last executing test programs:

3m14.740302023s ago: executing program 3 (id=7):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
socket(0x2a, 0x2, 0x0)
socket(0xa, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r0}], 0x2b, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x2, @empty, 0xa098}, {0xa, 0x4e21, 0x8000009, @mcast1}, r2, 0x4040099d}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

3m14.600156931s ago: executing program 3 (id=8):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x1, 0x5, 0x0, 'queue0\x00', 0x5})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000000)={0x0, 0xfffffff8, 0x80})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xd, &(0x7f00000000c0)=0x1)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file2\x00', 0x8, 0xdfcd)

3m8.42734101s ago: executing program 3 (id=12):
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

3m3.718256859s ago: executing program 0 (id=18):
mount$cgroup2(0x0, 0x0, &(0x7f0000000100), 0x8081, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x84600)
modify_ldt$write(0x1, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000200)={{0x2, 0x0, 0x7, 0x0, 0xfffffe00}})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000001000000000000000000008500000030000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ptrace(0x10, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='debugfs\x00', 0x0, &(0x7f0000000180)='gid=1\x00\x1c\x00\x00\x00m\xbe\xd7\xa9:\n\xf9\b\rk[\xa1\xcc\xd6\xa28|5}(\x06l\xa8\x86di\xf3vJ,S.\xc3\x9b\xaaNj0\xef\x810EZ\xb6\x16\x88AZg`\xee\xe2\x93r\xd7\xa3v\x1f\xdb\x04\xd1\xe0\xabR \xeb\x80\r\x1b\x17\x0e\r\x93<T\xea\xab\x19\xed\xfd\x8c-\xd4\x10\xb8\xfc\xf7F\a\x00\x00\x00W\x02\xa2\x1ed\x1fe\xd4\xec\xe8\v(\rn\x82\xa6W\x00\x00\x00\x00\x00\x00\x00\x9c\x83\xbd\xd7|\x10\x9c\xdf~\xcc\xd3\xad\x16\xd1Y\xcf\x01`\xd5\x0152\xa8E\xac\a\xd6a>K\xe6\xc3BFz\xba\x7f\xc0\x1e@\xe4\xd0\xea\x16\xaa-aR)\\\x16\x8b^>\xbf\x06p\xc8\x9b\xf0N:\x05F\xe7fJ\x9a8\xa4\xb0FA\x9a\xe9E\xf9GJaGTf\x0f\xec\xff\x00\xb4\x97\x86\xd1&\a\xb554\x86\xd7\xbdeY\xa6\x91\r@<q\x85\xf9\x8b\xe4I\xdf\r\xdd\x9f3)\xfc\x04c\xb2\xd1\xcb\x1a\xaeG\xeb/\x90\x873,\x0f\xe5\x0e\xcd\tI^^\xf5q\x9d`\x8b\xad\xd3\t<K,\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00')

3m2.433664002s ago: executing program 3 (id=23):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f91b50090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33396d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x6}], 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x5, 0x10}, 0xc)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
pipe2$9p(&(0x7f0000000080)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r10, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r9, 0x0, r0, 0x0, 0xffff, 0x2)

3m0.980166834s ago: executing program 3 (id=27):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc29c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x0, 0x0, 0x4}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, &(0x7f00000005c0))
r5 = socket$inet6(0xa, 0x5, 0x136)
ioctl$BTRFS_IOC_BALANCE_CTL(r5, 0x40049421, 0x3)
syz_usb_control_io(r3, &(0x7f0000000840)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="200da0"], 0x0, 0x0, 0x0, 0x0}, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='romfs\x00', 0x200000, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r6=>0x0})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000580)=""/174, 0xff56)
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={0x28, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

3m0.187896833s ago: executing program 0 (id=29):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r4, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

2m58.126840784s ago: executing program 0 (id=31):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r4, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24044800}, 0x20000040)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd020073797a5f74756e000000000000000000050005000300000043b076c60ceeaea845d13ee388b415699fbbe30889a95b8e6cf52019676c809b7079b2b7c7840b0ea68ee5eb2a2883dd70645e8fa8cb7cf13f238eae44573df4a9274a01152578ec500f775348e19d3c9ccc711bdf076d78d8e4544045af6f165b63746842d680dd5b693f14084b60fd3c38e29ca36e15f8b490934700"/170], 0x34}, 0x1, 0x0, 0x0, 0x20009805}, 0x4000080)
chdir(&(0x7f00000001c0)='./bus\x00')

2m56.480834463s ago: executing program 3 (id=36):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x226, 0x0, 0x38a8}]})
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000005c0)={'dt2817\x00', [0x4f27, 0x80000000, 0x4, 0x4, 0x5, 0x40000005, 0x656b, 0x7, 0x10001, 0xfd, 0x2, 0x1, 0x1, 0x400001, 0x6, 0xff, 0x0, 0x82, 0x3, 0x40000003, 0x8a, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000019ffffff0000000000000004180100002020732500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
io_uring_setup(0x24, &(0x7f0000000040)={0x0, 0x73e9, 0x1f410, 0x1, 0x19c})
syz_emit_ethernet(0x27, &(0x7f0000000080)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffffffff, 0x7}]}}}}}}}, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r7, 0x84, 0x16, &(0x7f00000001c0)={0x1, [0x3]}, &(0x7f0000000200)=0x6)
syz_emit_ethernet(0x8a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500007c000000008106907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac0400ca90781000080a0000000e00000fbc01fe06e2d4c3d9080a000000010000008afe13f989444e38ca11b9096239c28c183b3f1312a20f8dc661fe22bd2f7556512830127a3fa7b700"/91], 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10)

2m54.927199477s ago: executing program 0 (id=39):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xa}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x226, 0x0, 0x38a8}]})
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000005c0)={'dt2817\x00', [0x4f27, 0x80000000, 0x4, 0x4, 0x5, 0x40000005, 0x656b, 0x7, 0x10001, 0xfd, 0x2, 0x1, 0x1, 0x400001, 0x6, 0xff, 0x0, 0x82, 0x3, 0x40000003, 0x8a, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000019ffffff0000000000000004180100002020732500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
io_uring_setup(0x24, &(0x7f0000000040)={0x0, 0x73e9, 0x1f410, 0x1, 0x19c})
syz_emit_ethernet(0x27, &(0x7f0000000080)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffffffff, 0x7}]}}}}}}}, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r7, 0x84, 0x16, &(0x7f00000001c0)={0x1, [0x3]}, &(0x7f0000000200)=0x6)
syz_emit_ethernet(0x8a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500007c000000008106907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac0400ca90781000080a0000000e00000fbc01fe06e2d4c3d9080a000000010000008afe13f989444e38ca11b9096239c28c183b3f1312a20f8dc661fe22bd2f7556512830127a3fa7b700"/91], 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10)

2m51.908699332s ago: executing program 0 (id=43):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f91b50090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33396d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x6}], 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x5, 0x10}, 0xc)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
pipe2$9p(&(0x7f0000000080)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r10, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r9, 0x0, r0, 0x0, 0xffff, 0x2)

2m50.696900923s ago: executing program 0 (id=45):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x51}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = syz_io_uring_setup(0x230, &(0x7f0000000080)={0x0, 0x20, 0x10100}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0xfffffffffffffc76)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001ac0)={r6, 0x0, {0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x3, 0x3, 0x15, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f0000faffffff000010e200", [0xfffffffffffffffe, 0x7]}})
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e9000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r8 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0xc2)
r9 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r9, 0x847ba, 0x0, 0xe, 0x0, 0x0)
write$FUSE_IOCTL(r8, &(0x7f0000000100)={0x20}, 0xfdef)

2m40.682764261s ago: executing program 32 (id=36):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x226, 0x0, 0x38a8}]})
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000005c0)={'dt2817\x00', [0x4f27, 0x80000000, 0x4, 0x4, 0x5, 0x40000005, 0x656b, 0x7, 0x10001, 0xfd, 0x2, 0x1, 0x1, 0x400001, 0x6, 0xff, 0x0, 0x82, 0x3, 0x40000003, 0x8a, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000019ffffff0000000000000004180100002020732500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
io_uring_setup(0x24, &(0x7f0000000040)={0x0, 0x73e9, 0x1f410, 0x1, 0x19c})
syz_emit_ethernet(0x27, &(0x7f0000000080)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffffffff, 0x7}]}}}}}}}, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r7, 0x84, 0x16, &(0x7f00000001c0)={0x1, [0x3]}, &(0x7f0000000200)=0x6)
syz_emit_ethernet(0x8a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500007c000000008106907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac0400ca90781000080a0000000e00000fbc01fe06e2d4c3d9080a000000010000008afe13f989444e38ca11b9096239c28c183b3f1312a20f8dc661fe22bd2f7556512830127a3fa7b700"/91], 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10)

2m35.249024324s ago: executing program 33 (id=45):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x51}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = syz_io_uring_setup(0x230, &(0x7f0000000080)={0x0, 0x20, 0x10100}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0xfffffffffffffc76)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001ac0)={r6, 0x0, {0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x3, 0x3, 0x15, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f0000faffffff000010e200", [0xfffffffffffffffe, 0x7]}})
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e9000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r8 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0xc2)
r9 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r9, 0x847ba, 0x0, 0xe, 0x0, 0x0)
write$FUSE_IOCTL(r8, &(0x7f0000000100)={0x20}, 0xfdef)

1m8.387478158s ago: executing program 1 (id=225):
r0 = memfd_create(&(0x7f0000000040)='rootmode', 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)='E', 0x1}], 0x1, 0x0, 0x8)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}})
syz_clone3(&(0x7f0000000300)={0x800000, 0x0, 0x0, 0x0, {0x2f}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff], 0x1}, 0x58)
r2 = accept$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000140)=0x6e)
recvmsg$unix(r2, &(0x7f00000002c0)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000400)=""/105, 0x69}, {&(0x7f0000000480)=""/138, 0x8a}, {&(0x7f0000000540)=""/95, 0x5f}, {&(0x7f00000005c0)=""/117, 0x75}], 0x4}, 0x12000)

1m7.958455577s ago: executing program 1 (id=226):
mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000240)={0x100171, 0xf9}, 0x20)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_print_times', 0x169a82, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xfffff6bd}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8)
sendto$inet6(r1, &(0x7f00000000c0)="e9", 0xfffffffffffffe86, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r2 = openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r2, &(0x7f0000003480)=[{&(0x7f0000003240)='@i', 0x2}], 0x1)
sendfile(r0, r2, 0x0, 0x7)

