last executing test programs:

12.399367855s ago: executing program 3 (id=377):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800c0001006d6163766c616e000c7fff800800f50000000000"], 0x3c}}, 0x0)
r1 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f00000003c0), 0x800)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000cc0)=@nat={'nat\x00', 0x19, 0x5, 0x7be, [0x20000440, 0x0, 0x0, 0x200008b4, 0x200009da], 0x0, &(0x7f0000000400), &(0x7f0000000440)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{0x3, 0x20, 0x888e, 'ipvlan0\x00', 'ipvlan1\x00', 'veth0_to_bridge\x00', 'gretap0\x00', @remote, [0x0, 0xff, 0x1fe, 0xff], @random="7e64030a8af2", [], 0x6e, 0x6e, 0xa6, [], [], @common=@dnat={'dnat\x00', 0x10, {{@random="66c7f1f6fade", 0xfffffffffffffffd}}}}, {0x11, 0x2, 0x8809, 'vlan1\x00', 'erspan0\x00', 'syzkaller0\x00', 'team_slave_1\x00', @local, [0xff, 0xff, 0x0, 0xff], @broadcast, [0xff, 0xff, 0x0, 0xff, 0xff], 0x2a6, 0x2a6, 0x2de, [@bpf0={{'bpf\x00', 0x0, 0x210}, {{0x3e, [{0xef, 0xea, 0xfb, 0xa4}, {0x101, 0xbc, 0x6, 0x4}, {0xa70f, 0x9, 0x8, 0xffff}, {0xcd5e, 0x0, 0x6, 0x1}, {0xfffa, 0x64, 0x9, 0x8}, {0x80, 0x42, 0x3, 0x5}, {0x7, 0x4, 0xe, 0xb}, {0x8001, 0x8, 0x0, 0x468}, {0x1, 0x54, 0x6, 0xffffffff}, {0x2, 0x2, 0xc3, 0x2}, {0x9, 0x5, 0x9}, {0x0, 0x6, 0x3, 0x39a4}, {0x9, 0x5, 0x6d, 0xff}, {0x3, 0x9, 0x8, 0x8}, {0xede, 0x23, 0x4, 0x2}, {0x6a7, 0xa, 0x5, 0x5}, {0xe, 0x8, 0x9, 0x2}, {0x80, 0x2, 0xff, 0xffffff55}, {0x1, 0x9, 0x4, 0x10}, {0x5, 0x0, 0x4, 0xd}, {0x8, 0xe, 0x61, 0x101}, {0x0, 0x5, 0x8, 0xffffff80}, {0xec4, 0x0, 0x4, 0xfffffffd}, {0x8}, {0x4, 0x1, 0x9, 0xfff}, {0x8, 0x10, 0x4, 0xf}, {0x7f, 0xf, 0x10, 0x2}, {0x6, 0x6, 0x4b, 0x90}, {0x0, 0x3, 0x51, 0x40}, {0x9, 0x81, 0x2, 0x5}, {0xf21, 0x3, 0x0, 0x6}, {0x2025, 0x6, 0x35, 0x9}, {0x1000, 0x8, 0x4, 0xc}, {0x742, 0xa, 0x0, 0x10000}, {0x0, 0xc, 0xe, 0x2}, {0x6, 0x6, 0xa, 0x3}, {0x3, 0x10, 0x8}, {0x5, 0xf, 0x2, 0x9}, {0x1, 0x5f, 0xca, 0x80000000}, {0x76e, 0x4b, 0x40, 0x8}, {0x401, 0x21, 0x5}, {0x8000, 0x5, 0x80, 0x7}, {0xe8, 0xa}, {0x2, 0x4, 0xff, 0x5}, {0xfffb, 0xfa, 0x9}, {0x0, 0x4, 0xab, 0x5}, {0x5, 0x2, 0x80}, {0x2, 0x6, 0x0, 0x96cd}, {0x7, 0x8, 0x8}, {0x4, 0x8, 0x1, 0x4}, {0x2, 0xa0, 0x7, 0x20d5}, {0x4, 0x0, 0xb, 0x3}, {0xe63, 0x2, 0x6, 0xa}, {0x3, 0x3, 0x8, 0x605b}, {0x1, 0x40, 0x57, 0x8001}, {0x676b, 0x8, 0xff, 0x1}, {0x95, 0x7, 0x2, 0xffffac56}, {0xf37a, 0x0, 0x4, 0xa}, {0x4, 0x7, 0xaf, 0x2}, {0xb5c, 0x5, 0x4, 0xffffff9f}, {0x7, 0xd, 0x9, 0xfff}, {0x5, 0x3, 0x0, 0x7}, {0xff, 0x2, 0x3, 0xe}, {0xfffb, 0xfa, 0x6, 0x9}], {0x4}}}}], [], @snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffc}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{0x11, 0x2, 0x16, 'caif0\x00', 'veth1_virt_wifi\x00', 'nicvf0\x00', 'syz_tun\x00', @random="4f533aa2237c", [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @random="141dd212a9ac", [0x0, 0x0, 0x0, 0x0, 0xff], 0x6e, 0xbe, 0xf6, [], [@common=@log={'log\x00', 0x28, {{0x2, "d37e146c5d1387f60f2e1e012cdbe8b256971e92f49f872641a9f3c416b2"}}}], @arpreply={'arpreply\x00', 0x10, {{@broadcast, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffc, 0x2, [{0x11, 0x4c, 0x8848, 'bond0\x00', 'veth1_to_bond\x00', 'ip6erspan0\x00', 'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], @remote, [0xff, 0x0, 0xff, 0x0, 0xff], 0xee, 0xee, 0x126, [@quota={{'quota\x00', 0x0, 0x18}, {{0x1, 0x0, 0x9, {0xc}}}}, @time={{'time\x00', 0x0, 0x18}, {{0x5e0b, 0x1, 0x4c70, 0x1546, 0x1000, 0x4, 0x2}}}], [], @snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}}, {0x9, 0x4, 0x88f8, 'ipvlan0\x00', 'veth0_to_batadv\x00', 'ip6gre0\x00', 'veth1\x00', @remote, [0xff, 0x0, 0x0, 0x0, 0xff], @multicast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], 0xe6, 0x156, 0x18e, [@m802_3={{'802_3\x00', 0x0, 0x8}, {{0x4, 0x7fff, 0x1, 0x4}}}, @limit={{'limit\x00', 0x0, 0x20}, {{0x7, 0xfff, 0x8, 0x6f, 0x2, 0xfffffffb}}}], [@common=@dnat={'dnat\x00', 0x10, {{@local, 0xfffffffffffffffe}}}, @arpreply={'arpreply\x00', 0x10, {{@remote, 0xffffffffffffffff}}}], @snat={'snat\x00', 0x10, {{@multicast, 0xfffffffffffffffd}}}}]}]}, 0x836)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000001000000018000180140002006e6574641e7673696d30000000000000080004"], 0x34}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000ec0)={0xffffffffffffffff, 0x58, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000fc0)={&(0x7f0000000f00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x4, [@enum64={0x8, 0x8, 0x0, 0x13, 0x0, 0x2, [{0xa, 0xa69, 0x4}, {0xb, 0xee7, 0x3}, {0xb, 0x3, 0xef1}, {0x1, 0x3}, {0x1, 0x800, 0x552}, {0x3, 0x7, 0x2}, {0xe, 0xfffff43f, 0x1}, {0x10, 0x5, 0xffff9505}]}]}, {0x0, [0x61, 0x2e]}}, &(0x7f0000001180)=""/4096, 0x88, 0x1000, 0x0, 0x400000, 0x10000, @value=r1}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002340)={0xffffffffffffffff, 0xe0, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000001040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000001080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x8a, &(0x7f0000001100)=[{}], 0x8, 0x10, &(0x7f0000002180), &(0x7f00000021c0), 0x8, 0xb5, 0x8, 0x8, &(0x7f0000002200)}}, 0x10)
r6 = socket$inet6(0xa, 0x3, 0xff)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r7, 0x2, &(0x7f0000000040)=[&(0x7f0000ffa000/0x3000)=nil], 0x0, &(0x7f0000000080), 0x0)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r8 = dup2(r6, r6)
write$tun(r8, &(0x7f0000000040)=ANY=[], 0x46)
recvmmsg(r8, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}, 0x40}], 0x1, 0x40002042, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000002380)={{0x1, 0x1, 0x18, <r9=>r2, {0xfff}}, './file0\x00'})
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002640)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x4, 0x8, &(0x7f0000002600)=@framed={{0x18, 0x0, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000d80)='syzkaller\x00', 0x5, 0x71, &(0x7f0000000dc0)=""/113, 0x6f584bf5d781764b, 0x1, '\x00', r3, @fallback=0x30, r4, 0x8, &(0x7f0000001000)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r8, 0x3, &(0x7f00000024c0)=[r9, r10, r11], &(0x7f0000002500)=[{0x4, 0x3, 0xf, 0x3}, {0x5, 0x1, 0x10, 0x1}, {0x4, 0x1, 0xf, 0x8}], 0x10, 0x2218, @void, @value}, 0x94)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x238, 0x1398, 0x1398, 0x238, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [0x0, 0x322], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x21}, 0x0, 0x120, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4e22], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xfe}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@unspec=@CLASSIFY={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, [0x0, 0x0, 0x0, 0xff000000], [], 'veth1_to_hsr\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r12, 0x0, 0x2, 0x0, 0x0)
accept(r0, 0x0, &(0x7f0000000380)=0xfffffffffffffce6)

10.105654077s ago: executing program 0 (id=385):
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x128}}, 0x40000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001040)=@newtaction={0x14, 0x32, 0xffff}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmmsg$unix(r0, &(0x7f00000000c0), 0x3f, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r3 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e37024801", 0x27}], 0x1}, 0x80)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
shmat(r3, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000fff000/0x1000)=nil)
read$FUSE(r2, &(0x7f0000000140)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_DIRENT(r2, &(0x7f0000000080)={0x58, 0x0, r5, [{0x1400000000000007, 0x0, 0x8, 0x0, '@-/\\&\r\x80-'}, {0x0, 0x0, 0xa, 0x0, '/>\rv/cuse\x00'}]}, 0x58)

10.028787886s ago: executing program 0 (id=386):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='sched_switch\x00', r4}, 0x18)
socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r5, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
recvmmsg(r5, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140), 0x4)

9.991046179s ago: executing program 3 (id=387):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9b, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, 'LX'}, @mixer_unit={0x6, 0x24, 0x4, 0x0, 0x0, 'R'}, @selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, "53f1"}, @selector_unit={0xb, 0x24, 0x5, 0x0, 0x0, "133b9bda531c"}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x5, "96efc359"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x2, 0x0, 0x1, "8b7e", "8e"}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81}}}}}}}]}}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB='\v\x00\x00\x00\x00\x00\x00\x00']}, 0x0)
syz_usb_control_io(r0, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="00030400060004030000"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

9.691112153s ago: executing program 2 (id=388):
r0 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000040)=0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

9.034416042s ago: executing program 0 (id=389):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0500240ca100"], 0x8)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
dup(r0)
syz_emit_ethernet(0x5a, &(0x7f0000000000)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="70280000907800000002"], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x1010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="a50a00000000000061115400000000001800000000000000000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r5, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133a, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x131}], 0xc})
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

9.013471033s ago: executing program 1 (id=390):
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='bridge_slave_1\x00', 0x10)
r1 = dup(r0)
bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2, 0xe0ff}, 0x6e)

8.935092081s ago: executing program 2 (id=391):
r0 = socket$inet(0x2, 0x802, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = getpid()
migrate_pages(r5, 0xbb7, &(0x7f00000001c0)=0x2, &(0x7f0000000340)=0xfceb)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
epoll_create1(0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000180)=0x80000000, 0x4)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x33, &(0x7f0000000000)={0x0, 0x0}, 0x10)
r8 = syz_open_dev$media(0x0, 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0)
dup(r8)
syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESHEX=r6])
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r9, 0x6, 0x1, &(0x7f0000000300)=@gcm_256={{0x303}, "af20ef2647380be9", "ce7ae392b29ccb3f396c20bf277a4f6380326d5de7b5c5c7b8760630a72bc3d5", "d3af1db6", "10e0a087f3e187d8"}, 0x38)
setsockopt$inet_int(r9, 0x0, 0x13, &(0x7f0000000000)=0x800, 0x4)
write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd)

8.807267692s ago: executing program 1 (id=392):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe8e91000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3e, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d7", 0x1}], 0x1}, 0x0)
syz_clone(0x0, 0x0, 0x3f, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setns(0xffffffffffffffff, 0x24020000)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

7.080209841s ago: executing program 4 (id=393):
epoll_create1(0x0)
r0 = epoll_create1(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb7030000e5ff0000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432})
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
r3 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
getpid()
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="6588bae67739bf69c2e2d0acbcb2e6dcdf3541000000000000000000"], 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)

6.871758087s ago: executing program 1 (id=394):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$can_j1939(0x1d, 0x2, 0x7)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r3, 0xc1004111, &(0x7f0000000140)={0x0, [0x4c, 0x7ff, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x40}, {}, {}, {}, {0x0, 0x10001}]})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f00000006c0), 0x0, 0x2)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc)
epoll_create1(0x0)
r4 = syz_io_uring_setup(0x5169, &(0x7f0000000400)={0x0, 0x1750, 0x10100, 0x3}, &(0x7f0000000100), &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_setup(0x4f5a, &(0x7f00000002c0), &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000000)={0x5, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r7 = syz_open_dev$MSR(&(0x7f0000000040), 0x100000010002, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r7, &(0x7f00000005c0)=""/102384, 0x18ff0)
io_uring_enter(r4, 0xb15, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(r1)
readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/110, 0x6e}], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

6.843226677s ago: executing program 0 (id=395):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r3=>0x0], &(0x7f00000000c0), 0x3, r1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x14, r3, r1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = dup(r5)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r8 = syz_io_uring_setup(0x24ff, &(0x7f0000000400)={0x0, 0x0, 0x10100}, &(0x7f00000003c0)=<r9=>0x0, &(0x7f0000000140)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000180)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0, 0x40012000})
io_uring_enter(r8, 0x1066, 0x0, 0x0, 0x0, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$TCXONC(r6, 0x540a, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r6, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r11 = getpid()
sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000340)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
connect$unix(r12, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r13, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r12, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

6.651158026s ago: executing program 2 (id=396):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000e, 0x12, r1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9a57}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140), 0x6)
write(0xffffffffffffffff, &(0x7f0000000100), 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r5, &(0x7f0000000340)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r5, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x84, &(0x7f0000000080)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, 0x90)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x8010, r3, 0xd0f9f000)
socket$kcm(0xa, 0x3, 0x11)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0xec0, &(0x7f0000000140)=[{&(0x7f0000000000)="48000000140081fb7059ae08190c03000aff0f03000004000411000000006fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8f", 0x48}], 0x1}, 0x0)

