last executing test programs:

21.609947602s ago: executing program 4 (id=2514):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x606)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0xc000000000}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r2 = userfaultfd(0x1)
fchownat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x100)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
read(r2, &(0x7f0000000200)=""/183, 0x28)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSFF(r4, 0x40044581, &(0x7f0000000300)={0x53, 0x0, 0x4d, {}, {0xfffd, 0x1}, @ramp={0x9, 0xb64, {0x101, 0x7f, 0x1, 0x101}}})
close(r2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d8, 0x0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x308, 0x20a, 0x278, 0x308, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x198, 0x1c0, 0x0, {}, [@common=@inet=@tcp={{0x30}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x438)

21.436348287s ago: executing program 1 (id=2515):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001700)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000004000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c30000f7a8af54819ef9173797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000070000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff0000000041554449540000000000000000000000000000000000000000000000000000000800080000000043000000000000008105000000000000000000626f6e645f733421b1221907000000000000006b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000004000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c7065727c112381000000000004ef000000000000001000000000000000280000000000000000000002524153000000000000000000000000000000000000000000000000000000000000000000524154454553540000000000000000000000000000b200000000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0300000000000000000000000002000000ffffffff01000000093d848e49b022ea090064756d6d793000000000000000000000697036677265746170300000000000006272786467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552ebff0000000000000000000000e662f20000000000000028000000000000000000000073797a31001b00000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000008a00000000000028000000000033790000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966627de6000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000f40000000000aaaaaaaaaabb00000000000001007000000070000000a0000000434f4e4e5345434d41524b00000000001108000000000000000000000000000008000100000000000000000000000018"]}, 0x498)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
socket$unix(0x1, 0x0, 0x0)
connect$nfc_raw(r1, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10800, 0x0)
socket$packet(0x11, 0x0, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r7}, 0x4)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r8, 0x40204706, 0x20000004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000061a12b4000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r7, @ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x8}, 0x90)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x49, 0x0, r2, &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000280)='./file0\x00', r2, 0x1400})
io_uring_enter(r4, 0x3f70, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
socket$inet6(0xa, 0x0, 0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

19.00403645s ago: executing program 0 (id=2519):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000038ff4f40d3131932677a0102030109021200010000000009047a01005e8b15efaa06d5b0fd599b339f4ee9f50c322593ac4b3ed07b19ee6687002b9c7554489e453d93e83bfb571efe10be00000000000000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006a40)=[{{0x0, 0x0, &(0x7f00000069c0)=[{&(0x7f0000006780)="e0785a40ab6df9a48ac44e6c248d0db0a6e51d01c56a10b7a656db2e02a38ccc896aeff9c60d37fd28f049e299be5810b1d5cb7af295cb1f89e1f194af3c55ba102129ad57af8fa354e20f084606fb952d8d2f824e533c45aadbe2", 0x5b}, {0x0}, {&(0x7f0000006840)="e6f173bb4fb1014a8880c6270601171c069a198e46bfe164d161f7caa8551c3e3e56db3210c79ecef2e6c1066033de5c8d00eecb527e9d32227fc17058652967b2e9cef773525c32acae01fc77860cd80730a7f4e8d3b997f1efcbc14938cd7333447d58587576792170f07637f8fde5763cf58be80674fd2fc52327936e8d73940382914766b8428e2a9fe95a06f446a503e0015c31a53158f35e662c1db5769be59e", 0xa3}, {&(0x7f0000004300)=')4', 0x2}, {&(0x7f0000006900)="e537f3f563ca8cacd76d6ba600b1d1d0da21b97c6552ebc3fc5a53699cd2a4ab5890c657f02a7d3418b1a0508a8fa42846876bb28005906a89c55f6b7c6a5135424b950776e58228f1f0f92514085a896b94a7363578fd8a95a080d8f7877afed6a6cd", 0x63}], 0x5, 0x0, 0x0, 0x80}}, {{&(0x7f0000006d40)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x2000c850}}], 0x2, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$caif_stream(0x25, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r4, 0x3)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000900)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xe, 0x94, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "498a5fe03df134cd5a254593b9dfa27e"}, @md5sig={0x13, 0x12, "5fb3abbd3ee24c1a5ee2b19d9f665413"}]}}}}}}}, 0x0)
sendmmsg$inet(r3, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

18.528047402s ago: executing program 2 (id=2520):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x10, 0x803, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d8"], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x0)

17.690747416s ago: executing program 3 (id=2521):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00')
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000240)={0x30, r5, 0x1, 0x3, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7, 0x35}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x30}}, 0x0)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)

17.224756827s ago: executing program 4 (id=2522):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x11, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)

15.003857425s ago: executing program 3 (id=2523):
r0 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x400}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xffffffffffffbffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$sndmidi(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x4})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000280)={'syztnl0\x00', 0x0, 0x1, 0x80, 0x4, 0x44, {{0x11, 0x4, 0x2, 0xf, 0x44, 0x68, 0x0, 0xc6, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, {[@cipso={0x86, 0x29, 0x3, [{0x6, 0x12, "eac2abe767d5326803a0756f5102e37f"}, {0x0, 0x11, "4960ddcd85ecb5130ceb1eb28a1287"}]}, @ssrr={0x89, 0x7, 0x8c, [@local]}]}}}}})
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000753000/0x3000)=nil, 0x3000})
io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'gre0\x00', 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ad0000009500"], &(0x7f0000000440)='GPL\x00', 0x8}, 0x90)

14.967169886s ago: executing program 2 (id=2524):
r0 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x0, 0x481)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, 0x0, 0xa2442, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r1, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffd})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000000))

14.844657419s ago: executing program 4 (id=2525):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000240), 0x0, 0x400800)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
kexec_load(0x0, 0x0, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
ftruncate(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET_FEATURE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x33fe0}, 0x33fe0}}, 0x0)
sendmsg$AUDIT_TTY_GET(r4, 0x0, 0x0)
recvmsg(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$unix(r4, &(0x7f00000006c0)=[{{&(0x7f0000001800)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000700)=[{&(0x7f00000004c0)="7b93228d097530dda283900451f605307c297393029f50d321a052aa694a9c00243e1baacfc39482783170f73976f7260ad5ab02f3a2e26cac6f2d92c1cbc4ec0b3f343d7bb4a17be502bcf1b5bba3a80f491c82ebc7f8503fe1ca26139e924c6f4aff5b0a97d79c7ae01d588ab5a9d494cf81b89838f420ee6c7bf05052120ec8ee4a8810ce858220ea7abc6e9d2a92c894c237eb0c6ec59e42f83893e920ab306888da799e0891aa39a782310143946f68018cb5ebe987ed1cdb244f0c95c8535c590f1bbcdbba1504e35518b99e02733305532faefcd429ec6428d112f3afe464224114fc522f41", 0xe9}, {&(0x7f0000000800)="c0334e92ceef84cc59defeefb1084619279b22faae88ebfae6b36d2122b129bc9e3b53cde20c81c73211cf9d3410f93cfbfaf17c4cee2c31967a35e98af2eba7f6b843f8ce412161cdf5d1c86110970331b27d4d6598cb4124fb5bc1ab6de5d6da10c032285ee60de7b96afe0a115313dae79c16e8d485ac6d91e7d8a57008ad775feefee469d93173d90a10f0bef700bbeb233140470e2c3c5e7575d1dc455216f545340b9279bb7e7a1e45e88e37943d7414d4421731e5c3d2b5f334f2b0912abfefaf9f7577bf63cece623c8f6699ea2d5aa9a5f9da58936516ae0251bb98a5470b3b48811304a3de0a64f4987236f09d7975233706cc783a09ba480d91858af76a2ea9beb0365f45c555fd5f3beeadb9ccb522e2d84998afa890a3ca9f531c5e2cbe98ecd2d6ceb14608d81f7039c344cd30e819649c132f8534bcfe599c2ef2a8bfc3e10b173e63d1cc2d7e5222eb35c72e1f76f7f2c3545313c42b08bf4672f372c774b091a62f242a8ea885994decf93cc54becf08218960d819b15a409df18183f5b67874bbd650879f81b71f71460133cff14a9f4085b834161b53076b3112d06ec4a02cf1eca21e5fe6e061ddae1517440cff46f1ff60448a480ed4fe01d231e5f9a1dacbc23f5d4fe18c42fbc0c5efa9ed081573a6a49425ae7f04f9401ef7826b173918885041a7e420cebb855d429930924d229602b4e6f54e0d31b2f410ae66ef2d8e600a7fd4146246faaa29b9731992ad567d6708fa5e26cf0f04d3c1e246e8e34823696ad7feeee60b2267f1bf2fcee92a96b5c0cbc7588f361464063ee6c934a0f04af2021272bae21a28c23e6232014909313657ad412553ac8961da44350d0c143051c0a44305a696da2fbb36e9644135047dcb86424d5a1badb4846131f0151b6cb1d7ad7119ffa5c64066b8dfe0281a6effb649f11293a0c2e545d61e19ec6d1bc93d964e6e3f30076c5d12d6ffd2bdf758fcad44916de0c0ab05b4db7add91d00159bb85ad4ecf705f8a30b07ae9494c966dcab90231ebaf0c8d4cf445a614b5b073a5aa3db72c542378753eed106fe57e060d0580130ed6066a24e879ff06e49ba86039255e7ef72593bcc32c58ed93499add270e45e5a41100ef1fcf8a3ca13fff53ecd994a99f235f97d02f44b3039e8691894366ced6f002ff69fcc9d0d60f47ef266266cd76a786abae4ce54ca4dbcb2a7b122194f4b4ad41c8265d9e69072a06982cb22efea78f6eddb007952e7cfbc5e608e8727068ece893c478b1c29674cf12868a3d1a2f5ade2264e878672ca7717050447ba1f451183cb61d44dd46e4d868b47f1692ca54c502435f2da95e79c98ab59d766c7ea7663d49e22566e1d156422360f1ad2559c4bcfd044e79f9c2b40c13aed043660602b56c4139c0dc1824ea3a48332f6efdd7dc44cb5e48dbcbd6ad056ed9fcc2e8189220d9b28e3554f66ee33e28261a13597bda695f5b6ee3a735373720b0ed1f45879efe983ad32b272022cf0bd55e0e18f483663ec0d6de7e68e619b391219e76c0e8b79504bb82a75034c8c4016020a53c9c82dc85ccf495fc58155aee151e75c93cbcefbc78e02d6165bc5b4e67de3fef1e93c497635550d5972195e0e0fe785225d360fff67beabbf13b50743f88bbc1be6b3e828e6dcd5e489afe4349061412d365336a694f1a2c626a6d3dd056831975cf5e7b24f4360dcc50f8886d1e89d21e679f8f6a02cccf314c779627b590ca8e8ef693226823939c4f0eb631869bc4d218610051a733ddfbc96510aa2ed5e2dd76b039772619478ddb1b2875451bf1c8b1e72786621a44ec45763659e5bf1874ded11b8ae29987dcc40ec32bdeeed4597c4960b52a694483f6a7703b1dcfb070d84b2ea8ade439521e6e08629af25e9aa82bef447c78bc20026dd70996cd63d158ad031ab8883763439eda6b95191f2ba377783e2d2dbb4ad71c7081d1d1a2121a40395756173bb75b507c5f56edff695b350496b7422a6a30c0b94078cea796e8e6ff7687f52e12b00240872ef2a88b8f413dda7d842fb51611a5c9e4b460f8100a0f3593ba2c5df76f21db222eb977042855a53b8c52bffb5fa007dbec39d9a3861c7b3ff8d5a7b3ccd0730049654330419d17e18aaa1dd9693e010fb8f0ad4a7f8da7c3179412676b5971c26b9c001253f71e5f9ecdb6947de57d3a575f50f65b35a14ffccfd252b1e4edb01308fa9a35c2fcd124cce8de71242cf08bebd8a7f6332369267cf3543a1d863dc33c01baa92746cd881e81953ddd064a774729f8f0f7bb1b298e2afa0f20cf2238ee3d93e6d26801277b658b69b8edc500e3888afee65bd56264e26b87f99fc76970a0aa5523548e7649fab330be7a684b7165a82c0bd3152028342dd1f257c749b76f3beda2722de829f6e6c172612c6b9f3b68151e226069ec45000426b44fbdf12de7dc72ef63051fe8a945d6f01b014d4d3bab8bbaf601137445ec309e802e121d4aa38c8855ebfa00f8280c593ec207d081c2dffad53fc3451c1cb24425129c55d0a4e8ccc1ff79fe8fa54bb004ebd15b5e8d88eb545d5b2eaf1ceaf3f71c65b6f075c5486e1f3e1c49e8d99a7e8a9187f13d583b2064c10bf784a2bab8b56e0439a847da674722465874e43c6c2090a2b1e4204d500505f9accda322123c4ff901107759c55005d3912069168e3aadcd0eaf61b50199043f745e8597cc995a6fc1eba400c529e65b89ebb3175f77da48ebd8fdd138c7d85858cb93597cc6e619818760885bd1403a9204eb89152b2b000c4ef86b0a554b6d85b12d078a3b9732b2d0433b502ba4b36180860895e1d01b6e1133d9069ebc6b4915a52dee1a7a98824032430d107b54450f2cb95d27c50b044a2a148d740eba0348af2b5be75d8711bf9d4d7f04e4e956b1e6a6f8961abc6fefea8c86fe4d716da1706ddebe52e583b432b477a71d568e4f24b6e030e6194d0cf0f53133c6e1e91a6be9e3e3ddd1c98e4549b5ca829a652595b263b962a873c7500ae1fb5989a1b1f6a6a7f820b2f6b9027fec2dbbaa67923aed79718d365446b1c74695325885861e292987353802c1ac32e9ce81d2a0987b7613b871f265f51f1d37421d4a959761f0da8b8994e2131fcb5957597d8635c1ddc0b3f0df0a79427ba1e9fc4a39c2c40dc20358bef6eea7099275cad6d74eaef2187db41231993c28adb50e103b6b105d6206828a609175c24f40896f9bf7801d796f7012b49e1357732544a9363756f4031486f0e8b6cc47fcb76ae57b85a9db86eb12b5ac2fe20db75b59f4ed8d662654e9b3f288e2cf4d8196d6f6c734919b7f1c0b9e910f6f28c59b1b6332bedda4e5025e20bcd99546d13b44bf19e5739aabebb45fa499792a89891faeb71779cac4f01f435d6c94120a6be9d92eed720b9279437f407fa456dd375c6ac7428631f9ef387dbc198f1fd674a17c316f208ca3cb1f26756afccca7aada89675343242b71bcbbaaadcf7664598875bf79d3ce117b3e4b7902607fc06f41063b3957e41a00bcf1ef81d307dba7cd9d7a92d942386fd0676e5893a8a296b53f255cd67b8b72dd760de5a9f152941097fbee727fd54c5f7e536e62ae9a2798e23b3f410ce45f7901aa25167f28c35fe6ae11c07c1f2e24933fe111c6ad4824f0a6989d24072e1dd595ff6b42296c1ebb8563960c0824f52203ccbbd5dc3e02100c6c628fa5e9b48dded3527c3940ff60726f783adcaa0d526ae6fe12caefe547f7b900df720972c61f31e6e82f7e6276509dbe6260efac7f2337e91b0047dd577aaf5b50c9e56ec72373342c0dea9ddaa9ec097662dff8758aad0ec0539d668a96ad49047081acd8a4caa4b2973a454fbf0d15a6ed8e2a3072fab8b161bde32a27a6207bb6322e34f48b824c9d8c19b8986616d155a7470148914929ad0df0531388bc02d97da7d3390a9b8d77246965c790d2fa240d65337b1cf2d1336fdea63f5def5d0b5ed141817329cc05e3952f280d1d11b0d52e838aeca0b869250d99a9621f828f77dd1b71e6faa44c681efc4f458aa591cb305f7ec2180907277c4a16a5b108128abf65c3799f0b1665ad9e079c89dbef260c791bf22ac5918dea2597d9538b4f63aaf609272efada35c550dda18497ba94cf1ef6014fae4379734003c6b4135c24d23561f2856ab1e73ea48c1c3aca7cc5840fd6929c09b7295dc0998790fe78b100b55f2ff3e00b985c70601a37f4f024e141722de52e3ba6d8fc5728c7eaa6fcc1779d071cb31d5b970217a9a1b2f509b17ea4a8e25f83f9f6d0fb2ea810b08e25031ad7b11fae4e8a31b234156fcde8941d3e35c7433851add0c91ac50e7be0b91fe13a93573abbe58e20032bf0d8399a5a43e1e2fa3b46f9c0688fe127126dd71e055df47c5026b2883c82b457e25fef4b74059f9d4b01a7345925b116187f414e3518c37aad17cf78388925964461f902d426282922bf57e8dd58996e2b6827a69e22715398f1648837584572a973f6ead72afddc32ff366bf96ad59bb5d86a551e6143690a5234f8b399d2bc485146e6021dc851a8b4074b10ee9be0a4215352d3390ed54aa689c03011c26da876137bac4d42becfe0e0543970e9b9fe62faf083691614ac9e2d399a159b28ca537bf4bf86222d0afaa311b162fa6ba863d0e4e1e8c4e04a11c4a0cd04950af0b903bfa029a814bd04d920df0b4885f17ab148e7d2e85e7d7d915cdddec1a28ca6112c0a99fbf5151de61d34508ee233066e9ee5d62e808644ff82368f5146de696f1faf5e87918a5079c600f8858dd58a2318460f9316c1a4777ec52c2fd5238db2bc6b27f9f6ea7bcdfed617e620e525a38a75fdf22e1cc7de7fe5ea6a5a3359eba2933eeada78969b1dfa56dac4fa868f68d1c1df4a4441eb75a184007766f627d927367a4a9086ac4bae7491e546f7c70a5fa128dec756521ee79aca8b06a09a7f54fe0ea05324cc1199839d11c1437c1c92cb381ce49541bdf5ce08945ecd81e0f1c307599e1fee20f04e38f74d9c98dde734f0e40449af3f3dfc2d67312c63a7877de28c0997d25e285df31dcbf17e52df9419a3ad0985393b16f038bad2bc3366dd0114055679f885a5b9789f5e1dbe33175d1950bc200db6e61373fbe4751337d825b27a7d15faa0de9011d4f36c89e7606e25e004823c0a2668536669a7514e0d52cb687f7530898a2aabc5dc9da3e6fe8f24b2c009fdf1f218be6a7f8ff76c68f82d75069836ffd7118cc81a67f10097bb3b012b1ec7a0aebebd14d9c1f37e616f1a5beb8634ab52aa28f6a8345cf1eaa11762500ed4d4c40ae657400a9b3087ca5b9e1f4f2f6780f8e5e33e5738a1c65197a1c7bd0369ef063685b83e434790a77b0c1af13b18db69ce7cb9229052453c11bbc31891bac30a71489472aafbaf96a9980b84b02dd9dcd198848f36e096533d228368026ffacb9b93df7d1aa01252e9849d5dbeba24d0feaba5d34fac7ce1adb22280040e10de73cc1b42dd346544580403cdd160a151bbd7ccc9570c0cb87fc43f1de30f45e980dae8a31ca38f752b2ab925613752bc59ce27a29f34266bd048f9dc531f4b2cb741d708a83dd2e3a44298dd4e4e70e44bb4c91e75cd9ae97e727498ceb6512deff6373a174f8839358b7ae12fc0262c844737f21803017820cec35a4b50db37cdb6b9549f84ebe18b83205ed4fccae4e01bfaca809922a5e7136c8f2519c1db3c3fdee0fa678ca0ca3e3ce5a75a34a3f0cd0521001516eaebbce790a2cf2952c0c4a49249d6cc8fdc98681eb", 0x1000}, {&(0x7f00000005c0)="851691faed24c148e5e0ffa1a7c4ae854e38222f3d434ef36b661fe94f195fd1c9cef0ffc0fe5d82f477ec64b537cc2c92fbc2d96c502a3d68fcd9043805247082c1064e93a0235494891b332fbcd9e1882e83b7450d4ee98c207a69d4640f253b582494b72b0cd332224aff26088378b773c8a5b096c354a6126b2e251f8c8b3cc056f954bcf8afc445062a6842451f4d02029ec564df34d63fb987f49ad5672f2e352b11177bdbe194a1da6fb56288992fdfe99301555cce09043f3e3d58b76fdaa445d4b9e1410944b9", 0xcb}], 0x3, 0x0, 0x0, 0x20000010}}], 0x1, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000180)=@usbdevfs_disconnect={0xb3})
shutdown(0xffffffffffffffff, 0x2)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x22, 0x17, 0x4a, 0x20, 0x4b4, 0x861f, 0xf9d6, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x73, 0xa7, 0x7a}}]}}]}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)

