22923] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000005587
[ 1112.108638][T22923] R10: 00000000000003cc R11: 0000000000000293 R12: 0000000000000003
[ 1112.116453][T22923] R13: 00007f072d80def0 R14: 00007f072d80deb0 R15: 00007f07253ee000
[ 1112.124845][T22923] memory: usage 307200kB, limit 307200kB, failcnt 11527
[ 1112.133696][T22923] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1112.141588][T22923] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1112.148277][T22923] Memory cgroup stats for /syz1:
[ 1112.148385][T22923] anon 81920
[ 1112.148385][T22923] file 314265600
[ 1112.148385][T22923] kernel_stack 0
[ 1112.148385][T22923] percpu 0
[ 1112.148385][T22923] sock 0
[ 1112.148385][T22923] shmem 314265600
[ 1112.148385][T22923] file_mapped 11759616
[ 1112.148385][T22923] file_dirty 0
[ 1112.148385][T22923] file_writeback 0
[ 1112.148385][T22923] anon_thp 0
[ 1112.148385][T22923] inactive_anon 314343424
[ 1112.148385][T22923] active_anon 135168
[ 1112.148385][T22923] inactive_file 192512
[ 1112.148385][T22923] active_file 0
[ 1112.148385][T22923] unevictable 0
[ 1112.148385][T22923] slab_reclaimable 0
[ 1112.148385][T22923] slab_unreclaimable 0
[ 1112.148385][T22923] slab 0
[ 1112.148385][T22923] workingset_refault_anon 0
[ 1112.148385][T22923] workingset_refault_file 20328
[ 1112.148385][T22923] workingset_activate_anon 0
[ 1112.148385][T22923] workingset_activate_file 462
[ 1112.148385][T22923] workingset_restore_anon 0
[ 1112.148385][T22923] workingset_restore_file 396
[ 1112.241709][T22923] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.6394,pid=22922,uid=0
[ 1112.256505][T22923] Memory cgroup out of memory: Killed process 22922 (syz.1.6394) total-vm:222020kB, anon-rss:720kB, file-rss:14332kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000
[ 1112.274728][   T27] oom_reaper: reaped process 22922 (syz.1.6394), now anon-rss:0kB, file-rss:14400kB, shmem-rss:0kB
[ 1112.291661][T22266] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1112.406016][   T25] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1112.414498][   T25] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1112.423452][   T25] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1112.434335][   T25] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1112.434527][T22937] FAULT_INJECTION: forcing a failure.
[ 1112.434527][T22937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.458359][T22937] CPU: 1 PID: 22937 Comm: syz.2.6400 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1112.468128][T22937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1112.478018][T22937] Call Trace:
[ 1112.481152][T22937]  dump_stack_lvl+0x1e2/0x24b
[ 1112.485666][T22937]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1112.490955][T22937]  dump_stack+0x15/0x17
[ 1112.494952][T22937]  should_fail+0x3c6/0x510
[ 1112.499205][T22937]  should_fail_usercopy+0x1a/0x20
[ 1112.504064][T22937]  copy_fpstate_to_sigframe+0x8ce/0xbb0
[ 1112.509474][T22937]  ? fpregs_set+0x6f0/0x6f0
[ 1112.513950][T22937]  ? cgroup_freezing+0x88/0xb0
[ 1112.518550][T22937]  ? __kasan_check_write+0x14/0x20
[ 1112.523497][T22937]  ? recalc_sigpending+0x1a5/0x230
[ 1112.528444][T22937]  ? dequeue_signal+0x22f/0x520
[ 1112.533135][T22937]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1112.538076][T22937]  ? unhandled_signal+0x150/0x150
[ 1112.542936][T22937]  ? fpu__alloc_mathframe+0x89/0x150
[ 1112.548057][T22937]  get_sigframe+0x378/0x4b0
[ 1112.552411][T22937]  ? memcpy+0x56/0x70
[ 1112.556216][T22937]  ? restore_sigcontext+0x710/0x710
[ 1112.558388][  T287] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[ 1112.561468][T22937]  arch_do_signal_or_restart+0x434/0x17c0
[ 1112.561488][T22937]  ? do_sys_openat2+0x1fc/0x710
[ 1112.578985][T22937]  ? mutex_trylock+0xa0/0xa0
[ 1112.583410][T22937]  ? do_sys_open+0x220/0x220
[ 1112.587843][T22937]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1112.593127][T22937]  ? ksys_write+0x260/0x2c0
[ 1112.597474][T22937]  ? do_sys_openat2+0x710/0x710
[ 1112.602247][T22937]  exit_to_user_mode_loop+0x9b/0xd0
[ 1112.607290][T22937]  syscall_exit_to_user_mode+0xa2/0x1a0
[ 1112.612655][T22937]  do_syscall_64+0x40/0x70
[ 1112.616912][T22937]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1112.622635][T22937] RIP: 0033:0x7f11819159f7
[ 1112.626889][T22937] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1112.646332][T22937] RSP: 002b:00007f1180593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1112.654574][T22937] RAX: 0000000000000002 RBX: 00007f1181ab1f80 RCX: 00007f11819159f9
[ 1112.662391][T22937] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[ 1112.670201][T22937] RBP: 00007f1180593090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.678013][T22937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1112.685822][T22937] R13: 0000000000000000 R14: 00007f1181ab1f80 R15: 00007ffe45ae96f8
[ 1112.730439][T22944] x_tables: duplicate underflow at hook 2
[ 1112.825324][   T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1112.834243][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.844489][   T25] usb 5-1: Product: syz
[ 1112.848448][   T25] usb 5-1: Manufacturer: syz
[ 1112.852881][   T25] usb 5-1: SerialNumber: syz
[ 1112.872830][T22266] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1112.883785][T22266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1112.894883][T22266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1112.904438][T22266] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1112.917220][T22266] usb 4-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00
[ 1112.926195][T22266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1112.929898][  T287] usb 1-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1112.934857][T22266] usb 4-1: config 0 descriptor??
[ 1112.942955][  T287] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1112.955824][  T287] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1112.966553][  T287] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1113.130058][  T287] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1113.138954][  T287] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.147362][  T287] usb 1-1: Product: syz
[ 1113.151582][  T287] usb 1-1: Manufacturer: syz
[ 1113.156010][  T287] usb 1-1: SerialNumber: syz
[ 1113.169715][T22947] FAULT_INJECTION: forcing a failure.
[ 1113.169715][T22947] name failslab, interval 1, probability 0, space 0, times 0
[ 1113.182147][T22947] CPU: 1 PID: 22947 Comm: syz.1.6404 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1113.192052][T22947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1113.201942][T22947] Call Trace:
[ 1113.205078][T22947]  dump_stack_lvl+0x1e2/0x24b
[ 1113.209584][T22947]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1113.214878][T22947]  dump_stack+0x15/0x17
[ 1113.218875][T22947]  should_fail+0x3c6/0x510
[ 1113.223126][T22947]  ? shmem_initxattrs+0xd2/0x200
[ 1113.227900][T22947]  __should_failslab+0xa4/0xe0
[ 1113.232507][T22947]  should_failslab+0x9/0x20
[ 1113.236852][T22947]  __kmalloc+0x60/0x330
[ 1113.240844][T22947]  shmem_initxattrs+0xd2/0x200
[ 1113.245435][T22947]  security_inode_init_security+0x252/0x390
[ 1113.251168][T22947]  ? shmem_tmpfile+0x100/0x100
[ 1113.255776][T22947]  ? security_dentry_create_files_as+0xc0/0xc0
[ 1113.261752][T22947]  ? simple_acl_create+0x29e/0x2c0
[ 1113.266697][T22947]  ? shmem_get_inode+0x7b9/0x9e0
[ 1113.271476][T22947]  shmem_mknod+0xb8/0x1c0
[ 1113.275640][T22947]  vfs_mknod+0x53f/0x610
[ 1113.279715][T22947]  unix_bind+0x3a0/0x9e0
[ 1113.283795][T22947]  ? __fget_files+0x31e/0x380
[ 1113.288306][T22947]  ? unix_release+0x80/0x80
[ 1113.292645][T22947]  ? check_stack_object+0xf4/0x130
[ 1113.297597][T22947]  ? security_socket_bind+0x82/0xb0
[ 1113.302712][T22947]  __sys_bind+0x314/0x410
[ 1113.306877][T22947]  ? fput_many+0x160/0x1b0
[ 1113.311127][T22947]  ? __ia32_sys_socketpair+0xb0/0xb0
[ 1113.316264][T22947]  ? debug_smp_processor_id+0x17/0x20
[ 1113.321459][T22947]  __x64_sys_bind+0x7a/0x90
[ 1113.325796][T22947]  do_syscall_64+0x34/0x70
[ 1113.330059][T22947]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1113.335777][T22947] RIP: 0033:0x7f072eb909f9
[ 1113.340033][T22947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1113.359471][T22947] RSP: 002b:00007f072d80e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1113.367713][T22947] RAX: ffffffffffffffda RBX: 00007f072ed2cf80 RCX: 00007f072eb909f9
[ 1113.375618][T22947] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000004
[ 1113.383428][T22947] RBP: 00007f072d80e090 R08: 0000000000000000 R09: 0000000000000000
[ 1113.391239][T22947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1113.399045][T22947] R13: 0000000000000000 R14: 00007f072ed2cf80 R15: 00007ffd88a316c8
[ 1113.425707][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1113.434366][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1113.441818][   T25] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1113.450157][   T25] usb 5-1: found format II with max.bitrate = 0, frame size=2
[ 1113.492029][   T25] usb 5-1: 2:130: cannot set enable PITCH
[ 1113.514273][   T25] usb 5-1: USB disconnect, device number 122
[ 1113.522124][T22266] thrustmaster 0003:044F:B653.006A: unbalanced delimiter at end of report description
[ 1113.553765][T22266] thrustmaster 0003:044F:B653.006A: parse failed
[ 1113.560318][T22266] thrustmaster: probe of 0003:044F:B653.006A failed with error -22
[ 1113.565604][T22952] incfs: Backing dir is not set, filesystem can't be mounted.
