last executing test programs:

21.709813211s ago: executing program 2 (id=370):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000000)="0f01c366b9f709000066b8a000000066ba000000000f306766c7442400440000006766c7442402fdffff7f6766c744240600000000670f0114240f20c06635010000000f22c0660f3833dd66b80500000066b9947500000f20c04022c0660f65800c000f01cab825018ec0", 0x6b}], 0x1, 0x8, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000480)=ANY=[@ANYRESOCT=r0], &(0x7f0000000500)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r5, 0x40045402, &(0x7f0000000040)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}})
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000002060108000000000000000000000000050005000a0000c4050001000700000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x44}}, 0x0)

21.685659994s ago: executing program 4 (id=371):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000080)=0x80000049, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @mss, @sack_perm, @window={0x3, 0x74a}, @timestamp, @mss, @timestamp, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendmmsg$inet(r1, &(0x7f0000002680)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="6534d06531cfe2b1", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000440)="f01a359aa23ef534d67f7a14beafb1b0fcaa6babe8f6e76a1dd554688d9298fc058c61295a76782535be912951480312779c7e5c4ad0b17cc914601d6aca2fbc1d756cbc0064fbe3da467371832347d04efa30f39007b1a5fa3671d9cf57a340382f6d7470dfd08bef65e87170b2cbce634046e593ed827e117e7a249558fc673f872356e2c44a7b6f7bc11d9fdb4626959917d411b0caa7d9ff8ee4ec58d1707ccad867500993ea650de06b16f39cb90e20effca5746916785072ac621f19469627069d99f244ec66fc43ceeb11ec1c342c56c68b299b1887304743cc29be55e8d88daf88a967cefb3313075f6b9a3a41b4b274eab04332846672de031855dd84ff94c89a9d344cb372fbec2d9be4109e0567d92a2204e6c534c7c2be9069cf76ecf2fbeb7e621d9acc19c5201ee35be41f8f70c238ebf4aaca456a86bbe6e3935143503d018d3df1d2549a3e77db90537247b153affc18e4f6f2e3bac00b20a4c92080f2c9060dd502b11e6ebb4989e242a390f8acf8dd8c8f4faf520e3cf9c710dd910c7f896e821101e82510ef3cae91c82825cc173d69d7fb9f1ec0797507441afbc915895cc3f1ada5550635c5f28a252c37a1d4ce59ae4d7e1e0444a85e5b98a42b95a14d18033b7b5060168b3f49a10971e55f13186f36c6792dd9edb7dfe70b1e082cf3b1da601a8de0652f636e57f2c26c8303fc148f7c5590db7b6cb3d4b993e07bf1f32e49308733521f5834fd642eea6f60ea1982dd0419404128be6f53376a6629decb8aef53f2e0f4625669e899f9d21db5f23665cf1421884fa2511da993c9249acc490026e1426a6a98d96ecf6c1c6e8fba232c1e9ebbccaa890ceaef49e3d2975e0bb1926b7107cb0f750977d93323e22a6b3eb106b74e15446cfd0671d12d9b1db8a0f85521b495466d2861bdfb5282e22f6cb354cc0cb21b4dc98d20aff184dc487fc26690c7703838ab027aba839234cb7cfcf9476ef45fff960b082cc434411fbe30ead2a8e9a5402b92ad14b2cb9328d0d34cc8551262a084cdbb60ce8eda8cd6a2c0546e87cfb4f9bbe8af06f23fbe4c725e50e1fa3cd6a7fc5557e911dd7fa66ff249e99c5baf7a2dfcf6f34265daac50a07ae8465fd2975673d7d55c2de76deef135746e7e85fb7cd283ee5a260e56181147c9cdef06f29200c7cd50c8fa96d0694e623d01173bcdecc64e8a0daa4d197cbec76aff60730b03b8d0e18aa650c803ae59d21262370cf32fa9075f20ca42fc3be7f3bd0b6088d9f7cdf0fcef8b5d94629b6da5b42e36f2657cf8e1873e5cde39b405d997aa29effbed25d67d6de48ee51f7ffacca178893994e877bf0240ce87359190b82b740888908644533938458229b098f0f74304e5b95384f172cc6de49ab8c7364dab1b1b97c4cd7c4ee0c38977e7db8bc550e5f9c9a58979ab961b355bb3a2ca7d0e454573f8a0e51453a724436c1f680e49d024b0985e5b9eabb49aa8443400da0fce490ff77de02a0d662cb931e868437cb686f04593f4609ac7dfec54568aa304a9c634c8bb409c377d41ab3724e2c85e1504c4e2e0454f27ace5ba1511baaa1c49deb97cd43e31806b9c17fb67638f5e7b63a3e96367ab690845d617426599a2731d0e74914e73bc23f19d3e5da5a4595af6adbf2661bfa07e1db13ebfc25dc2ff16004842e1ae209f49a34cde476616465e8ba748039c0b9f5b90a98ce4bceb5c5bd0f2f329526eb1d5524407992f05a72c6abaf1830440ef93986e1c96f768153181d60c24e9c8ed2179e025ef980ba66e9d79f33a2fa3adcf3b9335a418e600d67ea6ee083c1227e3a594ec4dcdf8c9c9d7a7c41de10d9a1519a36bb67416759459f1b81c8c897e5c834d855f9287248115a3204eb477d6bc3f1cd26c36ffdd8514cad1699720ef3666bb084f468cb3b0b9748707b3fa885f3be70eccde1eb6ff15a16286b44270958115c58be8a6133c201f", 0x579}], 0x1}}], 0x2, 0x800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events.local\x00', 0x275a, 0x0)
write$UHID_INPUT(r4, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'vlan0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000001980)=ANY=[@ANYBLOB="11000000d9640000010000000900000080100400", @ANYRES32=r4, @ANYBLOB='\x00'/20, @ANYRES32=r5, @ANYRES32, @ANYBLOB="1124513e0c4eb4499078cf41be7412a35a950000000003000000020000000000"], 0x50)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000240)={'syztnl2\x00', <r6=>0x0, 0x7800, 0x8, 0x6, 0x0, {{0x16, 0x4, 0x1, 0x9, 0x58, 0x64, 0x0, 0x7, 0x2f, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x14, 0x6b, 0x0, 0x2, [0x1f0, 0xf, 0xfffffffe, 0x1]}, @generic={0x44, 0x12, "653637a523112e35f973e5bb7545eb5d"}, @timestamp_prespec={0x44, 0x1c, 0x8f, 0x3, 0x3, [{@multicast2, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@rand_addr=0x64010101, 0x800}]}]}}}}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRES8=r2], &(0x7f0000000200)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
r9 = dup(r8)
sendfile(r8, r9, 0x0, 0x80006)
fanotify_init(0x200, 0x0)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0x9)

19.107889049s ago: executing program 4 (id=374):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f0000000340)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f0000000340)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086a05d0000004000000010902240001000000010904000001030000000921feff00012205000905810300"], 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)={0x20, 0x23, 0x2f, {0x2f, 0xe, "822327b71173ff4015906501a404000656765850243d8f4090d253b59f882b579e90ecc5b52caa8b0000000006"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
getpid() (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
openat$cgroup_procs(r8, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0) (async)
r9 = openat$cgroup_procs(r8, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r9, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100) (async)
open_by_handle_at(r9, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, 0x0, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x3, 0xfffffffc, @empty}, 0x1c)

19.10614142s ago: executing program 2 (id=375):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
syz_open_dev$loop(0x0, 0xffffffff, 0x80000)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/power/pm_async', 0x101581, 0x100)
write$tcp_mem(r1, &(0x7f0000000540)={0xffffffff7fffffff, 0x20, 0x0, 0x20, 0x4}, 0x48)
memfd_create(&(0x7f0000000540)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xe3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x31]}}}}]})

17.319036124s ago: executing program 2 (id=377):
socket$pptp(0x18, 0x1, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x40004)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_netdev_private(r4, 0x8927, &(0x7f0000000b40))
mq_timedsend(r2, 0x0, 0x3a, 0x1b09, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$rds(0x15, 0x5, 0x0)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
write$UHID_INPUT(r2, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d520987f70e06d038e7ff7fc6e5539b0d650e8b089b3f353b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8041800005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES64], 0x1c}, 0x1, 0x0, 0x0, 0x2000}, 0x20004040)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240), &(0x7f0000000280))

15.765723177s ago: executing program 3 (id=378):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x6e, 0x40, 0xb7, 0x40, 0x9e1, 0x5121, 0x40c1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3c, 0xac, 0x24}}]}}]}}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000080)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
madvise(&(0x7f00007fd000/0x800000)=nil, 0x800000, 0x19)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74, 0x4})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000003c0)=0x1)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000500)={0x1, r2})
poll(&(0x7f00000001c0), 0x0, 0x3)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0x0, 0x1800}], 0x1, 0x0)

14.099651332s ago: executing program 1 (id=380):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r4 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='.\x00', r5, 0x0)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000000c0)={0x8, 0x10001})
sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x1fe6}, &(0x7f0000000200)=[{&(0x7f0000001880)=""/4082, 0xff2}, {&(0x7f0000002880)=""/4084, 0xff4}], 0x2, 0x21}}], 0x48}, 0x0)

12.611016276s ago: executing program 1 (id=381):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000000000)=0xc)
setresuid(0x0, r2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r3, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0xa}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000002900000036"], 0x30}}], 0x1, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x68}}, 0x0)

12.534100583s ago: executing program 3 (id=382):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000240)={0x7, 0x0, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffe55, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x40010)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0x17, &(0x7f00000000c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0x101}, 0x1c)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f00000003c0)='\x00', 0x1, 0x20008801, &(0x7f0000000200)={0x11, 0x8100, r7, 0x1, 0xfd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, 0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="f8ffffff000000000200fffee00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec9706fc8f5885c700"/144], 0x90)
dup(r0)

10.252265684s ago: executing program 3 (id=383):
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/fscaps', 0x20400, 0x0)
syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
getpid()
prctl$PR_SET_SECUREBITS(0x1c, 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x4003}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv6_getaddr={0x18, 0x16, 0x3c2be10bca706f15, 0x0, 0x0, {0x2}}, 0x18}}, 0x0)
mq_open(&(0x7f00000000c0)='mlxsw_sp_acl_tcam_vregion_migrate_end\x00', 0x40, 0x1, &(0x7f0000000100)={0x1, 0x838c, 0xfffffffffffffff9, 0x8})
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a010100000000000000000100000014000000020a0104000000000000000000000000ac0000000b0a010400000000000000000000000190001280100001800c0001006e6f747261636b000c0001800800010064757000540001800b0001007470726f7879000044000280080002400000001608000140000000000800014000000001080002400000001108000340000000170800034000000013080003400000000f0800024000000004100001800a0001006d617463680000000c000180080001006e6174001e000640ffffff00140000001000010000000000000000000000000a492c0a60dd662cc88ecf1bae1d8b06334fb70e2b1bf67deffcc0523387048d509efce19fc15d85b63d20ed6294aa82d6b662d247e0dd0c153dda033a387a3fd9fb2a785329ed507d496675e0823d8d7dfd13223113511d4ff3540b70e5a5bbcd0418984d591fe3ba283cee0d791dc8ad9610d05dac"], 0xfc}}, 0x0) (fail_nth: 7)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, 0x0, 0x0)
unshare(0x20580)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68)
sendmsg$tipc(r5, 0x0, 0x0)
accept(r2, 0x0, &(0x7f0000000040))
syz_io_uring_submit(r0, r1, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setitimer(0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x2710}}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c4600"], 0x40)
memfd_create(0x0, 0xc)

10.183882908s ago: executing program 1 (id=384):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000000)="0f01c366b9f709000066b8a000000066ba000000000f306766c7442400440000006766c7442402fdffff7f6766c744240600000000670f0114240f20c06635010000000f22c0660f3833dd66b80500000066b9947500000f20c04022c0660f65800c000f01cab825018ec0", 0x6b}], 0x1, 0x8, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000480)=ANY=[@ANYRESOCT=r0], &(0x7f0000000500)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r5, 0x40045402, &(0x7f0000000040)=0x1)
readv(r5, &(0x7f0000000080)=[{&(0x7f0000000140)=""/133, 0x85}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000002060108000000000000000000000000050005000a0000c4050001000700000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x44}}, 0x0)

10.04571092s ago: executing program 0 (id=385):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x7, 0x4, 0x0, 0x0, 0x4, 0x87, &(0x7f0000000480)=""/135, 0x0, 0x29, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@cgroup, 0xffffffffffffffff, 0x8, 0x0, 0x0, @void, @value}, 0x20)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="240000002e000d640a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

9.996703601s ago: executing program 0 (id=386):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x34b3, &(0x7f0000000180)={0x0, 0x0, 0x30c0, 0xffffffff, 0x2c1}, &(0x7f0000000100), &(0x7f0000000140))
r2 = epoll_create(0xaf2)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd26711b159c2b2af, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0xe000200f})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x3ec0)
close_range(r6, 0xffffffffffffffff, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000001bc0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r5, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, r9, 0x1, 0xfffffffe, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}}, 0x1c}}, 0x8000)
sendmsg$NL80211_CMD_DEL_STATION(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0x94, r0, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x10, 0xb}}}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x116}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x8, 0xbd, [0x2, 0x0]}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x3a, 0xac, "335a44605c1770e5d1445ca52b549b9c4a54298595c56d9dc422b5589c24646731e9c8fa9b23ffe95fec3c7250e73a53798e16ade56b"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x3c1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x8}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x800}, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r5)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000005c0)={'wlan0\x00'})
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r13, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x38, r12, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x11}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}]}]}, 0x38}}, 0x0)

9.940228856s ago: executing program 4 (id=387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
unshare(0x22020600)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0xbf9, 0x3000, 0x0, 0x2000000000000, 0x0, 0x2}, &(0x7f0000000180)={0x1f, 0x0, 0x0, 0x0, 0x7, 0x1, 0x8}, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0xd, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000, @void, @value}, 0x90)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r6)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x14, r7, 0x60b}, 0x14}, 0x1, 0x0, 0x0, 0xc010}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r5, 0x0, 0xe, 0x0, &(0x7f0000000000)="0000000000000000009dc9000000", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f00000001c0)={0x0, 0x28, [0x80000001, 0xcf, 0x4, 0x2], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r9=>r1, {0xdb6}}, './file0\x00'})
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x4, &(0x7f0000000480)=""/218, &(0x7f0000000280)=0xda)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10)
r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
r12 = dup(r11)
sendfile(r11, r12, 0x0, 0x80006)
clock_settime(0xe, 0x0)
fanotify_init(0x200, 0x0)

9.867479053s ago: executing program 2 (id=388):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="17000000070000000b0000000100"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x47, 0xb2, 0x37, 0x8, 0x19d2, 0x78, 0x61be, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x6, 0x5, 0x80, 0xf3, [{{0x9, 0x4, 0x29, 0x12, 0x0, 0x69, 0xf6, 0x2b, 0x1}}, {{0x9, 0x4, 0x6, 0xf5, 0x0, 0xb0, 0xeb, 0x6e, 0x6}}]}}]}}, &(0x7f0000000240)={0x61, 0x0, 0x2c, 0x0})
r7 = dup(r6)
sendmsg$IPSET_CMD_HEADER(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x40, 0xc, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040004)
sendfile(r6, r7, 0x0, 0x80006)
fanotify_init(0x200, 0x0)

7.290343591s ago: executing program 3 (id=389):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000000c0)=ANY=[@ANYRES64=r1])
ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000200)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000180)=0xffff})
socket$inet(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = socket$packet(0x11, 0x3, 0x300)
syz_usb_connect(0x0, 0x42, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd0, 0xae, 0xd1, 0x8, 0x2013, 0x246, 0xe656, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x82, 0x0, 0x0, 0xd, 0xa1, 0xb6}}]}}]}}, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, 0x0)
unshare(0x2a020400)
setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)