1m7.804557817s ago: executing program 1 (id=227):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b7000000000000009500"/121], &(0x7f0000000080)='GPL\x00', 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$sock(r2, &(0x7f0000002600)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0xffffffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x4}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="b40461c0f216d99cd440a07d69faae3fe95062d94f94b45c6a5ca0689e63e91dce7e89fc7fcf7ffd23259263f731e8ac7c2f6badd0a26a4eaee4387fb2315053fe3ea32bb2cf986c8980217e5016d3d4dec5a84dfaa1c951f2cdeb10c04d7c01c3d773694f2b2c849d886ec875858b41a29d4473748f9a598e294709208043c7bc4916f850c17c363c38416d78c443f4f37f933595bd8d453902354d46dd2e348adb3e86c02ddab2917f54cf502eabfd29785be987d08ec11f8a2081da22b0fe329a0c224b504fa009b3f964b30446fedb288ffe4aa8b8120a19bf40f173a47a8d464702e9a4b225a8adb6a31fd31f8f329294fdcb459e51687290694d", 0xfd}, {&(0x7f0000000300)="74fb6849fc0f47ca41606e4579ded149255ab0a36dcba194769716367df635670377fae91ecb7cb62d9694e2428498b6ae6d0bb90b687cc3097c5a852b605c0ec409b3246b074a58cf8c2460ebe7da3f2b4e98277233aa0cae81e895a6aeae74fc559719ede990232692754c5afbd829b58106f7d4db905cf471f793b9f81a83863fb388bd13", 0x86}, {&(0x7f0000000740)="798391f4b97d1933dd4f6d2cc25e3d4abc7d91dad4ac00ed0cd3ef534368dd0c30d0cdea17caf3c8dee1903dbbb4665ba6749b27762cf38284ca7f640b295d0b77f457151fc6b959d40a110f392d1e9b83a90db7326e4907a5b2b3de1102d853e97a1e987c5dfba2b934b4fb123b6a85e37ff2069117af44662f64772072723838021257e571c68c3ca74847203280326a0db7d2af4291a4284c65fe8a846733531a23d486c47cce0f5a8c086613cb2764d361c57888e6ba6d7f9e05dfee5d6f46b46752b12c88af9da9f6da08e70d578c5ff3ae1fe58e448d0e8a3e4ccf7f4d4fff519054ee97c55e2fe7aea246fa7fc6fb14af4319a7a73e7e86c653d9b48186d4eec5a2a496b3f1ec832a2861fb82e4f835c2440d7c58d608013cc42ee7be6c3bcea7aea98bc6965ace901c945baaf740901b67188eca3b4731bc693f51eec96fea20b2b8cf91c7f73e0fff64b786538114d858e682026fcc5ad38c6f6a56ddf121d2fa2661c89adb48706b563cdb8836c0fbc7b1e8d7e140f5e2d6c4cde9d9b3cf20b18e4127a050b63505e191fc58badd3408e4a460985ff39896c13b332ccec0bb19ae1eb93326960db69d8e81f2940b96790051c315114331bb8bbc78de07f335e408bb794e6b4ae4a43156cfffb001fe0538a18318e7a60521d3296dc6d1d8d180690be8f4307b56dfe0461764867d47c5bcf20fc0484db22a58739013a93e9847f9c715b2f789ee4317e230db0c004e22b0699f6715588b75803187a745e41d9c8438caf1fe7b35e6d0dc69a701e27d5522a6e05eb047b72040baed20449a8bf490cd10d1331c0c4cc634c2e55d28e23b363e0e444fb5525b9d10310ae475cd5572196052dcf81c31caba27d46eccf67efb146e9b892f8bd949626cab5621d8c6ba79c6b8717db1973c1f745d75da464ca511c5f11fb5c25e63ec09f0b0cffdfbc13d786aa96e2cc6b45dbfdc3986f22962b5c36ce704a8108ff077fc112d87f474a30bf7ca0d566c25109ff8d00d844c944d22a8b2e26a5616698fd21208e770cbc4de2b602ec738a105947a7da48713110d3334592f06da47139931875a030c428b016a4c51b3c5f57fd764756eb6202eb4349451fd69dca18629e5435fb27bab6006495df0607382d8bde69af404022bc8c6d97c3cc705661e2c68f892366bede80510455eeafe1bbf81e934f3dda49b380c8e57fa6fe60148bb97d423cb86d1ea2ffac87addb4571ff5293fa7b9dbd1cbf0685319bc4a19892662a2157aa00ac1aac869194c1f34f45aac3b7189f15485b50dea2ee7f1e82be9e347968cfe1c37d8bd302eb42616e93f8a048827e37ec4ac44c57dfb9c300b3ab1fe0b81198b2b4f9fb55770fe4c6b79aebd0df438dc4b844bedace31a3a0eea52c8f0bf138dbbed725fe7e74ce712c249af4610cc142c5c3d1ef9c48873d531623b38be3531ca4159cb67e6a369c9062e3d1dd3035e05a013ad7d0c3f816e5ddf57aa53bfdca7029fdf35a19a337186d9e74264ea1c2e78edef6311339cf09e8fbf6b746d0d14bcf755d31ca84b7d82b2e54058f35efda84d5df7884271acd32a27cd3bd76bb1eb0318463e87c93124c79823467bef7051455353f05ee5dec63b0e5d443e139cbceee388008d27823028441f6b9d46eb1f5a1021398cda22159e46c7651abf6457e829f77aad25ab10470c2ad1c33c2a7b2773828a523747f424ffd2de9afdde16893ce1afc55757e0a87df58a7c2df9c6d8ce4031b961b816cfd095d4afb2a204f6c99e441f3aae6b5f2d0e3d642453ad0d2721464b38f0037218ac42d2098c9706ab4bbf79e633b26be92e6220eaf537285d73777594e1c6185bc41248a669fd6a2004ea325021662eecdcf6e70cfe50b5824a8bb804c24398e1cfb230aefa5ad91cb69bb339306b1c34467f857a404916265bae63bce5ae090de94d9a7e6067f59f11bd7dc149104898ddee6a8ba0463c018122e00ef21768264a9ef1dcf6b9ae35b3c77337a3c5612f135f6f06da75382aab8e66ab54eb28ba7b8b59864bfb65b9fa1f554b5b0b4a92246b0152cbf3aee399dd7cf6e043e56ad7b1a2ad6c2544a25136e1722c7133cbb9adb065ed476aa2f92cc84e7dba83bef795953ed8c230f11a6066aebb6452415987283467b0ef24b08f2c4b2392b3f5b90d599bfd10dd3bdc485d34787b07fa4090c097b6d15c84a7e7f08521e4b1776a47ed4b3a95ec80cd71c3e10d8f83264ffdee942bb5ea17041e24403a732f1eacef84a2fa71b09d6a9672cbc60cf3dff29bc65d0b3779d2e13f0f896b93a655f27cb050bc9a147d0cff172dc313eb27e1edaba01e741572ac513fec1f2868f2eb9dca128e402571a21b555195ccfeaa8b34bb2055e4a91247e76463d63385cca4806d83c2d1cb0c4654d9e32d06d169126eea562e99595c413c91011f863217cefbd7b23ecf0bf52121a6ae1aa8db08b053a013feb1789892af1cc03968809110f7c14c22dc2af3a386544b7ea6ffa32995dc805e33d2522ba73b89c35aab19a774468d8b4fd9e69f5eb5d85b6b9edec77d498417258360c62e7fa5299c7adad8db8d9fad400e3e336c3f4866c961a602e774e71212632db187d37cf7dd6019fafeaf9198217e895c2459d3ac99a13e5c1114d7500799d2e4b5ce63ce3925a021c4a453f411e3c5915b26423bd67dd5b71367a687e4f787f58293f8f3db6eb0392994159e8994195ddea160524d1544e9d2a9c96344c26ffc5a2018952eaecd5dbce3b67a2e0060adfb2095cff267cb4c29fbaeccd8f726baaa11bf913714bab6aded4abd23396b1abffeda12681e1006388777f97ad08c17012f98c582cf25a7a13097cdade72c5f05e7bf869a9793f080fd9bc25b07d6810932a836a7607a2f821b277bc3eccc7180f396940decd085a8c612803a3373c31b54951b41d5768f6a2ab5a95cc7d496a8a0ac165c68338888407be618e2076bfbbbbc02ea88593c97254da943047e8e18358ee04a1fbaa02233164188462f19886f7d65608f5a4bb5ac11e72e43751a41ea47dfd6346530e25c5b2451958bad82e14726ed4ee81ca55fa13b7464c5f9b863a1887701bead28bdbfcb89a19938821fdbd4826cc1346d75a43a13e12c056f26e625880da069231aeeeef401e19fbc848b2876475a48fd79b748e1560425d1d8d4d27d5ef5a8624e0cbed396e6bc59ab1e037a5b0aadd04b15b71eec73a86d53c565c42d5b5a63c2857b77bf2e13c469bdf20b673b145e03bf6c8d674d2b5bec5faf071173e919d94ac1d5202e090282121dc725bbcc5c5b05e28b2f549469c96f3ef64a86c9307d296722f45a84b269d91496ed792b49d56357100b858ebf473a62028db2ef181884807b953026c9a1f8e98c64c62ee7b0bf661b6ee58dce61cbe8043e57d89539c4366b8e0aa499e613e359b00d40be810a9b3290c9f7ecca4710889350cf918c71b49fa1154dcd355b7fe990fbbd5dba56e14912fdbd9155cb7575c0c8d24844c6acd3e5c6e2d4d3f4204a282f650d770e00d2b9923cc6ffc062a64bff6dafa3019b40694b86b9caccb0412d981f3c78ec9553ecf3c45db9fe6b19bf44dd5799ae597a8ee8cec886e8f313918a173d193cb47cd76d2a345938af5ad7b3650f0dd09864b321f83c1a7e96c3c2c721d664976efb403aed07dd947a3bd72bf353d3547fb2184756c4028ef10d1cf128f9c74bd74e4f54606b72f074ab2adef928e597be5ee78c8fc0687de1c37dbd340b4093476d4807b019603606d55ce96ef5fa30f99a8e3101e2647c0cbe7acdc1034be320fe3f24b24545fd704c8d3896813a67227e3afbc5b2a9cd3199e2cfe8f5de36b4b91e2f2d825c15a59ea3301ef074fbde27782c862c0ebb2b05d00c7e7f5a2cf4ef480008cc1bb2ca54b05912c1699b60965d67151e0d26adb08e67a4cc51df7500066304ea5a5343b200dbc1dcfc437537ec2475e3388d81d8daf3b253fcd4c13ba79458f4afab7101b3fbad312c0731b55e772aaebf81aff7b420b0dfc756b1ee68d9f3d110edfbf5b86a2a6fe3236a04e1fc939925e00ed64685fc3e698b736b26c1b5a98967531e687654ea7e43c2977d6318c92965fbdbe73e3dfde8522425ac12e87b201785f33767d60e550169689b510a332c7dfd2b902845cafadcbc29ee229bca51a273564443fe3e2cb2061558c4d71b1f59945ec5b9826be492782d03c8bb0ced0bcfbf4bd1e800795fb24ae944f9cf7b45a20964d118ceafdb174d0d06fae7f7f7bf6a5ca8a2b744919782faed99efe0ff0c7b61f01793cb04cef05f5453df651eae41015ef9313e067f171653303945d93cd3aebd397b33dd8c8835aab6cbafae0241a1ad3cf619a8a7a70289682ce8d0f59930190825402dd9eb489b3d296f2128faf622d054e063961b39ef92bd9dc12f298dd7a7a25b787756f8a6594d9891f9ce1a24dd96ecc2050154f4893b927c7ae5a980b46e2733c09904a7977102d8bfd38e4c4d4acd81b6d847a54e03f9b7da47ba583e3ba5c3fda9a28959e7c7a7b9d556847c191e798fd57045e79e5943af8f486d3dc68a0301566ab830490c9305be3cbfe26803a3f060ba92882389cecf4d7c80dd2894c1ccfa519a5e5905821bfff3d3c612ffa975a57e0ee85f6403b53a381dabed9b648fd7a7ac32dfec504c9ab4f77252fbed8208ec2407fcac97b79111e953d767f3bf9d4744d68c4feb78df04ccaeae77120505b4bbd6c586dbb3d34e1f2d97220e98f0a70a5684dfb324a5f343db71c0a1c336525db94a4f1cd1b6629aee213356639d7e3ed9ed11e0732f044fb4a3e5d1b0647b6d8a92db196ad4c1cd77d96aaefeac95ade939e7037d2ee056b2e17559e81e112e5656f3b1d074f33e2c14a07f6f1fb23a765ff0f5ac93b2e5c7215f0fc8dea536237fc8d67dff5b53c3e5a491e5b59626ef7005ac6218069d57bc094c9b7fb9838259ae076eedfc7abccaba28c99d72a20ea93b0ec107b4538e322afd29684c5bcd8ad602adac27399dc0efbcd264c81ad83a01d75afa7e365cd8a0a27ae89b7ec8513980ae1253366357e4741b86d0a830f4087c560263f9e9cd37193da9e2401352d1f1f4dcb01c9b5e898e5f120cafa3cdbc46460f7bf0d77128ba9192dd41f93684eb2e86960bd6a6768f92238ba53c1e68fe5ed3145bcc2c28b26d79f1ae771fc74db321ed3ecae8817259e50e31393940de5b0b82fec3918111560035fed9d109dd9dae48e87cf20e4f4430b94e57c5771bacc696c3920c78379aa90f45f81420201e3a6b5987239ad665c084ff84bb11c2a4982438e9b0a8a99239aa206281ed80910b98ba0b7fefc9e69f2750f585316edbfc3a4ac5894c71011043c1a5086015567c60f28f33f627a6ccf1a64395328fd80430a352bb3a7e9143a9b0b8327db166a367bbfce6dca2f8e5a0cbc8d4e43e3febd1359e66fad5d4d61959ccbac3d8cad38240217e8f03148f44419918d4ecf0e8b0772f9b07ff34de20f40e07d172817e2d27de72d6b791383f1021e586d086e27e095dd294f8977e4893a2e9b61f8f6fbc6833331fe750b5bdc73ac60a3f2cb8ee9bec41fa86780da1e4f6bf15f4b1aa2ab095e6a01a02fd0b8b82b8852e8390f1235a3c93d285978d7298a7e249d20e6185e5c663dbd419e7e83209f49450238920fd6df44a3be02e0e915fd57b9766659c11535fa65628e6935a49846aaf71624a9c80d8d7e7f7ce7da7e83702e3cf3b665f6509bb90b34bba2096fd0da909622713ee42be064c0314250b6baf8f33", 0x1000}, {&(0x7f00000003c0)="f74d1f34286a9920bedfe0c96c40bf7706337721b168232476dc532c3b658d00598ec4724678270307c985df7e2711724c7bb96c61ea11cc701b829818214d371e57da63fdf8f92e10df2c6cffb58aff7e1451a02db708625a6635e2d919e2614146b07e68277988aa660d22f369a6366a4d5d9133f5d01a0cb7ff1cddd589f975d05a9884bc45b2", 0x88}], 0x4, &(0x7f0000000480)=[@timestamping={{0x14, 0x1, 0x25, 0xc5c}}, @mark={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x400}}], 0x60}}, {{&(0x7f0000000500)=@tipc=@name={0x1e, 0x2, 0x1, {{0x42, 0x2}, 0x3}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000580)="3049126748d23d30871965292d9365b5a78b26c06563272118f75ade3daacf1d08a14626421f04e3c87a92ce72d79da465a0f943ce41b71c471463e94badc5a87e8b4b87d037cd1047b36b40a430", 0x4e}, {&(0x7f0000000640)="df48cc1a0d3f71ec61274b3f67cf1a1648015da856e5b84f66862a174cca90d4b6081e30631d1f023f71b644697322855d072da6fefff387c9bb7309719de81e0dadb02bacc146cfd4bbb171db200d3640f87fdd4799a520b4", 0x59}, {&(0x7f00000027c0)="5c161a8698c1f3334b8230e0a5338b24c56e61ecd5748fe9eef8a8e7cc54042501740438b878cb4d832587d931547874f8753269ecf060ea49d72a963323f99a5ec963a43ea4deb447", 0x49}, {&(0x7f0000001900)="d94f9c61d1f5c986118d022512398360a4d94d950305585bd22e08265dc6eedbb2cafa0fcdad67b2b317a878ea92aab20a1ab51bd07d55b49613decd2468d7f12aff7894d5b272bd4d892c4dc3d5073fd134605740f80089ac99dde6a5b26477ac4f7d9404d7f7084072a2159f78eee34eacc4cc173eb712e5c6a946df59c8878bcce59020085b43207129b52e70c629646784a58727796e88722c3912ad8f26debd446b5790d21088a6cd6f0b8c8bb3", 0xb0}], 0x4}}, {{&(0x7f00000019c0)=@ieee802154={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0102}}}, 0x80, &(0x7f0000001ec0)=[{&(0x7f0000001a40)="1011d8208961ffbfc5fbfcd161af08b6a6d7a07edac2d7e740ff047191c0081a8c237cdbd80230b2a7db2caf92878fbb53f7894a155f21f452ba517eba04af1684", 0x41}, {&(0x7f00000006c0)="48cbccb72c891b54432919808507ae", 0xf}, {&(0x7f0000001ac0)="7be2a80edd115561352ed3c3665d9ddc1817e1bb2db8ca1b75b3ecb8b0ff5a47f2b7daaf1d9e47c44ed2e486e7f67367f160a5e0736585be5b57b1850da6073885ac9126a46c8b45a1253ddf378e294a9b13e2af23d63a7edcd57d10f9b97f832e00d8063dc191e53e2de96e9c344659580b09c84bc221421a593fbc2ec56efb3c64406a6d4ab8da8c4eb2326a2fa504b90f43630722f442921f62750c37eab25954c1dbae7c79ecda5bd39a87bf698bc0fb0c74db72e92c67b1585cdb68f540691ef028181cd3a020befb0f4bc20437ca058e3efff7f85a7c7c24fec165fae6afe1de549c727f6642402c2e1896805658a0d19953f69e6e13675fe051", 0xfd}, {&(0x7f0000001bc0)="8dc0ea780b4b35e95ca4a44b75101b5c720bcb970685f922b63a53d4386b955655e36565e0b592fc6fee28e52ee368463752a2238647347be8476d42504b9bb10bcf15ed01a9155f0df7b8837bd72d18c687d1a35f28cd2f1feebb40e48fe9fb79a43a3f7612b2ec48d7e54bbe606c329bd779c299e7739b00f448baecf2e8dc6d37d82d3022b44c4192ed156fa083bb8468b10340748a890feca5f22b6bb9529e97f6e9166b9aa19210b4664d03402a24fb6a61539c5fc7999f27ebd83fd24e516942eccda3f974f84d42796536ab15b192d41e99de463808a5638236c5308c", 0xe0}, {&(0x7f00000017c0)="a0ec8e1ed718c1e77c8f9476828d7d50e9e127258efb75f8d1815a541fba75968b3319d825af23793701da5d95a052bbe7496dfa3d9f037c45c94fd3f243", 0x3e}, {&(0x7f0000001cc0)="089746013d425ecfb0106dc608fdbf9114733c21b8c3e6b12f4442893b8a0df3a1404be4916d824e51991668683859304144d22edf92ff67b102d4a8fb6e95afb5b589035df2b1219e816c02135a5f68f8412e27a0358f964a19a85eea75869660e0acc26ee47a30b15f59d93d12174c92b6e00fa3f317fbbc76d80868158e5670cbba2bae4dcbdc8154b6546680471ac051ea76761020ae20cc866e2afd02a722e5829df4820dc41f1f982b5a5a318dafefe513ce3809703fd432e879f1fd416951b9d286bbd7ceb2dccaea9ced5a", 0xcf}, {&(0x7f0000001dc0)="d1b1f77a36f4b37946cfd74e58fe655a1400e9cf0f8091ebe5151bc7ea71fd1d4540d60880549ff61ac6b3907bd4041d0e1afc9b12c707cd879df7d1f10ac700f2c27e62411f35aaf61da8e6515c0493d97f62e4f2fe48b09b9b2a0c2461ea40af5f4cf04dd34ae779a42853b0647b772d2fd384dd7478cc5e46b4c6059c34aed8403db0c6e98c34d8c2e678bf401d8b3d9d16c81abe79b360dfb08c980ddd955c940adc27cb7b4d1064a952ff18f5a816ed075c7693d2e98f9e9039b9ee7e3dfbd91a698eb06b6a502ff8a1c0bd2c723d334d5c5bdf0e8cff2245a3bf9b8f96", 0xe0}], 0x7}}, {{&(0x7f0000001f40)=@ethernet={0x1, @remote}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001fc0)="a5bb4e7911c28fb6512bf53db5f3dbc9bf2bae03396b2f688192d771b15d8264c1abe183f7f4a3", 0x27}], 0x1, &(0x7f0000002040)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0xfffffffffffffffe}}, @txtime={{0x18, 0x1, 0x3d, 0xd4}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @mark={{0x14, 0x1, 0x24, 0xfffff000}}, @timestamping={{0x14, 0x1, 0x25, 0xffff}}], 0xf0}}, {{&(0x7f0000002140)=@vsock={0x28, 0x0, 0x2711}, 0x80, &(0x7f0000002480)=[{&(0x7f00000021c0)="589dd05611c098587ac2655e82c5274eaea77c1af7e43bfad176b5cd324fc9a7c34bbfa2f9bf960d337bb015829b8077fafafbe1bfa509d4b359acf561fd7a4a03bc3d9b6abe7f3a4e2979ee018c2b796492b5799d0282415dc8d7f68006c42895a7928a0c25e86ea3084059cbcc8b2c31d76d", 0x73}, {&(0x7f0000002240)="09b8ff5a9add68ddf2a6f8b7eae997cc39207c3b59ef660c6eed590fe239187b7f1b198f73df1abdb60aefe9cbf7ccdf816509701f89168a072f58f0c095e9c8ad97c29bd3f874e25901507e62cd68cee9d2911d631630ad", 0x58}, {&(0x7f00000022c0)="598f9491b0ea63a6", 0x8}, {&(0x7f0000002300)="779788c1babe3385bd56c818666b1ddcd1972ed0265622f71fef7b35be6a98ce84ba5a9249fa7b04d2f3f7358d982b0ca404dc485e3eb2eb1efb329576c0033b66031ac645c86e2fab72b84017df91b1694517d0754be9b673ebc95d0e263d2e", 0x60}, {&(0x7f0000002380)="b622f117a3c811010e688dd80fda53fbc2fa9e5767a88e1f6a7afd88c5de4f607560de37ddcc4d67feb98bf7aa7b5e7b3cf4f4ee465012c11d1d7b487d0a92b617610a9a53db4a9926443cf8b1a6829b6c5a59979b7630d917b5d8cf63cb8ed8ea3b69748c8c189474c32f7d7b3c915189f47e885b3185ceffa2044939f3a43b739aa81fb936aa86d90900ce2155d0c2688d50a0a8712869786912a0f5546da78ce3045ff2c619129ac7e222b01cc51099834a7484b1b2947e0c41", 0xbb}, {&(0x7f0000002440)="7f9b683c56bfa3", 0x7}], 0x6, &(0x7f0000002500)=[@mark={{0x14, 0x1, 0x24, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x100}}, @mark={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x40a}}, @mark={{0x14, 0x1, 0x24, 0x80000000}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @mark={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}], 0xd8}}], 0x5, 0x240040e1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@ipv6_newaddr={0x40, 0x14, 0x119, 0x70bd26, 0x25dfdbf5, {0xa, 0x8, 0x19, 0xfe, r5}, [@IFA_ADDRESS={0x14, 0x1, @loopback}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0xffffffff, 0x100, 0x7}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c051}, 0x8004)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5)
r9 = syz_open_procfs(r8, &(0x7f0000001780)='net/packet\x00')
pwritev(r9, &(0x7f0000000500)=[{0x0}, {&(0x7f00000002c0)='2', 0x1}], 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000000), 0x4)
unshare(0x20040600)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r10}, &(0x7f0000000540), &(0x7f0000000580)=r11}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r10, &(0x7f0000000780)}, 0x20)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000280)="fe112162c63e6da8bc8432", 0xb}], 0x2}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002780)={r1, r6, 0x25, 0x1a, @val=@kprobe_multi=@addrs={0x0, 0x7, 0x0, &(0x7f0000002740)=[0xffffffffffffffff, 0x8, 0x9, 0xff, 0x120000000000000, 0x9, 0x7], 0x5}}, 0x30)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[], 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
pipe2$watch_queue(&(0x7f0000000700), 0x80)

1m6.511820218s ago: executing program 1 (id=229):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000001600)={{0x0, 0x80000000000008, 0x1010, 0x13, 0x1e, 0x3ff, 0x1, 0x2000005, 0x9, 0x4, 0xfffffff8, 0x1, 0x0, 0x6, 0x9}})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000006c0)={'#! ', '', [], 0xa, "a7fdb687d4c1116ddaaa36069e36e3afecbc789623c897b32489a0d9382fe63fafb572191231becf3ab6cdabdd191f271084b12a5f2f46c768043596da09c36830ae8fa319ef0beaf1315dfad8495d8193e3abd29ed817c8545b5eb983e1d79041cecfeecc8d909ebcdc465b018b7b2a2a33c72c72a9da13d96ef08edf125227dda2c5e9f2913bcb8868f22eaaf63563bc38d9a6a96f6c0e7424e2f657c917656b7208f94dfa8a6a37b0fed1e20f00000000000000fb6cc0dab8"}, 0xbe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
clock_nanosleep(0x3, 0x0, &(0x7f0000000180)={0x77359400}, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000826000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x5f, 0x0, 0x0)
ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0xffff1000, '\x00', 0x654})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000080))
setresuid(0x0, 0xee00, 0x0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
io_setup(0x9, &(0x7f00000000c0))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x20001, 0x143)
socket$packet(0x11, 0x3, 0x300)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r5}, 0x18)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r6, &(0x7f00000004c0)=[{{&(0x7f0000000540)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffff9}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="24000000000000002900000093e952d264d93f92000000000000ffffac1414aa", @ANYRESHEX=r5, @ANYBLOB="0000ad2c6729d08e13a0000029000000320000000000000000000000abae0d169bc91754180f92e91642694539a26ef756f23b6900777ad700a6287e4a4b30be2fd0f156f1bb72944336243af5a5c9f7312e509f5fb94f3842c229c2e7211b279a8ac222df284d0fc3ba310a1806d01f4f95512ceb9c2dea1ed756567d88cbdc3b676d41080a4a4e4d9e8fe3f6ba3e3e9e480a4b622ac55a0a21a4ce2c70e549c315cd9bd4bae2f100000000000000000000000000000000000000000000000000baeffe3654fb25303c2fe688d30f1f6493a0461b7b326a"], 0x40}}], 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0xc, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000080)=0x2)

1m4.27479171s ago: executing program 1 (id=234):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/igmp6\x00')
preadv(r0, &(0x7f0000002400)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1, 0x39c5, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000b00)={0xa, @pix_mp={0xffff, 0x8011, 0x31324d59, 0x7, 0x9, [{0x2319, 0x81}, {0xfffffffd, 0x7}, {0x4, 0xadf}, {0x5, 0x4018}, {0x0, 0x8}, {0x6}, {0x0, 0x9}, {0xaa}], 0x7f, 0x0, 0x1, 0x0, 0x2}})
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f0000000080)='dirsync\x00', &(0x7f00000000c0)='./file0\x00', r4)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r7 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0xfffd, 0x0, 0x0, 0xa}, {0x0, 0x2, 0x4}, {0x0, 0x4, 0x1, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x2, 0x7}}, 0xe8)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0)
name_to_handle_at(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=@orangefs_parent={0x28, 0x2, {{"2e249865eb854355aeff2ea3812d8470", 0xb1}, {"75b6dcf761e3145303f7943a8d89b1f7", 0x1}}}, &(0x7f0000000140), 0x600)
r8 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001a00010026bd700002000000022000830001"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

55.80899884s ago: executing program 4 (id=245):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYRES16=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0x0, 0x0}, 0x10)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
r4 = openat$sw_sync(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x2, 0x81)
r9 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x5, "4fcfefd131b8e6a38c25f5998e5bf421e48f4b0a501922de974a3300", <r10=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000180)={"2486970284ed923431d400001e000000a9201be9f7f0672f4000", r10, <r11=>0xffffffffffffffff})
close_range(r8, r11, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x12, r12, {0x0, 0x7}, {0x3, 0xffff}, {0x8, 0xc}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x401}]}}, @qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1, 0x81, 0x2, 0x6, 0x1}, 0x0, 0x0, 0x4, 0x8, 0xe, 0x7, 0xd, 0x5, 0x1, 0xdb, {0xb2f, 0x0, 0x9, 0x4, 0x6, 0x6}}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x808}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x3}]}, 0xa4}}, 0x4000010)

