last executing test programs:

4m6.055122109s ago: executing program 3 (id=894):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x48391}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x3}]}}}]}, 0x3c}}, 0x40800)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r2, 0xffffffffffffffff, 0x15, 0x0, 0x0, @void, @value=0x0}, 0x20)
syz_genetlink_get_family_id$tipc(0x0, r1)
r3 = gettid()
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000200))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4005, &(0x7f0000000000)=0x5, 0x4, 0x0)
mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
fsetxattr$smack_xattr_label(r6, &(0x7f0000000400)='security.SMACK64MMAP\x00', &(0x7f0000000480)=ANY=[@ANYBLOB], 0xc, 0x2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40810}, 0x80)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
sendmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001404000000120800030043000040a8002b", 0x33}], 0x1}, 0x2404c804)

4m4.511838817s ago: executing program 3 (id=896):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe(&(0x7f00000045c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000440)=[{&(0x7f00000000c0)="3b256c7a40ff8cf30d776a89d5cfc3ce7467bd24", 0x14}], 0x1, 0x0)
r2 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0xa, 0x4e06, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, 0x0, 0x18}, 0x20040081)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x8000, 0x0)
unshare(0x8000400)
epoll_create(0x40)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x4, 0x402200)
prctl$PR_SET_SECUREBITS(0x1c, 0x19)
setuid(0xee01)

4m3.572234935s ago: executing program 3 (id=900):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$dupfd(r1, 0x0, r1)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = io_uring_setup(0x20, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x80000000, 0xfefffffd})
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000300)={0x10000008})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x8b, 0xfffa}, 0x1d, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x49, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0xfffffffe, 0x5, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x0, 0xe660, 0x4, 0x7, 0x101, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0xfffffff8, 0xa, 0x0, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x30000006, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x1, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x8, 0x0, 0x2, 0x2, 0xa, 0x4, 0x6, 0x28, 0x800, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xff7f, 0xa, 0x7f, 0x9, 0x2, 0xffffffff, 0xc, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x3fc, 0x4, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x1, 0x1ef, 0x5, 0x8, 0x87, 0x80000003, 0x9, 0x3e7, 0x9, 0x5, 0x80002, 0x2, 0xf38, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800001, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x1004, 0xa2, 0x7, 0x7fffffff, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x6, 0x5, 0x120000, 0x3, 0x6, 0x800aaed, 0x4, 0x65], [0x9, 0xbbb1, 0x3, 0xb, 0x5, 0x938, 0xb, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0xf58, 0x4, 0x3, 0x101, 0x10000, 0x6, 0x7ffe, 0x8, 0x200a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0xc, 0xe, 0x6, 0x2, 0x80000000, 0x5, 0x8, 0xc8, 0x1a, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0xedf6, 0xfffffff7, 0x335e0ac3, 0x7, 0x1, 0x6c1b, 0x0, 0x3dfe, 0x5, 0xb1c, 0x1, 0x200, 0xffbf2441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000100000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r7}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r8}, 0x10)
sendmsg$nl_xfrm(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000b40)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@multicast2, {@in6=@mcast2, @in6=@private2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x8000000}}}, 0x128}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2ca00000", @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c00098008000200030000000c00028008"], 0x46}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{}, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
preadv(r2, &(0x7f0000002300)=[{&(0x7f00000012c0)=""/214, 0xd6}], 0x1, 0x6, 0xfffefff6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

3m59.99602663s ago: executing program 3 (id=910):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe(&(0x7f00000045c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000440)=[{&(0x7f00000000c0)="3b256c7a40ff8cf30d776a89d5cfc3ce7467bd24", 0x14}], 0x1, 0x0)
r2 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0xa, 0x4e06, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, 0x0, 0x18}, 0x20040081)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x8000, 0x0)
unshare(0x8000400)
epoll_create(0x40)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x4, 0x402200)
prctl$PR_SET_SECUREBITS(0x1c, 0x19)
setuid(0xee01)

3m59.115791949s ago: executing program 3 (id=911):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x240010, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000180)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xfff0)

3m57.21336865s ago: executing program 3 (id=916):
ptrace(0x10, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x8c, 0x41, 0x107, 0x0, 0x7, {0x2, 0x7c}, [@nested={0x4, 0x31}, @nested={0x71, 0x1, 0x0, 0x1, [@generic="0d21a35edeabee19468e95c6bb", @typed={0x8, 0x110, 0x0, 0x0, @fd}, @nested={0x55, 0xcf, 0x0, 0x1, [@generic="bf288b9d9230a6366bbe245bd58e10aac0c978fc7f42215f4f5b64722f5890d962387d8981520adc5a3ae44bc2daf9c9393914cb35dc3a938c72f7b047ee0cda4dedc5dafe8ec76936cf81f87efea4", @generic="ebd6"]}]}]}, 0x8c}}, 0x4010)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f906, 0x0, '\x00', @p_u32=0x0}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007000c00000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000480)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, r5, r6, 0x0, 0x7, 0x0, 0x7, {0x1fffe, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5, 0xff, 0x8, 0x0, "d20bddda92e75aec79ff0300d28001000b0000000000001000000900"}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, r7, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x20004000)
sendmsg$NL80211_CMD_DEL_TX_TS(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, r2, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x8, 0x6d}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)

3m57.212969948s ago: executing program 32 (id=916):
ptrace(0x10, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x8c, 0x41, 0x107, 0x0, 0x7, {0x2, 0x7c}, [@nested={0x4, 0x31}, @nested={0x71, 0x1, 0x0, 0x1, [@generic="0d21a35edeabee19468e95c6bb", @typed={0x8, 0x110, 0x0, 0x0, @fd}, @nested={0x55, 0xcf, 0x0, 0x1, [@generic="bf288b9d9230a6366bbe245bd58e10aac0c978fc7f42215f4f5b64722f5890d962387d8981520adc5a3ae44bc2daf9c9393914cb35dc3a938c72f7b047ee0cda4dedc5dafe8ec76936cf81f87efea4", @generic="ebd6"]}]}]}, 0x8c}}, 0x4010)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f906, 0x0, '\x00', @p_u32=0x0}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007000c00000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000480)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, r5, r6, 0x0, 0x7, 0x0, 0x7, {0x1fffe, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5, 0xff, 0x8, 0x0, "d20bddda92e75aec79ff0300d28001000b0000000000001000000900"}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, r7, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x20004000)
sendmsg$NL80211_CMD_DEL_TX_TS(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, r2, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x8, 0x6d}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)

2m53.037439564s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

2m15.468403809s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

1m51.377427752s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

1m26.288834203s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

57.251692772s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

26.123562339s ago: executing program 2 (id=1397):
syz_open_dev$ttys(0xc, 0x2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x8000000, 0x77c8, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x9, 0x0, 0x2, 0x7}, 0x0, 0x0)

16.638974313s ago: executing program 0 (id=1411):
dup(0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="310300000000fbdbdf250b00000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x230}], 0x1, &(0x7f0000000340)={0x0, 0xff}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$UI_SET_LEDBIT(r5, 0x40045569, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000a5b000/0x2000)=nil, 0x2000}, 0x1})
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x8080583a, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40090)
socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902ff00010000000009fce8aabcff000000"], 0x0)

15.38485945s ago: executing program 4 (id=112):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000200)={0xa8, 0xfdfd})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="344e87122b000000", @ANYBLOB="960f715729aed36a66d7709730dfcfbaede7eeb434fd121e3caa72cd3310a5dca8e41160d03eba54f33ef66d1e4dc2775d4733fc5ad75f21386ba6728f3576b10a751bdb1b26b6ab8a15edf23b14793363fe5e57434db2003e6f8e6bcbd1772c965e2d2d78bb7e9899f2c1ec98b10c553f473df7702ba6f7aecec265f9ef918475e0d7ace73cd305224ce0718f462e29c5aec3a9a81a0239732544b0", @ANYRESDEC], 0x54}}, 0x20000000)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x4c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x28, 0x2, 0x0, 0x1, [@typed={0x24, 0x14, 0x0, 0x0, @str='B\xa7\xed\x1a\x064!\x89(c\f\x8d\xf6\xfd\x03\xd1\xd4\xbb\xb7\x1f\xd6P\xf6\v{\x83\xea\n\xd0\x11_6'}]}]}, 0x4c}}, 0xc000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
mount(0x0, 0x0, &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

12.691454173s ago: executing program 0 (id=1414):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={<r0=>0x0}, &(0x7f0000000300)=0xc)
prlimit64(r0, 0xe, &(0x7f0000000340)={0xc, 0x80000000}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000500)={0x3, @win={{0x1, 0x8, 0x9, 0xc797}, 0x7, 0x3, 0x0, 0x1, 0x0, 0x2}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r7}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r8}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x1, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1000}}, 0x14}, 0x1, 0x0, 0x0, 0x4040890}, 0x0)
r10 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0), 0x400480, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000400)={<r11=>0x0, 0x45e, 0x20, 0xd10, 0x7}, &(0x7f0000000440)=0x18)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000000480)={r11, 0x7}, &(0x7f00000004c0)=0x8)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x320810, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x28}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90)

11.422998794s ago: executing program 0 (id=1416):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000340)=0x4)
fcntl$setsig(r1, 0xa, 0x40)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x2, &(0x7f0000000240)=[{0x5, 0x52, 0x2, 0x2}, {0x6, 0x1, 0xd1, 0xc2}]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000001e0000000000000000950000000000000002f9d3ead686559900ff52583a321caa14acd60abac32f616dd7c6cc58036f54564a1b1f6176e3df3a6b6268f4d090f2720cbc61bb38ff8ed5a40457eff8095feb21c2bbcbc8da333a4cea97319c55208e4309cd547f9dc1ed22190981c63d4df555707c20da8f1a3c28fc238f7ff3bdec5241f479139ca4e0f42dbd701927e35fe0abf91df375b2b1a02a21cefcc553f0a4780235263e245230d6ccd8df67f625cff6bbeaace9582f8992f79a870f84690526646d4c21d5a74b2a8656b26fb7300987046375144ba864d2c43a8172220d3284a374da52af2b5b07dd61b1f536cf53725819b6702dd5e90cd0"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r7}, 0x10)
setresuid(0xee00, 0xee01, 0xee01)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
sendfile(r8, r4, 0x0, 0x7fffffff)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc080}, 0xe821651e0a1b45fc)
r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r9, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)

10.411992592s ago: executing program 0 (id=1417):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000000240), 0xc4080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x1}, 0x10}, 0x94)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x10000, 0x6, 0x2, 0x0, 0x8, 0xb, 0x651, 0xfffffffffffffffc, 0x9657, 0xfffffffffffffffe, 0x7fffffff, 0x0, 0xf9, 0xb, 0x80000000000000, 0x4, 0x1, 0x1, 0x80000001, 0x0, 0x0, 0x809, 0x800000, 0xfffffffffffffffa, 0xd, 0x2000000000004})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
mount$9p_xen(0x0, 0x0, &(0x7f0000000180), 0x244404, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1}, 0x8)
shutdown(r2, 0x1)
r3 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x7}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x200088c0, &(0x7f0000000040)={0xa, 0x2, 0x80398, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='highspeed\x00', 0xa)
shutdown(r1, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000280), 0x2200)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000580)='gfs2\x00', 0x3010003, &(0x7f0000000080)='norecovery')
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)

9.076959355s ago: executing program 0 (id=1419):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x48391}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x3}]}}}]}, 0x3c}}, 0x40800)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r2, 0xffffffffffffffff, 0x15, 0x0, 0x0, @void, @value=0x0}, 0x20)
syz_genetlink_get_family_id$tipc(0x0, r1)
r3 = gettid()
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000200))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40810}, 0x80)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
sendmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001404000000120800030043000040a8002b", 0x33}], 0x1}, 0x2404c804)

6.773425601s ago: executing program 5 (id=1424):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1e1100)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x10, 0x1403, 0x4, 0x70bd26}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$inet(r5, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x40000)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'dvmrp1\x00'})
poll(&(0x7f0000000040)=[{r0, 0x8744}], 0x1, 0x0)

5.635368456s ago: executing program 5 (id=1425):
socket(0x3, 0xa, 0x8001)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000001600)=[{{&(0x7f0000001140)={0xa, 0x4e24, 0x0, @private2}, 0x1c, &(0x7f0000001280)=[{&(0x7f0000001080)="b3", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f000001f5c0)={0x0, @in6={{0xa, 0x4e23, 0x80000000, @empty, 0xc08}}, 0x6b, 0x800}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x3c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700100000000000000a0000000600010017000000"], 0x1c}}, 0x0)
r5 = syz_open_procfs(r0, &(0x7f0000000040)='net/l2cap\x00')
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x4012031, r5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x114, &(0x7f00000000c0)=0x8, 0x0, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0xa400)
write$UHID_SET_REPORT_REPLY(r5, &(0x7f0000000380)=ANY=[@ANYBLOB="0e00000006000000f0f73e00b58141258880c9371b6491c8801249d7e188662335a4d69c2e1d611440186cbce3b103aae438c4f2786b5a10900181ca0263b2fb8dea34016a304e42fe2bf7df1ab92bb5ae4f71bd6f2cd52b30febef17f9d5a4d28d699ed16711d8ca5910268ecdcc04a37966169e0c2909a452bec34d6f016708bad0b95f0e10e0f53c45bc73968bc107ff7720350a6a7e6acb7dd77df3328a6a123686828c2d950872a3662828b007f40536ca5a398df2060f8f744c8cde21901353bc5c88708a2c36ed03ed7cfe7c1fc9b88a50e4011b66377e08d0a3ec824e981e85a03faead994b0315f938d487f2c2dca487ad928dd4c21b0679efa57ecad7d7be487725fe2ad19efb6797f57079548eb0689b5869e4dd3eff2d38368c35c339b6b268f7544804c9d2180f60aed5a"], 0x4a)

4.186531788s ago: executing program 0 (id=1427):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00'}, 0x94)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000840))
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x27, 0x3, 0x80000000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r7 = msgget$private(0x0, 0x414)
msgctl$IPC_SET(r7, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x1})
msgsnd(r7, &(0x7f0000000340)={0x3}, 0x0, 0xe800)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r1, r8, 0x0, 0x20000023896)

3.840272661s ago: executing program 1 (id=1430):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000001440)={'syztnl2\x00', 0x0, 0x20, 0x20, 0x9, 0x800, {{0x6, 0x4, 0x3, 0x8, 0x18, 0x64, 0x0, 0x1, 0x2f, 0x0, @private=0xa010102, @empty, {[@ssrr={0x89, 0x3, 0xe0}]}}}}})
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x1, 0xd00)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000080)=0x8079)
write$dsp(r1, &(0x7f0000000040)="c7", 0x1)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_io_uring_setup(0x16e, &(0x7f0000000b00)={0x0, 0xfffffffd, 0x10100, 0x0, 0x4}, &(0x7f0000001240)=<r4=>0x0, &(0x7f0000001340)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x102, 0x1})
sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
io_uring_enter(r3, 0x567, 0x1e, 0x0, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r6, 0x1)
getsockopt$bt_hci(r6, 0x84, 0x80, &(0x7f0000002100)=""/4127, &(0x7f0000000000)=0x101f)