14.517677095s ago: executing program 2 (id=2526):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = io_uring_setup(0x1698, &(0x7f0000000340)={0x0, 0xac6c, 0x0, 0xfffffefc, 0x4})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

14.15375212s ago: executing program 0 (id=2527):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

13.866032253s ago: executing program 3 (id=2528):
r0 = socket$netlink(0x10, 0x3, 0xf)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x0, 0x9}, 0x48)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r1 = getpgrp(0x0)
syz_pidfd_open(r1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x6, 0x0, 0x8}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdbc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa90d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217acf5b, 0x0, 0x0, 0x8000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r7, 0x0, 0x0, 0x1000f4)
fallocate(r6, 0x3, 0x0, 0x1a00)
cachestat(r6, &(0x7f0000002940)={0x0, 0x40}, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

13.550241442s ago: executing program 0 (id=2529):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet(0x2, 0x3, 0x3)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0x98, 0x8, 0xfa04, 0x0, 0x6c02, 0x150, 0x194, 0x194, 0x150, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)

12.494035952s ago: executing program 3 (id=2530):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x10, 0x803, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r0], 0x3c}}, 0x0)

12.314522837s ago: executing program 2 (id=2531):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={{0x14}, [@NFT_MSG_DELOBJ={0xd8, 0x14, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_OBJ_USERDATA={0xa5, 0x8, "012feb332fbb28db2102c88aaa91584966ec6de368483f27e1fdd7e9c6b764609da1e5a4f236f930ddd2b68a2e1f6b00bccd530787ddc10d667734dc5fd8e857c5ef8acfbc81cc43f1cf8f11eb4f8d51a4102e3e01180055d3e7de74b959443b6db5dae0c518356f2668e5718aa5233e73d15557d4161ab2e8e6c58cb09fbbdb588ae39faff6dc080ae69e7f352dc1f50ee70c7e9da57ca65af5b12ee3b365fc49"}, @NFTA_OBJ_USERDATA={0x19, 0x8, "221200f6c996618c3db546c47541bc821fd0850f98"}]}], {0x14}}, 0x100}, 0x1, 0x0, 0x0, 0x4}, 0x1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040ac05624200000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff000056fbffffffffffff0000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000068000f4cd00"/136], 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
syz_usb_connect(0x0, 0xe4, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d200010000400009046a00067af4190009050f1020"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = fcntl$getown(r3, 0x9)
getgroups(0x3, &(0x7f0000000040)=[0xffffffffffffffff, <r5=>0x0, 0x0])
setresgid(r5, 0x0, 0x0)
syz_open_procfs(r4, &(0x7f0000000000)='net/softnet_stat\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020}, 0x2020)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140)=0x19)
ioctl$TIOCVHANGUP(r2, 0x540b, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, 0x0)
mmap(&(0x7f000053a000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0)
r8 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
ioctl$SIOCAX25ADDUID(r8, 0x89e1, &(0x7f0000000240)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}})
socket$igmp(0x2, 0x3, 0x2)

12.297299155s ago: executing program 1 (id=2532):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x10, 0x803, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r0], 0x3c}}, 0x0)

11.51460224s ago: executing program 3 (id=2533):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x20000000)
socket$igmp(0x2, 0x3, 0x2)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6(0xa, 0x1, 0x84)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
sendto$inet6(r2, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000003680)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000034c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3, 0x2, 0xff}, 0x20)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x60}, {0x6}]}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
dup(r4)
r5 = socket$unix(0x1, 0x0, 0x0)
bind$unix(r5, &(0x7f00000000c0)=@abs={0x1, 0x2, 0x4e22}, 0x6e)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getsockopt$bt_hci(r2, 0x84, 0x6d, &(0x7f0000002280)=""/4090, &(0x7f0000000040)=0xffa)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

11.493211162s ago: executing program 0 (id=2534):
r0 = socket(0x2b, 0x1, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x41800)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x5, 0x5, 0x8000002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r5}, 0x10)
r6 = io_uring_setup(0x1693, &(0x7f0000000080)={0x0, 0x0, 0x40, 0x3, 0x1dc, 0x0, r1})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_UNREGISTER_BUFFERS(r6, 0x1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
process_madvise(r1, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000280)="29bd", 0x2}, {&(0x7f0000000340)="c7d171d147cda0421576d48d4766d8706503726a66cf5b61c61920747ec38c3b58f285bf6e46e2a7b4a17feeec2513539df284d7e0c91c873f9ec1f728ec127b83f6fef2d1db92cbb6a15cc362f6a5777c28b3d51bcd9a51d8233b1a57e7c77250eb380fc1c00689dc2b00a90631477fdb64b0b22cc5fe273d13050a0649530e007167a90a30eb92fcf2b1567c57826a5665bf673ba1f78a91828effbc15661d6a3cc0517ca456f5659beb10c12095447813c915c4fbe4526864cd0110c52d31f9e805269f27ee502344ce8a3fb6d87c23fe7b103be1504b4376d7d0", 0xdc}, {&(0x7f0000000440)="a8f77739b1a01879e08ebb5d1c6deb39a51ee476b424d5e78272e8b0495241215df3334db3ef1a3ff677b8ea9c7ed89dd753c9d6765632970db403d5d83d8cf4b9798aac2a2ba3c33d87a7019cb46074626392bf2146578fc1", 0x59}], 0x4, 0x10, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000100)="63acf0c7", 0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
write(r7, &(0x7f0000000440)="0f", 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x22c65)

11.435277699s ago: executing program 4 (id=2535):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x10, 0x803, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d8"], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x0)

11.16461289s ago: executing program 1 (id=2536):
r0 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x0, 0x481)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, 0x0, 0xa2442, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r1, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffd})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000000))

11.123495859s ago: executing program 3 (id=2537):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ec278ac0e901d7d12a1c4688b80e72824458c10770526462c19f2f4f15d40ed7f552fb65936b21d340fd96774fa221d537757e7e140e5897a634fedaf0632d", @ANYRES16, @ANYBLOB, @ANYBLOB="1800508014000400ec4b8736747e49e1d75df69d59e35ced"], 0x34}}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETSF(r4, 0x5409, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000040850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="92", 0x1}], 0x1}}], 0x2, 0x34008004)

10.916599121s ago: executing program 4 (id=2538):
r0 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x400}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xffffffffffffbffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$sndmidi(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x4})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}}, 0x0)
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000180))
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000753000/0x3000)=nil, 0x3000})
io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'gre0\x00', 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ad0000009500"], &(0x7f0000000440)='GPL\x00', 0x8}, 0x90)

9.454872192s ago: executing program 0 (id=2539):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'gretap0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x13, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x4, 0x0, 0x0, @empty, @remote, {[@rr={0x7, 0x1b, 0xbf, [@private=0xa010100, @remote, @broadcast, @multicast2, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
keyctl$set_reqkey_keyring(0xe, 0x5)
request_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)='-\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
r5 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r5, 0x107, 0x15, 0x0, &(0x7f00000011c0))
fsetxattr$security_ima(r5, &(0x7f0000000000), &(0x7f0000000100)=ANY=[@ANYBLOB="0400b0c7dff6fb0e52"], 0x12, 0x1)
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000280)={{&(0x7f00006e4000/0x1000)=nil, 0x1000}})
fanotify_init(0x0, 0x0)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="24030002c821aaaaaaaaaa12007f"], 0x32)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)

8.684798739s ago: executing program 1 (id=2540):
r0 = socket(0x2b, 0x1, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x41800)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
fallocate(0xffffffffffffffff, 0x5, 0x5, 0x8000002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r5}, 0x10)
r6 = io_uring_setup(0x1693, &(0x7f0000000080)={0x0, 0x0, 0x40, 0x3, 0x1dc, 0x0, r1})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x0, 0x1}, 0x20)
io_uring_register$IORING_UNREGISTER_BUFFERS(r6, 0x1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
process_madvise(r1, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000280)="29bd", 0x2}, {&(0x7f0000000340)="c7d171d147cda0421576d48d4766d8706503726a66cf5b61c61920747ec38c3b58f285bf6e46e2a7b4a17feeec2513539df284d7e0c91c873f9ec1f728ec127b83f6fef2d1db92cbb6a15cc362f6a5777c28b3d51bcd9a51d8233b1a57e7c77250eb380fc1c00689dc2b00a90631477fdb64b0b22cc5fe273d13050a0649530e007167a90a30eb92fcf2b1567c57826a5665bf673ba1f78a91828effbc15661d6a3cc0517ca456f5659beb10c12095447813c915c4fbe4526864cd0110c52d31f9e805269f27ee502344ce8a3fb6d87c23fe7b103be1504b4376d7d0", 0xdc}, {&(0x7f0000000440)="a8f77739b1a01879e08ebb5d1c6deb39a51ee476b424d5e78272e8b0495241215df3334db3ef1a3ff677b8ea9c7ed89dd753c9d6765632970db403d5d83d8cf4b9798aac2a2ba3c33d87a7019cb46074626392bf2146578fc1", 0x59}], 0x4, 0x10, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000100)="63acf0c7", 0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
write(r7, &(0x7f0000000440)="0f", 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x22c65)

3.432182326s ago: executing program 4 (id=2541):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote}}}})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = io_uring_setup(0x1698, &(0x7f0000000340)={0x0, 0xac6c, 0x0, 0xfffffefc, 0x4})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

3.386331987s ago: executing program 2 (id=2542):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

3.320626526s ago: executing program 2 (id=2543):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001700)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000004000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c30000f7a8af54819ef9173797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000070000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff0000000041554449540000000000000000000000000000000000000000000000000000000800080000000043000000000000008105000000000000000000626f6e645f733421b1221907000000000000006b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000004000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c7065727c112381000000000004ef000000000000001000000000000000280000000000000000000002524153000000000000000000000000000000000000000000000000000000000000000000524154454553540000000000000000000000000000b200000000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0300000000000000000000000002000000ffffffff01000000093d848e49b022ea090064756d6d793000000000000000000000697036677265746170300000000000006272786467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552ebff0000000000000000000000e662f20000000000000028000000000000000000000073797a31001b00000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000008a00000000000028000000000033790000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966627de6000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000f40000000000aaaaaaaaaabb00000000000001007000000070000000a0000000434f4e4e5345434d41524b00000000001108000000000000000000000000000008000100000000000000000000000018"]}, 0x498)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
socket$unix(0x1, 0x0, 0x0)
connect$nfc_raw(r1, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10800, 0x0)
socket$packet(0x11, 0x0, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r7}, 0x4)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r8, 0x40204706, 0x20000004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000061a12b4000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r7, @ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x8}, 0x90)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x49, 0x0, r2, &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000280)='./file0\x00', r2, 0x1400})
io_uring_enter(r4, 0x3f70, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
socket$inet6(0xa, 0x0, 0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1.616693811s ago: executing program 1 (id=2544):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet(0x2, 0x3, 0x3)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0x98, 0x8, 0xfa04, 0x0, 0x6c02, 0x150, 0x194, 0x194, 0x150, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)

692.607µs ago: executing program 0 (id=2546):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x10, 0x803, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r0], 0x3c}}, 0x0)

0s ago: executing program 1 (id=2547):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000004c0)="d5c3c33434", 0x5, 0xfffffffffffffffc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r5, 0x0, 0x0, @val=@netfilter}, 0x40)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r6, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)
keyctl$revoke(0x3, r2)

kernel console output (not intermixed with test programs):