[ 1113.576331][T22952] incfs: mount failed -2
[ 1113.600235][T22933] udc-core: couldn't find an available UDC or it's busy
[ 1113.607219][T22933] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1113.911095][  T287] usb 1-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1113.919469][  T287] usb 1-1: found format II with max.bitrate = 0, frame size=2
[ 1113.927830][  T287] usb 1-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[ 1113.936561][  T287] usb 1-1: found format II with max.bitrate = 0, frame size=2
[ 1113.977759][  T287] usb 1-1: 2:130: cannot set enable PITCH
[ 1114.021086][  T287] usb 1-1: USB disconnect, device number 3
[ 1114.216211][   T24] kauditd_printk_skb: 47 callbacks suppressed
[ 1114.216278][   T24] audit: type=1326 audit(1129.780:22249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.283430][   T24] audit: type=1326 audit(1129.780:22250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.315810][   T24] audit: type=1326 audit(1129.780:22251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.360067][   T24] audit: type=1326 audit(1129.780:22252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.413855][   T24] audit: type=1326 audit(1129.780:22253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.453312][   T24] audit: type=1326 audit(1129.780:22254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.485039][   T24] audit: type=1326 audit(1129.780:22255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.508100][   T24] audit: type=1326 audit(1129.780:22256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.531571][   T24] audit: type=1326 audit(1129.790:22257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.555768][   T24] audit: type=1326 audit(1129.790:22258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22958 comm="syz.4.6407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b93e79f9 code=0x7ffc0000
[ 1114.816436][T22267] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1114.963152][T22975] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1115.512951][T22976] syz.4.6411 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1115.522749][T22976] CPU: 0 PID: 22976 Comm: syz.4.6411 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1115.532478][T22976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1115.542377][T22976] Call Trace:
[ 1115.545506][T22976]  dump_stack_lvl+0x1e2/0x24b
[ 1115.550013][T22976]  ? panic+0x812/0x812
[ 1115.553917][T22976]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1115.559212][T22976]  ? ___ratelimit+0x3f7/0x580
[ 1115.563732][T22976]  ? _raw_spin_lock+0xa4/0x1b0
[ 1115.568335][T22976]  dump_stack+0x15/0x17
[ 1115.572332][T22976]  dump_header+0xd8/0x6d0
[ 1115.576488][T22976]  oom_kill_process+0xef/0x2d0
[ 1115.581089][T22976]  out_of_memory+0x9bd/0xe10
[ 1115.585511][T22976]  ? unregister_oom_notifier+0x20/0x20
[ 1115.590806][T22976]  ? mutex_lock_killable+0xa5/0x110
[ 1115.595923][T22976]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1115.602259][T22976]  ? sched_clock_cpu+0x1b/0x3b0
[ 1115.606947][T22976]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1115.612326][T22976]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1115.617719][T22976]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1115.622920][T22976]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1115.628301][T22976]  try_charge+0xff2/0x15f0
[ 1115.632552][T22976]  ? __memcg_kmem_charge+0x180/0x180
[ 1115.637671][T22976]  ? __kasan_check_write+0x14/0x20
[ 1115.642614][T22976]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1115.647997][T22976]  __mem_cgroup_charge+0x147/0x6e0
[ 1115.652946][T22976]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1115.658330][T22976]  ? shmem_alloc_page+0x420/0x420
[ 1115.663186][T22976]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1115.668565][T22976]  ? find_lock_entry+0x1df/0x200
[ 1115.673336][T22976]  shmem_getpage_gfp+0xa65/0x2480
[ 1115.678213][T22976]  ? iov_iter_advance+0x827/0xb20
[ 1115.683068][T22976]  ? shmem_getpage+0xa0/0xa0
[ 1115.687578][T22976]  ? iov_iter_fault_in_readable+0x258/0x4f0
[ 1115.693308][T22976]  ? __kasan_check_write+0x14/0x20
[ 1115.698253][T22976]  ? _raw_spin_lock+0xa4/0x1b0
[ 1115.702852][T22976]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1115.708062][T22976]  shmem_write_begin+0xca/0x1b0
[ 1115.712744][T22976]  generic_perform_write+0x2cd/0x570
[ 1115.717862][T22976]  ? file_remove_privs+0x2af/0x570
[ 1115.722809][T22976]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1115.728531][T22976]  ? file_remove_privs+0x570/0x570
[ 1115.733485][T22976]  ? __kasan_check_write+0x14/0x20
[ 1115.738430][T22976]  __generic_file_write_iter+0x23c/0x560
[ 1115.743898][T22976]  ? generic_write_checks+0x3b9/0x470
[ 1115.749106][T22976]  generic_file_write_iter+0xaf/0x1c0
[ 1115.754312][T22976]  __kernel_write+0x5ab/0x9d0
[ 1115.758825][T22976]  ? vfs_read+0xba0/0xba0
[ 1115.762996][T22976]  ? cgroup_freezing+0x88/0xb0
[ 1115.767591][T22976]  ? freezing_slow_path+0x141/0x190
[ 1115.772626][T22976]  dump_emit+0x261/0x3a0
[ 1115.776707][T22976]  ? wait_for_dump_helpers+0x3b0/0x3b0
[ 1115.781998][T22976]  ? dump_skip+0x23d/0x300
[ 1115.786249][T22976]  dump_user_range+0x71/0x1a0
[ 1115.790763][T22976]  elf_core_dump+0x33bd/0x3c10
[ 1115.795368][T22976]  ? load_elf_binary+0x2750/0x2750
[ 1115.800312][T22976]  ? __fsnotify_parent+0x5ed/0x6c0
[ 1115.805266][T22976]  ? _raw_spin_lock+0xa4/0x1b0
[ 1115.809858][T22976]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[ 1115.816458][T22976]  ? shmem_setattr+0x17e/0x8b0
[ 1115.821064][T22976]  ? __kasan_check_read+0x11/0x20
[ 1115.825913][T22976]  ? unshare_files+0x1c5/0x2c0
[ 1115.830520][T22976]  ? cgroup_freezing+0x88/0xb0
[ 1115.835116][T22976]  ? freezing_slow_path+0x141/0x190
[ 1115.840152][T22976]  do_coredump+0x1eb8/0x2d60
[ 1115.844575][T22976]  ? asm_exc_page_fault+0x1e/0x30
[ 1115.849442][T22976]  ? simple_acl_create+0x2c0/0x2c0
[ 1115.854385][T22976]  ? kmem_cache_free+0xa9/0x1e0
[ 1115.859069][T22976]  ? ____kasan_slab_free+0x12c/0x160
[ 1115.864194][T22976]  ? kmem_cache_free+0xa9/0x1e0
[ 1115.868879][T22976]  get_signal+0x102c/0x1410
[ 1115.873220][T22976]  arch_do_signal_or_restart+0xbd/0x17c0
[ 1115.878686][T22976]  ? force_sig_fault+0x125/0x1c0
[ 1115.883458][T22976]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1115.888751][T22976]  ? __bad_area_nosemaphore+0x430/0x430
[ 1115.894222][T22976]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1115.899608][T22976]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1115.904985][T22976]  exit_to_user_mode_loop+0x9b/0xd0
[ 1115.910106][T22976]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1115.915511][T22976]  irqentry_exit+0x12/0x60
[ 1115.919737][T22976]  exc_page_fault+0x33d/0x5b0
[ 1115.924256][T22976]  ? asm_exc_page_fault+0x8/0x30
[ 1115.929026][T22976]  asm_exc_page_fault+0x1e/0x30
[ 1115.933710][T22976] RIP: 0033:0x7fa4b92aa307
[ 1115.937975][T22976] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1115.957402][T22976] RSP: 002b:00007fa4b8004120 EFLAGS: 00010202
[ 1115.963305][T22976] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fa4b93e79f9
[ 1115.971117][T22976] RDX: 00007fa4b8004140 RSI: 00007fa4b8004270 RDI: 000000000000000b
[ 1115.978927][T22976] RBP: 00007fa4b94558ee R08: 0000000000000000 R09: 0000000000000000
[ 1115.986738][T22976] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1115.994548][T22976] R13: 0000000000000000 R14: 00007fa4b9584130 R15: 00007ffc01405cd8
[ 1116.002970][T22976] memory: usage 307200kB, limit 307200kB, failcnt 14632
[ 1116.009732][T22976] memory+swap: usage 426268kB, limit 9007199254740988kB, failcnt 0
[ 1116.017464][T22976] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1116.024115][T22976] Memory cgroup stats for /syz4:
[ 1116.024241][T22976] anon 249856
[ 1116.024241][T22976] file 310677504
[ 1116.024241][T22976] kernel_stack 0
[ 1116.024241][T22976] percpu 0
[ 1116.024241][T22976] sock 0
[ 1116.024241][T22976] shmem 310771712
[ 1116.024241][T22976] file_mapped 11702272
[ 1116.024241][T22976] file_dirty 0
[ 1116.024241][T22976] file_writeback 0
[ 1116.024241][T22976] anon_thp 0
[ 1116.024241][T22976] inactive_anon 314253312
[ 1116.024241][T22976] active_anon 442368
[ 1116.024241][T22976] inactive_file 180224
[ 1116.024241][T22976] active_file 61440
[ 1116.024241][T22976] unevictable 94208
[ 1116.024241][T22976] slab_reclaimable 0
[ 1116.024241][T22976] slab_unreclaimable 0
[ 1116.024241][T22976] slab 0
[ 1116.024241][T22976] workingset_refault_anon 0
[ 1116.024241][T22976] workingset_refault_file 7656
[ 1116.024241][T22976] workingset_activate_anon 0
[ 1116.024241][T22976] workingset_activate_file 1914
[ 1116.024241][T22976] workingset_restore_anon 0
[ 1116.024241][T22976] workingset_restore_file 1881
[ 1116.031853][T22266] usb 4-1: USB disconnect, device number 126
[ 1116.118187][T22976] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.6411,pid=22976,uid=0
[ 1116.138759][T22976] Memory cgroup out of memory: Killed process 22976 (syz.4.6411) total-vm:89164kB, anon-rss:832kB, file-rss:46780kB, shmem-rss:11480kB, UID:0 pgtables:196kB oom_score_adj:1000
[ 1116.178202][T22267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1116.198084][T22267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1116.245884][T22267] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1116.253224][T22991] x_tables: duplicate underflow at hook 2
[ 1116.325751][T22267] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1116.340762][T22267] usb 3-1: config 0 descriptor??