6.554538805s ago: executing program 3 (id=397):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800c0001006d6163766c616e000c7fff800800f50000000000"], 0x3c}}, 0x0)
r1 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f00000003c0), 0x800)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000cc0)=@nat={'nat\x00', 0x19, 0x5, 0x7be, [0x20000440, 0x0, 0x0, 0x200008b4, 0x200009da], 0x0, &(0x7f0000000400), &(0x7f0000000440)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{0x3, 0x20, 0x888e, 'ipvlan0\x00', 'ipvlan1\x00', 'veth0_to_bridge\x00', 'gretap0\x00', @remote, [0x0, 0xff, 0x1fe, 0xff], @random="7e64030a8af2", [], 0x6e, 0x6e, 0xa6, [], [], @common=@dnat={'dnat\x00', 0x10, {{@random="66c7f1f6fade", 0xfffffffffffffffd}}}}, {0x11, 0x2, 0x8809, 'vlan1\x00', 'erspan0\x00', 'syzkaller0\x00', 'team_slave_1\x00', @local, [0xff, 0xff, 0x0, 0xff], @broadcast, [0xff, 0xff, 0x0, 0xff, 0xff], 0x2a6, 0x2a6, 0x2de, [@bpf0={{'bpf\x00', 0x0, 0x210}, {{0x3e, [{0xef, 0xea, 0xfb, 0xa4}, {0x101, 0xbc, 0x6, 0x4}, {0xa70f, 0x9, 0x8, 0xffff}, {0xcd5e, 0x0, 0x6, 0x1}, {0xfffa, 0x64, 0x9, 0x8}, {0x80, 0x42, 0x3, 0x5}, {0x7, 0x4, 0xe, 0xb}, {0x8001, 0x8, 0x0, 0x468}, {0x1, 0x54, 0x6, 0xffffffff}, {0x2, 0x2, 0xc3, 0x2}, {0x9, 0x5, 0x9}, {0x0, 0x6, 0x3, 0x39a4}, {0x9, 0x5, 0x6d, 0xff}, {0x3, 0x9, 0x8, 0x8}, {0xede, 0x23, 0x4, 0x2}, {0x6a7, 0xa, 0x5, 0x5}, {0xe, 0x8, 0x9, 0x2}, {0x80, 0x2, 0xff, 0xffffff55}, {0x1, 0x9, 0x4, 0x10}, {0x5, 0x0, 0x4, 0xd}, {0x8, 0xe, 0x61, 0x101}, {0x0, 0x5, 0x8, 0xffffff80}, {0xec4, 0x0, 0x4, 0xfffffffd}, {0x8}, {0x4, 0x1, 0x9, 0xfff}, {0x8, 0x10, 0x4, 0xf}, {0x7f, 0xf, 0x10, 0x2}, {0x6, 0x6, 0x4b, 0x90}, {0x0, 0x3, 0x51, 0x40}, {0x9, 0x81, 0x2, 0x5}, {0xf21, 0x3, 0x0, 0x6}, {0x2025, 0x6, 0x35, 0x9}, {0x1000, 0x8, 0x4, 0xc}, {0x742, 0xa, 0x0, 0x10000}, {0x0, 0xc, 0xe, 0x2}, {0x6, 0x6, 0xa, 0x3}, {0x3, 0x10, 0x8}, {0x5, 0xf, 0x2, 0x9}, {0x1, 0x5f, 0xca, 0x80000000}, {0x76e, 0x4b, 0x40, 0x8}, {0x401, 0x21, 0x5}, {0x8000, 0x5, 0x80, 0x7}, {0xe8, 0xa}, {0x2, 0x4, 0xff, 0x5}, {0xfffb, 0xfa, 0x9}, {0x0, 0x4, 0xab, 0x5}, {0x5, 0x2, 0x80}, {0x2, 0x6, 0x0, 0x96cd}, {0x7, 0x8, 0x8}, {0x4, 0x8, 0x1, 0x4}, {0x2, 0xa0, 0x7, 0x20d5}, {0x4, 0x0, 0xb, 0x3}, {0xe63, 0x2, 0x6, 0xa}, {0x3, 0x3, 0x8, 0x605b}, {0x1, 0x40, 0x57, 0x8001}, {0x676b, 0x8, 0xff, 0x1}, {0x95, 0x7, 0x2, 0xffffac56}, {0xf37a, 0x0, 0x4, 0xa}, {0x4, 0x7, 0xaf, 0x2}, {0xb5c, 0x5, 0x4, 0xffffff9f}, {0x7, 0xd, 0x9, 0xfff}, {0x5, 0x3, 0x0, 0x7}, {0xff, 0x2, 0x3, 0xe}, {0xfffb, 0xfa, 0x6, 0x9}], {0x4}}}}], [], @snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffc}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{0x11, 0x2, 0x16, 'caif0\x00', 'veth1_virt_wifi\x00', 'nicvf0\x00', 'syz_tun\x00', @random="4f533aa2237c", [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @random="141dd212a9ac", [0x0, 0x0, 0x0, 0x0, 0xff], 0x6e, 0xbe, 0xf6, [], [@common=@log={'log\x00', 0x28, {{0x2, "d37e146c5d1387f60f2e1e012cdbe8b256971e92f49f872641a9f3c416b2"}}}], @arpreply={'arpreply\x00', 0x10, {{@broadcast, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffc, 0x2, [{0x11, 0x4c, 0x8848, 'bond0\x00', 'veth1_to_bond\x00', 'ip6erspan0\x00', 'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], @remote, [0xff, 0x0, 0xff, 0x0, 0xff], 0xee, 0xee, 0x126, [@quota={{'quota\x00', 0x0, 0x18}, {{0x1, 0x0, 0x9, {0xc}}}}, @time={{'time\x00', 0x0, 0x18}, {{0x5e0b, 0x1, 0x4c70, 0x1546, 0x1000, 0x4, 0x2}}}], [], @snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}}, {0x9, 0x4, 0x88f8, 'ipvlan0\x00', 'veth0_to_batadv\x00', 'ip6gre0\x00', 'veth1\x00', @remote, [0xff, 0x0, 0x0, 0x0, 0xff], @multicast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], 0xe6, 0x156, 0x18e, [@m802_3={{'802_3\x00', 0x0, 0x8}, {{0x4, 0x7fff, 0x1, 0x4}}}, @limit={{'limit\x00', 0x0, 0x20}, {{0x7, 0xfff, 0x8, 0x6f, 0x2, 0xfffffffb}}}], [@common=@dnat={'dnat\x00', 0x10, {{@local, 0xfffffffffffffffe}}}, @arpreply={'arpreply\x00', 0x10, {{@remote, 0xffffffffffffffff}}}], @snat={'snat\x00', 0x10, {{@multicast, 0xfffffffffffffffd}}}}]}]}, 0x836)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000001000000018000180140002006e6574641e7673696d30000000000000080004"], 0x34}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000ec0)={0xffffffffffffffff, 0x58, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000fc0)={&(0x7f0000000f00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x4, [@enum64={0x8, 0x8, 0x0, 0x13, 0x0, 0x2, [{0xa, 0xa69, 0x4}, {0xb, 0xee7, 0x3}, {0xb, 0x3, 0xef1}, {0x1, 0x3}, {0x1, 0x800, 0x552}, {0x3, 0x7, 0x2}, {0xe, 0xfffff43f, 0x1}, {0x10, 0x5, 0xffff9505}]}]}, {0x0, [0x61, 0x2e]}}, &(0x7f0000001180)=""/4096, 0x88, 0x1000, 0x0, 0x400000, 0x10000, @value=r1}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002340)={0xffffffffffffffff, 0xe0, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000001040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f0000001080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x8a, &(0x7f0000001100)=[{}], 0x8, 0x10, &(0x7f0000002180), &(0x7f00000021c0), 0x8, 0xb5, 0x8, 0x8, &(0x7f0000002200)}}, 0x10)
r6 = socket$inet6(0xa, 0x3, 0xff)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r7, 0x2, &(0x7f0000000040)=[&(0x7f0000ffa000/0x3000)=nil], 0x0, &(0x7f0000000080), 0x0)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r8 = dup2(r6, r6)
write$tun(r8, &(0x7f0000000040)=ANY=[], 0x46)
recvmmsg(r8, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}, 0x40}], 0x1, 0x40002042, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000002380)={{0x1, 0x1, 0x18, <r9=>r2, {0xfff}}, './file0\x00'})
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002640)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002440)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x4, 0x8, &(0x7f0000002600)=@framed={{0x18, 0x0, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000d80)='syzkaller\x00', 0x5, 0x71, &(0x7f0000000dc0)=""/113, 0x6f584bf5d781764b, 0x1, '\x00', r3, @fallback=0x30, r4, 0x8, &(0x7f0000001000)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, r5, r8, 0x3, &(0x7f00000024c0)=[r9, r10, r11], &(0x7f0000002500)=[{0x4, 0x3, 0xf, 0x3}, {0x5, 0x1, 0x10, 0x1}, {0x4, 0x1, 0xf, 0x8}], 0x10, 0x2218, @void, @value}, 0x94)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x1170, 0x1170, 0x0, 0x1170, 0x238, 0x1398, 0x1398, 0x238, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [0x0, 0x322], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x21}, 0x0, 0x120, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4e22], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xfe}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@unspec=@CLASSIFY={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, [0x0, 0x0, 0x0, 0xff000000], [], 'veth1_to_hsr\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r12, 0x0, 0x2, 0x0, 0x0)
accept(r0, 0x0, &(0x7f0000000380)=0xfffffffffffffce6)

5.952463449s ago: executing program 4 (id=398):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400100bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
capset(0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x2)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7ffffffffffffffb, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc040564a, &(0x7f0000000000)={0x0, 0x1, 0x101b, 0xffffffffffffffff, 0x0, 0x0})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
gettid()
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000040))
sendmsg$inet6(r6, 0x0, 0x8c4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x6, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x60000000}, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000009000000180001801400a09c00007468305f746f5f626f6e0a000000"], 0x2c}}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000050000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
timer_create(0x5, &(0x7f0000000200)={0x0, 0x8, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000340))

5.261936555s ago: executing program 2 (id=399):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='sched_switch\x00', r4}, 0x18)
socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r5, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
recvmmsg(r5, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140), 0x4)

5.167127497s ago: executing program 0 (id=400):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001800)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000793000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000040)="26260fae49000f1c70080fc7b90000008066baf80cb88cf2a689ef66bafc0cb037ee0f01dfdc7a0067670f01c381fa080000000f2c8423f47f00000f2045", 0x3e}], 0x1, 0x2a, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioperm(0x9, 0x7f, 0x7)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0)
poll(0x0, 0x0, 0x3)

2.518980732s ago: executing program 2 (id=401):
r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0xa, [@union={0x7, 0x3, 0x0, 0x5, 0x1, 0x5, [{0x4, 0x1, 0x5}, {0xe, 0x0, 0x6}, {0xd, 0x1, 0xa6}]}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x79, 0x0, 0x28}]}, {0x0, [0x5f, 0x2e, 0x61, 0x5f, 0x2e, 0x0, 0x0, 0x30]}}, &(0x7f0000000100)=""/42, 0x62, 0x2a, 0x0, 0x3, 0x10000, @value}, 0x28)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0xffffffff, 0x0, r0, 0xffff, '\x00', 0x0, r1, 0x3, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000200)={'wg0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x7, 0x7fff, 0x7f, 0x1582, r0, 0x6, '\x00', r3, r1, 0x0, 0x4, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', 0x0, 0x4018, r4}, 0x18)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0x3, <r6=>0x0}, 0x8)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r2, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r7, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0xffff, 0x7d}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20008010}, 0x40000)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r9, &(0x7f0000000780)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000580)={0x194, r10, 0x300, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xa8, 0x2, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5827e9d7a96d6103}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_STRSET_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x194}, 0x1, 0x0, 0x0, 0x8040}, 0x4)
alarm(0x400)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x20, 0x11, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbb87}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000880)='syzkaller\x00', 0x1, 0xef, &(0x7f00000008c0)=""/239, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000009c0)={0x5, 0x7, 0x2, 0x4}, 0x10, r6, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000a00)=[{0x3, 0x4, 0x5, 0x3}, {0x4, 0x3, 0x3, 0x4}], 0x10, 0x4, @void, @value}, 0x94)
r11 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000b00), 0x480000, 0x0)
ioctl$LOOP_CTL_GET_FREE(r11, 0x4c82)
ioctl$sock_SIOCINQ(r9, 0x541b, &(0x7f0000000b40))
r12 = accept4$netrom(r1, 0x0, &(0x7f0000000b80), 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000bc0)={'wlan0\x00'})
r13 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0)
r14 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r14, 0x405c5503, &(0x7f0000000c80)={{0x1, 0x3, 0x101, 0x9}, 'syz0\x00', 0x39})
ppoll(&(0x7f0000000d00)=[{r5, 0x10}, {r13, 0x100}, {r1, 0x200}], 0x3, &(0x7f0000000d40), &(0x7f0000000d80)={[0xe]}, 0x8)
bind$bt_hci(r13, &(0x7f0000000dc0)={0x1f, 0xffffffffffffffff}, 0x6)
sendmsg$NL80211_CMD_JOIN_MESH(r13, &(0x7f0000000f80)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000e40)={0xdc, r7, 0x2, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xa6c, 0x47}}}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_MESH_SETUP={0x14, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5, 0x6, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}]}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x15b}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}], @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x930}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x5a}, @NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x80}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x800}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x1}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x14}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xe9}]}, @NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x171b}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x40}]]}, 0xdc}, 0x1, 0x0, 0x0, 0x8040800}, 0x4008014)
ioctl$BLKDISCARD(r13, 0x1277, &(0x7f0000000fc0)=0x6)
sendmsg$DEVLINK_CMD_SB_GET(r13, &(0x7f0000001180)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001140)={&(0x7f0000001040)={0xfc, 0x0, 0x2, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffff35b7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7f}}]}, 0xfc}}, 0x0)
sendmsg$IPSET_CMD_ADD(r13, &(0x7f0000001280)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x1c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x24008855)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', r3, 0xffffffffffffffff, 0x3, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

2.516541627s ago: executing program 4 (id=402):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$igmp6(0xa, 0x3, 0x2)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x74)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0e00000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000fc021c3fbfd736ab4eae59aeadf36d7f2a46ac960884676094f0c235bd4093d58c8d5547a1ee0d6e2fbb02e158eee4ca44b88254c8ef6d95d3ada852e9371fac4196f969d17d0bb3a97bf6c7a1814f3eb439e3e633ac6576df3ce570c6c2aa47a099545654831e95090921cde8b9cfbd65565727284cd88366c355ab1a5f1a558474f799975c199a59050e71d07e60c58c273de34a3ec7839d3e107836731b7f686b586cf9932ac55ac688c4815dfa442fd517f3e27c5c54017ec662589a89e29eedae220e2420e28500df86427f9ba0eb47d2049af3d917d0358a58d3109a13e6c461bd72128d20bf5cab"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$nl_route(0x10, 0x3, 0x0)
socket$tipc(0x1e, 0x4, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r11=>0x0})
r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x20000, 0x0)
ioctl$TIOCGSOFTCAR(r12, 0x5419, &(0x7f0000000700))
ioctl$DRM_IOCTL_GET_CLIENT(r9, 0xc0286405, &(0x7f0000002940)={0x0, 0x3e86, {0xffffffffffffffff}, {<r13=>0xffffffffffffffff}, 0xc64, 0x7fffffff})
r14 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000000240)={0x0, <r15=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r15, 0xee01)
getgroups(0x3, &(0x7f0000002980)=[0xee00, 0xffffffffffffffff, <r16=>0xee00])
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000002a00)={0x5, 0x0, 0x4, 0x400, 0x315e, {}, {0x4, 0x2, 0x9, 0x10, 0x3, 0xa1, "18f2bf01"}, 0x2, 0x4, {}, 0x3, 0x0, <r17=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000002bc0)=[{{&(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000200), 0x0, &(0x7f0000000880)=ANY=[@ANYRES8=r6, @ANYRES32=r7, @ANYBLOB="0005000000000000000000000100000001000000", @ANYRES32=r10, @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r10, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r8, @ANYRES32=r0, @ANYRES32=r5, @ANYRES32=r7, @ANYBLOB="8f35b799f3d51beef947fef99787dea511541e324c2691f6640e42b66344a0fa368c3c7811ffa51a3ed48502cf1e1212347f", @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES16=r13, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000800000000000000000ef0000000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRESHEX=r6, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="1c000000000000000100000002000000", @ANYBLOB="22a9c9e349106b511420673544ea387ed9e9f7eaab36606045ff66acfa3cf5475eaf635108678ef418e91a9024782eefcf48a35dbc2d2e226090acb2", @ANYRES32=r15, @ANYRES32=r16, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r4, @ANYRES32, @ANYRES32=r17, @ANYBLOB='\x00\x00\x00\x00'], 0x138, 0x20000001}}], 0x1, 0x40000004)
ioctl$TIOCGSID(r12, 0x5429, &(0x7f0000000000))
r18 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r18, @ANYBLOB="08000100", @ANYRES32=r11], 0x90}}, 0x0)

2.458239659s ago: executing program 3 (id=403):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = getpgrp(0x0)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x4020000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000640)={{@my=0x1}, @hyper, 0x0, 0x2925, 0x0, 0x20000000, 0x4})
prctl$PR_CAPBSET_DROP(0x18, 0x3)
prctl$PR_SET_MM_MAP(0x17, 0x3, 0x0, 0xfffffffffffffdd7)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r5, 0x7a4, &(0x7f0000000040)={{@my=0x1}})
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp6\x00')
lseek(r7, 0x47, 0x0)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

2.420501574s ago: executing program 0 (id=404):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000005c000000030a010100000000000000000100fffd0900010073797a300000000028000480080002400000000008000140000000051400040076657468315f746f5f626174616476000c00024000000000000000040000000000000007c4000000000a00000000000000000000020000050900010073797a300000000058000600829f587969742d9d9d09743cccc421108088ac1a7053956e5fcf696a5d2eb97ccdd95f3cca548cfbe6ab6dfeaf7a9738d4c70ffa672c0f0e3f3407908df8f6627e4295f76b72f6dc49968a1fc9b47a4ba098238730cc588d967c9f07595a0900010073797a31000000000c00044000000000f200000308000240000000030c00044000000000000000050900010073797a31000000000c00044000000000000000020800024000000002140000001000ea2b177583013b77c3ec7d9483a1833170179016099ed540fba578a4462afc7d806f7780dd20e150e70bb54ba2065eaf6091348a72e5b5d7bdf9294c6a2a39ba9c68f3a7420d642706b3399661be30c96c729ff6a10b879c05f0faa0cd261e0fdf43edc449a12a32f8649af8771b101405871c3b95b07275209f51c5e8e8c990231456ce1d363bda86755795e9011f0f23dad604217f4d2dc1c04394dde7a5b27a6709d7158d800e6d2bb460f38c71693bc03d01941f932e3eb50a9fc0a1a434e2730babb724eaa7e7211c809c02f0f0e3ef7f70bdd7efce889c66f0c8abd61d4932b3eb71c6a04d1a557ff9946b2a142adf7362cb904447af6abecb2a9754bc1acb9d8fb777f920ff0cddd715eff0d39d3ee4b1326bb9b693771f1adf4185c205cbc52c58589400e0ab65de39ec994d8689b75f4adb95ab9fbf3bec07e2d082f4d4e653307a2bcf807591f107e7643f"], 0x168}}, 0xc064000)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10)
sendfile(r1, r0, 0x0, 0xffefffff)
accept4(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r6, r5, 0x7, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r6, &(0x7f0000000100)="a65ec4b1cd34bd48cda1fb761cf89426f151a35303a0e40100000001000000cf6c8eb105619e2a", &(0x7f00000004c0)=@tcp6=r4}, 0x20)
sendmmsg$inet6(r4, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0x12f45}], 0x7}}], 0x44, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000000)=0x6, 0x21, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x2)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2)
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="c8000000", @ANYRES16=r3, @ANYRESDEC=r3, @ANYRES32=r3, @ANYBLOB="1c00508009000a002b7f67bf2e3cab000000090001000000000000000000050008000000000088005080080007ffff001600040006000500090000000000200008"], 0xc8}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2.419037363s ago: executing program 1 (id=405):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe8e91000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3e, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d7", 0x1}], 0x1}, 0x0)
syz_clone(0x0, 0x0, 0x3f, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setns(0xffffffffffffffff, 0x24020000)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.314956702s ago: executing program 4 (id=406):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$l2tp6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast1, 0x6, 0x1}, 0x20)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000181000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)={0x44, r3, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x26}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x6eb}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xb38}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x50f7, 0x6, 0x9]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040810}, 0x4000000)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r6, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r6, &(0x7f00000000c0)="8f2a0a65bd8c001d0304000e0580a7b6070d63e286a5cefe", 0x5ac)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000002c0)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000180)={{@hyper, 0xfffffffe}, @hyper, 0x0, 0x8000})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r5, 0x7a9, &(0x7f0000000280)={{@hyper}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000ff6, 0xffffbffffffff801})
connect$vsock_stream(r2, &(0x7f0000000000), 0x10)
setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000040), 0x4)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x44, 0x0, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xc1bc}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001d180011800e000100636f6e6e6c696d697400000004000280140000001000010000000000000000000000000a"], 0x9c}}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
mount$9p_rdma(&(0x7f0000003600), &(0x7f0000003640)='./bus\x00', &(0x7f0000003680), 0x0, &(0x7f00000036c0)=ANY=[@ANYBLOB='trans=rdma,port=0x0'])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="f326a4d04224df8e8502bcdb172f0a1a8d678da62bcf9ef3a9f24f3128ab07a65dee76d8a9758f19b09e83209abf9b303a70c67d4ced0a5f37769cae00810dbc3737d0d4e50600000000000000aa300c4d7b70263a6da995a21ccefd25e773c19d9c5877082773c45be6c84562927037f67ad5f8731c2d1e5bb2577f64e834a0dd669748bcc9af7cfecc3570cb1303fc6de21a114f42ee2fde104ce32ae7302ce7a0ec58bc68505a919055fe3d1f9871cba17e1a99f3121eeede3421af01210b2e14ec19325bbb16e06d5eea5976c0903880ef00f66bb87c959cea6538bd307afb18227080eaf10a98bfc42bdc1fdc3530a4ab6ccc39abb6af560d17c8e171232515ffec915ff597e2438ff336a575e7622af55cb57a76c6b8d071e89d3db504482ba07e0a89551119bdd8e414f203cd7a737004ed1257b22a2385fa1a466a699d9c3b18e4348fd82327ea8cd0b7b3359f9f435cdda59ff050f6d765cbf4c7e256717085e1b6f8250f3dc9440a289f39516f61e1b320ad027900d26511a7", @ANYRESHEX=0x0, @ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRESOCT=r0, @ANYRES64=r0, @ANYRESHEX=r1], 0x10)