e to avoid problems!
[  818.132172][T12665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.149048][T13001] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2001'.
[  818.162055][T12665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.172380][T12665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.187991][T12665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.198772][T12665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  818.210072][T12665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  818.222909][T12665] batman_adv: batadv0: Interface activated: batadv_slave_1
[  818.239150][T12665] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.248435][T12665] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.259675][T12665] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.271344][T12665] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  818.597327][ T2559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  818.644935][ T2559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  818.863399][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  818.938406][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  819.003048][ T8153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  819.045947][ T8153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  819.251271][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  819.273004][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  819.318895][ T5268] pegasus 5-1:0.0: probe with driver pegasus failed with error -71
[  819.407193][ T5268] usb 5-1: USB disconnect, device number 35
[  821.281062][T13050] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2009'.
[  822.735917][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies.
[  822.752364][T13055] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2010'.
[  822.956998][ T5298] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  823.249416][ T5298] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  823.280792][ T5298] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.288987][T12591] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  823.381527][ T5298] usb 1-1: config 0 descriptor??
[  823.411356][ T5298] cp210x 1-1:0.0: cp210x converter detected
[  823.478289][T12591] usb 2-1: Using ep0 maxpacket: 16
[  823.495723][T12591] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.525523][T12591] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.580699][T12591] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  823.611975][T12591] usb 2-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  823.657411][T12591] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.949675][T12591] usb 2-1: config 0 descriptor??
[  825.407648][ T5298] usb 1-1: cp210x converter now attached to ttyUSB0
[  825.573676][T12591] wacom 0003:056A:0084.0009: hidraw0: USB HID v0.00 Device [HID 056a:0084] on usb-dummy_hcd.1-1/input0
[  826.368178][ T5298] usb 2-1: USB disconnect, device number 30
[  827.491551][ T5236] usb 1-1: USB disconnect, device number 29
[  827.539456][ T5236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  827.577223][ T5236] cp210x 1-1:0.0: device disconnected
[  827.796242][   T25] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  827.986602][T10435] Bluetooth: hci6: unexpected event 0x09 length: 13 > 3
[  828.028968][   T25] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  828.053646][T12591] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  828.062047][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.081459][   T25] usb 5-1: config 0 descriptor??
[  828.146473][   T59] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  828.206295][T12591] usb 4-1: device descriptor read/64, error -71
[  828.346498][   T59] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  828.371712][   T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.397686][   T59] usb 1-1: Product: syz
[  828.402593][   T59] usb 1-1: Manufacturer: syz
[  828.415280][   T59] usb 1-1: SerialNumber: syz
[  828.433564][   T59] usb 1-1: config 0 descriptor??
[  828.465196][   T59] usb 1-1: selecting invalid altsetting 1
[  828.476586][   T59] comedi comedi0: could not switch to alternate setting 1
[  828.486896][T12591] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  828.498817][   T59] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  828.676645][T12591] usb 4-1: device descriptor read/64, error -71
[  828.752579][T13111] SET target dimension over the limit!
[  828.762437][T13123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2030'.
[  828.807055][T12591] usb usb4-port1: attempt power cycle
[  828.814693][T13123] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2030'.
[  828.851981][ T5236] usb 1-1: USB disconnect, device number 30
[  829.236384][T12591] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  829.287028][T12591] usb 4-1: device descriptor read/8, error -71
[  829.576366][T12591] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  829.644065][T12591] usb 4-1: device descriptor read/8, error -71
[  829.818822][T12591] usb usb4-port1: unable to enumerate USB device
[  830.196697][ T9671] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  830.429540][ T9671] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  830.459260][   T25] usb 5-1: Cannot set autoneg
[  830.464787][   T25] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  830.477773][ T9671] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.488924][ T9671] usb 2-1: config 0 descriptor??
[  830.499251][ T9671] cp210x 2-1:0.0: cp210x converter detected
[  830.514176][   T25] usb 5-1: USB disconnect, device number 36
[  831.104081][ T9671] usb 2-1: cp210x converter now attached to ttyUSB0
[  832.216971][T13190] FAULT_INJECTION: forcing a failure.
[  832.216971][T13190] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  832.230631][T13190] CPU: 1 UID: 0 PID: 13190 Comm: syz.3.2055 Not tainted 6.11.0-rc3-syzkaller #0
[  832.239702][T13190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  832.249801][T13190] Call Trace:
[  832.253207][T13190]  <TASK>
[  832.256173][T13190]  dump_stack_lvl+0x241/0x360
[  832.260904][T13190]  ? __pfx_dump_stack_lvl+0x10/0x10
[  832.266147][T13190]  ? __pfx__printk+0x10/0x10
[  832.270782][T13190]  ? __pfx_lock_release+0x10/0x10
[  832.276032][T13190]  should_fail_ex+0x3b0/0x4e0
[  832.280757][T13190]  _copy_from_iter+0x1f6/0x1960
[  832.285650][T13190]  ? __virt_addr_valid+0x183/0x530
[  832.290806][T13190]  ? __pfx_lock_release+0x10/0x10
[  832.295886][T13190]  ? __alloc_skb+0x28f/0x440
[  832.300520][T13190]  ? __pfx__copy_from_iter+0x10/0x10
[  832.305854][T13190]  ? __virt_addr_valid+0x183/0x530
[  832.311006][T13190]  ? __virt_addr_valid+0x183/0x530
[  832.316147][T13190]  ? __virt_addr_valid+0x45f/0x530
[  832.321305][T13190]  ? __check_object_size+0x49c/0x900
[  832.326637][T13190]  netlink_sendmsg+0x73d/0xcb0
[  832.331460][T13190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  832.336790][T13190]  ? __import_iovec+0x536/0x820
[  832.341689][T13190]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  832.347020][T13190]  ? security_socket_sendmsg+0x87/0xb0
[  832.352520][T13190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  832.357836][T13190]  __sock_sendmsg+0x221/0x270
[  832.362568][T13190]  ____sys_sendmsg+0x525/0x7d0
[  832.367389][T13190]  ? __pfx_____sys_sendmsg+0x10/0x10
[  832.372759][T13190]  __sys_sendmsg+0x2b0/0x3a0
[  832.377385][T13190]  ? __pfx___sys_sendmsg+0x10/0x10
[  832.382518][T13190]  ? vfs_write+0x7c4/0xc90
[  832.387000][T13190]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  832.393559][T13190]  ? do_syscall_64+0x100/0x230
[  832.398375][T13190]  ? do_syscall_64+0xb6/0x230
[  832.403058][T13190]  do_syscall_64+0xf3/0x230
[  832.407667][T13190]  ? clear_bhb_loop+0x35/0x90
[  832.412369][T13190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.418269][T13190] RIP: 0033:0x7fb22db779f9
[  832.422753][T13190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  832.442503][T13190] RSP: 002b:00007fb22ea11038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  832.451126][T13190] RAX: ffffffffffffffda RBX: 00007fb22dd06058 RCX: 00007fb22db779f9
[  832.459102][T13190] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  832.467072][T13190] RBP: 00007fb22ea11090 R08: 0000000000000000 R09: 0000000000000000
[  832.475041][T13190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  832.483010][T13190] R13: 0000000000000000 R14: 00007fb22dd06058 R15: 00007fffc839bea8
[  832.491026][T13190]  </TASK>
[  832.686368][   T25] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  833.623113][   T47] usb 2-1: USB disconnect, device number 31
[  833.641852][   T47] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  833.687239][   T25] usb 5-1: config 8 has an invalid interface number: 144 but max is 3
[  833.695475][   T25] usb 5-1: config 8 has an invalid interface number: 80 but max is 3
[  833.707615][   T47] cp210x 2-1:0.0: device disconnected
[  833.715079][   T25] usb 5-1: config 8 contains an unexpected descriptor of type 0x2, skipping
[  833.774448][   T25] usb 5-1: config 8 has an invalid interface number: 124 but max is 3
[  833.816365][   T25] usb 5-1: config 8 has an invalid interface number: 36 but max is 3
[  833.850009][   T25] usb 5-1: config 8 has no interface number 0
[  833.880319][   T25] usb 5-1: config 8 has no interface number 1
[  833.901550][   T25] usb 5-1: config 8 has no interface number 2
[  833.918713][   T25] usb 5-1: config 8 has no interface number 3
[  833.935746][   T25] usb 5-1: config 8 interface 144 altsetting 8 has an endpoint descriptor with address 0xFE, changing to 0x8E
[  833.976212][   T25] usb 5-1: config 8 interface 144 altsetting 8 endpoint 0x8E has invalid maxpacket 31515, setting to 1024
[  834.010234][   T25] usb 5-1: config 8 interface 144 altsetting 8 bulk endpoint 0x8E has invalid maxpacket 1024
[  834.041540][   T25] usb 5-1: config 8 interface 144 altsetting 8 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  834.073315][   T25] usb 5-1: config 8 interface 144 altsetting 8 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[  834.156579][   T25] usb 5-1: config 8 interface 80 altsetting 4 has a duplicate endpoint with address 0xC, skipping
[  834.237834][   T25] usb 5-1: config 8 interface 80 altsetting 4 endpoint 0xE has an invalid bInterval 129, changing to 11
[  834.256834][   T25] usb 5-1: config 8 interface 80 altsetting 4 endpoint 0xD has an invalid bInterval 64, changing to 10
[  834.277226][   T25] usb 5-1: config 8 interface 80 altsetting 4 has a duplicate endpoint with address 0x2, skipping
[  834.329493][   T25] usb 5-1: config 8 interface 80 altsetting 4 has a duplicate endpoint with address 0x3, skipping
[  834.355902][   T25] usb 5-1: config 8 interface 80 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  834.375891][   T25] usb 5-1: config 8 interface 80 altsetting 4 endpoint 0xB has invalid maxpacket 512, setting to 64
[  834.421142][   T25] usb 5-1: config 8 interface 80 altsetting 4 has a duplicate endpoint with address 0xE, skipping
[  834.444538][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0xB, skipping
[  834.463358][   T25] usb 5-1: config 8 interface 124 altsetting 129 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  834.509560][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[  834.541924][   T25] usb 5-1: config 8 interface 124 altsetting 129 endpoint 0x1 has invalid wMaxPacketSize 0
[  834.568952][   T25] usb 5-1: config 8 interface 124 altsetting 129 bulk endpoint 0x4 has invalid maxpacket 16
[  834.586943][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[  834.599582][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0x4, skipping
[  834.614457][   T25] usb 5-1: config 8 interface 124 altsetting 129 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  834.650063][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0xD, skipping
[  834.663121][   T25] usb 5-1: config 8 interface 124 altsetting 129 has an invalid descriptor for endpoint zero, skipping
[  834.678083][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0xD, skipping
[  834.689807][   T25] usb 5-1: config 8 interface 124 altsetting 129 has a duplicate endpoint with address 0x5, skipping
[  834.702219][   T25] usb 5-1: config 8 interface 124 altsetting 129 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  834.714365][   T25] usb 5-1: config 8 interface 36 altsetting 37 has a duplicate endpoint with address 0x8, skipping
[  834.923362][   T25] usb 5-1: config 8 interface 144 has no altsetting 0
[  835.083396][   T25] usb 5-1: config 8 interface 80 has no altsetting 0
[  835.131201][   T25] usb 5-1: config 8 interface 124 has no altsetting 0
[  835.162920][   T25] usb 5-1: config 8 interface 36 has no altsetting 0
[  835.198001][   T25] usb 5-1: string descriptor 0 read error: -71
[  835.231495][   T25] usb 5-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=ab.de
[  835.273984][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.350664][   T25] usb 5-1: can't set config #8, error -71
[  835.375040][   T25] usb 5-1: USB disconnect, device number 37
[  835.756257][   T25] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  835.993625][   T25] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  836.020862][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.055901][   T25] usb 5-1: config 0 descriptor??
[  836.090867][   T25] cp210x 5-1:0.0: cp210x converter detected
[  836.724147][   T25] usb 5-1: cp210x converter now attached to ttyUSB0
[  838.731748][T12591] usb 5-1: USB disconnect, device number 38
[  838.930365][T12591] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  838.976537][T12591] cp210x 5-1:0.0: device disconnected
[  839.658076][T12591] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  839.889582][T12591] usb 5-1: Using ep0 maxpacket: 32
[  839.919145][T12591] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 206, changing to 11
[  839.957275][T12591] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1863, setting to 1024
[  840.044183][T12591] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  840.074410][T12591] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.171899][T13271] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  840.337481][T12591] hub 5-1:4.0: USB hub found
[  840.496208][ T5298] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  841.141323][T12591] hub 5-1:4.0: 2 ports detected
[  841.276191][ T5298] usb 1-1: Using ep0 maxpacket: 32
[  841.300576][ T5298] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  841.321158][ T5298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.321963][T12591] hub 5-1:4.0: hub_hub_status failed (err = -71)
[  841.333964][ T5298] usb 1-1: Product: syz
[  841.347900][ T5298] usb 1-1: Manufacturer: syz
[  841.352803][ T5298] usb 1-1: SerialNumber: syz
[  841.372200][T12591] hub 5-1:4.0: config failed, can't get hub status (err -71)
[  841.394165][ T5298] usb 1-1: config 0 descriptor??
[  841.435262][ T5298] hub 1-1:0.0: bad descriptor, ignoring hub
[  841.450057][T12591] usb 5-1: USB disconnect, device number 39
[  841.453409][ T5298] hub 1-1:0.0: probe with driver hub failed with error -5
[  841.495277][ T5298] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  841.656501][ T5223] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  841.858419][ T5223] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  841.880749][ T5223] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  841.897264][ T5223] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  841.926558][ T5223] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.940727][ T5268] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  841.964477][ T5298] gspca_vc032x: reg_w err -71
[  841.977304][ T5223] usb 3-1: config 0 descriptor??
[  841.991409][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.066083][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.073558][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.089700][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.095050][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.116516][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.152531][ T5268] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  842.167372][ T5268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.175423][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175443][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175455][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175468][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175479][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175492][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175503][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.175515][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.248094][ T5268] usb 2-1: config 0 descriptor??
[  842.255472][T13300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  842.273255][ T5268] cp210x 2-1:0.0: cp210x converter detected
[  842.296761][T13300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  842.375930][ T5223] usbhid 3-1:0.0: can't add hid device: -71
[  842.384553][ T5223] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  842.412100][ T5223] usb 3-1: USB disconnect, device number 23
[  842.543959][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.592450][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.633824][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.678272][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.741672][ T5298] gspca_vc032x: I2c Bus Busy Wait 00
[  842.788066][ T5298] gspca_vc032x: Unknown sensor...
[  842.815931][ T5268] usb 2-1: cp210x converter now attached to ttyUSB0
[  842.832853][ T5298] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  843.087840][ T5298] usb 1-1: USB disconnect, device number 31
[  844.656349][ T5223] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  844.866277][ T5223] usb 3-1: Using ep0 maxpacket: 16
[  844.884232][ T5223] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  844.901256][ T5223] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.916242][ T5223] usb 3-1: Product: syz
[  844.921689][ T5223] usb 3-1: Manufacturer: syz
[  844.927361][ T5223] usb 3-1: SerialNumber: syz
[  844.946613][ T5223] r8152-cfgselector 3-1: Unknown version 0x0000
[  844.963446][ T5223] r8152-cfgselector 3-1: config 0 descriptor??
[  845.465309][T13333] debugfs: Directory 'netdev:nicvf0' with parent 'phy21' already present!
[  845.632537][ T5268] r8152-cfgselector 3-1: USB disconnect, device number 24
[  845.732488][ T5223] usb 2-1: USB disconnect, device number 32
[  845.762862][ T5223] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  845.795847][ T5223] cp210x 2-1:0.0: device disconnected
[  847.000662][T13346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2102'.
[  847.139444][    C0] vcan0: j1939_session_tx_dat: 0xffff88807e3f5000: queue data error: -100
[  847.476514][ T5223] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  847.690197][ T5223] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  847.711792][ T5223] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  847.725876][ T5223] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  847.777237][ T5223] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  847.807063][ T5223] usb 2-1: config 0 descriptor??
[  848.020605][T13354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  848.066333][T12591] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  848.111013][T13354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  848.187886][ T5223] usbhid 2-1:0.0: can't add hid device: -71
[  848.215588][ T5223] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  848.253869][ T5223] usb 2-1: USB disconnect, device number 33
[  848.288449][T12591] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  848.309961][T12591] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.340992][T12591] usb 5-1: Product: syz
[  848.371105][T12591] usb 5-1: Manufacturer: syz
[  848.391410][T12591] usb 5-1: SerialNumber: syz
[  848.414819][T12591] usb 5-1: config 0 descriptor??
[  848.645946][ T5223] usb 5-1: USB disconnect, device number 40
[  848.788264][T12646] udevd[12646]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  849.639018][ T5223] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  849.797120][T13382] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  849.839329][T13385] xt_TCPMSS: Only works on TCP SYN packets
[  850.167214][ T5223] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  850.192731][ T5223] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.229862][ T5223] usb 3-1: config 0 descriptor??
[  850.304102][ T5223] cp210x 3-1:0.0: cp210x converter detected
[  850.722681][T13397] input: syz1 as /devices/virtual/input/input67
[  850.906466][   T59] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  850.942043][ T5223] usb 3-1: cp210x converter now attached to ttyUSB0
[  851.147165][   T59] usb 1-1: Using ep0 maxpacket: 8
[  851.165181][   T59] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  851.215135][   T59] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  851.256289][   T59] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  851.277661][   T59] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  851.297690][   T59] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  851.315313][   T59] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  851.326014][   T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.416648][T12591] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  851.620444][   T59] usb 1-1: usb_control_msg returned -32
[  851.630003][T12591] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  851.726357][   T59] usbtmc 1-1:16.0: can't read capabilities
[  851.733171][T12591] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  851.928687][T13413] debugfs: Directory 'netdev:nicvf0' with parent 'phy21' already present!
[  852.041437][T12591] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  852.055243][T12591] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  852.087344][T12591] usb 2-1: config 0 descriptor??
[  852.517874][T13409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  853.386054][T13409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  853.396616][ T5223] usb 3-1: USB disconnect, device number 25
[  853.431580][ T5223] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  853.495973][ T5223] cp210x 3-1:0.0: device disconnected
[  853.512408][T12591] usbhid 2-1:0.0: can't add hid device: -71
[  853.536974][T12591] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  853.579760][T12591] usb 2-1: USB disconnect, device number 34
[  853.703610][   T25] usb 1-1: USB disconnect, device number 32
[  853.869037][T13432] xt_TCPMSS: Only works on TCP SYN packets