7.074755285s ago: executing program 1 (id=390):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0x24, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3100}}, 0x1c}}, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1800088, &(0x7f0000000340)={[], [{@smackfsdef={'smackfsdef', 0x3d, '-}'}}], 0x2f})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x90, 0x7fffffff}]})
map_shadow_stack(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r6], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

6.811042191s ago: executing program 4 (id=391):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r4 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000140)='./file0\x00')
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)
sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x1fe6}, &(0x7f0000000200)=[{&(0x7f0000001880)=""/4082, 0xff2}, {&(0x7f0000002880)=""/4084, 0xff4}], 0x2, 0x21}}], 0x48}, 0x0)

6.73225891s ago: executing program 0 (id=392):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
syz_open_dev$loop(0x0, 0xffffffff, 0x80000)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/power/pm_async', 0x101581, 0x100)
write$tcp_mem(r0, &(0x7f0000000540)={0xffffffff7fffffff, 0x20, 0x0, 0x20, 0x4}, 0x48)
memfd_create(&(0x7f0000000540)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xe3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x31]}}}}]})

6.669745367s ago: executing program 1 (id=393):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000240)={0x7, 0x0, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffe55, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x40010)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0x17, &(0x7f00000000c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0x101}, 0x1c)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f00000003c0)='\x00', 0x1, 0x20008801, &(0x7f0000000200)={0x11, 0x8100, r7, 0x1, 0xfd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, 0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="f8ffffff000000000200fffee00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec9706fc8f5885c700"/144], 0x90)
dup(r0)

6.463123581s ago: executing program 0 (id=394):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x249c40, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
getpriority(0x2, 0xffffffffffffffff)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffffffffffffd)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000200)={0x2, 0xb000})
syz_emit_ethernet(0x3e, &(0x7f0000000480)=ANY=[@ANYRES16=r2, @ANYRES16=r2, @ANYBLOB="e5703a914c42f2c5cc2190ced9d45a755d74b9f1dfd8127652a86d3848032572d99cd8f7ef51981e2c608dae0341cfdf2b25fd733f153750238cb6edb029753560ca8735f63147b974dddc403cb8392ba086e04f50eace36005ae025574e8868b815a4b5a7cd3ae3f113f22c40db57fc6321485c3a535028a7c14baa1c8e71075ca1065017e2cdc2941f314e348d50bb921c839a1d2aeebda38b4d00", @ANYRES8, @ANYRES32=r0, @ANYRES16=0x0], 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r7, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="200000001e000d03"], 0x20}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
bind$unix(r3, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3}, {0x3, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0xfc}]})
syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000400)=ANY=[@ANYBLOB="12010003020000082505a1a440000102030109023b00010102f407096c14000002060006052406000005240081800d24190109000000090005008509058202ff070604030905030200020403ea"], 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000014c0), &(0x7f0000000080)=0x8)

3.443867154s ago: executing program 2 (id=395):
socket$nl_generic(0x10, 0x3, 0x10)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000100)=0xce5)
syz_open_pts(r1, 0x0)
ioctl$TCSETSW(r1, 0x5403, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f00000002c0)={0xc, r3})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r2, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="180000"])
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000002080)={{0x77359400}}, 0x0)
read$FUSE(r4, &(0x7f0000000040)={0x2020}, 0x2020)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
splice(r4, 0x0, r5, 0x0, 0xb, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mmap$IORING_OFF_SQ_RING(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0xa, 0x12, r6, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x111})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000fee000/0x12000)=nil, 0x12000}, 0x1})

3.351969558s ago: executing program 4 (id=396):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'macvlan0\x00'}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
read$rfkill(r6, &(0x7f0000000100), 0x8)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000000c0)=0x1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="1201000000000008ac05370240000102030109022400010100000009040000020301020009210000000122960509050600000000000000e0b52d6613e8281613cbd390ec098c8eee81ad93cfbbadb77935f4b0d01fb76dfd69d91eee95d11afbc445557193a754000011fb9daf24a373862d83f332ba93ee63837f1fd7d9856c9f06910dc6890dca8f7099bd7033ece728403d865a1c96b80b4840463f21c22e7d9fc5d876f39f1fb1c4b55553ef5ea1a15c0c375a7c9fe1a94b438a890070ec07b33ba97b7b10ba87def3c7a2147746a41756d45b67063d2b3eb9f875c73193b6f12e523dd590ff115311101a46624c4bd66bddb789dc40eff6987710b02df486bf7607eef06bee89371186"], 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x5, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"})
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x7ffff000, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x2, 0x2}, 0x10)
sendmsg$nl_route(r5, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'pim6reg1\x00'}, 0x18)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b40500000000000079107d000000000005000000000000009500000000000020ebeb5c4be7f470a9bc6858fa271210e07dfd01cec21f33c5d9a1d879bb396151b3e506a9a84b1c2b8bbaf5633d806326d00517474a1180732e3d1643f8e6022d7c8333090000000000000022d7370c67f204611c45311091ee30a4b539cfd02ea1847b7eceb4837e214b00", @ANYRES32, @ANYRES8], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xb}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.234940529s ago: executing program 3 (id=397):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xfffffffa, 0xfffffffc})
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x3, 0x0, 0x3}, 0x10, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b36, &(0x7f0000000000)={'wlan0\x00'})

2.533356679s ago: executing program 1 (id=398):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00005200060005000100000008000800", @ANYRES16=r1], 0x2c}}, 0x4000000)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYRES8=r0], 0x0)

2.056188166s ago: executing program 3 (id=399):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x2c8, 0x30, 0x2, 0x70bd2d, 0x25dfdbff, {}, [{0x2b4, 0x1, [@m_skbedit={0xe8, 0x18, 0x0, 0x0, {{0xc}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xa}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0xfffffff8}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xc, 0xffe0}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x4}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xe, 0xfff2}}]}, {0x81, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9f17c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a168eca666c86a6321ae76cba859e771aa7894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69890"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_gact={0xe8, 0xc, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x21f7, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1b9f, 0xe}}]}, {0xa1, 0x6, "0f617356f0a663079ab7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224484cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51cc59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9c6fc1619"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_sample={0xac, 0x1e, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x9, 0x5, 0x20000000, 0x7, 0x2}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x3}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x6, 0x0, 0x3, 0x6}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x80000000}]}, {0x3d, 0x6, "4d11ef01da7337625695ddc3d5012aa6f3638794346943b9ee757a1a4ac5f8ce5f6016d63b9db431952a32c8ea295bd8bea222698ce859490f"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ctinfo={0x34, 0x13, 0x0, 0x0, {{0xb}, {0x4}, {0x5, 0x6, "d8"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x2c8}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0xfffffffffffffed1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r3, &(0x7f00000000c0), 0x0}, 0x20)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)=ANY=[], 0x20)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000240)={0xa, @pix_mp={0x0, 0x4000, 0x31364d4e, 0x0, 0x7, [{0x0, 0xfffffff7}, {}, {0x0, 0x4}, {0x0, 0xffffffff}, {0x0, 0x3}, {0x0, 0x7}, {}, {0x0, 0x4}], 0x0, 0x0, 0x7, 0x0, 0x6}})
unshare(0x8000000)
semget$private(0x0, 0x4, 0x0)
unshare(0x8040080)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)

1.137557578s ago: executing program 0 (id=400):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000002c0)={0x0, <r0=>0x0})
prlimit64(r0, 0x0, &(0x7f0000000000)={0x3, 0xbb0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0x8, &(0x7f0000000140)={0x5, 0x7}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000100)=""/24, 0x11}, {0x0, 0x2}], 0x2, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, &(0x7f00000000c0))
socket$netlink(0x10, 0x3, 0x2)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r2 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(&(0x7f00000004c0), 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5885, 0x0, 0x2}, &(0x7f0000000340), &(0x7f0000000280))
lgetxattr(&(0x7f0000000240)='./file0\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000400)=""/67, 0x43)
r4 = socket(0x2c, 0x400000000080803, 0x2)
ioctl$sock_SIOCETHTOOL(r4, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x5, 0x39ed, 0x20000, 0x0, 0xf}})

138.275894ms ago: executing program 4 (id=401):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000019100)={[&(0x7f0000000200)=' '], 0x20})
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x30, 0xffffffffffffffff, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0x40186f40, 0x20000502)