1.739687876s ago: executing program 2 (id=407):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
fsopen(&(0x7f0000000240)='afs\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f2, &(0x7f0000000300)={'ip_vti0\x00', &(0x7f0000000800)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x5, 0xffffff0a, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @broadcast}}}})
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{}, 'syz1\x00'})
dup(r4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000008c0)=ANY=[@ANYBLOB="e000000010000b0500000000000200006f6d8864d22a3f2ffaa46c88bcbd0000002b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff5f5f2829882fbd9423debbb86f9dba4a2dba4dbe076c02262600c43443efd6f5091dfbd56183a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b8000000000000000000000a0912086d9e4606d2e4cc898739222c5d3a83c00341c5ae846a60cf93ab48d68e8e9467d1ccadc4200000000000007f819d509dba0cc3814a2174244ed078bb4487663000d0f52265569217759553b46f5c8a61c2d970eb59f"], 0xe0}], 0x1}, 0x0)
inotify_init1(0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)

1.512847487s ago: executing program 1 (id=408):
epoll_create1(0x0)
r0 = epoll_create1(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb7030000e5ff0000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432})
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
r3 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)

792.277008ms ago: executing program 3 (id=409):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x50d8, &(0x7f0000000080)={0x0, 0xfffffffe, 0x0, 0x10000, 0x7}, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
r0 = fanotify_init(0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r0, 0x101, 0x20, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
preadv(r2, &(0x7f0000001240)=[{&(0x7f0000000040)=""/18, 0x12}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

408.636124ms ago: executing program 4 (id=410):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b2f113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2002045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f6b43ec83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea5919ffff72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff153d20f3681f7a3a31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000480)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x3, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

148.942848ms ago: executing program 3 (id=411):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYRESOCT], &(0x7f0000000200)='GPL\x00', 0xbb22, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000104000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c00028014001800fc0100000000000000000000000000000500160002000000040012000500170000000000"], 0x60}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCGRDESCSIZE(r5, 0x80044801, &(0x7f0000000240))
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0xf)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x6, 0x2, 0x4})
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000003c0)={0x0, @win={{0x0, 0x0, 0xffffffff}, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5}})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$kcm(0x10, 0xd, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xe4010000, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000017000b63d25a80648c2594f941a3c92b", 0x14}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000300)='vm_unmapped_area\x00', r0}, 0x18)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000040)=0x1df67, 0x4)
io_setup(0xfffffc01, &(0x7f00000002c0))
r9 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001340), 0x2, 0x0)
write$6lowpan_control(r9, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:11 0', 0x1b)

11.432838ms ago: executing program 1 (id=412):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='sched_switch\x00', r4}, 0x18)
socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r5, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
recvmmsg(r5, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140), 0x4)

0s ago: executing program 4 (id=413):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000080)="3e3e3e0f01cf0ffc9881ff0f30b800008ee00f4ec3f1f29466b9800000c00f326635000800000f30baa000b080ee0f07", 0x30}], 0x1, 0x0, 0x0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10d000})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x71, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)=[{0x0, 0x1, 0x5, 0xb}], 0x10, 0x494, @void, @value}, 0x94)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)

kernel console output (not intermixed with test programs):