[  854.280793][T13444] input: syz1 as /devices/virtual/input/input68
[  854.289546][T13442] FAULT_INJECTION: forcing a failure.
[  854.289546][T13442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  854.336335][T13442] CPU: 0 UID: 0 PID: 13442 Comm: syz.4.2131 Not tainted 6.11.0-rc3-syzkaller #0
[  854.345590][T13442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  854.355655][T13442] Call Trace:
[  854.358950][T13442]  <TASK>
[  854.361890][T13442]  dump_stack_lvl+0x241/0x360
[  854.366600][T13442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  854.371822][T13442]  ? __pfx__printk+0x10/0x10
[  854.376435][T13442]  ? snprintf+0xda/0x120
[  854.380689][T13442]  should_fail_ex+0x3b0/0x4e0
[  854.385377][T13442]  _copy_to_user+0x2f/0xb0
[  854.389807][T13442]  simple_read_from_buffer+0xca/0x150
[  854.395198][T13442]  proc_fail_nth_read+0x1e9/0x250
[  854.400245][T13442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  854.405818][T13442]  ? rw_verify_area+0x520/0x6b0
[  854.410689][T13442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  854.416257][T13442]  vfs_read+0x204/0xbc0
[  854.420428][T13442]  ? __pfx_lock_release+0x10/0x10
[  854.425470][T13442]  ? __pfx_vfs_read+0x10/0x10
[  854.430166][T13442]  ? __fget_files+0x3f6/0x470
[  854.434855][T13442]  ? __fget_files+0x29/0x470
[  854.439467][T13442]  ? __fget_files+0x3f6/0x470
[  854.444172][T13442]  ksys_read+0x1a0/0x2c0
[  854.448431][T13442]  ? __pfx_ksys_read+0x10/0x10
[  854.453202][T13442]  ? do_syscall_64+0x100/0x230
[  854.457974][T13442]  ? do_syscall_64+0xb6/0x230
[  854.462661][T13442]  do_syscall_64+0xf3/0x230
[  854.467173][T13442]  ? clear_bhb_loop+0x35/0x90
[  854.471860][T13442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.477760][T13442] RIP: 0033:0x7f1d1c77643c
[  854.482267][T13442] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  854.501883][T13442] RSP: 002b:00007f1d1d4ad030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  854.510314][T13442] RAX: ffffffffffffffda RBX: 00007f1d1c905f80 RCX: 00007f1d1c77643c
[  854.518297][T13442] RDX: 000000000000000f RSI: 00007f1d1d4ad0a0 RDI: 0000000000000005
[  854.526276][T13442] RBP: 00007f1d1d4ad090 R08: 0000000000000000 R09: 0000000000000000
[  854.534251][T13442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  854.542234][T13442] R13: 0000000000000000 R14: 00007f1d1c905f80 R15: 00007fff531c6c78
[  854.550228][T13442]  </TASK>
[  854.553399][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.422686][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  855.473497][T10435] Bluetooth: hci0: link tx timeout
[  855.479681][T10435] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  856.562050][   T25] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  857.382896][T13468] process 'syz.2.2139' launched './file0' with NULL argv: empty string added
[  857.475717][   T25] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  857.495904][T13472] xt_TCPMSS: Only works on TCP SYN packets
[  857.508250][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.545680][   T25] usb 5-1: config 0 descriptor??
[  857.554149][T10435] Bluetooth: hci0: command 0x0406 tx timeout
[  857.571160][   T25] cp210x 5-1:0.0: cp210x converter detected
[  857.886224][ T5298] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  857.924594][T13481] input: syz1 as /devices/virtual/input/input69
[  858.110123][ T5298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  858.162301][ T5298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  858.215185][   T25] usb 5-1: cp210x converter now attached to ttyUSB0
[  858.222420][ T5298] usb 4-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  858.256882][ T5298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.319957][T13489] FAULT_INJECTION: forcing a failure.
[  858.319957][T13489] name failslab, interval 1, probability 0, space 0, times 0
[  858.333259][T13489] CPU: 0 UID: 0 PID: 13489 Comm: syz.1.2146 Not tainted 6.11.0-rc3-syzkaller #0
[  858.342387][T13489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  858.352447][T13489] Call Trace:
[  858.355729][T13489]  <TASK>
[  858.358661][T13489]  dump_stack_lvl+0x241/0x360
[  858.363359][T13489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  858.368567][T13489]  ? __pfx__printk+0x10/0x10
[  858.373166][T13489]  ? unwind_get_return_address+0x91/0xc0
[  858.378840][T13489]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.384912][T13489]  ? arch_stack_walk+0x16d/0x1b0
[  858.389868][T13489]  should_fail_ex+0x3b0/0x4e0
[  858.394572][T13489]  ? radix_tree_node_alloc+0x8b/0x3c0
[  858.399973][T13489]  should_failslab+0xac/0x100
[  858.404667][T13489]  ? radix_tree_node_alloc+0x8b/0x3c0
[  858.410145][T13489]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  858.415537][T13489]  radix_tree_node_alloc+0x8b/0x3c0
[  858.420756][T13489]  idr_get_free+0x296/0xab0
[  858.425286][T13489]  idr_alloc_u32+0x195/0x330
[  858.429899][T13489]  ? __pfx_idr_alloc_u32+0x10/0x10
[  858.435030][T13489]  ? __pfx_lock_acquire+0x10/0x10
[  858.440077][T13489]  idr_alloc_cyclic+0x106/0x300
[  858.444952][T13489]  ? __pfx_idr_alloc_cyclic+0x10/0x10
[  858.450337][T13489]  ? __radix_tree_preload+0x80/0x860
[  858.455634][T13489]  ? __radix_tree_preload+0x80/0x860
[  858.460934][T13489]  ? bpf_link_prime+0x4c/0x240
[  858.465709][T13489]  bpf_link_prime+0x6b/0x240
[  858.470316][T13489]  bpf_raw_tp_link_attach+0x3c4/0x6e0
[  858.475709][T13489]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  858.481642][T13489]  bpf_raw_tracepoint_open+0x1c2/0x240
[  858.487136][T13489]  __sys_bpf+0x3c0/0x810
[  858.491413][T13489]  ? __pfx___sys_bpf+0x10/0x10
[  858.496208][T13489]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  858.502210][T13489]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  858.508557][T13489]  ? do_syscall_64+0x100/0x230
[  858.513332][T13489]  __x64_sys_bpf+0x7c/0x90
[  858.517762][T13489]  do_syscall_64+0xf3/0x230
[  858.522272][T13489]  ? clear_bhb_loop+0x35/0x90
[  858.526960][T13489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.532857][T13489] RIP: 0033:0x7fb3cd3779f9
[  858.537280][T13489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  858.556891][T13489] RSP: 002b:00007fb3ccdff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  858.565417][T13489] RAX: ffffffffffffffda RBX: 00007fb3cd505f80 RCX: 00007fb3cd3779f9
[  858.573419][T13489] RDX: 0000000000000010 RSI: 0000000020000500 RDI: 0000000000000011
[  858.581413][T13489] RBP: 00007fb3ccdff090 R08: 0000000000000000 R09: 0000000000000000
[  858.589400][T13489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  858.597381][T13489] R13: 0000000000000000 R14: 00007fb3cd505f80 R15: 00007ffd9dee2ee8
[  858.605388][T13489]  </TASK>
[  858.685813][ T5298] usb 4-1: config 0 descriptor??
[  858.954002][T13476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  858.979949][T13476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  859.104818][ T5298] usbhid 4-1:0.0: can't add hid device: -71
[  859.115779][ T5298] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  859.155203][ T5298] usb 4-1: USB disconnect, device number 39
[  860.566771][T12591] usb 5-1: USB disconnect, device number 41
[  860.623498][T12591] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  860.654468][T13511] xt_TCPMSS: Only works on TCP SYN packets
[  860.665772][T12591] cp210x 5-1:0.0: device disconnected
[  860.841611][T13515] input: syz1 as /devices/virtual/input/input70
[  861.239698][ T5298] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  861.431348][ T5298] usb 3-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  861.459899][ T5298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.498425][ T5298] usb 3-1: Product: syz
[  861.526241][ T5298] usb 3-1: Manufacturer: syz
[  861.560250][ T5298] usb 3-1: SerialNumber: syz
[  861.605369][ T5298] usb 3-1: config 0 descriptor??
[  861.648791][ T5298] usb 3-1: selecting invalid altsetting 1
[  861.681349][ T5298] comedi comedi0: could not switch to alternate setting 1
[  861.693177][ T5298] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  861.781887][   T47] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  861.946475][T13522] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2157'.
[  862.033770][T13522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2157'.
[  862.046553][   T47] usb 1-1: Using ep0 maxpacket: 32
[  862.058493][   T47] usb 1-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  862.063660][T12591] usb 3-1: USB disconnect, device number 26
[  862.124851][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  862.880531][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.897629][ T5223] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  862.924391][   T47] usb 1-1: config 0 descriptor??
[  862.951524][   T47] usb 1-1: dvb_usb_v2: found a 'Anysee' in warm state
[  862.972247][   T47] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  862.983791][   T47] dvb_usb_anysee 1-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  863.107070][ T5223] usb 4-1: Using ep0 maxpacket: 32
[  863.299254][ T5223] usb 4-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  863.308788][ T5223] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.354930][ T5223] usb 4-1: config 0 descriptor??
[  863.389916][ T5223] usb 4-1: dvb_usb_v2: found a 'Anysee' in warm state
[  863.401098][ T5223] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  863.465868][ T5223] dvb_usb_anysee 4-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  863.545679][T13548] netlink: 'syz.4.2163': attribute type 4 has an invalid length.
[  863.553846][T13548] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2163'.
[  864.444148][ T5223] usb 4-1: USB disconnect, device number 40
[  864.700726][    T8] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  864.832168][ T5223] usb 1-1: USB disconnect, device number 33
[  864.906890][    T8] usb 5-1: Using ep0 maxpacket: 16
[  865.016331][   T47] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  865.232114][   T47] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  865.241770][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  865.270463][   T47] usb 3-1: config 0 descriptor??
[  865.283373][   T47] cp210x 3-1:0.0: cp210x converter detected
[  865.317745][ T5223] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  866.020828][ T5223] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  866.377538][ T5223] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  866.639037][ T5223] usb 1-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  866.651128][ T5223] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.664560][ T5223] usb 1-1: config 0 descriptor??
[  866.835565][   T47] usb 3-1: cp210x converter now attached to ttyUSB0
[  867.059225][T13554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  867.081145][    T8] usb 5-1: unable to get BOS descriptor or descriptor too short
[  867.104022][T13554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  867.137192][    T8] usb 5-1: unable to read config index 0 descriptor/start: -71
[  867.169139][    T8] usb 5-1: can't read configurations, error -71
[  867.280033][ T5223] usbhid 1-1:0.0: can't add hid device: -71
[  867.302704][ T5223] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  867.350530][ T5223] usb 1-1: USB disconnect, device number 34
[  867.505823][T13570] xt_TCPMSS: Only works on TCP SYN packets
[  869.354460][ T5298] usb 3-1: USB disconnect, device number 27
[  869.383877][ T5298] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  869.413862][ T5298] cp210x 3-1:0.0: device disconnected
[  869.886229][    T8] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  870.508187][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[  870.514537][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[  870.571346][    T8] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  870.596228][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.634743][    T8] usb 5-1: Product: syz
[  870.665424][    T8] usb 5-1: Manufacturer: syz
[  870.708340][    T8] usb 5-1: SerialNumber: syz
[  870.727749][    T8] usb 5-1: config 0 descriptor??
[  870.918348][ T5268] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  870.975553][    T8] usb 5-1: USB disconnect, device number 44
[  872.156217][ T5268] usb 1-1: Using ep0 maxpacket: 32
[  872.168115][ T5268] usb 1-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  872.183496][ T5268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  872.209206][ T5268] usb 1-1: config 0 descriptor??
[  872.245518][ T5268] usb 1-1: dvb_usb_v2: found a 'Anysee' in warm state
[  872.277996][ T5268] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  872.284491][ T5268] dvb_usb_anysee 1-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  872.520003][ T5298] usb 1-1: USB disconnect, device number 35
[  872.736690][   T47] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  872.941432][   T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  872.955370][ T5229] Bluetooth: hci6: link tx timeout
[  872.961788][ T5229] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa
[  872.975091][   T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  872.986746][   T47] usb 5-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  872.997286][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  873.115050][   T47] usb 5-1: config 0 descriptor??
[  873.398080][T13615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  873.453167][T13615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  873.568194][   T47] usbhid 5-1:0.0: can't add hid device: -71
[  873.574272][   T47] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  873.823947][   T47] usb 5-1: USB disconnect, device number 45
[  874.171678][ T5268] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  874.381019][ T5268] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  874.436355][ T5268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.550442][ T5268] usb 1-1: config 0 descriptor??
[  874.560993][ T5268] cp210x 1-1:0.0: cp210x converter detected
[  874.718740][T13642] FAULT_INJECTION: forcing a failure.
[  874.718740][T13642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  874.739281][T13642] CPU: 1 UID: 0 PID: 13642 Comm: syz.4.2189 Not tainted 6.11.0-rc3-syzkaller #0
[  874.748382][T13642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  874.758472][T13642] Call Trace:
[  874.761788][T13642]  <TASK>
[  874.764873][T13642]  dump_stack_lvl+0x241/0x360
[  874.769597][T13642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.774827][T13642]  ? __pfx__printk+0x10/0x10
[  874.779460][T13642]  ? __pfx_lock_release+0x10/0x10
[  874.784534][T13642]  should_fail_ex+0x3b0/0x4e0
[  874.789238][T13642]  _copy_from_user+0x2f/0xe0
[  874.793863][T13642]  memdup_user+0x64/0xc0
[  874.798250][T13642]  strndup_user+0x68/0xc0
[  874.802682][T13642]  __se_sys_mount+0xe2/0x3c0
[  874.807367][T13642]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  874.813404][T13642]  ? __pfx___se_sys_mount+0x10/0x10
[  874.818654][T13642]  ? do_syscall_64+0x100/0x230
[  874.823454][T13642]  ? __x64_sys_mount+0x20/0xc0
[  874.828267][T13642]  do_syscall_64+0xf3/0x230
[  874.832808][T13642]  ? clear_bhb_loop+0x35/0x90
[  874.837643][T13642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.843617][T13642] RIP: 0033:0x7f1d1c7779f9
[  874.848068][T13642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.867693][T13642] RSP: 002b:00007f1d1d4ad038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  874.876141][T13642] RAX: ffffffffffffffda RBX: 00007f1d1c905f80 RCX: 00007f1d1c7779f9
[  874.884145][T13642] RDX: 0000000020000600 RSI: 0000000020000000 RDI: 0000000020000340
[  874.892137][T13642] RBP: 00007f1d1d4ad090 R08: 0000000020000240 R09: 0000000000000000
[  874.900133][T13642] R10: 0000000003018000 R11: 0000000000000246 R12: 0000000000000001
[  874.908113][T13642] R13: 0000000000000000 R14: 00007f1d1c905f80 R15: 00007fff531c6c78
[  874.916129][T13642]  </TASK>
[  874.919290][    C1] vkms_vblank_simulate: vblank timer overrun
[  875.067628][ T5229] Bluetooth: hci6: command 0x0406 tx timeout
[  875.531879][ T5268] usb 1-1: cp210x converter now attached to ttyUSB0
[  875.632228][T13660] xt_TCPMSS: Only works on TCP SYN packets
[  876.023742][T13664] befs: Unrecognized mount option "b±Fs	µÚì" or missing value
[  877.203794][    T8] usb 1-1: USB disconnect, device number 36
[  877.306923][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  877.340979][    T8] cp210x 1-1:0.0: device disconnected
[  878.076405][    T8] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  878.135311][T13688] FAULT_INJECTION: forcing a failure.
[  878.135311][T13688] name failslab, interval 1, probability 0, space 0, times 0
[  878.135374][T13688] CPU: 0 UID: 0 PID: 13688 Comm: syz.4.2200 Not tainted 6.11.0-rc3-syzkaller #0
[  878.135401][T13688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  878.135417][T13688] Call Trace:
[  878.135427][T13688]  <TASK>
[  878.135437][T13688]  dump_stack_lvl+0x241/0x360
[  878.135483][T13688]  ? __pfx_dump_stack_lvl+0x10/0x10
[  878.135523][T13688]  ? __pfx__printk+0x10/0x10
[  878.135559][T13688]  ? fs_reclaim_acquire+0x93/0x140
[  878.135587][T13688]  ? __pfx___might_resched+0x10/0x10
[  878.135621][T13688]  should_fail_ex+0x3b0/0x4e0
[  878.135652][T13688]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  878.135687][T13688]  should_failslab+0xac/0x100
[  878.135718][T13688]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  878.135751][T13688]  __kmalloc_noprof+0xd8/0x400
[  878.135780][T13688]  ? kfree+0x4e/0x360
[  878.135821][T13688]  tomoyo_realpath_from_path+0xcf/0x5e0
[  878.135870][T13688]  tomoyo_path_number_perm+0x23a/0x880
[  878.135907][T13688]  ? tomoyo_path_number_perm+0x208/0x880
[  878.135937][T13688]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  878.136013][T13688]  ? __fget_files+0x29/0x470
[  878.136043][T13688]  ? __fget_files+0x3f6/0x470
[  878.136068][T13688]  ? __fget_files+0x29/0x470
[  878.136102][T13688]  security_file_ioctl+0x75/0xb0
[  878.136137][T13688]  __se_sys_ioctl+0x47/0x170
[  878.136177][T13688]  do_syscall_64+0xf3/0x230
[  878.136200][T13688]  ? clear_bhb_loop+0x35/0x90
[  878.136229][T13688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.136253][T13688] RIP: 0033:0x7f1d1c7779f9
[  878.136274][T13688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  878.136294][T13688] RSP: 002b:00007f1d1d4ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  878.136322][T13688] RAX: ffffffffffffffda RBX: 00007f1d1c905f80 RCX: 00007f1d1c7779f9
[  878.136341][T13688] RDX: 00000000200001c0 RSI: 0000000080404519 RDI: 0000000000000007
[  878.136357][T13688] RBP: 00007f1d1d4ad090 R08: 0000000000000000 R09: 0000000000000000
[  878.136372][T13688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.136387][T13688] R13: 0000000000000000 R14: 00007f1d1c905f80 R15: 00007fff531c6c78
[  878.136423][T13688]  </TASK>
[  878.147926][T13688] ERROR: Out of memory at tomoyo_realpath_from_path.
[  878.303725][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  878.303772][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  878.303817][    T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  878.303845][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.315813][    T8] usb 2-1: config 0 descriptor??
[  878.531812][T13683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  878.545884][T13683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  878.618815][T13697] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2203'.
[  878.632409][    T8] usbhid 2-1:0.0: can't add hid device: -71
[  878.632534][    T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  878.645727][    T8] usb 2-1: USB disconnect, device number 35
[  879.456356][    T8] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  879.916741][T13708] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2207'.
[  879.957029][    T8] usb 4-1: Using ep0 maxpacket: 32
[  880.005853][    T8] usb 4-1: config 0 has an invalid interface number: 88 but max is 0
[  880.051014][    T8] usb 4-1: config 0 has no interface number 0
[  880.096961][    T8] usb 4-1: config 0 interface 88 altsetting 0 has an endpoint descriptor with address 0x1A, changing to 0xA
[  880.187271][    T8] usb 4-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.12
[  880.259465][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  880.314886][    T8] usb 4-1: Product: syz
[  880.355900][    T8] usb 4-1: Manufacturer: syz
[  880.385767][    T8] usb 4-1: SerialNumber: syz
[  880.466797][    T8] usb 4-1: config 0 descriptor??
[  882.220304][ T9671] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  887.080032][    T8] usb 4-1: USB disconnect, device number 41
[  887.094648][    T8] f81534a_ctrl 4-1:0.88: failed to set register 0x116: -19
[  887.108873][    T8] f81534a_ctrl 4-1:0.88: failed to enable ports: -19
[  888.819061][T13740] FAULT_INJECTION: forcing a failure.
[  888.819061][T13740] name failslab, interval 1, probability 0, space 0, times 0
[  888.831851][T13740] CPU: 0 UID: 0 PID: 13740 Comm: syz.3.2217 Not tainted 6.11.0-rc3-syzkaller #0
[  888.840911][T13740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  888.851000][T13740] Call Trace:
[  888.854306][T13740]  <TASK>
[  888.857257][T13740]  dump_stack_lvl+0x241/0x360
[  888.861979][T13740]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.867218][T13740]  ? __pfx__printk+0x10/0x10
[  888.871846][T13740]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  888.877863][T13740]  ? __pfx___might_resched+0x10/0x10
[  888.883186][T13740]  should_fail_ex+0x3b0/0x4e0
[  888.887900][T13740]  should_failslab+0xac/0x100
[  888.892606][T13740]  ? __alloc_skb+0x1c3/0x440
[  888.897224][T13740]  kmem_cache_alloc_node_noprof+0x71/0x320
[  888.903069][T13740]  __alloc_skb+0x1c3/0x440
[  888.907522][T13740]  ? __pfx___alloc_skb+0x10/0x10
[  888.912498][T13740]  ? __pfx___might_resched+0x10/0x10
[  888.917825][T13740]  alloc_skb_with_frags+0xc3/0x770
[  888.922989][T13740]  sock_alloc_send_pskb+0x91a/0xa60
[  888.928240][T13740]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  888.934013][T13740]  ? __rcu_read_unlock+0xa1/0x110
[  888.939072][T13740]  ? dev_get_by_index+0x23/0x2d0
[  888.944050][T13740]  packet_sendmsg+0x3e19/0x6710
[  888.948942][T13740]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  888.955315][T13740]  ? lockdep_hardirqs_on+0x99/0x150
[  888.960558][T13740]  ? tomoyo_socket_sendmsg_permission+0x1/0x420
[  888.966841][T13740]  ? smack_socket_sendmsg+0x1b5/0x540
[  888.972247][T13740]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  888.978002][T13740]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[  888.984456][T13740]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  888.991255][T13740]  ? __pfx_packet_sendmsg+0x10/0x10