3.757305097s ago: executing program 5 (id=1431):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000140)={0x0, 0x32314142, 0x3, @discrete={0x2, 0xc1}})

3.625777176s ago: executing program 5 (id=1432):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file1\x00', 0x80)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x400005a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0xd01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)

3.408808635s ago: executing program 2 (id=1397):
syz_open_dev$ttys(0xc, 0x2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x8000000, 0x77c8, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x9, 0x0, 0x2, 0x7}, 0x0, 0x0)

3.310449454s ago: executing program 5 (id=1433):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
pipe(&(0x7f0000000140))
socket(0x1e, 0x805, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300000000000000, 0x3, 0x8000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

3.137494274s ago: executing program 1 (id=1434):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000003c0)='./binderfs/binder0\x00', 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000540)=""/102400, 0x19000)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000340)='configfs\x00', 0x80000, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
pread64(r3, &(0x7f0000000280)=""/86, 0x56, 0x4000000000000f3)
sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x2200000c)
quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000702, 0xee00, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
acct(&(0x7f00000001c0)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x800, 0x0)
dup3(r4, r1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00142102800800010008000000060002000100000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f00000000c0)={0x2c, @multicast2, 0x80, 0x0, 'ovf\x00', 0x0, 0xffff, 0x51}, 0x2c)
socket$isdn(0x22, 0x3, 0x26)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="50005dd40000100001002abd7000000000000200", @ANYRES32=0x0, @ANYBLOB="c125000000000400140003006e657464657673696d30000000000000080004000e04000014001680100001800c0009000500000006000000"], 0x50}}, 0x800)

2.426813381s ago: executing program 1 (id=1435):
syz_emit_ethernet(0x7c, &(0x7f00000001c0)={@random="856b934629fa", @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x46, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x22eb, 0x4200, 0x0, [0x4d98]}, {}, {}, {0xdd86}}}}}}}, 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)

2.344604884s ago: executing program 2 (id=1436):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r3)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000100)={0x14, r4, 0xba87317d461c07c9, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000540)=[@code={0x1, 0x94, {"66baf80cb83053c480ef66bafc0ced66baf80cb8122ca188ef66bafc0c66b855ec66ef0f01c3670f21948fa91002b300000000f0219c7467000000c74424000a000000c744240200000000c7442406000000000f011c240fc79d2c000000b99a020000b8d8000000ba000000000f3066baf80cb880319e81ef66bafc0c66b8be0066ef"}}, @uexit={0x0, 0x18, 0x6d1768b}, @code={0x1, 0x53, {"67420f1c02660f3882950b00000080c90d0f01c20f200366baf80cb80a55298def66bafc0c66edf080619fa3430f06440f20c0350a000000440f22c066440fc77741"}}, @uexit={0x0, 0x18, 0xf2a}, @uexit={0x0, 0x18, 0x5}, @code={0x1, 0x52, {"3647dd90020000000f01d14a0fc76a1db805000000b9000000000f01c1673e410f01cfc4a17d29f6660f38388600380000c4e27d39fa460f01c9f746009bf40000"}}, @code={0x1, 0x5c, {"360f204166bad00466edb8010000000f01c1c4011cc2e90766baf80cb8ea231e8eef66bafc0cb000eec481f97fbe68cf000067440f30c4416812ed26f0f790794a16c1400fc7b600800000"}}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @uexit={0x0, 0x18, 0xf6}, @code={0x1, 0x55, {"c4627d0eb8b1000000430f9066606766460fd628460fbf76a96726660f3882916b8900002e0f01c96467450f9782fa000000400f01df430f005e0dc4814deb91b205baf9"}}, @code={0x1, 0x42, {"f30f1b3766bad004b00deec461e5d4fa260f2080410f01343a0f01df260f062e0f0130c461e55f1d00000000c462fd3113"}}, @uexit={0x0, 0x18, 0x1000000000000000}, @code={0x1, 0x7e, {"c74424009a000000c744240204000000ff1c24440f20c03505000000440f22c03e2e0feb28c744240000000000c74424020a000000c7442406000000000f011424c442793042836566460fc7323640d35b0c66bad10466b80c0066ef66ba4200b0f7ee66baa000b80e000000ef"}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x8000}, @code={0x1, 0x54, {"b9a30a00000f320f1ee445f4450f7875f13e0f0fe0a7c4e22991ac5201000000652e66420f38811b3666410f38358a06000000c441e8c29f000000000bf30fc7746843"}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @code={0x1, 0x4e, {"470f01c444f48f486097658d3036660f3a08ea0065450f01c366b81d000f00d066baf80cb8d194a784ef66bafc0cb000ee36400fae210f9078060f20c0"}}, @code={0x1, 0x4f, {"c4227d5ab43d3bb400000f01cbc44119f5d0460f01f0b9800000c00f3235000800000f300f01cbb9840500000f32660f3835557146da3366b821000f00d8"}}, @uexit={0x0, 0x18, 0x9}, @code={0x1, 0x74, {"66b821010f00d066b80b000f00d0f466baf80cb874c15085ef66bafc0ced673ef2460f598901000000b9ec0b0000b80ff5f437bab79f8e5b0f300f20e035000001000f22e00f23adc74424002b010000c744240200000100ff2c24b8010000000f01c1"}}, @code={0x1, 0x64, {"66bad10466ed0f01df0f011e400f20dfedc74424001acd0000c744240259ff0000c7442406000000000f01142466baf80cb86c689885ef66bafc0ced470fa319f30f0966baf80cb876d1498def66bafc0c66ed"}}, @uexit={0x0, 0x18, 0xdcc4}, @uexit={0x0, 0x18, 0x67}, @code={0x1, 0x6e, {"0f01c426660f017ebb400f06c744240072000000c7442402ff000000ff2c2466440fc7b6008000002e2e2664410f3066b838010f00d8c481a456d448b805000100000000000f23d80f21f835800000600f23f8643e460fc7b79de315e6"}}], 0x601})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=@newlink={0x4c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_ACTOR_SYS_PRIO={0x6, 0x18, 0xfff}, @IFLA_BOND_AD_LACP_RATE={0x5}, @IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x4c}}, 0x0)
r8 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0x2, &(0x7f0000002180)=0x6, 0x4)

2.344039281s ago: executing program 1 (id=1437):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r1, 0x104, 0x7, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(0xffffffffffffffff, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e0000007f000000c1ffffff000000002e2200", @ANYRES32], 0x48)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r4, 0x101, 0xc, &(0x7f0000000080)=0x10000, 0x4)
connect$ax25(r4, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000240)={0x0, 0x2, 0x0, 0x20, 0x0, 0x8})
sendmsg$inet(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x4, @empty}, 0x10, &(0x7f0000000200)=[{&(0x7f00000000c0)="319eceb3a1cc626566585a0529789f4c36eff28fa55c107a668b7c0131c9e2d3cbdfadd141a6d81e6f721f110f1383b92122ffce085dc9aa8b20e7c1fc07f37ee2034d669d751acc3b59ea3b47e5", 0x4e}, {&(0x7f0000000140)="c7726e9986e024bcab6c226a704735c6d18f0b762a134d7beb220adf5f216ae128c252570ad272a391dededda6917915a7332a339e7c51a1509dda3c79908889b33f227401575418a1d013266b344dec7cceeded2d05288e959fecf698fa7a15d3df5dceae572daf286f35e10d358d4b8e701d756699a115a96e5a263990aad90a6f2ed09a98a5cae7cea5c2c2f5d6b365aed0abea57a8a3c4e46f17cd232a290aa6379749f460bf8dea7a5b901d14", 0xaf}, {&(0x7f0000000280)="d432d357bfcd114ae2b4a85a6d84bfc8ef74332bd487606b47586250b46a477866d6ae799f808a0fc00b153917b91d8e069120d1402053a37b3cfc0f4b99364d11b273e3d64328acf3720107a76f1fb8f6e4259558cdee22e385e6a7c6ea7f24485c6eda0909333438249d0bc848cb9aa30cf6c12244dade777b916d18f42f594064dae985", 0x85}], 0x3}, 0x28548627f07b1367)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000240)=@x86={0xf, 0x8, 0x5, 0x0, 0x3, 0x2, 0x9, 0x3, 0x0, 0xca, 0x6, 0x1, 0x0, 0x278a, 0x4, 0x3, 0x4a, 0x2, 0x10, '\x00', 0x28, 0x80000001})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
bind$802154_raw(r0, &(0x7f0000000040)={0x24, @short={0x2, 0xffff, 0xaaa2}}, 0x14)

2.322620196s ago: executing program 5 (id=1438):
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
readahead(r0, 0xffff, 0xfffffffffffffffd)
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1801, 0x2, &(0x7f00000003c0)="9f9e"}, {0x8, 0x200, 0x0, 0x0}], 0x2})

2.087320606s ago: executing program 1 (id=1439):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r2, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x100}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044010}, 0x40000c0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)

1.250845342s ago: executing program 2 (id=1440):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='ns\x00')
fchdir(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a4", 0x24}], 0x2)

1.121468161s ago: executing program 2 (id=1441):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4004743b, &(0x7f0000001200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x1, 0x8}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x1, 0x7, 0x0, 0x2}}]}}]}, 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="d8ed560d0d7b6c121f030a4f9a7e1b0a4639643ae87e4bf8246314c0c8a39c9ec846e20a185d3f222de946c5d25aac8a7ec5f383d26e64d220abaf9df8b683f72818b193369227c31b5e3afcce7f7f22d9d18f2d0d0bdfd1c898b76c4c7412a43d31663bb96a3ae31f1cce6cf0da23399591b751ed41304a22ee7c485fcea8b94cad2ddd75f54639bbaf4df074c1741e2e28b46ca74fcc25229732f8fecfe5e622683972f0", @ANYRES16=r2, @ANYBLOB="010027bd7000fedbdf251300000008000300", @ANYRES32=r5, @ANYBLOB="0600b500c4050000040013000a0006000802110000010000040081000600120001000000"], 0x40}, 0x1, 0x0, 0x0, 0x20004804}, 0x4814)
syz_open_dev$sndmidi(&(0x7f0000000000), 0x9, 0x400)

1.003595481s ago: executing program 2 (id=1442):
socket(0x3, 0xa, 0x8001)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000001600)=[{{&(0x7f0000001140)={0xa, 0x4e24, 0x0, @private2}, 0x1c, &(0x7f0000001280)=[{&(0x7f0000001080)="b3", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f000001f5c0)={0x0, @in6={{0xa, 0x4e23, 0x80000000, @empty, 0xc08}}, 0x6b, 0x800}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x3c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700100000000000000a0000000600010017000000"], 0x1c}}, 0x0)
r5 = syz_open_procfs(r0, &(0x7f0000000040)='net/l2cap\x00')
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x4012031, r5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x114, &(0x7f00000000c0)=0x8, 0x0, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0xa400)
write$UHID_SET_REPORT_REPLY(r5, &(0x7f0000000380)=ANY=[@ANYBLOB="0e00000006000000f0f73e00b58141258880c9371b6491c8801249d7e188662335a4d69c2e1d611440186cbce3b103aae438c4f2786b5a10900181ca0263b2fb8dea34016a304e42fe2bf7df1ab92bb5ae4f71bd6f2cd52b30febef17f9d5a4d28d699ed16711d8ca5910268ecdcc04a37966169e0c2909a452bec34d6f016708bad0b95f0e10e0f53c45bc73968bc107ff7720350a6a7e6acb7dd77df3328a6a123686828c2d950872a3662828b007f40536ca5a398df2060f8f744c8cde21901353bc5c88708a2c36ed03ed7cfe7c1fc9b88a50e4011b66377e08d0a3ec824e981e85a03faead994b0315f938d487f2c2dca487ad928dd4c21b0679efa57ecad7d7be487725fe2ad19efb6797f57079548eb0689b5869e4dd3eff2d38368c35c339b6b268f7544804c9d2180f60aed5a"], 0x4a)

0s ago: executing program 1 (id=1443):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
r4 = fanotify_init(0x0, 0x80000)
r5 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x50)
readv(r4, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r4, 0x1, 0x40001019, r5, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
close(r0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat2(r0, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)

kernel console output (not intermixed with test programs):

or" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f728438e929 code=0x7ffc0000
[  534.904725][T11528] dlm: no local IP address has been set
[  534.910373][T11528] dlm: cannot start dlm midcomms -107
[  535.484848][T11376] hsr_slave_0: entered promiscuous mode
[  535.496155][T11376] hsr_slave_1: entered promiscuous mode
[  535.517294][T11376] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  535.526168][T11376] Cannot create hsr debugfs directory
[  535.595622][T11532] hub 8-0:1.0: USB hub found
[  535.602392][T11532] hub 8-0:1.0: 1 port detected
[  535.861212][T11534] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1076'.
[  537.420024][T11569] syzkaller0: entered promiscuous mode
[  537.430068][T11569] syzkaller0: entered allmulticast mode
[  537.492351][T11586] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1085'.
[  537.579768][ T5821] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  537.769651][ T5821] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  537.789107][ T5821] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  537.808324][ T5821] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  537.834012][ T5821] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  537.958550][ T5821] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  537.968246][ T5821] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  537.976683][ T5821] usb 3-1: Manufacturer: syz
[  537.995253][ T5821] usb 3-1: config 0 descriptor??
[  538.300384][ T5821] usbhid 3-1:0.0: can't add hid device: -71
[  538.329409][T11589] fuseblk: Bad value for 'group_id'
[  538.334714][T11589] fuseblk: Bad value for 'group_id'
[  538.359948][ T5821] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  538.418054][ T5821] usb 3-1: USB disconnect, device number 36
[  542.182233][T11612] all: renamed from lo (while UP)
[  542.317104][T11376] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  542.343735][T11376] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  542.504390][T11629] FAULT_INJECTION: forcing a failure.
[  542.504390][T11629] name failslab, interval 1, probability 0, space 0, times 0
[  542.519763][T11629] CPU: 0 UID: 0 PID: 11629 Comm: syz.0.1096 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  542.519787][T11629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  542.519809][T11629] Call Trace:
[  542.519816][T11629]  <TASK>
[  542.519824][T11629]  dump_stack_lvl+0x189/0x250
[  542.519852][T11629]  ? __pfx____ratelimit+0x10/0x10
[  542.519876][T11629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  542.519898][T11629]  ? __pfx__printk+0x10/0x10
[  542.519916][T11629]  ? __pfx___might_resched+0x10/0x10
[  542.519938][T11629]  ? fs_reclaim_acquire+0x7d/0x100
[  542.519965][T11629]  should_fail_ex+0x414/0x560
[  542.519985][T11629]  ? __pfx_proc_alloc_inode+0x10/0x10
[  542.520005][T11629]  should_failslab+0xa8/0x100
[  542.520027][T11629]  ? __pfx_proc_alloc_inode+0x10/0x10
[  542.520047][T11629]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  542.520065][T11629]  ? proc_alloc_inode+0x2a/0xc0
[  542.520090][T11629]  ? __pfx_proc_alloc_inode+0x10/0x10
[  542.520111][T11629]  proc_alloc_inode+0x2a/0xc0
[  542.520134][T11629]  alloc_inode+0x67/0x1b0
[  542.520156][T11629]  new_inode+0x22/0x170
[  542.520181][T11629]  proc_get_inode+0x22/0x6a0
[  542.520209][T11629]  proc_lookup_de+0x251/0x300
[  542.520228][T11629]  path_openat+0x1101/0x3830
[  542.520283][T11629]  ? __pfx_path_openat+0x10/0x10
[  542.520313][T11629]  ? irqentry_exit+0x74/0x90
[  542.520342][T11629]  do_filp_open+0x1fa/0x410
[  542.520362][T11629]  ? __pfx_do_filp_open+0x10/0x10
[  542.520378][T11629]  ? preempt_schedule_common+0x83/0xd0
[  542.520421][T11629]  ? _raw_spin_unlock+0x3f/0x50
[  542.520440][T11629]  ? alloc_fd+0x64c/0x6c0
[  542.520477][T11629]  do_sys_openat2+0x121/0x1c0
[  542.520504][T11629]  ? __pfx_do_sys_openat2+0x10/0x10
[  542.520544][T11629]  __x64_sys_openat+0x138/0x170
[  542.520574][T11629]  do_syscall_64+0xfa/0x3b0
[  542.520598][T11629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.520615][T11629]  ? asm_sysvec_call_function_single+0x1a/0x20
[  542.520638][T11629]  ? clear_bhb_loop+0x60/0xb0
[  542.520666][T11629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.520683][T11629] RIP: 0033:0x7ff463b8e929
[  542.520699][T11629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.520715][T11629] RSP: 002b:00007ff464ac1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  542.520732][T11629] RAX: ffffffffffffffda RBX: 00007ff463db6080 RCX: 00007ff463b8e929
[  542.520746][T11629] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: ffffffffffffff9c
[  542.520758][T11629] RBP: 00007ff464ac1090 R08: 0000000000000000 R09: 0000000000000000
[  542.520768][T11629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.520776][T11629] R13: 0000000000000000 R14: 00007ff463db6080 R15: 00007ffe029e69f8
[  542.520805][T11629]  </TASK>
[  542.797041][    C0] vkms_vblank_simulate: vblank timer overrun
[  543.151486][T11376] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  543.161383][T11376] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  543.444238][T11645] overlayfs: missing 'lowerdir'
[  543.785811][T11641] ceph: No mds server is up or the cluster is laggy
[  544.021528][ T5830] libceph: connect (1)[c::]:6789 error -101
[  545.105158][ T5830] libceph: mon0 (1)[c::]:6789 connect error
[  546.729904][T11665] FAULT_INJECTION: forcing a failure.
[  546.729904][T11665] name failslab, interval 1, probability 0, space 0, times 0
[  546.743048][T11665] CPU: 1 UID: 0 PID: 11665 Comm: syz.1.1102 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  546.743072][T11665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  546.743084][T11665] Call Trace:
[  546.743092][T11665]  <TASK>
[  546.743100][T11665]  dump_stack_lvl+0x189/0x250
[  546.743130][T11665]  ? __pfx____ratelimit+0x10/0x10
[  546.743154][T11665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.743177][T11665]  ? __pfx__printk+0x10/0x10
[  546.743199][T11665]  ? __pfx___might_resched+0x10/0x10
[  546.743222][T11665]  ? fs_reclaim_acquire+0x7d/0x100
[  546.743251][T11665]  should_fail_ex+0x414/0x560
[  546.743276][T11665]  ? frame_vector_create+0x62/0x110
[  546.743293][T11665]  should_failslab+0xa8/0x100
[  546.743324][T11665]  __kvmalloc_node_noprof+0x161/0x5f0
[  546.743346][T11665]  ? frame_vector_create+0x62/0x110
[  546.743370][T11665]  frame_vector_create+0x62/0x110
[  546.743390][T11665]  vb2_create_framevec+0x37/0xd0
[  546.743414][T11665]  vb2_vmalloc_get_userptr+0x108/0x450
[  546.743437][T11665]  ? __pfx_vb2_vmalloc_get_userptr+0x10/0x10
[  546.743454][T11665]  __buf_prepare+0xf4f/0x4740
[  546.743496][T11665]  ? __pfx___buf_prepare+0x10/0x10
[  546.743522][T11665]  ? is_bpf_text_address+0x26/0x2b0
[  546.743551][T11665]  ? is_bpf_text_address+0x292/0x2b0
[  546.743572][T11665]  ? is_bpf_text_address+0x26/0x2b0
[  546.743598][T11665]  ? kernel_text_address+0xa5/0xe0
[  546.743620][T11665]  ? __kernel_text_address+0xd/0x40
[  546.743638][T11665]  ? unwind_get_return_address+0x4d/0x90
[  546.743661][T11665]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  546.743679][T11665]  ? arch_stack_walk+0xfc/0x150
[  546.743723][T11665]  ? __lock_acquire+0xab9/0xd20
[  546.743815][T11665]  vb2_core_prepare_buf+0xad/0x2c0
[  546.743843][T11665]  __video_do_ioctl+0xc9b/0xdb0
[  546.743872][T11665]  ? __pfx___video_do_ioctl+0x10/0x10
[  546.743906][T11665]  video_usercopy+0x871/0x14f0
[  546.743934][T11665]  ? __pfx___video_do_ioctl+0x10/0x10
[  546.743951][T11665]  ? __pfx_video_usercopy+0x10/0x10
[  546.743965][T11665]  ? smack_file_ioctl+0x2a9/0x340
[  546.744003][T11665]  ? __fget_files+0x2a/0x420
[  546.744024][T11665]  ? __fget_files+0x3a0/0x420
[  546.744049][T11665]  v4l2_ioctl+0x18a/0x1e0
[  546.744075][T11665]  ? __pfx_v4l2_ioctl+0x10/0x10
[  546.744099][T11665]  __se_sys_ioctl+0xfc/0x170
[  546.744120][T11665]  do_syscall_64+0xfa/0x3b0
[  546.744142][T11665]  ? lockdep_hardirqs_on+0x9c/0x150
[  546.744165][T11665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.744182][T11665]  ? clear_bhb_loop+0x60/0xb0
[  546.744204][T11665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.744221][T11665] RIP: 0033:0x7fef2798e929
[  546.744239][T11665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.744255][T11665] RSP: 002b:00007fef257d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  546.744275][T11665] RAX: ffffffffffffffda RBX: 00007fef27bb6080 RCX: 00007fef2798e929
[  546.744289][T11665] RDX: 0000200000000200 RSI: 00000000c058565d RDI: 0000000000000003
[  546.744301][T11665] RBP: 00007fef257d5090 R08: 0000000000000000 R09: 0000000000000000
[  546.744319][T11665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.744329][T11665] R13: 0000000000000000 R14: 00007fef27bb6080 R15: 00007ffdde920aa8
[  546.744360][T11665]  </TASK>
[  547.132305][T11376] 8021q: adding VLAN 0 to HW filter on device bond0
[  547.157685][T11376] 8021q: adding VLAN 0 to HW filter on device team0
[  547.170615][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.177758][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.206014][T11376] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  547.216484][T11376] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  547.425501][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.432785][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.648612][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1105'.
[  547.915960][ T5821] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  548.129831][ T5821] usb 2-1: New USB device found, idVendor=e57b, idProduct=2225, bcdDevice=ca.8b
[  548.142766][ T5821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.155536][T11376] 8021q: adding VLAN 0 to HW filter on device batadv0
[  548.202903][ T5900] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  548.215653][ T5821] usb 2-1: config 0 descriptor??
[  548.426040][ T5900] usb 1-1: config 0 has no interfaces?
[  548.467277][ T5900] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  548.505869][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.626170][ T5900] usb 1-1: Product: syz
[  548.640930][ T5900] usb 1-1: Manufacturer: syz
[  548.646163][T11707] FAULT_INJECTION: forcing a failure.
[  548.646163][T11707] name failslab, interval 1, probability 0, space 0, times 0
[  548.663412][T11707] CPU: 0 UID: 0 PID: 11707 Comm: syz.5.1109 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  548.663438][T11707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  548.663449][T11707] Call Trace:
[  548.663457][T11707]  <TASK>
[  548.663464][T11707]  dump_stack_lvl+0x189/0x250
[  548.663492][T11707]  ? irqentry_exit+0x74/0x90
[  548.663516][T11707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.663557][T11707]  should_fail_ex+0x414/0x560
[  548.663582][T11707]  should_failslab+0xa8/0x100
[  548.663605][T11707]  kmem_cache_alloc_noprof+0x73/0x3c0
[  548.663624][T11707]  ? getname_flags+0xb8/0x540
[  548.663651][T11707]  getname_flags+0xb8/0x540
[  548.663677][T11707]  do_sys_openat2+0xbc/0x1c0
[  548.663703][T11707]  ? __pfx_do_sys_openat2+0x10/0x10
[  548.663727][T11707]  ? ksys_write+0x22a/0x250
[  548.663749][T11707]  ? __pfx_ksys_write+0x10/0x10
[  548.663773][T11707]  __x64_sys_open+0x11e/0x150
[  548.663800][T11707]  do_syscall_64+0xfa/0x3b0
[  548.663825][T11707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.663841][T11707]  ? asm_sysvec_call_function_single+0x1a/0x20
[  548.663858][T11707]  ? clear_bhb_loop+0x60/0xb0
[  548.663879][T11707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.663895][T11707] RIP: 0033:0x7faa3cf8e929
[  548.663917][T11707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.663932][T11707] RSP: 002b:00007faa3dde7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  548.663951][T11707] RAX: ffffffffffffffda RBX: 00007faa3d1b6080 RCX: 00007faa3cf8e929
[  548.663964][T11707] RDX: 0000000000000000 RSI: 0000000000149800 RDI: 0000200000000100
[  548.663975][T11707] RBP: 00007faa3dde7090 R08: 0000000000000000 R09: 0000000000000000
[  548.663986][T11707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.663997][T11707] R13: 0000000000000000 R14: 00007faa3d1b6080 R15: 00007fff05f28b38
[  548.664026][T11707]  </TASK>
[  548.865277][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.218509][ T5900] usb 1-1: SerialNumber: syz
[  549.313874][ T5900] usb 1-1: config 0 descriptor??
[  550.913607][T11723] evm: overlay not supported
[  551.419196][ T5900] usb 2-1: USB disconnect, device number 40
[  551.449866][T11376] veth0_vlan: entered promiscuous mode
[  551.511772][T11376] veth1_vlan: entered promiscuous mode
[  551.639489][T11376] veth0_macvtap: entered promiscuous mode
[  551.678698][T11376] veth1_macvtap: entered promiscuous mode
[  551.791297][T11376] batman_adv: batadv0: Interface activated: batadv_slave_0
[  551.866079][T11376] batman_adv: batadv0: Interface activated: batadv_slave_1
[  552.338473][T11376] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  552.412500][T11742] Cannot find set identified by id 0 to match
[  552.572889][T11376] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  552.735276][T11376] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  552.744092][T11376] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  553.049515][T10903] usb 1-1: USB disconnect, device number 42
[  553.227681][ T6469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.235553][ T6469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.340590][ T6469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.357674][ T6469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.362863][T11758] IPVS: stopping backup sync thread 11759 ...
[  553.365118][T11759] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 1, id = 0
[  554.788450][ T3533] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  554.978412][ T3533] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.140017][ T3533] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.274407][ T3533] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.457638][ T3533] bridge_slave_1: left allmulticast mode
[  555.468310][ T3533] bridge_slave_1: left promiscuous mode
[  555.478564][ T3533] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.490756][ T3533] bridge_slave_0: left allmulticast mode
[  555.497197][ T3533] bridge_slave_0: left promiscuous mode
[  555.503226][ T3533] bridge0: port 1(bridge_slave_0) entered disabled state
[  556.155960][ T3533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  556.169025][ T3533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.181371][ T3533] bond0 (unregistering): Released all slaves
[  556.689655][ T3533] hsr_slave_0: left promiscuous mode
[  556.696221][ T3533] hsr_slave_1: left promiscuous mode
[  556.708058][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  556.717959][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  556.729181][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  556.738431][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  556.770344][ T3533] veth1_macvtap: left promiscuous mode
[  556.775953][ T3533] veth0_macvtap: left promiscuous mode
[  556.784201][ T3533] veth1_vlan: left promiscuous mode
[  556.796559][ T3533] veth0_vlan: left promiscuous mode
[  557.824792][ T5830] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  557.859066][ T5886] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  557.879178][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  557.890257][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  557.913973][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  557.944676][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  557.961285][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  558.095350][ T5886] usb 3-1: Using ep0 maxpacket: 8
[  558.111223][ T5886] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  558.126585][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.156496][ T5886] usb 3-1: config 0 descriptor??
[  558.194465][ T5886] ums-jumpshot 3-1:0.0: USB Mass Storage device detected
[  558.232427][ T5886] ums-jumpshot 3-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  558.385463][ T5886] usb 3-1: USB disconnect, device number 37
[  558.454371][ T3533] team0 (unregistering): Port device team_slave_1 removed
[  558.511937][ T3533] team0 (unregistering): Port device team_slave_0 removed
[  559.660101][T11837] netlink: 64985 bytes leftover after parsing attributes in process `syz.1.1127'.
[  559.742824][T11857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1132'.
[  559.897101][T11850] lo speed is unknown, defaulting to 1000
[  560.133470][ T5827] Bluetooth: hci3: command tx timeout
[  561.342013][T10027] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  561.521247][T11898] Driver unsupported XDP return value 0 on prog  (id 255) dev N/A, expect packet loss!
[  561.533826][T10027] usb 1-1: Using ep0 maxpacket: 16
[  561.549655][T10027] usb 1-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc
[  561.573517][T10027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.608589][T10027] usb 1-1: Product: syz
[  561.625367][T10027] usb 1-1: Manufacturer: syz
[  561.642415][T10027] usb 1-1: SerialNumber: syz
[  561.662989][T10027] usb 1-1: config 0 descriptor??
[  561.682326][T10027] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  561.912755][T10027] usb 1-1: USB disconnect, device number 43
[  561.950630][ T5830] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  562.090678][T11912] dlm: no local IP address has been set
[  562.096411][T11912] dlm: cannot start dlm midcomms -107
[  562.357789][ T5827] Bluetooth: hci3: command tx timeout
[  562.434803][ T5830] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  562.515676][ T5830] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  562.588278][ T5830] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  562.644473][ T5830] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  562.688582][ T5830] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  562.725144][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.847764][T11924] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1148'.