 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input8
[   79.642084][ T5190] bcm5974 2-1:0.0: could not read from device
[   79.668498][    T9] usb 2-1: USB disconnect, device number 2
[   79.682880][ T5190] bcm5974 2-1:0.0: could not read from device
[   79.886976][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.900743][   T29] audit: type=1326 audit(1729845725.163:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.4.13" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x0
[   79.999167][ T5957] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   80.042695][ T5957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14'.
[   80.056814][ T5883] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   80.079515][ T5957] bond0: entered promiscuous mode
[   80.085163][ T5957] bond_slave_0: entered promiscuous mode
[   80.094413][ T5957] bond_slave_1: entered promiscuous mode
[   80.108798][ T5957] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   80.225483][ T5883] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   80.234792][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.245008][ T5883] usb 1-1: Product: syz
[   80.250036][ T5883] usb 1-1: Manufacturer: syz
[   80.255248][ T5883] usb 1-1: SerialNumber: syz
[   80.318804][ T5883] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   80.352823][    T8] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   80.759712][ T5883] usb 1-1: USB disconnect, device number 2
[   80.800547][ T5964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16'.
[   80.814885][ T5964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16'.
[   81.047947][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   81.224452][ T5970] fuse: Unknown parameter '00000000000000040000'
[   81.772599][ T5881] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   81.780852][    T8] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   81.790267][    T8] ath9k_htc: Failed to initialize the device
[   81.867674][ T5883] usb 1-1: ath9k_htc: USB layer deinitialized
[   81.963285][ T5972] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.132151][    T9] usb 3-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=36.16
[   82.141524][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.151138][    T9] usb 3-1: Product: syz
[   82.155337][    T9] usb 3-1: Manufacturer: syz
[   82.165964][    T9] usb 3-1: SerialNumber: syz
[   82.201460][ T5881] usb 2-1: Using ep0 maxpacket: 16
[   82.214673][    T9] usb 3-1: config 0 descriptor??
[   82.576288][    T9] ttusb_dec_send_command: command bulk message failed: error -22
[   82.585616][    T9] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22
[   83.013917][ T5881] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   83.040434][ T5881] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   83.076821][ T5881] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   83.191671][ T5881] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   83.204456][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.276898][ T5881] usb 2-1: Product: syz
[   83.281184][ T5881] usb 2-1: Manufacturer: syz
[   83.285816][ T5881] usb 2-1: SerialNumber: syz
[   83.337915][ T5931] usb 3-1: USB disconnect, device number 4
[   83.778366][ T5881] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[   83.799196][ T5881] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82
[   83.887086][ T5931] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   84.076344][ T5989] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.22'.
[   84.209235][ T5931] usb 5-1: device descriptor read/64, error -71
[   84.516756][ T5881] usb 2-1: USB disconnect, device number 3
[   84.806839][ T5931] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   84.816912][ T5995] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.24'.
[   85.175450][ T5931] usb 5-1: device descriptor read/64, error -71
[   85.307607][ T5931] usb usb5-port1: attempt power cycle
[   85.932274][ T6008] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.28'.
[   85.969509][ T5931] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   85.996845][   T29] audit: type=1326 audit(1729845731.243:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.0.29" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0ff7e719 code=0x0
[   86.042544][ T6014] 9pnet_fd: Insufficient options for proto=fd
[   86.045769][ T5931] usb 5-1: device descriptor read/8, error -71
[   86.066473][ T6014] syz.0.29: attempt to access beyond end of device
[   86.066473][ T6014] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[   86.099428][ T6014] EXT4-fs (nbd0): unable to read superblock
[   86.376944][ T5910] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   86.406964][ T5931] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   86.605743][ T5910] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   86.702818][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.927879][ T5910] usb 4-1: Product: syz
[   86.932114][ T5910] usb 4-1: Manufacturer: syz
[   86.937867][ T5910] usb 4-1: SerialNumber: syz
[   86.943937][ T5931] usb 5-1: device not accepting address 6, error -71
[   86.958526][ T5910] usb 4-1: config 0 descriptor??
[   86.964475][ T5931] usb usb5-port1: unable to enumerate USB device
[   88.332651][   T25] cfg80211: failed to load regulatory.db
[   88.588303][   T25] usb 4-1: USB disconnect, device number 3
[   88.624749][ T6020] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.30'.
[   88.634726][ T6020] openvswitch: netlink: Tunnel attr 245 out of range max 16
[   88.697858][ T6039] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[   89.003836][ T6043] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.33'.
[   89.914636][ T6046] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.34'.
[   89.955149][ T6046] openvswitch: netlink: Tunnel attr 245 out of range max 16
[   90.202080][ T6049] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[   90.292441][ T6058] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.38'.
[   92.087440][    T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   92.325699][    T8] usb 4-1: Using ep0 maxpacket: 32
[   92.466987][    T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice=da.88
[   92.485152][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.515808][    T8] usb 4-1: Product: syz
[   92.526708][    T8] usb 4-1: Manufacturer: syz
[   92.531362][    T8] usb 4-1: SerialNumber: syz
[   92.629899][    T8] usb 4-1: config 0 descriptor??
[   92.645464][    T8] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10
[   92.857241][ T5931] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[   92.864980][ T5190] bcm5974 4-1:0.0: could not read from device
[   93.597637][ T5910] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   93.617368][ T5190] bcm5974 4-1:0.0: could not read from device
[   93.708222][ T5931] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[   93.710328][    T8] usb 4-1: USB disconnect, device number 4
[   93.716267][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   93.753754][ T5931] usb 5-1: config 0 has no interface number 0
[   93.786847][ T5910] usb 1-1: device descriptor read/64, error -71
[   93.804973][ T5931] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   93.827036][ T5931] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   93.878560][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.913033][ T5931] usb 5-1: config 0 descriptor??
[   93.939430][ T5931] iowarrior 5-1:0.1: no interrupt-in endpoint found
[   94.037617][ T5910] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   94.176873][ T5910] usb 1-1: device descriptor read/64, error -71
[   94.185576][ T6076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.207727][ T6076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.234008][ T6076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.257531][ T6076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.287170][    T8] usb 5-1: USB disconnect, device number 7
[   94.307258][ T5910] usb usb1-port1: attempt power cycle
[   94.434093][ T6101] syz.3.48 uses obsolete (PF_INET,SOCK_PACKET)
[   94.707102][ T5910] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   94.728771][ T5910] usb 1-1: device descriptor read/8, error -71
[   94.966921][ T5910] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   95.083621][ T5910] usb 1-1: device descriptor read/8, error -71
[   95.187136][ T5931] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   95.297287][ T5910] usb usb1-port1: unable to enumerate USB device
[   95.432539][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.2.52'.
[   95.443775][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.2.52'.
[   95.504772][ T5931] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   95.514747][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.523178][ T5931] usb 2-1: Product: syz
[   95.527710][ T5931] usb 2-1: Manufacturer: syz
[   95.532639][ T5931] usb 2-1: SerialNumber: syz
[   95.542080][ T5931] usb 2-1: config 0 descriptor??
[   96.383945][ T6119] netlink: 20 bytes leftover after parsing attributes in process `syz.0.55'.
[   96.394342][ T5881] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   96.394432][ T6119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.55'.
[   96.402480][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   96.419597][ T6119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.55'.
[   96.431863][ T6119] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[   96.480115][ T5931] usb 2-1: USB disconnect, device number 4
[   96.567028][ T5881] usb 3-1: Using ep0 maxpacket: 16
[   96.750857][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[   96.760116][    T9] usb 5-1: config 0 has no interface number 0
[   96.766402][ T5881] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   96.780964][    T9] usb 5-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[   96.792522][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.799466][ T6126] IPv6: syztnl2: Disabled Multicast RS
[   96.800839][ T5881] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   96.821467][    T9] usb 5-1: Product: syz
[   96.825679][    T9] usb 5-1: Manufacturer: syz
[   96.830696][    T9] usb 5-1: SerialNumber: syz
[   96.835913][ T5881] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   96.867729][    T9] usb 5-1: config 0 descriptor??
[   96.876896][    T9] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[   96.885902][    T9] cx231xx 5-1:0.1: Not found matching IAD interface
[   96.915004][ T5881] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   96.924301][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.932700][ T5881] usb 3-1: Product: syz
[   96.937231][ T5881] usb 3-1: Manufacturer: syz
[   96.941839][ T5881] usb 3-1: SerialNumber: syz
[   97.017617][    T8] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   97.066855][ T5836] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   97.084097][ T6114] random: crng reseeded on system resumption
[   97.179133][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   97.196806][    T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   97.246783][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[   97.261324][ T5836] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.276712][ T5836] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   97.296869][ T5836] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   97.298939][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   97.305950][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   97.305974][ T5836] usb 1-1: SerialNumber: syz
[   97.388118][ T5881] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[   97.399337][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[   97.413363][ T5881] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82
[   97.444141][    T8] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   97.484841][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.511827][ T5881] usb 3-1: USB disconnect, device number 5
[   97.526800][    T8] usb 4-1: Product: syz
[   97.537744][    T8] usb 4-1: Manufacturer: syz
[   97.552935][    T8] usb 4-1: SerialNumber: syz
[   97.579982][    T8] usb 4-1: config 0 descriptor??
[   97.583477][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.670974][    T8] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected
[   97.683168][ T5836] usb 1-1: 0:2 : does not exist
[   97.690513][    T8] garmin_gps ttyUSB0: failed to submit interrupt urb: -90
[   97.719133][    T8] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90
[   97.763795][ T5910] usb 5-1: USB disconnect, device number 8
[   97.798468][ T5836] usb 1-1: USB disconnect, device number 7
[   97.841169][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.953071][ T6124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.963931][ T6124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.121512][ T5836] usb 4-1: USB disconnect, device number 5
[   98.135340][ T5836] garmin_gps 4-1:0.0: device disconnected
[   98.472180][ T5910] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   98.759238][ T5910] usb 1-1: Using ep0 maxpacket: 16
[   98.786201][ T5910] usb 1-1: config index 0 descriptor too short (expected 16456, got 72)
[   98.795043][ T5910] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   98.803837][ T5910] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   98.813435][ T5910] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   98.870615][ T5910] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[   98.879811][ T5910] usb 1-1: config 0 has no interface number 0
[   98.885939][ T5910] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[   98.897256][ T5910] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[   99.897159][ T5910] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[   99.907216][ T5910] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   99.920574][ T5910] usb 1-1: config 0 interface 125 has no altsetting 0
[   99.928170][ T5910] usb 1-1: config 0 interface 125 has no altsetting 2
[  100.119136][ T5881] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  100.219402][ T5910] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  100.229414][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.237654][ T5910] usb 1-1: Product: syz
[  100.259641][ T5910] usb 1-1: Manufacturer: syz
[  100.260703][ T5881] usb 5-1: device descriptor read/64, error -71
[  100.264282][ T5910] usb 1-1: SerialNumber: syz
[  100.278100][ T5910] usb 1-1: config 0 descriptor??
[  100.307521][ T5910] usb 1-1: selecting invalid altsetting 2
[  100.350052][ T6158] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.68'.
[  100.359874][ T6158] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  100.508782][ T5881] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  100.517835][    C1] usb 1-1: async_complete: urb error -71
[  100.523656][    C1] usb 1-1: async_complete: urb error -71
[  100.529386][    C1] usb 1-1: async_complete: urb error -71
[  100.535070][    C1] usb 1-1: async_complete: urb error -71
[  100.553723][ T6160] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  100.625426][ T5910] get_1284_register: usb error -71
[  100.631054][ T5910] uss720 1-1:0.125: probe with driver uss720 failed with error -71
[  100.645760][ T5910] usb 1-1: USB disconnect, device number 8
[  100.648347][ T5881] usb 5-1: device descriptor read/64, error -71
[  100.787232][ T5881] usb usb5-port1: attempt power cycle
[  100.811601][ T6165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.69'.
[  100.821320][ T6165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.69'.
[  101.068319][ T5910] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  101.225101][ T5881] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  101.236871][ T5910] usb 2-1: Using ep0 maxpacket: 16
[  101.297860][ T5881] usb 5-1: device descriptor read/8, error -71
[  101.404082][ T5910] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  101.415323][ T5910] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  101.471249][ T5910] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  101.504725][ T5910] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  101.514218][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.526684][ T5910] usb 2-1: Product: syz
[  101.530892][ T5910] usb 2-1: Manufacturer: syz
[  101.546070][ T5910] usb 2-1: SerialNumber: syz
[  101.551617][ T6173] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.70'.
[  101.597477][ T5881] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  101.806799][ T5881] usb 5-1: device not accepting address 12, error -71
[  102.536862][ T5881] usb usb5-port1: unable to enumerate USB device
[  102.658833][ T6178] netlink: 8 bytes leftover after parsing attributes in process `syz.4.73'.
[  102.728920][ T6178] bond0: entered promiscuous mode
[  102.762588][ T5910] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  102.772986][ T6178] bond_slave_0: entered promiscuous mode
[  102.786979][ T6178] bond_slave_1: entered promiscuous mode
[  102.793642][ T6178] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  103.056816][ T5910] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82
[  103.128130][ T5910] usb 2-1: USB disconnect, device number 5
[  103.203404][ T6186] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.77'.
[  103.382335][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  103.526926][    T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  103.708322][    T8] usb 5-1: Using ep0 maxpacket: 16
[  103.830733][    T8] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  104.047244][    T8] usb 5-1: config 0 has no interface number 0
[  104.216040][    T8] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  104.261879][    T8] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  104.293829][ T6193] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.79'.
[  104.306060][    T8] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  104.315259][ T6193] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  104.327141][    T8] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  104.335303][    T8] usb 5-1: Manufacturer: syz
[  104.347883][    T8] usb 5-1: SerialNumber: syz
[  104.355291][    T8] usb 5-1: config 0 descriptor??
[  104.363711][ T6187] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  104.400624][ T6193] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  104.998553][    T8] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71
[  105.007277][    T8] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  105.033239][    T8] usb 5-1: USB disconnect, device number 13
[  105.519145][ T5881] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  105.527367][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  105.697077][    T9] usb 4-1: device descriptor read/64, error -71
[  105.736524][ T5881] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  105.752360][ T5881] usb 1-1: config 0 has no interface number 0
[  105.811226][ T5881] usb 1-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  105.834816][ T6218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.85'.
[  105.852381][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.937935][ T5881] usb 1-1: Product: syz
[  105.976481][ T5881] usb 1-1: Manufacturer: syz
[  105.981779][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  106.038186][ T5881] usb 1-1: SerialNumber: syz
[  106.164360][ T5881] usb 1-1: config 0 descriptor??
[  106.297419][    T9] usb 4-1: device descriptor read/64, error -71
[  106.348476][ T5881] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  106.409417][    T9] usb usb4-port1: attempt power cycle
[  106.415038][ T5881] cx231xx 1-1:0.1: Not found matching IAD interface
[  106.565069][ T6227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.89'.
[  106.644231][ T6227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.89'.
[  106.648473][   T25] usb 1-1: USB disconnect, device number 9
[  106.804170][ T6228] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.87'.
[  106.892366][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  107.123208][    T9] usb 4-1: device descriptor read/8, error -71
[  107.216828][ T5836] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  107.387183][ T5836] usb 5-1: Using ep0 maxpacket: 16
[  107.482871][ T6236] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.90'.
[  107.486214][ T5836] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  107.526787][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  107.549192][ T5836] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  107.605867][ T5836] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  107.646159][    T9] usb 4-1: device descriptor read/8, error -71
[  107.736116][ T5836] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  107.824287][    T9] usb usb4-port1: unable to enumerate USB device
[  107.895469][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.971280][ T5836] usb 5-1: Product: syz
[  107.975512][ T5836] usb 5-1: Manufacturer: syz
[  108.007876][ T5836] usb 5-1: SerialNumber: syz
[  108.433141][ T6242] netlink: 20 bytes leftover after parsing attributes in process `syz.1.91'.
[  108.447310][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.91'.
[  108.456256][ T6242] netlink: 24 bytes leftover after parsing attributes in process `syz.1.91'.
[  108.487577][ T6242] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  109.030572][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.064167][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.072330][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.088182][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.096629][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.106224][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.113913][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.121578][ T5836] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[  109.129791][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.137821][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.147165][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.154632][ T5836] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82
[  109.161545][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  109.271364][ T6252] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.93'.
[  109.280829][ T6252] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  109.303326][ T5836] usb 5-1: USB disconnect, device number 14
[  109.349022][ T6079] udevd[6079]: setting mode of /dev/mixer3 to 020660 failed: No such file or directory
[  109.377252][ T6079] udevd[6079]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory
[  109.395577][ T6254] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  109.467036][   T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  109.541436][   T29] audit: type=1326 audit(1729845754.793:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.3.96" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f724eb7e719 code=0x0
[  109.591685][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.97'.
[  109.604371][ T6258] bond0: entered promiscuous mode
[  109.610222][ T6258] bond_slave_0: entered promiscuous mode
[  109.617325][ T6258] bond_slave_1: entered promiscuous mode
[  109.625105][ T6258] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  109.635765][ T6259] syz.3.96: attempt to access beyond end of device
[  109.635765][ T6259] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  109.649180][ T6259] EXT4-fs (nbd3): unable to read superblock
[  109.976713][   T25] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  110.935064][   T25] usb 2-1: config 0 has no interface number 0
[  111.887098][   T25] usb 2-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  111.896475][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.915930][   T25] usb 2-1: Product: syz
[  111.924247][   T25] usb 2-1: Manufacturer: syz
[  111.951454][   T25] usb 2-1: SerialNumber: syz
[  111.983262][   T25] usb 2-1: config 0 descriptor??