[ 1116.508251][T23000] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1116.736729][T23001] syz.4.6417 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1116.746382][T23001] CPU: 1 PID: 23001 Comm: syz.4.6417 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1116.756163][T23001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1116.766046][T23001] Call Trace:
[ 1116.769187][T23001]  dump_stack_lvl+0x1e2/0x24b
[ 1116.773687][T23001]  ? panic+0x812/0x812
[ 1116.777595][T23001]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1116.782900][T23001]  ? ___ratelimit+0x3f7/0x580
[ 1116.787528][T23001]  ? _raw_spin_lock+0xa4/0x1b0
[ 1116.792127][T23001]  dump_stack+0x15/0x17
[ 1116.796118][T23001]  dump_header+0xd8/0x6d0
[ 1116.800281][T23001]  oom_kill_process+0xef/0x2d0
[ 1116.804883][T23001]  out_of_memory+0x9bd/0xe10
[ 1116.809311][T23001]  ? unregister_oom_notifier+0x20/0x20
[ 1116.814603][T23001]  ? mutex_lock_killable+0xa5/0x110
[ 1116.819638][T23001]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1116.825974][T23001]  ? sched_clock_cpu+0x1b/0x3b0
[ 1116.830664][T23001]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1116.836043][T23001]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1116.841421][T23001]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1116.846631][T23001]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1116.852011][T23001]  try_charge+0xff2/0x15f0
[ 1116.856270][T23001]  ? __alloc_pages_nodemask+0x435/0xaf0
[ 1116.861643][T23001]  ? __memcg_kmem_charge+0x180/0x180
[ 1116.866769][T23001]  ? __mod_node_page_state+0xac/0xf0
[ 1116.871911][T23001]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1116.877270][T23001]  __mem_cgroup_charge+0x147/0x6e0
[ 1116.882218][T23001]  handle_pte_fault+0x17cb/0x3e30
[ 1116.887080][T23001]  ? bsearch+0x96/0xc0
[ 1116.890982][T23001]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1116.896365][T23001]  ? __this_cpu_preempt_check+0x13/0x20
[ 1116.901743][T23001]  handle_mm_fault+0x11d6/0x1a10
[ 1116.906517][T23001]  ? __clear_user+0x30/0x60
[ 1116.910860][T23001]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1116.915635][T23001]  ? is_prefetch+0x5c0/0x5c0
[ 1116.920061][T23001]  ? down_read_trylock+0x179/0x1d0
[ 1116.925003][T23001]  ? __bad_area_nosemaphore+0xc4/0x430
[ 1116.930297][T23001]  ? __init_rwsem+0x1c0/0x1c0
[ 1116.934821][T23001]  ? find_vma+0x30/0x150
[ 1116.938888][T23001]  exc_page_fault+0x2a6/0x5b0
[ 1116.943409][T23001]  asm_exc_page_fault+0x1e/0x30
[ 1116.948095][T23001] RIP: 0010:__put_user_nocheck_1+0x3/0x11
[ 1116.953645][T23001] Code: e4 fa f4 fe 44 89 f8 5b 41 5e 41 5f 5d c3 cc cc cc cc cc cc cc cc cc cc 48 bb 00 f0 ff ff ff 7f 00 00 48 39 d9 73 74 0f 01 cb <88> 01 31 c9 0f 01 ca c3 66 0f 1f 44 00 00 48 bb ff ef ff ff ff 7f
[ 1116.973087][T23001] RSP: 0000:ffffc90000daf998 EFLAGS: 00050246
[ 1116.978985][T23001] RAX: 0000000000000000 RBX: 0000000080000000 RCX: 00007fa4b8004e80
[ 1116.986796][T23001] RDX: ffff888118708000 RSI: 0000000000000340 RDI: 0000000000000000
[ 1116.994607][T23001] RBP: ffffc90000dafb50 R08: ffffffff812b7dba R09: ffffed10230e1001
[ 1117.002419][T23001] R10: 0000000000000000 R11: dffffc0000000001 R12: 00007fa4b80051bf
[ 1117.010229][T23001] R13: 00000000ffffffff R14: 00007fa4b8005e80 R15: 00007fa4b8004e80
[ 1117.018061][T23001]  ? copy_fpstate_to_sigframe+0x45a/0xbb0
[ 1117.023601][T23001]  ? copy_fpstate_to_sigframe+0x488/0xbb0
[ 1117.029155][T23001]  ? fpregs_set+0x6f0/0x6f0
[ 1117.033495][T23001]  ? kmem_cache_free+0xa9/0x1e0
[ 1117.038209][T23001]  ? ____kasan_slab_free+0x12c/0x160
[ 1117.043396][T23001]  ? __kasan_slab_free+0x11/0x20
[ 1117.048168][T23001]  ? slab_free_freelist_hook+0xc0/0x190
[ 1117.053562][T23001]  ? fpu__alloc_mathframe+0x89/0x150
[ 1117.058665][T23001]  get_sigframe+0x378/0x4b0
[ 1117.063005][T23001]  ? memcpy+0x56/0x70
[ 1117.066825][T23001]  ? restore_sigcontext+0x710/0x710
[ 1117.071864][T23001]  arch_do_signal_or_restart+0x434/0x17c0
[ 1117.077421][T23001]  ? force_sig_fault+0x125/0x1c0
[ 1117.082186][T23001]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1117.087483][T23001]  ? __bad_area_nosemaphore+0x430/0x430
[ 1117.092858][T23001]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1117.098243][T23001]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1117.103624][T23001]  exit_to_user_mode_loop+0x9b/0xd0
[ 1117.108745][T23001]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1117.114125][T23001]  irqentry_exit+0x12/0x60
[ 1117.118376][T23001]  exc_page_fault+0x33d/0x5b0
[ 1117.122891][T23001]  ? asm_exc_page_fault+0x8/0x30
[ 1117.127673][T23001]  asm_exc_page_fault+0x1e/0x30
[ 1117.132348][T23001] RIP: 0033:0x7fa4b92aa307
[ 1117.136603][T23001] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1117.156041][T23001] RSP: 002b:00007fa4b8005260 EFLAGS: 00010206
[ 1117.161946][T23001] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fa4b93e79f9
[ 1117.169753][T23001] RDX: 00007fa4b8005280 RSI: 00007fa4b80053b0 RDI: 000000000000000b
[ 1117.177564][T23001] RBP: 00007fa4b94558ee R08: 0000000000000000 R09: 0000000000000000
[ 1117.185375][T23001] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1117.193186][T23001] R13: 0000000000000000 R14: 00007fa4b9584130 R15: 00007ffc01405cd8
[ 1117.201195][T23001] memory: usage 307200kB, limit 307200kB, failcnt 14904
[ 1117.207934][T23001] memory+swap: usage 426268kB, limit 9007199254740988kB, failcnt 0
[ 1117.215644][T23001] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1117.222355][T23001] Memory cgroup stats for /syz4:
[ 1117.222487][T23001] anon 249856
[ 1117.222487][T23001] file 310812672
[ 1117.222487][T23001] kernel_stack 0
[ 1117.222487][T23001] percpu 0
[ 1117.222487][T23001] sock 0
[ 1117.222487][T23001] shmem 310771712
[ 1117.222487][T23001] file_mapped 11837440
[ 1117.222487][T23001] file_dirty 0
[ 1117.222487][T23001] file_writeback 0
[ 1117.222487][T23001] anon_thp 0
[ 1117.222487][T23001] inactive_anon 314253312
[ 1117.222487][T23001] active_anon 307200
[ 1117.222487][T23001] inactive_file 20480
[ 1117.222487][T23001] active_file 57344
[ 1117.222487][T23001] unevictable 94208
[ 1117.222487][T23001] slab_reclaimable 0
[ 1117.222487][T23001] slab_unreclaimable 0
[ 1117.222487][T23001] slab 0
[ 1117.222487][T23001] workingset_refault_anon 0
[ 1117.222487][T23001] workingset_refault_file 7722
[ 1117.222487][T23001] workingset_activate_anon 0
[ 1117.222487][T23001] workingset_activate_file 1914
[ 1117.222487][T23001] workingset_restore_anon 0
[ 1117.222487][T23001] workingset_restore_file 1881
[ 1117.316940][T23001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.6417,pid=22992,uid=0