51.671174142s ago: executing program 1 (id=246):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYRES32, @ANYRESDEC=r1, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a31000000000900010073797a3000000000090003"], 0x68}, 0x1, 0x0, 0x0, 0x40009c5}, 0x4000)
setxattr$security_ima(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r2 = socket(0x11, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0ffffff0000000003000010850000002c00000085000000d000000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x355}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r5 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="1201100100000008b507120300000000000109022400010000000609040020010300020009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
r6 = openat$cgroup_ro(r0, &(0x7f0000000580)='freezer.state\x00', 0x275a, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB='\"\x00\x00\bO\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r6, @ANYBLOB, @ANYRES64=0x0], 0x20)
r7 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x8a33}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0xfffffff9}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x44}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={r6, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x5, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe10859892d0000b420a9c81f40f05f819e01177d3d458dac00001000020000000020000000000400", "90be8b1c5512406c7f00", [0x4, 0x5]}})

48.025794686s ago: executing program 4 (id=248):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = gettid()
tkill(r5, 0xb)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0087cbd3d3a319f9ba0000000000000a0000040500e50007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
syz_open_dev$vbi(0x0, 0x0, 0x2)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000000900"/20], 0x14}, 0x1, 0x0, 0x0, 0x20004810}, 0x8000)

45.913524891s ago: executing program 4 (id=250):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000700)=[{0x0, 0x0, 0x0}], 0x1, 0x4000000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x102, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)

45.486786514s ago: executing program 4 (id=251):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0xb, 0x8})
clock_gettime(0x0, &(0x7f0000000040))
clock_gettime(0x0, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000000)={{}, {0x77359400}}, &(0x7f00000000c0))
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

42.021755863s ago: executing program 4 (id=253):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = gettid()
tkill(r6, 0xb)
r7 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0087cbd3d3a319f9ba0000000000000a0000040500e50007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
syz_open_dev$vbi(0x0, 0x0, 0x2)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000000900"/20], 0x14}, 0x1, 0x0, 0x0, 0x20004810}, 0x8000)

40.136231718s ago: executing program 4 (id=255):
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000080000008b04"])

32.335025147s ago: executing program 34 (id=246):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYRES32, @ANYRESDEC=r1, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a31000000000900010073797a3000000000090003"], 0x68}, 0x1, 0x0, 0x0, 0x40009c5}, 0x4000)
setxattr$security_ima(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r2 = socket(0x11, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0ffffff0000000003000010850000002c00000085000000d000000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x355}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r5 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="1201100100000008b507120300000000000109022400010000000609040020010300020009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
r6 = openat$cgroup_ro(r0, &(0x7f0000000580)='freezer.state\x00', 0x275a, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB='\"\x00\x00\bO\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r6, @ANYBLOB, @ANYRES64=0x0], 0x20)
r7 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x8a33}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0xfffffff9}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x44}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={r6, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x5, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe10859892d0000b420a9c81f40f05f819e01177d3d458dac00001000020000000020000000000400", "90be8b1c5512406c7f00", [0x4, 0x5]}})

24.551215786s ago: executing program 35 (id=255):
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000080000008b04"])

21.630809683s ago: executing program 2 (id=265):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x10000})
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0})

20.731432899s ago: executing program 2 (id=266):
syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r1 = socket$inet(0x2, 0x2, 0x1)
creat(&(0x7f0000000900)='./file0\x00', 0x1a)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800a000100696e6e657200000040000280080004400000001a0800034000000007080002400000008f08000140000000001c000580f8ff00007061796c6f6164000c000280080036d3345a00040900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES8, @ANYBLOB='\x00'/28], 0x50)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000000))
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000000), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000024)

19.946803077s ago: executing program 2 (id=267):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x94)
mount$cgroup2(0x0, 0x0, &(0x7f0000000100), 0x8081, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x84600)
modify_ldt$write(0x1, 0x0, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000200)={{0x2, 0x0, 0x7, 0x0, 0xfffffe00}})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000001000000000000000000008500000030000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ptrace(0x10, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='debugfs\x00', 0x0, &(0x7f0000000180)='gid=1\x00\x1c\x00\x00\x00m\xbe\xd7\xa9:\n\xf9\b\rk[\xa1\xcc\xd6\xa28|5}(\x06l\xa8\x86di\xf3vJ,S.\xc3\x9b\xaaNj0\xef\x810EZ\xb6\x16\x88AZg`\xee\xe2\x93r\xd7\xa3v\x1f\xdb\x04\xd1\xe0\xabR \xeb\x80\r\x1b\x17\x0e\r\x93<T\xea\xab\x19\xed\xfd\x8c-\xd4\x10\xb8\xfc\xf7F\a\x00\x00\x00W\x02\xa2\x1ed\x1fe\xd4\xec\xe8\v(\rn\x82\xa6W\x00\x00\x00\x00\x00\x00\x00\x9c\x83\xbd\xd7|\x10\x9c\xdf~\xcc\xd3\xad\x16\xd1Y\xcf\x01`\xd5\x0152\xa8E\xac\a\xd6a>K\xe6\xc3BFz\xba\x7f\xc0\x1e@\xe4\xd0\xea\x16\xaa-aR)\\\x16\x8b^>\xbf\x06p\xc8\x9b\xf0N:\x05F\xe7fJ\x9a8\xa4\xb0FA\x9a\xe9E\xf9GJaGTf\x0f\xec\xff\x00\xb4\x97\x86\xd1&\a\xb554\x86\xd7\xbdeY\xa6\x91\r@<q\x85\xf9\x8b\xe4I\xdf\r\xdd\x9f3)\xfc\x04c\xb2\xd1\xcb\x1a\xaeG\xeb/\x90\x873,\x0f\xe5\x0e\xcd\tI^^\xf5q\x9d`\x8b\xad\xd3\t<K,\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00')

17.529941703s ago: executing program 2 (id=268):
syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r1 = socket$inet(0x2, 0x2, 0x1)
creat(&(0x7f0000000900)='./file0\x00', 0x1a)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800a000100696e6e657200000040000280080004400000001a0800034000000007080002400000008f08000140000000001c000580f8ff00007061796c6f6164000c000280080036d3345a00040900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES8, @ANYBLOB='\x00'/28], 0x50)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000000))
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000000), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000024)

15.954358226s ago: executing program 2 (id=269):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x40, &(0x7f0000000600)=ANY=[@ANYBLOB='mpol=local='])

15.554559582s ago: executing program 2 (id=270):
shutdown(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f00000005c0)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "0587a06a93f2aad4", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
shutdown(r0, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010200000000000000000a0000080900010073797a31000000005800048054000180090001006d6e74610000000044000280080001400000000c080003400000000008000340000000170800014000000003080002400000002308000140000000120800024000000018080002"], 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x44000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd(0x3)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x8, r8})
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f00000000c0)=""/223, &(0x7f00000001c0)=0xdf)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000003c0)={0xb03, 0x3000, 0x8, r8, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000079107a00000000001da00000010000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
epoll_create1(0x0)

0s ago: executing program 36 (id=270):
shutdown(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f00000005c0)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "0587a06a93f2aad4", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
shutdown(r0, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010200000000000000000a0000080900010073797a31000000005800048054000180090001006d6e74610000000044000280080001400000000c080003400000000008000340000000170800014000000003080002400000002308000140000000120800024000000018080002"], 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x44000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd(0x3)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x8, r8})
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f00000000c0)=""/223, &(0x7f00000001c0)=0xdf)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000003c0)={0xb03, 0x3000, 0x8, r8, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000079107a00000000001da00000010000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
epoll_create1(0x0)

kernel console output (not intermixed with test programs):