[  888.996494][T13740]  ? __fget_files+0x29/0x470
[  889.001117][T13740]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  889.006435][T13740]  ? security_socket_sendmsg+0x87/0xb0
[  889.011924][T13740]  ? __pfx_packet_sendmsg+0x10/0x10
[  889.017160][T13740]  __sock_sendmsg+0x221/0x270
[  889.021881][T13740]  __sys_sendto+0x3a4/0x4f0
[  889.026422][T13740]  ? __pfx___sys_sendto+0x10/0x10
[  889.031499][T13740]  ? lockdep_hardirqs_on+0x99/0x150
[  889.036756][T13740]  __x64_sys_sendto+0xde/0x100
[  889.041552][T13740]  do_syscall_64+0xf3/0x230
[  889.046080][T13740]  ? clear_bhb_loop+0x35/0x90
[  889.050785][T13740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.056721][T13740] RIP: 0033:0x7fb22db779f9
[  889.061173][T13740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  889.080914][T13740] RSP: 002b:00007fb22e9f0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  889.089383][T13740] RAX: ffffffffffffffda RBX: 00007fb22dd06130 RCX: 00007fb22db779f9
[  889.097388][T13740] RDX: 000000000000b318 RSI: 00000000200000c0 RDI: 0000000000000008
[  889.105387][T13740] RBP: 00007fb22e9f0090 R08: 0000000020000540 R09: 0000000000000014
[  889.113396][T13740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.121406][T13740] R13: 0000000000000000 R14: 00007fb22dd06130 R15: 00007fffc839bea8
[  889.129441][T13740]  </TASK>
[  889.612952][T13746] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2220'.
[  889.781486][T13749] input: syz1 as /devices/virtual/input/input76
[  889.849125][ T5223] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  890.052881][ T5223] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  890.089255][ T5223] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  890.118746][ T5223] usb 5-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  890.128701][ T5223] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.143412][ T5223] usb 5-1: config 0 descriptor??
[  890.362728][T13744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  890.421151][T13744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  890.656232][ T5223] usbhid 5-1:0.0: can't add hid device: -71
[  890.685951][ T5223] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  890.709189][ T5223] usb 5-1: USB disconnect, device number 46
[  892.519632][T13623] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  892.530222][T13623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  892.538992][T13623] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  892.547773][T13623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  892.556919][T13623] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  892.564177][T13623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  893.031966][T13777] ebtables: ebtables: counters copy to user failed while replacing table
[  893.304817][T13778] chnl_net:caif_netlink_parms(): no params data found
[  893.522639][T13794] input: syz1 as /devices/virtual/input/input77
[  893.759252][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.007368][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.236683][    T8] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  894.261755][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.300207][T13778] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.309982][T13778] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.320795][T13778] bridge_slave_0: entered allmulticast mode
[  894.363130][T13778] bridge_slave_0: entered promiscuous mode
[  894.435686][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.463730][    T8] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  894.492753][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.500985][    T8] usb 1-1: Product: syz
[  894.506921][    T8] usb 1-1: Manufacturer: syz
[  894.507037][T13778] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.511542][    T8] usb 1-1: SerialNumber: syz
[  894.541228][ T9671] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  894.569437][    T8] usb 1-1: config 0 descriptor??
[  894.586307][T13623] Bluetooth: hci3: command tx timeout
[  894.599486][T13778] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.628214][T13778] bridge_slave_1: entered allmulticast mode
[  894.647804][    T8] usb 1-1: selecting invalid altsetting 1
[  894.655062][    T8] comedi comedi0: could not switch to alternate setting 1
[  894.655476][T13778] bridge_slave_1: entered promiscuous mode
[  894.663055][    T8] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  894.768779][ T9671] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  894.812050][ T9671] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  894.856923][ T9671] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  894.867281][ T9671] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.906364][ T9671] usb 3-1: config 0 descriptor??
[  894.965134][T13778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  895.032895][T13808] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2237'.
[  895.049601][T13778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  895.207218][T13810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  895.238806][T13810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  895.280028][T13778] team0: Port device team_slave_0 added
[  895.324536][ T5269] usb 1-1: USB disconnect, device number 38
[  895.429426][ T9671] usbhid 3-1:0.0: can't add hid device: -71
[  895.435614][ T9671] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  895.496577][ T9671] usb 3-1: USB disconnect, device number 28
[  895.496967][T13778] team0: Port device team_slave_1 added
[  895.718691][T13778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  895.745368][T13778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  895.786896][T13778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  895.825069][T13778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  895.846230][T13778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  895.910089][T13778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  895.942494][   T11] bridge_slave_1: left allmulticast mode
[  895.966532][   T11] bridge_slave_1: left promiscuous mode
[  895.993865][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  896.025839][   T11] bridge_slave_0: left allmulticast mode
[  896.052361][   T11] bridge_slave_0: left promiscuous mode
[  896.070793][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.658509][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  896.676382][T13623] Bluetooth: hci3: command tx timeout
[  897.338638][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  897.350386][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  897.362882][   T11] bond0 (unregistering): Released all slaves
[  897.624378][T13841] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2247'.
[  897.731283][T13778] hsr_slave_0: entered promiscuous mode
[  897.757355][T13778] hsr_slave_1: entered promiscuous mode
[  898.150089][T13857] FAULT_INJECTION: forcing a failure.
[  898.150089][T13857] name failslab, interval 1, probability 0, space 0, times 0
[  898.170642][T13857] CPU: 0 UID: 0 PID: 13857 Comm: syz.3.2252 Not tainted 6.11.0-rc3-syzkaller #0
[  898.179720][T13857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  898.189810][T13857] Call Trace:
[  898.193111][T13857]  <TASK>
[  898.196053][T13857]  dump_stack_lvl+0x241/0x360
[  898.200778][T13857]  ? __pfx_dump_stack_lvl+0x10/0x10
[  898.206091][T13857]  ? __pfx__printk+0x10/0x10
[  898.210739][T13857]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  898.216224][T13857]  ? __pfx___might_resched+0x10/0x10
[  898.221528][T13857]  should_fail_ex+0x3b0/0x4e0
[  898.226237][T13857]  should_failslab+0xac/0x100
[  898.230954][T13857]  ? assoc_array_insert+0xfe/0x33e0
[  898.236165][T13857]  __kmalloc_cache_noprof+0x6c/0x2c0
[  898.241491][T13857]  assoc_array_insert+0xfe/0x33e0
[  898.246544][T13857]  ? keyring_compare_object+0x15c/0x1c0
[  898.252113][T13857]  ? __pfx_assoc_array_insert+0x10/0x10
[  898.257663][T13857]  ? __pfx___mutex_lock+0x10/0x10
[  898.262699][T13857]  ? __pfx_down_write_nested+0x10/0x10
[  898.268175][T13857]  __key_link_begin+0xe5/0x1f0
[  898.272947][T13857]  key_move+0x254/0x930
[  898.277107][T13857]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  898.283302][T13857]  ? __pfx_key_move+0x10/0x10
[  898.287982][T13857]  ? __pfx_lock_release+0x10/0x10
[  898.293806][T13857]  keyctl_keyring_move+0xd6/0x110
[  898.298840][T13857]  __se_sys_keyctl+0x64f/0xa50
[  898.303627][T13857]  ? __pfx___se_sys_keyctl+0x10/0x10
[  898.308924][T13857]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  898.314916][T13857]  ? __fget_files+0x3f6/0x470
[  898.319608][T13857]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  898.325592][T13857]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  898.332000][T13857]  ? do_syscall_64+0x100/0x230
[  898.336802][T13857]  ? __x64_sys_keyctl+0x20/0xc0
[  898.341672][T13857]  do_syscall_64+0xf3/0x230
[  898.346191][T13857]  ? clear_bhb_loop+0x35/0x90
[  898.350881][T13857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  898.356783][T13857] RIP: 0033:0x7fb22db779f9
[  898.361202][T13857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  898.381613][T13857] RSP: 002b:00007fb22ea32038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  898.390035][T13857] RAX: ffffffffffffffda RBX: 00007fb22dd05f80 RCX: 00007fb22db779f9
[  898.398009][T13857] RDX: 000000003ea2b141 RSI: 0000000028ef2a27 RDI: 000000000000001e
[  898.405980][T13857] RBP: 00007fb22ea32090 R08: 0000000000000000 R09: 0000000000000000
[  898.413949][T13857] R10: 000000000c91efe1 R11: 0000000000000246 R12: 0000000000000001
[  898.421922][T13857] R13: 0000000000000000 R14: 00007fb22dd05f80 R15: 00007fffc839bea8
[  898.429912][T13857]  </TASK>
[  898.688377][T13858] can0: slcan on ptm0.
[  898.756703][T13623] Bluetooth: hci3: command tx timeout
[  898.782934][   T11] hsr_slave_0: left promiscuous mode
[  898.815360][   T11] hsr_slave_1: left promiscuous mode
[  898.858062][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  898.865987][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  899.264180][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  899.272422][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  899.357576][    T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  899.412664][   T11] veth1_macvtap: left promiscuous mode
[  899.440725][   T11] veth0_macvtap: left promiscuous mode
[  899.455085][   T11] veth1_vlan: left promiscuous mode
[  899.478038][   T11] veth0_vlan: left promiscuous mode
[  899.579387][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  899.690602][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  899.776684][    T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  899.789862][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.829944][    T8] usb 3-1: config 0 descriptor??
[  900.094432][T13864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  900.132961][T13864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  900.265597][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  900.317386][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  900.386612][    T8] usb 3-1: USB disconnect, device number 29
[  900.827209][T13623] Bluetooth: hci3: command tx timeout
[  901.108908][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  901.865777][T13886] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2261'.
[  901.943101][   T11] team0 (unregistering): Port device team_slave_1 removed
[  902.003660][   T11] team0 (unregistering): Port device team_slave_0 removed
[  902.727145][T13849] can0 (unregistered): slcan off ptm0.
[  902.972920][T13895] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2264'.
[  902.997805][T13895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2264'.
[  903.222783][T13901] overlay: filesystem on ./file1 not supported as upperdir
[  903.720586][T13895] ubi0: attaching mtd0
[  903.727897][T13895] ubi0: scanning is finished
[  903.732551][T13895] ubi0: empty MTD device detected
[  904.153051][T13895] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  904.192200][T13893] evm: overlay not supported
[  904.342414][   T29] audit: type=1804 audit(1723477093.642:83): pid=13901 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.2265" name="/newroot/442/bus/file0" dev="overlay" ino=2392 res=1 errno=0
[  905.460594][T13778] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  905.489273][T13778] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  905.529506][T13778] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  905.587564][T13778] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  905.821123][T13924] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2273'.
[  905.888159][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  906.941307][T13778] 8021q: adding VLAN 0 to HW filter on device bond0
[  907.006419][ T5223] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  907.013620][T13778] 8021q: adding VLAN 0 to HW filter on device team0
[  907.097134][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.104452][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  907.148081][T13939] FAULT_INJECTION: forcing a failure.
[  907.148081][T13939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  907.167267][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.174462][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  907.203897][T13939] CPU: 1 UID: 0 PID: 13939 Comm: syz.4.2277 Not tainted 6.11.0-rc3-syzkaller #0
[  907.212990][T13939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  907.223088][T13939] Call Trace:
[  907.226397][T13939]  <TASK>
[  907.229363][T13939]  dump_stack_lvl+0x241/0x360
[  907.234095][T13939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  907.239339][T13939]  ? __pfx__printk+0x10/0x10
[  907.243977][T13939]  ? __pfx_lock_release+0x10/0x10
[  907.249052][T13939]  should_fail_ex+0x3b0/0x4e0
[  907.253771][T13939]  _copy_from_user+0x2f/0xe0
[  907.258405][T13939]  copy_msghdr_from_user+0xae/0x680
[  907.263652][T13939]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  907.269518][T13939]  __sys_sendmsg+0x23d/0x3a0
[  907.274147][T13939]  ? __pfx___sys_sendmsg+0x10/0x10
[  907.279296][T13939]  ? vfs_write+0x7c4/0xc90
[  907.283786][T13939]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  907.290161][T13939]  ? do_syscall_64+0x100/0x230
[  907.294958][T13939]  ? do_syscall_64+0xb6/0x230
[  907.299678][T13939]  do_syscall_64+0xf3/0x230
[  907.304217][T13939]  ? clear_bhb_loop+0x35/0x90
[  907.308934][T13939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.314869][T13939] RIP: 0033:0x7f1d1c7779f9
[  907.319318][T13939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  907.338974][T13939] RSP: 002b:00007f1d1d4ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  907.347436][T13939] RAX: ffffffffffffffda RBX: 00007f1d1c905f80 RCX: 00007f1d1c7779f9
[  907.355444][T13939] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  907.363455][T13939] RBP: 00007f1d1d4ad090 R08: 0000000000000000 R09: 0000000000000000
[  907.371460][T13939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  907.379467][T13939] R13: 0000000000000000 R14: 00007f1d1c905f80 R15: 00007fff531c6c78
[  907.387495][T13939]  </TASK>
[  907.402189][ T5223] usb 1-1: device descriptor read/64, error -71
[  907.696509][ T5223] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  907.878133][ T5223] usb 1-1: device descriptor read/64, error -71
[  908.009956][ T5223] usb usb1-port1: attempt power cycle
[  908.167359][T13778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  908.382922][T13778] veth0_vlan: entered promiscuous mode
[  908.436342][ T5223] usb 1-1: new low-speed USB device number 41 using dummy_hcd
[  908.514708][T13778] veth1_vlan: entered promiscuous mode
[  908.537371][ T5223] usb 1-1: device descriptor read/8, error -71
[  908.661113][T13778] veth0_macvtap: entered promiscuous mode
[  908.692463][T13778] veth1_macvtap: entered promiscuous mode
[  908.769194][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.783511][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.794865][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.805900][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.826940][ T5223] usb 1-1: new low-speed USB device number 42 using dummy_hcd
[  908.834624][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.865477][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.892256][ T5223] usb 1-1: device descriptor read/8, error -71
[  908.901169][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.927830][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.939511][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  908.952757][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  908.976398][T13778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  909.029731][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.040718][ T5223] usb usb1-port1: unable to enumerate USB device
[  909.069949][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.101855][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.133256][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.163975][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.205380][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.243909][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.272650][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.307876][T13778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.337530][T13778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.371129][T13778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  909.420806][T13778] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  909.441094][T13778] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  909.464037][T13778] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  909.491919][T13778] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  910.009455][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  910.803339][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.858500][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.005948][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.035189][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.396847][ T5223] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  911.776258][ T5223] usb 3-1: Using ep0 maxpacket: 16
[  911.800819][ T5223] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  911.819746][ T5223] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  911.844101][ T5223] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  911.855334][ T5223] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.876169][ T5268] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  911.920919][ T5223] usb 3-1: config 0 descriptor??
[  912.076236][ T5268] usb 2-1: Using ep0 maxpacket: 32
[  912.093721][ T5268] usb 2-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  912.104537][ T5268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  912.148023][ T5268] usb 2-1: config 0 descriptor??
[  912.196689][ T5268] usb 2-1: dvb_usb_v2: found a 'Anysee' in warm state
[  912.211508][ T5268] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  912.229336][ T5268] dvb_usb_anysee 2-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  912.480721][ T9671] usb 2-1: USB disconnect, device number 36
[  912.945804][T13997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  912.990384][T13997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  913.188659][T13997] netlink: 'syz.2.2289': attribute type 1 has an invalid length.
[  913.344330][ T5223] microsoft 0003:045E:07DA.000A: item 0 4 0 8 parsing failed
[  913.364998][ T5223] microsoft 0003:045E:07DA.000A: parse failed
[  913.376612][ T5223] microsoft 0003:045E:07DA.000A: probe with driver microsoft failed with error -22
[  913.401849][T14004] vlan2: entered allmulticast mode
[  913.415568][T14008] openvswitch: netlink: Missing key (keys=40, expected=100)
[  913.423968][T14004] mac80211_hwsim hwsim28 wlan0: entered allmulticast mode
[  913.454312][T14004] mac80211_hwsim hwsim28 wlan0: left allmulticast mode
[  913.647324][ T5223] usb 3-1: USB disconnect, device number 30
[  914.807381][T14020] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  916.707413][   T47] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  916.908486][   T47] usb 2-1: Using ep0 maxpacket: 32
[  916.939130][   T47] usb 2-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  916.958380][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.032733][   T47] usb 2-1: config 0 descriptor??
[  917.085643][   T47] usb 2-1: dvb_usb_v2: found a 'Anysee' in warm state
[  917.116892][   T47] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  917.133389][   T47] dvb_usb_anysee 2-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  917.286294][ T5268] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  917.413255][ T5269] usb 2-1: USB disconnect, device number 37
[  917.478546][T14046] syz.3.2307: attempt to access beyond end of device
[  917.478546][T14046] loop3: rw=0, sector=2, nr_sectors = 2 limit=0
[  917.493926][T14046] syz.3.2307: attempt to access beyond end of device
[  917.493926][T14046] loop3: rw=0, sector=0, nr_sectors = 2 limit=0
[  917.510712][T14046] syz.3.2307: attempt to access beyond end of device
[  917.510712][T14046] loop3: rw=0, sector=0, nr_sectors = 2 limit=0
[  917.555042][T14046] syz.3.2307: attempt to access beyond end of device
[  917.555042][T14046] loop3: rw=0, sector=18, nr_sectors = 2 limit=0
[  917.584227][ T5268] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  917.604878][T14046] syz.3.2307: attempt to access beyond end of device
[  917.604878][T14046] loop3: rw=0, sector=30, nr_sectors = 2 limit=0
[  917.604996][ T5268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.618847][T14046] syz.3.2307: attempt to access beyond end of device
[  917.618847][T14046] loop3: rw=0, sector=36, nr_sectors = 2 limit=0
[  917.639572][T14046] VFS: unable to find oldfs superblock on device loop3
[  917.723117][ T5268] usb 1-1: config 0 descriptor??
[  917.732572][ T5268] cp210x 1-1:0.0: cp210x converter detected
[  918.011828][   T29] audit: type=1326 audit(1723477107.312:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14053 comm="syz.1.2310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2b13779f9 code=0x0
[  918.396325][ T5268] usb 1-1: cp210x converter now attached to ttyUSB0
[  918.507580][   T25] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  918.812287][   T25] usb 4-1: device descriptor read/64, error -71
[  919.096483][ T5269] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  919.516918][   T25] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  920.332781][ T5269] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  920.518611][ T5269] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 12335, setting to 1024