[  563.982150][ T5830] ath6kl: Failed to submit usb control message: -110
[  563.988957][ T5830] ath6kl: unable to send the bmi data to the device: -110
[  564.011043][ T5830] ath6kl: Unable to send get target info: -110
[  564.041367][ T5830] ath6kl: Failed to init ath6kl core: -110
[  564.066520][ T5830] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -110
[  564.715534][ T5827] Bluetooth: hci3: command tx timeout
[  564.810305][ T5830] usb 3-1: USB disconnect, device number 38
[  565.113850][T11850] chnl_net:caif_netlink_parms(): no params data found
[  565.238234][T11940] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[11940]
[  565.663018][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  565.663037][   T30] audit: type=1326 audit(1751171563.003:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.788703][   T30] audit: type=1326 audit(1751171563.013:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.849150][   T30] audit: type=1326 audit(1751171563.153:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.872081][   T30] audit: type=1326 audit(1751171563.153:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.894887][   T30] audit: type=1326 audit(1751171563.153:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.917001][   T30] audit: type=1326 audit(1751171563.153:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.941634][   T30] audit: type=1326 audit(1751171563.153:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.963614][   T30] audit: type=1326 audit(1751171563.153:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  565.986179][   T30] audit: type=1326 audit(1751171563.153:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  566.066496][   T30] audit: type=1326 audit(1751171563.153:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11936 comm="syz.5.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  566.155223][T11850] bridge0: port 1(bridge_slave_0) entered blocking state
[  566.237813][ T5830] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  566.360321][T11850] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.367856][T11850] bridge_slave_0: entered allmulticast mode
[  566.379362][T11850] bridge_slave_0: entered promiscuous mode
[  566.388230][T11850] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.395522][T11850] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.402978][T11850] bridge_slave_1: entered allmulticast mode
[  566.410752][T11850] bridge_slave_1: entered promiscuous mode
[  566.433946][ T5830] usb 2-1: Using ep0 maxpacket: 8
[  566.448959][ T5830] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  566.472984][ T5830] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  566.479687][T11961] netlink: 1276 bytes leftover after parsing attributes in process `syz.2.1159'.
[  566.499274][ T5830] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  566.534521][T11850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  566.546134][ T5830] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  566.568260][T11850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  566.578473][ T5830] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  566.594060][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.812251][T11850] team0: Port device team_slave_0 added
[  566.842953][T11850] team0: Port device team_slave_1 added
[  566.870750][ T5830] usb 2-1: GET_CAPABILITIES returned 0
[  566.889746][ T5827] Bluetooth: hci3: command tx timeout
[  566.902094][ T5830] usbtmc 2-1:16.0: can't read capabilities
[  566.959512][T11964] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1160'.
[  567.107313][ T5936] usb 2-1: USB disconnect, device number 42
[  567.126723][T11850] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.133787][T11850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.166001][T11850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.195836][T11850] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.211945][T11850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.242709][ T5830] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  567.255333][T11850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  567.415430][T11850] hsr_slave_0: entered promiscuous mode
[  567.427693][ T5830] usb 1-1: not running at top speed; connect to a high speed hub
[  567.433211][T11850] hsr_slave_1: entered promiscuous mode
[  567.442867][T11850] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  567.447428][ T5830] usb 1-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  567.528037][ T5830] usb 1-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  567.530320][T11850] Cannot create hsr debugfs directory
[  567.552161][ T5830] usb 1-1: config 1 interface 0 has no altsetting 0
[  567.571479][ T5830] usb 1-1: New USB device found, idVendor=05ac, idProduct=0223, bcdDevice= 0.40
[  567.586390][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.605400][ T5830] usb 1-1: Product: 壿⹥轶䴲攋鋱撔⫟럖䮏
[  567.626467][ T5830] usb 1-1: Manufacturer: 窳鵫뭱㴓䈍ﺨ髛䯅鍊꣢㫁㿌光₽稩׉ﻣ
[  567.648953][ T5830] usb 1-1: SerialNumber: Љ
[  567.671431][T11964] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  568.705228][ T5830] usbhid 1-1:1.0: can't add hid device: -71
[  568.720503][ T5830] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  568.737395][ T5830] usb 1-1: USB disconnect, device number 44
[  569.512699][T11988] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1164'.
[  569.824591][T11999] ubi31: attaching mtd0
[  569.846706][T11999] ubi31: scanning is finished
[  569.851629][T11999] ubi31: empty MTD device detected
[  570.477085][T11999] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  570.484903][T11999] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  570.492287][T11999] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  570.499510][T11999] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  570.507062][T11999] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  570.513992][T11999] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  570.522101][T11999] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1195219868
[  570.532292][T11999] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  570.543963][T12005] ubi31: background thread "ubi_bgt31d" started, PID 12005
[  570.908218][T11850] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  570.949688][T11850] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  571.001173][T11850] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  571.041495][T11850] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  571.484980][T11850] 8021q: adding VLAN 0 to HW filter on device bond0
[  571.525350][T11850] 8021q: adding VLAN 0 to HW filter on device team0
[  571.545678][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.552941][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.562627][ T5821] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  571.580498][ T3509] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.587771][ T3509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.744593][ T5821] usb 6-1: Using ep0 maxpacket: 32
[  571.759719][ T5821] usb 6-1: config 0 has an invalid interface number: 25 but max is 0
[  571.771341][ T5821] usb 6-1: config 0 has no interface number 0
[  571.788148][ T5821] usb 6-1: config 0 interface 25 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  571.810577][ T5821] usb 6-1: config 0 interface 25 has no altsetting 0
[  571.822308][ T5821] usb 6-1: New USB device found, idVendor=04b4, idProduct=931d, bcdDevice=1d.e8
[  571.834796][ T5821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=18
[  571.846329][ T5821] usb 6-1: SerialNumber: syz
[  571.863741][ T5821] usb 6-1: config 0 descriptor??
[  571.878327][ T5821] usb 6-1: can't set first interface for hiFace device.
[  571.888662][ T5821] snd-usb-hiface 6-1:0.25: probe with driver snd-usb-hiface failed with error -5
[  572.084439][T11850] 8021q: adding VLAN 0 to HW filter on device batadv0
[  572.308799][ T5821] usb 6-1: USB disconnect, device number 2
[  572.382466][   T30] kauditd_printk_skb: 144 callbacks suppressed
[  572.382510][   T30] audit: type=1326 audit(1751171569.289:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12035 comm="syz.2.1173" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f728438e929 code=0x0
[  572.410292][    C1] vkms_vblank_simulate: vblank timer overrun
[  573.186670][T11850] veth0_vlan: entered promiscuous mode
[  573.235948][T11850] veth1_vlan: entered promiscuous mode
[  573.458184][T12053] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1174'.
[  573.997305][T11850] veth0_macvtap: entered promiscuous mode
[  574.017255][T11850] veth1_macvtap: entered promiscuous mode
[  574.149908][T11850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  574.307612][T11850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  574.370793][T11850] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  574.382781][   T30] audit: type=1326 audit(1751171571.169:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  574.405782][T11850] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  574.441301][T12076] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1178'.
[  574.448027][T11850] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  574.485292][T11850] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  574.488413][   T30] audit: type=1326 audit(1751171571.169:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  574.515727][    C1] vkms_vblank_simulate: vblank timer overrun
[  574.532476][   T30] audit: type=1326 audit(1751171571.169:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.305943][   T30] audit: type=1326 audit(1751171571.169:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.327947][   T30] audit: type=1326 audit(1751171571.169:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.350069][   T30] audit: type=1326 audit(1751171571.169:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.372467][   T30] audit: type=1326 audit(1751171571.169:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.395240][   T30] audit: type=1326 audit(1751171571.169:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.418150][   T30] audit: type=1326 audit(1751171571.169:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12074 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  575.439837][    C1] vkms_vblank_simulate: vblank timer overrun
[  575.454968][T12085] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1182'.
[  575.913084][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  575.932328][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  576.331693][ T6469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  576.622271][ T6469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.211446][ T5886] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  578.545125][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.592611][ T5886] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  578.658358][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.719917][ T5886] usb 6-1: config 0 descriptor??
[  578.841308][ T3533] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.932573][ T3533] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.957819][T12112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.967623][T12112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.026227][ T3533] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.156321][ T3533] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.642304][ T5886] usbhid 6-1:0.0: can't add hid device: -71
[  579.664503][ T5886] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  579.689042][ T5886] usb 6-1: USB disconnect, device number 3
[  579.815520][ T3533] bridge_slave_1: left allmulticast mode
[  579.821286][ T3533] bridge_slave_1: left promiscuous mode
[  579.852631][ T3533] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.881916][ T3533] bridge_slave_0: left allmulticast mode
[  579.887719][ T3533] bridge_slave_0: left promiscuous mode
[  579.904308][ T3533] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.443048][ T3533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  580.468393][ T3533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  580.483695][ T3533] bond0 (unregistering): Released all slaves
[  580.772758][T12158] FAULT_INJECTION: forcing a failure.
[  580.772758][T12158] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.822362][T12158] CPU: 0 UID: 0 PID: 12158 Comm: syz.1.1194 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  580.822391][T12158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  580.822402][T12158] Call Trace:
[  580.822410][T12158]  <TASK>
[  580.822418][T12158]  dump_stack_lvl+0x189/0x250
[  580.822449][T12158]  ? __pfx____ratelimit+0x10/0x10
[  580.822477][T12158]  ? __pfx_dump_stack_lvl+0x10/0x10
[  580.822500][T12158]  ? __pfx__printk+0x10/0x10
[  580.822532][T12158]  should_fail_ex+0x414/0x560
[  580.822558][T12158]  _copy_to_user+0x31/0xb0
[  580.822584][T12158]  simple_read_from_buffer+0xe1/0x170
[  580.822620][T12158]  proc_fail_nth_read+0x1df/0x250
[  580.822648][T12158]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  580.822672][T12158]  ? rw_verify_area+0x258/0x650
[  580.822690][T12158]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  580.822715][T12158]  vfs_read+0x1fd/0x980
[  580.822740][T12158]  ? __pfx___mutex_lock+0x10/0x10
[  580.822764][T12158]  ? __pfx_vfs_read+0x10/0x10
[  580.822785][T12158]  ? __fget_files+0x2a/0x420
[  580.822811][T12158]  ? __fget_files+0x3a0/0x420
[  580.822830][T12158]  ? __fget_files+0x2a/0x420
[  580.822861][T12158]  ksys_read+0x145/0x250
[  580.822883][T12158]  ? __pfx_ksys_read+0x10/0x10
[  580.822907][T12158]  ? do_syscall_64+0xbe/0x3b0
[  580.822934][T12158]  do_syscall_64+0xfa/0x3b0
[  580.822955][T12158]  ? lockdep_hardirqs_on+0x9c/0x150
[  580.822977][T12158]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.822994][T12158]  ? clear_bhb_loop+0x60/0xb0
[  580.823016][T12158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.823032][T12158] RIP: 0033:0x7fef2798d33c
[  580.823049][T12158] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  580.823064][T12158] RSP: 002b:00007fef257f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  580.823084][T12158] RAX: ffffffffffffffda RBX: 00007fef27bb5fa0 RCX: 00007fef2798d33c
[  580.823097][T12158] RDX: 000000000000000f RSI: 00007fef257f60a0 RDI: 0000000000000005
[  580.823108][T12158] RBP: 00007fef257f6090 R08: 0000000000000000 R09: 0000000000000000
[  580.823119][T12158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.823131][T12158] R13: 0000000000000000 R14: 00007fef27bb5fa0 R15: 00007ffdde920aa8
[  580.823159][T12158]  </TASK>
[  581.072562][T12161] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1196'.
[  581.855560][T12169] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1195'.
[  582.572920][ T5886] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  582.765342][ T5886] usb 1-1: device descriptor read/64, error -71
[  583.599184][ T5886] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  583.715534][T12189] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1201'.
[  583.737194][ T5139] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  583.747801][ T5139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  583.763319][ T5139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  583.784539][ T5139] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  583.809216][ T5139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  583.833817][ T3533] hsr_slave_0: left promiscuous mode
[  583.846612][ T5886] usb 1-1: device descriptor read/64, error -71
[  583.946272][ T3533] hsr_slave_1: left promiscuous mode
[  583.969017][ T5886] usb usb1-port1: attempt power cycle
[  584.007258][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  584.048586][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.211665][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  584.274530][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.429099][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  584.429194][   T30] audit: type=1326 audit(1751171580.551:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.434861][ T3533] veth1_macvtap: left promiscuous mode
[  584.443844][ T5886] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  584.459584][ T3533] veth0_macvtap: left promiscuous mode
[  584.474561][   T30] audit: type=1326 audit(1751171580.551:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.476401][ T3533] veth1_vlan: left promiscuous mode
[  584.518772][   T30] audit: type=1326 audit(1751171580.551:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.557224][   T30] audit: type=1326 audit(1751171580.551:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.557299][ T3533] veth0_vlan: left promiscuous mode
[  584.590816][ T5886] usb 1-1: device descriptor read/8, error -71
[  584.614406][   T30] audit: type=1326 audit(1751171580.551:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.640666][   T30] audit: type=1326 audit(1751171580.551:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.662833][   T30] audit: type=1326 audit(1751171580.551:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.685085][   T30] audit: type=1326 audit(1751171580.551:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.780180][   T30] audit: type=1326 audit(1751171580.551:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12178 comm="syz.5.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7faa3cf8e929 code=0x7ffc0000
[  584.873685][ T5886] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  584.904931][ T5886] usb 1-1: device descriptor read/8, error -71
[  585.025445][ T5886] usb usb1-port1: unable to enumerate USB device
[  585.875997][ T3533] team0 (unregistering): Port device team_slave_1 removed