[  T981] usb 3-1: SerialNumber: syz
[  150.109914][  T981] usb 3-1: config 0 descriptor??
[  150.126897][ T6149] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  150.158282][  T981] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9
[  151.424726][ T5808] Bluetooth: hci5: command tx timeout
[  153.514487][ T5808] Bluetooth: hci5: command tx timeout
[  155.584709][ T5808] Bluetooth: hci5: command tx timeout
[  156.894956][ T1229] usb 3-1: USB disconnect, device number 4
[  156.895025][    C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  157.308697][ T5804] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  157.313458][ T5804] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  157.329980][ T5804] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  157.332122][ T5804] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  157.333639][ T5804] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  157.509791][ T6170] FAULT_INJECTION: forcing a failure.
[  157.509791][ T6170] name failslab, interval 1, probability 0, space 0, times 0
[  157.509829][ T6170] CPU: 0 UID: 0 PID: 6170 Comm: syz.1.68 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  157.509863][ T6170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  157.509877][ T6170] Call Trace:
[  157.509886][ T6170]  <TASK>
[  157.509895][ T6170]  dump_stack_lvl+0x189/0x250
[  157.509936][ T6170]  ? __pfx____ratelimit+0x10/0x10
[  157.509965][ T6170]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.510001][ T6170]  ? __pfx__printk+0x10/0x10
[  157.510036][ T6170]  ? __pfx___might_resched+0x10/0x10
[  157.510061][ T6170]  ? fs_reclaim_acquire+0x7d/0x100
[  157.510100][ T6170]  should_fail_ex+0x46c/0x600
[  157.510141][ T6170]  should_failslab+0xa8/0x100
[  157.510178][ T6170]  __kmalloc_noprof+0xcc/0x7d0
[  157.510210][ T6170]  ? tomoyo_encode+0x28b/0x550
[  157.510244][ T6170]  tomoyo_encode+0x28b/0x550
[  157.510278][ T6170]  tomoyo_realpath_from_path+0x58d/0x5d0
[  157.510323][ T6170]  tomoyo_check_open_permission+0x1c1/0x3b0
[  157.510362][ T6170]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  157.510399][ T6170]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  157.510473][ T6170]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  157.510504][ T6170]  ? tomoyo_file_open+0x169/0x230
[  157.510539][ T6170]  security_file_open+0xb1/0x270
[  157.510563][ T6170]  do_dentry_open+0x378/0x1350
[  157.510598][ T6170]  vfs_open+0x3b/0x350
[  157.510616][ T6170]  ? path_openat+0x2ed9/0x3840
[  157.510646][ T6170]  path_openat+0x2ef1/0x3840
[  157.510680][ T6170]  ? try_to_take_rt_mutex+0x840/0xb00
[  157.510747][ T6170]  ? __pfx_path_openat+0x10/0x10
[  157.510774][ T6170]  ? do_raw_spin_lock+0x121/0x290
[  157.510813][ T6170]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  157.510852][ T6170]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.510890][ T6170]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.510931][ T6170]  do_filp_open+0x1fa/0x410
[  157.510960][ T6170]  ? __pfx_do_filp_open+0x10/0x10
[  157.510983][ T6170]  ? rt_mutex_slowunlock+0x493/0x8a0
[  157.511037][ T6170]  ? alloc_fd+0x64f/0x6c0
[  157.511082][ T6170]  do_sys_openat2+0x121/0x1c0
[  157.511110][ T6170]  ? __pfx_do_sys_openat2+0x10/0x10
[  157.511137][ T6170]  ? ksys_write+0x230/0x260
[  157.511169][ T6170]  ? __pfx_ksys_write+0x10/0x10
[  157.511201][ T6170]  __x64_sys_openat+0x138/0x170
[  157.511231][ T6170]  do_syscall_64+0xfa/0xfa0
[  157.511273][ T6170]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.511294][ T6170]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  157.511317][ T6170]  ? clear_bhb_loop+0x60/0xb0
[  157.511345][ T6170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.511368][ T6170] RIP: 0033:0x7fe2ac7befc9
[  157.511388][ T6170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.511408][ T6170] RSP: 002b:00007fe2aa9fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  157.511432][ T6170] RAX: ffffffffffffffda RBX: 00007fe2aca16090 RCX: 00007fe2ac7befc9
[  157.511449][ T6170] RDX: 00000000000c5001 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  157.511464][ T6170] RBP: 00007fe2aa9fd090 R08: 0000000000000000 R09: 0000000000000000
[  157.511478][ T6170] R10: 0000000000000104 R11: 0000000000000246 R12: 0000000000000001
[  157.511492][ T6170] R13: 00007fe2aca16128 R14: 00007fe2aca16090 R15: 00007ffc76558258
[  157.511530][ T6170]  </TASK>
[  157.541514][ T6170] ERROR: Out of memory at tomoyo_realpath_from_path.
[  157.960434][ T6130] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.960524][ T6130] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.960712][ T6130] bridge_slave_0: entered allmulticast mode
[  157.985066][ T6130] bridge_slave_0: entered promiscuous mode
[  158.070060][ T6130] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.070155][ T6130] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.070349][ T6130] bridge_slave_1: entered allmulticast mode
[  158.103723][ T6130] bridge_slave_1: entered promiscuous mode
[  158.661616][ T6130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.679922][ T6130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.766173][ T5878] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  158.795314][ T6184] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  159.374396][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.641190][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.654193][ T5804] Bluetooth: hci6: command tx timeout
[  160.755978][ T5878] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  160.756018][ T5878] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.756044][ T5878] usb 5-1: config 0 interface 0 has no altsetting 0
[  160.756081][ T5878] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  160.756107][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.762327][ T5878] usb 5-1: config 0 descriptor??
[  161.191001][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.818234][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.704957][ T5804] Bluetooth: hci6: command tx timeout
[  164.596476][ T5878] usbhid 5-1:0.0: can't add hid device: -71
[  164.596614][ T5878] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  164.634516][ T5878] usb 5-1: USB disconnect, device number 5
[  164.784762][ T5804] Bluetooth: hci6: command tx timeout
[  165.201781][ T6130] team0: Port device team_slave_0 added
[  165.215281][ T6130] team0: Port device team_slave_1 added
[  165.371553][ T5878] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  165.421556][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.471903][ T6215] FAULT_INJECTION: forcing a failure.
[  165.471903][ T6215] name failslab, interval 1, probability 0, space 0, times 0
[  165.471929][ T6215] CPU: 0 UID: 0 PID: 6215 Comm: syz.1.82 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  165.471947][ T6215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  165.471956][ T6215] Call Trace:
[  165.471962][ T6215]  <TASK>
[  165.471969][ T6215]  dump_stack_lvl+0x189/0x250
[  165.471998][ T6215]  ? __pfx____ratelimit+0x10/0x10
[  165.472019][ T6215]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.472051][ T6215]  ? __pfx__printk+0x10/0x10
[  165.472075][ T6215]  ? __lock_acquire+0xab9/0xd20
[  165.472102][ T6215]  should_fail_ex+0x46c/0x600
[  165.472127][ T6215]  ? skb_clone+0x212/0x3a0
[  165.472146][ T6215]  should_failslab+0xa8/0x100
[  165.472171][ T6215]  ? skb_clone+0x212/0x3a0
[  165.472188][ T6215]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  165.472215][ T6215]  skb_clone+0x212/0x3a0
[  165.472238][ T6215]  __netlink_deliver_tap+0x404/0x850
[  165.472265][ T6215]  ? netlink_deliver_tap+0x2e/0x1b0
[  165.472285][ T6215]  netlink_deliver_tap+0x19c/0x1b0
[  165.472302][ T6215]  netlink_unicast+0x811/0xa10
[  165.472334][ T6215]  ? __pfx_netlink_unicast+0x10/0x10
[  165.472360][ T6215]  ? netlink_sendmsg+0x642/0xb30
[  165.472376][ T6215]  ? skb_put+0x11b/0x210
[  165.472395][ T6215]  netlink_sendmsg+0x805/0xb30
[  165.472411][ T6215]  ? is_bpf_text_address+0x26/0x2b0
[  165.472442][ T6215]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.472466][ T6215]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  165.472489][ T6215]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.472507][ T6215]  __sock_sendmsg+0x21c/0x270
[  165.472538][ T6215]  ____sys_sendmsg+0x508/0x820
[  165.472573][ T6215]  ? __pfx_____sys_sendmsg+0x10/0x10
[  165.472612][ T6215]  ? import_iovec+0x74/0xa0
[  165.472638][ T6215]  ___sys_sendmsg+0x21f/0x2a0
[  165.472659][ T6215]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.472706][ T6215]  ? __fget_files+0x2a/0x420
[  165.472728][ T6215]  ? __fget_files+0x3a6/0x420
[  165.472759][ T6215]  __x64_sys_sendmsg+0x1a1/0x260
[  165.472780][ T6215]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  165.472807][ T6215]  ? __pfx_ksys_write+0x10/0x10
[  165.472830][ T6215]  ? do_syscall_64+0xbe/0xfa0
[  165.472855][ T6215]  do_syscall_64+0xfa/0xfa0
[  165.472876][ T6215]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.472897][ T6215]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.472913][ T6215]  ? clear_bhb_loop+0x60/0xb0
[  165.472932][ T6215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.472947][ T6215] RIP: 0033:0x7fe2ac7befc9
[  165.472961][ T6215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.472975][ T6215] RSP: 002b:00007fe2aaa1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  165.472991][ T6215] RAX: ffffffffffffffda RBX: 00007fe2aca15fa0 RCX: 00007fe2ac7befc9
[  165.473003][ T6215] RDX: 0000000010000000 RSI: 0000200000000280 RDI: 0000000000000006
[  165.473013][ T6215] RBP: 00007fe2aaa1e090 R08: 0000000000000000 R09: 0000000000000000
[  165.473029][ T6215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.473038][ T6215] R13: 00007fe2aca16038 R14: 00007fe2aca15fa0 R15: 00007ffc76558258
[  165.473063][ T6215]  </TASK>
[  165.536968][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  165.537012][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.537067][ T5878] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  165.537095][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.549228][ T5878] usb 3-1: config 0 descriptor??
[  166.017785][ T5878] usbhid 3-1:0.0: can't add hid device: -71
[  166.017922][ T5878] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  166.029556][ T5878] usb 3-1: USB disconnect, device number 5
[  166.112717][ T6223] FAULT_INJECTION: forcing a failure.
[  166.112717][ T6223] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  166.112754][ T6223] CPU: 1 UID: 0 PID: 6223 Comm: syz.4.84 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  166.112779][ T6223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  166.112793][ T6223] Call Trace:
[  166.112802][ T6223]  <TASK>
[  166.112811][ T6223]  dump_stack_lvl+0x189/0x250
[  166.112852][ T6223]  ? __pfx____ratelimit+0x10/0x10
[  166.112882][ T6223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.112918][ T6223]  ? __pfx__printk+0x10/0x10
[  166.112946][ T6223]  ? __might_fault+0xb0/0x130
[  166.113001][ T6223]  should_fail_ex+0x46c/0x600
[  166.113039][ T6223]  _copy_from_iter+0x1de/0x1790
[  166.113081][ T6223]  ? kmalloc_reserve+0xbd/0x290
[  166.113105][ T6223]  ? rcu_is_watching+0x15/0xb0
[  166.113129][ T6223]  ? kmalloc_reserve+0xbd/0x290
[  166.113150][ T6223]  ? __alloc_skb+0x112/0x2d0
[  166.113172][ T6223]  ? __pfx__copy_from_iter+0x10/0x10
[  166.113210][ T6223]  ? __build_skb_around+0x262/0x3f0
[  166.113237][ T6223]  ? netlink_sendmsg+0x642/0xb30
[  166.113260][ T6223]  ? skb_put+0x11b/0x210
[  166.113287][ T6223]  netlink_sendmsg+0x6b2/0xb30
[  166.113310][ T6223]  ? is_bpf_text_address+0x26/0x2b0
[  166.113356][ T6223]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.113390][ T6223]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  166.113423][ T6223]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.113449][ T6223]  __sock_sendmsg+0x21c/0x270
[  166.113485][ T6223]  ____sys_sendmsg+0x508/0x820
[  166.113519][ T6223]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.113557][ T6223]  ? import_iovec+0x74/0xa0
[  166.113592][ T6223]  ___sys_sendmsg+0x21f/0x2a0
[  166.113622][ T6223]  ? __pfx____sys_sendmsg+0x10/0x10
[  166.113694][ T6223]  ? __fget_files+0x2a/0x420
[  166.113726][ T6223]  ? __fget_files+0x3a6/0x420
[  166.113769][ T6223]  __x64_sys_sendmsg+0x1a1/0x260
[  166.113800][ T6223]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  166.113838][ T6223]  ? __pfx_ksys_write+0x10/0x10
[  166.113871][ T6223]  ? do_syscall_64+0xbe/0xfa0
[  166.113906][ T6223]  do_syscall_64+0xfa/0xfa0
[  166.113935][ T6223]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.113975][ T6223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.113998][ T6223]  ? clear_bhb_loop+0x60/0xb0
[  166.114026][ T6223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.114049][ T6223] RIP: 0033:0x7f64054aefc9
[  166.114068][ T6223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.114087][ T6223] RSP: 002b:00007f6403716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.114116][ T6223] RAX: ffffffffffffffda RBX: 00007f6405705fa0 RCX: 00007f64054aefc9
[  166.114132][ T6223] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  166.114146][ T6223] RBP: 00007f6403716090 R08: 0000000000000000 R09: 0000000000000000
[  166.114160][ T6223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.114172][ T6223] R13: 00007f6405706038 R14: 00007f6405705fa0 R15: 00007fff5b428ae8
[  166.114208][ T6223]  </TASK>
[  166.786869][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.846692][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.846711][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.846741][ T6130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  166.864309][ T5804] Bluetooth: hci6: command tx timeout
[  166.918006][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_1
[  166.918024][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.918053][ T6130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.352864][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.474345][   T31] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  167.624230][   T31] usb 3-1: Using ep0 maxpacket: 8
[  167.626924][   T31] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  167.626953][   T31] usb 3-1: config 0 has no interface number 0
[  167.630482][   T31] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  167.630513][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.630535][   T31] usb 3-1: Product: syz
[  167.630550][   T31] usb 3-1: Manufacturer: syz
[  167.630566][   T31] usb 3-1: SerialNumber: syz
[  167.697803][   T31] usb 3-1: config 0 descriptor??
[  167.915375][   T31] uvcvideo 3-1:0.31: probe with driver uvcvideo failed with error -22
[  167.919893][   T31] usb 3-1: USB disconnect, device number 6
[  167.974357][ T5878] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  168.041487][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.078140][ T6130] hsr_slave_0: entered promiscuous mode
[  168.079156][ T6130] hsr_slave_1: entered promiscuous mode
[  168.079876][ T6130] debugfs: 'hsr0' already exists in 'hsr'
[  168.079897][ T6130] Cannot create hsr debugfs directory
[  168.124434][ T5878] usb 5-1: Using ep0 maxpacket: 8
[  168.131033][ T5878] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  168.131060][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.131077][ T5878] usb 5-1: Product: syz
[  168.131088][ T5878] usb 5-1: Manufacturer: syz
[  168.131098][ T5878] usb 5-1: SerialNumber: syz
[  168.136567][ T5878] usb 5-1: config 0 descriptor??
[  168.169599][ T5878] gspca_main: se401-2.14.0 probing 047d:5003
[  168.194255][ T1229] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  168.324316][ T1229] usb 2-1: device descriptor read/64, error -71
[  168.574285][ T1229] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  168.704272][ T1229] usb 2-1: device descriptor read/64, error -71
[  168.786903][ T5878] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input10
[  168.814713][ T1229] usb usb2-port1: attempt power cycle
[  168.861333][ T6161] chnl_net:caif_netlink_parms(): no params data found
[  168.977218][  T981] usb 5-1: USB disconnect, device number 6
[  169.065947][ T6257] netlink: 24 bytes leftover after parsing attributes in process `syz.2.95'.
[  169.141380][ T6257] 9pnet_fd: Insufficient options for proto=fd
[  169.154401][ T1229] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  169.183242][ T1229] usb 2-1: device descriptor read/8, error -71
[  169.425314][ T1229] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  169.455061][ T1229] usb 2-1: device descriptor read/8, error -71
[  169.575111][ T1229] usb usb2-port1: unable to enumerate USB device
[  169.966283][   T13] bridge_slave_1: left allmulticast mode
[  169.966404][   T13] bridge_slave_1: left promiscuous mode
[  169.968195][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.232192][   T13] bridge_slave_0: left allmulticast mode
[  170.233216][   T13] bridge_slave_0: left promiscuous mode
[  170.268929][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.837489][    C1] vkms_vblank_simulate: vblank timer overrun
[  170.964361][ T1229] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  171.133137][ T1229] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  171.133169][ T1229] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  171.133191][ T1229] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  171.133214][ T1229] usb 3-1: config 1 has no interface number 0
[  171.133281][ T1229] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  171.133306][ T1229] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  171.133351][ T1229] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  171.133376][ T1229] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.500288][ T1229] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  171.671643][ T1229] snd_usb_pod 3-1:1.1: invalid control EP
[  171.671666][ T1229] snd_usb_pod 3-1:1.1: cannot start listening: -22
[  171.672840][ T1229] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  171.673749][ T1229] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[  171.964326][  T981] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  172.078949][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.115462][ T5878] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  172.134353][  T981] usb 5-1: Using ep0 maxpacket: 8
[  172.139877][  T981] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  172.139908][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.139930][  T981] usb 5-1: Product: syz
[  172.139946][  T981] usb 5-1: Manufacturer: syz
[  172.139962][  T981] usb 5-1: SerialNumber: syz
[  172.147471][  T981] usb 5-1: config 0 descriptor??
[  172.155354][  T981] gspca_main: se401-2.14.0 probing 047d:5003
[  172.430605][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.611673][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.678130][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.956169][  T981] gspca_se401: Too many frame sizes
[  172.968646][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.054470][ T5878] usb 2-1: Using ep0 maxpacket: 8
[  173.062454][ T5878] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  173.062487][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.062510][ T5878] usb 2-1: Product: syz
[  173.062525][ T5878] usb 2-1: Manufacturer: syz
[  173.062541][ T5878] usb 2-1: SerialNumber: syz
[  173.099116][ T5878] usb 2-1: config 0 descriptor??
[  173.108338][ T5878] gspca_main: se401-2.14.0 probing 047d:5003
[  173.166464][ T1229] usb 5-1: USB disconnect, device number 7
[  173.268779][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.504623][ T5878] gspca_se401: Frame size: 0x2 bayer
[  173.504645][ T5878] gspca_se401: Frame size: 0x127 bayer
[  173.504657][ T5878] gspca_se401: Frame size: 256x0 bayer
[  173.713362][ T5878] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11
[  173.814029][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.960539][ T1229] usb 2-1: USB disconnect, device number 11
[  174.396643][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.521119][    C1] vkms_vblank_simulate: vblank timer overrun
[  174.536470][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.578011][   T13] bond0 (unregistering): Released all slaves
[  174.601560][ T5883] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  174.752041][    C1] vkms_vblank_simulate: vblank timer overrun
[  174.759479][   T31] usb 3-1: USB disconnect, device number 7
[  174.839694][ T6285] FAULT_INJECTION: forcing a failure.
[  174.839694][ T6285] name failslab, interval 1, probability 0, space 0, times 0
[  174.839807][ T6285] CPU: 0 UID: 0 PID: 6285 Comm: syz.2.104 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  174.839827][ T6285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  174.839837][ T6285] Call Trace:
[  174.839843][ T6285]  <TASK>
[  174.839850][ T6285]  dump_stack_lvl+0x189/0x250
[  174.839879][ T6285]  ? __pfx____ratelimit+0x10/0x10
[  174.839900][ T6285]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.839925][ T6285]  ? __pfx__printk+0x10/0x10
[  174.839949][ T6285]  ? __pfx___might_resched+0x10/0x10
[  174.839966][ T6285]  ? fs_reclaim_acquire+0x7d/0x100
[  174.840006][ T6285]  should_fail_ex+0x46c/0x600
[  174.840042][ T6285]  should_failslab+0xa8/0x100
[  174.840078][ T6285]  __kvmalloc_node_noprof+0x169/0x920
[  174.840110][ T6285]  ? vmemdup_user+0x2b/0xd0
[  174.840144][ T6285]  vmemdup_user+0x2b/0xd0
[  174.840171][ T6285]  map_get_next_key+0x1c9/0x630
[  174.840204][ T6285]  ? bpf_lsm_bpf+0x9/0x20
[  174.840219][ T6285]  ? security_bpf+0x7e/0x300
[  174.840238][ T6285]  __sys_bpf+0x63d/0x860
[  174.840262][ T6285]  ? __pfx___sys_bpf+0x10/0x10
[  174.840294][ T6285]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  174.840326][ T6285]  ? ksys_write+0x230/0x260
[  174.840347][ T6285]  ? __pfx_ksys_write+0x10/0x10
[  174.840372][ T6285]  __x64_sys_bpf+0x7c/0x90
[  174.840393][ T6285]  do_syscall_64+0xfa/0xfa0
[  174.840414][ T6285]  ? lockdep_hardirqs_on+0x9c/0x150
[  174.840435][ T6285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.840451][ T6285]  ? clear_bhb_loop+0x60/0xb0
[  174.840470][ T6285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.840485][ T6285] RIP: 0033:0x7f14f63aefc9
[  174.840499][ T6285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.840512][ T6285] RSP: 002b:00007f14f4616038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  174.840529][ T6285] RAX: ffffffffffffffda RBX: 00007f14f6605fa0 RCX: 00007f14f63aefc9
[  174.840541][ T6285] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000004
[  174.840550][ T6285] RBP: 00007f14f4616090 R08: 0000000000000000 R09: 0000000000000000
[  174.840565][ T6285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.840574][ T6285] R13: 00007f14f6606038 R14: 00007f14f6605fa0 R15: 00007fffd12f4678
[  174.840599][ T6285]  </TASK>
[  174.892282][ T5883] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  174.892305][ T5883] usb 5-1: config 0 has no interface number 0
[  174.892352][ T5883] usb 5-1: config 0 interface 41 has no altsetting 0
[  174.904447][ T1229] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  174.974857][ T5883] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  174.974887][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.974907][ T5883] usb 5-1: Product: syz
[  174.974921][ T5883] usb 5-1: Manufacturer: syz
[  174.974936][ T5883] usb 5-1: SerialNumber: syz
[  175.020017][ T5883] usb 5-1: config 0 descriptor??
[  175.094497][ T1229] usb 2-1: Using ep0 maxpacket: 16
[  175.147737][ T1229] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  175.147770][ T1229] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  175.154700][ T1229] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  175.154737][ T1229] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.154760][ T1229] usb 2-1: Product: syz
[  175.154778][ T1229] usb 2-1: Manufacturer: syz
[  175.154859][ T1229] usb 2-1: SerialNumber: syz
[  175.318654][ T6161] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.318895][ T6161] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.320681][ T6161] bridge_slave_0: entered allmulticast mode
[  175.376014][ T5883] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  175.376203][ T6161] bridge_slave_0: entered promiscuous mode
[  175.415146][ T6161] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.415408][ T6161] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.415784][ T6161] bridge_slave_1: entered allmulticast mode
[  175.437658][ T5883] usb 5-1: USB disconnect, device number 8
[  175.468313][ T1229] usb 2-1: 0:2 : does not exist
[  175.490296][ T6161] bridge_slave_1: entered promiscuous mode
[  175.492085][ T1229] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  175.599745][ T1229] usb 2-1: USB disconnect, device number 12
[  175.649125][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  175.704435][   T44] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  175.854320][   T44] usb 3-1: Using ep0 maxpacket: 32
[  175.856780][   T44] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  175.861148][   T44] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  175.861179][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.861202][   T44] usb 3-1: Product: syz
[  175.861225][   T44] usb 3-1: Manufacturer: syz
[  175.861242][   T44] usb 3-1: SerialNumber: syz
[  175.872306][   T44] usb 3-1: config 0 descriptor??
[  175.873583][ T6287] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  175.897904][   T44] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input12
[  176.231480][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  176.231487][   T10] usb 3-1: USB disconnect, device number 8
[  176.243272][ T6293] netlink: 16 bytes leftover after parsing attributes in process `syz.1.107'.
[  176.371890][ T5788] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  176.504562][    C1] vkms_vblank_simulate: vblank timer overrun
[  176.536104][ T5788] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.536137][ T5788] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  176.536185][ T5788] usb 5-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  176.536210][ T5788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.841924][    C1] vkms_vblank_simulate: vblank timer overrun