[  112.004512][   T25] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  112.024200][   T25] cx231xx 2-1:0.1: Not found matching IAD interface
[  112.082224][   T25] usb 2-1: USB disconnect, device number 6
[  112.367044][ T5836] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  112.698729][ T6287] netlink: 8 bytes leftover after parsing attributes in process `syz.2.101'.
[  112.716976][ T5910] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  112.772050][ T6288] netlink: 20 bytes leftover after parsing attributes in process `syz.3.103'.
[  112.785071][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'.
[  112.794093][ T6288] netlink: 24 bytes leftover after parsing attributes in process `syz.3.103'.
[  112.867490][   T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  112.924342][ T5910] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  112.946330][ T5836] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  112.993229][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.064617][   T25] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  113.088569][ T5836] usb 5-1: config 0 has no interface number 0
[  113.128105][ T5910] usb 1-1: Product: syz
[  113.146174][   T25] usb 2-1: config 0 has no interface number 0
[  113.235373][ T5910] usb 1-1: Manufacturer: syz
[  113.242424][ T5836] usb 5-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  113.251997][ T5910] usb 1-1: SerialNumber: syz
[  113.257148][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.267570][   T25] usb 2-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  113.371180][ T5910] usb 1-1: config 0 descriptor??
[  113.376178][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.385521][ T5836] usb 5-1: Product: syz
[  113.393938][ T5836] usb 5-1: Manufacturer: syz
[  113.404050][   T25] usb 2-1: Product: syz
[  113.412336][   T25] usb 2-1: Manufacturer: syz
[  113.419014][ T5836] usb 5-1: SerialNumber: syz
[  113.426590][   T25] usb 2-1: SerialNumber: syz
[  113.439131][   T25] usb 2-1: config 0 descriptor??
[  113.445866][ T5836] usb 5-1: config 0 descriptor??
[  113.463455][ T5836] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  113.477818][   T25] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  113.508268][ T5836] cx231xx 5-1:0.1: Not found matching IAD interface
[  113.517161][   T25] cx231xx 2-1:0.1: Not found matching IAD interface
[  113.661221][ T5836] usb 5-1: USB disconnect, device number 15
[  113.704838][   T25] usb 1-1: USB disconnect, device number 10
[  113.715492][ T6282] random: crng reseeded on system resumption
[  113.869112][ T6300] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.107'.
[  113.880106][ T6300] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  113.896854][ T5911] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  113.955948][ T6302] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  114.046912][ T5911] usb 4-1: device descriptor read/64, error -71
[  114.088254][ T5836] usb 2-1: USB disconnect, device number 7
[  114.420568][ T5911] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  114.769066][ T5911] usb 4-1: device descriptor read/64, error -71
[  114.877620][ T5911] usb usb4-port1: attempt power cycle
[  115.642997][ T6316] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.110'.
[  115.916354][ T5911] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  115.950549][ T5911] usb 4-1: device descriptor read/8, error -71
[  116.036783][ T5836] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  116.130839][ T6332] Zero length message leads to an empty skb
[  116.196881][ T5911] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  116.198502][ T5836] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  116.237572][ T5911] usb 4-1: device descriptor read/8, error -71
[  116.244097][ T5836] usb 5-1: config 0 has no interface number 0
[  116.256252][ T5836] usb 5-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  116.282129][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.293917][ T5836] usb 5-1: Product: syz
[  116.301523][ T5836] usb 5-1: Manufacturer: syz
[  116.306306][ T5836] usb 5-1: SerialNumber: syz
[  116.325442][ T5836] usb 5-1: config 0 descriptor??
[  116.339963][ T5836] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  116.347875][ T5911] usb usb4-port1: unable to enumerate USB device
[  116.355501][ T5836] cx231xx 5-1:0.1: Not found matching IAD interface
[  116.436994][   T25] usb 2-1: new low-speed USB device number 8 using dummy_hcd
[  116.546583][ T6319] random: crng reseeded on system resumption
[  116.638211][   T25] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  116.648739][   T25] usb 2-1: config 0 has no interface number 0
[  116.655555][   T25] usb 2-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  116.691485][   T25] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  116.717142][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.728829][   T25] usb 2-1: config 0 descriptor??
[  116.744830][   T25] iowarrior 2-1:0.1: no interrupt-in endpoint found
[  116.815652][   T25] usb 5-1: USB disconnect, device number 16
[  116.951044][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.118'.
[  117.012514][ T6334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.117525][ T6334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.136603][ T6334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.162117][ T6334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.182678][   T25] usb 2-1: USB disconnect, device number 8
[  117.490137][ T5911] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  117.824967][ T5911] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  117.833265][ T5911] usb 1-1: config 0 has no interface number 0
[  117.841692][ T5911] usb 1-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  117.871800][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.629590][ T5911] usb 1-1: Product: syz
[  118.634058][ T5911] usb 1-1: Manufacturer: syz
[  118.638852][ T5911] usb 1-1: SerialNumber: syz
[  118.647063][ T5911] usb 1-1: config 0 descriptor??
[  118.660865][ T5911] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  118.670691][ T5911] cx231xx 1-1:0.1: Not found matching IAD interface
[  118.811803][ T6359] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.124'.
[  118.891440][   T25] usb 1-1: USB disconnect, device number 11
[  119.357373][    T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  119.486749][    T8] usb 4-1: device descriptor read/64, error -71
[  119.493606][ T6380] random: crng reseeded on system resumption
[  119.526738][ T5911] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  119.556745][ T5881] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  119.686990][ T5911] usb 5-1: Using ep0 maxpacket: 8
[  119.695491][ T5911] usb 5-1: config 0 has no interfaces?
[  119.703902][ T5911] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  119.717042][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  119.727640][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.130'.
[  119.736775][    T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  119.744784][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.778046][ T5881] usb 2-1: config 0 has no interfaces?
[  119.783640][ T5881] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  119.795446][ T5911] usb 5-1: Product: syz
[  119.799853][ T5911] usb 5-1: Manufacturer: syz
[  119.804584][ T5911] usb 5-1: SerialNumber: syz
[  119.809483][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.819894][ T5911] usb 5-1: config 0 descriptor??
[  119.828077][ T5881] usb 2-1: config 0 descriptor??
[  119.916741][    T8] usb 4-1: device descriptor read/64, error -71
[  120.028539][    T8] usb usb4-port1: attempt power cycle
[  120.038861][ T5881] kernel write not supported for file /audio (pid: 5881 comm: kworker/0:5)
[  120.060304][ T5881] usb 5-1: USB disconnect, device number 17
[  120.381747][    T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  120.417457][    T8] usb 4-1: device descriptor read/8, error -71
[  120.481590][   T25] usb 2-1: USB disconnect, device number 9
[  120.667456][    T8] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  120.687508][    T8] usb 4-1: device descriptor read/8, error -71
[  120.797138][    T8] usb usb4-port1: unable to enumerate USB device
[  121.016923][   T25] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  121.186710][   T25] usb 5-1: Using ep0 maxpacket: 32
[  121.205858][   T25] usb 5-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice=da.88
[  121.220565][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.239763][   T25] usb 5-1: Product: syz
[  121.243984][   T25] usb 5-1: Manufacturer: syz
[  121.249996][   T25] usb 5-1: SerialNumber: syz
[  121.312309][   T25] usb 5-1: config 0 descriptor??
[  121.427366][   T25] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14
[  121.546293][ T5190] bcm5974 5-1:0.0: could not read from device
[  121.672976][   T25] usb 5-1: USB disconnect, device number 18
[  121.673916][ T5190] bcm5974 5-1:0.0: could not read from device
[  121.897146][ T5836] usb 1-1: new low-speed USB device number 12 using dummy_hcd
[  122.061850][ T5836] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  122.070081][ T5836] usb 1-1: config 0 has no interface number 0
[  122.076181][ T5836] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  122.095808][ T5836] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  122.110198][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.145221][ T5836] usb 1-1: config 0 descriptor??
[  122.159579][ T5836] iowarrior 1-1:0.1: no interrupt-in endpoint found
[  122.362735][ T5911] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  122.418306][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.463646][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.512191][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.569341][ T5911] usb 2-1: Using ep0 maxpacket: 16
[  122.578354][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.599377][ T5911] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  122.645410][ T5911] usb 2-1: config 0 has no interface number 0
[  122.656837][    T8] usb 1-1: USB disconnect, device number 12
[  122.696087][ T5911] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  123.490564][ T5911] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  123.594324][ T5911] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  123.605628][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  123.651600][ T5911] usb 2-1: Manufacturer: syz
[  123.673141][ T5911] usb 2-1: SerialNumber: syz
[  124.318004][ T5911] usb 2-1: config 0 descriptor??
[  124.327135][ T5881] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  124.619689][ T6400] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  124.768699][ T5881] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  124.776937][ T5881] usb 4-1: config 0 has no interface number 0
[  125.766075][ T5881] usb 4-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  125.775687][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.854850][ T5881] usb 4-1: Product: syz
[  125.874614][ T5881] usb 4-1: Manufacturer: syz
[  125.886587][ T5881] usb 4-1: SerialNumber: syz
[  125.909302][ T5881] usb 4-1: config 0 descriptor??
[  125.932733][ T5911] usbtouchscreen 2-1:0.214: Failed to read FW rev: -71
[  125.942243][ T5911] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71
[  125.953543][ T5881] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  125.973185][ T5881] cx231xx 4-1:0.1: Not found matching IAD interface
[  126.001736][ T5911] usb 2-1: USB disconnect, device number 10
[  126.627718][ T5911] usb 4-1: USB disconnect, device number 18
[  126.903440][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'.
[  127.867730][ T5830] Bluetooth: hci0: unexpected cc 0x0c24 length: 2 > 1
[  128.746915][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  128.963202][ T6449] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.149'.
[  128.994481][    T9] usb 3-1: Using ep0 maxpacket: 32
[  129.004096][    T9] usb 3-1: no configurations
[  129.022418][    T9] usb 3-1: can't read configurations, error -22
[  129.177260][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  129.337218][ T5836] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  129.386804][    T9] usb 3-1: Using ep0 maxpacket: 32
[  129.395079][    T9] usb 3-1: no configurations
[  129.412493][    T9] usb 3-1: can't read configurations, error -22
[  129.420157][    T9] usb usb3-port1: attempt power cycle
[  129.597009][ T5836] usb 4-1: Using ep0 maxpacket: 32
[  129.610039][ T5836] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice=da.88
[  129.619469][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.862528][ T5836] usb 4-1: Product: syz
[  129.874051][ T5836] usb 4-1: Manufacturer: syz
[  129.890209][ T5836] usb 4-1: SerialNumber: syz
[  129.900908][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  129.915354][ T5836] usb 4-1: config 0 descriptor??
[  129.937654][    T9] usb 3-1: Using ep0 maxpacket: 32
[  129.943744][ T5836] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input16
[  129.945451][    T9] usb 3-1: no configurations
[  129.999444][    T9] usb 3-1: can't read configurations, error -22
[  130.231198][ T5190] bcm5974 4-1:0.0: could not read from device
[  130.264802][ T5190] bcm5974 4-1:0.0: could not read from device
[  130.267142][    T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  131.593235][    T9] usb 3-1: device descriptor read/8, error -71
[  131.622007][ T5836] usb 4-1: USB disconnect, device number 19
[  132.013792][ T5830] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  132.023378][ T5830] Bluetooth: hci0: Injecting HCI hardware error event
[  132.032135][ T5830] Bluetooth: hci0: hardware error 0x00
[  132.040158][    T9] usb usb3-port1: unable to enumerate USB device
[  132.903439][ T6466] FAULT_INJECTION: forcing a failure.
[  132.903439][ T6466] name failslab, interval 1, probability 0, space 0, times 0
[  133.006451][ T6466] CPU: 0 UID: 0 PID: 6466 Comm: syz.1.152 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  133.017105][ T6466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  133.027188][ T6466] Call Trace:
[  133.030492][ T6466]  <TASK>
[  133.033458][ T6466]  dump_stack_lvl+0x241/0x360
[  133.038175][ T6466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.043520][ T6466]  ? __pfx__printk+0x10/0x10
[  133.048271][ T6466]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  133.054293][ T6466]  ? __pfx___might_resched+0x10/0x10
[  133.059620][ T6466]  should_fail_ex+0x3b0/0x4e0
[  133.064323][ T6466]  should_failslab+0xac/0x100
[  133.068997][ T6466]  ? __alloc_skb+0x1c3/0x440
[  133.073676][ T6466]  kmem_cache_alloc_node_noprof+0x71/0x320
[  133.079507][ T6466]  __alloc_skb+0x1c3/0x440
[  133.083923][ T6466]  ? __pfx___alloc_skb+0x10/0x10
[  133.088871][ T6466]  ? netlink_ack_tlv_len+0x6e/0x200
[  133.093452][ T6470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.155'.
[  133.094099][ T6466]  netlink_ack+0x13f/0xa30
[  133.107300][ T6466]  ? ____sys_sendmsg+0x52a/0x7e0
[  133.112277][ T6466]  ? __sys_sendmsg+0x292/0x380
[  133.117077][ T6466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.123193][ T6466]  netlink_rcv_skb+0x262/0x430
[  133.128014][ T6466]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  133.133501][ T6466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  133.138822][ T6466]  ? cap_capable+0x1b4/0x250
[  133.143445][ T6466]  ? safesetid_security_capable+0xb2/0x1d0
[  133.149371][ T6466]  ? bpf_lsm_capable+0x9/0x10
[  133.154074][ T6466]  ? security_capable+0x7e/0x2d0
[  133.159046][ T6466]  nfnetlink_rcv+0x297/0x2ab0
[  133.163782][ T6466]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  133.169545][ T6466]  ? __dev_queue_xmit+0x2da/0x3ed0
[  133.174697][ T6466]  ? __dev_queue_xmit+0x171d/0x3ed0
[  133.176930][ T6470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.155'.
[  133.179916][ T6466]  ? kasan_save_track+0x51/0x80
[  133.193552][ T6466]  ? do_syscall_64+0xf3/0x230
[  133.198307][ T6466]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  133.203461][ T6466]  ? __dev_queue_xmit+0x2da/0x3ed0
[  133.208607][ T6466]  ? __pfx___dev_queue_xmit+0x10/0x10
[  133.214024][ T6466]  ? ref_tracker_free+0x643/0x7e0
[  133.219085][ T6466]  ? __asan_memcpy+0x40/0x70
[  133.223711][ T6466]  ? __pfx_ref_tracker_free+0x10/0x10
[  133.229131][ T6466]  ? netlink_deliver_tap+0x2e/0x1b0
[  133.234380][ T6466]  ? skb_clone+0x240/0x390
[  133.238843][ T6466]  ? __pfx_lock_release+0x10/0x10
[  133.243901][ T6466]  ? __netlink_deliver_tap+0x77e/0x7c0
[  133.249400][ T6466]  ? netlink_deliver_tap+0x2e/0x1b0
[  133.254633][ T6466]  netlink_unicast+0x7f6/0x990
[  133.259448][ T6466]  ? __pfx_netlink_unicast+0x10/0x10
[  133.264780][ T6466]  ? __virt_addr_valid+0x183/0x530
[  133.269931][ T6466]  ? __check_object_size+0x48e/0x900
[  133.275259][ T6466]  netlink_sendmsg+0x8e4/0xcb0
[  133.280069][ T6466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  133.285396][ T6466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  133.290705][ T6466]  __sock_sendmsg+0x221/0x270
[  133.295443][ T6466]  ____sys_sendmsg+0x52a/0x7e0
[  133.300244][ T6466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  133.305756][ T6466]  __sys_sendmsg+0x292/0x380
[  133.310387][ T6466]  ? __pfx___sys_sendmsg+0x10/0x10
[  133.315553][ T6466]  ? __pfx_vfs_write+0x10/0x10
[  133.320375][ T6466]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  133.326739][ T6466]  ? do_syscall_64+0x100/0x230
[  133.331557][ T6466]  ? do_syscall_64+0xb6/0x230
[  133.336317][ T6466]  do_syscall_64+0xf3/0x230
[  133.340852][ T6466]  ? clear_bhb_loop+0x35/0x90
[  133.345561][ T6466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.351476][ T6466] RIP: 0033:0x7f25a317e719
[  133.355918][ T6466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.375551][ T6466] RSP: 002b:00007f25a3fd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  133.384005][ T6466] RAX: ffffffffffffffda RBX: 00007f25a3335f80 RCX: 00007f25a317e719
[  133.392005][ T6466] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000003
[  133.399998][ T6466] RBP: 00007f25a3fd8090 R08: 0000000000000000 R09: 0000000000000000
[  133.407999][ T6466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.415999][ T6466] R13: 0000000000000000 R14: 00007f25a3335f80 R15: 00007fff0b61e3e8
[  133.424012][ T6466]  </TASK>
[  133.616843][   T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  133.820733][   T25] usb 1-1: Using ep0 maxpacket: 16
[  133.845347][   T25] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  134.051852][   T25] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  134.101662][   T25] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  134.179551][   T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  134.190648][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.216547][   T25] usb 1-1: Product: syz
[  134.221634][   T25] usb 1-1: Manufacturer: syz
[  134.236714][   T25] usb 1-1: SerialNumber: syz
[  134.281579][   T29] audit: type=1326 audit(1729845779.543:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6480 comm="syz.1.158" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f25a317e719 code=0x0
[  134.323742][ T6483] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.159'.
[  134.334022][ T6483] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  134.353157][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  134.361065][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  134.385940][ T6485] syz.1.158: attempt to access beyond end of device
[  134.385940][ T6485] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  134.399892][ T5911] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  134.421429][ T6486] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  134.435485][ T6485] EXT4-fs (nbd1): unable to read superblock
[  134.582148][ T5911] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  134.863628][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  134.876452][   T25] usb 1-1: 2:1 : format type 0 is detected, processed as PCM
[  134.876752][ T5911] usb 3-1: config 0 has no interface number 0
[  134.888638][   T25] usb 1-1: 2:1: cannot set freq 9338507 to ep 0x82
[  134.910665][   T25] usb 1-1: USB disconnect, device number 13
[  134.933478][ T5911] usb 3-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  134.943950][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.971750][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  135.035375][ T5911] usb 3-1: Product: syz
[  135.052372][ T5911] usb 3-1: Manufacturer: syz
[  135.094007][ T5911] usb 3-1: SerialNumber: syz
[  135.113774][ T5911] usb 3-1: config 0 descriptor??
[  135.128879][ T5911] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  135.178524][ T5911] cx231xx 3-1:0.1: Not found matching IAD interface
[  135.346274][ T5911] usb 3-1: USB disconnect, device number 10
[  135.655703][ T5830] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  135.744861][ T6493] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.161'.
[  136.007380][ T6491] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.160'.
[  137.056756][ T5911] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  137.489936][ T5911] usb 3-1: Using ep0 maxpacket: 32
[  137.510462][ T5911] usb 3-1: no configurations
[  137.515240][ T5911] usb 3-1: can't read configurations, error -22
[  137.646909][ T5911] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  139.018248][ T5911] usb 3-1: Using ep0 maxpacket: 32
[  139.040447][ T5911] usb 3-1: no configurations
[  139.045103][ T5911] usb 3-1: can't read configurations, error -22
[  139.070241][ T5911] usb usb3-port1: attempt power cycle
[  139.838759][ T5879] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  139.906789][ T5911] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  140.161726][ T5911] usb 3-1: device not accepting address 13, error -71
[  140.240295][ T5879] usb 2-1: Using ep0 maxpacket: 32
[  141.481078][ T5879] usb 2-1: unable to read config index 0 descriptor/start: -71
[  141.486823][   T29] audit: type=1326 audit(1729845786.743:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6532 comm="syz.0.171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0ff7e719 code=0x0
[  141.488934][ T5879] usb 2-1: can't read configurations, error -71
[  141.658304][ T6536] syz.0.171: attempt to access beyond end of device
[  141.658304][ T6536] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  141.681171][ T6536] EXT4-fs (nbd0): unable to read superblock
[  142.877610][ T5911] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  142.946905][ T5911] usb 3-1: Using ep0 maxpacket: 16
[  142.969603][ T5911] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  142.981919][ T5911] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  143.014605][ T5911] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  143.050240][ T5911] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  143.070740][ T5911] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  143.086829][ T5879] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  143.226901][ T5911] usb 3-1: config 0 has no interface number 0
[  143.233082][ T5911] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  143.244222][ T5911] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  143.254339][ T5911] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  143.268297][ T6552] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.176'.
[  143.302013][ T5911] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  143.315877][ T5911] usb 3-1: config 0 interface 125 has no altsetting 0
[  143.323131][ T5911] usb 3-1: config 0 interface 125 has no altsetting 2
[  143.353442][ T5911] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  143.362712][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.370885][ T5911] usb 3-1: Product: syz
[  143.375184][ T5911] usb 3-1: Manufacturer: syz
[  143.380026][ T5911] usb 3-1: SerialNumber: syz