[  585.927606][ T3533] team0 (unregistering): Port device team_slave_0 removed
[  586.148384][ T5139] Bluetooth: hci3: command tx timeout
[  586.490555][ T5139] Bluetooth: hci1: command 0x0406 tx timeout
[  586.593922][T12186] lo speed is unknown, defaulting to 1000
[  587.105777][ T5886] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  587.127989][T12217] pim6reg1: entered promiscuous mode
[  587.133345][T12217] pim6reg1: entered allmulticast mode
[  587.977460][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.002643][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  588.013151][ T5886] usb 3-1: New USB device found, idVendor=07c0, idProduct=1524, bcdDevice= 0.00
[  588.022484][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.035845][ T5886] usb 3-1: config 0 descriptor??
[  588.286737][ T5886] usb 3-1: USB disconnect, device number 39
[  588.328858][T12232] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1210'.
[  588.356533][ T5827] Bluetooth: hci3: command tx timeout
[  588.414351][T12186] chnl_net:caif_netlink_parms(): no params data found
[  588.543050][T12186] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.562566][T12186] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.569929][T12186] bridge_slave_0: entered allmulticast mode
[  588.578635][T12186] bridge_slave_0: entered promiscuous mode
[  588.588659][T12186] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.596349][T12186] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.604211][T12186] bridge_slave_1: entered allmulticast mode
[  588.612175][T12186] bridge_slave_1: entered promiscuous mode
[  588.673865][T12186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.702677][T12186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.773489][T12186] team0: Port device team_slave_0 added
[  588.792464][T12186] team0: Port device team_slave_1 added
[  588.949449][T12186] batman_adv: batadv0: Adding interface: batadv_slave_0
[  588.957849][T12186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.985742][T12186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.051767][T12246] /dev/nullb0: Can't open blockdev
[  589.083629][T12246] dlm: no local IP address has been set
[  589.089277][T12246] dlm: cannot start dlm midcomms -107
[  589.687021][T12186] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.705736][T12186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.767968][T12186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  590.581751][ T5827] Bluetooth: hci3: command tx timeout
[  590.931644][T12186] hsr_slave_0: entered promiscuous mode
[  590.944796][T12186] hsr_slave_1: entered promiscuous mode
[  590.982829][T12186] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  591.001828][T12186] Cannot create hsr debugfs directory
[  591.553186][ T5821] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  591.799281][ T5821] usb 6-1: Using ep0 maxpacket: 32
[  591.924182][ T5821] usb 6-1: config 0 has an invalid interface number: 54 but max is 0
[  591.947165][ T5821] usb 6-1: config 0 has no interface number 0
[  591.988941][ T5821] usb 6-1: config 0 interface 54 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  592.016202][ T5821] usb 6-1: config 0 interface 54 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  592.055466][ T5821] usb 6-1: config 0 interface 54 has no altsetting 0
[  592.092671][ T5821] usb 6-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  592.114436][ T5821] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.141199][   T30] audit: type=1326 audit(1751171843.770:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.165794][   T30] audit: type=1326 audit(1751171843.770:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.187576][   T30] audit: type=1326 audit(1751171843.770:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.196286][ T5821] usb 6-1: Product: syz
[  592.211148][   T30] audit: type=1326 audit(1751171843.770:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.249008][ T5821] usb 6-1: Manufacturer: syz
[  592.279006][   T30] audit: type=1326 audit(1751171843.770:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.285680][ T5821] usb 6-1: SerialNumber: syz
[  592.344104][   T30] audit: type=1326 audit(1751171843.770:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.366665][   T30] audit: type=1326 audit(1751171843.770:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.388414][ T5821] usb 6-1: config 0 descriptor??
[  592.388516][   T30] audit: type=1326 audit(1751171843.770:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.393560][   T30] audit: type=1326 audit(1751171843.770:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.415134][    C1] vkms_vblank_simulate: vblank timer overrun
[  592.445160][   T30] audit: type=1326 audit(1751171843.882:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12255 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff463b8e929 code=0x7ffc0000
[  592.497295][T12268] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  592.521044][T12268] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  592.820587][ T5827] Bluetooth: hci3: command tx timeout
[  592.864389][T12279] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1223'.
[  593.725667][T12287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1225'.
[  593.759469][T12287] netlink: 'syz.0.1225': attribute type 1 has an invalid length.
[  593.987873][ T5821] ums_eneub6250 6-1:0.54: USB Mass Storage device detected
[  594.042716][ T5821] scsi host1: usb-storage 6-1:0.54
[  594.140162][T12297] dlm: no local IP address has been set
[  594.145814][T12297] dlm: cannot start dlm midcomms -107
[  594.919449][ T5821] ums_eneub6250 6-1:0.54: probe with driver ums_eneub6250 failed with error 3
[  595.124753][T12299] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1227'.
[  595.134083][T12299] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1227'.
[  595.203704][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  595.210247][ T5821] usb 6-1: USB disconnect, device number 4
[  595.326838][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  595.354450][T12298] lo speed is unknown, defaulting to 1000
[  595.461817][T12186] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  595.490539][T12186] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  595.515287][T12186] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  595.525585][T12186] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  595.867243][ T5900] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  596.615045][T12186] 8021q: adding VLAN 0 to HW filter on device bond0
[  596.635449][ T5900] usb 3-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  596.728722][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.768028][ T5900] usb 3-1: Product: syz
[  596.773969][T12186] 8021q: adding VLAN 0 to HW filter on device team0
[  596.780789][ T5900] usb 3-1: Manufacturer: syz
[  596.785415][ T5900] usb 3-1: SerialNumber: syz
[  596.805374][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.812568][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  596.815825][ T5900] usb 3-1: config 0 descriptor??
[  596.877408][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.884599][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  597.298853][T12326] IPv6: addrconf: prefix option has invalid lifetime
[  597.362970][T12326] usb usb8: usbfs: process 12326 (syz.0.1234) did not claim interface 0 before use
[  597.780702][ T5900] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  598.026516][ T5900] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  598.036918][ T5900] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  598.069781][ T5900] asix 3-1:0.0: probe with driver asix failed with error -71
[  598.102886][ T5900] usb 3-1: USB disconnect, device number 40
[  598.775540][T12186] 8021q: adding VLAN 0 to HW filter on device batadv0
[  598.796054][T10903] usb 1-1: new full-speed USB device number 49 using dummy_hcd
[  599.107294][ T5886] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  599.994210][T10903] usb 1-1: config 0 has an invalid interface number: 115 but max is 0
[  600.004357][T10903] usb 1-1: config 0 has no interface number 0
[  600.042624][T10903] usb 1-1: config 0 interface 115 has no altsetting 0
[  600.080469][T10903] usb 1-1: New USB device found, idVendor=04cb, idProduct=0125, bcdDevice=c0.74
[  600.106096][T10903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.135448][T10903] usb 1-1: Product: syz
[  600.142642][T10903] usb 1-1: Manufacturer: syz
[  600.147355][T10903] usb 1-1: SerialNumber: syz
[  600.150071][ T5886] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  600.156461][T10903] usb 1-1: config 0 descriptor??
[  600.243253][ T5886] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  600.668520][ T5886] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  600.749045][ T5886] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  600.826919][ T5886] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  601.370982][ T5886] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  601.388511][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  601.396577][ T5886] usb 3-1: Product: syz
[  601.401515][ T5886] usb 3-1: Manufacturer: syz
[  601.420561][ T5886] cdc_wdm 3-1:1.0: skipping garbage
[  601.450320][ T5886] cdc_wdm 3-1:1.0: skipping garbage
[  601.474024][ T5886] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  601.497477][ T5886] cdc_wdm 3-1:1.0: Unknown control protocol
[  601.929905][T10903] gspca_main: finepix-2.14.0 probing 04cb:0125
[  601.964538][T10903] usb 1-1: USB disconnect, device number 49
[  601.988553][ T5886] usb 3-1: USB disconnect, device number 41
[  602.428983][T12186] veth0_vlan: entered promiscuous mode
[  602.477930][T12186] veth1_vlan: entered promiscuous mode
[  602.727510][T12186] veth0_macvtap: entered promiscuous mode
[  602.777565][T10027] libceph: connect (1)[c::]:6789 error -101
[  602.787173][T12186] veth1_macvtap: entered promiscuous mode
[  602.793208][T10027] libceph: mon0 (1)[c::]:6789 connect error
[  602.816627][T12186] batman_adv: batadv0: Interface activated: batadv_slave_0
[  602.831507][T12186] batman_adv: batadv0: Interface activated: batadv_slave_1
[  602.842454][  T976] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  602.867882][T12186] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  602.883323][T12388] ceph: No mds server is up or the cluster is laggy
[  602.923595][T12186] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  602.954661][T12186] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  602.979762][T12186] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  603.024131][  T976] usb 1-1: Using ep0 maxpacket: 32
[  603.063925][  T976] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.134302][  T976] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  603.173807][  T976] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  603.195994][  T976] usb 1-1: Product: syz
[  603.204018][  T976] usb 1-1: Manufacturer: syz
[  603.216543][  T976] usb 1-1: SerialNumber: syz
[  603.237432][  T976] usb 1-1: config 0 descriptor??
[  603.238342][ T6472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.251295][  T976] hub 1-1:0.0: bad descriptor, ignoring hub
[  603.259224][  T976] hub 1-1:0.0: probe with driver hub failed with error -5
[  603.272131][ T6472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.327036][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.343609][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.739787][ T3533] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.901189][  T976] usb 1-1: USB disconnect, device number 50
[  604.142293][T12403] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  604.177019][T12403] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  604.206943][T12403] netlink: 512 bytes leftover after parsing attributes in process `syz.5.1253'.
[  604.531874][ T3533] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.822987][ T3533] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.073881][ T3533] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.354597][ T3533] bridge_slave_1: left allmulticast mode
[  605.360316][ T3533] bridge_slave_1: left promiscuous mode
[  605.366204][ T3533] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.375368][ T3533] bridge_slave_0: left allmulticast mode
[  605.381486][ T3533] bridge_slave_0: left promiscuous mode
[  605.387341][ T3533] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.755607][ T3533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.786350][ T3533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.811517][ T3533] bond0 (unregistering): Released all slaves
[  606.245291][ T3533] hsr_slave_0: left promiscuous mode
[  606.251478][ T3533] hsr_slave_1: left promiscuous mode
[  606.269788][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  606.279034][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.294158][ T3533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  606.302950][ T3533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  606.336062][ T3533] veth1_macvtap: left promiscuous mode
[  606.341794][ T3533] veth0_macvtap: left promiscuous mode
[  606.353707][ T3533] veth1_vlan: left promiscuous mode
[  606.359119][ T3533] veth0_vlan: left promiscuous mode
[  606.778078][T12419] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  607.910333][ T5139] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  607.926386][ T5139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  607.935422][ T5139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  607.948948][ T5139] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  607.958799][ T5139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  608.353098][ T3533] team0 (unregistering): Port device team_slave_1 removed
[  608.426472][ T3533] team0 (unregistering): Port device team_slave_0 removed
[  608.588922][T12435] i2c i2c-0: Invalid block write size 34
[  608.601263][T12435] netlink: 'syz.2.1262': attribute type 1 has an invalid length.
[  608.964187][T12411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1256'.
[  609.021923][T12411] netlink: 'syz.1.1256': attribute type 30 has an invalid length.
[  609.079810][T12435] 8021q: adding VLAN 0 to HW filter on device bond1
[  609.120780][T12411] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  609.129353][T12411] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  609.137547][T12411] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  609.145976][T12411] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  609.291230][T12411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1256'.
[  609.446977][T12445] dlm: no local IP address has been set
[  609.452706][T12445] dlm: cannot start dlm midcomms -107
[  609.892538][T12429] lo speed is unknown, defaulting to 1000
[  609.903512][T12411] netlink: 'syz.1.1256': attribute type 30 has an invalid length.
[  610.170592][ T5827] Bluetooth: hci3: command tx timeout
[  610.179475][T12453] binder_alloc: 12451: binder_alloc_buf, no vma
[  610.198047][T12452] vlan3: entered promiscuous mode
[  610.203171][T12452] bridge0: entered promiscuous mode
[  610.264775][T12452] vlan3: entered allmulticast mode
[  610.270332][T12452] bridge0: entered allmulticast mode
[  610.341517][T12457] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  611.829626][T12479] FAULT_INJECTION: forcing a failure.
[  611.829626][T12479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.847371][T12479] CPU: 1 UID: 0 PID: 12479 Comm: syz.2.1273 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  611.847408][T12479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.847421][T12479] Call Trace:
[  611.847429][T12479]  <TASK>
[  611.847438][T12479]  dump_stack_lvl+0x189/0x250
[  611.847473][T12479]  ? __pfx____ratelimit+0x10/0x10
[  611.847497][T12479]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.847521][T12479]  ? __pfx__printk+0x10/0x10
[  611.847555][T12479]  should_fail_ex+0x414/0x560
[  611.847581][T12479]  _copy_from_user+0x2d/0xb0
[  611.847606][T12479]  bpf_test_init+0xf8/0x170
[  611.847636][T12479]  bpf_prog_test_run_xdp+0x37c/0x1000
[  611.847671][T12479]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  611.847696][T12479]  ? __fget_files+0x2a/0x420
[  611.847724][T12479]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  611.847745][T12479]  bpf_prog_test_run+0x2c7/0x340
[  611.847772][T12479]  __sys_bpf+0x4a4/0x860
[  611.847796][T12479]  ? __pfx___sys_bpf+0x10/0x10
[  611.847831][T12479]  ? ksys_write+0x22a/0x250
[  611.847854][T12479]  ? __pfx_ksys_write+0x10/0x10
[  611.847871][T12479]  ? rcu_is_watching+0x15/0xb0
[  611.847903][T12479]  __x64_sys_bpf+0x7c/0x90
[  611.847924][T12479]  do_syscall_64+0xfa/0x3b0
[  611.847947][T12479]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.847970][T12479]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.847988][T12479]  ? clear_bhb_loop+0x60/0xb0
[  611.848010][T12479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.848027][T12479] RIP: 0033:0x7f728438e929
[  611.848044][T12479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.848060][T12479] RSP: 002b:00007f72851a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  611.848081][T12479] RAX: ffffffffffffffda RBX: 00007f72845b5fa0 RCX: 00007f728438e929
[  611.848094][T12479] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a
[  611.848105][T12479] RBP: 00007f72851a4090 R08: 0000000000000000 R09: 0000000000000000
[  611.848118][T12479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.848129][T12479] R13: 0000000000000000 R14: 00007f72845b5fa0 R15: 00007ffdfca24938
[  611.848159][T12479]  </TASK>
[  612.282863][T12429] chnl_net:caif_netlink_parms(): no params data found
[  612.399892][ T5827] Bluetooth: hci3: command tx timeout
[  612.440552][T12429] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.449923][T12429] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.457395][T12429] bridge_slave_0: entered allmulticast mode