[  176.973436][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.157586][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.526436][ T5788] usb 5-1: config 0 descriptor??
[  177.645047][   T44] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  177.795253][   T44] usb 2-1: Using ep0 maxpacket: 16
[  177.798937][   T44] usb 2-1: unable to get BOS descriptor or descriptor too short
[  177.800204][   T44] usb 2-1: config 4 has an invalid interface number: 111 but max is 0
[  177.800231][   T44] usb 2-1: config 4 has no interface number 0
[  177.800286][   T44] usb 2-1: config 4 interface 111 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 8
[  177.800314][   T44] usb 2-1: config 4 interface 111 has no altsetting 0
[  177.808196][   T44] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[  177.808227][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.808251][   T44] usb 2-1: Product: syz
[  177.808269][   T44] usb 2-1: Manufacturer: syz
[  177.808286][   T44] usb 2-1: SerialNumber: syz
[  177.820361][ T6296] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  177.949937][ T6130] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  177.968271][ T5788] hid_parser_main: 150 callbacks suppressed
[  177.968296][ T5788] kye 0003:0458:4018.0004: unknown main item tag 0x0
[  177.968331][ T5788] kye 0003:0458:4018.0004: unknown main item tag 0x0
[  177.968368][ T5788] kye 0003:0458:4018.0004: unknown main item tag 0x0
[  177.968397][ T5788] kye 0003:0458:4018.0004: unknown main item tag 0x0
[  177.968424][ T5788] kye 0003:0458:4018.0004: unknown main item tag 0x0
[  178.031643][ T5788] kye 0003:0458:4018.0004: hidraw0: USB HID v0.00 Device [HID 0458:4018] on usb-dummy_hcd.4-1/input0
[  178.868432][ T6161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  178.870975][ T6130] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  178.983677][ T6161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.078934][ T6130] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  179.443471][   T44] pvrusb2: Hardware description: Terratec Grabster AV400
[  179.443493][   T44] pvrusb2: **********
[  179.443500][   T44] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  179.443512][   T44] pvrusb2: Important functionality might not be entirely working.
[  179.443521][   T44] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  179.443532][   T44] pvrusb2: **********
[  179.456108][   T44] usb 2-1: selecting invalid altsetting 0
[  179.495470][ T2367] pvrusb2: control-write URB failure, status=-71
[  179.495489][ T2367] pvrusb2: Device being rendered inoperable
[  179.502883][ T2367] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  179.502900][ T2367] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  179.528983][   T44] usb 2-1: USB disconnect, device number 13
[  179.666453][ T5883] usb 5-1: USB disconnect, device number 9
[  179.781526][ T6303] fido_id[6303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  179.926984][ T6130] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  181.165457][   T13] hsr_slave_0: left promiscuous mode
[  181.330169][   T13] hsr_slave_1: left promiscuous mode
[  181.338928][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.339917][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.026710][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.026749][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.118087][   T13] veth1_macvtap: left promiscuous mode
[  182.118386][   T13] veth0_macvtap: left promiscuous mode
[  182.118699][   T13] veth1_vlan: left promiscuous mode
[  182.119061][   T13] veth0_vlan: left promiscuous mode
[  182.484293][   T44] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  182.564444][  T981] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  182.634281][   T44] usb 2-1: Using ep0 maxpacket: 16
[  182.641776][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.641810][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.641841][   T44] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  182.641858][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.650835][   T44] usb 2-1: config 0 descriptor??
[  182.734215][  T981] usb 3-1: Using ep0 maxpacket: 16
[  182.737818][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.737853][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.737894][  T981] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  182.737918][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.743866][  T981] usb 3-1: config 0 descriptor??
[  183.104569][ T6325] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  183.126023][ T6325] VFS: Can't find a romfs filesystem on dev nullb0.
[  183.126023][ T6325] 
[  183.358033][ T6328] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  183.386809][ T6328] VFS: Can't find a romfs filesystem on dev nullb0.
[  183.386809][ T6328] 
[  184.045415][   T13] team0 (unregistering): Port device team_slave_1 removed
[  184.205220][   T13] team0 (unregistering): Port device team_slave_0 removed
[  186.186814][ T6161] team0: Port device team_slave_0 added
[  186.223691][ T6161] team0: Port device team_slave_1 added
[  186.424144][  T981] usbhid 3-1:0.0: can't add hid device: -71
[  186.424276][  T981] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  186.443104][   T44] usbhid 2-1:0.0: can't add hid device: -71
[  186.443253][   T44] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  186.480580][   T44] usb 2-1: USB disconnect, device number 14
[  186.494533][  T981] usb 3-1: USB disconnect, device number 9
[  186.827243][ T6161] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.827261][ T6161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  186.827289][ T6161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.889485][ T6161] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.889511][ T6161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  186.889540][ T6161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.005180][ T6346] syz.4.116 (6346) used greatest stack depth: 17872 bytes left
[  187.489513][ T6161] hsr_slave_0: entered promiscuous mode
[  187.492906][ T6161] hsr_slave_1: entered promiscuous mode
[  189.104274][  T981] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  189.276495][  T981] usb 3-1: Using ep0 maxpacket: 16
[  189.282188][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.282224][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.282266][  T981] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  189.282293][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.334205][    T9] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  189.356742][  T981] usb 3-1: config 0 descriptor??
[  189.533289][    T9] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  189.533319][    T9] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  189.533343][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  189.533428][    T9] usb 2-1: config 1 has no interface number 0
[  189.533481][    T9] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  189.533514][    T9] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  189.533626][    T9] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  189.533653][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.560970][ T6392] FAULT_INJECTION: forcing a failure.
[  189.560970][ T6392] name failslab, interval 1, probability 0, space 0, times 0
[  189.561013][ T6392] CPU: 1 UID: 0 PID: 6392 Comm: syz.4.129 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  189.561042][ T6392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  189.561058][ T6392] Call Trace:
[  189.561068][ T6392]  <TASK>
[  189.561078][ T6392]  dump_stack_lvl+0x189/0x250
[  189.561131][ T6392]  ? __pfx____ratelimit+0x10/0x10
[  189.561162][ T6392]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.561201][ T6392]  ? __pfx__printk+0x10/0x10
[  189.561249][ T6392]  ? __pfx___might_resched+0x10/0x10
[  189.561282][ T6392]  ? fs_reclaim_acquire+0x7d/0x100
[  189.561323][ T6392]  should_fail_ex+0x46c/0x600
[  189.561365][ T6392]  should_failslab+0xa8/0x100
[  189.561404][ T6392]  __kmalloc_noprof+0xcc/0x7d0
[  189.561439][ T6392]  ? fib6_info_alloc+0x30/0xf0
[  189.561484][ T6392]  fib6_info_alloc+0x30/0xf0
[  189.561523][ T6392]  ip6_route_info_create+0x142/0x860
[  189.561560][ T6392]  ip6_route_add+0x49/0x1d0
[  189.561590][ T6392]  inet6_rtm_newroute+0x1e7/0x1830
[  189.561629][ T6392]  ? __pfx___local_bh_enable+0x10/0x10
[  189.561667][ T6392]  ? __local_bh_enable_ip+0x1c0/0x2e0
[  189.561698][ T6392]  ? lockdep_hardirqs_on+0x9c/0x150
[  189.561734][ T6392]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  189.561777][ T6392]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  189.561804][ T6392]  ? dev_hard_start_xmit+0x7f5/0x870
[  189.561834][ T6392]  ? __dev_queue_xmit+0x26f/0x3b70
[  189.561876][ T6392]  ? __dev_queue_xmit+0x26f/0x3b70
[  189.561908][ T6392]  ? __dev_queue_xmit+0x26f/0x3b70
[  189.561943][ T6392]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  189.562013][ T6392]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  189.562058][ T6392]  rtnetlink_rcv_msg+0x7cf/0xb70
[  189.562089][ T6392]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  189.562112][ T6392]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  189.562132][ T6392]  ? ref_tracker_free+0x61e/0x7c0
[  189.562168][ T6392]  ? __asan_memcpy+0x40/0x70
[  189.562198][ T6392]  ? __pfx_ref_tracker_free+0x10/0x10
[  189.562231][ T6392]  ? __skb_clone+0x63/0x7a0
[  189.562281][ T6392]  netlink_rcv_skb+0x208/0x470
[  189.562307][ T6392]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  189.562333][ T6392]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  189.562374][ T6392]  ? netlink_deliver_tap+0x2e/0x1b0
[  189.562411][ T6392]  netlink_unicast+0x846/0xa10
[  189.562457][ T6392]  ? __pfx_netlink_unicast+0x10/0x10
[  189.562497][ T6392]  ? netlink_sendmsg+0x642/0xb30
[  189.562521][ T6392]  ? skb_put+0x11b/0x210
[  189.562552][ T6392]  netlink_sendmsg+0x805/0xb30
[  189.562578][ T6392]  ? is_bpf_text_address+0x26/0x2b0
[  189.562625][ T6392]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.562661][ T6392]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  189.562698][ T6392]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.562726][ T6392]  __sock_sendmsg+0x21c/0x270
[  189.562766][ T6392]  ____sys_sendmsg+0x508/0x820
[  189.562801][ T6392]  ? __pfx_____sys_sendmsg+0x10/0x10
[  189.562844][ T6392]  ? import_iovec+0x74/0xa0
[  189.562877][ T6392]  ___sys_sendmsg+0x21f/0x2a0
[  189.562910][ T6392]  ? __pfx____sys_sendmsg+0x10/0x10
[  189.562981][ T6392]  ? __fget_files+0x2a/0x420
[  189.563018][ T6392]  ? __fget_files+0x3a6/0x420
[  189.563068][ T6392]  __x64_sys_sendmsg+0x1a1/0x260
[  189.563100][ T6392]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  189.563142][ T6392]  ? __pfx_ksys_write+0x10/0x10
[  189.563183][ T6392]  ? do_syscall_64+0xbe/0xfa0
[  189.563222][ T6392]  do_syscall_64+0xfa/0xfa0
[  189.563260][ T6392]  ? lockdep_hardirqs_on+0x9c/0x150
[  189.563292][ T6392]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.563319][ T6392]  ? clear_bhb_loop+0x60/0xb0
[  189.563349][ T6392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.563375][ T6392] RIP: 0033:0x7f64054aefc9
[  189.563408][ T6392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.563427][ T6392] RSP: 002b:00007f6403716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  189.563452][ T6392] RAX: ffffffffffffffda RBX: 00007f6405705fa0 RCX: 00007f64054aefc9
[  189.563471][ T6392] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  189.563487][ T6392] RBP: 00007f6403716090 R08: 0000000000000000 R09: 0000000000000000
[  189.563502][ T6392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.563518][ T6392] R13: 00007f6405706038 R14: 00007f6405705fa0 R15: 00007fff5b428ae8
[  189.563558][ T6392]  </TASK>
[  189.788742][ T6381] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  189.789582][ T6381] VFS: Can't find a romfs filesystem on dev nullb0.
[  189.789582][ T6381] 
[  189.884404][  T981] usbhid 3-1:0.0: can't add hid device: -71
[  189.884553][  T981] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  190.102317][  T981] usb 3-1: USB disconnect, device number 10
[  190.175289][    T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  190.308940][    T9] snd_usb_pod 2-1:1.1: invalid control EP
[  190.308963][    T9] snd_usb_pod 2-1:1.1: cannot start listening: -22
[  190.309286][    T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  190.309838][    T9] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[  190.772511][ T6413] FAULT_INJECTION: forcing a failure.
[  190.772511][ T6413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.772547][ T6413] CPU: 0 UID: 0 PID: 6413 Comm: syz.2.134 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  190.772572][ T6413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  190.772585][ T6413] Call Trace:
[  190.772594][ T6413]  <TASK>
[  190.772604][ T6413]  dump_stack_lvl+0x189/0x250
[  190.772642][ T6413]  ? __pfx____ratelimit+0x10/0x10
[  190.772671][ T6413]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.772706][ T6413]  ? __pfx__printk+0x10/0x10
[  190.772750][ T6413]  should_fail_ex+0x46c/0x600
[  190.772787][ T6413]  _copy_to_user+0x31/0xb0
[  190.772815][ T6413]  simple_read_from_buffer+0xe1/0x170
[  190.772851][ T6413]  proc_fail_nth_read+0x1b6/0x220
[  190.772880][ T6413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  190.772907][ T6413]  ? rw_verify_area+0x2ac/0x4e0
[  190.772934][ T6413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  190.772960][ T6413]  vfs_read+0x206/0xa30
[  190.772997][ T6413]  ? __pfx_vfs_read+0x10/0x10
[  190.773021][ T6413]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  190.773056][ T6413]  ? mutex_lock_nested+0x154/0x1d0
[  190.773078][ T6413]  ? fdget_pos+0x253/0x320
[  190.773121][ T6413]  ksys_read+0x14b/0x260
[  190.773151][ T6413]  ? __pfx_ksys_read+0x10/0x10
[  190.773190][ T6413]  ? do_syscall_64+0xbe/0xfa0
[  190.773226][ T6413]  do_syscall_64+0xfa/0xfa0
[  190.773272][ T6413]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.773303][ T6413]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.773327][ T6413]  ? clear_bhb_loop+0x60/0xb0
[  190.773355][ T6413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.773378][ T6413] RIP: 0033:0x7f14f63ad9dc
[  190.773398][ T6413] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  190.773417][ T6413] RSP: 002b:00007f14f45d4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  190.773441][ T6413] RAX: ffffffffffffffda RBX: 00007f14f6606180 RCX: 00007f14f63ad9dc
[  190.773458][ T6413] RDX: 000000000000000f RSI: 00007f14f45d40a0 RDI: 0000000000000005
[  190.773472][ T6413] RBP: 00007f14f45d4090 R08: 0000000000000000 R09: 0000000000000000
[  190.773486][ T6413] R10: 000000000000007a R11: 0000000000000246 R12: 0000000000000001
[  190.773500][ T6413] R13: 00007f14f6606218 R14: 00007f14f6606180 R15: 00007fffd12f4678
[  190.773538][ T6413]  </TASK>
[  191.676464][    C0] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  191.684827][    C0] vkms_vblank_simulate: vblank timer overrun
[  192.279397][ T6307] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.368939][ T6130] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.513575][ T6420] netlink: 428 bytes leftover after parsing attributes in process `syz.2.135'.
[  192.650390][ T6307] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.664216][   T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  192.708344][ T6161] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  192.728074][ T6420] netlink: 24 bytes leftover after parsing attributes in process `syz.2.135'.
[  192.745234][ T6161] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  192.785794][ T6161] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  192.818526][   T10] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  192.818554][   T10] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  192.818574][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  192.818592][   T10] usb 5-1: config 1 has no interface number 0
[  192.818635][   T10] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  192.818655][   T10] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  192.818692][   T10] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  192.818711][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.852257][   T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  193.012847][ T6307] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.045812][   T10] snd_usb_pod 5-1:1.1: invalid control EP
[  193.045829][   T10] snd_usb_pod 5-1:1.1: cannot start listening: -22
[  193.046083][   T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  193.046538][   T10] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -22
[  193.525429][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.619823][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.634038][ T1229] usb 2-1: USB disconnect, device number 15
[  193.678580][ T6161] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  193.749177][    C0] vkms_vblank_simulate: vblank timer overrun
[  194.131036][    C0] vkms_vblank_simulate: vblank timer overrun
[  194.652969][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.053795][ T6307] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.310686][ T6130] 8021q: adding VLAN 0 to HW filter on device team0
[  195.353370][ T6069] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.368369][ T6069] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.458122][   T31] usb 5-1: USB disconnect, device number 10
[  195.482818][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.590999][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.591706][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.631555][ T6452] netlink: 40 bytes leftover after parsing attributes in process `syz.4.141'.
[  196.482659][ T6307] bridge_slave_1: left allmulticast mode
[  196.482691][ T6307] bridge_slave_1: left promiscuous mode
[  196.482964][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.555913][ T6307] bridge_slave_0: left allmulticast mode
[  196.555944][ T6307] bridge_slave_0: left promiscuous mode
[  196.556219][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.684226][    T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  196.844191][    T9] usb 3-1: Using ep0 maxpacket: 16
[  196.859975][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.860003][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  196.886815][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  196.886845][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.886866][    T9] usb 3-1: Product: syz
[  196.886880][    T9] usb 3-1: Manufacturer: syz
[  196.886895][    T9] usb 3-1: SerialNumber: syz
[  197.143958][    T9] usb 3-1: 0:2 : does not exist
[  197.162345][    T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  197.245127][    T9] usb 3-1: USB disconnect, device number 11
[  197.424890][ T6333] udevd[6333]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  197.754574][ T1229] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  197.754779][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.787553][ T6487] netlink: 24 bytes leftover after parsing attributes in process `syz.1.149'.
[  197.827229][ T6487] 9pnet_fd: Insufficient options for proto=fd
[  197.860539][ T6489] netlink: 40 bytes leftover after parsing attributes in process `syz.2.150'.
[  197.924450][ T1229] usb 5-1: Using ep0 maxpacket: 32
[  197.937428][ T1229] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  197.945571][ T1229] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  197.945607][ T1229] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.945641][ T1229] usb 5-1: Product: syz
[  197.945659][ T1229] usb 5-1: Manufacturer: syz
[  197.945677][ T1229] usb 5-1: SerialNumber: syz
[  197.961585][ T1229] usb 5-1: config 0 descriptor??
[  197.964989][ T6484] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  198.008025][ T1229] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13
[  198.200161][ T6496] comedi comedi0: comedi_bond: 3:0  attached, 32 channels from 1 devices
[  198.433349][    T9] usb 5-1: USB disconnect, device number 11
[  198.433475][    C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  198.840305][    C0] vkms_vblank_simulate: vblank timer overrun
[  200.000637][    C0] vkms_vblank_simulate: vblank timer overrun
[  200.009835][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  200.012218][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  200.363198][    C0] vkms_vblank_simulate: vblank timer overrun
[  200.393894][ T6511] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  200.534266][    C0] vkms_vblank_simulate: vblank timer overrun
[  200.858813][ T6521] netlink: 28 bytes leftover after parsing attributes in process `syz.4.160'.
[  200.869391][   T44] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  200.898902][   T38] audit: type=1400 audit(1762109173.151:2): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=6520 comm="syz.4.160" name="file1" dev="tmpfs" ino=267
[  201.036565][   T44] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  201.036595][   T44] usb 2-1: config 0 has no interface number 0
[  201.036643][   T44] usb 2-1: config 0 interface 41 has no altsetting 0
[  201.039179][   T44] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  201.039209][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.039232][   T44] usb 2-1: Product: syz
[  201.039248][   T44] usb 2-1: Manufacturer: syz
[  201.039263][   T44] usb 2-1: SerialNumber: syz
[  201.099962][   T44] usb 2-1: config 0 descriptor??
[  201.327142][   T44] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71
[  201.351420][   T44] usb 2-1: USB disconnect, device number 16
[  201.361197][ T6307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.434836][ T6307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.480205][ T6307] bond0 (unregistering): Released all slaves
[  201.790317][ T6161] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.404475][  T981] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  202.453649][   T31] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  202.855919][   T31] usb 2-1: Using ep0 maxpacket: 32
[  203.231838][   T31] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  203.231870][   T31] usb 2-1: config 0 has no interface number 0
[  203.231922][   T31] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  203.231953][   T31] usb 2-1: config 0 interface 85 has no altsetting 0
[  203.294214][  T981] usb 5-1: Using ep0 maxpacket: 32
[  203.296590][  T981] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  203.299625][  T981] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  203.299655][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.299678][  T981] usb 5-1: Product: syz
[  203.299694][  T981] usb 5-1: Manufacturer: syz
[  203.299711][  T981] usb 5-1: SerialNumber: syz
[  203.420209][  T981] usb 5-1: config 0 descriptor??
[  203.421321][ T6541] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  203.433281][   T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  203.433318][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.433342][   T31] usb 2-1: Product: syz
[  203.433358][   T31] usb 2-1: Manufacturer: syz
[  203.433376][   T31] usb 2-1: SerialNumber: syz
[  203.482497][   T31] usb 2-1: config 0 descriptor??
[  203.507124][  T981] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14
[  203.716987][ T6161] 8021q: adding VLAN 0 to HW filter on device team0
[  205.389306][ T6559] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  205.888550][   T31] appletouch 2-1:0.85: Failed to request geyser raw mode
[  205.888796][   T31] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[  205.952003][   T31] usb 2-1: USB disconnect, device number 17
[  206.192104][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.198460][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.916399][   T44] usb 5-1: USB disconnect, device number 12
[  206.917245][    C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  207.114599][ T6573] netlink: 8 bytes leftover after parsing attributes in process `syz.1.167'.
[  207.416295][ T6578] netlink: 28 bytes leftover after parsing attributes in process `syz.4.169'.
[  207.455101][   T38] audit: type=1400 audit(1762109179.681:3): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=6577 comm="syz.4.169" name="file1" dev="tmpfs" ino=289
[  207.575636][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.580460][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.019039][    T9] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  208.477781][    T9] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  208.477812][    T9] usb 5-1: config 0 has no interface number 0
[  208.477889][    T9] usb 5-1: config 0 interface 41 has no altsetting 0
[  208.544468][    T9] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  208.544500][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.544520][    T9] usb 5-1: Product: syz
[  208.544534][    T9] usb 5-1: Manufacturer: syz
[  208.544548][    T9] usb 5-1: SerialNumber: syz
[  208.611254][    T9] usb 5-1: config 0 descriptor??
[  208.651678][ T6307] hsr_slave_0: left promiscuous mode
[  208.710454][ T6307] hsr_slave_1: left promiscuous mode
[  208.717028][ T6307] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.717062][ T6307] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.745041][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  208.769143][ T6307] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.769166][ T6307] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.770435][ T5808] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  208.772630][ T5808] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  208.804847][ T5808] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  208.806504][ T5808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  208.877187][    T9] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  208.919802][ T1229] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  208.941802][    T9] usb 5-1: USB disconnect, device number 13
[  209.031341][ T6307] veth1_macvtap: left promiscuous mode
[  209.031457][ T6307] veth0_macvtap: left promiscuous mode
[  209.031816][ T6307] veth1_vlan: left promiscuous mode