[  143.387815][ T5911] usb 3-1: config 0 descriptor??
[  143.404548][ T5911] usb 3-1: selecting invalid altsetting 2
[  143.549023][ T5879] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  143.564461][ T5879] usb 2-1: config 0 has no interface number 0
[  143.580644][ T5879] usb 2-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  143.590223][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.601602][ T5879] usb 2-1: Product: syz
[  143.606605][ T5879] usb 2-1: Manufacturer: syz
[  143.613036][    C0] usb 3-1: async_complete: urb error -71
[  143.618783][    C0] usb 3-1: async_complete: urb error -71
[  143.624498][    C0] usb 3-1: async_complete: urb error -71
[  143.630213][    C0] usb 3-1: async_complete: urb error -71
[  143.641365][ T5911] get_1284_register: usb error -71
[  143.646593][ T5911] uss720 3-1:0.125: probe with driver uss720 failed with error -71
[  143.724721][ T5879] usb 2-1: SerialNumber: syz
[  143.768570][ T5879] usb 2-1: config 0 descriptor??
[  143.859912][ T5879] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  143.897217][ T5911] usb 3-1: USB disconnect, device number 14
[  143.924600][ T5879] cx231xx 2-1:0.1: Not found matching IAD interface
[  144.341897][   T25] usb 2-1: USB disconnect, device number 12
[  145.842973][ T6571] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.182'.
[  145.874646][ T6564] syz.4.179: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  145.896354][ T6564] CPU: 1 UID: 0 PID: 6564 Comm: syz.4.179 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  145.906984][ T6564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  145.917032][ T6564] Call Trace:
[  145.920303][ T6564]  <TASK>
[  145.923222][ T6564]  dump_stack_lvl+0x241/0x360
[  145.927894][ T6564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.933101][ T6564]  ? __pfx__printk+0x10/0x10
[  145.937683][ T6564]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  145.944085][ T6564]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  145.950593][ T6564]  warn_alloc+0x278/0x410
[  145.954952][ T6564]  ? __pfx_warn_alloc+0x10/0x10
[  145.959827][ T6564]  ? vb2_vmalloc_alloc+0xf2/0x340
[  145.964883][ T6564]  ? __get_vm_area_node+0x23d/0x270
[  145.970110][ T6564]  __vmalloc_node_range_noprof+0x691/0x13f0
[  145.976030][ T6564]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  145.982367][ T6564]  ? __kasan_kmalloc+0x98/0xb0
[  145.987127][ T6564]  ? vb2_vmalloc_alloc+0xb5/0x340
[  145.992166][ T6564]  vmalloc_user_noprof+0x74/0x80
[  145.997111][ T6564]  ? vb2_vmalloc_alloc+0xf2/0x340
[  146.002128][ T6564]  vb2_vmalloc_alloc+0xf2/0x340
[  146.006977][ T6564]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  146.012429][ T6564]  __vb2_queue_alloc+0xa0b/0x16f0
[  146.017470][ T6564]  vb2_core_reqbufs+0xd2e/0x17c0
[  146.022411][ T6564]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  146.027772][ T6564]  ? vb2_verify_memory_type+0x92/0x570
[  146.033224][ T6564]  ? vb2_reqbufs+0x3e9/0x650
[  146.037815][ T6564]  v4l2_m2m_ioctl_reqbufs+0x14b/0x230
[  146.043191][ T6564]  __video_do_ioctl+0xc23/0xdd0
[  146.048045][ T6564]  ? __pfx___video_do_ioctl+0x10/0x10
[  146.053438][ T6564]  ? __sanitizer_cov_trace_switch+0xe/0x120
[  146.059334][ T6564]  video_usercopy+0x89b/0x1180
[  146.064105][ T6564]  ? __pfx___video_do_ioctl+0x10/0x10
[  146.069481][ T6564]  ? __pfx_video_usercopy+0x10/0x10
[  146.074683][ T6564]  ? __pfx_v4l2_ioctl+0x10/0x10
[  146.079542][ T6564]  ? do_vfs_ioctl+0x152/0x2e40
[  146.084299][ T6564]  ? v4l2_ioctl+0x77/0x1e0
[  146.088721][ T6564]  v4l2_ioctl+0x189/0x1e0
[  146.093067][ T6564]  ? __pfx_v4l2_ioctl+0x10/0x10
[  146.098005][ T6564]  __se_sys_ioctl+0xf9/0x170
[  146.102594][ T6564]  do_syscall_64+0xf3/0x230
[  146.107093][ T6564]  ? clear_bhb_loop+0x35/0x90
[  146.111762][ T6564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.117646][ T6564] RIP: 0033:0x7fd25b77e719
[  146.122062][ T6564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.141658][ T6564] RSP: 002b:00007fd25c60c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  146.150072][ T6564] RAX: ffffffffffffffda RBX: 00007fd25b936058 RCX: 00007fd25b77e719
[  146.158037][ T6564] RDX: 00000000200000c0 RSI: 00000000c0145608 RDI: 0000000000000006
[  146.166007][ T6564] RBP: 00007fd25b7f12be R08: 0000000000000000 R09: 0000000000000000
[  146.174002][ T6564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  146.182001][ T6564] R13: 0000000000000000 R14: 00007fd25b936058 R15: 00007ffe3f8cbfd8
[  146.189989][ T6564]  </TASK>
[  146.212343][ T6571] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  146.248421][ T6564] Mem-Info:
[  146.258198][ T6564] active_anon:315 inactive_anon:7497 isolated_anon:0
[  146.258198][ T6564]  active_file:12424 inactive_file:38872 isolated_file:0
[  146.258198][ T6564]  unevictable:768 dirty:214 writeback:0
[  146.258198][ T6564]  slab_reclaimable:9789 slab_unreclaimable:98732
[  146.258198][ T6564]  mapped:25681 shmem:4271 pagetables:925
[  146.258198][ T6564]  sec_pagetables:0 bounce:0
[  146.258198][ T6564]  kernel_misc_reclaimable:0
[  146.258198][ T6564]  free:1329910 free_pcp:3851 free_cma:0
[  146.317322][ T6577] netlink: 20 bytes leftover after parsing attributes in process `syz.2.181'.
[  146.345537][ T6571] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  146.372612][ T6564] Node 0 active_anon:1260kB inactive_anon:30020kB active_file:49624kB inactive_file:155488kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104576kB dirty:872kB writeback:0kB shmem:15548kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11320kB pagetables:3700kB sec_pagetables:0kB all_unreclaimable? no
[  146.520137][ T6564] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  146.627452][ T6564] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  146.768110][ T6564] lowmem_reserve[]: 0 2465 2466 0 0
[  146.773376][ T6564] Node 0 DMA32 free:1409944kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1256kB inactive_anon:29888kB active_file:48840kB inactive_file:155436kB unevictable:1536kB writepending:872kB present:3129332kB managed:2552504kB mlocked:0kB bounce:0kB free_pcp:1696kB local_pcp:576kB free_cma:0kB
[  146.918275][ T6564] lowmem_reserve[]: 0 0 0 0 0
[  146.923025][ T6564] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:784kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  146.950048][ T6564] lowmem_reserve[]: 0 0 0 0 0
[  146.954749][ T6564] Node 1 Normal free:3908460kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  146.984036][ T6564] lowmem_reserve[]: 0 0 0 0 0
[  146.989201][ T6564] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  147.002000][ T6564] Node 0 DMA32: 224*4kB (ME) 332*8kB (UME) 312*16kB (UME) 522*32kB (UME) 424*64kB (UME) 40*128kB (UME) 65*256kB (UM) 58*512kB (UM) 43*1024kB (UM) 16*2048kB (UM) 303*4096kB (UM) = 1421728kB
[  147.020792][ T6564] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  147.033306][ T6564] Node 1 Normal: 193*4kB (UME) 45*8kB (UME) 32*16kB (UME) 212*32kB (UME) 102*64kB (UME) 22*128kB (UE) 10*256kB (UM) 10*512kB (UME) 4*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3908460kB
[  147.052217][ T6564] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  147.061916][ T6564] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  147.108739][ T6564] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  147.123054][ T6564] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  147.149894][ T6564] 52717 total pagecache pages
[  147.164745][ T6564] 0 pages in swap cache
[  147.174958][ T6564] Free swap  = 124420kB
[  147.296908][ T6564] Total swap = 124996kB
[  147.301391][ T6564] 2097051 pages RAM
[  147.305219][ T6564] 0 pages HighMem/MovableOnly
[  147.322407][ T6564] 427073 pages reserved
[  147.326596][ T6564] 0 pages cma reserved
[  147.348591][   T29] audit: type=1326 audit(1729845792.583:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6592 comm="syz.0.186" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0ff7e719 code=0x0
[  147.388980][ T6595] syz.0.186: attempt to access beyond end of device
[  147.388980][ T6595] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  147.438635][ T6595] EXT4-fs (nbd0): unable to read superblock
[  147.846872][ T5911] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  148.896886][ T5911] usb 2-1: Using ep0 maxpacket: 32
[  148.987803][ T5911] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice=da.88
[  148.997074][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.005183][ T5911] usb 2-1: Product: syz
[  149.012089][ T5911] usb 2-1: Manufacturer: syz
[  149.052754][ T5911] usb 2-1: SerialNumber: syz
[  149.088630][ T5911] usb 2-1: config 0 descriptor??
[  149.118649][ T5911] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input20
[  149.344545][ T5190] bcm5974 2-1:0.0: could not read from device
[  149.351305][ T5879] usb 2-1: USB disconnect, device number 13
[  149.360668][ T5846] bcm5974 2-1:0.0: could not read from device
[  150.273883][ T6613] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.190'.
[  150.364386][ T6613] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  150.487356][ T6613] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  151.499690][   T25] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  152.641454][ T5842] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  152.651368][ T5842] Bluetooth: hci1: Injecting HCI hardware error event
[  152.659968][ T5842] Bluetooth: hci1: hardware error 0x00
[  152.779004][   T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  152.787492][   T25] usb 1-1: config 0 has no interface number 0
[  152.796523][   T25] usb 1-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  152.806156][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.995523][   T25] usb 1-1: Product: syz
[  153.002889][   T25] usb 1-1: Manufacturer: syz
[  153.010635][   T25] usb 1-1: SerialNumber: syz
[  153.034133][   T25] usb 1-1: config 0 descriptor??
[  153.055936][   T25] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  153.066615][   T25] cx231xx 1-1:0.1: Not found matching IAD interface
[  153.366074][   T25] usb 1-1: USB disconnect, device number 14
[  154.756279][ T5842] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  155.136084][ T6658] ebtables: ebtables: counters copy to user failed while replacing table
[  156.736794][ T5879] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  156.757800][ T6675] netlink: 20 bytes leftover after parsing attributes in process `syz.2.204'.
[  159.696752][ T5879] usb 4-1: Using ep0 maxpacket: 16
[  159.757584][ T5879] usb 4-1: device descriptor read/all, error -71
[  160.197403][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  160.533198][    T9] usb 5-1: Using ep0 maxpacket: 32
[  160.549571][    T9] usb 5-1: no configurations
[  160.554218][    T9] usb 5-1: can't read configurations, error -22
[  160.688336][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  161.059910][    T9] usb 5-1: Using ep0 maxpacket: 32
[  161.067866][    T9] usb 5-1: no configurations
[  161.072695][    T9] usb 5-1: can't read configurations, error -22
[  161.080022][    T9] usb usb5-port1: attempt power cycle
[  161.656980][    T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  161.757486][    T9] usb 5-1: Using ep0 maxpacket: 32
[  161.802209][    T9] usb 5-1: no configurations
[  161.815703][    T9] usb 5-1: can't read configurations, error -22
[  161.958240][    T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  162.020989][    T9] usb 5-1: Using ep0 maxpacket: 32
[  162.050349][    T9] usb 5-1: no configurations
[  162.066752][    T9] usb 5-1: can't read configurations, error -22
[  162.095288][    T9] usb usb5-port1: unable to enumerate USB device
[  162.886469][    T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  163.148421][    T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  163.150291][ T5836] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  163.157549][    T9] usb 1-1: config 0 has no interface number 0
[  163.376954][ T5836] usb 4-1: Using ep0 maxpacket: 16
[  163.408914][ T5836] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  163.417499][    T9] usb 1-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  163.417532][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.417562][    T9] usb 1-1: Product: syz
[  163.417576][    T9] usb 1-1: Manufacturer: syz
[  163.417598][    T9] usb 1-1: SerialNumber: syz
[  163.419680][    T9] usb 1-1: config 0 descriptor??
[  163.435572][ T5836] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  164.785182][ T6726] netlink: 20 bytes leftover after parsing attributes in process `syz.4.219'.
[  164.795038][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.219'.
[  164.805097][ T6726] netlink: 24 bytes leftover after parsing attributes in process `syz.4.219'.
[  164.817514][ T6726] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  164.871176][    T9] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  164.956739][ T5836] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  164.965720][ T5836] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  165.028339][    T9] cx231xx 1-1:0.1: Not found matching IAD interface
[  165.076843][ T5836] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  165.095872][ T5836] usb 4-1: config 0 has no interface number 0
[  165.102388][ T5836] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  165.114369][ T5836] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  165.124784][ T5836] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  165.135155][ T5836] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  165.149488][ T5836] usb 4-1: config 0 interface 125 has no altsetting 0
[  165.157285][ T5836] usb 4-1: config 0 interface 125 has no altsetting 2
[  165.186777][ T5836] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  165.196257][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.216728][ T5836] usb 4-1: Product: syz
[  165.220947][ T5836] usb 4-1: Manufacturer: syz
[  165.225902][ T5836] usb 4-1: SerialNumber: syz
[  165.260640][ T6711] random: crng reseeded on system resumption
[  165.281901][ T5836] usb 4-1: config 0 descriptor??
[  165.307398][ T5836] usb 4-1: selecting invalid altsetting 2
[  165.467058][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  165.515033][    C1] usb 4-1: async_complete: urb error -71
[  165.520817][    C1] usb 4-1: async_complete: urb error -71
[  165.526534][    C1] usb 4-1: async_complete: urb error -71
[  165.532262][    C1] usb 4-1: async_complete: urb error -71
[  165.541192][ T5836] get_1284_register: usb error -71
[  165.546466][ T5836] uss720 4-1:0.125: probe with driver uss720 failed with error -71
[  165.560703][ T5836] usb 4-1: USB disconnect, device number 22
[  165.626856][    T9] usb 5-1: Using ep0 maxpacket: 16
[  165.638527][    T9] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  165.666697][    T9] usb 5-1: config 0 has no interface number 0
[  165.672856][    T9] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  165.684404][    T9] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  165.748715][    T9] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  165.758365][    T9] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  165.766392][    T9] usb 5-1: Manufacturer: syz
[  165.771135][    T9] usb 5-1: SerialNumber: syz
[  165.778489][    T9] usb 5-1: config 0 descriptor??
[  165.784525][ T6731] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  165.800385][ T5836] usb 1-1: USB disconnect, device number 15
[  166.021043][ T5879] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  166.106327][    T9] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71
[  166.113530][    T9] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  166.131449][    T9] usb 5-1: USB disconnect, device number 23
[  166.177511][ T6741] openvswitch: netlink: Actions may not be safe on all matching packets
[  166.178074][ T5879] usb 3-1: Using ep0 maxpacket: 8
[  166.220981][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.237800][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.256894][ T5879] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  166.267962][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.278748][ T5879] usb 3-1: config 0 descriptor??
[  166.297115][ T6742] netlink: 20 bytes leftover after parsing attributes in process `syz.1.222'.
[  166.791187][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.813346][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x6
[  166.830325][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x5
[  166.843403][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x4
[  166.846948][ T5910] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  166.875324][ T6754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.228'.
[  166.886851][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.893684][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.925516][ T6754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.228'.
[  166.935691][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.948392][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.960354][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.969034][ T5879] sony 0003:054C:0268.0001: unknown main item tag 0x0
[  166.985634][ T5879] sony 0003:054C:0268.0001: unknown global tag 0xd
[  166.992826][ T5879] sony 0003:054C:0268.0001: item 0 4 1 13 parsing failed
[  167.006775][ T5879] sony 0003:054C:0268.0001: parse failed
[  167.013078][ T5879] sony 0003:054C:0268.0001: probe with driver sony failed with error -22
[  167.028863][ T5910] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  167.038756][ T5879] usb 3-1: USB disconnect, device number 15
[  167.053496][ T5910] usb 4-1: config 0 has no interface number 0
[  167.065652][ T5910] usb 4-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  167.091363][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.104498][ T5910] usb 4-1: Product: syz
[  167.110310][ T5910] usb 4-1: Manufacturer: syz
[  167.115043][ T5910] usb 4-1: SerialNumber: syz
[  167.131903][ T5910] usb 4-1: config 0 descriptor??
[  167.146237][ T5910] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  167.159405][ T5910] cx231xx 4-1:0.1: Not found matching IAD interface
[  167.196957][    T8] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  167.380447][ T6750] random: crng reseeded on system resumption
[  167.397007][    T8] usb 5-1: Using ep0 maxpacket: 16
[  167.401604][   T29] audit: type=1326 audit(1729845812.663:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6756 comm="syz.0.229" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0ff7e719 code=0x0
[  167.424475][    T8] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  167.443092][    T8] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  167.456564][    T8] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  167.480669][    T8] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  167.490163][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.510135][    T8] usb 5-1: Product: syz
[  167.521454][    T8] usb 5-1: Manufacturer: syz
[  167.535375][    T8] usb 5-1: SerialNumber: syz
[  167.554378][ T6761] syz.0.229: attempt to access beyond end of device
[  167.554378][ T6761] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  167.611636][ T6761] EXT4-fs (nbd0): unable to read superblock
[  167.682259][ T6759] 9pnet: Could not find request transport: fd0xffffffffffffffff0x0000000000000006
[  168.000255][    T8] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[  168.039061][    T8] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82
[  168.166594][    T8] usb 5-1: USB disconnect, device number 24
[  168.249717][ T5879] usb 4-1: USB disconnect, device number 23
[  168.348900][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  168.715609][ T6773] netlink: 20 bytes leftover after parsing attributes in process `syz.2.231'.
[  168.728674][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.231'.
[  168.737696][ T6773] netlink: 24 bytes leftover after parsing attributes in process `syz.2.231'.
[  168.761905][ T6773] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  172.628743][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  173.113457][    T9] usb 4-1: Using ep0 maxpacket: 32
[  173.179455][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice=da.88
[  173.262374][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.379761][    T9] usb 4-1: Product: syz
[  173.401010][    T9] usb 4-1: Manufacturer: syz
[  173.416987][    T9] usb 4-1: SerialNumber: syz
[  173.437665][    T9] usb 4-1: config 0 descriptor??
[  173.467223][    T9] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input25
[  173.698722][ T5190] bcm5974 4-1:0.0: could not read from device
[  174.995889][    T9] usb 4-1: USB disconnect, device number 24
[  175.015007][ T5190] bcm5974 4-1:0.0: could not read from device
[  175.171116][ T5190] bcm5974 4-1:0.0: could not read from device
[  175.190079][ T5190] bcm5974 4-1:0.0: could not read from device
[  175.197324][   T29] audit: type=1326 audit(1729845820.443:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.4.243" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x0
[  175.596355][ T6829] syz.4.243: attempt to access beyond end of device
[  175.596355][ T6829] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  175.611088][ T6823] 9pnet: Could not find request transport: fd0xffffffffffffffff0x0000000000000006
[  175.667019][ T6829] EXT4-fs (nbd4): unable to read superblock
[  176.807508][ T6845] netlink: 20 bytes leftover after parsing attributes in process `syz.3.245'.
[  176.817451][ T6845] netlink: 8 bytes leftover after parsing attributes in process `syz.3.245'.
[  176.826263][ T6845] netlink: 24 bytes leftover after parsing attributes in process `syz.3.245'.
[  177.430970][ T6848] syz.4.246[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  177.431067][ T6848] syz.4.246[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  177.453407][ T6848] syz.4.246[6848] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  178.492385][ T6850] veth1: mtu less than device minimum
[  179.419258][ T6853] veth1: mtu less than device minimum
[  179.430691][ T6867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.252'.
[  181.762427][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  182.826185][   T29] audit: type=1326 audit(1729845828.023:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  182.876937][   T29] audit: type=1326 audit(1729845828.023:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  182.926756][   T29] audit: type=1326 audit(1729845828.033:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  182.986899][   T29] audit: type=1326 audit(1729845828.033:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.026117][   T29] audit: type=1326 audit(1729845828.033:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.325499][   T29] audit: type=1326 audit(1729845828.033:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.714039][   T29] audit: type=1326 audit(1729845828.033:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.752662][   T29] audit: type=1326 audit(1729845828.033:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.774373][   T29] audit: type=1326 audit(1729845828.033:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.795892][   T29] audit: type=1326 audit(1729845828.033:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6877 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f2857e719 code=0x7ffc0000
[  183.826766][    T9] usb 3-1: Using ep0 maxpacket: 32
[  183.835452][    T9] usb 3-1: device descriptor read/all, error -61
[  183.978220][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  184.060335][ T6900] syz.0.257: attempt to access beyond end of device
[  184.060335][ T6900] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  184.093830][ T6900] EXT4-fs (nbd0): unable to read superblock
[  184.114868][ T6904] netlink: 'syz.1.260': attribute type 3 has an invalid length.
[  184.137105][    T9] usb 3-1: device descriptor read/64, error -71