[  612.473036][T12429] bridge_slave_0: entered promiscuous mode
[  612.484919][T12429] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.498028][T12429] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.505645][T12429] bridge_slave_1: entered allmulticast mode
[  612.517012][T12429] bridge_slave_1: entered promiscuous mode
[  612.587892][T12429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.607910][T12429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.674074][ T5900] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  612.685717][T12429] team0: Port device team_slave_0 added
[  612.696989][T12429] team0: Port device team_slave_1 added
[  612.727511][T12429] batman_adv: batadv0: Adding interface: batadv_slave_0
[  612.734671][T12429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.762345][T12429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  612.791682][T12429] batman_adv: batadv0: Adding interface: batadv_slave_1
[  612.799621][T12429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.860627][T12497] dlm: no local IP address has been set
[  612.866287][T12497] dlm: cannot start dlm midcomms -107
[  612.882129][T12429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.311050][ T5900] usb 2-1: Using ep0 maxpacket: 8
[  613.318506][T12429] hsr_slave_0: entered promiscuous mode
[  613.334940][T12429] hsr_slave_1: entered promiscuous mode
[  613.341683][ T5900] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  613.345185][T12501] netlink: 'syz.5.1278': attribute type 23 has an invalid length.
[  613.360010][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.361031][T12429] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  613.383747][T12501] netlink: 244 bytes leftover after parsing attributes in process `syz.5.1278'.
[  613.393017][T12429] Cannot create hsr debugfs directory
[  613.413586][T12501] binder: 12500:12501 ioctl c0306201 200000000480 returned -14
[  613.507297][ T5900] pvrusb2: Hardware description: Terratec Grabster AV400
[  613.514602][ T5900] pvrusb2: **********
[  613.518986][ T5900] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  613.548102][ T5900] pvrusb2: Important functionality might not be entirely working.
[  613.568403][ T5900] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  613.589321][ T5900] pvrusb2: **********
[  613.831335][ T5830] kernel write not supported for file /sg0 (pid: 5830 comm: kworker/1:3)
[  614.175918][ T2341] pvrusb2: Invalid write control endpoint
[  614.268414][ T2341] pvrusb2: Invalid write control endpoint
[  614.291634][ T2341] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  614.310113][T12487] netlink: 'syz.1.1275': attribute type 1 has an invalid length.
[  614.433530][ T2341] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  614.447966][ T2341] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  614.462802][T12487] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1275'.
[  614.466854][ T2341] pvrusb2: Device being rendered inoperable
[  614.683188][T12520] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.711482][T12520] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.747136][ T5827] Bluetooth: hci3: command tx timeout
[  615.088945][T12520] netlink: 512 bytes leftover after parsing attributes in process `syz.0.1283'.
[  615.117990][T12508] pvrusb2: Attempted to execute control transfer when device not ok
[  615.135254][ T2341] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  615.151581][ T2341] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[  615.187296][ T2341] pvrusb2: Attached sub-driver cx25840
[  615.210672][ T5900] usb 2-1: USB disconnect, device number 43
[  615.217498][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  615.217518][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  615.698960][T12528] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  615.752211][T12528] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  615.812913][T12528] netlink: 512 bytes leftover after parsing attributes in process `syz.5.1284'.
[  616.024281][ T5830] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  616.137230][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  616.137248][   T30] audit: type=1326 audit(1751171866.220:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12531 comm="syz.2.1287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f728438e929 code=0x0
[  616.231753][ T5830] usb 1-1: Using ep0 maxpacket: 16
[  616.261274][ T5830] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  616.269505][ T5830] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.327561][ T5830] usb 1-1: config 0 has no interface number 0
[  616.338522][T12534] set match dimension is over the limit!
[  616.513612][ T5830] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  616.527845][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.536133][ T5830] usb 1-1: Product: syz
[  616.540911][ T5830] usb 1-1: Manufacturer: syz
[  616.545672][ T5830] usb 1-1: SerialNumber: syz
[  617.134258][   T30] audit: type=1326 audit(1751171867.155:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12535 comm="syz.5.1289" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faa3cf8e929 code=0x0
[  617.135546][ T5827] Bluetooth: hci3: command tx timeout
[  617.170622][ T5830] usb 1-1: config 0 descriptor??
[  617.179705][ T5830] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[  617.187055][ T5830] usb 1-1: No valid video chain found.
[  617.196056][T12429] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  617.215024][T12429] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  617.228288][T12429] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  617.238428][T12429] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  617.334626][T12429] 8021q: adding VLAN 0 to HW filter on device bond0
[  617.380407][T12429] 8021q: adding VLAN 0 to HW filter on device team0
[  617.405866][ T6472] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.413191][ T6472] bridge0: port 1(bridge_slave_0) entered forwarding state
[  617.441345][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[  617.448704][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  617.559305][ T5830] usb 1-1: USB disconnect, device number 51
[  617.747556][T12552] dlm: no local IP address has been set
[  617.753347][T12552] dlm: cannot start dlm midcomms -107
[  618.264507][T12429] 8021q: adding VLAN 0 to HW filter on device batadv0
[  618.469913][T12563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  619.239348][T12563] x_tables: duplicate underflow at hook 2
[  619.915556][T12578] ceph: No mds server is up or the cluster is laggy
[  622.628725][T12595] netlink: 'syz.2.1298': attribute type 4 has an invalid length.
[  622.707227][T12596] netlink: 'syz.2.1298': attribute type 4 has an invalid length.
[  623.979398][ T5936] lo speed is unknown, defaulting to 1000
[  624.085929][ T5936] lo speed is unknown, defaulting to 1000
[  624.092132][ T5830] lo speed is unknown, defaulting to 1000
[  624.871028][T12429] veth0_vlan: entered promiscuous mode
[  625.231973][T12613] dlm: no local IP address has been set
[  625.237601][T12613] dlm: cannot start dlm midcomms -107
[  625.809571][T12429] veth1_vlan: entered promiscuous mode
[  627.158826][T12429] veth0_macvtap: entered promiscuous mode
[  627.725561][T12429] veth1_macvtap: entered promiscuous mode
[  627.750177][T12429] batman_adv: batadv0: Interface activated: batadv_slave_0
[  627.762739][T12429] batman_adv: batadv0: Interface activated: batadv_slave_1
[  627.780456][T12429] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  628.154020][T12429] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  628.198974][T12429] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  628.228656][T12429] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.270130][T12658] ceph: No mds server is up or the cluster is laggy
[  629.702896][T12671] dlm: no local IP address has been set
[  629.708652][T12671] dlm: cannot start dlm midcomms -107
[  631.099762][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.141030][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.200152][ T3509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.318513][ T3509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  633.349005][ T1091] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  633.744907][T12710] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  633.792258][T12710] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  633.850811][T12710] netlink: 512 bytes leftover after parsing attributes in process `syz.2.1324'.
[  634.362700][ T1091] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.627179][ T1091] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.770449][ T1091] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.893106][ T1091] bridge_slave_1: left allmulticast mode
[  634.898802][ T1091] bridge_slave_1: left promiscuous mode
[  634.904749][ T1091] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.913840][ T1091] bridge_slave_0: left allmulticast mode
[  634.919913][ T1091] bridge_slave_0: left promiscuous mode
[  634.927112][ T1091] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.285071][ T1091] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  635.295845][ T1091] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  635.306701][ T1091] bond0 (unregistering): Released all slaves
[  635.677202][ T1091] hsr_slave_0: left promiscuous mode
[  635.683121][ T1091] hsr_slave_1: left promiscuous mode
[  635.689952][ T1091] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  635.697641][ T1091] batman_adv: batadv0: Removing interface: batadv_slave_0
[  635.706193][ T1091] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  635.713711][ T1091] batman_adv: batadv0: Removing interface: batadv_slave_1
[  635.734929][ T1091] veth1_macvtap: left promiscuous mode
[  635.741094][ T1091] veth0_macvtap: left promiscuous mode
[  635.746834][ T1091] veth1_vlan: left promiscuous mode
[  635.753189][ T1091] veth0_vlan: left promiscuous mode
[  636.252482][ T1091] team0 (unregistering): Port device team_slave_1 removed
[  636.300687][ T1091] team0 (unregistering): Port device team_slave_0 removed
[  638.017742][T12733] new mount options do not match the existing superblock, will be ignored
[  638.474726][ T5139] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  638.487428][ T5139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  638.497292][ T5139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  638.508365][ T5139] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  638.547577][ T5139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  638.806413][T12730] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  638.954182][T12734] lo speed is unknown, defaulting to 1000
[  639.163016][T12750] FAULT_INJECTION: forcing a failure.
[  639.163016][T12750] name failslab, interval 1, probability 0, space 0, times 0
[  639.182589][T12750] CPU: 0 UID: 0 PID: 12750 Comm: syz.2.1332 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  639.182611][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  639.182618][T12750] Call Trace:
[  639.182624][T12750]  <TASK>
[  639.182629][T12750]  dump_stack_lvl+0x189/0x250
[  639.182649][T12750]  ? __pfx____ratelimit+0x10/0x10
[  639.182663][T12750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  639.182677][T12750]  ? __pfx__printk+0x10/0x10
[  639.182690][T12750]  ? __pfx___might_resched+0x10/0x10
[  639.182703][T12750]  ? fs_reclaim_acquire+0x7d/0x100
[  639.182725][T12750]  should_fail_ex+0x414/0x560
[  639.182740][T12750]  should_failslab+0xa8/0x100
[  639.182754][T12750]  kmem_cache_alloc_noprof+0x73/0x3c0
[  639.182765][T12750]  ? getname_flags+0xb8/0x540
[  639.182782][T12750]  getname_flags+0xb8/0x540
[  639.182797][T12750]  path_removexattrat+0x151/0x690
[  639.182809][T12750]  ? __pfx_path_removexattrat+0x10/0x10
[  639.182817][T12750]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  639.182832][T12750]  ? __pfx_vfs_write+0x10/0x10
[  639.182861][T12750]  ? __pfx_ksys_write+0x10/0x10
[  639.182872][T12750]  ? __secure_computing+0xe2/0x2a0
[  639.182889][T12750]  __x64_sys_removexattr+0x62/0x70
[  639.182904][T12750]  do_syscall_64+0xfa/0x3b0
[  639.182918][T12750]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.182931][T12750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.182941][T12750]  ? clear_bhb_loop+0x60/0xb0
[  639.182953][T12750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.182963][T12750] RIP: 0033:0x7f728438e929
[  639.182973][T12750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.182982][T12750] RSP: 002b:00007f72851a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[  639.182994][T12750] RAX: ffffffffffffffda RBX: 00007f72845b5fa0 RCX: 00007f728438e929
[  639.183002][T12750] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000200000000200
[  639.183008][T12750] RBP: 00007f72851a4090 R08: 0000000000000000 R09: 0000000000000000
[  639.183015][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.183021][T12750] R13: 0000000000000000 R14: 00007f72845b5fa0 R15: 00007ffdfca24938
[  639.183037][T12750]  </TASK>
[  640.281597][T12734] chnl_net:caif_netlink_parms(): no params data found
[  640.363345][T12766] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1335'.
[  640.785175][ T5827] Bluetooth: hci3: command tx timeout
[  641.581588][T12734] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.632166][T12734] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.641521][T12734] bridge_slave_0: entered allmulticast mode
[  641.649815][T12734] bridge_slave_0: entered promiscuous mode
[  641.682009][T12734] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.689122][T12734] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.705792][T12734] bridge_slave_1: entered allmulticast mode
[  641.713704][T12734] bridge_slave_1: entered promiscuous mode
[  641.878167][T12734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  641.890063][T12734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.983685][T12734] team0: Port device team_slave_0 added
[  642.006914][T12734] team0: Port device team_slave_1 added
[  642.040681][T12734] batman_adv: batadv0: Adding interface: batadv_slave_0
[  642.047899][T12734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  642.074619][T12734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  642.088732][T12734] batman_adv: batadv0: Adding interface: batadv_slave_1
[  642.095858][T12734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  642.122522][T12734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.191575][T12734] hsr_slave_0: entered promiscuous mode
[  642.198679][T12734] hsr_slave_1: entered promiscuous mode
[  642.206370][T12734] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  642.214144][T12734] Cannot create hsr debugfs directory
[  642.277065][T12790] cgroup: fork rejected by pids controller in /syz5
[  643.049200][ T5827] Bluetooth: hci3: command tx timeout
[  644.103323][ T6469] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.233685][ T5827] Bluetooth: hci3: command tx timeout
[  645.263647][ T5139] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  645.315430][ T5139] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  645.320437][ T6469] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.334403][ T5139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  645.344302][ T5139] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  645.353377][ T5139] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  645.485552][T12828] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1349'.
[  645.764097][ T6469] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  645.881203][T12860] FAULT_INJECTION: forcing a failure.
[  645.881203][T12860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.023209][T12860] CPU: 0 UID: 0 PID: 12860 Comm: syz.1.1350 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  646.023238][T12860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.023250][T12860] Call Trace:
[  646.023258][T12860]  <TASK>
[  646.023267][T12860]  dump_stack_lvl+0x189/0x250
[  646.023295][T12860]  ? __pfx____ratelimit+0x10/0x10
[  646.023319][T12860]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.023343][T12860]  ? __pfx__printk+0x10/0x10
[  646.023362][T12860]  ? __might_fault+0xb0/0x130
[  646.023396][T12860]  should_fail_ex+0x414/0x560
[  646.023422][T12860]  _copy_from_user+0x2d/0xb0
[  646.023447][T12860]  kstrtouint_from_user+0xc4/0x170
[  646.023472][T12860]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  646.023512][T12860]  proc_fail_nth_write+0x88/0x240
[  646.023536][T12860]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  646.023565][T12860]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  646.023590][T12860]  vfs_write+0x27b/0xa90
[  646.023619][T12860]  ? __pfx_vfs_write+0x10/0x10
[  646.023641][T12860]  ? __fget_files+0x2a/0x420
[  646.023668][T12860]  ? __fget_files+0x3a0/0x420
[  646.023688][T12860]  ? __fget_files+0x2a/0x420
[  646.023719][T12860]  ksys_write+0x145/0x250
[  646.023737][T12860]  ? __fget_files+0x3a0/0x420
[  646.023760][T12860]  ? __pfx_ksys_write+0x10/0x10
[  646.023788][T12860]  ? do_syscall_64+0xbe/0x3b0
[  646.023816][T12860]  do_syscall_64+0xfa/0x3b0
[  646.023841][T12860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.023856][T12860]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  646.023874][T12860]  ? clear_bhb_loop+0x60/0xb0
[  646.023896][T12860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.023913][T12860] RIP: 0033:0x7fef2798d3df
[  646.023930][T12860] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  646.023945][T12860] RSP: 002b:00007fef257f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  646.023979][T12860] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef2798d3df
[  646.023992][T12860] RDX: 0000000000000001 RSI: 00007fef257f60a0 RDI: 0000000000000004