76.246638ms ago: executing program 0 (id=402):
r0 = syz_io_uring_setup(0x7667, &(0x7f0000000100)={0x0, 0x0, 0x13580, 0x2}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000300)={0x0, 0x7}, 0x8)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r4 = syz_io_uring_setup(0x145c, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2000}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x0, 0x0, 0x52, @empty, @mcast1, 0x0, 0x8000, 0x101}})
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$FUSE(r9, &(0x7f0000000680)={0x2020}, 0x2020)
io_setup(0x1, 0x0)
r10 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
pidfd_send_signal(r10, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffb}, 0x0)
r11 = eventfd2(0x5, 0x80000)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000600)=r11, 0x1)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x40, 0x1, r3, 0x0, 0x0, 0x0, 0x20, 0x1, {0x3}})
connect$vsock_stream(r3, &(0x7f0000000000), 0x10)
r12 = syz_open_dev$vim2m(&(0x7f0000000e40), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r12, 0xc0405602, &(0x7f0000000000)={0x24, 0x68, 0x4, "a677c17a5a00430000ef0000237349e1000000000000400000f94300", 0x31324d59})
io_uring_enter(r0, 0x6256, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=403):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file3\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1d, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000540)='GPL\x00', 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000002c0)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000000300)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'ip6gre0\x00', 0x0})
sendmsg$nl_xfrm(r4, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000740)=ANY=[@ANYBLOB="a00200001600010029bd7000ffdbdf25fc02000000000000000000e1ff00f201e00000010000000000000000000000004e2080014e23072f0a0020a03c000000", @ANYRES32=<r7=>0x0, @ANYRES32=r5, @ANYBLOB="ac1e0001000000000000000000000000000004d633000000000000000000000000000000000000000100008000000000790000000000000000000000000000800400000000000000080000000000000001000000000000000100000000000000f8ffffffffffffff7f00000000000000cabf0000000000000a00000000000000640000000000000002000000040000000c0000002dbd70000735000008000102710000000000000009000000060000000c001c00", @ANYBLOB], 0x2a0}, 0x1, 0x0, 0x0, 0x4000844}, 0x20040000)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0x11, &(0x7f0000000440)=ANY=[@ANYRES16=r6, @ANYRESOCT=0x0, @ANYRES8=r7, @ANYRESOCT=r0], &(0x7f0000000580)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xffffffffffffff74)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r8}, 0xc)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$xdp(0x2c, 0x3, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r9, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @remote}}]}, 0x190)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x30, 0x3a, 0xff, @remote, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x800, {0x5, 0x6, "a10e93", 0x6, 0x0, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @private1}}}}}}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r10=>0xffffffffffffffff})
recvmsg(r10, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x10002)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x0, 0x0, 0xfffffcb6, 0x1f00c00e}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts.
[   72.492611][ T5811] cgroup: Unknown subsys name 'net'
[   72.607866][ T5811] cgroup: Unknown subsys name 'cpuset'
[   72.616064][ T5811] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.194380][ T5811] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.648267][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   76.657107][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   76.666866][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   76.671382][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.682182][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   76.683364][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   76.697220][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.697473][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   76.712899][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   76.720634][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.728178][ T5836] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   76.736191][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.736919][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.744755][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.751531][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.764034][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.765353][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.778831][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.787645][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.795110][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.802969][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.808728][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   76.817121][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.825599][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.834017][ T5840] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   76.836549][   T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   76.841750][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.848453][   T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.862284][ T5840] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   76.869874][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.365693][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   77.378044][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   77.418429][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   77.450134][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   77.586960][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   77.703087][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.711248][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.718881][ T5831] bridge_slave_0: entered allmulticast mode
[   77.726017][ T5831] bridge_slave_0: entered promiscuous mode
[   77.759828][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.767052][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.774868][ T5822] bridge_slave_0: entered allmulticast mode
[   77.781535][ T5822] bridge_slave_0: entered promiscuous mode
[   77.789752][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.797438][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.804797][ T5831] bridge_slave_1: entered allmulticast mode
[   77.811653][ T5831] bridge_slave_1: entered promiscuous mode
[   77.819126][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.829979][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.837317][ T5826] bridge_slave_0: entered allmulticast mode
[   77.844237][ T5826] bridge_slave_0: entered promiscuous mode
[   77.865673][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.872856][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.880635][ T5821] bridge_slave_0: entered allmulticast mode
[   77.887755][ T5821] bridge_slave_0: entered promiscuous mode
[   77.896294][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.903395][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.910954][ T5821] bridge_slave_1: entered allmulticast mode
[   77.919094][ T5821] bridge_slave_1: entered promiscuous mode
[   77.925938][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.933036][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.940598][ T5822] bridge_slave_1: entered allmulticast mode
[   77.947402][ T5822] bridge_slave_1: entered promiscuous mode
[   77.972462][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.979840][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.987531][ T5826] bridge_slave_1: entered allmulticast mode
[   77.994755][ T5826] bridge_slave_1: entered promiscuous mode
[   78.072341][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.086518][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.098046][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.110281][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.122455][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.133682][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.146058][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.204673][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.221082][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.229070][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.236551][ T5832] bridge_slave_0: entered allmulticast mode
[   78.243246][ T5832] bridge_slave_0: entered promiscuous mode
[   78.256875][ T5821] team0: Port device team_slave_0 added
[   78.270305][ T5822] team0: Port device team_slave_0 added
[   78.292405][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.299764][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.307188][ T5832] bridge_slave_1: entered allmulticast mode
[   78.314261][ T5832] bridge_slave_1: entered promiscuous mode
[   78.322697][ T5821] team0: Port device team_slave_1 added
[   78.330400][ T5822] team0: Port device team_slave_1 added
[   78.347922][ T5831] team0: Port device team_slave_0 added
[   78.356329][ T5826] team0: Port device team_slave_0 added
[   78.400264][ T5831] team0: Port device team_slave_1 added
[   78.408291][ T5826] team0: Port device team_slave_1 added
[   78.423479][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.434663][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.441644][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.468259][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.481034][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.488660][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.515824][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.528749][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.535840][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.561809][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.599575][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.609452][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.616729][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.642660][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.674781][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.681777][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.707799][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.719745][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.726828][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.753486][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.766589][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.773573][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.799618][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.840889][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.848119][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.874432][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.897573][ T5832] team0: Port device team_slave_0 added
[   78.904757][ T5133] Bluetooth: hci3: command tx timeout
[   78.904763][ T5840] Bluetooth: hci1: command tx timeout
[   78.905120][ T5840] Bluetooth: hci4: command tx timeout
[   78.910497][ T5133] Bluetooth: hci0: command tx timeout
[   78.916146][   T55] Bluetooth: hci2: command tx timeout
[   78.951782][ T5821] hsr_slave_0: entered promiscuous mode
[   78.958635][ T5821] hsr_slave_1: entered promiscuous mode
[   78.968152][ T5832] team0: Port device team_slave_1 added
[   79.015946][ T5822] hsr_slave_0: entered promiscuous mode
[   79.022125][ T5822] hsr_slave_1: entered promiscuous mode
[   79.028680][ T5822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.036931][ T5822] Cannot create hsr debugfs directory
[   79.064721][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.071700][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.097802][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.123142][ T5826] hsr_slave_0: entered promiscuous mode
[   79.129485][ T5826] hsr_slave_1: entered promiscuous mode
[   79.136142][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.143728][ T5826] Cannot create hsr debugfs directory
[   79.171832][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.179850][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.206155][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.246968][ T5831] hsr_slave_0: entered promiscuous mode
[   79.253151][ T5831] hsr_slave_1: entered promiscuous mode
[   79.259470][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.267894][ T5831] Cannot create hsr debugfs directory
[   79.370631][ T5832] hsr_slave_0: entered promiscuous mode
[   79.377112][ T5832] hsr_slave_1: entered promiscuous mode
[   79.383085][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.391338][ T5832] Cannot create hsr debugfs directory
[   79.673694][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.693014][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.713395][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.730411][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.763508][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   79.773328][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   79.798094][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   79.812864][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   79.870930][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   79.896516][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   79.907279][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   79.930562][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   79.990024][ T5826] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   80.000566][ T5826] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   80.036793][ T5826] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   80.064936][ T5826] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   80.110013][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   80.122193][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   80.133701][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   80.151538][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   80.183593][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.201032][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.248792][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   80.272386][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   80.282298][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.289617][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.300799][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.308041][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.368155][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.375341][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.402262][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.409499][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.508674][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.567971][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   80.582206][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.618101][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.676742][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   80.688483][ T3885] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.695643][ T3885] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.709535][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   80.743234][ T3885] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.750712][ T3885] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.767923][ T3885] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.775115][ T3885] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.794852][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.801962][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.817176][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.824364][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.842970][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.895654][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.902909][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.984738][   T55] Bluetooth: hci0: command tx timeout
[   80.990205][   T55] Bluetooth: hci3: command tx timeout
[   80.996165][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.996428][ T5840] Bluetooth: hci1: command tx timeout
[   81.008581][ T5835] Bluetooth: hci2: command tx timeout
[   81.008794][ T5133] Bluetooth: hci4: command tx timeout
[   81.171762][ T5821] veth0_vlan: entered promiscuous mode
[   81.211761][ T5822] veth0_vlan: entered promiscuous mode
[   81.219455][ T5821] veth1_vlan: entered promiscuous mode
[   81.255324][ T5822] veth1_vlan: entered promiscuous mode
[   81.273309][ T5821] veth0_macvtap: entered promiscuous mode
[   81.318221][ T5821] veth1_macvtap: entered promiscuous mode
[   81.386886][ T5822] veth0_macvtap: entered promiscuous mode
[   81.412975][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.430389][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.460894][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.470756][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.482648][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.491847][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.510122][ T5822] veth1_macvtap: entered promiscuous mode
[   81.526707][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.565931][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.585654][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.612814][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.635231][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.655650][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.679525][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.690785][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.710650][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.747100][ T5822] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.769445][ T5822] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.778403][ T5822] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.787247][ T5822] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.902178][ T5831] veth0_vlan: entered promiscuous mode
[   81.923348][ T5826] veth0_vlan: entered promiscuous mode
[   81.930130][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.937602][ T5826] veth1_vlan: entered promiscuous mode
[   81.953294][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.962891][ T5831] veth1_vlan: entered promiscuous mode
[   82.022779][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.039298][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.061504][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.079500][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.109240][ T5826] veth0_macvtap: entered promiscuous mode
[   82.127057][ T5831] veth0_macvtap: entered promiscuous mode
[   82.152520][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   82.157800][ T5826] veth1_macvtap: entered promiscuous mode
[   82.199515][ T5831] veth1_macvtap: entered promiscuous mode
[   82.217398][ T5832] veth0_vlan: entered promiscuous mode