[  184.267899][    T9] usb usb3-port1: attempt power cycle
[  184.493525][ T6910] FAULT_INJECTION: forcing a failure.
[  184.493525][ T6910] name failslab, interval 1, probability 0, space 0, times 0
[  184.506616][ T6910] CPU: 0 UID: 0 PID: 6910 Comm: syz.1.262 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  184.517233][ T6910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  184.527304][ T6910] Call Trace:
[  184.530598][ T6910]  <TASK>
[  184.533581][ T6910]  dump_stack_lvl+0x241/0x360
[  184.538281][ T6910]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.543500][ T6910]  ? __pfx__printk+0x10/0x10
[  184.548118][ T6910]  should_fail_ex+0x3b0/0x4e0
[  184.552812][ T6910]  ? skb_clone+0x20c/0x390
[  184.557246][ T6910]  should_failslab+0xac/0x100
[  184.561944][ T6910]  ? skb_clone+0x20c/0x390
[  184.566730][ T6910]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  184.572306][ T6910]  skb_clone+0x20c/0x390
[  184.576571][ T6910]  ? dev_queue_xmit_nit+0x220/0xc10
[  184.581778][ T6910]  dev_queue_xmit_nit+0x419/0xc10
[  184.586815][ T6910]  ? dev_queue_xmit_nit+0x2b/0xc10
[  184.592112][ T6910]  ? validate_xmit_skb+0x9f9/0x1120
[  184.597332][ T6910]  dev_hard_start_xmit+0x15f/0x7e0
[  184.602545][ T6910]  ? __pfx_validate_xmit_skb+0x10/0x10
[  184.608027][ T6910]  __dev_queue_xmit+0x1b11/0x3ed0
[  184.613070][ T6910]  ? kasan_save_track+0x51/0x80
[  184.617944][ T6910]  ? do_syscall_64+0xf3/0x230
[  184.622633][ T6910]  ? __dev_queue_xmit+0x2da/0x3ed0
[  184.627763][ T6910]  ? __pfx___dev_queue_xmit+0x10/0x10
[  184.633163][ T6910]  ? __copy_skb_header+0x437/0x5b0
[  184.638287][ T6910]  ? __asan_memcpy+0x40/0x70
[  184.642898][ T6910]  ? __copy_skb_header+0x437/0x5b0
[  184.648043][ T6910]  ? __skb_clone+0x454/0x6c0
[  184.652724][ T6910]  ? skb_clone+0x240/0x390
[  184.657170][ T6910]  __netlink_deliver_tap+0x54d/0x7c0
[  184.662480][ T6910]  ? netlink_deliver_tap+0x2e/0x1b0
[  184.667697][ T6910]  netlink_deliver_tap+0x19d/0x1b0
[  184.672842][ T6910]  netlink_unicast+0x7c4/0x990
[  184.677629][ T6910]  ? __pfx_netlink_unicast+0x10/0x10
[  184.682921][ T6910]  ? __virt_addr_valid+0x183/0x530
[  184.688045][ T6910]  ? __check_object_size+0x48e/0x900
[  184.693331][ T6910]  netlink_sendmsg+0x8e4/0xcb0
[  184.698098][ T6910]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.703407][ T6910]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.708693][ T6910]  __sock_sendmsg+0x221/0x270
[  184.713372][ T6910]  ____sys_sendmsg+0x52a/0x7e0
[  184.718139][ T6910]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.723426][ T6910]  __sys_sendmsg+0x292/0x380
[  184.728032][ T6910]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.733167][ T6910]  ? __pfx_vfs_write+0x10/0x10
[  184.737948][ T6910]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  184.744282][ T6910]  ? do_syscall_64+0x100/0x230
[  184.749055][ T6910]  ? do_syscall_64+0xb6/0x230
[  184.753737][ T6910]  do_syscall_64+0xf3/0x230
[  184.757779][   T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  184.758236][ T6910]  ? clear_bhb_loop+0x35/0x90
[  184.770475][ T6910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.776403][ T6910] RIP: 0033:0x7f25a317e719
[  184.780837][ T6910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.800469][ T6910] RSP: 002b:00007f25a3fd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.808904][ T6910] RAX: ffffffffffffffda RBX: 00007f25a3335f80 RCX: 00007f25a317e719
[  184.816970][ T6910] RDX: 0000000000004000 RSI: 00000000200012c0 RDI: 0000000000000004
[  184.824942][ T6910] RBP: 00007f25a3fd8090 R08: 0000000000000000 R09: 0000000000000000
[  184.832935][ T6910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.840912][ T6910] R13: 0000000000000000 R14: 00007f25a3335f80 R15: 00007fff0b61e3e8
[  184.848895][ T6910]  </TASK>
[  184.868855][ T6910] sch_tbf: burst 0 is lower than device wg1 mtu (1420) !
[  184.902437][ T5910] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  184.916833][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  185.026097][ T5842] Bluetooth: hci3: unexpected cc 0x0c24 length: 2 > 1
[  185.042876][   T25] usb 4-1: Using ep0 maxpacket: 32
[  185.205711][    T9] usb 3-1: device not accepting address 18, error -71
[  185.215540][   T25] usb 4-1: unable to read config index 0 descriptor/start: -61
[  185.706117][   T25] usb 4-1: can't read configurations, error -61
[  185.744074][ T5910] usb 5-1: unable to get BOS descriptor or descriptor too short
[  185.753786][ T5910] usb 5-1: unable to read config index 0 descriptor/start: -71
[  185.762793][ T5910] usb 5-1: can't read configurations, error -71
[  185.876917][   T25] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  186.090548][   T25] usb 4-1: Using ep0 maxpacket: 32
[  186.126551][ T6925] netlink: 20 bytes leftover after parsing attributes in process `syz.0.265'.
[  186.129458][   T25] usb 4-1: unable to read config index 0 descriptor/start: -61
[  186.259911][   T25] usb 4-1: can't read configurations, error -61
[  186.274444][   T25] usb usb4-port1: attempt power cycle
[  186.437064][ T6902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.653985][ T6902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.666810][   T25] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  186.786845][   T25] usb 4-1: device descriptor read/8, error -71
[  189.599442][ T5842] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  189.608167][ T5842] Bluetooth: hci3: Injecting HCI hardware error event
[  189.616620][ T5842] Bluetooth: hci3: hardware error 0x00
[  189.785601][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  189.785631][   T29] audit: type=1326 audit(1729845835.043:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6955 comm="syz.0.275" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0ff7e719 code=0x0
[  189.821063][ T6959] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.274'.
[  189.838116][ T6960] 9pnet_fd: Insufficient options for proto=fd
[  189.882111][ T6960] syz.0.275: attempt to access beyond end of device
[  189.882111][ T6960] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  189.920885][ T6960] EXT4-fs (nbd0): unable to read superblock
[  190.144186][ T6963] netlink: 'syz.1.277': attribute type 4 has an invalid length.
[  190.156302][ T6963] netlink: 17 bytes leftover after parsing attributes in process `syz.1.277'.
[  190.270968][ T6967] netlink: 'syz.1.277': attribute type 4 has an invalid length.
[  190.300717][ T6967] netlink: 17 bytes leftover after parsing attributes in process `syz.1.277'.
[  191.706868][ T5842] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  192.054795][   T25] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  192.246780][ T5879] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  192.272836][   T25] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  192.284090][   T25] usb 2-1: config 0 has no interface number 0
[  192.292466][   T25] usb 2-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice= e.96
[  192.317340][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.325642][   T25] usb 2-1: Product: syz
[  192.335349][   T25] usb 2-1: Manufacturer: syz
[  192.340432][   T25] usb 2-1: SerialNumber: syz
[  192.357508][   T25] usb 2-1: config 0 descriptor??
[  192.377202][   T25] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (2013:0259) with 1 interfaces
[  192.386229][   T25] cx231xx 2-1:0.1: Not found matching IAD interface
[  192.406752][ T5879] usb 4-1: Using ep0 maxpacket: 32
[  192.424679][ T5879] usb 4-1: config 0 has no interfaces?
[  192.434584][ T5879] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  192.464555][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.481571][ T5879] usb 4-1: config 0 descriptor??
[  192.491338][ T6998] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.285'.
[  192.500959][ T6998] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  192.538179][   T29] audit: type=1800 audit(1729845837.803:54): pid=7003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.286" name="/" dev="fuse" ino=1 res=0 errno=0
[  192.572778][ T6977] random: crng reseeded on system resumption
[  192.599660][ T7005] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  192.603393][ T7006] netlink: 72 bytes leftover after parsing attributes in process `syz.4.287'.
[  192.758660][ T5842] Bluetooth: hci4: command 0x0406 tx timeout
[  192.758671][ T5833] Bluetooth: hci2: command 0x0406 tx timeout
[  193.188224][   T25] usb 2-1: USB disconnect, device number 14
[  193.323940][ T5836] usb 4-1: USB disconnect, device number 29
[  194.076236][   T29] audit: type=1326 audit(1729845839.323:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7019 comm="syz.3.291" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f724eb7e719 code=0x0
[  194.440395][ T7024] syz.3.291: attempt to access beyond end of device
[  194.440395][ T7024] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  195.006847][ T7024] EXT4-fs (nbd3): unable to read superblock
[  195.029391][ T7030] FAULT_INJECTION: forcing a failure.
[  195.029391][ T7030] name failslab, interval 1, probability 0, space 0, times 0
[  195.066816][ T7030] CPU: 0 UID: 0 PID: 7030 Comm: syz.1.293 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  195.077579][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  195.087753][ T7030] Call Trace:
[  195.091050][ T7030]  <TASK>
[  195.094036][ T7030]  dump_stack_lvl+0x241/0x360
[  195.098740][ T7030]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.103959][ T7030]  ? __pfx__printk+0x10/0x10
[  195.108609][ T7030]  ? __kmalloc_noprof+0xb0/0x400
[  195.113571][ T7030]  ? __pfx___might_resched+0x10/0x10
[  195.118886][ T7030]  should_fail_ex+0x3b0/0x4e0
[  195.123598][ T7030]  ? video_usercopy+0x1f0/0x1180
[  195.128574][ T7030]  should_failslab+0xac/0x100
[  195.133286][ T7030]  ? video_usercopy+0x1f0/0x1180
[  195.138255][ T7030]  __kmalloc_noprof+0xd8/0x400
[  195.143051][ T7030]  video_usercopy+0x1f0/0x1180
[  195.147847][ T7030]  ? __pfx___video_do_ioctl+0x10/0x10
[  195.153264][ T7030]  ? __pfx_video_usercopy+0x10/0x10
[  195.158483][ T7030]  ? smack_file_ioctl+0x2f7/0x3a0
[  195.163546][ T7030]  ? __fget_files+0x3f3/0x470
[  195.168256][ T7030]  v4l2_ioctl+0x189/0x1e0
[  195.172612][ T7030]  ? __pfx_v4l2_ioctl+0x10/0x10
[  195.177497][ T7030]  __se_sys_ioctl+0xf9/0x170
[  195.182113][ T7030]  do_syscall_64+0xf3/0x230
[  195.186732][ T7030]  ? clear_bhb_loop+0x35/0x90
[  195.191434][ T7030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.197348][ T7030] RIP: 0033:0x7f25a317e719
[  195.201794][ T7030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.221440][ T7030] RSP: 002b:00007f25a3fd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  195.229940][ T7030] RAX: ffffffffffffffda RBX: 00007f25a3335f80 RCX: 00007f25a317e719
[  195.237944][ T7030] RDX: 0000000020002a40 RSI: 00000000c0cc5615 RDI: 0000000000000003
[  195.246013][ T7030] RBP: 00007f25a3fd8090 R08: 0000000000000000 R09: 0000000000000000
[  195.254017][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.262021][ T7030] R13: 0000000000000000 R14: 00007f25a3335f80 R15: 00007fff0b61e3e8
[  195.270021][ T7030]  </TASK>
[  195.579897][ T7036] netlink: 'syz.3.296': attribute type 4 has an invalid length.
[  196.578465][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  196.584836][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  197.474268][ T7048] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.298'.
[  197.492652][ T7048] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  197.495985][ T7050] tmpfs: Bad value for 'mpol'
[  197.612808][ T7052] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  197.946911][ T5836] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  198.254795][ T5836] usb 1-1: device descriptor read/64, error -71
[  198.536474][ T5836] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  199.027005][ T5836] usb 1-1: device descriptor read/64, error -71
[  199.138691][ T5836] usb usb1-port1: attempt power cycle
[  199.145629][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.307'.
[  199.429506][ T7082] bond0: entered promiscuous mode
[  199.436966][ T7082] bond_slave_0: entered promiscuous mode
[  199.443523][ T7082] bond_slave_1: entered promiscuous mode
[  199.507416][ T7082] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  199.966182][ T5836] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  200.001915][ T5836] usb 1-1: device descriptor read/8, error -71
[  200.606795][ T5836] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  200.830676][ T5836] usb 1-1: device descriptor read/8, error -71
[  200.974958][ T7096] binder: 7095:7096 ioctl c0306201 0 returned -14
[  200.982804][ T5836] usb usb1-port1: unable to enumerate USB device
[  201.533757][ T5841] Bluetooth: hci4: unexpected cc 0x0c24 length: 2 > 1
[  201.543361][ T5841] Bluetooth: hci4: unexpected event for opcode 0x0c24
[  202.600329][ T7105] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.314'.
[  202.639123][ T7105] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  202.794265][ T7113] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  203.842493][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.319'.
[  203.862032][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.319'.
[  204.136974][   T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  204.448166][   T25] usb 3-1: Using ep0 maxpacket: 16
[  204.471052][   T25] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  204.487259][   T25] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  204.513327][   T25] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  204.540267][   T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  204.553521][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.571967][   T25] usb 3-1: Product: syz
[  204.582091][   T25] usb 3-1: Manufacturer: syz
[  204.596690][   T25] usb 3-1: SerialNumber: syz
[  204.726903][ T5836] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  205.033645][ T5836] usb 1-1: device descriptor read/64, error -71
[  205.040952][   T25] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[  205.052750][   T25] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82
[  205.068931][   T25] usb 3-1: USB disconnect, device number 20
[  205.086841][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  205.278811][ T7152] netlink: 20 bytes leftover after parsing attributes in process `syz.3.325'.
[  205.547931][ T5841] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  205.559409][ T5841] Bluetooth: hci4: Injecting HCI hardware error event
[  205.570665][ T5841] Bluetooth: hci4: hardware error 0x00
[  205.599486][ T5836] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  205.820471][    T9] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  205.829764][ T5836] usb 1-1: device descriptor read/64, error -71
[  205.938846][ T5836] usb usb1-port1: attempt power cycle
[  206.417971][ T5836] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  206.547508][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.553629][ T5836] usb 1-1: device descriptor read/8, error -71
[  206.555658][    T9] usb 2-1: Product: syz
[  206.555683][    T9] usb 2-1: Manufacturer: syz
[  206.596780][    T9] usb 2-1: SerialNumber: syz
[  206.607574][    T9] usb 2-1: config 0 descriptor??
[  206.632809][    T9] powermate 2-1:0.0: probe with driver powermate failed with error -22
[  206.826863][ T5836] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  206.857441][ T5836] usb 1-1: device descriptor read/8, error -71
[  206.858020][ T5879] usb 2-1: USB disconnect, device number 15
[  206.966865][    T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  206.971801][ T5836] usb usb1-port1: unable to enumerate USB device
[  207.128787][    T9] usb 5-1: config index 0 descriptor too short (expected 6674, got 18)
[  207.169719][    T9] usb 5-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  207.202693][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.245687][    T9] usb 5-1: config 0 descriptor??
[  207.271311][ T7170] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.330'.
[  207.502640][    T9] snd-usb-hiface 5-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  207.644415][ T7173] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.331'.
[  207.692931][ T7173] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  207.716945][ T5841] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  207.847002][ T7178] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  209.427127][ T7177] syz.1.332: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  209.450663][ T7177] CPU: 0 UID: 0 PID: 7177 Comm: syz.1.332 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  209.461300][ T7177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  209.471380][ T7177] Call Trace:
[  209.474687][ T7177]  <TASK>
[  209.477639][ T7177]  dump_stack_lvl+0x241/0x360
[  209.482361][ T7177]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.487587][ T7177]  ? __pfx__printk+0x10/0x10
[  209.492206][ T7177]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  209.498650][ T7177]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  209.505190][ T7177]  warn_alloc+0x278/0x410
[  209.509555][ T7177]  ? __pfx_warn_alloc+0x10/0x10
[  209.514437][ T7177]  ? vb2_vmalloc_alloc+0xf2/0x340
[  209.519490][ T7177]  ? __get_vm_area_node+0x23d/0x270
[  209.524724][ T7177]  __vmalloc_node_range_noprof+0x691/0x13f0
[  209.530670][ T7177]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  209.537155][ T7177]  ? __kasan_kmalloc+0x98/0xb0
[  209.541959][ T7177]  ? vb2_vmalloc_alloc+0xb5/0x340
[  209.547089][ T7177]  vmalloc_user_noprof+0x74/0x80
[  209.552149][ T7177]  ? vb2_vmalloc_alloc+0xf2/0x340
[  209.557203][ T7177]  vb2_vmalloc_alloc+0xf2/0x340
[  209.562096][ T7177]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  209.567584][ T7177]  __vb2_queue_alloc+0xa0b/0x16f0
[  209.572661][ T7177]  vb2_core_reqbufs+0xd2e/0x17c0
[  209.577646][ T7177]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  209.583083][ T7177]  v4l2_m2m_ioctl_reqbufs+0x14b/0x230
[  209.588490][ T7177]  __video_do_ioctl+0xc23/0xdd0
[  209.593374][ T7177]  ? __pfx___video_do_ioctl+0x10/0x10
[  209.598769][ T7177]  ? smack_log+0x123/0x540
[  209.603216][ T7177]  ? __might_fault+0xc6/0x120
[  209.607957][ T7177]  video_usercopy+0x89b/0x1180
[  209.612754][ T7177]  ? __pfx___video_do_ioctl+0x10/0x10
[  209.618149][ T7177]  ? __pfx_video_usercopy+0x10/0x10
[  209.623371][ T7177]  ? smack_file_ioctl+0x2f7/0x3a0
[  209.628441][ T7177]  ? __fget_files+0x3f3/0x470
[  209.633165][ T7177]  v4l2_ioctl+0x189/0x1e0
[  209.637537][ T7177]  ? __pfx_v4l2_ioctl+0x10/0x10
[  209.642512][ T7177]  __se_sys_ioctl+0xf9/0x170
[  209.647143][ T7177]  do_syscall_64+0xf3/0x230
[  209.651685][ T7177]  ? clear_bhb_loop+0x35/0x90
[  209.656494][ T7177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.662436][ T7177] RIP: 0033:0x7f25a317e719
[  209.666878][ T7177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.686608][ T7177] RSP: 002b:00007f25a3fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  209.695055][ T7177] RAX: ffffffffffffffda RBX: 00007f25a3336058 RCX: 00007f25a317e719
[  209.703034][ T7177] RDX: 00000000200000c0 RSI: 00000000c0145608 RDI: 0000000000000007
[  209.711026][ T7177] RBP: 00007f25a31f12be R08: 0000000000000000 R09: 0000000000000000
[  209.719009][ T7177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  209.726974][ T7177] R13: 0000000000000000 R14: 00007f25a3336058 R15: 00007fff0b61e3e8
[  209.735038][ T7177]  </TASK>
[  209.752844][ T7177] Mem-Info:
[  209.768216][ T7177] active_anon:327 inactive_anon:6478 isolated_anon:0
[  209.768216][ T7177]  active_file:18789 inactive_file:35828 isolated_file:0
[  209.768216][ T7177]  unevictable:768 dirty:248 writeback:0
[  209.768216][ T7177]  slab_reclaimable:10148 slab_unreclaimable:97933
[  209.768216][ T7177]  mapped:22268 shmem:2131 pagetables:742
[  209.768216][ T7177]  sec_pagetables:0 bounce:0
[  209.768216][ T7177]  kernel_misc_reclaimable:0
[  209.768216][ T7177]  free:1331454 free_pcp:1576 free_cma:0
[  210.005892][ T7177] Node 0 active_anon:1308kB inactive_anon:45812kB active_file:75084kB inactive_file:143312kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:109072kB dirty:992kB writeback:0kB shmem:26988kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10900kB pagetables:2868kB sec_pagetables:0kB all_unreclaimable? no
[  210.039128][ T7177] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  210.075355][ T7177] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  210.103958][ T7177] lowmem_reserve[]: 0 2465 2466 0 0
[  210.105629][ T5836] usb 5-1: USB disconnect, device number 27
[  210.110019][ T7177] Node 0 DMA32 free:1374012kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1304kB inactive_anon:45780kB active_file:74300kB inactive_file:143260kB unevictable:1536kB writepending:992kB present:3129332kB managed:2552504kB mlocked:0kB bounce:0kB free_pcp:15260kB local_pcp:4640kB free_cma:0kB
[  210.150040][ T7177] lowmem_reserve[]: 0 0 0 0 0
[  210.165240][ T7177] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:784kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  210.192687][ T7177] lowmem_reserve[]: 0 0 0 0 0
[  210.205973][ T7177] Node 1 Normal free:3908552kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  210.256166][ T7177] lowmem_reserve[]: 0 0 0 0 0
[  210.261616][ T7177] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  210.284262][ T7177] Node 0 DMA32: 0*4kB 11*8kB (UE) 12*16kB (UME) 53*32kB (UME) 447*64kB (UME) 183*128kB (UM) 131*256kB (UME) 95*512kB (UME) 54*1024kB (UME) 23*2048kB (UME) 280*4096kB (M) = 1385464kB
[  210.304775][ T7177] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  210.326932][ T7177] Node 1 Normal: 192*4kB (UME) 45*8kB (UME) 32*16kB (UME) 209*32kB (UME) 105*64kB (UME) 22*128kB (UE) 10*256kB (UM) 10*512kB (UME) 4*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3908552kB
[  210.355075][ T7177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  210.357011][ T5933] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  210.506798][ T7177] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  210.521348][ T7177] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  210.531666][ T7177] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  210.545271][ T7177] 64637 total pagecache pages
[  211.184970][ T7177] 0 pages in swap cache
[  211.278886][ T7177] Free swap  = 124548kB
[  211.292470][ T7177] Total swap = 124996kB
[  211.297405][ T7177] 2097051 pages RAM
[  211.301793][ T7177] 0 pages HighMem/MovableOnly
[  211.315572][ T7177] 427073 pages reserved
[  211.320342][ T7177] 0 pages cma reserved
[  211.326851][ T5933] usb 1-1: Using ep0 maxpacket: 32
[  211.333927][ T5933] usb 1-1: config 0 has no interfaces?
[  211.369887][ T5933] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  211.415335][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.442572][ T5933] usb 1-1: config 0 descriptor??
[  211.636768][ T5836] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  211.766764][ T5879] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  211.796883][ T5836] usb 5-1: Using ep0 maxpacket: 16
[  211.807588][ T5836] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  211.815805][ T5836] usb 5-1: config 0 has no interface number 0
[  211.832323][ T5836] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  211.865009][ T5836] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  211.895685][ T5836] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  211.920655][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  211.932632][ T5836] usb 5-1: Manufacturer: syz
[  211.937173][ T5879] usb 3-1: Using ep0 maxpacket: 16
[  211.939436][ T5836] usb 5-1: SerialNumber: syz
[  211.960727][ T5836] usb 5-1: config 0 descriptor??
[  211.974020][ T7206] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  211.975471][ T5879] usb 3-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice=1d.76
[  211.993558][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.002054][ T5879] usb 3-1: Product: syz