[  646.024004][T12860] RBP: 00007fef257f6090 R08: 0000000000000000 R09: 0000000000000000
[  646.024016][T12860] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  646.024027][T12860] R13: 0000000000000000 R14: 00007fef27bb5fa0 R15: 00007ffdde920aa8
[  646.024057][T12860]  </TASK>
[  646.354324][T12822] lo speed is unknown, defaulting to 1000
[  646.573938][ T6469] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.211744][   T30] audit: type=1326 audit(1751171895.292:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12871 comm="syz.2.1354" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f728438e929 code=0x0
[  647.407776][T12878] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1355'.
[  647.434115][T12878] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1355'.
[  647.454546][ T5139] Bluetooth: hci3: command tx timeout
[  647.595335][ T5139] Bluetooth: hci1: command tx timeout
[  648.018184][   T30] audit: type=1326 audit(1751171896.040:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12877 comm="syz.1.1355" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef2798e929 code=0x0
[  648.175816][ T6469] bridge_slave_1: left allmulticast mode
[  648.210577][ T6469] bridge_slave_1: left promiscuous mode
[  648.241806][ T6469] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.271152][ T6469] bridge_slave_0: left allmulticast mode
[  648.276915][ T6469] bridge_slave_0: left promiscuous mode
[  648.319352][ T6469] bridge0: port 1(bridge_slave_0) entered disabled state
[  649.133835][T12903] fuse: Bad value for 'fd'
[  650.100679][ T5139] Bluetooth: hci1: command tx timeout
[  650.109687][T12915] FAULT_INJECTION: forcing a failure.
[  650.109687][T12915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.192478][T12915] CPU: 0 UID: 0 PID: 12915 Comm: syz.2.1363 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  650.192497][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  650.192504][T12915] Call Trace:
[  650.192509][T12915]  <TASK>
[  650.192516][T12915]  dump_stack_lvl+0x189/0x250
[  650.192536][T12915]  ? __pfx____ratelimit+0x10/0x10
[  650.192550][T12915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.192564][T12915]  ? __pfx__printk+0x10/0x10
[  650.192574][T12915]  ? __might_fault+0xb0/0x130
[  650.192593][T12915]  should_fail_ex+0x414/0x560
[  650.192608][T12915]  _copy_from_user+0x2d/0xb0
[  650.192624][T12915]  __sys_bpf+0x1ed/0x860
[  650.192638][T12915]  ? __pfx___sys_bpf+0x10/0x10
[  650.192656][T12915]  ? ksys_write+0x22a/0x250
[  650.192672][T12915]  ? __pfx_ksys_write+0x10/0x10
[  650.192681][T12915]  ? rcu_is_watching+0x15/0xb0
[  650.192700][T12915]  __x64_sys_bpf+0x7c/0x90
[  650.192711][T12915]  do_syscall_64+0xfa/0x3b0
[  650.192725][T12915]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.192738][T12915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.192748][T12915]  ? clear_bhb_loop+0x60/0xb0
[  650.192760][T12915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.192769][T12915] RIP: 0033:0x7f728438e929
[  650.192780][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.192788][T12915] RSP: 002b:00007f72851a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  650.192800][T12915] RAX: ffffffffffffffda RBX: 00007f72845b5fa0 RCX: 00007f728438e929
[  650.192807][T12915] RDX: 000000000000000f RSI: 0000200000000080 RDI: 000000000000000a
[  650.192814][T12915] RBP: 00007f72851a4090 R08: 0000000000000000 R09: 0000000000000000
[  650.192820][T12915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.192826][T12915] R13: 0000000000000000 R14: 00007f72845b5fa0 R15: 00007ffdfca24938
[  650.192842][T12915]  </TASK>
[  650.793933][ T6469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  650.808549][ T6469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  650.819257][ T6469] bond0 (unregistering): Released all slaves
[  650.890250][T12921] netlink: 666 bytes leftover after parsing attributes in process `syz.0.1365'.
[  650.935909][T12734] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  651.295486][T12734] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  651.910480][T12734] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  652.257012][T12734] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  652.329395][ T5139] Bluetooth: hci1: command tx timeout
[  652.649462][   T30] audit: type=1326 audit(1751171900.371:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  652.816771][   T30] audit: type=1326 audit(1751171900.371:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  652.848460][   T30] audit: type=1326 audit(1751171900.371:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  652.881704][   T30] audit: type=1326 audit(1751171900.371:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  652.925843][   T30] audit: type=1326 audit(1751171900.371:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  652.997437][   T30] audit: type=1326 audit(1751171900.371:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  653.025778][   T30] audit: type=1326 audit(1751171900.371:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  653.050491][   T30] audit: type=1326 audit(1751171900.371:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  653.072680][ T6469] hsr_slave_0: left promiscuous mode
[  653.085154][   T30] audit: type=1326 audit(1751171900.371:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  653.110636][ T6469] hsr_slave_1: left promiscuous mode
[  653.110789][   T30] audit: type=1326 audit(1751171900.371:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12948 comm="syz.1.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2798e929 code=0x7ffc0000
[  653.141680][ T5886] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  653.160431][ T6469] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  653.168874][ T6469] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.183741][ T6469] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  653.192380][ T6469] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.231781][ T6469] veth1_macvtap: left promiscuous mode
[  653.237467][ T6469] veth0_macvtap: left promiscuous mode
[  653.247362][ T6469] veth1_vlan: left promiscuous mode
[  653.253531][ T6469] veth0_vlan: left promiscuous mode
[  653.304287][ T5886] usb 2-1: Using ep0 maxpacket: 8
[  653.476450][ T5886] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  653.516388][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.524446][ T5886] usb 2-1: Product: syz
[  653.547555][ T5886] usb 2-1: Manufacturer: syz
[  653.570405][ T5886] usb 2-1: SerialNumber: syz
[  653.616689][ T5886] usb 2-1: config 0 descriptor??
[  653.677026][ T5886] gspca_main: sq930x-2.14.0 probing 2770:930c
[  654.342704][T12952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.356145][T12952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.563747][ T5139] Bluetooth: hci1: command tx timeout
[  654.962216][ T5886] gspca_sq930x: ucbus_write failed -110
[  655.205317][ T5886] gspca_sq930x: Sensor ov9630 not yet treated
[  655.220997][ T5886] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[  655.253937][T10027] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  655.264170][ T5886] usb 2-1: USB disconnect, device number 44
[  655.295672][ T6469] team0 (unregistering): Port device team_slave_1 removed
[  655.351473][ T6469] team0 (unregistering): Port device team_slave_0 removed
[  655.447070][T10027] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.473235][T10027] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  655.483882][T10027] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  655.507745][T10027] usb 1-1: New USB device found, idVendor=1532, idProduct=011d, bcdDevice= 0.00
[  655.516990][T10027] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.528579][T10027] usb 1-1: config 0 descriptor??
[  656.249699][T10027] hid-rmi 0003:1532:011D.000E: unknown main item tag 0x0
[  656.268109][T10027] hid-rmi 0003:1532:011D.000E: unknown main item tag 0x2
[  656.275540][T10027] hid-rmi 0003:1532:011D.000E: item fetching failed at offset 3/4
[  656.284336][T10027] hid-rmi 0003:1532:011D.000E: parse failed
[  656.291809][T10027] hid-rmi 0003:1532:011D.000E: probe with driver hid-rmi failed with error -22
[  657.876390][T12822] chnl_net:caif_netlink_parms(): no params data found
[  657.951802][ T5886] usb 1-1: USB disconnect, device number 52
[  658.097326][T12734] 8021q: adding VLAN 0 to HW filter on device bond0
[  658.887380][T12998] No such timeout policy "syz0"
[  659.787839][T12822] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.798600][T12822] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.808417][T12822] bridge_slave_0: entered allmulticast mode
[  660.901653][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  660.908060][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  660.919893][T12822] bridge_slave_0: entered promiscuous mode
[  660.937729][T12822] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.945505][T12822] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.286031][T12822] bridge_slave_1: entered allmulticast mode
[  661.318103][T13004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1387'.
[  661.321954][T12822] bridge_slave_1: entered promiscuous mode
[  661.413829][T12822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.442300][T12734] 8021q: adding VLAN 0 to HW filter on device team0
[  661.454198][T12822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.603906][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.611131][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  661.671875][T12822] team0: Port device team_slave_0 added
[  661.711001][T12822] team0: Port device team_slave_1 added
[  661.895817][T12822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  661.926181][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.000968][T12822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  662.026337][T13019] cgroup: fork rejected by pids controller in /syz2
[  662.063103][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  662.070311][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  662.117654][T12822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  662.132419][T12822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.235286][T12822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  662.714698][T13029] netlink: 'syz.0.1393': attribute type 1 has an invalid length.
[  662.814777][T13029] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.1393'.
[  663.105998][T12822] hsr_slave_0: entered promiscuous mode
[  663.127260][T12822] hsr_slave_1: entered promiscuous mode
[  663.140621][T12822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  663.159137][T12822] Cannot create hsr debugfs directory
[  663.495748][ T6414] syz_tun (unregistering): left allmulticast mode
[  663.502469][ T6414] syz_tun (unregistering): left promiscuous mode
[  663.508886][ T6414] bridge0: port 3(syz_tun) entered disabled state
[  664.489707][   T43] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.764630][   T43] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.952346][T12734] 8021q: adding VLAN 0 to HW filter on device batadv0
[  665.075197][   T43] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.259873][   T43] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.293203][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  665.304017][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  665.318394][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  665.326558][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  665.336742][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  665.517321][T13059] lo speed is unknown, defaulting to 1000
[  665.956014][T13067] new mount options do not match the existing superblock, will be ignored
[  666.439045][   T43] bridge_slave_1: left allmulticast mode
[  666.461855][   T43] bridge_slave_1: left promiscuous mode
[  666.487471][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.535449][   T43] bridge_slave_0: left allmulticast mode
[  666.542116][   T43] bridge_slave_0: left promiscuous mode
[  666.548350][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.025210][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  667.038095][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  667.053439][   T43] bond0 (unregistering): Released all slaves
[  667.174834][   T43] bond1 (unregistering): Released all slaves
[  667.299193][   T43] : left promiscuous mode
[  667.377118][T12822] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  667.454505][T12822] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  667.472769][T12822] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  667.486209][T12822] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  667.520701][T12734] veth0_vlan: entered promiscuous mode
[  667.557863][ T5139] Bluetooth: hci4: command tx timeout
[  667.665590][T12734] veth1_vlan: entered promiscuous mode
[  667.703158][ T5936] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  667.824503][T13059] chnl_net:caif_netlink_parms(): no params data found
[  667.844398][   T43] hsr_slave_0: left promiscuous mode
[  667.850342][   T43] hsr_slave_1: left promiscuous mode
[  667.857024][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  667.870322][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  667.878492][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  667.888262][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  667.894845][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  667.899778][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  667.919624][ T5936] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  667.929117][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.937141][ T5936] usb 1-1: Product: syz
[  667.940010][   T43] veth1_macvtap: left promiscuous mode
[  667.942035][ T5936] usb 1-1: Manufacturer: syz
[  667.947146][   T43] veth0_macvtap: left promiscuous mode
[  667.951953][ T5936] usb 1-1: SerialNumber: syz
[  667.962785][   T43] veth1_vlan: left promiscuous mode
[  667.968225][   T43] veth0_vlan: left promiscuous mode
[  667.976390][ T5936] usb 1-1: config 0 descriptor??
[  667.996896][ T5936] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  668.015167][ T5936] usb 1-1: No valid video chain found.
[  668.230574][T12635] usb 1-1: USB disconnect, device number 53
[  669.353505][   T43] team0 (unregistering): Port device team_slave_1 removed
[  669.408982][   T43] team0 (unregistering): Port device team_slave_0 removed
[  669.541054][ T5936] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  669.722982][ T5936] usb 2-1: Using ep0 maxpacket: 16
[  669.734369][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  669.754132][ T5936] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  669.763486][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.774058][ T5936] usb 2-1: Product: syz
[  669.778461][ T5936] usb 2-1: Manufacturer: syz
[  669.780038][ T5139] Bluetooth: hci4: command tx timeout
[  669.783167][ T5936] usb 2-1: SerialNumber: syz
[  669.826435][ T5936] usb 2-1: config 0 descriptor??
[  669.849648][ T5936] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  669.870207][ T5936] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  670.086037][T12852] smc: removing ib device syz2
[  670.203489][ T5910] lo speed is unknown, defaulting to 1000
[  670.220376][ T5910] syz2: Port: 1 Link DOWN
[  670.332565][T12734] veth0_macvtap: entered promiscuous mode
[  670.498307][ T5936] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  670.588146][T12734] veth1_macvtap: entered promiscuous mode
[  670.708454][T13059] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.717288][T13059] bridge0: port 1(bridge_slave_0) entered disabled state
[  670.724534][T13059] bridge_slave_0: entered allmulticast mode
[  670.761326][T13059] bridge_slave_0: entered promiscuous mode
[  670.804552][T13059] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.857515][T13059] bridge0: port 2(bridge_slave_1) entered disabled state
[  670.867839][T13059] bridge_slave_1: entered allmulticast mode
[  670.883216][T13059] bridge_slave_1: entered promiscuous mode
[  670.900230][T12734] batman_adv: batadv0: Interface activated: batadv_slave_0
[  670.989982][T12734] batman_adv: batadv0: Interface activated: batadv_slave_1
[  671.078216][T13059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  671.093058][T12734] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.111231][T12734] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.120681][T12734] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.130260][T12734] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.173064][ T5936] em28xx 2-1:0.0: board has no eeprom
[  671.182964][T13059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  671.203048][T12822] 8021q: adding VLAN 0 to HW filter on device bond0
[  671.377986][T13059] team0: Port device team_slave_0 added
[  671.417778][T13059] team0: Port device team_slave_1 added
[  671.546375][T13059] batman_adv: batadv0: Adding interface: batadv_slave_0
[  671.556361][T13059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.589524][T13059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  671.625167][T13059] batman_adv: batadv0: Adding interface: batadv_slave_1
[  671.640006][T13059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.673230][T13059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  671.800982][T12822] 8021q: adding VLAN 0 to HW filter on device team0
[  671.860346][T12850] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.867579][T12850] bridge0: port 1(bridge_slave_0) entered forwarding state
[  672.000233][ T5139] Bluetooth: hci4: command tx timeout
[  672.136914][T13059] hsr_slave_0: entered promiscuous mode
[  672.235403][T13059] hsr_slave_1: entered promiscuous mode
[  672.262296][T13059] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  672.281877][T13059] Cannot create hsr debugfs directory
[  672.355003][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.370241][T13109] FAULT_INJECTION: forcing a failure.