[  920.537500][ T5269] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  920.589604][T12591] usb 1-1: USB disconnect, device number 43
[  920.611460][ T5269] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  920.650977][T12591] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  920.688821][ T5269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.706457][   T25] usb 4-1: device descriptor read/64, error -71
[  920.718058][T12591] cp210x 1-1:0.0: device disconnected
[  920.756015][T14074] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  920.798097][T14086] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2316'.
[  920.848097][ T5269] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  920.861085][   T25] usb usb4-port1: attempt power cycle
[  920.970974][   T29] audit: type=1326 audit(1723477110.272:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.091661][   T29] audit: type=1326 audit(1723477110.272:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.125444][ T5269] usb 3-1: USB disconnect, device number 31
[  921.141651][   T29] audit: type=1326 audit(1723477110.302:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.212347][   T29] audit: type=1326 audit(1723477110.302:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.270268][   T29] audit: type=1326 audit(1723477110.312:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.297890][   T29] audit: type=1326 audit(1723477110.312:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.418116][   T29] audit: type=1326 audit(1723477110.312:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.541348][T14076] udevd[14076]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  921.669483][T14098] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2318'.
[  921.675853][   T29] audit: type=1326 audit(1723477110.312:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  921.735261][   T29] audit: type=1326 audit(1723477110.352:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14084 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f1d1c7779f9 code=0x7ffc0000
[  923.068549][   T29] kauditd_printk_skb: 54 callbacks suppressed
[  923.068573][   T29] audit: type=1800 audit(1723477112.352:148): pid=14108 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.3.2320" name="/" dev="sockfs" ino=53953 res=0 errno=0
[  924.669917][T14135] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2327'.
[  925.557639][T14138] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2327'.
[  926.576477][ T5223] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  926.773153][ T5223] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  926.809920][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  926.826763][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  926.856512][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  926.866240][ T5268] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  926.895979][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  926.912375][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  926.944301][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  926.953863][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  926.972582][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  926.991209][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.000807][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  927.017307][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  927.031921][T14156] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2334'.
[  927.044398][T14154] syz.1.2333 (14154) used greatest stack depth: 18128 bytes left
[  927.052500][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.063201][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  927.072541][ T5268] usb 1-1: Using ep0 maxpacket: 32
[  927.080206][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  927.092509][ T5268] usb 1-1: config 0 has an invalid interface number: 37 but max is 1
[  927.106565][ T5268] usb 1-1: config 0 has no interface number 1
[  927.112846][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.128045][ T5268] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3
[  927.138129][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  927.147380][ T5268] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.158813][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  927.170149][ T5268] usb 1-1: Product: syz
[  927.174435][ T5268] usb 1-1: Manufacturer: syz
[  927.183192][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.190108][ T5268] usb 1-1: SerialNumber: syz
[  927.205304][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  927.218990][ T5268] usb 1-1: config 0 descriptor??
[  927.230907][ T5268] qmi_wwan 1-1:0.37: probe with driver qmi_wwan failed with error -22
[  927.242093][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  927.264732][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.283322][ T5223] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  927.301147][ T5223] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  927.314949][ T5223] usb 4-1: config 0 interface 0 has no altsetting 0
[  927.335727][ T5223] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  927.349989][ T5223] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  927.359299][ T5223] usb 4-1: Product: syz
[  927.363525][ T5223] usb 4-1: Manufacturer: syz
[  927.369014][ T5223] usb 4-1: SerialNumber: syz
[  927.403787][ T5223] usb 4-1: config 0 descriptor??
[  927.450925][ T5223] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  930.264797][T14185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2340'.
[  930.412230][ T5223] usb 4-1: USB disconnect, device number 45
[  930.422596][ T5223] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  931.793446][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[  931.813740][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[  943.073198][ T5229] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  943.120772][ T5229] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  943.129493][ T5229] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  943.156784][ T5229] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  943.166341][ T5229] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  943.175184][ T5229] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  944.101535][T14261] chnl_net:caif_netlink_parms(): no params data found
[  944.233408][ T5229] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  944.247021][ T5229] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  944.256212][ T5229] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  944.266663][ T5229] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  944.284516][ T5229] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  944.293555][ T5229] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  944.698637][T14279] debugfs: Directory 'netdev:nicvf0' with parent 'phy9' already present!
[  944.725552][T14261] bridge0: port 1(bridge_slave_0) entered blocking state
[  944.736290][T14261] bridge0: port 1(bridge_slave_0) entered disabled state
[  944.743591][T14261] bridge_slave_0: entered allmulticast mode
[  944.762305][T14261] bridge_slave_0: entered promiscuous mode
[  944.784308][T14261] bridge0: port 2(bridge_slave_1) entered blocking state
[  944.803161][T14261] bridge0: port 2(bridge_slave_1) entered disabled state
[  944.821749][T14261] bridge_slave_1: entered allmulticast mode
[  944.835308][T14261] bridge_slave_1: entered promiscuous mode
[  944.996517][T14261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  945.262966][ T5229] Bluetooth: hci6: command tx timeout
[  945.324574][T14261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  945.736709][   T47] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  946.060357][T14261] team0: Port device team_slave_0 added
[  946.099209][T14261] team0: Port device team_slave_1 added
[  946.120309][   T47] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  946.140274][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.180598][   T47] usb 2-1: Product: syz
[  946.200808][   T47] usb 2-1: Manufacturer: syz
[  946.214768][   T47] usb 2-1: SerialNumber: syz
[  946.231164][T14261] batman_adv: batadv0: Adding interface: batadv_slave_0
[  946.245874][   T47] usb 2-1: config 0 descriptor??
[  946.256578][T14261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  946.291982][T14261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  946.312230][T14261] batman_adv: batadv0: Adding interface: batadv_slave_1
[  946.319853][T14261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  946.346860][T13623] Bluetooth: hci7: command tx timeout
[  946.375537][T14261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  946.671028][T14261] hsr_slave_0: entered promiscuous mode
[  946.686612][T14261] hsr_slave_1: entered promiscuous mode
[  946.697984][T14261] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  946.705957][T14261] Cannot create hsr debugfs directory
[  946.743342][T14301] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2368'.
[  946.898399][T14272] chnl_net:caif_netlink_parms(): no params data found
[  946.919953][T14291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  946.953418][T14291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  947.002231][   T47] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[  947.015585][   T47] usb 2-1: Firmware version (0.0) predates our first public release.
[  947.041099][   T47] usb 2-1: Please update to version 0.2 or newer
[  947.306452][T13623] Bluetooth: hci6: command tx timeout
[  947.317090][   T47] usb 2-1: USB disconnect, device number 38
[  947.685351][T14272] bridge0: port 1(bridge_slave_0) entered blocking state
[  947.710231][T14272] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.740709][T14272] bridge_slave_0: entered allmulticast mode
[  947.755078][T14272] bridge_slave_0: entered promiscuous mode
[  947.778313][T14272] bridge0: port 2(bridge_slave_1) entered blocking state
[  947.803069][T14272] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.822015][T14272] bridge_slave_1: entered allmulticast mode
[  947.841709][T14272] bridge_slave_1: entered promiscuous mode
[  947.934659][T14261] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  948.436536][T13623] Bluetooth: hci7: command tx timeout
[  948.579597][T14261] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  948.635090][T14272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  948.682598][T14272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  948.812345][T14334] xt_TCPMSS: Only works on TCP SYN packets
[  949.613357][T13623] Bluetooth: hci6: command tx timeout
[  949.769275][T14261] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.915530][T14272] team0: Port device team_slave_0 added
[  949.993062][T14261] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  950.051004][T14272] team0: Port device team_slave_1 added
[  950.143419][T14341] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2377'.
[  950.184937][T14272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  950.196504][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  950.246283][T14272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  950.280041][T14272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  950.296172][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  950.347171][T14272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  950.506535][ T5229] Bluetooth: hci7: command tx timeout
[  950.678770][T14272] hsr_slave_0: entered promiscuous mode
[  950.704632][T14272] hsr_slave_1: entered promiscuous mode
[  950.721820][T14272] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  950.737014][T14272] Cannot create hsr debugfs directory
[  950.859917][T14261] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  950.957629][T14261] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  950.999355][T14261] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  951.075512][T14261] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  951.164442][T14356] FAULT_INJECTION: forcing a failure.
[  951.164442][T14356] name failslab, interval 1, probability 0, space 0, times 0
[  951.181174][T14356] CPU: 1 UID: 0 PID: 14356 Comm: syz.1.2381 Not tainted 6.11.0-rc3-syzkaller #0
[  951.190248][T14356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  951.200521][T14356] Call Trace:
[  951.203833][T14356]  <TASK>
[  951.206795][T14356]  dump_stack_lvl+0x241/0x360
[  951.211524][T14356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  951.216765][T14356]  ? __pfx__printk+0x10/0x10
[  951.221403][T14356]  ? fs_reclaim_acquire+0x93/0x140
[  951.226569][T14356]  ? __pfx___might_resched+0x10/0x10
[  951.231903][T14356]  should_fail_ex+0x3b0/0x4e0
[  951.236619][T14356]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  951.242490][T14356]  should_failslab+0xac/0x100
[  951.247218][T14356]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  951.252988][T14356]  __kmalloc_noprof+0xd8/0x400
[  951.257796][T14356]  ? kfree+0x4e/0x360
[  951.261828][T14356]  tomoyo_realpath_from_path+0xcf/0x5e0
[  951.267435][T14356]  tomoyo_path_number_perm+0x23a/0x880
[  951.272941][T14356]  ? tomoyo_path_number_perm+0x208/0x880
[  951.278619][T14356]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  951.284699][T14356]  ? __fget_files+0x29/0x470
[  951.289331][T14356]  ? __fget_files+0x3f6/0x470
[  951.294043][T14356]  ? __fget_files+0x29/0x470
[  951.298762][T14356]  security_file_ioctl+0x75/0xb0
[  951.303743][T14356]  __se_sys_ioctl+0x47/0x170
[  951.308380][T14356]  do_syscall_64+0xf3/0x230
[  951.312922][T14356]  ? clear_bhb_loop+0x35/0x90
[  951.317626][T14356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.323551][T14356] RIP: 0033:0x7fc2b13779f9
[  951.327984][T14356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  951.348399][T14356] RSP: 002b:00007fc2b2089038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  951.356827][T14356] RAX: ffffffffffffffda RBX: 00007fc2b1506130 RCX: 00007fc2b13779f9
[  951.364848][T14356] RDX: 0000000020000000 RSI: 000000000000890c RDI: 0000000000000007
[  951.372848][T14356] RBP: 00007fc2b2089090 R08: 0000000000000000 R09: 0000000000000000
[  951.380842][T14356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.388948][T14356] R13: 0000000000000000 R14: 00007fc2b1506130 R15: 00007ffc78c2eee8
[  951.396960][T14356]  </TASK>
[  951.404031][T14356] ERROR: Out of memory at tomoyo_realpath_from_path.
[  951.637141][ T5229] Bluetooth: hci6: command tx timeout
[  952.026698][T14272] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.931226][ T5229] Bluetooth: hci7: command tx timeout
[  953.133859][T14272] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.205320][T14370] xt_TCPMSS: Only works on TCP SYN packets
[  954.028908][T14272] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.306466][T14376] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2386'.
[  954.333482][T14272] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.403589][T14261] 8021q: adding VLAN 0 to HW filter on device bond0
[  954.475806][T14261] 8021q: adding VLAN 0 to HW filter on device team0
[  954.511928][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  954.519136][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  954.595580][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  954.602885][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  954.868338][T14272] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  954.903247][T14272] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  954.934730][T14272] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  954.969731][T14272] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  955.452568][   T47] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  955.661388][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  955.704212][   T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  955.762077][   T47] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  955.789455][T14272] 8021q: adding VLAN 0 to HW filter on device bond0
[  955.790388][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.851364][   T47] usb 4-1: config 0 descriptor??
[  955.914035][T14272] 8021q: adding VLAN 0 to HW filter on device team0
[  955.943991][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state
[  955.951326][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  956.023969][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[  956.031201][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  956.163386][T14272] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  956.205278][T14272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  956.295209][   T47] asus 0003:0B05:17E0.000B: unknown main item tag 0x0
[  956.310675][T14261] 8021q: adding VLAN 0 to HW filter on device batadv0
[  956.331625][   T47] asus 0003:0B05:17E0.000B: item fetching failed at offset 5/7
[  956.333276][ T5269] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  956.507831][   T47] asus 0003:0B05:17E0.000B: Asus hid parse failed: -22
[  956.514856][   T47] asus 0003:0B05:17E0.000B: probe with driver asus failed with error -22
[  956.573259][ T5269] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  956.603653][ T5269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  956.642172][ T5269] usb 3-1: config 0 descriptor??
[  956.688924][ T5269] cp210x 3-1:0.0: cp210x converter detected
[  956.849310][   T59] usb 4-1: USB disconnect, device number 46
[  958.082289][T14261] veth0_vlan: entered promiscuous mode
[  958.141281][T14261] veth1_vlan: entered promiscuous mode
[  958.282084][T14261] veth0_macvtap: entered promiscuous mode
[  958.288679][ T5269] usb 3-1: cp210x converter now attached to ttyUSB0
[  958.328781][T14434] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2398'.
[  958.367779][T14261] veth1_macvtap: entered promiscuous mode
[  958.432477][T14272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  958.641492][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.668608][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.681976][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.696162][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.709971][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.729278][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.791338][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.817938][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.867818][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.900626][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.926298][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.953233][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.979691][T14261] batman_adv: batadv0: Interface activated: batadv_slave_0
[  959.065387][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.077953][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.089624][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.107274][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.136392][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.148130][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.161693][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.180298][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.190568][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.202933][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.213778][T14261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  959.234988][T14261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  959.263826][T14261] batman_adv: batadv0: Interface activated: batadv_slave_1
[  959.293645][T14272] veth0_vlan: entered promiscuous mode
[  959.335786][T14261] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  959.380533][T14261] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  959.411232][T14261] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  959.439258][T14261] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  959.493682][T14272] veth1_vlan: entered promiscuous mode
[  959.768929][T14272] veth0_macvtap: entered promiscuous mode
[  959.841892][T14272] veth1_macvtap: entered promiscuous mode
[  959.918698][ T2559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  959.966534][ T2559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  960.032433][    T8] usb 3-1: USB disconnect, device number 32
[  960.068628][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  960.070207][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.109574][    T8] cp210x 3-1:0.0: device disconnected
[  960.150081][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.218913][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.234349][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.247991][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.260327][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.273664][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.293780][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.324575][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.756187][ T5229] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  960.769337][ T5229] Bluetooth: hci3: Injecting HCI hardware error event
[  960.803394][ T5229] Bluetooth: hci3: hardware error 0x00
[  960.850275][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.865418][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  960.882227][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  960.895391][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  961.142501][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  961.198053][T14272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  961.561972][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.256660][   T29] audit: type=1800 audit(1723477151.552:149): pid=14472 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.2405" name="/" dev="sockfs" ino=57629 res=0 errno=0
[  962.377735][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.472729][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.537322][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.566149][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.609806][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.642653][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.696273][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.707257][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.718127][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.728946][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.742692][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.762495][T14272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  962.779441][T14272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  962.934090][T14272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  962.948899][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  962.958648][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  963.013567][T14272] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  963.066806][T14272] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  963.082254][T14272] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  963.116150][T14272] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  963.308161][ T5229] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  963.525523][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  963.556971][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  963.893877][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  964.602531][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  964.833903][T14506] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2411'.