[   82.242348][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.244215][ T3484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.256127][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.271992][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.294326][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.303588][ T3484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.316035][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.330840][ T5832] veth1_vlan: entered promiscuous mode
[   82.357772][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.375637][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.386504][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.398045][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.410077][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.422669][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.435244][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.445918][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.456772][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.467236][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.478111][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.490047][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.530268][ T5826] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.550446][ T5826] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.569760][ T5826] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.578874][ T5826] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.620682][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.635448][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.646922][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.657510][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.672231][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.796706][ T5913] capability: warning: `syz.0.1' uses deprecated v2 capabilities in a way that may be insecure
[   83.064595][ T5830] Bluetooth: hci1: command tx timeout
[   83.070403][ T5830] Bluetooth: hci2: command tx timeout
[   83.084749][   T55] Bluetooth: hci0: command tx timeout
[   83.101497][   T55] Bluetooth: hci4: command tx timeout
[   83.116918][ T5133] Bluetooth: hci3: command tx timeout
[   83.430213][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.442237][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.545175][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.580834][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.589963][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.599379][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.659714][ T5832] veth0_macvtap: entered promiscuous mode
[   83.761055][ T5832] veth1_macvtap: entered promiscuous mode
[   83.776644][ T3885] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.794082][ T3885] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.802684][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.815376][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.825994][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.842408][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.853745][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.865713][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.876065][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.887038][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.898655][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.951401][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.973099][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.977529][ T5876] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   83.983262][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.001717][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.011708][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.022741][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.033649][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.047726][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.060018][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.077436][ T5832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.086912][ T5832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.095960][ T5832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.105166][ T5832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.157788][ T5876] usb 1-1: Using ep0 maxpacket: 32
[   84.185379][ T5876] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.196333][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.206082][ T5876] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x2 has invalid wMaxPacketSize 0
[   84.222053][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.245485][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.266850][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.267128][ T5876] usb 1-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[   84.285555][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.301060][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.321764][ T5876] usb 1-1: config 0 interface 0 has no altsetting 0
[   84.346148][ T5876] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   84.355441][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.390483][ T5876] usb 1-1: config 0 descriptor??
[   84.525611][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.590038][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.003446][ T5926] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   85.046408][ T3885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.067141][ T3885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.097176][ T5876] usbhid 1-1:0.0: can't add hid device: -71
[   85.127024][ T5876] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   85.146567][ T5840] Bluetooth: hci4: command tx timeout
[   85.152059][ T5840] Bluetooth: hci2: command tx timeout
[   85.154879][   T55] Bluetooth: hci0: command tx timeout
[   85.158014][ T5133] Bluetooth: hci3: command tx timeout
[   85.163337][   T55] Bluetooth: hci1: command tx timeout
[   85.184928][ T5876] usb 1-1: USB disconnect, device number 2
[   85.286120][ T5930] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   85.734021][    T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   85.824279][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.832962][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.843490][    T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!!
[   85.933180][    T8] usb 3-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[   86.620077][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   86.733902][    T8] usb 3-1: config 36 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[   86.756027][    T8] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[   86.765385][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   86.786144][    T8] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[   86.807075][    T8] usb 3-1: Manufacturer: syz
[   86.811763][    T8] usb 3-1: SerialNumber: syz
[   86.844529][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   86.937839][ T3599] cfg80211: failed to load regulatory.db
[   86.964052][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   86.973562][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   87.097834][    T8] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[   87.154898][    T8] usb 3-1: USB disconnect, device number 2
[   87.190781][ T5956] netlink: 24 bytes leftover after parsing attributes in process `syz.0.15'.
[   87.548616][ T5965] netlink: 16 bytes leftover after parsing attributes in process `syz.1.17'.
[   89.319223][    T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   89.743853][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   89.773911][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   90.340364][    T8] usb 2-1: unable to get BOS descriptor or descriptor too short
[   90.376487][    T8] usb 2-1: unable to read config index 0 descriptor/start: -71
[   90.405367][    T8] usb 2-1: can't read configurations, error -71
[   92.432168][ T6001] netlink: 11 bytes leftover after parsing attributes in process `syz.0.26'.
[   92.482296][ T6001] netlink: 7 bytes leftover after parsing attributes in process `syz.0.26'.
[   92.554796][ T6002] bond0: entered promiscuous mode
[   92.615367][ T6004] netlink: 'syz.0.26': attribute type 3 has an invalid length.
[   92.623262][ T6004] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.26'.
[   92.634067][ T6002] bond_slave_0: entered promiscuous mode
[   92.688428][ T5881] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.694081][ T6002] bond_slave_1: entered promiscuous mode
[   92.985630][ T5881] usb 2-1: Using ep0 maxpacket: 8
[   94.070669][ T5881] usb 2-1: unable to get BOS descriptor or descriptor too short
[   94.109179][ T5881] usb 2-1: config 6 has an invalid interface number: 41 but max is 1
[   94.176735][ T5881] usb 2-1: config 6 has an invalid interface number: 6 but max is 1
[   94.234788][ T5881] usb 2-1: config 6 has no interface number 0
[   94.241196][ T5881] usb 2-1: config 6 has no interface number 1
[   94.291258][ T5881] usb 2-1: config 6 interface 41 has no altsetting 0
[   94.291359][ T5881] usb 2-1: config 6 interface 6 has no altsetting 0
[   94.673865][ T5881] usb 2-1: string descriptor 0 read error: -71
[   94.684389][   T55] Bluetooth: hci3: Unknown advertising packet type: 0x5d
[   94.797179][ T5881] usb 2-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[   95.713080][ T6010] process 'syz.2.29' launched './file0' with NULL argv: empty string added
[   95.733672][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.788895][ T5881] usb 2-1: can't set config #6, error -71
[   95.841195][ T5881] usb 2-1: USB disconnect, device number 4
[   97.153531][ T6038] netlink: 1 bytes leftover after parsing attributes in process `syz.3.34'.
[   97.259232][ T6038] netlink: 1 bytes leftover after parsing attributes in process `syz.3.34'.
[   97.665404][ T6041] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000008'
[   97.684849][ T6041] futex_wake_op: syz.0.38 tries to shift op by -1; fix this program
[   97.714982][ T6041] netlink: 32 bytes leftover after parsing attributes in process `syz.0.38'.
[   98.987473][   T29] audit: type=1326 audit(1738037601.968:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6056 comm="syz.2.43" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9241b8cd29 code=0x0
[   99.066542][  T974] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   99.097306][ T6064] netlink: 48 bytes leftover after parsing attributes in process `syz.0.45'.
[   99.229250][  T974] usb 4-1: Using ep0 maxpacket: 8
[  100.212954][  T974] usb 4-1: unable to get BOS descriptor or descriptor too short
[  101.199950][  T974] usb 4-1: config 6 has an invalid interface number: 41 but max is 1
[  101.208739][  T974] usb 4-1: config 6 has an invalid interface number: 6 but max is 1
[  101.216916][  T974] usb 4-1: config 6 has no interface number 0
[  101.224201][  T974] usb 4-1: config 6 has no interface number 1
[  101.230900][  T974] usb 4-1: config 6 interface 41 has no altsetting 0
[  101.507153][ T6073] FAULT_INJECTION: forcing a failure.
[  101.507153][ T6073] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  101.520731][ T6073] CPU: 1 UID: 0 PID: 6073 Comm: syz.0.47 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  101.520758][ T6073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  101.520775][ T6073] Call Trace:
[  101.520782][ T6073]  <TASK>
[  101.520791][ T6073]  dump_stack_lvl+0x241/0x360
[  101.520827][ T6073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.520854][ T6073]  ? __wake_up_klogd+0xcc/0x110
[  101.520884][ T6073]  should_fail_ex+0x40a/0x550
[  101.520912][ T6073]  _copy_to_user+0x31/0xb0
[  101.520935][ T6073]  simple_read_from_buffer+0xca/0x150
[  101.520962][ T6073]  proc_fail_nth_read+0x1e9/0x250
[  101.520990][ T6073]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.521017][ T6073]  ? rw_verify_area+0x243/0x630
[  101.521046][ T6073]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  101.521072][ T6073]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.521098][ T6073]  vfs_read+0x1f8/0xb40
[  101.521131][ T6073]  ? fdget_pos+0x254/0x320
[  101.521158][ T6073]  ? __pfx___mutex_lock+0x10/0x10
[  101.521186][ T6073]  ? __pfx_vfs_read+0x10/0x10
[  101.521249][ T6073]  ksys_read+0x18f/0x2b0
[  101.521270][ T6073]  ? __pfx_ksys_read+0x10/0x10
[  101.521289][ T6073]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  101.521320][ T6073]  ? do_syscall_64+0xb6/0x230
[  101.521350][ T6073]  do_syscall_64+0xf3/0x230
[  101.521388][ T6073]  ? clear_bhb_loop+0x35/0x90
[  101.521418][ T6073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.521443][ T6073] RIP: 0033:0x7fa8c038b73c
[  101.521464][ T6073] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  101.521480][ T6073] RSP: 002b:00007fa8c120b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  101.521500][ T6073] RAX: ffffffffffffffda RBX: 00007fa8c05a6160 RCX: 00007fa8c038b73c
[  101.521514][ T6073] RDX: 000000000000000f RSI: 00007fa8c120b0a0 RDI: 0000000000000008
[  101.521525][ T6073] RBP: 00007fa8c120b090 R08: 0000000000000000 R09: 0000000000000000
[  101.521537][ T6073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  101.521547][ T6073] R13: 0000000000000000 R14: 00007fa8c05a6160 R15: 00007ffe58d511f8
[  101.521576][ T6073]  </TASK>
[  101.735340][  T974] usb 4-1: config 6 interface 6 has no altsetting 0
[  101.737771][   T47] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  101.786338][  T974] usb 4-1: string descriptor 0 read error: -71
[  101.792635][  T974] usb 4-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  101.875067][   T47] usb 5-1: device descriptor read/64, error -71
[  101.927695][ T6075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.48'.
[  101.963896][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.992761][  T974] usb 4-1: can't set config #6, error -71
[  102.012323][  T974] usb 4-1: USB disconnect, device number 2
[  102.038635][ T6078] Invalid/unusable pipe
[  102.090131][ T6080] binder: 6079:6080 ioctl c0306201 20001380 returned -14
[  102.125217][   T47] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  102.135983][ T6080] binder: 6079:6080 ioctl c0306201 200014c0 returned -14
[  102.489076][ T6089] deleting an unspecified loop device is not supported.
[  102.784274][ T5876] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  102.954053][ T5876] usb 1-1: Using ep0 maxpacket: 32
[  102.984407][  T974] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  103.016308][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.118598][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.259167][ T5876] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  103.269039][  T974] usb 4-1: Using ep0 maxpacket: 8
[  103.418740][  T974] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  103.444263][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.466070][  T974] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  103.476063][ T6096] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000008'
[  103.486558][ T5876] usb 1-1: config 0 descriptor??
[  103.507250][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.510243][ T5876] hub 1-1:0.0: USB hub found
[  103.517615][ T6096] futex_wake_op: syz.2.55 tries to shift op by -1; fix this program
[  103.557291][ T6096] netlink: 32 bytes leftover after parsing attributes in process `syz.2.55'.
[  103.641697][ T6102] FAULT_INJECTION: forcing a failure.
[  103.641697][ T6102] name failslab, interval 1, probability 0, space 0, times 0
[  103.681541][ T6102] CPU: 0 UID: 0 PID: 6102 Comm: syz.4.57 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  103.681573][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  103.681586][ T6102] Call Trace:
[  103.681593][ T6102]  <TASK>
[  103.681601][ T6102]  dump_stack_lvl+0x241/0x360
[  103.681631][ T6102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.681653][ T6102]  ? __pfx__printk+0x10/0x10
[  103.681687][ T6102]  ? __kmalloc_cache_noprof+0x48/0x390
[  103.681717][ T6102]  ? __pfx___might_resched+0x10/0x10
[  103.681748][ T6102]  should_fail_ex+0x40a/0x550
[  103.681777][ T6102]  should_failslab+0xac/0x100
[  103.681805][ T6102]  __kmalloc_cache_noprof+0x70/0x390
[  103.681832][ T6102]  ? fl_change+0x1e8/0x1de0
[  103.681858][ T6102]  fl_change+0x1e8/0x1de0
[  103.681893][ T6102]  ? fl_get+0x9b/0x480
[  103.681915][ T6102]  ? __pfx_fl_change+0x10/0x10
[  103.681937][ T6102]  ? fl_destroy+0x260/0x280
[  103.681961][ T6102]  ? __pfx_fl_change+0x10/0x10
[  103.681984][ T6102]  tc_new_tfilter+0x1112/0x1a70
[  103.682035][ T6102]  ? __pfx_tc_new_tfilter+0x10/0x10
[  103.682082][ T6102]  ? rcu_read_unlock+0x87/0xa0
[  103.682135][ T6102]  ? __pfx_tc_new_tfilter+0x10/0x10
[  103.682159][ T6102]  rtnetlink_rcv_msg+0x791/0xcf0
[  103.682180][ T6102]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  103.682208][ T6102]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  103.682239][ T6102]  ? ref_tracker_free+0x643/0x7e0
[  103.682272][ T6102]  netlink_rcv_skb+0x1e3/0x430
[  103.682304][ T6102]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  103.682330][ T6102]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  103.682385][ T6102]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.682419][ T6102]  netlink_unicast+0x7f6/0x990
[  103.682457][ T6102]  ? __pfx_netlink_unicast+0x10/0x10
[  103.682482][ T6102]  ? __virt_addr_valid+0x45f/0x530
[  103.682513][ T6102]  ? __phys_addr_symbol+0x2f/0x70
[  103.682542][ T6102]  ? __check_object_size+0x47a/0x730
[  103.682573][ T6102]  netlink_sendmsg+0x8e4/0xcb0
[  103.682617][ T6102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.682663][ T6102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.682693][ T6102]  __sock_sendmsg+0x221/0x270
[  103.682721][ T6102]  ____sys_sendmsg+0x52a/0x7e0
[  103.682762][ T6102]  ? __pfx_____sys_sendmsg+0x10/0x10
[  103.682792][ T6102]  ? __fget_files+0x2a/0x410
[  103.682823][ T6102]  ? __fget_files+0x2a/0x410
[  103.682860][ T6102]  __sys_sendmsg+0x269/0x350
[  103.682897][ T6102]  ? __pfx___sys_sendmsg+0x10/0x10
[  103.682943][ T6102]  ? do_sys_openat2+0x17a/0x1d0
[  103.683000][ T6102]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  103.683030][ T6102]  ? do_syscall_64+0x100/0x230
[  103.683068][ T6102]  ? do_syscall_64+0xb6/0x230
[  103.683097][ T6102]  do_syscall_64+0xf3/0x230
[  103.683125][ T6102]  ? clear_bhb_loop+0x35/0x90
[  103.683158][ T6102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.683186][ T6102] RIP: 0033:0x7f8e4d58cd29
[  103.683205][ T6102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.683221][ T6102] RSP: 002b:00007f8e4e35c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.683248][ T6102] RAX: ffffffffffffffda RBX: 00007f8e4d7a5fa0 RCX: 00007f8e4d58cd29
[  103.683263][ T6102] RDX: 0000000000000800 RSI: 00000000200000c0 RDI: 0000000000000003
[  103.683276][ T6102] RBP: 00007f8e4e35c090 R08: 0000000000000000 R09: 0000000000000000
[  103.683289][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  103.683301][ T6102] R13: 0000000000000000 R14: 00007f8e4d7a5fa0 R15: 00007ffd08168948
[  103.683330][ T6102]  </TASK>
[  104.055278][ T6105] netlink: 24 bytes leftover after parsing attributes in process `syz.2.58'.
[  104.077110][ T6093] netlink: 'syz.3.54': attribute type 1 has an invalid length.
[  104.078890][ T5876] hub 1-1:0.0: 1 port detected
[  104.085021][ T6093] netlink: 56 bytes leftover after parsing attributes in process `syz.3.54'.