[ 1117.331694][T23001] Memory cgroup out of memory: Killed process 22992 (syz.4.6417) total-vm:89164kB, anon-rss:704kB, file-rss:16280kB, shmem-rss:11348kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1117.358589][T23001] syz.4.6417 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1117.368265][T23001] CPU: 0 PID: 23001 Comm: syz.4.6417 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1117.378007][T23001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1117.387902][T23001] Call Trace:
[ 1117.391040][T23001]  dump_stack_lvl+0x1e2/0x24b
[ 1117.395540][T23001]  ? panic+0x812/0x812
[ 1117.399447][T23001]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1117.404744][T23001]  ? ___ratelimit+0x3f7/0x580
[ 1117.409345][T23001]  ? _raw_spin_lock+0xa4/0x1b0
[ 1117.413941][T23001]  dump_stack+0x15/0x17
[ 1117.417936][T23001]  dump_header+0xd8/0x6d0
[ 1117.422099][T23001]  oom_kill_process+0xef/0x2d0
[ 1117.426700][T23001]  out_of_memory+0x9bd/0xe10
[ 1117.431129][T23001]  ? unregister_oom_notifier+0x20/0x20
[ 1117.436421][T23001]  ? mutex_lock_killable+0xa5/0x110
[ 1117.441454][T23001]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1117.447792][T23001]  ? sched_clock_cpu+0x1b/0x3b0
[ 1117.452480][T23001]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1117.457863][T23001]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1117.463240][T23001]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1117.468463][T23001]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1117.473827][T23001]  try_charge+0xff2/0x15f0
[ 1117.478092][T23001]  ? __alloc_pages_nodemask+0x435/0xaf0
[ 1117.483459][T23001]  ? __memcg_kmem_charge+0x180/0x180
[ 1117.488586][T23001]  ? __mod_node_page_state+0xac/0xf0
[ 1117.493705][T23001]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1117.499085][T23001]  __mem_cgroup_charge+0x147/0x6e0
[ 1117.504035][T23001]  handle_pte_fault+0x17cb/0x3e30
[ 1117.508896][T23001]  ? bsearch+0x96/0xc0
[ 1117.512799][T23001]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1117.518180][T23001]  ? __this_cpu_preempt_check+0x13/0x20
[ 1117.523562][T23001]  handle_mm_fault+0x11d6/0x1a10
[ 1117.528332][T23001]  ? __clear_user+0x30/0x60
[ 1117.532678][T23001]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1117.537446][T23001]  ? is_prefetch+0x5c0/0x5c0
[ 1117.541962][T23001]  ? down_read_trylock+0x179/0x1d0
[ 1117.546907][T23001]  ? __bad_area_nosemaphore+0xc4/0x430
[ 1117.552203][T23001]  ? __init_rwsem+0x1c0/0x1c0
[ 1117.556713][T23001]  ? find_vma+0x30/0x150
[ 1117.560797][T23001]  exc_page_fault+0x2a6/0x5b0
[ 1117.565311][T23001]  asm_exc_page_fault+0x1e/0x30
[ 1117.570000][T23001] RIP: 0010:__put_user_nocheck_1+0x3/0x11
[ 1117.575559][T23001] Code: e4 fa f4 fe 44 89 f8 5b 41 5e 41 5f 5d c3 cc cc cc cc cc cc cc cc cc cc 48 bb 00 f0 ff ff ff 7f 00 00 48 39 d9 73 74 0f 01 cb <88> 01 31 c9 0f 01 ca c3 66 0f 1f 44 00 00 48 bb ff ef ff ff ff 7f
[ 1117.594988][T23001] RSP: 0000:ffffc90000daf998 EFLAGS: 00050246
[ 1117.600888][T23001] RAX: 0000000000000000 RBX: 0000000080000000 RCX: 00007fa4b8004e80
[ 1117.608701][T23001] RDX: ffff888118708000 RSI: 0000000000000340 RDI: 0000000000000000
[ 1117.616512][T23001] RBP: ffffc90000dafb50 R08: ffffffff812b7dba R09: ffffed10230e1001
[ 1117.624323][T23001] R10: 0000000000000000 R11: dffffc0000000001 R12: 00007fa4b80051bf
[ 1117.632135][T23001] R13: 00000000ffffffff R14: 00007fa4b8005e80 R15: 00007fa4b8004e80
[ 1117.639957][T23001]  ? copy_fpstate_to_sigframe+0x45a/0xbb0
[ 1117.645507][T23001]  ? copy_fpstate_to_sigframe+0x488/0xbb0
[ 1117.651062][T23001]  ? fpregs_set+0x6f0/0x6f0
[ 1117.655401][T23001]  ? kmem_cache_free+0xa9/0x1e0
[ 1117.660082][T23001]  ? ____kasan_slab_free+0x12c/0x160
[ 1117.665204][T23001]  ? __kasan_slab_free+0x11/0x20
[ 1117.669977][T23001]  ? slab_free_freelist_hook+0xc0/0x190
[ 1117.675358][T23001]  ? fpu__alloc_mathframe+0x89/0x150
[ 1117.680480][T23001]  get_sigframe+0x378/0x4b0
[ 1117.684819][T23001]  ? memcpy+0x56/0x70
[ 1117.688639][T23001]  ? restore_sigcontext+0x710/0x710
[ 1117.693674][T23001]  arch_do_signal_or_restart+0x434/0x17c0
[ 1117.699229][T23001]  ? force_sig_fault+0x125/0x1c0
[ 1117.704003][T23001]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1117.709295][T23001]  ? __bad_area_nosemaphore+0x430/0x430
[ 1117.714682][T23001]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1117.720060][T23001]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1117.725440][T23001]  exit_to_user_mode_loop+0x9b/0xd0
[ 1117.730473][T23001]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1117.735858][T23001]  irqentry_exit+0x12/0x60
[ 1117.740106][T23001]  exc_page_fault+0x33d/0x5b0
[ 1117.744624][T23001]  ? asm_exc_page_fault+0x8/0x30
[ 1117.749394][T23001]  asm_exc_page_fault+0x1e/0x30
[ 1117.754084][T23001] RIP: 0033:0x7fa4b92aa307
[ 1117.758335][T23001] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1117.777782][T23001] RSP: 002b:00007fa4b8005260 EFLAGS: 00010206
[ 1117.783690][T23001] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007fa4b93e79f9
[ 1117.791488][T23001] RDX: 00007fa4b8005280 RSI: 00007fa4b80053b0 RDI: 000000000000000b
[ 1117.799303][T23001] RBP: 00007fa4b94558ee R08: 0000000000000000 R09: 0000000000000000
[ 1117.807114][T23001] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1117.814919][T23001] R13: 0000000000000000 R14: 00007fa4b9584130 R15: 00007ffc01405cd8
[ 1117.823199][T23001] memory: usage 307200kB, limit 307200kB, failcnt 14993
[ 1117.829944][T23001] memory+swap: usage 426268kB, limit 9007199254740988kB, failcnt 0
[ 1117.837663][T23001] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1117.844330][T23001] Memory cgroup stats for /syz4:
[ 1117.844448][T23001] anon 249856
[ 1117.844448][T23001] file 310812672
[ 1117.844448][T23001] kernel_stack 0
[ 1117.844448][T23001] percpu 0
[ 1117.844448][T23001] sock 0
[ 1117.844448][T23001] shmem 310771712
[ 1117.844448][T23001] file_mapped 11837440
[ 1117.844448][T23001] file_dirty 0
[ 1117.844448][T23001] file_writeback 0
[ 1117.844448][T23001] anon_thp 0
[ 1117.844448][T23001] inactive_anon 314253312
[ 1117.844448][T23001] active_anon 307200
[ 1117.844448][T23001] inactive_file 20480
[ 1117.844448][T23001] active_file 57344
[ 1117.844448][T23001] unevictable 94208
[ 1117.844448][T23001] slab_reclaimable 0
[ 1117.844448][T23001] slab_unreclaimable 0
[ 1117.844448][T23001] slab 0
[ 1117.844448][T23001] workingset_refault_anon 0
[ 1117.844448][T23001] workingset_refault_file 7722
[ 1117.844448][T23001] workingset_activate_anon 0
[ 1117.844448][T23001] workingset_activate_file 1914
[ 1117.844448][T23001] workingset_restore_anon 0
[ 1117.844448][T23001] workingset_restore_file 1881
[ 1117.938124][T23001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.6417,pid=23001,uid=0