[  209.032002][ T6307] veth0_vlan: left promiscuous mode
[  209.074333][ T1229] usb 2-1: device descriptor read/64, error -71
[  209.334291][   T31] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  209.334490][ T1229] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  209.474483][ T1229] usb 2-1: device descriptor read/64, error -71
[  209.494377][   T31] usb 3-1: Using ep0 maxpacket: 16
[  209.496591][   T31] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  209.496618][   T31] usb 3-1: config 0 has no interface number 0
[  209.499053][   T31] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  209.499084][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.499106][   T31] usb 3-1: Product: syz
[  209.499117][   T31] usb 3-1: Manufacturer: syz
[  209.499127][   T31] usb 3-1: SerialNumber: syz
[  209.503558][   T31] usb 3-1: config 0 descriptor??
[  209.566037][   T31] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  209.584967][ T1229] usb usb2-port1: attempt power cycle
[  209.712477][   T31] gspca_spca1528: reg_w err -71
[  209.724553][   T31] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71
[  209.730202][   T31] usb 3-1: USB disconnect, device number 12
[  209.924329][ T1229] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  209.956113][ T1229] usb 2-1: device descriptor read/8, error -71
[  210.234258][ T1229] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  210.254970][ T1229] usb 2-1: device descriptor read/8, error -71
[  210.366443][ T1229] usb usb2-port1: unable to enumerate USB device
[  210.383878][ T5804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  210.402827][ T5804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  210.409163][ T5804] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  210.415510][ T5804] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  210.416756][ T5804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  210.534266][ T5783] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  210.694249][ T5783] usb 3-1: Using ep0 maxpacket: 16
[  210.703626][ T5783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.703670][ T5783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.703700][ T5783] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  210.703717][ T5783] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.737447][ T5783] usb 3-1: config 0 descriptor??
[  210.949196][ T5804] Bluetooth: hci0: command tx timeout
[  211.172889][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.172928][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.172958][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.172993][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173022][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173050][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173079][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173107][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173136][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.173165][ T5783] logitech 0003:046D:C29C.0005: unknown main item tag 0x0
[  211.183648][ T5783] logitech 0003:046D:C29C.0005: hidraw0: USB HID v0.01 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0
[  211.224313][    T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  211.370321][ T6604] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  211.374432][ T6604] VFS: Can't find a romfs filesystem on dev nullb0.
[  211.374432][ T6604] 
[  211.384267][    T9] usb 2-1: Using ep0 maxpacket: 32
[  211.389794][    T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  211.399072][    T9] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  211.399104][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.399128][    T9] usb 2-1: Product: syz
[  211.399143][    T9] usb 2-1: Manufacturer: syz
[  211.399159][    T9] usb 2-1: SerialNumber: syz
[  211.439496][ T5783] logitech 0003:046D:C29C.0005: no inputs found
[  211.488799][    T9] usb 2-1: config 0 descriptor??
[  211.492849][ T6608] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  211.535036][ T5783] usb 3-1: USB disconnect, device number 13
[  211.539555][    T9] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input16
[  211.850395][    T9] usb 2-1: USB disconnect, device number 22
[  211.850495][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  212.085188][ T6307] team0 (unregistering): Port device team_slave_1 removed
[  212.200287][ T6614] netlink: 28 bytes leftover after parsing attributes in process `syz.2.179'.
[  212.221797][   T38] audit: type=1400 audit(1762109184.491:4): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=6613 comm="syz.2.179" name="file1" dev="tmpfs" ino=286
[  212.365410][ T6307] team0 (unregistering): Port device team_slave_0 removed
[  212.464346][ T5804] Bluetooth: hci4: command tx timeout
[  212.644352][    T9] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  212.804569][ T5878] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  212.806359][    T9] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  212.806392][    T9] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.806418][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  212.806448][    T9] usb 3-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  212.806464][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.868187][    T9] usb 3-1: config 0 descriptor??
[  212.958964][ T5878] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  212.959038][ T5878] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.959055][ T5878] usb 2-1: config 0 interface 0 has no altsetting 0
[  212.959079][ T5878] usb 2-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  212.959096][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.011118][ T5878] usb 2-1: config 0 descriptor??
[  213.024398][ T5804] Bluetooth: hci0: command tx timeout
[  214.544430][ T5804] Bluetooth: hci4: command tx timeout
[  215.104794][ T5804] Bluetooth: hci0: command tx timeout
[  215.169794][ T6616] bond_slave_0: entered promiscuous mode
[  215.169852][ T6616] bond_slave_1: entered promiscuous mode
[  215.197962][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  215.198292][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  215.223290][ T5878] usbhid 2-1:0.0: can't add hid device: -71
[  215.223420][ T5878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  215.286762][ T5878] usb 2-1: USB disconnect, device number 23
[  215.288095][    T9] usb 3-1: USB disconnect, device number 14
[  215.914284][   T31] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  216.106706][   T31] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  216.106737][   T31] usb 5-1: config 0 has no interface number 0
[  216.106790][   T31] usb 5-1: config 0 interface 41 has no altsetting 0
[  216.111293][   T31] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  216.111335][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.111358][   T31] usb 5-1: Product: syz
[  216.111374][   T31] usb 5-1: Manufacturer: syz
[  216.111394][   T31] usb 5-1: SerialNumber: syz
[  216.138211][   T31] usb 5-1: config 0 descriptor??
[  216.443902][   T31] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  216.460652][   T31] usb 5-1: USB disconnect, device number 14
[  217.124665][ T5804] Bluetooth: hci4: command tx timeout
[  217.184478][ T5804] Bluetooth: hci0: command tx timeout
[  217.230557][ T5878] libceph: connect (1)[c::]:6789 error -101
[  217.231328][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  217.285877][ T6644] ceph: No mds server is up or the cluster is laggy
[  217.713023][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.187'.
[  217.899035][ T6658] netlink: 28 bytes leftover after parsing attributes in process `syz.4.188'.
[  217.936174][   T38] audit: type=1400 audit(1762109190.161:5): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=6657 comm="syz.4.188" name="file1" dev="tmpfs" ino=321
[  218.320638][ T6670] FAULT_INJECTION: forcing a failure.
[  218.320638][ T6670] name failslab, interval 1, probability 0, space 0, times 0
[  218.320675][ T6670] CPU: 1 UID: 0 PID: 6670 Comm: syz.1.190 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  218.320701][ T6670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  218.320715][ T6670] Call Trace:
[  218.320723][ T6670]  <TASK>
[  218.320733][ T6670]  dump_stack_lvl+0x189/0x250
[  218.320775][ T6670]  ? __pfx____ratelimit+0x10/0x10
[  218.320805][ T6670]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.320841][ T6670]  ? __pfx__printk+0x10/0x10
[  218.320877][ T6670]  ? __pfx___might_resched+0x10/0x10
[  218.320908][ T6670]  should_fail_ex+0x46c/0x600
[  218.320947][ T6670]  should_failslab+0xa8/0x100
[  218.320984][ T6670]  __kmalloc_cache_noprof+0x6f/0x6c0
[  218.321018][ T6670]  ? snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  218.321062][ T6670]  snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  218.321102][ T6670]  ? register_lock_class+0x51/0x320
[  218.321150][ T6670]  ? __lock_acquire+0xab9/0xd20
[  218.321192][ T6670]  ? do_raw_spin_lock+0x121/0x290
[  218.321231][ T6670]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  218.321267][ T6670]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  218.321300][ T6670]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.321333][ T6670]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  218.321365][ T6670]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  218.321396][ T6670]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  218.321432][ T6670]  ? mutex_lock_interruptible_nested+0x154/0x1d0
[  218.321458][ T6670]  ? snd_pcm_oss_get_active_substream+0x136/0x280
[  218.321489][ T6670]  snd_pcm_oss_get_active_substream+0x1e2/0x280
[  218.321520][ T6670]  snd_pcm_oss_get_formats+0x34/0x420
[  218.321550][ T6670]  snd_pcm_oss_set_format+0x41/0x500
[  218.321572][ T6670]  ? __might_fault+0xb0/0x130
[  218.321611][ T6670]  snd_pcm_oss_ioctl+0xbec/0xdd0
[  218.321649][ T6670]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  218.321685][ T6670]  __se_sys_ioctl+0xff/0x170
[  218.321716][ T6670]  do_syscall_64+0xfa/0xfa0
[  218.321747][ T6670]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.321777][ T6670]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.321800][ T6670]  ? clear_bhb_loop+0x60/0xb0
[  218.321829][ T6670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.321851][ T6670] RIP: 0033:0x7fe2ac7befc9
[  218.321871][ T6670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.321889][ T6670] RSP: 002b:00007fe2aa9fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  218.321913][ T6670] RAX: ffffffffffffffda RBX: 00007fe2aca16090 RCX: 00007fe2ac7befc9
[  218.321930][ T6670] RDX: 0000200000000000 RSI: 00000000c0045005 RDI: 0000000000000003
[  218.321945][ T6670] RBP: 00007fe2aa9fd090 R08: 0000000000000000 R09: 0000000000000000
[  218.321959][ T6670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.321972][ T6670] R13: 00007fe2aca16128 R14: 00007fe2aca16090 R15: 00007ffc76558258
[  218.322012][ T6670]  </TASK>
[  219.128001][ T6592] chnl_net:caif_netlink_parms(): no params data found
[  219.180300][ T6605] chnl_net:caif_netlink_parms(): no params data found
[  219.187019][ T5804] Bluetooth: hci4: command tx timeout
[  219.924630][   T31] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  220.079818][   T31] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  220.079857][   T31] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.079882][   T31] usb 5-1: config 0 interface 0 has no altsetting 0
[  220.079919][   T31] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  220.079943][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.165469][   T31] usb 5-1: config 0 descriptor??
[  221.300976][ T6685] bond_slave_0: entered promiscuous mode
[  221.301035][ T6685] bond_slave_1: entered promiscuous mode
[  221.345801][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  221.345938][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  221.376273][   T31] usb 5-1: USB disconnect, device number 15
[  222.071949][ T5116] Bluetooth: hci3: command 0x0406 tx timeout
[  222.072099][ T5116] Bluetooth: hci1: command 0x0406 tx timeout
[  222.072128][ T5116] Bluetooth: hci2: command 0x0406 tx timeout
[  222.108088][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.196'.
[  222.146947][ T6714] netlink: 16 bytes leftover after parsing attributes in process `syz.4.197'.
[  222.279434][ T6714] netlink: 24 bytes leftover after parsing attributes in process `syz.4.197'.
[  222.491997][   T31] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  223.780647][   T31] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  223.780678][   T31] usb 3-1: config 0 has no interface number 0
[  223.780733][   T31] usb 3-1: config 0 interface 41 has no altsetting 0
[  223.827565][ T6720] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  223.879392][   T31] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  223.879429][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.879452][   T31] usb 3-1: Product: syz
[  223.879468][   T31] usb 3-1: Manufacturer: syz
[  223.879484][   T31] usb 3-1: SerialNumber: syz
[  223.974897][   T31] usb 3-1: config 0 descriptor??
[  224.154736][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.154853][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.155074][ T6592] bridge_slave_0: entered allmulticast mode
[  224.157816][ T6592] bridge_slave_0: entered promiscuous mode
[  224.168195][ T6714] bond0: Removing last ns target with arp_interval on
[  224.185349][ T6605] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.185499][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.185781][ T6605] bridge_slave_0: entered allmulticast mode
[  224.197470][ T6605] bridge_slave_0: entered promiscuous mode
[  224.210478][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.210634][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.210914][ T6592] bridge_slave_1: entered allmulticast mode
[  224.244348][ T6592] bridge_slave_1: entered promiscuous mode
[  224.255595][   T31] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -71
[  224.287132][   T31] usb 3-1: USB disconnect, device number 15
[  224.588090][ T6605] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.588281][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.588548][ T6605] bridge_slave_1: entered allmulticast mode
[  224.591719][ T6605] bridge_slave_1: entered promiscuous mode
[  225.473538][ T6735] overlayfs: failed to clone lowerpath
[  225.814242][  T981] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  226.077988][  T981] usb 3-1: Using ep0 maxpacket: 32
[  226.091564][  T981] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  226.091592][  T981] usb 3-1: config 0 has no interface number 0
[  226.091647][  T981] usb 3-1: config 0 interface 2 has no altsetting 0
[  226.119552][  T981] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  226.119583][  T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.119605][  T981] usb 3-1: Product: syz
[  226.119622][  T981] usb 3-1: Manufacturer: syz
[  226.119638][  T981] usb 3-1: SerialNumber: syz
[  226.130672][  T981] usb 3-1: config 0 descriptor??
[  226.464557][ T6592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  226.473787][ T6605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  226.500720][ T6592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  226.548766][  T981] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  226.772438][  T981] usb 3-1: USB disconnect, device number 16
[  226.805062][ T6605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  226.910117][ T6481] udevd[6481]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  227.214550][ T6744] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  227.214571][ T6744] IPv6: NLM_F_CREATE should be set when creating new route
[  227.217452][ T6744] Bluetooth: MGMT ver 1.23
[  227.401395][ T6748] netlink: 8 bytes leftover after parsing attributes in process `syz.4.206'.
[  227.450345][ T6592] team0: Port device team_slave_0 added
[  227.624234][  T981] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  227.790901][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.790937][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.790962][  T981] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  227.791006][  T981] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  227.791030][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.812241][  T981] usb 3-1: config 0 descriptor??
[  227.868635][ T6592] team0: Port device team_slave_1 added
[  227.951731][ T6752] FAULT_INJECTION: forcing a failure.
[  227.951731][ T6752] name failslab, interval 1, probability 0, space 0, times 0
[  227.951772][ T6605] team0: Port device team_slave_0 added
[  227.951778][ T6752] CPU: 1 UID: 0 PID: 6752 Comm: syz.4.208 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  227.951803][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  227.951816][ T6752] Call Trace:
[  227.951825][ T6752]  <TASK>
[  227.951835][ T6752]  dump_stack_lvl+0x189/0x250
[  227.951875][ T6752]  ? __pfx____ratelimit+0x10/0x10
[  227.951905][ T6752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.951941][ T6752]  ? __pfx__printk+0x10/0x10
[  227.951975][ T6752]  ? __lock_acquire+0xab9/0xd20
[  227.952016][ T6752]  should_fail_ex+0x46c/0x600
[  227.952052][ T6752]  ? skb_clone+0x212/0x3a0
[  227.952080][ T6752]  should_failslab+0xa8/0x100
[  227.952114][ T6752]  ? skb_clone+0x212/0x3a0
[  227.952140][ T6752]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  227.952181][ T6752]  skb_clone+0x212/0x3a0
[  227.952215][ T6752]  __netlink_deliver_tap+0x404/0x850
[  227.952253][ T6752]  ? netlink_deliver_tap+0x2e/0x1b0
[  227.952278][ T6752]  netlink_deliver_tap+0x19c/0x1b0
[  227.952304][ T6752]  netlink_unicast+0x811/0xa10
[  227.952352][ T6752]  ? __pfx_netlink_unicast+0x10/0x10
[  227.952391][ T6752]  ? netlink_sendmsg+0x642/0xb30
[  227.952414][ T6752]  ? skb_put+0x11b/0x210
[  227.952443][ T6752]  netlink_sendmsg+0x805/0xb30
[  227.952466][ T6752]  ? is_bpf_text_address+0x26/0x2b0
[  227.952522][ T6752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.952557][ T6752]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  227.952591][ T6752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.952617][ T6752]  __sock_sendmsg+0x21c/0x270
[  227.952654][ T6752]  ____sys_sendmsg+0x508/0x820
[  227.952690][ T6752]  ? __pfx_____sys_sendmsg+0x10/0x10
[  227.952729][ T6752]  ? import_iovec+0x74/0xa0
[  227.952767][ T6752]  ___sys_sendmsg+0x21f/0x2a0
[  227.952798][ T6752]  ? __pfx____sys_sendmsg+0x10/0x10
[  227.952868][ T6752]  ? __fget_files+0x2a/0x420
[  227.952901][ T6752]  ? __fget_files+0x3a6/0x420
[  227.952946][ T6752]  __x64_sys_sendmsg+0x1a1/0x260
[  227.952977][ T6752]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  227.953018][ T6752]  ? __pfx_ksys_write+0x10/0x10
[  227.953051][ T6752]  ? do_syscall_64+0xbe/0xfa0
[  227.953087][ T6752]  do_syscall_64+0xfa/0xfa0
[  227.953117][ T6752]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.953148][ T6752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.953173][ T6752]  ? clear_bhb_loop+0x60/0xb0
[  227.953201][ T6752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.953223][ T6752] RIP: 0033:0x7f64054aefc9
[  227.953243][ T6752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.953262][ T6752] RSP: 002b:00007f6403716038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  227.953286][ T6752] RAX: ffffffffffffffda RBX: 00007f6405705fa0 RCX: 00007f64054aefc9
[  227.953303][ T6752] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  227.953317][ T6752] RBP: 00007f6403716090 R08: 0000000000000000 R09: 0000000000000000
[  227.953331][ T6752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.953345][ T6752] R13: 00007f6405706038 R14: 00007f6405705fa0 R15: 00007fff5b428ae8
[  227.953382][ T6752]  </TASK>
[  227.953436][ T6752] netlink: 'syz.4.208': attribute type 24 has an invalid length.
[  228.268303][  T981] hid_parser_main: 150 callbacks suppressed
[  228.268332][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268369][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268401][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268434][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268466][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268498][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268530][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268560][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268592][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.268622][  T981] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  228.396607][  T981] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  228.485403][ T6605] team0: Port device team_slave_1 added
[  228.497361][ T6746] FAULT_INJECTION: forcing a failure.
[  228.497361][ T6746] name failslab, interval 1, probability 0, space 0, times 0
[  228.497405][ T6746] CPU: 0 UID: 0 PID: 6746 Comm: syz.2.205 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  228.497435][ T6746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  228.497459][ T6746] Call Trace:
[  228.497470][ T6746]  <TASK>
[  228.497481][ T6746]  dump_stack_lvl+0x189/0x250
[  228.497526][ T6746]  ? __pfx____ratelimit+0x10/0x10
[  228.497562][ T6746]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.497603][ T6746]  ? __pfx__printk+0x10/0x10
[  228.497644][ T6746]  ? __pfx___might_resched+0x10/0x10
[  228.497680][ T6746]  should_fail_ex+0x46c/0x600
[  228.497720][ T6746]  ? ep_insert+0x26b/0x1750
[  228.497756][ T6746]  should_failslab+0xa8/0x100
[  228.497796][ T6746]  ? ep_insert+0x26b/0x1750
[  228.497830][ T6746]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  228.497861][ T6746]  ? __percpu_counter_compare+0xae/0x2e0
[  228.497908][ T6746]  ep_insert+0x26b/0x1750
[  228.497960][ T6746]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  228.497998][ T6746]  ? __pfx_ep_insert+0x10/0x10
[  228.498035][ T6746]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  228.498077][ T6746]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  228.498128][ T6746]  ? mutex_lock_nested+0x154/0x1d0
[  228.498154][ T6746]  ? do_epoll_ctl+0x3d2/0xe90
[  228.498194][ T6746]  do_epoll_ctl+0x7fd/0xe90
[  228.498241][ T6746]  __x64_sys_epoll_ctl+0x163/0x1a0
[  228.498284][ T6746]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  228.498327][ T6746]  ? do_syscall_64+0xbe/0xfa0
[  228.498369][ T6746]  do_syscall_64+0xfa/0xfa0
[  228.498405][ T6746]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.498431][ T6746]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  228.498465][ T6746]  ? clear_bhb_loop+0x60/0xb0
[  228.498497][ T6746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.498523][ T6746] RIP: 0033:0x7f14f63aefc9
[  228.498545][ T6746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.498569][ T6746] RSP: 002b:00007f14f4616038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  228.498596][ T6746] RAX: ffffffffffffffda RBX: 00007f14f6605fa0 RCX: 00007f14f63aefc9
[  228.498615][ T6746] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[  228.498631][ T6746] RBP: 00007f14f4616090 R08: 0000000000000000 R09: 0000000000000000
[  228.498649][ T6746] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.498664][ T6746] R13: 00007f14f6606038 R14: 00007f14f6605fa0 R15: 00007fffd12f4678
[  228.498705][ T6746]  </TASK>
[  228.523614][   T10] usb 3-1: USB disconnect, device number 17
[  228.707798][  T981] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  228.748190][ T6755] fido_id[6755]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  228.856764][  T981] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  228.856793][  T981] usb 5-1: config 0 has no interface number 0
[  228.858154][  T981] usb 5-1: config 0 interface 41 has no altsetting 0
[  228.861741][  T981] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  228.861771][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.861794][  T981] usb 5-1: Product: syz
[  228.861810][  T981] usb 5-1: Manufacturer: syz
[  228.861827][  T981] usb 5-1: SerialNumber: syz
[  228.884257][  T981] usb 5-1: config 0 descriptor??
[  229.098313][  T981] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  229.186587][  T981] usb 5-1: USB disconnect, device number 16
[  229.241760][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  229.241779][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  229.241810][ T6592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.169905][ T6759] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  230.321570][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.321592][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  230.321624][ T6592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.384037][ T6605] batman_adv: batadv0: Adding interface: batadv_slave_0
[  230.384055][ T6605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  230.417510][ T6605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.645883][ T6605] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.645902][ T6605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  230.645951][ T6605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.939233][ T6725] syz.1.199 (6725): drop_caches: 1
[  231.251875][ T6592] hsr_slave_0: entered promiscuous mode
[  231.253359][ T6592] hsr_slave_1: entered promiscuous mode
[  231.255167][ T6592] debugfs: 'hsr0' already exists in 'hsr'
[  231.255200][ T6592] Cannot create hsr debugfs directory
[  231.255460][ T6774] netlink: 60 bytes leftover after parsing attributes in process `syz.1.214'.
[  231.560030][ T6771] netlink: 60 bytes leftover after parsing attributes in process `syz.1.214'.
[  232.046542][ T6605] hsr_slave_0: entered promiscuous mode
[  232.047992][ T6605] hsr_slave_1: entered promiscuous mode
[  232.049118][ T6605] debugfs: 'hsr0' already exists in 'hsr'
[  232.049144][ T6605] Cannot create hsr debugfs directory
[  233.142344][ T6787] Bluetooth: MGMT ver 1.23
[  234.435286][   T10] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  234.925239][   T10] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  234.925271][   T10] usb 5-1: config 0 has no interface number 0
[  234.925331][   T10] usb 5-1: config 0 interface 41 has no altsetting 0
[  234.930646][   T10] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  234.930679][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.930701][   T10] usb 5-1: Product: syz