[  104.146698][ T6106] xt_CT: You must specify a L4 protocol and not use inversions on it
[  104.832986][ T5876] hub 1-1:0.0: hub_hub_status failed (err = -71)
[  104.839848][ T5876] hub 1-1:0.0: config failed, can't get hub status (err -71)
[  104.863602][ T5876] usbhid 1-1:0.0: can't add hid device: -71
[  104.870392][ T5876] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  104.913412][ T5876] usb 1-1: USB disconnect, device number 3
[  105.001210][ T6115] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.942069][ T6123] Zero length message leads to an empty skb
[  105.958674][ T5876] usb 4-1: USB disconnect, device number 3
[  106.716866][ T6131] FAULT_INJECTION: forcing a failure.
[  106.716866][ T6131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  106.736877][ T6131] CPU: 0 UID: 0 PID: 6131 Comm: syz.0.64 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  106.736913][ T6131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  106.736926][ T6131] Call Trace:
[  106.736933][ T6131]  <TASK>
[  106.736941][ T6131]  dump_stack_lvl+0x241/0x360
[  106.736972][ T6131]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.736993][ T6131]  ? __pfx__printk+0x10/0x10
[  106.737030][ T6131]  ? snprintf+0xda/0x120
[  106.737054][ T6131]  should_fail_ex+0x40a/0x550
[  106.737083][ T6131]  _copy_to_user+0x31/0xb0
[  106.737106][ T6131]  simple_read_from_buffer+0xca/0x150
[  106.737135][ T6131]  proc_fail_nth_read+0x1e9/0x250
[  106.737163][ T6131]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  106.737192][ T6131]  ? rw_verify_area+0x243/0x630
[  106.737224][ T6131]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  106.737252][ T6131]  vfs_read+0x1f8/0xb40
[  106.737285][ T6131]  ? fdget_pos+0x254/0x320
[  106.737314][ T6131]  ? __pfx___mutex_lock+0x10/0x10
[  106.737342][ T6131]  ? __pfx_vfs_read+0x10/0x10
[  106.737378][ T6131]  ? __fget_files+0x2a/0x410
[  106.737407][ T6131]  ? __fget_files+0x395/0x410
[  106.737433][ T6131]  ? __fget_files+0x2a/0x410
[  106.737470][ T6131]  ksys_read+0x18f/0x2b0
[  106.737492][ T6131]  ? __pfx_ksys_read+0x10/0x10
[  106.737524][ T6131]  do_syscall_64+0xf3/0x230
[  106.737552][ T6131]  ? clear_bhb_loop+0x35/0x90
[  106.737585][ T6131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.737613][ T6131] RIP: 0033:0x7fa8c038b73c
[  106.737631][ T6131] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  106.737648][ T6131] RSP: 002b:00007fa8c120b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  106.737670][ T6131] RAX: ffffffffffffffda RBX: 00007fa8c05a6160 RCX: 00007fa8c038b73c
[  106.737685][ T6131] RDX: 000000000000000f RSI: 00007fa8c120b0a0 RDI: 0000000000000006
[  106.737698][ T6131] RBP: 00007fa8c120b090 R08: 0000000000000000 R09: 0000000000000000
[  106.737710][ T6131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  106.737722][ T6131] R13: 0000000000000000 R14: 00007fa8c05a6160 R15: 00007ffe58d511f8
[  106.737752][ T6131]  </TASK>
[  108.461955][ T6135] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  108.616783][ T6135] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  109.466969][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[  109.599180][ T6150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.68'.
[  110.796259][    T9] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  110.977574][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.028305][    T9] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  111.073737][    T9] usb 2-1: string descriptor 0 read error: -22
[  111.103834][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  111.131172][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.182954][ T6163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.72'.
[  111.480232][ T5914] usb 2-1: USB disconnect, device number 5
[  112.354015][ T6177] netlink: 'syz.4.73': attribute type 21 has an invalid length.
[  112.362008][ T6177] netlink: 'syz.4.73': attribute type 6 has an invalid length.
[  112.369739][ T6177] netlink: 132 bytes leftover after parsing attributes in process `syz.4.73'.
[  113.722315][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.77'.
[  116.001579][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.0.82'.
[  116.011619][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.0.82'.
[  119.783888][ T5914] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  119.853447][ T6242] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  119.908671][ T6242] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  119.993959][ T5914] usb 3-1: Using ep0 maxpacket: 32
[  120.009457][ T5914] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  120.020162][ T5914] usb 3-1: config 0 has no interface number 0
[  120.020213][ T5914] usb 3-1: config 0 interface 12 has no altsetting 0
[  120.022806][ T5914] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  120.022836][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.022860][ T5914] usb 3-1: Product: syz
[  120.022877][ T5914] usb 3-1: Manufacturer: syz
[  120.022895][ T5914] usb 3-1: SerialNumber: syz
[  120.141676][ T5914] usb 3-1: config 0 descriptor??
[  120.242629][ T6249] netlink: 'syz.1.91': attribute type 21 has an invalid length.
[  120.242839][ T6249] netlink: 'syz.1.91': attribute type 6 has an invalid length.
[  120.242898][ T6249] netlink: 132 bytes leftover after parsing attributes in process `syz.1.91'.
[  121.339191][ T5914] f81534 3-1:0.12: f81534_set_register: reg: 1003 data: 20 failed: -71
[  121.341461][ T5914] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  121.344350][ T5914] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  121.353072][ T5914] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  121.732691][ T5914] usb 3-1: USB disconnect, device number 3
[  122.109400][ T6244] tty tty28: ldisc open failed (-12), clearing slot 27
[  122.119913][ T6260] netlink: 28 bytes leftover after parsing attributes in process `syz.1.95'.
[  122.207391][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.1.95'.
[  123.398226][ T3599] hid (null): global environment stack underflow
[  123.469360][ T3599] hid-generic 0001:0397:0800.0001: global environment stack underflow
[  123.528869][ T3599] hid-generic 0001:0397:0800.0001: item 0 2 1 11 parsing failed
[  123.594658][ T3599] hid-generic 0001:0397:0800.0001: probe with driver hid-generic failed with error -22
[  123.759254][ T6277] netlink: 412 bytes leftover after parsing attributes in process `syz.1.98'.
[  123.965752][ T6283] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  124.996733][ T6289] netlink: 412 bytes leftover after parsing attributes in process `syz.0.103'.
[  126.441796][   T55] Bluetooth: hci0: Unknown advertising packet type: 0x5d
[  131.191323][ T6322] netlink: 4 bytes leftover after parsing attributes in process `syz.0.111'.
[  131.483933][  T974] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  131.562663][ T6331] netlink: 412 bytes leftover after parsing attributes in process `syz.4.116'.
[  131.813268][ T5914] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  131.974198][  T974] usb 4-1: Using ep0 maxpacket: 8
[  132.004815][ T5914] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.024655][  T974] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  132.045672][ T5914] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  132.063434][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.099470][ T5914] usb 1-1: string descriptor 0 read error: -22
[  132.235994][ T6336] netlink: 'syz.1.117': attribute type 21 has an invalid length.
[  132.244166][ T6336] netlink: 'syz.1.117': attribute type 6 has an invalid length.
[  132.251919][ T6336] netlink: 132 bytes leftover after parsing attributes in process `syz.1.117'.
[  132.983685][  T974] usb 4-1: Product: syz
[  133.013862][  T974] usb 4-1: Manufacturer: syz
[  133.018525][  T974] usb 4-1: SerialNumber: syz
[  133.023978][ T5914] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  133.033061][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.054606][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  133.082832][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  133.123239][  T974] usb 4-1: config 0 descriptor??
[  133.461032][   T55] Bluetooth: hci4: Unknown advertising packet type: 0x5d
[  134.113019][  T974] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  134.174221][ T5914] usb 1-1: can't set config #1, error -71
[  134.226774][ T5914] usb 1-1: USB disconnect, device number 4
[  136.648223][  T974] gspca_sunplus: reg_w_riv err -110
[  136.706417][  T974] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  136.749135][ T6362] netlink: 'syz.4.120': attribute type 21 has an invalid length.
[  136.757456][ T6362] netlink: 'syz.4.120': attribute type 6 has an invalid length.
[  136.765293][ T6362] netlink: 132 bytes leftover after parsing attributes in process `syz.4.120'.
[  136.777851][ T6359] ipvlan2: entered promiscuous mode
[  136.785470][ T6359] team0: Device ipvlan2 is up. Set it down before adding it as a team port
[  137.411479][  T974] usb 4-1: USB disconnect, device number 4
[  137.416097][   T29] audit: type=1326 audit(1738037640.378:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  137.447562][   T29] audit: type=1326 audit(1738037640.378:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.040366][   T29] audit: type=1326 audit(1738037640.448:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.127038][   T29] audit: type=1326 audit(1738037640.448:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.150319][   T29] audit: type=1326 audit(1738037640.448:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.171526][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.186728][   T29] audit: type=1326 audit(1738037640.448:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.374050][ T5914] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  138.380786][   T29] audit: type=1326 audit(1738037640.448:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.415509][   T29] audit: type=1326 audit(1738037640.448:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  138.436883][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.526247][ T6380] netlink: 'syz.0.129': attribute type 21 has an invalid length.
[  138.534345][ T6380] netlink: 'syz.0.129': attribute type 6 has an invalid length.
[  138.542597][ T6380] netlink: 132 bytes leftover after parsing attributes in process `syz.0.129'.
[  138.661927][   T29] audit: type=1326 audit(1738037640.458:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  139.177577][   T29] audit: type=1326 audit(1738037640.458:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6368 comm="syz.4.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e4d58cd29 code=0x7ffc0000
[  139.245406][ T5914] usb 4-1: Using ep0 maxpacket: 8
[  139.266452][ T5914] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  139.275340][ T6382] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000007'
[  139.324683][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  139.371363][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  139.375289][ T6382] futex_wake_op: syz.4.130 tries to shift op by -1; fix this program
[  139.417937][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  139.464218][ T6382] netlink: 32 bytes leftover after parsing attributes in process `syz.4.130'.
[  139.480614][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  139.543846][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  139.594120][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.615223][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'.
[  140.529518][   T55] Bluetooth: hci3: Unknown advertising packet type: 0x5d
[  140.541242][ T5914] usb 4-1: usb_control_msg returned -32
[  140.584730][ T5914] usbtmc 4-1:16.0: can't read capabilities
[  140.714558][ T3599] usb 1-1: new low-speed USB device number 5 using dummy_hcd
[  140.896654][ T3599] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  140.929956][ T3599] usb 1-1: string descriptor 0 read error: -22
[  140.951655][ T3599] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  140.977977][ T3599] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.088352][ T6401] netlink: 24 bytes leftover after parsing attributes in process `syz.1.135'.
[  141.231817][    T8] usb 1-1: USB disconnect, device number 5
[  141.810514][    T8] usb 4-1: USB disconnect, device number 5
[  143.209370][ T6411] netlink: 'syz.2.137': attribute type 3 has an invalid length.
[  143.247111][ T6411] netlink: 666 bytes leftover after parsing attributes in process `syz.2.137'.
[  143.369791][ T6407] @: renamed from vcan0 (while UP)
[  143.401137][ T6407] netlink: 56 bytes leftover after parsing attributes in process `syz.2.137'.
[  143.764572][ T6420] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  143.774304][ T6420] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  144.790155][ T6427] netlink: 256 bytes leftover after parsing attributes in process `syz.3.142'.
[  144.970447][ T6431] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000007'
[  145.000414][ T6431] futex_wake_op: syz.1.143 tries to shift op by -1; fix this program
[  145.016728][ T6431] netlink: 32 bytes leftover after parsing attributes in process `syz.1.143'.
[  146.252858][ T6433] Invalid/unusable pipe
[  148.135015][ T6459] netlink: 44 bytes leftover after parsing attributes in process `syz.0.149'.
[  148.462028][ T5914] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  148.803035][ T5914] usb 4-1: config 0 has an invalid interface number: 9 but max is 0
[  148.908489][ T5914] usb 4-1: config 0 has no interface number 0
[  148.936992][ T5914] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  148.966872][   T29] kauditd_printk_skb: 36 callbacks suppressed
[  148.966892][   T29] audit: type=1326 audit(1738037651.938:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6453 comm="syz.2.151" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9241b8cd29 code=0x0
[  149.015859][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.060855][ T5914] usb 4-1: config 0 descriptor??
[  149.079048][ T5914] ums-realtek 4-1:0.9: USB Mass Storage device detected
[  149.208789][ T6470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'.
[  150.278149][ T3599] usb 4-1: USB disconnect, device number 6
[  150.365218][   T47] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  151.585282][   T47] usb 3-1: Using ep0 maxpacket: 32
[  151.667347][   T47] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  151.744704][ T6490] Bluetooth: MGMT ver 1.23
[  152.580279][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  152.604247][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8704, setting to 1024
[  152.673937][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  152.722993][   T47] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  152.815469][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.055920][   T47] usb 3-1: Product: syz
[  153.137885][   T47] usb 3-1: Manufacturer: syz
[  153.209584][   T47] usb 3-1: SerialNumber: syz
[  153.369551][   T47] usb 3-1: config 0 descriptor??
[  153.419732][   T47] usb 3-1: can't set config #0, error -71
[  153.443197][   T47] usb 3-1: USB disconnect, device number 4
[  153.820456][ T6501] netlink: 44 bytes leftover after parsing attributes in process `syz.0.163'.
[  155.882092][ T6512] nfs: Unknown parameter 'ntext-smackfsroot'
[  157.604093][   T55] Bluetooth: hci0: Unknown advertising packet type: 0x5d
[  159.893597][    T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  159.973863][ T3599] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  160.120522][ T6538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.174'.
[  160.153926][ T3599] usb 3-1: Using ep0 maxpacket: 8
[  160.277520][ T3599] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  160.300774][ T3599] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.311217][    T8] usb 5-1: Using ep0 maxpacket: 8
[  160.321299][ T3599] usb 3-1: Product: syz
[  160.343982][ T3599] usb 3-1: Manufacturer: syz
[  160.353024][    T8] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[  160.359423][ T3599] usb 3-1: SerialNumber: syz
[  160.374695][    T8] usb 5-1: config 0 has no interface number 0
[  160.388705][ T3599] usb 3-1: config 0 descriptor??
[  160.392507][    T8] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  160.406974][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.433821][    T8] usb 5-1: Product: syz
[  160.437860][ T3599] gspca_main: se401-2.14.0 probing 047d:5003
[  160.438449][    T8] usb 5-1: Manufacturer: syz
[  160.463853][    T8] usb 5-1: SerialNumber: syz
[  160.486764][    T8] usb 5-1: config 0 descriptor??
[  160.544748][    T8] as10x_usb: device has been detected
[  160.553918][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  160.571254][    T8] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  160.624517][    T8] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  160.656736][ T6527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.670185][ T6527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.714031][    T9] usb 4-1: Using ep0 maxpacket: 16
[  160.721472][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.736584][    T8] as10x_usb: error during firmware upload part1
[  160.752145][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.770514][    T8] Registered device PCTV Systems picoStick (74e)
[  160.784778][    T8] usb 5-1: USB disconnect, device number 4
[  160.809663][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  160.860288][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  160.874147][   T47] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  160.875287][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.901468][    T8] Unregistered device PCTV Systems picoStick (74e)
[  160.905619][    T8] as10x_usb: device has been disconnected
[  160.979059][    T9] usb 4-1: config 0 descriptor??
[  161.295032][   T47] usb 2-1: Using ep0 maxpacket: 16
[  161.314757][   T47] usb 2-1: config 0 has an invalid descriptor of length 137, skipping remainder of the config
[  161.331306][   T47] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  161.579792][   T47] usb 2-1: New USB device found, idVendor=05ac, idProduct=8441, bcdDevice= 0.00
[  161.589080][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.603707][   T47] usb 2-1: config 0 descriptor??
[  161.612014][   T47] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  162.443239][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  162.462859][ T3599] gspca_se401: read req failed req 0x06 error -19
[  162.470019][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  162.499069][ T3599] usb 3-1: USB disconnect, device number 5
[  162.534286][    T9] usb 4-1: USB disconnect, device number 7
[  162.605378][ T6552] netlink: 16 bytes leftover after parsing attributes in process `syz.2.179'.
[  162.644060][ T6552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.179'.
[  162.840534][ T6555] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000007'
[  162.882934][ T6555] futex_wake_op: syz.4.180 tries to shift op by -1; fix this program
[  162.919963][ T6555] netlink: 32 bytes leftover after parsing attributes in process `syz.4.180'.