[  965.126382][ T5298] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  965.319858][ T5298] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  965.329404][ T5298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.378383][ T5298] usb 2-1: config 0 descriptor??
[  965.407547][ T5298] cp210x 2-1:0.0: cp210x converter detected
[  965.477961][T14522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.508970][T14522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.566336][T14522] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  965.603979][T14522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.645593][T14522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  966.022592][ T5298] usb 2-1: cp210x converter now attached to ttyUSB0
[  967.036524][T14548] binder: 14547:14548 ioctl c018620c 20000000 returned -22
[  967.272719][T14551] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2424'.
[  967.356703][ T5268] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  967.718907][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  967.733236][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  967.751193][ T5268] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  967.767805][ T5268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.821060][ T5268] usb 5-1: config 0 descriptor??
[  967.878794][ T5298] usb 2-1: USB disconnect, device number 39
[  967.894216][ T5298] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  967.909404][ T5298] cp210x 2-1:0.0: device disconnected
[  968.481713][T14548] program syz.4.2423 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  969.562382][ T5268] steelseries 0003:1038:12B6.000C: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.4-1/input0
[  969.622774][ T5268] steelseries 0003:1038:12B6.000C: hid_hw_raw_request() failed with -71
[  969.690783][ T5268] usb 5-1: USB disconnect, device number 47
[  970.152834][T14589] futex_wake_op: syz.3.2435 tries to shift op by -1; fix this program
[  970.163493][T14588] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2436'.
[  971.055721][   T47] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  971.270604][   T47] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  971.280147][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.316406][   T47] usb 5-1: config 0 descriptor??
[  971.366285][   T47] cp210x 5-1:0.0: cp210x converter detected
[  971.636499][ T5268] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  971.921317][ T5268] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  971.971428][ T5268] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.036808][   T47] usb 5-1: cp210x converter now attached to ttyUSB0
[  972.046476][ T5268] usb 2-1: Product: syz
[  972.074152][ T5268] usb 2-1: Manufacturer: syz
[  972.104585][ T5268] usb 2-1: SerialNumber: syz
[  972.120760][ T5268] usb 2-1: config 0 descriptor??
[  972.513514][ T5268] usb 2-1: USB disconnect, device number 40
[  973.095158][ T5236] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  973.286181][ T5236] usb 4-1: Using ep0 maxpacket: 32
[  973.302166][ T5236] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  973.340567][ T5236] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  973.357541][ T5236] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.399903][ T5236] usb 4-1: config 0 descriptor??
[  973.428787][ T5236] hub 4-1:0.0: bad descriptor, ignoring hub
[  973.613825][ T5236] hub 4-1:0.0: probe with driver hub failed with error -5
[  973.706219][ T5268] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  973.759574][ T5236] usb 5-1: USB disconnect, device number 48
[  973.815642][ T5236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  973.847794][ T5236] cp210x 5-1:0.0: device disconnected
[  974.132558][ T5268] usb 2-1: Using ep0 maxpacket: 32
[  974.147387][ T5268] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  974.161652][ T5268] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  974.170857][ T5268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.187283][ T5268] usb 2-1: config 0 descriptor??
[  974.198252][ T5268] hub 2-1:0.0: bad descriptor, ignoring hub
[  974.204231][ T5268] hub 2-1:0.0: probe with driver hub failed with error -5
[  974.416579][    T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  974.636413][    T8] usb 5-1: Using ep0 maxpacket: 32
[  974.644793][    T8] usb 5-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  974.654951][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.679402][    T8] usb 5-1: config 0 descriptor??
[  974.689188][    T8] usb 5-1: dvb_usb_v2: found a 'Anysee' in warm state
[  974.696032][    T8] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  974.714094][    T8] dvb_usb_anysee 5-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  975.003471][ T5236] usb 5-1: USB disconnect, device number 49
[  977.926310][   T29] audit: type=1800 audit(1723477167.192:150): pid=14663 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.0.2463" name="/" dev="sockfs" ino=58254 res=0 errno=0
[  978.098436][   T59] usb 2-1: USB disconnect, device number 41
[  978.828238][ T5236] usb 4-1: reset high-speed USB device number 47 using dummy_hcd
[  978.853633][ T5236] usb 4-1: device reset changed ep0 maxpacket size!
[  978.911104][ T5236] usb 4-1: USB disconnect, device number 47
[  980.437784][   T29] audit: type=1800 audit(1723477169.742:151): pid=14691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.2469" name="/" dev="sockfs" ino=58651 res=0 errno=0
[  982.826226][   T29] audit: type=1800 audit(1723477172.062:152): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.0.2475" name="/" dev="sockfs" ino=58676 res=0 errno=0
[  983.320766][T14732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  983.331056][T14732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  983.416241][ T5236] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  983.596572][ T9671] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  983.632224][ T5236] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  983.646166][ T5236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.687266][ T5236] usb 5-1: config 0 descriptor??
[  983.715584][ T5236] cp210x 5-1:0.0: cp210x converter detected
[  983.828734][ T9671] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  983.857493][ T9671] usb 3-1: config 0 has no interfaces?
[  983.876122][ T9671] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  983.908945][ T9671] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.975489][ T9671] usb 3-1: config 0 descriptor??
[  984.484037][ T5236] usb 5-1: cp210x converter now attached to ttyUSB0
[  985.076169][ T5229] Bluetooth: hci0: command 0x0406 tx timeout
[  986.650396][ T9671] usb 5-1: USB disconnect, device number 50
[  986.689536][ T9671] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  986.765631][    T8] usb 3-1: USB disconnect, device number 33
[  986.772453][ T9671] cp210x 5-1:0.0: device disconnected
[  988.685406][   T29] audit: type=1800 audit(1723477177.892:153): pid=14784 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.0.2489" name="/" dev="sockfs" ino=58767 res=0 errno=0
[  994.532336][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[  994.544007][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[  994.786848][   T47] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  995.966177][ T9671] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  996.159854][ T9671] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  996.169408][ T9671] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.204799][ T9671] usb 3-1: config 0 descriptor??
[  996.218312][ T9671] cp210x 3-1:0.0: cp210x converter detected
[  997.196680][ T9671] usb 3-1: cp210x converter now attached to ttyUSB0
[  998.830285][   T29] audit: type=1800 audit(1723477188.132:154): pid=14845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.1.2503" name="/" dev="sockfs" ino=59484 res=0 errno=0
[ 1000.983480][   T59] usb 3-1: USB disconnect, device number 34
[ 1001.156528][   T59] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1001.164979][   T59] cp210x 3-1:0.0: device disconnected
[ 1001.846755][   T47] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1001.995233][T14876] xt_nat: multiple ranges no longer supported
[ 1002.079699][   T47] usb 2-1: Using ep0 maxpacket: 32
[ 1002.121940][   T29] audit: type=1800 audit(1723477191.422:155): pid=14871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.4.2508" name="/" dev="sockfs" ino=59516 res=0 errno=0
[ 1002.393641][   T47] usb 2-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[ 1002.402810][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1002.437445][   T47] usb 2-1: config 0 descriptor??
[ 1002.545841][   T47] usb 2-1: dvb_usb_v2: found a 'Anysee' in warm state
[ 1002.564167][   T47] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1002.572297][   T47] dvb_usb_anysee 2-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[ 1002.776502][ T5268] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1002.818268][   T29] audit: type=1326 audit(1723477192.122:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14886 comm="syz.0.2513" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48143779f9 code=0x0
[ 1002.852532][    T8] usb 2-1: USB disconnect, device number 43
[ 1003.026318][ T5268] usb 4-1: Using ep0 maxpacket: 8
[ 1003.037262][ T5268] usb 4-1: config 0 has an invalid descriptor of length 38, skipping remainder of the config
[ 1003.047652][ T5268] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 18
[ 1003.060377][ T5268] usb 4-1: New USB device found, idVendor=0681, idProduct=0010, bcdDevice=f7.0d
[ 1003.074255][ T5268] usb 4-1: New USB device strings: Mfr=16, Product=157, SerialNumber=0
[ 1003.088751][ T5268] usb 4-1: Product: syz
[ 1003.093808][ T5268] usb 4-1: Manufacturer: syz
[ 1003.137519][ T5268] usb 4-1: config 0 descriptor??
[ 1005.040542][   T47] usb 4-1: USB disconnect, device number 48
[ 1006.030685][T14914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1006.268955][T14914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1010.946823][   T47] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1011.746781][   T47] usb 5-1: Using ep0 maxpacket: 32
[ 1011.938913][   T47] usb 5-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[ 1012.277505][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.301427][   T47] usb 5-1: config 0 descriptor??
[ 1012.324691][   T47] usb 5-1: dvb_usb_v2: found a 'Anysee' in warm state
[ 1012.333838][   T47] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1012.346926][   T47] dvb_usb_anysee 5-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[ 1012.702062][T14959] xt_TCPMSS: Only works on TCP SYN packets
[ 1012.983476][ T5268] usb 5-1: USB disconnect, device number 51
[ 1013.177086][   T59] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1013.394176][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1013.415669][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1013.436280][   T59] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[ 1013.445379][   T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1013.498735][   T59] usb 3-1: config 0 descriptor??
[ 1013.745218][T14957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1014.818073][T14957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1015.315051][   T59] usbhid 3-1:0.0: can't add hid device: -71
[ 1015.436251][   T59] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1016.509629][   T59] usb 3-1: USB disconnect, device number 35
[ 1022.439195][   T29] audit: type=1800 audit(1723477211.732:157): pid=14989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.0.2539" name="/" dev="sockfs" ino=59733 res=0 errno=0
[ 1023.960969][T15012] xt_TCPMSS: Only works on TCP SYN packets
[ 1027.453562][ T8153] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.350451][ T8153] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.792357][ T8153] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.279428][ T8153] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.407086][ T8153] bridge_slave_1: left allmulticast mode
[ 1030.412794][ T8153] bridge_slave_1: left promiscuous mode
[ 1030.496390][ T8153] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.580642][ T8153] bridge_slave_0: left allmulticast mode
[ 1030.626103][ T8153] bridge_slave_0: left promiscuous mode
[ 1030.706307][ T8153] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1033.616980][ T8153] erspan0 (unregistering): left allmulticast mode
[ 1039.126686][ T8153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1039.346621][ T8153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1039.468971][ T8153] bond0 (unregistering): Released all slaves
[ 1039.669435][ T8153] bond1 (unregistering): Released all slaves
[ 1043.046267][ T8153] hsr_slave_0: left promiscuous mode
[ 1043.136211][ T8153] hsr_slave_1: left promiscuous mode
[ 1043.226347][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1043.296202][ T8153] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1043.397148][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1043.404636][ T8153] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1043.833361][ T8153] veth1_macvtap: left promiscuous mode
[ 1043.949375][ T8153] veth0_macvtap: left promiscuous mode
[ 1044.028114][ T8153] veth1_vlan: left promiscuous mode
[ 1044.033555][ T8153] veth0_vlan: left promiscuous mode
[ 1051.835839][ T8153] team0 (unregistering): Port device team_slave_1 removed
[ 1052.747812][ T8153] team0 (unregistering): Port device team_slave_0 removed
[ 1054.708059][ T1261] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.714458][ T1261] ieee802154 phy1 wpan1: encryption failed: -22
[ 1066.992361][T13623] Bluetooth: hci6: command 0x0406 tx timeout
[ 1074.207322][T13623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1074.236158][T13623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1074.259530][T13623] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1074.287986][T13623] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1074.296608][T13623] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1074.304059][T13623] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1074.411296][ T5229] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1074.422375][ T5229] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1074.431212][ T5229] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1074.439635][ T5229] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1074.447828][ T5229] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[ 1074.457080][ T5229] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1074.866419][ T5229] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1074.880631][ T5229] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1074.889730][ T5229] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1074.899398][ T5229] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1074.909537][ T5229] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1074.917991][ T5229] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1075.100072][ T5229] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1075.117767][ T5229] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1075.126843][ T5229] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1075.137515][ T5229] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1075.154126][ T5229] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1075.177337][ T5229] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1075.225628][ T8153] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.402759][ T8153] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.532693][ T8153] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1075.693728][ T8153] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1076.005286][T15025] chnl_net:caif_netlink_parms(): no params data found
[ 1076.426411][ T5229] Bluetooth: hci2: command tx timeout
[ 1076.480885][ T8153] bridge_slave_1: left allmulticast mode
[ 1076.496166][ T8153] bridge_slave_1: left promiscuous mode
[ 1076.502128][ T8153] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1076.535407][ T8153] bridge_slave_0: left allmulticast mode
[ 1076.552831][ T8153] bridge_slave_0: left promiscuous mode
[ 1076.562596][ T8153] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1076.666781][ T5229] Bluetooth: hci8: command tx timeout
[ 1077.006884][ T5229] Bluetooth: hci0: command tx timeout
[ 1077.226350][ T5229] Bluetooth: hci3: command tx timeout
[ 1077.507149][ T8153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1077.529561][ T8153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1077.564503][ T8153] bond0 (unregistering): Released all slaves
[ 1077.995946][T15025] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1078.014844][T15025] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1078.023500][T15025] bridge_slave_0: entered allmulticast mode
[ 1078.057852][T15025] bridge_slave_0: entered promiscuous mode
[ 1078.069217][T15025] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1078.076509][T15025] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1078.083773][T15025] bridge_slave_1: entered allmulticast mode
[ 1078.091531][T15025] bridge_slave_1: entered promiscuous mode
[ 1078.098845][T15027] chnl_net:caif_netlink_parms(): no params data found
[ 1078.360519][T15025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1078.414869][T15025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1078.515114][ T5229] Bluetooth: hci2: command tx timeout
[ 1078.540247][T15029] chnl_net:caif_netlink_parms(): no params data found
[ 1078.641248][ T8153] hsr_slave_0: left promiscuous mode
[ 1078.661521][ T8153] hsr_slave_1: left promiscuous mode
[ 1078.677585][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1078.685110][ T8153] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1078.705957][ T8153] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1078.715424][ T8153] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1078.747189][ T5229] Bluetooth: hci8: command tx timeout
[ 1078.783246][ T8153] veth1_macvtap: left promiscuous mode
[ 1078.792903][ T8153] veth0_macvtap: left promiscuous mode
[ 1078.799482][ T8153] veth1_vlan: left promiscuous mode
[ 1078.817825][ T8153] veth0_vlan: left promiscuous mode
[ 1079.086100][ T5229] Bluetooth: hci0: command tx timeout
[ 1079.306273][ T5229] Bluetooth: hci3: command tx timeout
[ 1080.018580][ T8153] team0 (unregistering): Port device team_slave_1 removed
[ 1080.133530][ T8153] team0 (unregistering): Port device team_slave_0 removed
[ 1080.277319][   T30] INFO: task syz.4.2329:14143 blocked for more than 143 seconds.
[ 1080.285124][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1080.323694][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1080.345130][   T30] task:syz.4.2329      state:D stack:24672 pid:14143 tgid:14143 ppid:7293   flags:0x00004004
[ 1080.370287][   T30] Call Trace:
[ 1080.373644][   T30]  <TASK>
[ 1080.378439][   T30]  __schedule+0x17ae/0x4a10
[ 1080.383042][   T30]  ? __pfx___schedule+0x10/0x10
[ 1080.401463][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1080.416126][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1080.422200][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1080.442411][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1080.448031][   T30]  ? schedule+0x90/0x320
[ 1080.452335][   T30]  schedule+0x14b/0x320
[ 1080.466132][   T30]  ? do_exit+0x4ff/0x27f0
[ 1080.470532][   T30]  do_exit+0x57c/0x27f0
[ 1080.474741][   T30]  ? __pfx_do_exit+0x10/0x10
[ 1080.479704][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1080.493865][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1080.504950][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1080.522831][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1080.528296][   T30]  do_group_exit+0x207/0x2c0
[ 1080.532938][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1080.546136][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1080.551427][   T30]  get_signal+0x1695/0x1730
[ 1080.566122][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1080.571079][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1080.586459][ T5229] Bluetooth: hci2: command tx timeout
[ 1080.587972][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1080.607985][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1080.614079][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1080.630986][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1080.636906][   T30]  do_syscall_64+0x100/0x230
[ 1080.641545][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1080.656089][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.662054][   T30] RIP: 0033:0x7f1d1c7779f9
[ 1080.676072][   T30] RSP: 002b:00007fff531c6dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1080.684788][   T30] RAX: fffffffffffffdfc RBX: 00000000000e212f RCX: 00007f1d1c7779f9
[ 1080.709893][   T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1d1c906064
[ 1080.726222][   T30] RBP: 00007f1d1c906064 R08: 00007f1d1c905f80 R09: 00007fff531c70bf
[ 1080.734257][   T30] R10: 00007fff531c6ed0 R11: 0000000000000246 R12: 0000000000000032
[ 1080.753478][   T30] R13: 00007fff531c6ed0 R14: 00007fff531c6ef0 R15: 00000000000e20fd
[ 1080.761770][   T30]  </TASK>
[ 1080.776473][   T30] INFO: task syz.4.2329:14144 blocked for more than 143 seconds.
[ 1080.784264][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1080.802676][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1080.817711][   T30] task:syz.4.2329      state:D stack:27424 pid:14144 tgid:14143 ppid:7293   flags:0x00004004
[ 1080.828073][ T5229] Bluetooth: hci8: command tx timeout
[ 1080.834920][   T30] Call Trace:
[ 1080.838661][   T30]  <TASK>
[ 1080.841971][   T30]  __schedule+0x17ae/0x4a10
[ 1080.846674][   T30]  ? __pfx___schedule+0x10/0x10
[ 1080.851580][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1080.856834][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1080.862788][   T30]  ? schedule+0x90/0x320