[  212.006719][ T5879] usb 3-1: Manufacturer: syz
[  212.013801][ T5879] usb 3-1: SerialNumber: syz
[  212.054956][ T5879] usb 3-1: config 0 descriptor??
[  212.064615][ T5879] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input28
[  212.260288][ T7211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.340'.
[  212.294173][ T7211] openvswitch: netlink: Actions may not be safe on all matching packets
[  212.300647][ T5933] usb 1-1: USB disconnect, device number 24
[  212.313560][ T5190] bcm5974 3-1:0.0: could not read from device
[  212.313838][ T5879] usb 3-1: USB disconnect, device number 21
[  212.713197][ T5836] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71
[  212.756757][ T5836] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  212.815682][ T5836] usb 5-1: USB disconnect, device number 28
[  213.447210][ T7220] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.343'.
[  213.456494][ T7220] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  214.143088][   T29] audit: type=1326 audit(1729845859.403:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7230 comm="syz.4.346" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x0
[  214.221767][ T7233] 9pnet_fd: Insufficient options for proto=fd
[  214.238795][ T7233] syz.4.346: attempt to access beyond end of device
[  214.238795][ T7233] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  214.266414][ T7233] EXT4-fs (nbd4): unable to read superblock
[  214.266729][ T7232] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  214.326843][ T5879] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  214.636752][ T5879] usb 2-1: Using ep0 maxpacket: 32
[  214.643873][ T5879] usb 2-1: config 0 has no interfaces?
[  214.649713][ T5879] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  214.659741][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.686812][ T5881] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  214.702718][ T5879] usb 2-1: config 0 descriptor??
[  214.846829][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  214.855092][ T5881] usb 3-1: unable to read config index 0 descriptor/start: -61
[  214.863208][ T5881] usb 3-1: can't read configurations, error -61
[  214.996812][ T5881] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  215.067033][ T5879] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  215.168930][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  215.180415][ T5881] usb 3-1: unable to read config index 0 descriptor/start: -61
[  215.189398][ T5881] usb 3-1: can't read configurations, error -61
[  215.210839][ T5881] usb usb3-port1: attempt power cycle
[  215.226876][ T5879] usb 4-1: Using ep0 maxpacket: 16
[  215.245259][ T5879] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  215.253885][ T5879] usb 4-1: config 0 has no interface number 0
[  215.261193][ T5879] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  215.286733][ T5879] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  215.311799][ T5879] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  215.325361][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  215.335978][ T5879] usb 4-1: Manufacturer: syz
[  215.346740][ T5879] usb 4-1: SerialNumber: syz
[  215.364949][    T9] usb 2-1: USB disconnect, device number 16
[  215.372752][ T5879] usb 4-1: config 0 descriptor??
[  215.380129][ T7246] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  215.577127][ T5881] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  215.635750][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  215.659469][ T5881] usb 3-1: unable to read config index 0 descriptor/start: -61
[  215.673663][ T5881] usb 3-1: can't read configurations, error -61
[  215.837056][ T5881] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  215.848458][ T5879] usbtouchscreen 4-1:0.214: Failed to read FW rev: -71
[  215.855513][ T5879] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71
[  216.515950][ T5879] usb 4-1: USB disconnect, device number 30
[  216.534477][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  216.544187][ T5881] usb 3-1: unable to read config index 0 descriptor/start: -61
[  216.552002][ T5881] usb 3-1: can't read configurations, error -61
[  216.559332][ T5881] usb usb3-port1: unable to enumerate USB device
[  216.854379][ T7267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.356'.
[  216.877975][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.4.358'.
[  217.165838][ T7282] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.357'.
[  217.947623][ T5881] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  217.986801][ T5836] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  218.119618][ T5881] usb 3-1: Using ep0 maxpacket: 16
[  218.148749][ T5881] usb 3-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice=1d.76
[  218.156751][ T5836] usb 4-1: Using ep0 maxpacket: 16
[  218.159475][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.164805][ T5836] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  218.176797][ T5881] usb 3-1: Product: syz
[  218.184310][ T5836] usb 4-1: config 0 has no interface number 0
[  218.207222][ T5881] usb 3-1: Manufacturer: syz
[  218.210948][ T5836] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  218.215208][ T5881] usb 3-1: SerialNumber: syz
[  218.242763][ T5881] usb 3-1: config 0 descriptor??
[  218.265558][ T5836] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  218.271488][ T5881] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input30
[  218.309316][ T5836] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  218.325332][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  218.333557][ T5836] usb 4-1: Manufacturer: syz
[  218.344029][ T5836] usb 4-1: SerialNumber: syz
[  218.366185][ T5836] usb 4-1: config 0 descriptor??
[  218.379859][ T7293] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  218.471399][ T5190] bcm5974 3-1:0.0: could not read from device
[  218.488442][ T5190] bcm5974 3-1:0.0: could not read from device
[  218.509030][ T5190] bcm5974 3-1:0.0: could not read from device
[  218.515741][ T5881] usb 3-1: USB disconnect, device number 26
[  218.536844][ T5879] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  218.697454][ T5879] usb 1-1: Using ep0 maxpacket: 32
[  218.718270][ T5879] usb 1-1: config 0 has no interfaces?
[  218.738464][ T5879] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  218.756506][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.771823][ T5836] usbtouchscreen 4-1:0.214: Failed to read FW rev: -71
[  218.781188][ T5879] usb 1-1: config 0 descriptor??
[  218.786874][ T5836] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71
[  218.813253][ T5836] usb 4-1: USB disconnect, device number 31
[  219.097573][ T7300] bridge0: entered promiscuous mode
[  219.103120][ T7300] macsec1: entered promiscuous mode
[  219.125922][ T7300] macsec1: entered allmulticast mode
[  219.131580][ T7300] bridge0: entered allmulticast mode
[  219.148062][ T7300] bridge0: port 3(macsec1) entered blocking state
[  219.159618][ T7300] bridge0: port 3(macsec1) entered disabled state
[  219.266143][ T7300] bridge0: left allmulticast mode
[  219.271624][ T7300] bridge0: left promiscuous mode
[  220.111850][    T8] usb 1-1: USB disconnect, device number 25
[  220.540206][ T7322] kvm: emulating exchange as write
[  223.223305][ T5836] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  223.426883][ T5836] usb 3-1: Using ep0 maxpacket: 8
[  223.533179][ T5836] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  223.721367][ T5836] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.776824][ T7349] binder: 7348:7349 ioctl c018937a 20000500 returned -22
[  223.801756][ T7345] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.377'.
[  223.805791][ T7350] 8021q: adding VLAN 0 to HW filter on device bond1
[  223.818996][ T5836] usb 3-1: config 0 has no interface number 0
[  223.827685][ T5836] usb 3-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  223.933051][ T5836] usb 3-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=ba.de
[  224.039867][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.320234][ T7345] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  224.344466][ T5836] usb 3-1: config 0 descriptor??
[  224.360308][ T7361] FAULT_INJECTION: forcing a failure.
[  224.360308][ T7361] name failslab, interval 1, probability 0, space 0, times 0
[  224.369278][ T5836] usb 3-1: bad CDC descriptors
[  224.373332][ T7361] CPU: 0 UID: 0 PID: 7361 Comm: syz.1.380 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  224.383849][ T5836] cdc_acm 3-1:0.1: Zero length descriptor references
[  224.388271][ T7361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  224.388291][ T7361] Call Trace:
[  224.388299][ T7361]  <TASK>
[  224.388308][ T7361]  dump_stack_lvl+0x241/0x360
[  224.395457][ T5836] cdc_acm 3-1:0.1: probe with driver cdc_acm failed with error -22
[  224.405039][ T7361]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.405074][ T7361]  ? __pfx__printk+0x10/0x10
[  224.405093][ T7361]  ? __kmalloc_noprof+0xb0/0x400
[  224.405115][ T7361]  ? __pfx___might_resched+0x10/0x10
[  224.405140][ T7361]  should_fail_ex+0x3b0/0x4e0
[  224.405161][ T7361]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  224.405186][ T7361]  should_failslab+0xac/0x100
[  224.405204][ T7361]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  224.405228][ T7361]  __kmalloc_noprof+0xd8/0x400
[  224.405251][ T7361]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  224.405281][ T7361]  genl_rcv_msg+0x802/0xec0
[  224.405303][ T7361]  ? mark_lock+0x9a/0x360
[  224.405329][ T7361]  ? __pfx_genl_rcv_msg+0x10/0x10
[  224.405371][ T7361]  ? __pfx_lock_acquire+0x10/0x10
[  224.405394][ T7361]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  224.405420][ T7361]  ? __pfx_nl80211_new_key+0x10/0x10
[  224.405441][ T7361]  ? __pfx_nl80211_post_doit+0x10/0x10
[  224.405464][ T7361]  ? __pfx___might_resched+0x10/0x10
[  224.405496][ T7361]  netlink_rcv_skb+0x1e3/0x430
[  224.405517][ T7361]  ? __pfx_genl_rcv_msg+0x10/0x10
[  224.405542][ T7361]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  224.405575][ T7361]  ? __netlink_deliver_tap+0x77e/0x7c0
[  224.405608][ T7361]  genl_rcv+0x28/0x40
[  224.405630][ T7361]  netlink_unicast+0x7f6/0x990
[  224.405665][ T7361]  ? __pfx_netlink_unicast+0x10/0x10
[  224.405689][ T7361]  ? __virt_addr_valid+0x183/0x530
[  224.405713][ T7361]  ? __check_object_size+0x48e/0x900
[  224.405737][ T7361]  netlink_sendmsg+0x8e4/0xcb0
[  224.405769][ T7361]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.405802][ T7361]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.405819][ T7361]  __sock_sendmsg+0x221/0x270
[  224.405851][ T7361]  ____sys_sendmsg+0x52a/0x7e0
[  224.405881][ T7361]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.405919][ T7361]  __sys_sendmsg+0x292/0x380
[  224.405951][ T7361]  ? __pfx___sys_sendmsg+0x10/0x10
[  224.422378][ T7363] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  224.424818][ T7361]  ? __pfx_vfs_write+0x10/0x10
[  224.619108][ T7361]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  224.625450][ T7361]  ? do_syscall_64+0x100/0x230
[  224.630221][ T7361]  ? do_syscall_64+0xb6/0x230
[  224.634901][ T7361]  do_syscall_64+0xf3/0x230
[  224.639406][ T7361]  ? clear_bhb_loop+0x35/0x90
[  224.644081][ T7361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.649967][ T7361] RIP: 0033:0x7f25a317e719
[  224.654561][ T7361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.674334][ T7361] RSP: 002b:00007f25a3fd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.682854][ T7361] RAX: ffffffffffffffda RBX: 00007f25a3335f80 RCX: 00007f25a317e719
[  224.690914][ T7361] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  224.698886][ T7361] RBP: 00007f25a3fd8090 R08: 0000000000000000 R09: 0000000000000000
[  224.706861][ T7361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.714841][ T7361] R13: 0000000000000000 R14: 00007f25a3335f80 R15: 00007fff0b61e3e8
[  224.722822][ T7361]  </TASK>
[  224.852422][ T7368] netlink: 68 bytes leftover after parsing attributes in process `syz.1.382'.
[  224.867796][ T5933] usb 3-1: USB disconnect, device number 27
[  225.259170][ T7381] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.385'.
[  225.275143][ T7381] CUSE: DEVNAME unspecified
[  225.873851][ T5933] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  226.397943][ T5933] usb 4-1: Using ep0 maxpacket: 16
[  226.421574][ T5933] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  226.460180][ T5933] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  226.496242][ T5933] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  226.517155][ T5841] Bluetooth: hci2: unexpected cc 0x0c24 length: 2 > 1
[  226.525146][ T5841] Bluetooth: hci2: unexpected event for opcode 0x0c24
[  228.379322][ T5933] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  228.389331][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.398134][ T5933] usb 4-1: Product: syz
[  228.402343][ T5933] usb 4-1: Manufacturer: syz
[  228.407664][ T5933] usb 4-1: SerialNumber: syz
[  228.694778][ T5933] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  228.726310][ T5933] usb 4-1: 2:1: cannot set freq 9338507 to ep 0x82
[  229.012995][ T7419] [U] 
[  229.043993][ T5933] usb 4-1: USB disconnect, device number 32
[  229.077035][ T5910] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  229.991429][ T7426] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.397'.
[  230.058797][ T7426] openvswitch: netlink: Tunnel attr 245 out of range max 16
[  230.079381][ T5910] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  230.089516][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.107270][ T5910] usb 2-1: Product: syz
[  230.111525][ T5910] usb 2-1: Manufacturer: syz
[  230.116138][ T5910] usb 2-1: SerialNumber: syz
[  230.126261][ T5910] usb 2-1: config 0 descriptor??
[  230.155690][ T7434] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  231.114740][ T5841] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  231.123619][ T5841] Bluetooth: hci2: Injecting HCI hardware error event
[  231.132532][ T5841] Bluetooth: hci2: hardware error 0x00
[  232.846227][ T5910] usb 2-1: USB disconnect, device number 17
[  233.854543][ T7467] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0)
[  234.522076][ T5841] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  234.731623][   T29] audit: type=1326 audit(1729845879.963:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  234.930661][   T29] audit: type=1326 audit(1729845879.973:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  235.109110][   T29] audit: type=1326 audit(1729845879.983:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  235.168050][   T29] audit: type=1326 audit(1729845879.983:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  235.219053][ T7488] netlink: 'syz.3.411': attribute type 24 has an invalid length.
[  235.389191][   T29] audit: type=1326 audit(1729845880.083:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  235.491572][   T29] audit: type=1326 audit(1729845880.083:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  235.798188][   T29] audit: type=1326 audit(1729845880.083:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7464 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd25b77e719 code=0x7ffc0000
[  236.907960][    C1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
[  236.920612][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  236.929123][    C1] CPU: 1 UID: 0 PID: 7495 Comm: syz.1.412 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0
[  236.939821][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  236.949994][    C1] RIP: 0010:llc_conn_state_process+0xc5d/0x12e0
[  236.956284][    C1] Code: 0f 94 c0 4c 8b 75 00 44 8d 64 00 01 b8 01 00 00 00 bd 07 00 00 00 0f 44 e8 4c 89 f0 48 c1 e8 03 48 ba 00 00 00 00 00 fc ff df <0f> b6 04 10 84 c0 0f 85 c1 05 00 00 45 89 26 0f b6 04 13 84 c0 0f
[  236.975954][    C1] RSP: 0018:ffffc90000a18ae8 EFLAGS: 00010246
[  236.982042][    C1] RAX: 0000000000000000 RBX: 1ffff1100c92dc02 RCX: ffff888011cb5a00
[  236.990024][    C1] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000000
[  236.998011][    C1] RBP: 0000000000000007 R08: ffffffff89a89271 R09: ffffffff89a89058
[  237.005987][    C1] R10: 0000000000000005 R11: ffff888011cb5a00 R12: 0000000000000001
[  237.013964][    C1] R13: ffff88806496e000 R14: 0000000000000000 R15: ffff88806496e012
[  237.021962][    C1] FS:  00007f25a3fd86c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  237.031011][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  237.037610][    C1] CR2: 0000000000000000 CR3: 0000000060e4e000 CR4: 00000000003526f0
[  237.045589][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  237.053564][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  237.061539][    C1] Call Trace:
[  237.065085][    C1]  <IRQ>
[  237.067941][    C1]  ? __die_body+0x5f/0xb0
[  237.072299][    C1]  ? die_addr+0xb0/0xe0
[  237.076461][    C1]  ? exc_general_protection+0x3dd/0x5d0
[  237.082017][    C1]  ? asm_exc_general_protection+0x26/0x30
[  237.087744][    C1]  ? llc_conn_state_process+0x9f8/0x12e0
[  237.093456][    C1]  ? llc_conn_state_process+0xc11/0x12e0
[  237.099350][    C1]  ? llc_conn_state_process+0xc5d/0x12e0
[  237.105010][    C1]  ? llc_conn_state_process+0xc11/0x12e0
[  237.110648][    C1]  llc_conn_tmr_common_cb+0x34c/0x850
[  237.116026][    C1]  call_timer_fn+0x18e/0x650
[  237.120715][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.126353][    C1]  ? call_timer_fn+0xc0/0x650
[  237.131031][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.136919][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  237.142029][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.147691][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.153315][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.158953][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  237.164169][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  237.169358][    C1]  ? __pfx_llc_conn_ack_tmr_cb+0x10/0x10
[  237.174987][    C1]  __run_timer_base+0x66a/0x8e0
[  237.179844][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  237.185214][    C1]  run_timer_softirq+0xb7/0x170
[  237.190057][    C1]  handle_softirqs+0x2c5/0x980
[  237.194812][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[  237.199569][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  237.204937][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[  237.210132][    C1]  __irq_exit_rcu+0xf4/0x1c0
[  237.214727][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  237.219930][    C1]  irq_exit_rcu+0x9/0x30
[  237.224165][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  237.229789][    C1]  </IRQ>
[  237.232706][    C1]  <TASK>
[  237.235628][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  237.241598][    C1] RIP: 0010:__asan_memset+0x27/0x50
[  237.246798][    C1] Code: 90 90 90 f3 0f 1e fa 55 41 56 53 48 89 d3 41 89 f6 48 89 fd 48 8b 4c 24 18 48 89 d6 ba 01 00 00 00 e8 fd e5 ff ff 84 c0 74 12 <48> 89 ef 44 89 f6 48 89 da 5b 41 5e 5d e9 67 fb c2 09 31 c0 5b 41
[  237.266432][    C1] RSP: 0018:ffffc90002ecf220 EFLAGS: 00000202
[  237.272509][    C1] RAX: ffff888056d9a201 RBX: 0000000000000048 RCX: ffffffff846db213
[  237.280469][    C1] RDX: 0000000000000001 RSI: 0000000000000048 RDI: ffffc90002ecf3d0
[  237.288430][    C1] RBP: ffffc90002ecf3d0 R08: ffffc90002ecf417 R09: 1ffff920005d9e82
[  237.296441][    C1] R10: dffffc0000000000 R11: fffff520005d9e83 R12: ffffc90002ecf440
[  237.304428][    C1] R13: ffff88804f118280 R14: 0000000000000000 R15: ffffc90002ecf4a0
[  237.312407][    C1]  ? smack_socket_sock_rcv_skb+0x123/0x13a0
[  237.318309][    C1]  smack_socket_sock_rcv_skb+0x123/0x13a0
[  237.324043][    C1]  ? __pfx_smack_socket_sock_rcv_skb+0x10/0x10
[  237.330196][    C1]  ? __pfx___schedule+0x10/0x10
[  237.335042][    C1]  ? __pfx_lock_release+0x10/0x10
[  237.340098][    C1]  ? schedule+0x90/0x320
[  237.344592][    C1]  ? schedule+0x90/0x320
[  237.348845][    C1]  ? schedule+0x155/0x320
[  237.353168][    C1]  ? schedule_timeout+0xb0/0x310
[  237.358096][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  237.363463][    C1]  security_sock_rcv_skb+0x90/0x280
[  237.368656][    C1]  sk_filter_trim_cap+0x184/0xa80
[  237.373670][    C1]  ? unix_wait_for_peer+0x282/0x340
[  237.378857][    C1]  ? __pfx_unix_wait_for_peer+0x10/0x10
[  237.384391][    C1]  ? __pfx_sk_filter_trim_cap+0x10/0x10
[  237.389931][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  237.395294][    C1]  ? unix_dgram_sendmsg+0xa3b/0x1f80
[  237.400568][    C1]  unix_dgram_sendmsg+0xb15/0x1f80
[  237.405702][    C1]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  237.411250][    C1]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  237.416965][    C1]  __sock_sendmsg+0x221/0x270
[  237.421644][    C1]  ____sys_sendmsg+0x52a/0x7e0
[  237.426507][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.431783][    C1]  ? rcu_is_watching+0x15/0xb0
[  237.436555][    C1]  ? __might_fault+0xaa/0x120
[  237.441226][    C1]  __sys_sendmmsg+0x3ab/0x730
[  237.445916][    C1]  ? __pfx___sys_sendmmsg+0x10/0x10
[  237.451118][    C1]  ? wake_up_q+0xdc/0x120
[  237.455459][    C1]  ? futex_wait+0x285/0x360
[  237.459956][    C1]  ? __pfx_futex_wait+0x10/0x10
[  237.464803][    C1]  ? unix_dgram_connect+0xaec/0xd80
[  237.470027][    C1]  ? do_futex+0x33b/0x560
[  237.474349][    C1]  ? __sys_connect+0x165/0x300
[  237.479103][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  237.485074][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  237.491392][    C1]  ? do_syscall_64+0x100/0x230
[  237.496145][    C1]  __x64_sys_sendmmsg+0xa0/0xb0
[  237.500986][    C1]  do_syscall_64+0xf3/0x230
[  237.505485][    C1]  ? clear_bhb_loop+0x35/0x90
[  237.510303][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.516201][    C1] RIP: 0033:0x7f25a317e719
[  237.520696][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.540307][    C1] RSP: 002b:00007f25a3fd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  237.548719][    C1] RAX: ffffffffffffffda RBX: 00007f25a3335f80 RCX: 00007f25a317e719
[  237.556686][    C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000004
[  237.564645][    C1] RBP: 00007f25a31f12be R08: 0000000000000000 R09: 0000000000000000
[  237.572620][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  237.580577][    C1] R13: 0000000000000000 R14: 00007f25a3335f80 R15: 00007fff0b61e3e8
[  237.588544][    C1]  </TASK>
[  237.591546][    C1] Modules linked in:
[  237.595553][    C1] ---[ end trace 0000000000000000 ]---
[  237.601066][    C1] RIP: 0010:llc_conn_state_process+0xc5d/0x12e0
[  237.607421][    C1] Code: 0f 94 c0 4c 8b 75 00 44 8d 64 00 01 b8 01 00 00 00 bd 07 00 00 00 0f 44 e8 4c 89 f0 48 c1 e8 03 48 ba 00 00 00 00 00 fc ff df <0f> b6 04 10 84 c0 0f 85 c1 05 00 00 45 89 26 0f b6 04 13 84 c0 0f
[  237.627260][    C1] RSP: 0018:ffffc90000a18ae8 EFLAGS: 00010246
[  237.633349][    C1] RAX: 0000000000000000 RBX: 1ffff1100c92dc02 RCX: ffff888011cb5a00
[  237.641412][    C1] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000000
[  237.649624][    C1] RBP: 0000000000000007 R08: ffffffff89a89271 R09: ffffffff89a89058
[  237.657626][    C1] R10: 0000000000000005 R11: ffff888011cb5a00 R12: 0000000000000001
[  237.665606][    C1] R13: ffff88806496e000 R14: 0000000000000000 R15: ffff88806496e012
[  237.673614][    C1] FS:  00007f25a3fd86c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  237.682932][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  237.689543][    C1] CR2: 0000000000000000 CR3: 0000000060e4e000 CR4: 00000000003526f0
[  237.697548][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  237.705528][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  237.713595][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  237.721196][    C1] Kernel Offset: disabled
[  237.725529][    C1] Rebooting in 86400 seconds..