[  163.031834][ T6559] syz.2.181 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  164.541320][ T6570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.185'.
[  165.138908][ T6570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'.
[  165.314914][    T9] usb 2-1: USB disconnect, device number 6
[  165.491217][ T6580] netlink: 412 bytes leftover after parsing attributes in process `syz.2.182'.
[  165.674016][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  166.883915][    T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  167.217804][    T9] usb 2-1: Using ep0 maxpacket: 8
[  167.240708][    T9] usb 2-1: config 0 has an invalid interface number: 130 but max is 0
[  167.256591][    T9] usb 2-1: config 0 has no interface number 0
[  167.520079][ T5914] hid-generic 0000:0003:0000.0002: unknown main item tag 0x0
[  167.528221][    T9] usb 2-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  167.537496][ T5914] hid-generic 0000:0003:0000.0002: unknown main item tag 0x0
[  167.545200][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.553314][    T9] usb 2-1: Product: syz
[  167.563822][    T8] usb 1-1: Using ep0 maxpacket: 8
[  167.574910][    T8] usb 1-1: unable to get BOS descriptor or descriptor too short
[  167.586404][ T5914] hid-generic 0000:0003:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  167.603889][    T9] usb 2-1: Manufacturer: syz
[  167.608666][    T9] usb 2-1: SerialNumber: syz
[  167.614664][    T8] usb 1-1: config 6 has an invalid interface number: 41 but max is 0
[  167.623555][    T8] usb 1-1: config 6 has no interface number 0
[  167.641905][    T9] usb 2-1: config 0 descriptor??
[  167.653998][    T8] usb 1-1: config 6 interface 41 has no altsetting 0
[  167.673670][    T9] as10x_usb: device has been detected
[  167.689462][    T8] usb 1-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  167.700151][    T9] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  167.723929][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.753786][    T8] usb 1-1: Product: syz
[  167.758027][    T8] usb 1-1: Manufacturer: syz
[  167.775886][    T9] usb 2-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  167.794066][    T8] usb 1-1: SerialNumber: syz
[  167.818473][    T9] as10x_usb: error during firmware upload part1
[  167.836389][    T9] Registered device PCTV Systems picoStick (74e)
[  169.475624][    T8] smsusb:smsusb_probe: board id=15, interface number 41
[  169.517135][    T8] usb 1-1: USB disconnect, device number 6
[  169.606395][ T5881] usb 2-1: USB disconnect, device number 7
[  170.170572][ T5881] Unregistered device PCTV Systems picoStick (74e)
[  170.236009][ T5881] as10x_usb: device has been disconnected
[  170.244131][ T6609] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000007'
[  170.260185][ T6609] futex_wake_op: syz.0.194 tries to shift op by -1; fix this program
[  170.274280][ T6609] netlink: 32 bytes leftover after parsing attributes in process `syz.0.194'.
[  170.803159][ T5881] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  170.834110][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.199'.
[  170.932362][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.199'.
[  170.966571][ T5881] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.966669][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  171.301216][ T5881] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  171.301252][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  171.301275][ T5881] usb 2-1: SerialNumber: syz
[  171.528148][ T5881] usb 2-1: 0:2 : does not exist
[  171.620903][ T5881] usb 2-1: USB disconnect, device number 8
[  171.970115][    T9] hid-generic 0000:0003:0000.0003: unknown main item tag 0x0
[  172.154249][    T9] hid-generic 0000:0003:0000.0003: unknown main item tag 0x0
[  172.294277][    T9] hid-generic 0000:0003:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  172.406612][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.704340][ T6637] rdma_op ffff88802930e9f0 conn xmit_rdma 0000000000000000
[  174.815640][ T5914] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  175.641591][ T5914] usb 2-1: Using ep0 maxpacket: 8
[  175.647252][   T55] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  175.655922][   T55] Bluetooth: hci3: Injecting HCI hardware error event
[  175.664699][   T55] Bluetooth: hci3: hardware error 0x00
[  175.766509][ T5914] usb 2-1: device descriptor read/all, error -71
[  176.216266][    T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  176.403997][    T8] usb 5-1: Using ep0 maxpacket: 8
[  176.447759][    T8] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[  176.499686][    T8] usb 5-1: config 0 has no interface number 0
[  176.532649][ T6655] fuse: Unknown parameter 'ÓíÌè°lúÿ0x0000000000000007'
[  176.545556][ T6655] futex_wake_op: syz.2.209 tries to shift op by -1; fix this program
[  176.568254][    T8] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  176.593867][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.608282][ T6655] netlink: 32 bytes leftover after parsing attributes in process `syz.2.209'.
[  176.633894][    T8] usb 5-1: Product: syz
[  176.641437][    T8] usb 5-1: Manufacturer: syz
[  176.655033][    T8] usb 5-1: SerialNumber: syz
[  176.677826][    T8] usb 5-1: config 0 descriptor??
[  176.707711][    T8] as10x_usb: device has been detected
[  176.727214][    T8] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  177.821589][    T8] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  177.839749][    T8] as10x_usb: error during firmware upload part1
[  177.846357][    T8] Registered device PCTV Systems picoStick (74e)
[  177.864704][   T55] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  179.224656][ T6673] random: crng reseeded on system resumption
[  180.284056][ T6687] fuse: Bad value for 'fd'
[  181.230597][ T5909] usb 5-1: USB disconnect, device number 5
[  181.295802][ T5909] Unregistered device PCTV Systems picoStick (74e)
[  181.296950][ T5909] as10x_usb: device has been disconnected
[  182.570768][ T5881] hid-generic 0000:0003:0000.0004: unknown main item tag 0x0
[  182.602879][ T5881] hid-generic 0000:0003:0000.0004: unknown main item tag 0x0
[  182.625150][ T5881] hid-generic 0000:0003:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  183.090902][   T55] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  183.091067][   T55] Bluetooth: hci4: Injecting HCI hardware error event
[  183.092698][   T55] Bluetooth: hci4: hardware error 0x00
[  183.150703][ T6713] afs: Unknown parameter '0x0000000000000000'
[  183.333918][ T5881] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  183.817718][ T5881] usb 1-1: unable to get BOS descriptor or descriptor too short
[  183.887355][ T5881] usb 1-1: not running at top speed; connect to a high speed hub
[  184.009785][ T5881] usb 1-1: config 129 has an invalid interface number: 28 but max is 0
[  184.048672][ T5881] usb 1-1: config 129 has no interface number 0
[  184.090936][ T5881] usb 1-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  184.176659][ T5881] usb 1-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64
[  184.276140][ T5881] usb 1-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  184.362370][ T5881] usb 1-1: config 129 interface 28 has no altsetting 0
[  184.419015][ T5881] usb 1-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57
[  184.453171][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.484735][ T5881] usb 1-1: Product: syz
[  184.488967][ T5881] usb 1-1: Manufacturer: syz
[  184.493595][ T5881] usb 1-1: SerialNumber: syz
[  184.521632][ T6712] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  184.728301][ T6701] loop2: detected capacity change from 0 to 7
[  184.747104][ T6701] Dev loop2: unable to read RDB block 7
[  184.779448][ T6701]  loop2: unable to read partition table
[  184.785541][ T6701] loop2: partition table beyond EOD, truncated
[  184.791968][ T6701] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  184.823088][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.228'.
[  184.883510][ T5881] etas_es58x 1-1:129.28: Starting syz syz (Serial Number syz)
[  184.925263][ T6724] 8021q: adding VLAN 0 to HW filter on device batadv1
[  184.944980][ T5881] etas_es58x 1-1:129.28: could not retrieve the product info string
[  184.984812][ T6724] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  185.129990][ T5881] usb 1-1: USB disconnect, device number 7
[  185.165902][ T5881] etas_es58x 1-1:129.28: Disconnecting syz syz
[  185.384454][   T55] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  186.343935][    T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  186.587124][    T8] usb 2-1: Using ep0 maxpacket: 8
[  186.705780][    T8] usb 2-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 16
[  186.799999][    T8] usb 2-1: config 1 interface 0 has no altsetting 0
[  187.016332][    T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  187.043849][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.247210][    T8] usb 2-1: Product: syz
[  187.473563][    T8] usb 2-1: Manufacturer: syz
[  187.504165][    T8] usb 2-1: SerialNumber: syz
[  187.722950][ T6738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  188.554326][    T8] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8
[  188.574814][    T8] usb 2-1: USB disconnect, device number 11
[  188.584383][    T8] usblp0: removed
[  189.085875][ T6763] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  189.095632][ T6763] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  189.798313][ T5881] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  190.145364][ T5881] usb 4-1: Using ep0 maxpacket: 32
[  190.753847][ T5881] usb 4-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=64.02
[  190.788991][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.850624][ T5881] usb 4-1: Product: syz
[  190.857615][ T5881] usb 4-1: Manufacturer: syz
[  190.867971][ T5881] usb 4-1: SerialNumber: syz
[  190.954947][ T5881] usb 4-1: config 0 descriptor??
[  191.141201][ T5914] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  191.433819][ T5914] usb 5-1: device descriptor read/64, error -71
[  191.576681][ T5881] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -71
[  191.609413][ T5881] usb 4-1: USB disconnect, device number 8
[  191.853884][ T5914] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  192.834345][ T5914] usb 5-1: device descriptor read/64, error -71
[  192.963899][ T5914] usb usb5-port1: attempt power cycle
[  193.324886][ T5881] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  193.354080][ T5914] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  193.482071][ T5914] usb 5-1: device descriptor read/8, error -71
[  193.835783][ T6800] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  193.845648][ T6800] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  194.454935][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  194.461629][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  194.483527][   T47] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  194.528798][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.613043][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.633994][ T5881] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  194.643098][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.684696][ T5881] usb 3-1: config 0 descriptor??
[  194.757271][   T47] usb 1-1: Using ep0 maxpacket: 16
[  194.829871][   T55] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  194.839128][   T55] Bluetooth: hci1: Injecting HCI hardware error event
[  194.848231][   T55] Bluetooth: hci1: hardware error 0x00
[  194.858119][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.922156][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.981300][   T47] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[  194.998656][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.014077][   T47] usb 1-1: config 0 descriptor??
[  195.235107][ T5881] uclogic 0003:28BD:0094.0005: interface is invalid, ignoring
[  195.328539][ T6823] FAULT_INJECTION: forcing a failure.
[  195.328539][ T6823] name failslab, interval 1, probability 0, space 0, times 0
[  195.789610][ T6823] CPU: 0 UID: 0 PID: 6823 Comm: syz.1.252 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  195.789639][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  195.789651][ T6823] Call Trace:
[  195.789658][ T6823]  <TASK>
[  195.789666][ T6823]  dump_stack_lvl+0x241/0x360
[  195.789699][ T6823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.789719][ T6823]  ? __pfx__printk+0x10/0x10
[  195.789769][ T6823]  ? kmem_cache_alloc_noprof+0x48/0x380
[  195.789798][ T6823]  ? __pfx___might_resched+0x10/0x10
[  195.789827][ T6823]  should_fail_ex+0x40a/0x550
[  195.789855][ T6823]  should_failslab+0xac/0x100
[  195.789880][ T6823]  ? security_file_alloc+0x32/0x310
[  195.789907][ T6823]  kmem_cache_alloc_noprof+0x70/0x380
[  195.789959][ T6823]  security_file_alloc+0x32/0x310
[  195.789987][ T6823]  init_file+0x91/0x280
[  195.790014][ T6823]  alloc_empty_file+0xb8/0x1d0
[  195.790040][ T6823]  path_openat+0x107/0x3580
[  195.790083][ T6823]  ? mark_lock+0x9a/0x360
[  195.790111][ T6823]  ? __lock_acquire+0x1397/0x2100
[  195.790140][ T6823]  ? __pfx_path_openat+0x10/0x10
[  195.790186][ T6823]  do_filp_open+0x27f/0x4e0
[  195.790219][ T6823]  ? __pfx_do_filp_open+0x10/0x10
[  195.790246][ T6823]  ? do_raw_spin_lock+0x14f/0x370
[  195.790299][ T6823]  do_sys_openat2+0x13e/0x1d0
[  195.790328][ T6823]  ? __pfx_do_sys_openat2+0x10/0x10
[  195.790365][ T6823]  __x64_sys_creat+0x123/0x170
[  195.790391][ T6823]  ? __pfx___x64_sys_creat+0x10/0x10
[  195.790432][ T6823]  do_syscall_64+0xf3/0x230
[  195.790458][ T6823]  ? clear_bhb_loop+0x35/0x90
[  195.790489][ T6823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.790516][ T6823] RIP: 0033:0x7f1b3658cd29
[  195.790534][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.790549][ T6823] RSP: 002b:00007f1b373ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  195.790570][ T6823] RAX: ffffffffffffffda RBX: 00007f1b367a5fa0 RCX: 00007f1b3658cd29
[  195.790585][ T6823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300
[  195.790596][ T6823] RBP: 00007f1b373ac090 R08: 0000000000000000 R09: 0000000000000000
[  195.790608][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.790618][ T6823] R13: 0000000000000000 R14: 00007f1b367a5fa0 R15: 00007ffd59924d98
[  195.790645][ T6823]  </TASK>
[  196.624135][   T47] samsung 0003:0419:0001.0006: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.0-1/input0
[  196.709493][ T3599] usb 3-1: USB disconnect, device number 6
[  196.912270][   T47] usb 1-1: USB disconnect, device number 8
[  196.994164][   T55] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  197.374599][ T6833] rdma_op ffff88802a39e9f0 conn xmit_rdma 0000000000000000
[  197.770591][ T6837] FAULT_INJECTION: forcing a failure.
[  197.770591][ T6837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  197.963781][ T6837] CPU: 1 UID: 0 PID: 6837 Comm: syz.4.256 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  197.963808][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  197.963820][ T6837] Call Trace:
[  197.963826][ T6837]  <TASK>
[  197.963834][ T6837]  dump_stack_lvl+0x241/0x360
[  197.963863][ T6837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.963882][ T6837]  ? __pfx__printk+0x10/0x10
[  197.963917][ T6837]  ? snprintf+0xda/0x120
[  197.963955][ T6837]  should_fail_ex+0x40a/0x550
[  197.963990][ T6837]  _copy_to_user+0x31/0xb0
[  197.964013][ T6837]  simple_read_from_buffer+0xca/0x150
[  197.964040][ T6837]  proc_fail_nth_read+0x1e9/0x250
[  197.964067][ T6837]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  197.964095][ T6837]  ? rw_verify_area+0x243/0x630
[  197.964126][ T6837]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  197.964152][ T6837]  vfs_read+0x1f8/0xb40
[  197.964185][ T6837]  ? fdget_pos+0x254/0x320
[  197.964213][ T6837]  ? __pfx___mutex_lock+0x10/0x10
[  197.964240][ T6837]  ? __pfx_vfs_read+0x10/0x10
[  197.964275][ T6837]  ? __fget_files+0x2a/0x410
[  197.964302][ T6837]  ? __fget_files+0x395/0x410
[  197.964327][ T6837]  ? __fget_files+0x2a/0x410
[  197.964363][ T6837]  ksys_read+0x18f/0x2b0
[  197.964385][ T6837]  ? __pfx_ksys_read+0x10/0x10
[  197.964404][ T6837]  ? do_syscall_64+0x100/0x230
[  197.964434][ T6837]  ? do_syscall_64+0xb6/0x230
[  197.964463][ T6837]  do_syscall_64+0xf3/0x230
[  197.964489][ T6837]  ? clear_bhb_loop+0x35/0x90
[  197.964521][ T6837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.964548][ T6837] RIP: 0033:0x7f8e4d58b73c
[  197.964566][ T6837] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  197.964582][ T6837] RSP: 002b:00007f8e4e33b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  197.964604][ T6837] RAX: ffffffffffffffda RBX: 00007f8e4d7a6080 RCX: 00007f8e4d58b73c
[  197.964618][ T6837] RDX: 000000000000000f RSI: 00007f8e4e33b0a0 RDI: 0000000000000004
[  197.964631][ T6837] RBP: 00007f8e4e33b090 R08: 0000000000000000 R09: 0000000000000000
[  197.964643][ T6837] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  197.964655][ T6837] R13: 0000000000000001 R14: 00007f8e4d7a6080 R15: 00007ffd08168948
[  197.964685][ T6837]  </TASK>
[  198.429079][ T5914] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  198.854812][ T6858] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  198.864479][ T6858] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  199.598217][ T5914] usb 3-1: Using ep0 maxpacket: 32
[  199.664242][ T5914] usb 3-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=64.02
[  199.664279][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.664302][ T5914] usb 3-1: Product: syz
[  199.664319][ T5914] usb 3-1: Manufacturer: syz
[  199.664335][ T5914] usb 3-1: SerialNumber: syz
[  199.746443][ T5914] usb 3-1: config 0 descriptor??
[  201.383254][ T5914] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -110
[  201.703963][ T5133] Bluetooth: hci2: command 0x0406 tx timeout
[  201.710205][ T5133] Bluetooth: hci0: command 0x0406 tx timeout
[  201.853931][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  201.934063][   T47] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  202.104184][   T47] usb 1-1: Using ep0 maxpacket: 8
[  202.120490][   T47] usb 1-1: config 0 has an invalid interface number: 130 but max is 0
[  202.145448][   T47] usb 1-1: config 0 has no interface number 0
[  202.170463][   T47] usb 1-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  202.191265][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.212232][   T47] usb 1-1: Product: syz
[  202.219658][    T9] usb 5-1: Using ep0 maxpacket: 8
[  202.222146][   T47] usb 1-1: Manufacturer: syz
[  202.231114][    T9] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[  202.240944][    T9] usb 5-1: config 0 has no interface number 0
[  202.248028][   T47] usb 1-1: SerialNumber: syz
[  202.251320][    T9] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  202.260343][   T47] usb 1-1: config 0 descriptor??
[  202.265133][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.275073][    T9] usb 5-1: Product: syz
[  202.279397][    T9] usb 5-1: Manufacturer: syz
[  202.284504][    T9] usb 5-1: SerialNumber: syz
[  202.746755][   T47] as10x_usb: device has been detected
[  202.750099][    T9] usb 5-1: config 0 descriptor??
[  202.800926][    T9] as10x_usb: device has been detected