[  234.930716][   T10] usb 5-1: Manufacturer: syz
[  234.930732][   T10] usb 5-1: SerialNumber: syz
[  234.994583][   T10] usb 5-1: config 0 descriptor??
[  235.230076][   T10] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  235.290461][   T10] usb 5-1: USB disconnect, device number 17
[  238.299995][ T6816] : renamed from veth0_to_bond (while UP)
[  238.894336][   T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  239.024405][   T10] usb 3-1: device descriptor read/64, error -71
[  239.274332][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  239.404247][   T10] usb 3-1: device descriptor read/64, error -71
[  239.517241][   T10] usb usb3-port1: attempt power cycle
[  239.544232][ T5788] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  239.706996][ T5788] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  239.707029][ T5788] usb 5-1: config 0 has no interface number 0
[  239.707081][ T5788] usb 5-1: config 0 interface 41 has no altsetting 0
[  239.737601][ T5788] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  239.737635][ T5788] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.737657][ T5788] usb 5-1: Product: syz
[  239.737673][ T5788] usb 5-1: Manufacturer: syz
[  239.737689][ T5788] usb 5-1: SerialNumber: syz
[  239.743713][ T5788] usb 5-1: config 0 descriptor??
[  239.858904][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  239.890125][   T10] usb 3-1: device descriptor read/8, error -71
[  239.980056][ T5788] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  240.026503][ T5788] usb 5-1: USB disconnect, device number 18
[  240.124380][   T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  240.147554][   T10] usb 3-1: device descriptor read/8, error -71
[  240.254935][   T10] usb usb3-port1: unable to enumerate USB device
[  241.237224][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.911058][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.081098][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.406486][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.436281][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.466339][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.526160][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.556526][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.586339][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.621216][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.654376][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.683811][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.704324][ T5788] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  245.737486][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.802082][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.855232][ T5788] usb 5-1: too many configurations: 33, using maximum allowed: 8
[  245.857337][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.857364][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.859122][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.859147][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.860960][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.860987][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.862799][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.862830][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.872104][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.872133][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.873898][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.873924][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.875838][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.876676][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.876701][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.879994][ T5788] usb 5-1: config 0 has an invalid descriptor of length 50, skipping remainder of the config
[  245.880020][ T5788] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  245.880061][ T5788] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0a51, bcdDevice= 0.00
[  245.880087][ T5788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.898453][ T5788] usb 5-1: rejected 8 configurations due to insufficient available bus power
[  245.898482][ T5788] usb 5-1: no configuration chosen from 8 choices
[  245.908766][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.934162][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.968156][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.016203][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.669481][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.824448][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.515907][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.833562][ T5788] usb 5-1: USB disconnect, device number 19
[  248.968685][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.997908][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.043990][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.075255][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.134240][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.163761][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.197664][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.230961][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.384215][ T5883] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  249.559332][ T5788] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  249.719516][ T5788] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  249.719548][ T5788] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  249.719571][ T5788] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  249.719595][ T5788] usb 5-1: config 1 has no interface number 0
[  249.719647][ T5788] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  249.719673][ T5788] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  249.719719][ T5788] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  249.719745][ T5788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.856435][ T5788] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  249.934509][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.936749][ T5883] usb 3-1: Using ep0 maxpacket: 8
[  249.940747][ T5883] usb 3-1: unable to get BOS descriptor or descriptor too short
[  249.946003][ T5883] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  249.946036][ T5883] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  249.946059][ T5883] usb 3-1: config 1 has no interface number 0
[  249.946128][ T5883] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 159, changing to 7
[  249.946189][ T5883] usb 3-1: config 1 interface 1 has no altsetting 0
[  250.007623][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.084145][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.113970][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.144184][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.200726][ T5788] snd_usb_pod 5-1:1.1: invalid control EP
[  250.200749][ T5788] snd_usb_pod 5-1:1.1: cannot start listening: -22
[  250.201081][ T5788] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  250.201664][ T5788] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -22
[  250.301207][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.333144][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.333529][ T5883] usb 3-1: string descriptor 0 read error: -22
[  250.333680][ T5883] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  250.333710][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.369732][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.402437][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.433440][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.468796][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.501997][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.535752][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.569605][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.603287][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.638562][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.672111][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.689810][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.727071][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.762044][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.840642][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.231479][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.426709][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.550721][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.677781][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.797659][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.967982][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.061129][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.096545][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.133850][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.170771][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.205672][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.240876][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.277129][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.311740][    C1] vkms_vblank_simulate: vblank timer overrun
[  252.357167][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.465281][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.495297][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.524884][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.585254][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.618015][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.651996][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.684310][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.714799][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.748538][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.764245][  T981] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  253.781165][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.956653][  T981] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  253.956692][  T981] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.956718][  T981] usb 2-1: config 0 interface 0 has no altsetting 0
[  253.956755][  T981] usb 2-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  253.956781][  T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.962766][  T981] usb 2-1: config 0 descriptor??
[  254.122153][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.157913][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.189720][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.236957][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.271329][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.484371][    C1] vkms_vblank_simulate: vblank timer overrun
[  254.848732][ T1229] usb 5-1: USB disconnect, device number 20
[  254.887371][ T5788] usb 3-1: USB disconnect, device number 22
[  255.229961][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.259714][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.306761][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.352371][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.383446][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.433699][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.463858][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.494809][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.525102][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.557150][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.602616][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.795124][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.826192][    C1] vkms_vblank_simulate: vblank timer overrun
[  255.864946][    C1] vkms_vblank_simulate: vblank timer overrun
[  256.172372][    C1] vkms_vblank_simulate: vblank timer overrun
[  256.204798][    C1] vkms_vblank_simulate: vblank timer overrun
[  256.270922][    C1] vkms_vblank_simulate: vblank timer overrun
[  256.496892][    C1] vkms_vblank_simulate: vblank timer overrun
[  258.317180][ T6916] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  259.284123][  T981] usbhid 2-1:0.0: can't add hid device: -32
[  259.284258][  T981] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[  262.545104][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  262.545192][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  263.507078][  T981] libceph: connect (1)[c::]:6789 error -101
[  263.508532][  T981] libceph: mon0 (1)[c::]:6789 connect error
[  263.769885][  T981] libceph: connect (1)[c::]:6789 error -101
[  263.770108][  T981] libceph: mon0 (1)[c::]:6789 connect error
[  263.875802][ T6944] ceph: No mds server is up or the cluster is laggy
[  264.278272][   T10] libceph: connect (1)[c::]:6789 error -101
[  264.278491][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  264.904257][ T5883] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  265.864219][ T5883] usb 3-1: Using ep0 maxpacket: 16
[  265.866630][ T5883] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  265.866656][ T5883] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  265.871225][ T5883] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  265.871255][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.871277][ T5883] usb 3-1: Product: syz
[  265.871292][ T5883] usb 3-1: Manufacturer: syz
[  265.871308][ T5883] usb 3-1: SerialNumber: syz
[  271.720997][ T5883] usb 3-1: 0:2 : does not exist
[  271.724829][ T5883] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  272.967062][   T10] usb 3-1: USB disconnect, device number 23
[  273.686941][ T6841] udevd[6841]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  276.340773][   T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  276.387036][   T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  276.404184][   T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  276.406042][   T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  276.406908][   T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  276.463842][ T7012] FAULT_INJECTION: forcing a failure.
[  276.463842][ T7012] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.463885][ T7012] CPU: 0 UID: 0 PID: 7012 Comm: syz.2.259 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.463933][ T7012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  276.463956][ T7012] Call Trace:
[  276.463965][ T7012]  <TASK>
[  276.463974][ T7012]  dump_stack_lvl+0x189/0x250
[  276.464028][ T7012]  ? __pfx____ratelimit+0x10/0x10
[  276.464062][ T7012]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.464095][ T7012]  ? __pfx__printk+0x10/0x10
[  276.464124][ T7012]  ? __might_fault+0xb0/0x130
[  276.464170][ T7012]  should_fail_ex+0x46c/0x600
[  276.464209][ T7012]  _copy_from_iter+0x1de/0x1790
[  276.464251][ T7012]  ? kmalloc_reserve+0xbd/0x290
[  276.464275][ T7012]  ? rcu_is_watching+0x15/0xb0
[  276.464299][ T7012]  ? kmalloc_reserve+0xbd/0x290
[  276.464320][ T7012]  ? __alloc_skb+0x112/0x2d0
[  276.464343][ T7012]  ? __pfx__copy_from_iter+0x10/0x10
[  276.464382][ T7012]  ? __build_skb_around+0x262/0x3f0
[  276.464423][ T7012]  ? netlink_sendmsg+0x642/0xb30
[  276.464444][ T7012]  ? skb_put+0x11b/0x210
[  276.464472][ T7012]  netlink_sendmsg+0x6b2/0xb30
[  276.464494][ T7012]  ? is_bpf_text_address+0x26/0x2b0
[  276.464539][ T7012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.464573][ T7012]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  276.464605][ T7012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.464630][ T7012]  __sock_sendmsg+0x21c/0x270
[  276.464667][ T7012]  ____sys_sendmsg+0x508/0x820
[  276.464701][ T7012]  ? __pfx_____sys_sendmsg+0x10/0x10
[  276.464738][ T7012]  ? import_iovec+0x74/0xa0
[  276.464785][ T7012]  ___sys_sendmsg+0x21f/0x2a0
[  276.464816][ T7012]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.464888][ T7012]  ? __fget_files+0x2a/0x420
[  276.464920][ T7012]  ? __fget_files+0x3a6/0x420
[  276.464973][ T7012]  __x64_sys_sendmsg+0x1a1/0x260
[  276.465005][ T7012]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  276.465045][ T7012]  ? __pfx_ksys_write+0x10/0x10
[  276.465080][ T7012]  ? do_syscall_64+0xbe/0xfa0
[  276.465117][ T7012]  do_syscall_64+0xfa/0xfa0
[  276.465146][ T7012]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.465177][ T7012]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.465201][ T7012]  ? clear_bhb_loop+0x60/0xb0
[  276.465230][ T7012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.465254][ T7012] RIP: 0033:0x7f14f63aefc9
[  276.465274][ T7012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.465295][ T7012] RSP: 002b:00007f14f4616038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.465320][ T7012] RAX: ffffffffffffffda RBX: 00007f14f6605fa0 RCX: 00007f14f63aefc9
[  276.465337][ T7012] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  276.465352][ T7012] RBP: 00007f14f4616090 R08: 0000000000000000 R09: 0000000000000000
[  276.465367][ T7012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.465381][ T7012] R13: 00007f14f6606038 R14: 00007f14f6605fa0 R15: 00007fffd12f4678
[  276.465420][ T7012]  </TASK>
[  277.160197][ T5808] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  277.163762][ T5808] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  277.184709][ T5808] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  277.186670][ T5808] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  277.187714][ T5808] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  278.555930][ T5808] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  278.576707][ T5808] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  278.584245][ T5808] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  278.619809][ T7027] 9pnet_fd: Insufficient options for proto=fd
[  278.703127][ T5808] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  278.784913][ T5808] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  278.864590][   T61] Bluetooth: hci5: command tx timeout
[  280.200785][   T61] Bluetooth: hci6: command tx timeout
[  280.874394][   T61] Bluetooth: hci7: command tx timeout
[  281.004386][   T61] Bluetooth: hci5: command tx timeout
[  281.718003][ T7009] chnl_net:caif_netlink_parms(): no params data found
[  282.304468][   T61] Bluetooth: hci6: command tx timeout
[  282.954819][   T61] Bluetooth: hci7: command tx timeout
[  283.029064][   T61] Bluetooth: hci5: command tx timeout
[  283.603982][ T7015] chnl_net:caif_netlink_parms(): no params data found
[  283.755819][ T5808] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  283.777601][ T5808] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  283.779126][ T5808] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  283.801633][ T5808] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  283.802549][ T5808] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  284.436482][ T5808] Bluetooth: hci6: command tx timeout
[  284.915675][ T7071] 9pnet_fd: Insufficient options for proto=fd
[  285.084273][ T5808] Bluetooth: hci7: command tx timeout
[  285.104327][ T5808] Bluetooth: hci5: command tx timeout
[  285.284294][   T10] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  285.434421][   T10] usb 3-1: Using ep0 maxpacket: 32
[  285.437004][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  285.440158][   T10] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  285.440190][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.440212][   T10] usb 3-1: Product: syz
[  285.440229][   T10] usb 3-1: Manufacturer: syz
[  285.440246][   T10] usb 3-1: SerialNumber: syz
[  285.505905][   T10] usb 3-1: config 0 descriptor??
[  285.506972][ T7074] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  285.532089][   T10] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input17
[  285.905797][ T5808] Bluetooth: hci8: command tx timeout
[  286.464165][ T5808] Bluetooth: hci6: command tx timeout
[  286.663397][ T7009] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.663843][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.682635][ T7009] bridge_slave_0: entered allmulticast mode
[  286.777638][ T7009] bridge_slave_0: entered promiscuous mode
[  286.809026][   T10] usb 3-1: USB disconnect, device number 24
[  286.809120][    C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  286.897612][ T7009] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.897774][ T7009] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.898027][ T7009] bridge_slave_1: entered allmulticast mode
[  286.903246][ T7009] bridge_slave_1: entered promiscuous mode
[  287.107404][ T5808] Bluetooth: hci7: command tx timeout
[  287.984565][ T5808] Bluetooth: hci8: command tx timeout
[  288.622014][ T7009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  288.622449][ T7024] chnl_net:caif_netlink_parms(): no params data found
[  288.661460][ T7094] 9pnet_fd: Insufficient options for proto=fd
[  289.185860][ T7009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  289.206680][ T7100] =======================================================
[  289.206680][ T7100] WARNING: The mand mount option has been deprecated and
[  289.206680][ T7100]          and is ignored by this kernel. Remove the mand
[  289.206680][ T7100]          option from the mount to silence this warning.
[  289.206680][ T7100] =======================================================
[  289.206784][ T7100] tmpfs: Bad value for 'mpol'
[  289.285337][ T7015] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.285549][ T7015] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.285836][ T7015] bridge_slave_0: entered allmulticast mode
[  289.288916][ T7015] bridge_slave_0: entered promiscuous mode
[  290.064383][ T5808] Bluetooth: hci8: command tx timeout
[  290.331061][ T7015] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.331201][ T7015] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.331450][ T7015] bridge_slave_1: entered allmulticast mode
[  290.334733][ T7015] bridge_slave_1: entered promiscuous mode
[  292.128570][ T7009] team0: Port device team_slave_0 added
[  292.146291][ T5808] Bluetooth: hci8: command tx timeout
[  292.238954][ T7015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.242918][ T7009] team0: Port device team_slave_1 added
[  292.576372][ T7015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.176389][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  296.176408][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  296.176438][ T7009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  296.578420][ T7024] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.578643][ T7024] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.578894][ T7024] bridge_slave_0: entered allmulticast mode
[  296.582208][ T7024] bridge_slave_0: entered promiscuous mode
[  296.613031][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  296.613051][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  296.613081][ T7009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.020934][ T7015] team0: Port device team_slave_0 added
[  303.045236][ T7024] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.045413][ T7024] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.045714][ T7024] bridge_slave_1: entered allmulticast mode
[  303.050388][ T7024] bridge_slave_1: entered promiscuous mode
[  303.395583][ T7015] team0: Port device team_slave_1 added
[  305.503106][   T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  305.516998][   T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  305.518192][   T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  305.519526][   T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  305.520400][   T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  307.450365][ T7024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.466707][ T7015] batman_adv: batadv0: Adding interface: batadv_slave_0
[  307.466734][ T7015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  307.466766][ T7015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.587007][   T61] Bluetooth: hci1: command tx timeout
[  309.664410][   T61] Bluetooth: hci1: command tx timeout
[  310.420431][ T7024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.421802][ T7015] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.421819][ T7015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  310.421852][ T7015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.520272][ T7009] hsr_slave_0: entered promiscuous mode
[  310.521947][ T7009] hsr_slave_1: entered promiscuous mode
[  310.523111][ T7009] debugfs: 'hsr0' already exists in 'hsr'
[  310.523138][ T7009] Cannot create hsr debugfs directory
[  312.044249][   T61] Bluetooth: hci1: command tx timeout
[  312.849438][ T7024] team0: Port device team_slave_0 added
[  314.064622][ T5808] Bluetooth: hci1: command tx timeout
[  315.309628][ T7024] team0: Port device team_slave_1 added
[  317.820400][ T7015] hsr_slave_0: entered promiscuous mode
[  317.821990][ T7015] hsr_slave_1: entered promiscuous mode
[  317.823089][ T7015] debugfs: 'hsr0' already exists in 'hsr'
[  317.823116][ T7015] Cannot create hsr debugfs directory
[  318.089878][ T7024] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.089898][ T7024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  318.089946][ T7024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  318.181050][ T7024] batman_adv: batadv0: Adding interface: batadv_slave_1
[  318.181070][ T7024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  318.181100][ T7024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.198294][ T7060] chnl_net:caif_netlink_parms(): no params data found
[  322.356342][ T7024] hsr_slave_0: entered promiscuous mode
[  322.362217][ T7024] hsr_slave_1: entered promiscuous mode
[  322.383205][ T7024] debugfs: 'hsr0' already exists in 'hsr'
[  322.383236][ T7024] Cannot create hsr debugfs directory
[  322.470238][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  322.470320][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  327.265513][ T7060] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.265685][ T7060] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.265928][ T7060] bridge_slave_0: entered allmulticast mode
[  327.297094][ T7060] bridge_slave_0: entered promiscuous mode
[  327.448850][ T7060] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.448992][ T7060] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.449334][ T7060] bridge_slave_1: entered allmulticast mode