[ 1117.952771][T23001] Memory cgroup out of memory: Killed process 23001 (syz.4.6417) total-vm:89164kB, anon-rss:712kB, file-rss:14336kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000
[ 1118.198024][T22267] usbhid 3-1:0.0: can't add hid device: -71
[ 1118.208592][T22267] usbhid: probe of 3-1:0.0 failed with error -71
[ 1118.284113][T22267] usb 3-1: USB disconnect, device number 104
[ 1118.350913][T22266] usb 4-1: new full-speed USB device number 127 using dummy_hcd
[ 1118.788636][T22266] usb 4-1: config index 0 descriptor too short (expected 65233, got 154)
[ 1118.797174][T22266] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1118.805809][T22266] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1118.816610][T22266] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[ 1119.026928][T22266] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1119.069370][T23028] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1119.173905][T23029] syz.0.6424 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1119.183574][T23029] CPU: 0 PID: 23029 Comm: syz.0.6424 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1119.193339][T23029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1119.198400][T22266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.203669][T23029] Call Trace:
[ 1119.203700][T23029]  dump_stack_lvl+0x1e2/0x24b
[ 1119.203708][T23029]  ? panic+0x812/0x812
[ 1119.203717][T23029]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1119.203727][T23029]  ? ___ratelimit+0x3f7/0x580
[ 1119.203739][T23029]  ? _raw_spin_lock+0xa4/0x1b0
[ 1119.203747][T23029]  dump_stack+0x15/0x17
[ 1119.203757][T23029]  dump_header+0xd8/0x6d0
[ 1119.203767][T23029]  oom_kill_process+0xef/0x2d0
[ 1119.203775][T23029]  out_of_memory+0x9bd/0xe10
[ 1119.203785][T23029]  ? unregister_oom_notifier+0x20/0x20
[ 1119.203794][T23029]  ? mutex_lock_killable+0xa5/0x110
[ 1119.203803][T23029]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1119.203823][T23029]  ? sched_clock_cpu+0x1b/0x3b0
[ 1119.212293][T22266] usb 4-1: Product: syz
[ 1119.214712][T23029]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1119.214723][T23029]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1119.214736][T23029]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1119.214746][T23029]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1119.214755][T23029]  try_charge+0xff2/0x15f0
[ 1119.214776][T23029]  ? __alloc_pages_nodemask+0x435/0xaf0
[ 1119.219304][T22266] usb 4-1: Manufacturer: syz
[ 1119.223124][T23029]  ? __memcg_kmem_charge+0x180/0x180
[ 1119.223137][T23029]  ? page_add_file_rmap+0x524/0x600
[ 1119.223146][T23029]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1119.223156][T23029]  __mem_cgroup_charge+0x147/0x6e0
[ 1119.223169][T23029]  wp_page_copy+0x295/0x1940
[ 1119.223183][T23029]  ? filemap_map_pages+0x142a/0x1700
[ 1119.223201][T23029]  ? trace_spf_pte_lock+0x130/0x130
[ 1119.228538][T22266] usb 4-1: SerialNumber: syz
[ 1119.232935][T23029]  ? filemap_allow_speculation+0x10/0x10
[ 1119.232946][T23029]  do_wp_page+0x71b/0xca0
[ 1119.232964][T23029]  handle_pte_fault+0xd59/0x3e30
[ 1119.258265][T22266] usb 4-1: can't set config #1, error -71
[ 1119.260022][T23029]  ? vmf_allows_speculation+0x6f0/0x6f0
[ 1119.260034][T23029]  ? __this_cpu_preempt_check+0x13/0x20
[ 1119.260045][T23029]  handle_mm_fault+0x11d6/0x1a10
[ 1119.260058][T23029]  ? can_reuse_spf_vma+0xe0/0xe0
[ 1119.260075][T23029]  ? down_read_trylock+0x179/0x1d0
[ 1119.260085][T23029]  ? __init_rwsem+0x1c0/0x1c0
[ 1119.260094][T23029]  ? vmacache_update+0xb7/0x120
[ 1119.260103][T23029]  ? find_vma+0x136/0x150
[ 1119.260113][T23029]  exc_page_fault+0x2a6/0x5b0
[ 1119.260128][T23029]  ? asm_exc_page_fault+0x8/0x30
[ 1119.260138][T23029]  asm_exc_page_fault+0x1e/0x30
[ 1119.260149][T23029] RIP: 0033:0x7f841a198703
[ 1119.260162][T23029] Code: 08 48 83 e2 f0 48 8b 4c 24 10 48 8b 74 24 28 48 81 e6 ff fe ff ff e8 ec 92 13 00 48 85 c0 75 27 69 3d a5 4f e0 00 b8 0b 00 00 <e8> 48 92 13 00 31 f6 bf 3c 00 00 00 31 c0 e8 ca 92 13 00 eb fe 0f
[ 1119.260170][T23029] RSP: 002b:00007f8418f0cff0 EFLAGS: 00010206
[ 1119.260191][T23029] RAX: 0000000000000000 RBX: 00007f841a46e130 RCX: 00007f841a2d19f9
[ 1119.465151][T23029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000249f0
[ 1119.472948][T23029] RBP: 00007f841a33f8ee R08: 0000000000000000 R09: 0000000000000000
[ 1119.480759][T23029] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1119.488571][T23029] R13: 0000000000000000 R14: 00007f841a46e130 R15: 00007ffe343633c8
[ 1119.496804][T23029] memory: usage 307200kB, limit 307200kB, failcnt 11170
[ 1119.503588][T23029] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1119.511283][T23029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1119.517986][T23029] Memory cgroup stats for /syz0:
[ 1119.518126][T23029] anon 200704
[ 1119.518126][T23029] file 314265600
[ 1119.518126][T23029] kernel_stack 0
[ 1119.518126][T23029] percpu 0
[ 1119.518126][T23029] sock 0
[ 1119.518126][T23029] shmem 314265600
[ 1119.518126][T23029] file_mapped 11624448
[ 1119.518126][T23029] file_dirty 135168
[ 1119.518126][T23029] file_writeback 0
[ 1119.518126][T23029] anon_thp 0
[ 1119.518126][T23029] inactive_anon 314368000
[ 1119.518126][T23029] active_anon 270336
[ 1119.518126][T23029] inactive_file 155648
[ 1119.518126][T23029] active_file 0
[ 1119.518126][T23029] unevictable 0
[ 1119.518126][T23029] slab_reclaimable 0
[ 1119.518126][T23029] slab_unreclaimable 0
[ 1119.518126][T23029] slab 0
[ 1119.518126][T23029] workingset_refault_anon 0
[ 1119.518126][T23029] workingset_refault_file 23298
[ 1119.518126][T23029] workingset_activate_anon 0
[ 1119.518126][T23029] workingset_activate_file 627
[ 1119.518126][T23029] workingset_restore_anon 0
[ 1119.518126][T23029] workingset_restore_file 297
[ 1119.612102][T23029] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6424,pid=23020,uid=0
[ 1119.626885][T23029] Memory cgroup out of memory: Killed process 23020 (syz.0.6424) total-vm:87116kB, anon-rss:708kB, file-rss:16456kB, shmem-rss:11348kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1119.663115][T22266] usb 4-1: USB disconnect, device number 127
[ 1119.731597][T23029] syz.0.6424 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1119.741347][T23029] CPU: 0 PID: 23029 Comm: syz.0.6424 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1119.751126][T23029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1119.761015][T23029] Call Trace:
[ 1119.764146][T23029]  dump_stack_lvl+0x1e2/0x24b
[ 1119.768646][T23029]  ? panic+0x812/0x812
[ 1119.772557][T23029]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1119.777848][T23029]  ? ___ratelimit+0x3f7/0x580
[ 1119.782366][T23029]  ? _raw_spin_lock+0xa4/0x1b0
[ 1119.786960][T23029]  dump_stack+0x15/0x17