[  202.815355][ T3599] usb 3-1: USB disconnect, device number 7
[  202.823602][   T47] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  202.903561][   T47] usb 1-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  202.964199][    T9] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  203.412893][ T6890] rdma_op ffff8880339e99f0 conn xmit_rdma 0000000000000000
[  204.152862][    T9] usb 5-1: DVB: registering adapter 2 frontend 0 (PCTV Systems picoStick (74e))...
[  204.184170][   T47] as10x_usb: error during firmware upload part1
[  204.224936][   T47] Registered device PCTV Systems picoStick (74e)
[  204.226684][    T9] as10x_usb: error during firmware upload part1
[  204.244424][   T47] usb 1-1: USB disconnect, device number 9
[  204.251629][    T9] Registered device PCTV Systems picoStick (74e)
[  204.337315][    T9] usb 5-1: USB disconnect, device number 10
[  204.402059][   T47] Unregistered device PCTV Systems picoStick (74e)
[  204.443965][   T47] as10x_usb: device has been disconnected
[  204.449990][    T9] Unregistered device PCTV Systems picoStick (74e)
[  204.462832][    T9] as10x_usb: device has been disconnected
[  204.574527][ T6902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.274'.
[  205.431543][ T6915] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.521963][ T5909] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  209.705423][ T6935] rdma_op ffff88802a39f1f0 conn xmit_rdma 0000000000000000
[  210.240757][ T6933] netlink: 24 bytes leftover after parsing attributes in process `syz.0.281'.
[  210.304191][ T5909] usb 3-1: Using ep0 maxpacket: 32
[  210.327230][ T5909] usb 3-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=64.02
[  210.351277][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.371525][ T5909] usb 3-1: Product: syz
[  210.393829][ T5909] usb 3-1: Manufacturer: syz
[  210.398448][ T5909] usb 3-1: SerialNumber: syz
[  210.433313][ T5909] usb 3-1: config 0 descriptor??
[  211.357056][ T5909] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -71
[  211.415411][ T5909] usb 3-1: USB disconnect, device number 8
[  211.655347][ T6948] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  211.673941][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  211.843993][ T3599] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  211.856086][    T9] usb 5-1: Using ep0 maxpacket: 8
[  211.874829][    T9] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[  211.889992][    T9] usb 5-1: config 0 has no interface number 0
[  211.903171][    T9] usb 5-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  212.166161][ T3599] usb 2-1: Using ep0 maxpacket: 8
[  212.200445][ T3599] usb 2-1: config 0 has an invalid interface number: 130 but max is 0
[  212.260842][ T3599] usb 2-1: config 0 has no interface number 0
[  212.329124][ T3599] usb 2-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  212.353846][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.362179][    T9] usb 5-1: Product: syz
[  212.366989][    T9] usb 5-1: Manufacturer: syz
[  212.371627][    T9] usb 5-1: SerialNumber: syz
[  212.387252][ T3599] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.391365][    T9] usb 5-1: config 0 descriptor??
[  212.422281][    T9] as10x_usb: device has been detected
[  212.517161][ T3599] usb 2-1: Product: syz
[  212.521389][ T3599] usb 2-1: Manufacturer: syz
[  212.568443][ T3599] usb 2-1: SerialNumber: syz
[  212.635245][ T3599] usb 2-1: config 0 descriptor??
[  212.654225][    T9] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  212.681274][    T9] usb 5-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  212.692594][ T3599] as10x_usb: device has been detected
[  212.717626][ T3599] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  212.719431][    T9] as10x_usb: error during firmware upload part1
[  212.808923][ T3599] usb 2-1: DVB: registering adapter 2 frontend 0 (PCTV Systems picoStick (74e))...
[  212.847587][ T3599] as10x_usb: error during firmware upload part1
[  212.893959][ T3599] Registered device PCTV Systems picoStick (74e)
[  212.984255][    T9] Registered device PCTV Systems picoStick (74e)
[  213.110011][ T6962] xt_CT: You must specify a L4 protocol and not use inversions on it
[  213.938126][ T5880] usb 5-1: USB disconnect, device number 11
[  213.960496][    T8] usb 2-1: USB disconnect, device number 12
[  214.011008][ T5880] Unregistered device PCTV Systems picoStick (74e)
[  214.022047][    T8] Unregistered device PCTV Systems picoStick (74e)
[  214.048393][ T5880] as10x_usb: device has been disconnected
[  214.084671][    T8] as10x_usb: device has been disconnected
[  214.256243][ T6972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.295'.
[  214.354440][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.293'.
[  214.541060][ T6984] netlink: 24 bytes leftover after parsing attributes in process `syz.4.297'.
[  214.732858][ T6987] FAULT_INJECTION: forcing a failure.
[  214.732858][ T6987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.763858][ T6987] CPU: 0 UID: 0 PID: 6987 Comm: syz.3.298 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  214.763898][ T6987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  214.763911][ T6987] Call Trace:
[  214.763918][ T6987]  <TASK>
[  214.763926][ T6987]  dump_stack_lvl+0x241/0x360
[  214.763955][ T6987]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.763975][ T6987]  ? __pfx__printk+0x10/0x10
[  214.764007][ T6987]  ? __pfx_lock_release+0x10/0x10
[  214.764043][ T6987]  should_fail_ex+0x40a/0x550
[  214.764071][ T6987]  _copy_from_iter+0x1e9/0x1c20
[  214.764101][ T6987]  ? __virt_addr_valid+0x183/0x530
[  214.764142][ T6987]  ? __alloc_skb+0x28f/0x440
[  214.764170][ T6987]  ? __pfx__copy_from_iter+0x10/0x10
[  214.764202][ T6987]  ? __virt_addr_valid+0x183/0x530
[  214.764231][ T6987]  ? __virt_addr_valid+0x183/0x530
[  214.764258][ T6987]  ? __virt_addr_valid+0x45f/0x530
[  214.764287][ T6987]  ? __phys_addr_symbol+0x2f/0x70
[  214.764315][ T6987]  ? __check_object_size+0x47a/0x730
[  214.764345][ T6987]  netlink_sendmsg+0x73d/0xcb0
[  214.764389][ T6987]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.764432][ T6987]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.764462][ T6987]  __sock_sendmsg+0x221/0x270
[  214.764489][ T6987]  ____sys_sendmsg+0x52a/0x7e0
[  214.764528][ T6987]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.764557][ T6987]  ? __fget_files+0x2a/0x410
[  214.764588][ T6987]  ? __fget_files+0x2a/0x410
[  214.764623][ T6987]  __sys_sendmsg+0x269/0x350
[  214.764659][ T6987]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.764702][ T6987]  ? do_sys_openat2+0x17a/0x1d0
[  214.764755][ T6987]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  214.764784][ T6987]  ? do_syscall_64+0x100/0x230
[  214.764814][ T6987]  ? do_syscall_64+0xb6/0x230
[  214.764843][ T6987]  do_syscall_64+0xf3/0x230
[  214.764869][ T6987]  ? clear_bhb_loop+0x35/0x90
[  214.764911][ T6987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.764938][ T6987] RIP: 0033:0x7fcea4f8cd29
[  214.764956][ T6987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.764973][ T6987] RSP: 002b:00007fcea5de2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.764995][ T6987] RAX: ffffffffffffffda RBX: 00007fcea51a5fa0 RCX: 00007fcea4f8cd29
[  214.765011][ T6987] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[  214.765023][ T6987] RBP: 00007fcea5de2090 R08: 0000000000000000 R09: 0000000000000000
[  214.765036][ T6987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.765048][ T6987] R13: 0000000000000000 R14: 00007fcea51a5fa0 R15: 00007ffe1342a4f8
[  214.765076][ T6987]  </TASK>
[  215.176161][    T9] usb 3-1: new low-speed USB device number 9 using dummy_hcd
[  215.822315][    T9] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  215.877515][    T9] usb 3-1: string descriptor 0 read error: -22
[  215.886535][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  215.956745][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.251236][ T7002] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0
[  216.338941][    T9] usb 3-1: USB disconnect, device number 9
[  217.561525][ T5133] Bluetooth: hci0: unexpected event for opcode 0x241c
[  218.453856][ T5914] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  219.608890][ T5914] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  219.617671][ T5914] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  219.632428][ T5914] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  219.771242][ T5914] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.795658][ T5914] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.055249][ T5914] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  220.232612][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  220.283919][ T5914] usb 5-1: Product: syz
[  220.288141][ T5914] usb 5-1: Manufacturer: syz
[  220.308269][ T5914] cdc_wdm 5-1:1.0: skipping garbage
[  220.331254][ T5914] cdc_wdm 5-1:1.0: skipping garbage
[  220.866376][ T5914] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  220.872347][ T5914] cdc_wdm 5-1:1.0: Unknown control protocol
[  220.984727][ T7031] ubi0: attaching mtd0
[  220.993385][ T7031] ubi0: scanning is finished
[  220.999140][ T7031] ubi0: empty MTD device detected
[  221.159134][ T7036] FAULT_INJECTION: forcing a failure.
[  221.159134][ T7036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  221.175751][ T5909] usb 5-1: USB disconnect, device number 12
[  221.189229][ T7036] CPU: 0 UID: 0 PID: 7036 Comm: syz.2.312 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  221.189265][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  221.189276][ T7036] Call Trace:
[  221.189282][ T7036]  <TASK>
[  221.189289][ T7036]  dump_stack_lvl+0x241/0x360
[  221.189334][ T7036]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.189350][ T7036]  ? __pfx__printk+0x10/0x10
[  221.189372][ T7036]  ? smack_log+0x10d/0x5c0
[  221.189387][ T7036]  ? __pfx_lock_release+0x10/0x10
[  221.189411][ T7036]  should_fail_ex+0x40a/0x550
[  221.189430][ T7036]  _copy_from_user+0x2d/0xb0
[  221.189452][ T7036]  __tun_chr_ioctl+0x28e/0x2400
[  221.189482][ T7036]  ? __pfx___tun_chr_ioctl+0x10/0x10
[  221.189514][ T7036]  ? __pfx_tun_chr_ioctl+0x10/0x10
[  221.189535][ T7036]  __se_sys_ioctl+0xf5/0x170
[  221.189550][ T7036]  do_syscall_64+0xf3/0x230
[  221.189569][ T7036]  ? clear_bhb_loop+0x35/0x90
[  221.189592][ T7036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.189611][ T7036] RIP: 0033:0x7f9241b8cd29
[  221.189624][ T7036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.189634][ T7036] RSP: 002b:00007f923f9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  221.189650][ T7036] RAX: ffffffffffffffda RBX: 00007f9241da5fa0 RCX: 00007f9241b8cd29
[  221.189660][ T7036] RDX: 0000000020000080 RSI: 00000000400454ca RDI: 0000000000000005
[  221.189669][ T7036] RBP: 00007f923f9f6090 R08: 0000000000000000 R09: 0000000000000000
[  221.189677][ T7036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.189685][ T7036] R13: 0000000000000000 R14: 00007f9241da5fa0 R15: 00007ffe491621b8
[  221.189704][ T7036]  </TASK>
[  221.607049][ T7031] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  221.639283][ T5133] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  221.656983][ T5133] Bluetooth: hci0: Injecting HCI hardware error event
[  221.666185][ T5133] Bluetooth: hci0: hardware error 0x00
[  224.124910][ T5133] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  224.914572][ T7062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.317'.
[  225.049726][ T7062] netlink: 'syz.2.317': attribute type 1 has an invalid length.
[  225.074515][ T7062] netlink: 'syz.2.317': attribute type 2 has an invalid length.
[  225.396474][ T7066] netlink: 'syz.4.320': attribute type 21 has an invalid length.
[  225.404505][ T7066] netlink: 'syz.4.320': attribute type 6 has an invalid length.
[  225.412177][ T7066] netlink: 132 bytes leftover after parsing attributes in process `syz.4.320'.
[  226.115515][ T7083] =======================================================
[  226.115515][ T7083] WARNING: The mand mount option has been deprecated and
[  226.115515][ T7083]          and is ignored by this kernel. Remove the mand
[  226.115515][ T7083]          option from the mount to silence this warning.
[  226.115515][ T7083] =======================================================
[  226.483163][ T7083] netdevsim netdevsim2: Direct firmware load for .
[  226.483163][ T7083]  failed with error -2
[  226.527936][ T7083] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  226.527936][ T7083] 
[  226.533035][ T7087] libceph: resolve '0.0' (ret=-3): failed
[  227.423355][ T7098] usb usb1: check_ctrlrecip: process 7098 (syz.1.328) requesting ep 01 but needs 81
[  227.450502][ T7098] usb usb1: usbfs: process 7098 (syz.1.328) did not claim interface 0 before use
[  227.527110][ T7100] usb usb1: check_ctrlrecip: process 7100 (syz.1.328) requesting ep 01 but needs 81
[  227.596636][ T7100] usb usb1: usbfs: process 7100 (syz.1.328) did not claim interface 0 before use
[  232.090049][ T7126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.335'.
[  232.127957][ T7126] netlink: 'syz.0.335': attribute type 1 has an invalid length.
[  232.177098][ T7126] netlink: 'syz.0.335': attribute type 2 has an invalid length.
[  232.799844][ T5133] Bluetooth: hci2: unexpected event for opcode 0x241c
[  234.323869][ T3599] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  234.773907][ T3599] usb 2-1: Using ep0 maxpacket: 8
[  234.791431][ T3599] usb 2-1: unable to get BOS descriptor or descriptor too short
[  234.797545][ T7158] netlink: 24 bytes leftover after parsing attributes in process `syz.0.343'.
[  234.809152][ T3599] usb 2-1: config 6 has an invalid interface number: 41 but max is 1
[  235.013861][ T3599] usb 2-1: config 6 has an invalid interface number: 6 but max is 1
[  235.045750][ T3599] usb 2-1: config 6 has no interface number 0
[  235.923146][ T3599] usb 2-1: config 6 has no interface number 1
[  236.045061][ T3599] usb 2-1: config 6 interface 41 has no altsetting 0
[  236.051894][ T3599] usb 2-1: config 6 interface 6 has no altsetting 0
[  236.311570][ T3599] usb 2-1: string descriptor 0 read error: -71
[  236.318677][ T3599] usb 2-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  236.328511][ T3599] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.346881][ T3599] usb 2-1: can't set config #6, error -71
[  236.354349][ T3599] usb 2-1: USB disconnect, device number 13
[  236.526945][ T7167] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  236.537247][ T7167] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  236.824931][ T5133] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  236.834042][ T5133] Bluetooth: hci2: Injecting HCI hardware error event
[  236.844937][ T5133] Bluetooth: hci2: hardware error 0x00
[  237.301695][ T7172] netlink: 'syz.3.348': attribute type 1 has an invalid length.
[  238.328965][ T7172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.348'.
[  238.816920][ T7172] 8021q: adding VLAN 0 to HW filter on device batadv2
[  238.898307][ T7172] bond3: (slave batadv2): Enslaving as an active interface with an up link
[  238.908626][ T5133] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  238.938270][ T7184] netlink: 'syz.0.352': attribute type 21 has an invalid length.
[  238.946223][ T7184] netlink: 'syz.0.352': attribute type 6 has an invalid length.
[  238.954013][ T7184] netlink: 132 bytes leftover after parsing attributes in process `syz.0.352'.
[  240.684325][ T5877] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  240.883947][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  240.888345][ T5877] usb 4-1: unable to get BOS descriptor or descriptor too short
[  240.907291][ T5877] usb 4-1: config 6 has an invalid interface number: 41 but max is 1
[  241.194595][ T5877] usb 4-1: config 6 has an invalid interface number: 6 but max is 1
[  241.194627][ T5877] usb 4-1: config 6 has no interface number 0
[  241.194646][ T5877] usb 4-1: config 6 has no interface number 1
[  241.194688][ T5877] usb 4-1: config 6 interface 41 has no altsetting 0
[  241.194709][ T5877] usb 4-1: config 6 interface 6 has no altsetting 0
[  241.229836][ T5877] usb 4-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  241.229869][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.229890][ T5877] usb 4-1: Product: syz
[  241.229907][ T5877] usb 4-1: Manufacturer: syz
[  241.229924][ T5877] usb 4-1: SerialNumber: syz
[  242.778787][ T5877] smsusb:smsusb_probe: board id=15, interface number 41
[  242.920705][ T5877] smsusb:smsusb_probe: board id=15, interface number 6
[  242.937339][ T5877] smsusb:smsusb_probe: Device initialized with return code -19
[  243.274069][ T5877] usb 4-1: USB disconnect, device number 9
[  243.952913][ T7235] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  243.962662][ T7235] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  247.698837][ T7254] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  247.708374][ T7254] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  247.971975][ T7244] netlink: 'syz.4.366': attribute type 21 has an invalid length.
[  247.980124][ T7244] netlink: 'syz.4.366': attribute type 6 has an invalid length.
[  247.987902][ T7244] netlink: 132 bytes leftover after parsing attributes in process `syz.4.366'.
[  248.021544][ T7256] rdma_op ffff8880325679f0 conn xmit_rdma 0000000000000000
[  252.543908][ T5914] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  252.704137][ T5914] usb 4-1: Using ep0 maxpacket: 8
[  252.718455][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short
[  253.116669][ T5914] usb 4-1: config 6 has an invalid interface number: 41 but max is 1
[  253.128243][ T5880] usb 5-1: new low-speed USB device number 13 using dummy_hcd
[  253.157375][ T5914] usb 4-1: config 6 has an invalid interface number: 6 but max is 1
[  253.174256][ T5914] usb 4-1: config 6 has no interface number 0
[  253.180393][ T5914] usb 4-1: config 6 has no interface number 1
[  253.188203][ T5914] usb 4-1: config 6 interface 41 has no altsetting 0
[  253.393039][ T5914] usb 4-1: config 6 interface 6 has no altsetting 0
[  253.486442][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  253.516573][ T5914] usb 4-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  253.627009][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.740509][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.792705][ T5880] usb 5-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 4.00
[  253.812230][ T5914] usb 4-1: Product: syz
[  253.842423][ T5914] usb 4-1: Manufacturer: syz
[  253.854371][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.900460][ T5914] usb 4-1: SerialNumber: syz
[  254.384476][ T5880] usb 5-1: config 0 descriptor??
[  254.699947][ T5914] smsusb:smsusb_probe: board id=15, interface number 41
[  254.715815][ T5914] smsusb:smsusb_probe: board id=15, interface number 6
[  254.715872][ T5914] smsusb:smsusb_probe: Device initialized with return code -19
[  254.769455][ T5914] usb 4-1: USB disconnect, device number 10
[  254.910280][ T5880] wacom 0003:056A:00D0.0007: Unknown device_type for 'HID 056a:00d0'. Assuming pen.
[  254.915096][ T5880] wacom 0003:056A:00D0.0007: hidraw0: USB HID vff.fe Device [HID 056a:00d0] on usb-dummy_hcd.4-1/input0