[  327.453942][ T7060] bridge_slave_1: entered promiscuous mode
[  328.583465][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  328.602006][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  328.615219][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  328.618600][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  328.619511][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  330.679724][ T7060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.714632][ T5808] Bluetooth: hci2: command tx timeout
[  331.885164][ T7060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  332.784542][ T6712] Bluetooth: hci2: command tx timeout
[  333.428988][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  333.459641][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  333.461315][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  333.462725][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  333.463687][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  334.526753][ T6712] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  334.571677][ T6712] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  334.591445][ T6712] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  334.592837][ T6712] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  334.593749][ T6712] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  334.710217][ T6712] Bluetooth: hci4: command 0x0406 tx timeout
[  334.710269][ T5804] Bluetooth: hci0: command 0x0406 tx timeout
[  334.889938][ T5804] Bluetooth: hci2: command tx timeout
[  335.596556][   T61] Bluetooth: hci3: command tx timeout
[  336.055773][ T7122] chnl_net:caif_netlink_parms(): no params data found
[  336.137853][ T7060] team0: Port device team_slave_0 added
[  336.211616][ T7060] team0: Port device team_slave_1 added
[  336.704256][ T5808] Bluetooth: hci9: command tx timeout
[  336.944505][ T5808] Bluetooth: hci2: command tx timeout
[  337.674805][ T5808] Bluetooth: hci3: command tx timeout
[  338.784464][ T5808] Bluetooth: hci9: command tx timeout
[  339.744441][ T5808] Bluetooth: hci3: command tx timeout
[  340.864593][ T5808] Bluetooth: hci9: command tx timeout
[  341.516173][ T7060] batman_adv: batadv0: Adding interface: batadv_slave_0
[  341.516192][ T7060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  341.516223][ T7060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  341.824566][   T61] Bluetooth: hci3: command tx timeout
[  341.833299][   T61] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  341.857138][   T61] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  341.858472][   T61] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  341.859804][   T61] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  341.861210][   T61] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  342.944426][   T61] Bluetooth: hci9: command tx timeout
[  343.907296][ T7122] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.907458][ T7122] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.907701][ T7122] bridge_slave_0: entered allmulticast mode
[  343.943175][ T7122] bridge_slave_0: entered promiscuous mode
[  343.984601][   T61] Bluetooth: hci7: command tx timeout
[  344.008929][ T7122] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.009163][ T7122] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.009470][ T7122] bridge_slave_1: entered allmulticast mode
[  344.040187][ T7122] bridge_slave_1: entered promiscuous mode
[  346.064864][   T61] Bluetooth: hci7: command tx timeout
[  347.119621][ T7122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  347.178189][ T7122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.144679][   T61] Bluetooth: hci7: command tx timeout
[  349.256724][ T7122] team0: Port device team_slave_0 added
[  349.337151][ T7122] team0: Port device team_slave_1 added
[  350.224247][   T61] Bluetooth: hci7: command tx timeout
[  351.258079][ T7122] batman_adv: batadv0: Adding interface: batadv_slave_0
[  351.258099][ T7122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  351.258130][ T7122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.395889][ T7122] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.395908][ T7122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  351.395939][ T7122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  351.648379][ T7202] chnl_net:caif_netlink_parms(): no params data found
[  353.186028][ T7233] chnl_net:caif_netlink_parms(): no params data found
[  353.232100][ T7228] chnl_net:caif_netlink_parms(): no params data found
[  354.737023][ T7122] hsr_slave_0: entered promiscuous mode
[  354.740539][ T7122] hsr_slave_1: entered promiscuous mode
[  354.741700][ T7122] debugfs: 'hsr0' already exists in 'hsr'
[  354.741727][ T7122] Cannot create hsr debugfs directory
[  355.132621][ T6307] bridge_slave_1: left allmulticast mode
[  355.132652][ T6307] bridge_slave_1: left promiscuous mode
[  355.132902][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.278355][ T6307] bridge_slave_0: left allmulticast mode
[  356.278388][ T6307] bridge_slave_0: left promiscuous mode
[  356.278657][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.553055][ T6307] bridge_slave_1: left allmulticast mode
[  356.553088][ T6307] bridge_slave_1: left promiscuous mode
[  356.553353][ T6307] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.040862][ T6307] bridge_slave_0: left allmulticast mode
[  358.040895][ T6307] bridge_slave_0: left promiscuous mode
[  358.041166][ T6307] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.615551][ T5808] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  366.644877][ T5808] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  366.647250][ T5808] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  366.648944][ T5808] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  366.650294][ T5808] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  368.784411][   T61] Bluetooth: hci8: command tx timeout
[  370.864251][   T61] Bluetooth: hci8: command tx timeout
[  372.944471][   T61] Bluetooth: hci8: command tx timeout
[  375.024360][   T61] Bluetooth: hci8: command tx timeout
[  383.841383][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  383.841471][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  390.366519][ T5808] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  390.369890][ T5808] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  390.371133][ T5808] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  390.408268][ T5808] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  390.431577][ T5808] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  392.465193][ T5808] Bluetooth: hci10: command tx timeout
[  393.679366][   T61] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  393.700270][   T61] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  393.701534][   T61] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  393.703220][   T61] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  393.705112][   T61] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  394.544826][ T5808] Bluetooth: hci10: command tx timeout
[  395.824704][ T5808] Bluetooth: hci11: command tx timeout
[  395.900558][   T61] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  395.921120][   T61] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  395.922409][   T61] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  395.940404][   T61] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  395.966181][   T61] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  396.624911][   T61] Bluetooth: hci10: command tx timeout
[  397.904634][   T61] Bluetooth: hci11: command tx timeout
[  397.907093][   T39] INFO: task syz-executor:6605 blocked for more than 143 seconds.
[  397.907119][   T39]       Not tainted syzkaller #0
[  397.907131][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  397.907141][   T39] task:syz-executor    state:D stack:17968 pid:6605  tgid:6605  ppid:1      task_flags:0x400140 flags:0x00080003
[  397.907215][   T39] Call Trace:
[  397.907224][   T39]  <TASK>
[  397.907240][   T39]  __schedule+0x16f3/0x4c20
[  397.907306][   T39]  ? __pfx___schedule+0x10/0x10
[  397.907364][   T39]  rt_mutex_schedule+0x77/0xf0
[  397.907388][   T39]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  397.907436][   T39]  ? rt_mutex_slowlock_block+0x351/0x6d0
[  397.907465][   T39]  rt_mutex_slowlock+0x2b1/0x6e0
[  397.907494][   T39]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  397.907520][   T39]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  397.907542][   T39]  ? __lock_acquire+0xab9/0xd20
[  397.907586][   T39]  ? del_device_store+0xd1/0x360
[  397.907615][   T39]  ? __pfx_sscanf+0x10/0x10
[  397.907645][   T39]  ? del_device_store+0xd1/0x360
[  397.907664][   T39]  mutex_lock_nested+0x16a/0x1d0
[  397.907694][   T39]  del_device_store+0xd1/0x360
[  397.907714][   T39]  ? sysfs_file_kobj+0x1a/0x230
[  397.907752][   T39]  ? __pfx_del_device_store+0x10/0x10
[  397.907774][   T39]  ? sysfs_file_kobj+0x1e4/0x230
[  397.907810][   T39]  ? sysfs_kf_write+0x166/0x260
[  397.907835][   T39]  ? __pfx_sysfs_kf_write+0x10/0x10
[  397.907855][   T39]  kernfs_fop_write_iter+0x3b0/0x540
[  397.907896][   T39]  vfs_write+0x5d5/0xb40
[  397.907930][   T39]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  397.907964][   T39]  ? __pfx_vfs_write+0x10/0x10
[  397.908004][   T39]  ? do_sys_openat2+0x154/0x1c0
[  397.908039][   T39]  ksys_write+0x14b/0x260
[  397.908071][   T39]  ? __pfx_ksys_write+0x10/0x10
[  397.908105][   T39]  ? do_syscall_64+0xbe/0xfa0
[  397.908140][   T39]  do_syscall_64+0xfa/0xfa0
[  397.908172][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.908195][   T39]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  397.908218][   T39]  ? clear_bhb_loop+0x60/0xb0
[  397.908245][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.908287][   T39] RIP: 0033:0x7fed3405da7f
[  397.908308][   T39] RSP: 002b:00007ffefbe59cf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  397.908332][   T39] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fed3405da7f
[  397.908349][   T39] RDX: 0000000000000001 RSI: 00007ffefbe59d40 RDI: 0000000000000005
[  397.908365][   T39] RBP: 00007fed340e3256 R08: 0000000000000000 R09: 00007ffefbe59b47
[  397.908381][   T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  397.908395][   T39] R13: 00007ffefbe59d40 R14: 00007fed34de4620 R15: 0000000000000003
[  397.908453][   T39]  </TASK>
[  397.908511][   T39] 
[  397.908511][   T39] Showing all locks held in the system:
[  397.908526][   T39] 3 locks held by rcuc/1/28:
[  397.908540][   T39] 3 locks held by kworker/u8:2/37:
[  397.908553][   T39]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.908620][   T39]  #1: ffffc90000ac7ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.908677][   T39]  #2: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  397.908735][   T39] 1 lock held by khungtaskd/39:
[  397.908748][   T39]  #0: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  397.908824][   T39] 2 locks held by dhcpcd/5462:
[  397.908837][   T39]  #0: ffff88804428e920 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: netlink_dump+0xbd/0xe90
[  397.908889][   T39]  #1: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  397.908939][   T39] 2 locks held by getty/5555:
[  397.908951][   T39]  #0: ffff88823bf6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  397.909026][   T39]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  397.909107][   T39] 3 locks held by kworker/0:3/5788:
[  397.909120][   T39]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.909177][   T39]  #1: ffffc90004a2fba0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.909236][   T39]  #2: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  397.909300][   T39] 1 lock held by syz-executor/5810:
[  397.909312][   T39]  #0: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.909372][   T39] 5 locks held by kworker/u8:15/6307:
[  397.909385][   T39]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.909450][   T39]  #1: ffffc90004217ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.909524][   T39]  #2: ffffffff8e856320 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
[  397.909579][   T39]  #3: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990
[  397.909633][   T39]  #4: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.909690][   T39] 7 locks held by syz-executor/6592:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  397.909704][   T39]  #0: ffff88803435c480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40
[  397.909766][   T39]  #1: ffff88804915f078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[  397.909829][   T39]  #2: ffff8881447f0008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540
[  397.909897][   T39]  #3: ffffffff8e0f3fd8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360
[  397.909950][   T39]  #4: ffff888038ffe0d8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[  397.910015][   T39]  #5: ffff88803910c300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160
[  397.910078][   T39]  #6: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xed/0x680
[  397.910154][   T39] 4 locks held by syz-executor/6605:
[  397.910165][   T39]  #0: ffff88803435c480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40
[  397.910222][   T39]  #1: ffff88805ce57478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[  397.910314][   T39]  #2: ffff8881447f0008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540
[  397.910378][   T39]  #3: ffffffff8e0f3fd8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360
[  397.910437][   T39] 3 locks held by kworker/u8:16/6781:
[  397.910450][   T39]  #0: ffff88802f9b6938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.910508][   T39]  #1: ffffc900042a7ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.910568][   T39]  #2: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  397.910622][   T39] 1 lock held by syz.1.246/6897:
[  397.910635][   T39]  #0: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.910689][   T39] 1 lock held by syz.4.255/6972:
[  397.910702][   T39]  #0: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.910755][   T39] 4 locks held by syz-executor/7009:
[  397.910768][   T39]  #0: ffff88803435c480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40
[  397.910828][   T39]  #1: ffff88805c231078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[  397.910888][   T39]  #2: ffff8881447f0008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540
[  397.910953][   T39]  #3: ffffffff8e0f3fd8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360
[  397.911010][   T39] 4 locks held by syz-executor/7015:
[  397.911023][   T39]  #0: ffff88803435c480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40
[  397.911083][   T39]  #1: ffff88814376b478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[  397.911142][   T39]  #2: ffff8881447f0008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540
[  397.911208][   T39]  #3: ffffffff8e0f3fd8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360
[  397.911258][   T39] 1 lock held by syz-executor/7024:
[  397.911271][   T39]  #0: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.911325][   T39] 1 lock held by syz-executor/7060:
[  397.911337][   T39]  #0: ffffffff8d5b01b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  397.911416][   T39] 1 lock held by syz-executor/7122:
[  397.911430][   T39]  #0: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  397.911483][   T39] 2 locks held by syz-executor/7202:
[  397.911496][   T39]  #0: ffffffff8dfed320 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  397.911556][   T39]  #1: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  397.911607][   T39] 2 locks held by syz-executor/7228:
[  397.911620][   T39]  #0: ffffffff8dfed320 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  397.911680][   T39]  #1: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  397.911732][   T39] 2 locks held by syz-executor/7233:
[  397.911745][   T39]  #0: ffffffff8dfed320 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  397.911804][   T39]  #1: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  397.911856][   T39] 2 locks held by syz-executor/7258:
[  397.911868][   T39]  #0: ffffffff8ed64438 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  397.911927][   T39]  #1: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  397.911980][   T39] 1 lock held by syz-executor/7324:
[  397.911993][   T39]  #0: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  397.912055][   T39] 1 lock held by syz-executor/7329:
[  397.912069][   T39]  #0: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  397.912132][   T39] 1 lock held by syz-executor/7335:
[  397.912144][   T39]  #0: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  397.912208][   T39] 1 lock held by syz-executor/7341:
[  397.912221][   T39]  #0: ffffffff8e863238 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  397.912283][   T39] 
[  397.912289][   T39] =============================================
[  397.912289][   T39] 
[  397.912306][   T39] NMI backtrace for cpu 0
[  397.912322][   T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.912348][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  397.912362][   T39] Call Trace:
[  397.912370][   T39]  <TASK>
[  397.912380][   T39]  dump_stack_lvl+0x189/0x250
[  397.912426][   T39]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.912463][   T39]  ? __pfx__printk+0x10/0x10
[  397.912507][   T39]  nmi_cpu_backtrace+0x39e/0x3d0
[  397.912535][   T39]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  397.912563][   T39]  ? __pfx__printk+0x10/0x10
[  397.912597][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  397.912627][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  397.912655][   T39]  watchdog+0xf60/0xfa0
[  397.912696][   T39]  ? watchdog+0x1e2/0xfa0
[  397.912736][   T39]  kthread+0x711/0x8a0
[  397.912774][   T39]  ? __pfx_watchdog+0x10/0x10
[  397.912807][   T39]  ? __pfx_kthread+0x10/0x10
[  397.912839][   T39]  ? rt_spin_unlock+0x150/0x200
[  397.912869][   T39]  ? rt_spin_unlock+0x161/0x200
[  397.912892][   T39]  ? __pfx_kthread+0x10/0x10
[  397.912928][   T39]  ret_from_fork+0x4bc/0x870
[  397.912959][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  397.912996][   T39]  ? __switch_to_asm+0x39/0x70
[  397.913018][   T39]  ? __switch_to_asm+0x33/0x70
[  397.913040][   T39]  ? __pfx_kthread+0x10/0x10
[  397.913076][   T39]  ret_from_fork_asm+0x1a/0x30
[  397.913120][   T39]  </TASK>
[  397.913129][   T39] Sending NMI from CPU 0 to CPUs 1:
[  397.913164][    C1] NMI backtrace for cpu 1
[  397.913180][    C1] CPU: 1 UID: 0 PID: 28 Comm: rcuc/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.913201][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  397.913212][    C1] RIP: 0010:deref_stack_reg+0x13/0x230
[  397.913240][    C1] Code: 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 54 24 18 <49> 89 f0 49 89 ff 48 be 00 00 00 00 00 fc ff df 48 8d 5f 08 49 89
[  397.913257][    C1] RSP: 0018:ffffc90000a2e1a0 EFLAGS: 00000286
[  397.913273][    C1] RAX: fffffffffffffff0 RBX: ffffffff8f6a60be RCX: 0000000000000000
[  397.913287][    C1] RDX: ffffc90000a2e308 RSI: ffffc90000a2e668 RDI: ffffc90000a2e2c8
[  397.913301][    C1] RBP: dffffc0000000000 R08: ffffc90000a2e327 R09: 0000000000000000
[  397.913314][    C1] R10: ffffc90000a2e318 R11: fffff52000145c65 R12: ffffc90000a2e668
[  397.913328][    C1] R13: ffffc90000a2e318 R14: ffffc90000a2e2c8 R15: 1ffffffff1ed4c18
[  397.913342][    C1] FS:  0000000000000000(0000) GS:ffff888126ef9000(0000) knlGS:0000000000000000
[  397.913357][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  397.913371][    C1] CR2: 000055806af51520 CR3: 000000000d3a6000 CR4: 00000000003526f0
[  397.913389][    C1] Call Trace:
[  397.913395][    C1]  <TASK>
[  397.913407][    C1]  unwind_next_frame+0x17c4/0x2390
[  397.913437][    C1]  ? unwind_next_frame+0xa5/0x2390
[  397.913463][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  397.913492][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  397.913514][    C1]  arch_stack_walk+0x11c/0x150
[  397.913542][    C1]  ? kmem_cache_alloc_noprof+0x181/0x6b0
[  397.913569][    C1]  stack_trace_save+0x9c/0xe0
[  397.913589][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  397.913610][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  397.913637][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.913666][    C1]  kasan_save_track+0x3e/0x80
[  397.913688][    C1]  ? kasan_save_track+0x3e/0x80
[  397.913710][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  397.913763][    C1]  ? __slab_alloc+0xc6/0x1f0
[  397.913780][    C1]  __kasan_slab_alloc+0x6c/0x80
[  397.913805][    C1]  ? dst_alloc+0x105/0x170
[  397.913829][    C1]  kmem_cache_alloc_noprof+0x181/0x6b0
[  397.913857][    C1]  dst_alloc+0x105/0x170
[  397.913882][    C1]  ip_route_output_key_hash_rcu+0x1560/0x23e0
[  397.913912][    C1]  ? ip_route_output_key_hash+0xc1/0x280
[  397.913938][    C1]  ip_route_output_key_hash+0x174/0x280
[  397.913961][    C1]  ? __lock_acquire+0xab9/0xd20
[  397.913988][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  397.914028][    C1]  ip_route_output_flow+0x2a/0x150
[  397.914051][    C1]  ? ip_route_me_harder+0x6ae/0xf10
[  397.914081][    C1]  ip_route_me_harder+0x6c4/0xf10
[  397.914113][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[  397.914150][    C1]  ? rcu_is_watching+0x15/0xb0
[  397.914180][    C1]  synproxy_send_tcp+0x3a7/0x700
[  397.914220][    C1]  synproxy_send_client_synack+0x8bb/0xe20
[  397.914268][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  397.914290][    C1]  ? nft_fib_netdev_eval+0x128/0x250
[  397.914313][    C1]  ? synproxy_pernet+0x45/0x270
[  397.914343][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[  397.914373][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  397.914402][    C1]  ? nf_ip_checksum+0x13c/0x510
[  397.914432][    C1]  nft_synproxy_do_eval+0x345/0x570
[  397.914458][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.914485][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  397.914512][    C1]  ? rcu_is_watching+0x15/0xb0
[  397.914536][    C1]  nft_do_chain+0x40c/0x1920
[  397.914570][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  397.914593][    C1]  ? rcu_is_watching+0x15/0xb0
[  397.914632][    C1]  nft_do_chain_inet+0x25d/0x340
[  397.914656][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  397.914681][    C1]  ? __lock_acquire+0xab9/0xd20
[  397.914712][    C1]  ? NF_HOOK+0x9a/0x3a0
[  397.914729][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  397.914755][    C1]  nf_hook_slow+0xc5/0x220
[  397.914778][    C1]  NF_HOOK+0x206/0x3a0
[  397.914795][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  397.914813][    C1]  ? NF_HOOK+0x9a/0x3a0
[  397.914829][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  397.914845][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  397.914865][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  397.914884][    C1]  ? skb_dst+0x4f/0xd0
[  397.914901][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  397.914920][    C1]  NF_HOOK+0x30c/0x3a0
[  397.914938][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  397.914955][    C1]  ? NF_HOOK+0x9a/0x3a0
[  397.914970][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  397.914988][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  397.915012][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  397.915028][    C1]  __netif_receive_skb+0x143/0x380
[  397.915059][    C1]  ? process_backlog+0x27b/0x900
[  397.915075][    C1]  process_backlog+0x31e/0x900
[  397.915099][    C1]  __napi_poll+0xb6/0x540
[  397.915128][    C1]  net_rx_action+0x5f7/0xda0
[  397.915159][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  397.915179][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  397.915208][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  397.915224][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  397.915253][    C1]  handle_softirqs+0x22f/0x710
[  397.915281][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  397.915310][    C1]  __local_bh_enable_ip+0x1a0/0x2e0
[  397.915334][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  397.915363][    C1]  ? rcu_cpu_kthread+0x23e/0x1b50
[  397.915391][    C1]  ? rcu_cpu_kthread+0x23e/0x1b50
[  397.915431][    C1]  rcu_cpu_kthread+0xc3d/0x1b50
[  397.915462][    C1]  ? rcu_cpu_kthread+0x23e/0x1b50
[  397.915496][    C1]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  397.915543][    C1]  ? preempt_schedule_irq+0xde/0x150
[  397.915580][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  397.915608][    C1]  ? irqentry_exit+0x74/0x90
[  397.915632][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.915659][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  397.915689][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  397.915711][    C1]  smpboot_thread_fn+0x542/0xa60
[  397.915735][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  397.915763][    C1]  kthread+0x711/0x8a0
[  397.915792][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  397.915815][    C1]  ? __pfx_kthread+0x10/0x10
[  397.915841][    C1]  ? rt_spin_unlock+0x150/0x200
[  397.915864][    C1]  ? rt_spin_unlock+0x161/0x200
[  397.915882][    C1]  ? __pfx_kthread+0x10/0x10
[  397.915911][    C1]  ret_from_fork+0x4bc/0x870
[  397.915934][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  397.915960][    C1]  ? __switch_to_asm+0x39/0x70
[  397.915978][    C1]  ? __switch_to_asm+0x33/0x70
[  397.915996][    C1]  ? __pfx_kthread+0x10/0x10
[  397.916023][    C1]  ret_from_fork_asm+0x1a/0x30
[  397.916052][    C1]  </TASK>
[  398.064299][   T61] Bluetooth: hci12: command tx timeout
[  398.715462][   T61] Bluetooth: hci10: command tx timeout
[  399.996934][ T6712] Bluetooth: hci11: command tx timeout
[  400.155421][ T6712] Bluetooth: hci12: command tx timeout
[  402.064428][ T5808] Bluetooth: hci11: command tx timeout
[  402.224365][ T5808] Bluetooth: hci12: command tx timeout
[  402.465185][ T5804] Bluetooth: hci5: command 0x0406 tx timeout
[  402.465238][ T5808] Bluetooth: hci6: command 0x0406 tx timeout
[  404.305141][   T61] Bluetooth: hci12: command tx timeout