[ 1119.790966][T23029]  dump_header+0xd8/0x6d0
[ 1119.795120][T23029]  oom_kill_process+0xef/0x2d0
[ 1119.799720][T23029]  out_of_memory+0x9bd/0xe10
[ 1119.804145][T23029]  ? unregister_oom_notifier+0x20/0x20
[ 1119.809442][T23029]  ? mutex_lock_killable+0xa5/0x110
[ 1119.814474][T23029]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 1119.820810][T23029]  ? sched_clock_cpu+0x1b/0x3b0
[ 1119.825497][T23029]  mem_cgroup_out_of_memory+0x2a8/0x380
[ 1119.830877][T23029]  ? mem_cgroup_oom_trylock+0x3a0/0x3a0
[ 1119.836259][T23029]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1119.841464][T23029]  ? mem_cgroup_oom_trylock+0x22d/0x3a0
[ 1119.846847][T23029]  try_charge+0xff2/0x15f0
[ 1119.851101][T23029]  ? __memcg_kmem_charge+0x180/0x180
[ 1119.856221][T23029]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 1119.861863][T23029]  ? __kasan_check_write+0x14/0x20
[ 1119.866810][T23029]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1119.872190][T23029]  __mem_cgroup_charge+0x147/0x6e0
[ 1119.877139][T23029]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1119.882519][T23029]  ? shmem_alloc_page+0x420/0x420
[ 1119.887379][T23029]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1119.892761][T23029]  ? find_lock_entry+0x1df/0x200
[ 1119.897534][T23029]  shmem_getpage_gfp+0xa65/0x2480
[ 1119.902397][T23029]  ? iov_iter_advance+0x827/0xb20
[ 1119.907255][T23029]  ? shmem_getpage+0xa0/0xa0
[ 1119.911677][T23029]  ? iov_iter_fault_in_readable+0x258/0x4f0
[ 1119.917410][T23029]  ? __kasan_check_write+0x14/0x20
[ 1119.922355][T23029]  ? _raw_spin_lock+0xa4/0x1b0
[ 1119.926953][T23029]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1119.932163][T23029]  shmem_write_begin+0xca/0x1b0
[ 1119.936850][T23029]  generic_perform_write+0x2cd/0x570
[ 1119.941972][T23029]  ? file_remove_privs+0x2af/0x570
[ 1119.946917][T23029]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1119.952558][T23029]  ? file_remove_privs+0x570/0x570
[ 1119.957506][T23029]  ? __kasan_check_write+0x14/0x20
[ 1119.962453][T23029]  __generic_file_write_iter+0x23c/0x560
[ 1119.967921][T23029]  ? generic_write_checks+0x3b9/0x470
[ 1119.973128][T23029]  generic_file_write_iter+0xaf/0x1c0
[ 1119.978334][T23029]  __kernel_write+0x5ab/0x9d0
[ 1119.982848][T23029]  ? vfs_read+0xba0/0xba0
[ 1119.987018][T23029]  ? cgroup_freezing+0x88/0xb0
[ 1119.992224][T23029]  ? freezing_slow_path+0x141/0x190
[ 1119.997256][T23029]  dump_emit+0x261/0x3a0
[ 1120.001340][T23029]  ? wait_for_dump_helpers+0x3b0/0x3b0
[ 1120.006629][T23029]  ? dump_skip+0x23d/0x300
[ 1120.010881][T23029]  dump_user_range+0x71/0x1a0
[ 1120.015394][T23029]  elf_core_dump+0x33bd/0x3c10
[ 1120.019999][T23029]  ? load_elf_binary+0x2750/0x2750
[ 1120.024945][T23029]  ? __fsnotify_parent+0x5ed/0x6c0
[ 1120.029892][T23029]  ? _raw_spin_lock+0xa4/0x1b0
[ 1120.034490][T23029]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[ 1120.041093][T23029]  ? shmem_setattr+0x17e/0x8b0
[ 1120.045691][T23029]  ? __kasan_check_read+0x11/0x20
[ 1120.050548][T23029]  ? unshare_files+0x1c5/0x2c0
[ 1120.055152][T23029]  ? cgroup_freezing+0x88/0xb0
[ 1120.059760][T23029]  ? freezing_slow_path+0x141/0x190
[ 1120.064786][T23029]  do_coredump+0x1eb8/0x2d60
[ 1120.069209][T23029]  ? asm_exc_page_fault+0x1e/0x30
[ 1120.074071][T23029]  ? simple_acl_create+0x2c0/0x2c0
[ 1120.079018][T23029]  ? kmem_cache_free+0xa9/0x1e0
[ 1120.083701][T23029]  ? ____kasan_slab_free+0x12c/0x160
[ 1120.088823][T23029]  ? kmem_cache_free+0xa9/0x1e0
[ 1120.093513][T23029]  get_signal+0x102c/0x1410
[ 1120.097854][T23029]  arch_do_signal_or_restart+0xbd/0x17c0
[ 1120.103319][T23029]  ? force_sig_fault+0x125/0x1c0
[ 1120.108091][T23029]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1120.113384][T23029]  ? __bad_area_nosemaphore+0x430/0x430
[ 1120.118764][T23029]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1120.124147][T23029]  ? kvm_sched_clock_read+0x18/0x40
[ 1120.129181][T23029]  exit_to_user_mode_loop+0x9b/0xd0
[ 1120.134216][T23029]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1120.139603][T23029]  irqentry_exit+0x12/0x60
[ 1120.143848][T23029]  exc_page_fault+0x33d/0x5b0
[ 1120.148363][T23029]  ? asm_exc_page_fault+0x8/0x30
[ 1120.153135][T23029]  asm_exc_page_fault+0x1e/0x30
[ 1120.157819][T23029] RIP: 0033:0x7f841a194307
[ 1120.162076][T23029] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1120.181513][T23029] RSP: 002b:00007f8418eee120 EFLAGS: 00010202
[ 1120.187413][T23029] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f841a2d19f9
[ 1120.195224][T23029] RDX: 00007f8418eee140 RSI: 00007f8418eee270 RDI: 000000000000000b
[ 1120.203037][T23029] RBP: 00007f841a33f8ee R08: 0000000000000000 R09: 0000000000000000
[ 1120.210849][T23029] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1120.218661][T23029] R13: 0000000000000000 R14: 00007f841a46e130 R15: 00007ffe343633c8
[ 1120.227215][T23029] memory: usage 307200kB, limit 307200kB, failcnt 11268
[ 1120.233961][T23029] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[ 1120.241904][T23029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1120.248577][T23029] Memory cgroup stats for /syz0:
[ 1120.248720][T23029] anon 471040
[ 1120.248720][T23029] file 313995264
[ 1120.248720][T23029] kernel_stack 0
[ 1120.248720][T23029] percpu 0
[ 1120.248720][T23029] sock 0
[ 1120.248720][T23029] shmem 313995264
[ 1120.248720][T23029] file_mapped 11759616
[ 1120.248720][T23029] file_dirty 135168
[ 1120.248720][T23029] file_writeback 0
[ 1120.248720][T23029] anon_thp 0
[ 1120.248720][T23029] inactive_anon 302473216
[ 1120.248720][T23029] active_anon 11894784
[ 1120.248720][T23029] inactive_file 155648
[ 1120.248720][T23029] active_file 0
[ 1120.248720][T23029] unevictable 0
[ 1120.248720][T23029] slab_reclaimable 0
[ 1120.248720][T23029] slab_unreclaimable 0
[ 1120.248720][T23029] slab 0
[ 1120.248720][T23029] workingset_refault_anon 0
[ 1120.248720][T23029] workingset_refault_file 23298
[ 1120.248720][T23029] workingset_activate_anon 0
[ 1120.248720][T23029] workingset_activate_file 627
[ 1120.248720][T23029] workingset_restore_anon 0
[ 1120.248720][T23029] workingset_restore_file 297
[ 1120.342503][T23029] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.6424,pid=23029,uid=0
[ 1120.357284][T23029] Memory cgroup out of memory: Killed process 23029 (syz.0.6424) total-vm:87116kB, anon-rss:836kB, file-rss:14464kB, shmem-rss:10496kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1120.375231][   T27] oom_reaper: reaped process 23029 (syz.0.6424), now anon-rss:0kB, file-rss:15552kB, shmem-rss:11480kB
[ 1120.406483][T23047] x_tables: duplicate underflow at hook 2
[ 1120.633885][T23045] incfs: Backing dir is not set, filesystem can't be mounted.