[  254.929836][ T5880] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:00D0.0007/input/input5
[  255.329140][ T7301] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  255.329203][ T7301] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  255.888096][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  255.888206][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  256.137531][ T5914] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  256.216563][ T7303] tty tty22: ldisc open failed (-12), clearing slot 21
[  256.358304][ T5914] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  256.358339][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.358363][ T5914] usb 4-1: Product: syz
[  256.358380][ T5914] usb 4-1: Manufacturer: syz
[  256.358397][ T5914] usb 4-1: SerialNumber: syz
[  256.360672][ T5914] usb 4-1: config 0 descriptor??
[  256.394809][ T5880] usb 5-1: USB disconnect, device number 13
[  256.422133][ T5843] udevd[5843]: setting mode of /dev/bus/usb/005/013 to 020664 failed: No such file or directory
[  256.422276][ T5843] udevd[5843]: setting owner of /dev/bus/usb/005/013 to uid=0, gid=0 failed: No such file or directory
[  256.819313][ T7309] rdma_op ffff888059aac1f0 conn xmit_rdma 0000000000000000
[  257.933526][ T5914] int51x1 4-1:0.0: probe with driver int51x1 failed with error -71
[  257.954069][ T5914] usb 4-1: USB disconnect, device number 11
[  260.578446][ T7322] FAULT_INJECTION: forcing a failure.
[  260.578446][ T7322] name failslab, interval 1, probability 0, space 0, times 0
[  260.594646][ T7322] CPU: 1 UID: 0 PID: 7322 Comm: syz.3.383 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  260.594680][ T7322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  260.594689][ T7322] Call Trace:
[  260.594694][ T7322]  <TASK>
[  260.594700][ T7322]  dump_stack_lvl+0x241/0x360
[  260.594722][ T7322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.594736][ T7322]  ? __pfx__printk+0x10/0x10
[  260.594760][ T7322]  ? __kmalloc_cache_noprof+0x48/0x390
[  260.594781][ T7322]  ? __pfx___might_resched+0x10/0x10
[  260.594805][ T7322]  should_fail_ex+0x40a/0x550
[  260.594825][ T7322]  should_failslab+0xac/0x100
[  260.594844][ T7322]  __kmalloc_cache_noprof+0x70/0x390
[  260.594863][ T7322]  ? nfnetlink_rcv+0x1265/0x2ab0
[  260.594882][ T7322]  nfnetlink_rcv+0x1265/0x2ab0
[  260.594920][ T7322]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  260.594968][ T7322]  ? netlink_deliver_tap+0x2e/0x1b0
[  260.594989][ T7322]  ? skb_clone+0x240/0x390
[  260.595003][ T7322]  ? __pfx_lock_release+0x10/0x10
[  260.595032][ T7322]  ? netlink_deliver_tap+0x2e/0x1b0
[  260.595055][ T7322]  netlink_unicast+0x7f6/0x990
[  260.595080][ T7322]  ? __pfx_netlink_unicast+0x10/0x10
[  260.595098][ T7322]  ? __virt_addr_valid+0x45f/0x530
[  260.595119][ T7322]  ? __phys_addr_symbol+0x2f/0x70
[  260.595139][ T7322]  ? __check_object_size+0x47a/0x730
[  260.595161][ T7322]  netlink_sendmsg+0x8e4/0xcb0
[  260.595191][ T7322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  260.595221][ T7322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  260.595242][ T7322]  __sock_sendmsg+0x221/0x270
[  260.595261][ T7322]  ____sys_sendmsg+0x52a/0x7e0
[  260.595289][ T7322]  ? __pfx_____sys_sendmsg+0x10/0x10
[  260.595310][ T7322]  ? __fget_files+0x2a/0x410
[  260.595331][ T7322]  ? __fget_files+0x2a/0x410
[  260.595356][ T7322]  __sys_sendmsg+0x269/0x350
[  260.595381][ T7322]  ? __pfx___sys_sendmsg+0x10/0x10
[  260.595412][ T7322]  ? do_sys_openat2+0x17a/0x1d0
[  260.595449][ T7322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  260.595470][ T7322]  ? do_syscall_64+0x100/0x230
[  260.595491][ T7322]  ? do_syscall_64+0xb6/0x230
[  260.595512][ T7322]  do_syscall_64+0xf3/0x230
[  260.595544][ T7322]  ? clear_bhb_loop+0x35/0x90
[  260.595577][ T7322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.595604][ T7322] RIP: 0033:0x7fcea4f8cd29
[  260.595622][ T7322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.595640][ T7322] RSP: 002b:00007fcea5de2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  260.595656][ T7322] RAX: ffffffffffffffda RBX: 00007fcea51a5fa0 RCX: 00007fcea4f8cd29
[  260.595667][ T7322] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000006
[  260.595675][ T7322] RBP: 00007fcea5de2090 R08: 0000000000000000 R09: 0000000000000000
[  260.595684][ T7322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.595692][ T7322] R13: 0000000000000000 R14: 00007fcea51a5fa0 R15: 00007ffe1342a4f8
[  260.595713][ T7322]  </TASK>
[  263.532548][ T7340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.390'.
[  263.582336][ T7340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'.
[  263.654794][   T47] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  263.743865][ T5877] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  263.854008][   T47] usb 3-1: Using ep0 maxpacket: 8
[  263.866015][   T47] usb 3-1: unable to get BOS descriptor or descriptor too short
[  264.014936][   T47] usb 3-1: config 6 has an invalid interface number: 41 but max is 1
[  264.023078][   T47] usb 3-1: config 6 has an invalid interface number: 6 but max is 1
[  265.003900][   T47] usb 3-1: config 6 has no interface number 0
[  265.010613][   T47] usb 3-1: config 6 has no interface number 1
[  265.016839][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  265.031836][ T5877] usb 4-1: config 0 has an invalid interface number: 130 but max is 0
[  265.047135][ T5877] usb 4-1: config 0 has no interface number 0
[  265.758079][ T7353] rdma_op ffff88807a13b9f0 conn xmit_rdma 0000000000000000
[  266.012780][   T47] usb 3-1: config 6 interface 41 has no altsetting 0
[  266.054673][   T47] usb 3-1: config 6 interface 6 has no altsetting 0
[  267.065560][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.394'.
[  267.066114][   T47] usb 3-1: string descriptor 0 read error: -71
[  267.084195][   T47] usb 3-1: New USB device found, idVendor=19d2, idProduct=0078, bcdDevice=61.be
[  267.929786][ T5877] usb 4-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  267.939912][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.948080][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.960120][ T5877] usb 4-1: Product: syz
[  268.139412][ T7365] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan0, syncid = 0, id = 0
[  268.165180][   T47] usb 3-1: can't set config #6, error -71
[  268.171212][ T5877] usb 4-1: Manufacturer: syz
[  268.179456][   T47] usb 3-1: USB disconnect, device number 10
[  268.193450][ T5877] usb 4-1: config 0 descriptor??
[  268.231362][ T5877] usb 4-1: can't set config #0, error -71
[  268.262357][ T5877] usb 4-1: USB disconnect, device number 12
[  268.444070][ T5876] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  268.623800][ T5876] usb 5-1: Using ep0 maxpacket: 8
[  268.641848][ T5876] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  268.653805][ T5876] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  268.683896][ T5914] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  268.687411][ T5876] usb 5-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40
[  268.720251][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.731050][ T5876] usb 5-1: Product: syz
[  268.744095][ T5876] usb 5-1: Manufacturer: syz
[  268.752758][ T5876] usb 5-1: SerialNumber: syz
[  268.775141][ T5877] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[  268.808786][ T5876] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input8
[  268.835382][ T5914] usb 2-1: device descriptor read/64, error -71
[  268.999410][ T7363] IPVS: stopping backup sync thread 7365 ...
[  269.014681][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short
[  269.047050][ T5877] usb 1-1: unable to read config index 0 descriptor/start: -71
[  269.063366][ T5877] usb 1-1: can't read configurations, error -71
[  269.103936][ T5914] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  269.274297][ T5914] usb 2-1: device descriptor read/64, error -71
[  269.417202][ T5914] usb usb2-port1: attempt power cycle
[  270.164073][ T5914] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  270.221754][ T5914] usb 2-1: device descriptor read/8, error -71
[  270.254728][ T5179] bcm5974 5-1:1.0: could not read from device
[  270.396465][ T5179] bcm5974 5-1:1.0: could not read from device
[  270.427955][ T5876] usb 5-1: USB disconnect, device number 14
[  270.484022][ T5914] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  270.489707][ T7379] ubi0: attaching mtd0
[  270.520292][ T7379] ubi0: scanning is finished
[  270.536552][ T5914] usb 2-1: device descriptor read/8, error -71
[  270.547947][ T7379] ==================================================================
[  270.556052][ T7379] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x141/0x3f0
[  270.564497][ T7379] Read of size 4 at addr ffff88807a3b58d8 by task syz.4.401/7379
[  270.572250][ T7379] 
[  270.574597][ T7379] CPU: 1 UID: 0 PID: 7379 Comm: syz.4.401 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  270.574622][ T7379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  270.574635][ T7379] Call Trace:
[  270.574643][ T7379]  <TASK>
[  270.574651][ T7379]  dump_stack_lvl+0x241/0x360
[  270.574676][ T7379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.574696][ T7379]  ? __pfx__printk+0x10/0x10
[  270.574728][ T7379]  ? _printk+0xd5/0x120
[  270.574756][ T7379]  ? __virt_addr_valid+0x183/0x530
[  270.574785][ T7379]  ? __virt_addr_valid+0x183/0x530
[  270.574815][ T7379]  print_report+0x169/0x550
[  270.574840][ T7379]  ? __virt_addr_valid+0x183/0x530
[  270.574868][ T7379]  ? __virt_addr_valid+0x183/0x530
[  270.574902][ T7379]  ? __virt_addr_valid+0x45f/0x530
[  270.574931][ T7379]  ? __phys_addr+0xba/0x170
[  270.574959][ T7379]  ? notifier_chain_register+0x141/0x3f0
[  270.574984][ T7379]  kasan_report+0x143/0x180
[  270.575009][ T7379]  ? notifier_chain_register+0x141/0x3f0
[  270.575050][ T7379]  notifier_chain_register+0x141/0x3f0
[  270.575075][ T7379]  blocking_notifier_chain_register+0x61/0xc0
[  270.575100][ T7379]  ubi_wl_init+0x3396/0x3720
[  270.575134][ T7379]  ubi_attach+0x3e01/0x5b80
[  270.575175][ T7379]  ? __pfx_ubi_attach+0x10/0x10
[  270.575205][ T7379]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[  270.575234][ T7379]  ubi_attach_mtd_dev+0x1a3a/0x3540
[  270.575273][ T7379]  ctrl_cdev_ioctl+0x346/0x570
[  270.575304][ T7379]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  270.575337][ T7379]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  270.575367][ T7379]  __se_sys_ioctl+0xf5/0x170
[  270.575386][ T7379]  do_syscall_64+0xf3/0x230
[  270.575411][ T7379]  ? clear_bhb_loop+0x35/0x90
[  270.575439][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.575466][ T7379] RIP: 0033:0x7f8e4d58cd29
[  270.575483][ T7379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.575498][ T7379] RSP: 002b:00007f8e4e35c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.575519][ T7379] RAX: ffffffffffffffda RBX: 00007f8e4d7a5fa0 RCX: 00007f8e4d58cd29
[  270.575533][ T7379] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004
[  270.575545][ T7379] RBP: 00007f8e4d60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  270.575557][ T7379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  270.575569][ T7379] R13: 0000000000000000 R14: 00007f8e4d7a5fa0 R15: 00007ffd08168948
[  270.575588][ T7379]  </TASK>
[  270.575595][ T7379] 
[  270.819227][ T7379] Allocated by task 7316:
[  270.823562][ T7379]  kasan_save_track+0x3f/0x80
[  270.828242][ T7379]  __kasan_kmalloc+0x98/0xb0
[  270.832833][ T7379]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[  270.839258][ T7379]  kmalloc_reserve+0x111/0x2a0
[  270.844036][ T7379]  __alloc_skb+0x1f3/0x440
[  270.848457][ T7379]  netlink_dump+0x1ee/0xe10
[  270.852965][ T7379]  netlink_recvmsg+0x6ec/0x11a0
[  270.857833][ T7379]  sock_recvmsg_nosec+0x18e/0x1d0
[  270.862903][ T7379]  ____sys_recvmsg+0x3cd/0x480
[  270.867687][ T7379]  do_recvmmsg+0x426/0xab0
[  270.872110][ T7379]  __x64_sys_recvmmsg+0x199/0x250
[  270.877150][ T7379]  do_syscall_64+0xf3/0x230
[  270.881663][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.887567][ T7379] 
[  270.889897][ T7379] Freed by task 7310:
[  270.893881][ T7379]  kasan_save_track+0x3f/0x80
[  270.898568][ T7379]  kasan_save_free_info+0x40/0x50
[  270.903601][ T7379]  __kasan_slab_free+0x59/0x70
[  270.908454][ T7379]  kfree+0x196/0x430
[  270.912361][ T7379]  skb_release_data+0x6a0/0x8a0
[  270.917224][ T7379]  sk_skb_reason_drop+0x1c9/0x380
[  270.922255][ T7379]  skb_queue_purge_reason+0x3c5/0x500
[  270.927720][ T7379]  packet_release+0xb15/0xcd0
[  270.932408][ T7379]  sock_close+0xbc/0x240
[  270.936651][ T7379]  __fput+0x3e9/0x9f0
[  270.940644][ T7379]  task_work_run+0x24f/0x310
[  270.945253][ T7379]  syscall_exit_to_user_mode+0x13f/0x340
[  270.950899][ T7379]  do_syscall_64+0x100/0x230
[  270.955496][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.961400][ T7379] 
[  270.963725][ T7379] The buggy address belongs to the object at ffff88807a3b4000
[  270.963725][ T7379]  which belongs to the cache kmalloc-8k of size 8192
[  270.977780][ T7379] The buggy address is located 6360 bytes inside of
[  270.977780][ T7379]  freed 8192-byte region [ffff88807a3b4000, ffff88807a3b6000)
[  270.991748][ T7379] 
[  270.994071][ T7379] The buggy address belongs to the physical page:
[  271.000494][ T7379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a3b0
[  271.009256][ T7379] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  271.017753][ T7379] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  271.025322][ T7379] page_type: f5(slab)
[  271.029337][ T7379] raw: 00fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[  271.038037][ T7379] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  271.046636][ T7379] head: 00fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[  271.055319][ T7379] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  271.063986][ T7379] head: 00fff00000000003 ffffea0001e8ec01 ffffffffffffffff 0000000000000000
[  271.072650][ T7379] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  271.081316][ T7379] page dumped because: kasan: bad access detected
[  271.087751][ T7379] page_owner tracks the page as allocated
[  271.093465][ T7379] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5133, tgid 5133 (kworker/u9:1), ts 76883307953, free_ts 76542002948
[  271.114860][ T7379]  post_alloc_hook+0x1f4/0x240
[  271.119774][ T7379]  get_page_from_freelist+0x3651/0x37a0
[  271.125338][ T7379]  __alloc_frozen_pages_noprof+0x292/0x710
[  271.131147][ T7379]  alloc_pages_mpol+0x311/0x660
[  271.135998][ T7379]  allocate_slab+0x8f/0x3a0
[  271.140503][ T7379]  ___slab_alloc+0xc27/0x14a0
[  271.145193][ T7379]  __slab_alloc+0x58/0xa0
[  271.149534][ T7379]  __kmalloc_cache_noprof+0x27b/0x390
[  271.154931][ T7379]  __hci_conn_add+0x2f9/0x1890
[  271.159702][ T7379]  hci_conn_request_evt+0x5e8/0xdb0
[  271.164917][ T7379]  hci_event_packet+0xac2/0x1540
[  271.169893][ T7379]  hci_rx_work+0x3f3/0xdb0
[  271.174319][ T7379]  process_scheduled_works+0xa66/0x1840
[  271.179880][ T7379]  worker_thread+0x870/0xd30
[  271.184482][ T7379]  kthread+0x7a9/0x920
[  271.188560][ T7379]  ret_from_fork+0x4b/0x80
[  271.192981][ T7379] page last free pid 5817 tgid 5817 stack trace:
[  271.199302][ T7379]  free_frozen_pages+0xe04/0x10e0
[  271.204342][ T7379]  __slab_free+0x2c2/0x380
[  271.208756][ T7379]  qlist_free_all+0x9a/0x140
[  271.213346][ T7379]  kasan_quarantine_reduce+0x14f/0x170
[  271.218808][ T7379]  __kasan_slab_alloc+0x23/0x80
[  271.223660][ T7379]  __kmalloc_node_track_caller_noprof+0x237/0x4c0
[  271.230085][ T7379]  memdup_user+0x2b/0xc0
[  271.234335][ T7379]  kcov_ioctl+0xea/0x640
[  271.238581][ T7379]  __se_sys_ioctl+0xf5/0x170
[  271.243169][ T7379]  do_syscall_64+0xf3/0x230
[  271.247689][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.253590][ T7379] 
[  271.255927][ T7379] Memory state around the buggy address:
[  271.261555][ T7379]  ffff88807a3b5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  271.269620][ T7379]  ffff88807a3b5800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  271.277685][ T7379] >ffff88807a3b5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  271.285753][ T7379]                                                     ^
[  271.292679][ T7379]  ffff88807a3b5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  271.300738][ T7379]  ffff88807a3b5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  271.308798][ T7379] ==================================================================
[  271.343914][ T5914] usb usb2-port1: unable to enumerate USB device
[  271.418022][ T7379] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  271.425363][ T7379] CPU: 1 UID: 0 PID: 7379 Comm: syz.4.401 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  271.435609][ T7379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  271.445793][ T7379] Call Trace:
[  271.449102][ T7379]  <TASK>
[  271.452040][ T7379]  dump_stack_lvl+0x241/0x360
[  271.456740][ T7379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.461964][ T7379]  ? __pfx__printk+0x10/0x10
[  271.466568][ T7379]  ? vscnprintf+0x5d/0x90
[  271.470904][ T7379]  panic+0x349/0x880
[  271.474812][ T7379]  ? check_panic_on_warn+0x21/0xb0
[  271.479937][ T7379]  ? __pfx_panic+0x10/0x10
[  271.484371][ T7379]  ? check_panic_on_warn+0x21/0xb0
[  271.489488][ T7379]  ? check_panic_on_warn+0x72/0xb0
[  271.494605][ T7379]  check_panic_on_warn+0x86/0xb0
[  271.499545][ T7379]  ? notifier_chain_register+0x141/0x3f0
[  271.505183][ T7379]  end_report+0x77/0x160
[  271.509433][ T7379]  kasan_report+0x154/0x180
[  271.513947][ T7379]  ? notifier_chain_register+0x141/0x3f0
[  271.519602][ T7379]  notifier_chain_register+0x141/0x3f0
[  271.525078][ T7379]  blocking_notifier_chain_register+0x61/0xc0
[  271.531155][ T7379]  ubi_wl_init+0x3396/0x3720
[  271.535758][ T7379]  ubi_attach+0x3e01/0x5b80
[  271.540293][ T7379]  ? __pfx_ubi_attach+0x10/0x10
[  271.545156][ T7379]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[  271.550538][ T7379]  ubi_attach_mtd_dev+0x1a3a/0x3540
[  271.555773][ T7379]  ctrl_cdev_ioctl+0x346/0x570
[  271.560551][ T7379]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  271.565866][ T7379]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  271.571170][ T7379]  __se_sys_ioctl+0xf5/0x170
[  271.575766][ T7379]  do_syscall_64+0xf3/0x230
[  271.580286][ T7379]  ? clear_bhb_loop+0x35/0x90
[  271.584984][ T7379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.590883][ T7379] RIP: 0033:0x7f8e4d58cd29
[  271.595311][ T7379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.615007][ T7379] RSP: 002b:00007f8e4e35c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.623430][ T7379] RAX: ffffffffffffffda RBX: 00007f8e4d7a5fa0 RCX: 00007f8e4d58cd29
[  271.631407][ T7379] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000004
[  271.639382][ T7379] RBP: 00007f8e4d60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  271.647706][ T7379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  271.655679][ T7379] R13: 0000000000000000 R14: 00007f8e4d7a5fa0 R15: 00007ffd08168948
[  271.663653][ T7379]  </TASK>
[  271.667054][ T7379] Kernel Offset: disabled
[  271.671378][ T7379] Rebooting in 86400 seconds..