[ 1080.867246][   T30]  schedule+0x14b/0x320
[ 1080.871459][   T30]  super_lock+0x335/0x400
[ 1080.875862][   T30]  ? __pfx_super_lock+0x10/0x10
[ 1080.880949][   T30]  ? __pfx_var_wake_function+0x10/0x10
[ 1080.886563][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1080.891814][   T30]  iterate_supers+0x8c/0x190
[ 1080.896583][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[ 1080.902185][   T30]  ksys_sync+0xbd/0x1c0
[ 1080.913789][   T30]  ? __pfx_ksys_sync+0x10/0x10
[ 1080.926225][   T30]  ? do_syscall_64+0x100/0x230
[ 1080.931070][   T30]  ? do_syscall_64+0xb6/0x230
[ 1080.935790][   T30]  __do_sys_sync+0xe/0x20
[ 1080.953444][   T30]  do_syscall_64+0xf3/0x230
[ 1080.964450][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1080.969384][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.975326][   T30] RIP: 0033:0x7f1d1c7779f9
[ 1080.986462][   T30] RSP: 002b:00007f1d1d4ad038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1080.994946][   T30] RAX: ffffffffffffffda RBX: 00007f1d1c905f80 RCX: 00007f1d1c7779f9
[ 1081.003257][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1081.011392][   T30] RBP: 00007f1d1c7e58ee R08: 0000000000000000 R09: 0000000000000000
[ 1081.021715][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1081.029950][   T30] R13: 0000000000000000 R14: 00007f1d1c905f80 R15: 00007fff531c6c78
[ 1081.038050][   T30]  </TASK>
[ 1081.059357][   T30] INFO: task syz.4.2329:14145 blocked for more than 144 seconds.
[ 1081.068938][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1081.074870][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1081.087611][   T30] task:syz.4.2329      state:D stack:25360 pid:14145 tgid:14143 ppid:7293   flags:0x00004004
[ 1081.098018][   T30] Call Trace:
[ 1081.101348][   T30]  <TASK>
[ 1081.104322][   T30]  __schedule+0x17ae/0x4a10
[ 1081.109073][   T30]  ? __pfx___schedule+0x10/0x10
[ 1081.114001][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1081.121849][   T30]  ? schedule+0x90/0x320
[ 1081.135007][   T30]  schedule+0x14b/0x320
[ 1081.139438][   T30]  schedule_timeout+0xb0/0x310
[ 1081.144256][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[ 1081.149982][ T5229] Bluetooth: hci0: command tx timeout
[ 1081.172186][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.186419][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1081.191736][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1081.206072][   T30]  __wait_for_common+0x3ea/0x6d0
[ 1081.211156][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[ 1081.231468][   T30]  ? __pfx___wait_for_common+0x10/0x10
[ 1081.237310][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1081.242483][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1081.259507][   T30]  wait_for_completion_state+0x1c/0x40
[ 1081.265065][   T30]  do_coredump+0x984/0x2a30
[ 1081.269862][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1081.274951][   T30]  ? __kasan_slab_free+0x37/0x60
[ 1081.289366][   T30]  ? arch_do_signal_or_restart+0x96/0x860
[ 1081.295487][   T30]  ? __pfx_do_coredump+0x10/0x10
[ 1081.301295][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1081.332390][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1081.338291][   T30]  get_signal+0x13ee/0x1730
[ 1081.342876][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1081.348789][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1081.354746][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1081.360961][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1081.367647][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.374215][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1081.380895][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1081.386969][   T30]  do_syscall_64+0x100/0x230
[ 1081.389904][ T5229] Bluetooth: hci3: command tx timeout
[ 1081.391588][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1081.402306][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.409037][   T30] RIP: 0033:0x7f1d1c7779f9
[ 1081.413497][   T30] RSP: 002b:00007f1d1d48c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1081.425365][   T30] RAX: 00000000000000ca RBX: 00007f1d1c906060 RCX: 00007f1d1c7779f9
[ 1081.434265][   T30] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d1c906064
[ 1081.447178][   T30] RBP: 00007f1d1c906058 R08: 7fffffffffffffff R09: 0000000000000000
[ 1081.455223][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d1c906064
[ 1081.463440][   T30] R13: 0000000000000000 R14: 00007fff531c6b90 R15: 00007fff531c6c78
[ 1081.471827][   T30]  </TASK>
[ 1081.484603][   T30] INFO: task syz.0.2332:14150 blocked for more than 144 seconds.
[ 1081.512503][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1081.526383][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1081.535122][   T30] task:syz.0.2332      state:D stack:24672 pid:14150 tgid:14150 ppid:5841   flags:0x00004004
[ 1081.548727][   T30] Call Trace:
[ 1081.552586][   T30]  <TASK>
[ 1081.555565][   T30]  __schedule+0x17ae/0x4a10
[ 1081.560229][   T30]  ? __pfx___schedule+0x10/0x10
[ 1081.565143][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1081.570289][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.576454][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1081.582832][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1081.591708][   T30]  ? schedule+0x90/0x320
[ 1081.596095][   T30]  schedule+0x14b/0x320
[ 1081.608403][   T30]  ? do_exit+0x4ff/0x27f0
[ 1081.612889][   T30]  do_exit+0x57c/0x27f0
[ 1081.626168][   T30]  ? __pfx_do_exit+0x10/0x10
[ 1081.632734][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1081.649024][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.655093][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1081.661723][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1081.676085][   T30]  do_group_exit+0x207/0x2c0
[ 1081.680726][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1081.696083][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1081.701354][   T30]  get_signal+0x1695/0x1730
[ 1081.705915][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1081.725862][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1081.733309][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1081.741263][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1081.747415][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1081.753199][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1081.758912][   T30]  do_syscall_64+0x100/0x230
[ 1081.763547][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1081.768432][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.774373][   T30] RIP: 0033:0x7f71939779f9
[ 1081.778927][   T30] RSP: 002b:00007ffd5306b9b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1081.787460][   T30] RAX: 0000000000000001 RBX: 00007f7193b06058 RCX: 00007f71939779f9
[ 1081.795558][   T30] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7193b06060
[ 1081.803769][   T30] RBP: 00007f7193b06064 R08: 00007f7193b05f80 R09: 00007ffd5306bc9f
[ 1081.811880][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1081.828317][   T30] R13: 00007f7193b06058 R14: 0000000000000005 R15: 0000000000000b66
[ 1081.846108][   T30]  </TASK>
[ 1081.875609][   T30] INFO: task syz.0.2332:14151 blocked for more than 144 seconds.
[ 1081.884684][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1081.896065][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1081.904790][   T30] task:syz.0.2332      state:D stack:27424 pid:14151 tgid:14150 ppid:5841   flags:0x00004004
[ 1081.926229][   T30] Call Trace:
[ 1081.929581][   T30]  <TASK>
[ 1081.932545][   T30]  __schedule+0x17ae/0x4a10
[ 1081.941173][   T30]  ? __pfx___schedule+0x10/0x10
[ 1081.946666][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1081.951766][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1081.957819][   T30]  ? schedule+0x90/0x320
[ 1081.962114][   T30]  schedule+0x14b/0x320
[ 1081.966431][   T30]  super_lock+0x335/0x400
[ 1081.970905][   T30]  ? __pfx_super_lock+0x10/0x10
[ 1081.975818][   T30]  ? __pfx_var_wake_function+0x10/0x10
[ 1081.981449][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1081.986860][   T30]  iterate_supers+0x8c/0x190
[ 1081.991512][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[ 1081.997506][   T30]  ksys_sync+0xbd/0x1c0
[ 1082.001703][   T30]  ? __pfx_ksys_sync+0x10/0x10
[ 1082.006868][   T30]  ? do_syscall_64+0x100/0x230
[ 1082.011686][   T30]  ? do_syscall_64+0xb6/0x230
[ 1082.016857][   T30]  __do_sys_sync+0xe/0x20
[ 1082.021231][   T30]  do_syscall_64+0xf3/0x230
[ 1082.025776][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1082.031191][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1082.045551][   T30] RIP: 0033:0x7f71939779f9
[ 1082.064450][   T30] RSP: 002b:00007f71947e9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1082.084484][   T30] RAX: ffffffffffffffda RBX: 00007f7193b05f80 RCX: 00007f71939779f9
[ 1082.095113][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1082.116244][   T30] RBP: 00007f71939e58ee R08: 0000000000000000 R09: 0000000000000000
[ 1082.124469][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1082.146102][   T30] R13: 0000000000000000 R14: 00007f7193b05f80 R15: 00007ffd5306b858
[ 1082.154174][   T30]  </TASK>
[ 1082.166714][   T30] INFO: task syz.0.2332:14152 blocked for more than 145 seconds.
[ 1082.184888][   T30]       Not tainted 6.11.0-rc3-syzkaller #0
[ 1082.191446][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1082.200858][   T30] task:syz.0.2332      state:D stack:25456 pid:14152 tgid:14150 ppid:5841   flags:0x00000004
[ 1082.211553][   T30] Call Trace:
[ 1082.214877][   T30]  <TASK>
[ 1082.219708][   T30]  __schedule+0x17ae/0x4a10
[ 1082.224297][   T30]  ? __pfx___schedule+0x10/0x10
[ 1082.234921][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1082.240619][   T30]  ? schedule+0x90/0x320
[ 1082.248456][   T30]  schedule+0x14b/0x320
[ 1082.252679][   T30]  schedule_timeout+0xb0/0x310
[ 1082.258445][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[ 1082.263913][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1082.273337][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1082.279077][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1082.284357][   T30]  __wait_for_common+0x3ea/0x6d0
[ 1082.297748][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[ 1082.303196][   T30]  ? __pfx___wait_for_common+0x10/0x10
[ 1082.309516][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1082.314691][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1082.321280][   T30]  wait_for_completion_state+0x1c/0x40
[ 1082.328548][   T30]  do_coredump+0x984/0x2a30
[ 1082.333138][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1082.338832][   T30]  ? __kasan_slab_free+0x37/0x60
[ 1082.345680][   T30]  ? arch_do_signal_or_restart+0x96/0x860
[ 1082.374069][   T30]  ? __pfx_do_coredump+0x10/0x10
[ 1082.391664][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1082.402444][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1082.409109][   T30]  get_signal+0x13ee/0x1730
[ 1082.413678][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1082.419877][   T30]  ? __pfx_get_signal+0x10/0x10
[ 1082.424788][   T30]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 1082.431565][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1082.439819][   T30]  arch_do_signal_or_restart+0x96/0x860
[ 1082.445441][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1082.454216][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1082.460640][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1082.467191][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[ 1082.472817][   T30]  do_syscall_64+0x100/0x230
[ 1082.478264][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1082.483011][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1082.489552][   T30] RIP: 0033:0x7f71939779f9
[ 1082.494098][   T30] RSP: 002b:00007f71947c80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1082.514871][   T30] RAX: 00000000000000ca RBX: 00007f7193b06060 RCX: 00007f71939779f9
[ 1082.523568][   T30] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7193b06064
[ 1082.543997][   T30] RBP: 00007f7193b06058 R08: 7fffffffffffffff R09: 0000000000000000
[ 1082.557575][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7193b06064
[ 1082.565607][   T30] R13: 0000000000000000 R14: 00007ffd5306b770 R15: 00007ffd5306b858
[ 1082.574294][   T30]  </TASK>
[ 1082.594048][   T30] 
[ 1082.594048][   T30] Showing all locks held in the system:
[ 1082.602504][   T30] 1 lock held by khungtaskd/30:
[ 1082.607782][   T30]  #0: ffffffff8e7382e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1082.618702][   T30] 3 locks held by kworker/u8:8/2559:
[ 1082.624054][   T30]  #0: ffff88802a520148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1082.646753][   T30]  #1: ffffc90008fcfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1082.666260][ T5229] Bluetooth: hci2: command tx timeout
[ 1082.675182][   T30]  #2: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[ 1082.689655][   T30] 2 locks held by getty/4975:
[ 1082.694383][   T30]  #0: ffff88802ae3c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1082.713007][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[ 1082.729238][   T30] 3 locks held by kworker/0:4/5268:
[ 1082.734487][   T30]  #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1082.757977][   T30]  #1: ffffc90003fafd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1082.781572][   T30]  #2: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1082.794237][   T30] 3 locks held by kworker/u8:9/5935:
[ 1082.800135][   T30]  #0: ffff888015489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1082.812460][   T30]  #1: ffffc90014effd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1082.824249][   T30]  #2: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1082.834444][   T30] 1 lock held by syz.2.228/6228:
[ 1082.839871][   T30]  #0: ffff88806cb760e0 (&type->s_umount_key#57/1){+.+.}-{3:3}, at: alloc_super+0x221/0x9d0
[ 1082.850902][   T30] 5 locks held by kworker/u8:11/8153:
[ 1082.860547][   T30]  #0: ffff8880162e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1082.871948][   T30]  #1: ffffc900042dfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1082.884143][   T30]  #2: ffffffff8fa632d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1082.894143][   T30]  #3: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[ 1082.906428][ T5229] Bluetooth: hci8: command tx timeout
[ 1082.908056][   T30]  #4: ffffffff8e73d6b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1082.923617][   T30] 1 lock held by syz-executor/15025:
[ 1082.929449][   T30]  #0: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[ 1082.939610][   T30] 1 lock held by syz-executor/15027:
[ 1082.944930][   T30]  #0: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[ 1082.970153][   T30] 1 lock held by syz-executor/15029:
[ 1082.975504][   T30]  #0: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[ 1082.993737][   T30] 1 lock held by syz-executor/15031:
[ 1083.016056][   T30]  #0: ffffffff8fa6fe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[ 1083.040429][   T30] 
[ 1083.042810][   T30] =============================================
[ 1083.042810][   T30] 
[ 1083.053633][   T30] NMI backtrace for cpu 1
[ 1083.058104][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller #0
[ 1083.066911][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1083.076998][   T30] Call Trace:
[ 1083.080308][   T30]  <TASK>
[ 1083.083265][   T30]  dump_stack_lvl+0x241/0x360
[ 1083.087998][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1083.093245][   T30]  ? __pfx__printk+0x10/0x10
[ 1083.097878][   T30]  ? vprintk_emit+0x631/0x770
[ 1083.102596][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[ 1083.107753][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1083.112750][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1083.118251][   T30]  ? _printk+0xd5/0x120
[ 1083.122460][   T30]  ? __pfx__printk+0x10/0x10
[ 1083.127181][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 1083.132073][   T30]  ? __pfx__printk+0x10/0x10
[ 1083.136716][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 1083.141781][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1083.147816][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1083.153971][   T30]  watchdog+0xfee/0x1030
[ 1083.158282][   T30]  ? watchdog+0x1ea/0x1030
[ 1083.162758][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1083.167486][   T30]  kthread+0x2f0/0x390
[ 1083.171603][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1083.176329][   T30]  ? __pfx_kthread+0x10/0x10
[ 1083.180964][   T30]  ret_from_fork+0x4b/0x80
[ 1083.185423][   T30]  ? __pfx_kthread+0x10/0x10
[ 1083.190067][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1083.194889][   T30]  </TASK>
[ 1083.200219][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 1083.205480][    C0] NMI backtrace for cpu 0
[ 1083.205494][    C0] CPU: 0 UID: 0 PID: 13726 Comm: kworker/u8:13 Not tainted 6.11.0-rc3-syzkaller #0
[ 1083.205515][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1083.205527][    C0] Workqueue: bat_events batadv_nc_worker
[ 1083.205555][    C0] RIP: 0010:kasan_check_range+0x1ba/0x290
[ 1083.205580][    C0] Code: fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee 5b 41 5c <41> 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff 00 00 75
[ 1083.205596][    C0] RSP: 0018:ffffc9000bdcf7e8 EFLAGS: 00000056
[ 1083.205611][    C0] RAX: 0000000000000001 RBX: 00000000000006d2 RCX: ffffffff81702e6a
[ 1083.205624][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff934f1918
[ 1083.205637][    C0] RBP: 0000000000000000 R08: ffffffff934f191f R09: 1ffffffff269e323
[ 1083.205649][    C0] R10: dffffc0000000000 R11: fffffbfff269e324 R12: ffff888028019e00
[ 1083.205663][    C0] R13: dffffc0000000000 R14: dffffc0000000001 R15: fffffbfff269e324
[ 1083.205677][    C0] FS:  0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[ 1083.205693][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1083.205705][    C0] CR2: 0000563fc22f2030 CR3: 000000000e534000 CR4: 00000000003506f0
[ 1083.205721][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1083.205732][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1083.205744][    C0] Call Trace:
[ 1083.205752][    C0]  <NMI>
[ 1083.205759][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1083.205781][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1083.205808][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1083.205838][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1083.205861][    C0]  ? nmi_handle+0x14f/0x5a0
[ 1083.205879][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1083.205897][    C0]  ? kasan_check_range+0x1ba/0x290
[ 1083.205918][    C0]  ? default_do_nmi+0x63/0x160
[ 1083.205940][    C0]  ? exc_nmi+0x123/0x1f0
[ 1083.205960][    C0]  ? end_repeat_nmi+0xf/0x53
[ 1083.205983][    C0]  ? mark_lock+0x9a/0x350
[ 1083.206016][    C0]  ? kasan_check_range+0x1ba/0x290
[ 1083.206040][    C0]  ? kasan_check_range+0x1ba/0x290
[ 1083.206066][    C0]  ? kasan_check_range+0x1ba/0x290
[ 1083.206097][    C0]  </NMI>
[ 1083.206105][    C0]  <TASK>
[ 1083.206113][    C0]  mark_lock+0x9a/0x350
[ 1083.206144][    C0]  __lock_acquire+0xc35/0x2040
[ 1083.206181][    C0]  lock_acquire+0x1ed/0x550
[ 1083.206207][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[ 1083.206240][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1083.206267][    C0]  ? __local_bh_disable_ip+0x187/0x220
[ 1083.206293][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1083.206322][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[ 1083.206350][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[ 1083.206376][    C0]  ? __local_bh_enable_ip+0x168/0x200
[ 1083.206403][    C0]  ? batadv_nc_purge_paths+0x30f/0x3b0
[ 1083.206431][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1083.206460][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[ 1083.206491][    C0]  _raw_spin_lock_bh+0x35/0x50
[ 1083.206517][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[ 1083.206545][    C0]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[ 1083.206577][    C0]  batadv_nc_purge_paths+0xe8/0x3b0
[ 1083.206614][    C0]  batadv_nc_worker+0x365/0x610
[ 1083.206645][    C0]  ? process_scheduled_works+0x945/0x1830
[ 1083.206673][    C0]  process_scheduled_works+0xa2c/0x1830
[ 1083.206717][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1083.206750][    C0]  ? assign_work+0x364/0x3d0
[ 1083.206779][    C0]  worker_thread+0x86d/0xd40
[ 1083.206817][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1083.206848][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1083.206876][    C0]  kthread+0x2f0/0x390
[ 1083.206906][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1083.206930][    C0]  ? __pfx_kthread+0x10/0x10
[ 1083.206956][    C0]  ret_from_fork+0x4b/0x80
[ 1083.206981][    C0]  ? __pfx_kthread+0x10/0x10
[ 1083.207007][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1083.207040][    C0]  </TASK>
[ 1083.224412][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1083.224434][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller #0
[ 1083.224461][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 1083.224476][   T30] Call Trace:
[ 1083.224486][   T30]  <TASK>
[ 1083.224497][   T30]  dump_stack_lvl+0x241/0x360
[ 1083.224544][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1083.224582][   T30]  ? __pfx__printk+0x10/0x10
[ 1083.224613][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1083.224656][   T30]  ? vscnprintf+0x5d/0x90
[ 1083.224686][   T30]  panic+0x349/0x860
[ 1083.224721][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1083.224752][   T30]  ? __pfx_panic+0x10/0x10
[ 1083.224783][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1083.224811][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1083.224852][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1083.224879][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1083.224907][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1083.224938][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1083.224972][   T30]  watchdog+0x102d/0x1030
[ 1083.225008][   T30]  ? watchdog+0x1ea/0x1030
[ 1083.225048][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1083.225081][   T30]  kthread+0x2f0/0x390
[ 1083.225117][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1083.225149][   T30]  ? __pfx_kthread+0x10/0x10
[ 1083.225185][   T30]  ret_from_fork+0x4b/0x80
[ 1083.225218][   T30]  ? __pfx_kthread+0x10/0x10
[ 1083.225253][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1083.225302][   T30]  </TASK>
[ 1083.230950][   T30] Kernel Offset: disabled
[ 1083.742108][   T30] Rebooting in 86400 seconds..