[ 1120.741231][T23045] incfs: mount failed -2
[ 1121.748290][   T24] kauditd_printk_skb: 44 callbacks suppressed
[ 1121.755621][T23080] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1122.036301][T23083] ==================================================================
[ 1122.044209][T23083] BUG: KASAN: use-after-free in unaccount_page_cache_page+0x99f/0xa80
[ 1122.052179][T23083] Read of size 4 at addr ffff8881230cb470 by task syz.3.6439/23083
[ 1122.059893][T23083] 
[ 1122.062077][T23083] CPU: 0 PID: 23083 Comm: syz.3.6439 Not tainted 5.10.223-syzkaller-01561-g0890c03b8b7d #0
[ 1122.071876][T23083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1122.081767][T23083] Call Trace:
[ 1122.084904][T23083]  dump_stack_lvl+0x1e2/0x24b
[ 1122.089419][T23083]  ? bfq_pos_tree_add_move+0x43b/0x43b
[ 1122.094703][T23083]  ? panic+0x812/0x812
[ 1122.098613][T23083]  print_address_description+0x81/0x3b0
[ 1122.103991][T23083]  kasan_report+0x179/0x1c0
[ 1122.108331][T23083]  ? unaccount_page_cache_page+0x99f/0xa80
[ 1122.113974][T23083]  ? unaccount_page_cache_page+0x99f/0xa80
[ 1122.119614][T23083]  __asan_report_load4_noabort+0x14/0x20
[ 1122.125080][T23083]  unaccount_page_cache_page+0x99f/0xa80
[ 1122.130637][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.135500][T23083]  ? total_mapcount+0xaf/0x3a0
[ 1122.140099][T23083]  __delete_from_page_cache+0xd0/0x5d0
[ 1122.145398][T23083]  ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30
[ 1122.152338][T23083]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1122.157024][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.161883][T23083]  ? workingset_eviction+0x470/0x9e0
[ 1122.167003][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.171861][T23083]  __remove_mapping+0x567/0x690
[ 1122.176549][T23083]  shrink_page_list+0x1f38/0x4c60
[ 1122.181413][T23083]  ? __this_cpu_preempt_check+0x13/0x20
[ 1122.186796][T23083]  ? sched_clock+0x3a/0x40
[ 1122.191047][T23083]  ? reclaim_clean_pages_from_list+0x8d0/0x8d0
[ 1122.197034][T23083]  ? debug_smp_processor_id+0x17/0x20
[ 1122.202243][T23083]  ? __irq_exit_rcu+0x40/0x150
[ 1122.206849][T23083]  ? irq_exit_rcu+0x9/0x10
[ 1122.211106][T23083]  ? sysvec_call_function_single+0xcb/0xe0
[ 1122.216736][T23083]  ? asm_sysvec_call_function_single+0x12/0x20
[ 1122.222731][T23083]  ? _raw_spin_unlock_irq+0x49/0x70
[ 1122.227764][T23083]  shrink_inactive_list+0x591/0x1150
[ 1122.232889][T23083]  ? shrink_active_list+0x1040/0x1040
[ 1122.238093][T23083]  ? blk_flush_plug_list+0x452/0x490
[ 1122.243210][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.248071][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.252929][T23083]  ? lruvec_lru_size+0x24a/0x270
[ 1122.257702][T23083]  ? shrink_lruvec+0x95a/0x3860
[ 1122.262389][T23083]  ? blk_start_plug+0x5a/0x170
[ 1122.266988][T23083]  shrink_lruvec+0xced/0x3860
[ 1122.271511][T23083]  ? irq_exit_rcu+0x9/0x10
[ 1122.275757][T23083]  ? sysvec_irq_work+0xc8/0xd0
[ 1122.280350][T23083]  ? asm_sysvec_irq_work+0x12/0x20
[ 1122.285299][T23083]  ? mem_cgroup_shrink_node+0x680/0x680
[ 1122.290687][T23083]  ? __kasan_check_write+0x14/0x20
[ 1122.295629][T23083]  ? up_read+0x14/0x90
[ 1122.299533][T23083]  ? shrink_slab+0x837/0xa10
[ 1122.303963][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.308820][T23083]  ? shrink_node+0x2000/0x2000
[ 1122.313421][T23083]  shrink_node+0xded/0x2000
[ 1122.317768][T23083]  do_try_to_free_pages+0x652/0x1630
[ 1122.322885][T23083]  ? try_to_free_pages+0xd50/0xd50
[ 1122.327830][T23083]  ? kvm_sched_clock_read+0x18/0x40
[ 1122.332865][T23083]  try_to_free_mem_cgroup_pages+0x369/0x830
[ 1122.338700][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.343551][T23083]  ? shrink_lruvec+0x3860/0x3860
[ 1122.348333][T23083]  ? _raw_spin_unlock_irq+0x4e/0x70
[ 1122.353365][T23083]  ? psi_memstall_enter+0xfd/0x150
[ 1122.358304][T23083]  try_charge+0x4b8/0x15f0
[ 1122.362562][T23083]  ? __memcg_kmem_charge+0x180/0x180
[ 1122.367687][T23083]  ? __kasan_check_write+0x14/0x20
[ 1122.372624][T23083]  ? get_mem_cgroup_from_mm+0x186/0x1a0
[ 1122.378007][T23083]  __mem_cgroup_charge+0x147/0x6e0
[ 1122.382953][T23083]  shmem_add_to_page_cache+0x6a9/0x10c0
[ 1122.388337][T23083]  ? shmem_alloc_page+0x420/0x420
[ 1122.393196][T23083]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1122.398579][T23083]  ? find_lock_entry+0x1df/0x200
[ 1122.403347][T23083]  shmem_getpage_gfp+0xa65/0x2480
[ 1122.408211][T23083]  ? iov_iter_advance+0x827/0xb20
[ 1122.413071][T23083]  ? shmem_getpage+0xa0/0xa0
[ 1122.417496][T23083]  ? iov_iter_fault_in_readable+0x258/0x4f0
[ 1122.423225][T23083]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1122.428431][T23083]  shmem_write_begin+0xca/0x1b0
[ 1122.433119][T23083]  generic_perform_write+0x2cd/0x570
[ 1122.438242][T23083]  ? grab_cache_page_write_begin+0xa0/0xa0
[ 1122.443882][T23083]  __generic_file_write_iter+0x23c/0x560
[ 1122.449346][T23083]  ? generic_write_checks+0x3b9/0x470
[ 1122.454557][T23083]  generic_file_write_iter+0xaf/0x1c0
[ 1122.459767][T23083]  __kernel_write+0x5ab/0x9d0
[ 1122.464279][T23083]  ? vfs_read+0xba0/0xba0
[ 1122.468451][T23083]  ? cgroup_freezing+0x88/0xb0
[ 1122.473042][T23083]  ? freezing_slow_path+0x141/0x190
[ 1122.478074][T23083]  dump_emit+0x261/0x3a0
[ 1122.482156][T23083]  ? wait_for_dump_helpers+0x3b0/0x3b0
[ 1122.487456][T23083]  ? dump_user_range+0x12a/0x1a0
[ 1122.492218][T23083]  ? dump_user_range+0x141/0x1a0
[ 1122.496993][T23083]  dump_user_range+0x71/0x1a0
[ 1122.501508][T23083]  elf_core_dump+0x33bd/0x3c10
[ 1122.506116][T23083]  ? load_elf_binary+0x2750/0x2750
[ 1122.511056][T23083]  ? __fsnotify_parent+0x5ed/0x6c0
[ 1122.516003][T23083]  ? _raw_spin_lock+0xa4/0x1b0
[ 1122.520604][T23083]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[ 1122.527212][T23083]  ? shmem_setattr+0x17e/0x8b0
[ 1122.531811][T23083]  ? __kasan_check_read+0x11/0x20
[ 1122.536661][T23083]  ? unshare_files+0x1c5/0x2c0
[ 1122.541262][T23083]  ? cgroup_freezing+0x88/0xb0
[ 1122.545868][T23083]  ? freezing_slow_path+0x141/0x190
[ 1122.550896][T23083]  do_coredump+0x1eb8/0x2d60
[ 1122.555328][T23083]  ? asm_exc_page_fault+0x1e/0x30
[ 1122.560185][T23083]  ? simple_acl_create+0x2c0/0x2c0
[ 1122.565136][T23083]  ? kmem_cache_free+0xa9/0x1e0
[ 1122.569814][T23083]  ? ____kasan_slab_free+0x12c/0x160
[ 1122.574939][T23083]  ? kmem_cache_free+0xa9/0x1e0
[ 1122.579622][T23083]  get_signal+0x102c/0x1410
[ 1122.583969][T23083]  arch_do_signal_or_restart+0xbd/0x17c0
[ 1122.589432][T23083]  ? force_sig_fault+0x125/0x1c0
[ 1122.594204][T23083]  ? __do_sys_rt_sigreturn+0x1e0/0x1e0
[ 1122.599497][T23083]  ? __bad_area_nosemaphore+0x430/0x430
[ 1122.604875][T23083]  ? __bad_area_nosemaphore+0x3eb/0x430
[ 1122.610260][T23083]  ? __bad_area_nosemaphore+0x2c0/0x430
[ 1122.615652][T23083]  exit_to_user_mode_loop+0x9b/0xd0
[ 1122.620678][T23083]  irqentry_exit_to_user_mode+0x4e/0x80
[ 1122.626055][T23083]  irqentry_exit+0x12/0x60
[ 1122.630309][T23083]  exc_page_fault+0x33d/0x5b0
[ 1122.634824][T23083]  ? asm_exc_page_fault+0x8/0x30
[ 1122.639598][T23083]  asm_exc_page_fault+0x1e/0x30
[ 1122.644280][T23083] RIP: 0033:0x7f4d003f1307
[ 1122.648535][T23083] Code: 88 15 ea 93 e0 00 88 05 e7 93 e0 00 c3 50 48 8d 35 f6 b5 1a 00 48 8d 3d fc b5 1a 00 31 c0 e8 a0 f9 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[ 1122.652079][T22265] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1122.667980][T23083] RSP: 002b:00007f4cfef28120 EFLAGS: 00010202
[ 1122.667993][T23083] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f4d0052e9f9
[ 1122.667999][T23083] RDX: 00007f4cfef28140 RSI: 00007f4cfef28270 RDI: 000000000000000b
[ 1122.668005][T23083] RBP: 00007f4d0059c8ee R08: 0000000000000000 R09: 0000000000000000
[ 1122.668010][T23083] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1122.668016][T23083] R13: 0000000000000000 R14: 00007f4d006cb208 R15: 00007ffd9f1bc9c8
[ 1122.668027][T23083] 
[ 1122.668033][T23083] Allocated by task 19601:
[ 1122.668060][T23083]  ____kasan_kmalloc+0xdb/0x110
[ 1122.668067][T23083]  __kasan_kmalloc+0x9/0x10
[ 1122.668077][T23083]  __kmalloc+0x1aa/0x330
[ 1122.668085][T23083]  ops_init+0x8e/0x4a0
[ 1122.668092][T23083]  setup_net+0x367/0xbf0
[ 1122.668099][T23083]  copy_net_ns+0x32f/0x520
[ 1122.668109][T23083]  create_new_namespaces+0x410/0x660
[ 1122.668125][T23083]  copy_namespaces+0x1d1/0x220
[ 1122.679044][   T24] audit: type=1400 audit(1137.748:22303): avc:  denied  { remount } for  pid=23077 comm="syz.1.6440" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1122.681452][T23083]  copy_process+0x11a0/0x3340
[ 1122.785775][T23083]  kernel_clone+0x21e/0x9e0
[ 1122.790103][T23083]  __x64_sys_clone+0x23f/0x290
[ 1122.794703][T23083]  do_syscall_64+0x34/0x70
[ 1122.798961][T23083]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1122.804677][T23083] 
[ 1122.806849][T23083] Freed by task 22591:
[ 1122.810761][T23083]  kasan_set_track+0x4b/0x70
[ 1122.815186][T23083]  kasan_set_free_info+0x23/0x40
[ 1122.819956][T23083]  ____kasan_slab_free+0x121/0x160
[ 1122.824903][T23083]  __kasan_slab_free+0x11/0x20
[ 1122.829507][T23083]  slab_free_freelist_hook+0xc0/0x190
[ 1122.834714][T23083]  kfree+0xc3/0x270
[ 1122.838360][T23083]  skb_release_data+0x5c6/0x6f0
[ 1122.843043][T23083]  kfree_skb+0xb9/0x320
[ 1122.847040][T23083]  neigh_connected_output+0x427/0x450
[ 1122.852248][T23083]  ip_finish_output2+0xb7a/0xfc0
[ 1122.857017][T23083]  ip_do_fragment+0xc22/0x2310
[ 1122.861621][T23083]  ip_fragment+0x123/0x210
[ 1122.865871][T23083]  __ip_finish_output+0x557/0x740
[ 1122.870745][T23083]  ip_finish_output+0x34/0x1e0
[ 1122.875331][T23083]  ip_mc_output+0x3d3/0xa30
[ 1122.879669][T23083]  ip_local_out+0x92/0xb0
[ 1122.883845][T23083]  iptunnel_xmit+0x470/0x850
[ 1122.888266][T23083]  ip_tunnel_xmit+0x1e64/0x2760
[ 1122.892951][T23083]  ipgre_xmit+0x87a/0xc30
[ 1122.897119][T23083]  dev_hard_start_xmit+0x228/0x620
[ 1122.902061][T23083]  __dev_queue_xmit+0x16f1/0x28e0
[ 1122.906922][T23083]  dev_queue_xmit+0x17/0x20
[ 1122.911264][T23083]  __bpf_redirect+0x665/0xde0
[ 1122.915777][T23083]  bpf_clone_redirect+0x24d/0x390
[ 1122.920637][T23083]  0xffffffffa00165e6
[ 1122.924456][T23083]  bpf_test_run+0x40b/0xc20
[ 1122.928794][T23083]  bpf_prog_test_run_skb+0xb6e/0x1410
[ 1122.934006][T23083]  __se_sys_bpf+0x5235/0x11cb0
[ 1122.938600][T23083]  __x64_sys_bpf+0x7b/0x90
[ 1122.942857][T23083]  do_syscall_64+0x34/0x70
[ 1122.947111][T23083]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1122.952832][T23083] 
[ 1122.955002][T23083] Last potentially related work creation:
[ 1122.960564][T23083]  kasan_save_stack+0x3b/0x60
[ 1122.965075][T23083]  __kasan_record_aux_stack+0xd3/0x100
[ 1122.970375][T23083]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1122.976011][T23083]  call_rcu+0x135/0x11f0
[ 1122.980091][T23083]  netlink_release+0x12df/0x16f0
[ 1122.984864][T23083]  sock_release+0x7e/0x140
[ 1122.989126][T23083]  netlink_kernel_release+0x4d/0x60
[ 1122.994149][T23083]  fib_net_exit+0x4b/0x80
[ 1122.998315][T23083]  cleanup_net+0x66c/0xcb0
[ 1123.002571][T23083]  process_one_work+0x6dc/0xbd0
[ 1123.007255][T23083]  worker_thread+0xaea/0x1510
[ 1123.011768][T23083]  kthread+0x34b/0x3d0
[ 1123.015675][T23083]  ret_from_fork+0x1f/0x30
[ 1123.019921][T23083] 
[ 1123.022092][T23083] Second to last potentially related work creation:
[ 1123.028522][T23083]  kasan_save_stack+0x3b/0x60
[ 1123.033031][T23083]  __kasan_record_aux_stack+0xd3/0x100
[ 1123.038338][T23083]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1123.043969][T23083]  call_rcu+0x135/0x11f0
[ 1123.048048][T23083]  netlink_release+0x12df/0x16f0
[ 1123.052821][T23083]  sock_release+0x7e/0x140
[ 1123.057073][T23083]  netlink_kernel_release+0x4d/0x60
[ 1123.062110][T23083]  nfnetlink_net_exit_batch+0xd3/0x110
[ 1123.067402][T23083]  cleanup_net+0x6e9/0xcb0
[ 1123.071654][T23083]  process_one_work+0x6dc/0xbd0
[ 1123.076346][T23083]  worker_thread+0xaea/0x1510
[ 1123.080855][T23083]  kthread+0x34b/0x3d0
[ 1123.084761][T23083]  ret_from_fork+0x1f/0x30
[ 1123.089007][T23083] 
[ 1123.091182][T23083] The buggy address belongs to the object at ffff8881230cb000
[ 1123.091182][T23083]  which belongs to the cache kmalloc-2k of size 2048
[ 1123.105076][T23083] The buggy address is located 1136 bytes inside of
[ 1123.105076][T23083]  2048-byte region [ffff8881230cb000, ffff8881230cb800)
[ 1123.118346][T23083] The buggy address belongs to the page:
[ 1123.123823][T23083] page:ffffea00048c3200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881230c9000 pfn:0x1230c8
[ 1123.135185][T23083] head:ffffea00048c3200 order:3 compound_mapcount:0 compound_pincount:0
[ 1123.143348][T23083] flags: 0x4000000000010200(slab|head)
[ 1123.148644][T23083] raw: 4000000000010200 ffffea00047a7a08 ffffea0005701608 ffff888100042d80
[ 1123.157060][T23083] raw: ffff8881230c9000 0000000000080007 00000001ffffffff 0000000000000000
[ 1123.165474][T23083] page dumped because: kasan: bad access detected
[ 1123.171737][T23083] page_owner tracks the page as allocated
[ 1123.177285][T23083] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, ts 20108417294, free_ts 0
[ 1123.195254][T23083]  prep_new_page+0x166/0x180
[ 1123.199680][T23083]  get_page_from_freelist+0x2d8c/0x2f30
[ 1123.205057][T23083]  __alloc_pages_nodemask+0x435/0xaf0
[ 1123.210267][T23083]  new_slab+0x80/0x400
[ 1123.214169][T23083]  ___slab_alloc+0x302/0x4b0
[ 1123.218597][T23083]  __slab_alloc+0x63/0xa0
[ 1123.222759][T23083]  __kmalloc_track_caller+0x1f8/0x320
[ 1123.227970][T23083]  kmemdup+0x24/0x50
[ 1123.231793][T23083]  neigh_sysctl_register+0xb0/0x530
[ 1123.236822][T23083]  addrconf_sysctl_register+0xae/0x1a0
[ 1123.242115][T23083]  ipv6_add_dev+0xc11/0x10b0
[ 1123.246541][T23083]  addrconf_notify+0x58e/0xe90
[ 1123.251141][T23083]  raw_notifier_call_chain+0x8c/0xf0
[ 1123.256262][T23083]  call_netdevice_notifiers+0x145/0x1b0
[ 1123.261641][T23083]  register_netdevice+0x1066/0x13f0
[ 1123.266686][T23083]  veth_newlink+0x835/0xb50
[ 1123.271014][T23083] page_owner free stack trace missing
[ 1123.276308][T23083] 
[ 1123.278478][T23083] Memory state around the buggy address:
[ 1123.283948][T23083]  ffff8881230cb300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1123.291844][T23083]  ffff8881230cb380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1123.299745][T23083] >ffff8881230cb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1123.307638][T23083]                                                              ^
[ 1123.315191][T23083]  ffff8881230cb480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1123.323089][T23083]  ffff8881230cb500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1123.330986][T23083] ==================================================================
[ 1123.338884][T23083] Disabling lock debugging due to kernel taint
[ 1123.494223][   T24] audit: type=1400 audit(1139.585:22304): avc:  denied  { unmount } for  pid=20108 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1123.779661][T22265] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1123.790387][T22265] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1123.799941][T22265] usb 3-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[ 1123.808759][T22265] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1123.817521][T22265] usb 3-1: config 0 descriptor??
[ 1124.296924][T22265] logitech-djreceiver 0003:046D:C71B.006B: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.2-1/input0
[ 1124.506967][   T25] usb 3-1: USB disconnect, device number 105
[ 1124.619031][  T541] device bridge_slave_1 left promiscuous mode
[ 1124.625056][  T541] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1124.632765][  T541] device bridge_slave_0 left promiscuous mode
[ 1124.638895][  T541] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1124.647210][  T541] device veth1_macvtap left promiscuous mode
[ 1124.653154][  T541] device veth0_vlan left promiscuous mode