[  672.370241][T13109] name failslab, interval 1, probability 0, space 0, times 0
[  672.395391][T13109] CPU: 0 UID: 0 PID: 13109 Comm: syz.0.1409 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  672.395417][T13109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  672.395427][T13109] Call Trace:
[  672.395435][T13109]  <TASK>
[  672.395443][T13109]  dump_stack_lvl+0x189/0x250
[  672.395473][T13109]  ? __pfx____ratelimit+0x10/0x10
[  672.395497][T13109]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.395520][T13109]  ? __pfx__printk+0x10/0x10
[  672.395545][T13109]  ? ref_tracker_alloc+0x318/0x460
[  672.395569][T13109]  should_fail_ex+0x414/0x560
[  672.395595][T13109]  should_failslab+0xa8/0x100
[  672.395618][T13109]  kmem_cache_alloc_noprof+0x73/0x3c0
[  672.395638][T13109]  ? skb_clone+0x212/0x3a0
[  672.395664][T13109]  skb_clone+0x212/0x3a0
[  672.395688][T13109]  __netlink_deliver_tap+0x404/0x850
[  672.395721][T13109]  ? netlink_deliver_tap+0x2e/0x1b0
[  672.395741][T13109]  netlink_deliver_tap+0x19c/0x1b0
[  672.395762][T13109]  netlink_unicast+0x72f/0x8d0
[  672.395799][T13109]  netlink_sendmsg+0x805/0xb30
[  672.395827][T13109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.395855][T13109]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  672.395875][T13109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.395895][T13109]  __sock_sendmsg+0x21c/0x270
[  672.395923][T13109]  ____sys_sendmsg+0x505/0x830
[  672.395950][T13109]  ? __pfx_____sys_sendmsg+0x10/0x10
[  672.395981][T13109]  ? import_iovec+0x74/0xa0
[  672.396009][T13109]  ___sys_sendmsg+0x21f/0x2a0
[  672.396031][T13109]  ? __pfx____sys_sendmsg+0x10/0x10
[  672.396087][T13109]  ? __fget_files+0x2a/0x420
[  672.396116][T13109]  ? __fget_files+0x3a0/0x420
[  672.396149][T13109]  __x64_sys_sendmsg+0x19b/0x260
[  672.396172][T13109]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  672.396203][T13109]  ? __pfx_ksys_write+0x10/0x10
[  672.396221][T13109]  ? rcu_is_watching+0x15/0xb0
[  672.396250][T13109]  ? do_syscall_64+0xbe/0x3b0
[  672.396277][T13109]  do_syscall_64+0xfa/0x3b0
[  672.396303][T13109]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.396326][T13109]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.396343][T13109]  ? clear_bhb_loop+0x60/0xb0
[  672.396364][T13109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.396379][T13109] RIP: 0033:0x7ff463b8e929
[  672.396395][T13109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.396411][T13109] RSP: 002b:00007ff464aa0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  672.396431][T13109] RAX: ffffffffffffffda RBX: 00007ff463db6160 RCX: 00007ff463b8e929
[  672.396445][T13109] RDX: 0000000000000010 RSI: 00002000000003c0 RDI: 0000000000000006
[  672.396458][T13109] RBP: 00007ff464aa0090 R08: 0000000000000000 R09: 0000000000000000
[  672.396469][T13109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  672.396481][T13109] R13: 0000000000000000 R14: 00007ff463db6160 R15: 00007ffe029e69f8
[  672.396511][T13109]  </TASK>
[  672.401380][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  672.694937][ T5936] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  672.712739][ T5936] em28xx 2-1:0.0: dvb set to bulk mode.
[  672.737492][ T5886] em28xx 2-1:0.0: Binding DVB extension
[  672.886493][ T5936] usb 2-1: USB disconnect, device number 45
[  672.941463][ T5886] em28xx 2-1:0.0: Registering input extension
[  672.952007][ T5936] em28xx 2-1:0.0: Disconnecting em28xx
[  672.957535][ T5936] em28xx 2-1:0.0: Closing input extension
[  673.011065][ T5936] em28xx 2-1:0.0: Freeing device
[  673.034637][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state
[  673.041874][ T5966] bridge0: port 2(bridge_slave_1) entered forwarding state
[  673.186697][T12854] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.194586][T12854] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.783512][T13118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1412'.
[  673.967916][ T5910] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  674.355160][T13126] new mount options do not match the existing superblock, will be ignored
[  674.459219][ T5139] Bluetooth: hci4: command tx timeout
[  674.732979][ T5910] usb 1-1: config index 0 descriptor too short (expected 255, got 18)
[  674.743443][ T5910] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  674.763814][ T5910] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  674.789386][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.872101][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  674.905025][ T5910] usb 1-1: Product: syz
[  674.909966][ T5910] usb 1-1: Manufacturer: syz
[  674.914602][ T5910] usb 1-1: SerialNumber: syz
[  674.924265][ T5910] usb 1-1: config 0 descriptor??
[  674.994943][T12822] 8021q: adding VLAN 0 to HW filter on device batadv0
[  675.048530][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  675.166609][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  675.200478][ T5830] usb 1-1: USB disconnect, device number 54
[  675.259768][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  675.334985][T13059] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  675.361491][T13059] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  675.381790][T13059] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  675.420004][T13059] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  675.489076][   T13] bridge_slave_1: left allmulticast mode
[  675.494765][   T13] bridge_slave_1: left promiscuous mode
[  675.500888][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  675.510539][   T13] bridge_slave_0: left allmulticast mode
[  675.516204][   T13] bridge_slave_0: left promiscuous mode
[  675.523146][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  675.896125][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  675.906875][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  675.916893][   T13] bond0 (unregistering): Released all slaves
[  675.961273][T12822] veth0_vlan: entered promiscuous mode
[  675.995721][T12822] veth1_vlan: entered promiscuous mode
[  676.098095][T12822] veth0_macvtap: entered promiscuous mode
[  676.109626][T12822] veth1_macvtap: entered promiscuous mode
[  676.176768][T13059] 8021q: adding VLAN 0 to HW filter on device bond0
[  676.189296][T12822] batman_adv: batadv0: Interface activated: batadv_slave_0
[  676.226963][   T13] hsr_slave_0: left promiscuous mode
[  676.232856][   T13] hsr_slave_1: left promiscuous mode
[  676.239801][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  676.249183][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  676.257813][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  676.265238][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  676.288331][   T13] veth1_macvtap: left promiscuous mode
[  676.293874][   T13] veth0_macvtap: left promiscuous mode
[  676.300087][   T13] veth1_vlan: left promiscuous mode
[  676.305371][   T13] veth0_vlan: left promiscuous mode
[  676.771611][   T13] team0 (unregistering): Port device team_slave_1 removed
[  676.825346][   T13] team0 (unregistering): Port device team_slave_0 removed
[  678.668736][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  678.679779][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  678.688899][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  678.697344][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  678.705199][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  678.737077][T12822] batman_adv: batadv0: Interface activated: batadv_slave_1
[  678.752425][T12822] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  678.761460][T12822] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  678.770345][T12822] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  678.779150][T12822] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  678.796325][T13145] dummy0: left allmulticast mode
[  678.805332][T13145] dummy0: left promiscuous mode
[  678.815503][T13145] bridge0: port 3(dummy0) entered disabled state
[  678.838000][T13145] bridge_slave_0: left allmulticast mode
[  678.844067][T13145] bridge_slave_0: left promiscuous mode
[  678.849863][T13145] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.859910][T13145] bridge_slave_1: left allmulticast mode
[  678.867229][T13145] bridge_slave_1: left promiscuous mode
[  678.873014][T13145] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.889738][T13145] bond0: (slave bond_slave_0): Releasing backup interface
[  678.901743][T13145] bond0: (slave bond_slave_1): Releasing backup interface
[  678.926508][T13145] team0: Port device team_slave_0 removed
[  678.943229][T13145] team0: Port device team_slave_1 removed
[  678.951059][T13145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  678.958631][T13145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  678.967857][T13145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  678.975382][T13145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  678.988156][T13145] ip6gretap1: left allmulticast mode
[  678.994726][T13145] ip6gretap1: left promiscuous mode
[  679.000160][T13145] bridge2: port 1(ip6gretap1) entered disabled state
[  679.029482][T13148] 8021q: adding VLAN 0 to HW filter on device bond0
[  679.038974][T13148] bond0: (slave ipip0): The slave device specified does not support setting the MAC address
[  679.050204][T13148] bond0: (slave ipip0): Error -95 calling set_mac_address
[  679.102804][T13059] 8021q: adding VLAN 0 to HW filter on device team0
[  679.189143][T12850] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.196369][T12850] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.293950][T12850] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.301096][T12850] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.364514][T12850] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.395839][T12850] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.825660][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.968821][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.715022][T13153] chnl_net:caif_netlink_parms(): no params data found
[  680.748426][T13158] ./file0: Can't lookup blockdev
[  680.895935][ T5827] Bluetooth: hci3: command tx timeout
[  681.309624][T13185] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  681.338096][T13185] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  681.366923][T13185] netlink: 512 bytes leftover after parsing attributes in process `syz.5.1420'.
[  682.119149][T13189] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  682.163329][T13189] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  682.212892][T13189] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1421'.
[  682.653085][T13153] bridge0: port 1(bridge_slave_0) entered blocking state
[  682.663406][T13153] bridge0: port 1(bridge_slave_0) entered disabled state
[  682.696051][T13153] bridge_slave_0: entered allmulticast mode
[  682.730044][T13153] bridge_slave_0: entered promiscuous mode
[  682.820303][T13153] bridge0: port 2(bridge_slave_1) entered blocking state
[  682.851558][T13153] bridge0: port 2(bridge_slave_1) entered disabled state
[  682.890765][T13153] bridge_slave_1: entered allmulticast mode
[  682.912161][T13153] bridge_slave_1: entered promiscuous mode
[  683.077908][T13153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  683.127975][ T5827] Bluetooth: hci3: command tx timeout
[  683.131647][T13153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  684.067202][T13059] 8021q: adding VLAN 0 to HW filter on device batadv0
[  684.091570][T13153] team0: Port device team_slave_0 added
[  684.110764][T13153] team0: Port device team_slave_1 added
[  684.258499][T13200] FAULT_INJECTION: forcing a failure.
[  684.258499][T13200] name failslab, interval 1, probability 0, space 0, times 0
[  684.315102][T13200] CPU: 1 UID: 0 PID: 13200 Comm: syz.1.1423 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  684.315128][T13200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  684.315139][T13200] Call Trace:
[  684.315146][T13200]  <TASK>
[  684.315154][T13200]  dump_stack_lvl+0x189/0x250
[  684.315184][T13200]  ? __pfx____ratelimit+0x10/0x10
[  684.315207][T13200]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.315235][T13200]  ? __pfx__printk+0x10/0x10
[  684.315257][T13200]  ? __pfx___might_resched+0x10/0x10
[  684.315282][T13200]  ? fs_reclaim_acquire+0x7d/0x100
[  684.315307][T13200]  should_fail_ex+0x414/0x560
[  684.315331][T13200]  should_failslab+0xa8/0x100
[  684.315353][T13200]  __kmalloc_noprof+0xcb/0x4f0
[  684.315370][T13200]  ? kfree+0x4d/0x440
[  684.315385][T13200]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  684.315412][T13200]  tomoyo_realpath_from_path+0xe3/0x5d0
[  684.315437][T13200]  ? tomoyo_domain+0xda/0x130
[  684.315466][T13200]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  684.315486][T13200]  tomoyo_path_number_perm+0x1e8/0x5a0
[  684.315510][T13200]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  684.315548][T13200]  ? __lock_acquire+0xab9/0xd20
[  684.315593][T13200]  ? __fget_files+0x2a/0x420
[  684.315617][T13200]  ? __fget_files+0x2a/0x420
[  684.315635][T13200]  ? __fget_files+0x3a0/0x420
[  684.315655][T13200]  ? __fget_files+0x2a/0x420
[  684.315678][T13200]  security_file_ioctl+0xcb/0x2d0
[  684.315702][T13200]  __se_sys_ioctl+0x47/0x170
[  684.315721][T13200]  do_syscall_64+0xfa/0x3b0
[  684.315741][T13200]  ? lockdep_hardirqs_on+0x9c/0x150
[  684.315763][T13200]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.315781][T13200]  ? clear_bhb_loop+0x60/0xb0
[  684.315801][T13200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.315816][T13200] RIP: 0033:0x7fef2798e929
[  684.315832][T13200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.315847][T13200] RSP: 002b:00007fef257b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  684.315865][T13200] RAX: ffffffffffffffda RBX: 00007fef27bb6160 RCX: 00007fef2798e929
[  684.315878][T13200] RDX: 0000200000000140 RSI: 00000000c040563d RDI: 0000000000000008
[  684.315889][T13200] RBP: 00007fef257b4090 R08: 0000000000000000 R09: 0000000000000000
[  684.315900][T13200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.315910][T13200] R13: 0000000000000000 R14: 00007fef27bb6160 R15: 00007ffdde920aa8
[  684.315938][T13200]  </TASK>
[  684.559188][    C1] vkms_vblank_simulate: vblank timer overrun
[  684.586766][T13153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  684.593834][T13153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  684.619855][T13153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  684.632966][T13153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  684.640073][T13153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  684.667373][T13153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  684.680879][T13200] ERROR: Out of memory at tomoyo_realpath_from_path.
[  684.920110][T13153] hsr_slave_0: entered promiscuous mode
[  684.927282][T13153] hsr_slave_1: entered promiscuous mode
[  684.933919][T13153] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  684.957312][T13153] Cannot create hsr debugfs directory
[  684.968335][T13059] veth0_vlan: entered promiscuous mode
[  685.341866][ T5827] Bluetooth: hci3: command tx timeout
[  685.461363][T13059] veth1_vlan: entered promiscuous mode
[  685.751828][T13059] veth0_macvtap: entered promiscuous mode
[  685.900894][T13059] veth1_macvtap: entered promiscuous mode
[  685.943133][T13059] batman_adv: batadv0: Interface activated: batadv_slave_0
[  685.989089][T13059] batman_adv: batadv0: Interface activated: batadv_slave_1
[  686.012365][T13059] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  686.030222][T13059] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  686.042410][T13059] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  686.053247][T13059] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  686.143532][ T5936] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  686.269736][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.289467][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.309992][ T5936] usb 1-1: config 0 has an invalid interface number: 98 but max is 0
[  686.318348][ T5936] usb 1-1: config 0 has no interface number 0
[  686.324984][ T5936] usb 1-1: config 0 interface 98 has no altsetting 0
[  686.335497][ T5936] usb 1-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  686.349858][ T6469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.369494][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.374288][T13153] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  686.377514][ T5936] usb 1-1: Product: syz
[  686.377533][ T5936] usb 1-1: Manufacturer: syz
[  686.393501][ T6469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.403024][T13153] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  686.406062][ T5936] usb 1-1: SerialNumber: syz
[  686.420280][T13153] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  686.439160][T13153] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  686.439466][ T5936] usb 1-1: config 0 descriptor??
[  686.635098][T13153] 8021q: adding VLAN 0 to HW filter on device bond0
[  686.663715][T13153] 8021q: adding VLAN 0 to HW filter on device team0
[  686.685070][ T5936] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  686.686840][T12852] bridge0: port 1(bridge_slave_0) entered blocking state
[  686.702440][T12852] bridge0: port 1(bridge_slave_0) entered forwarding state
[  686.759309][ T6469] bridge0: port 2(bridge_slave_1) entered blocking state
[  686.766438][ T6469] bridge0: port 2(bridge_slave_1) entered forwarding state
[  687.311769][T13235] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1434'.
[  687.333642][T13235] ip6gretap0: entered promiscuous mode
[  687.342294][T13235] ip6gretap0: left promiscuous mode
[  687.447296][T13234] Process accounting resumed
[  687.568484][ T5827] Bluetooth: hci3: command tx timeout
[  687.737405][ T5936] usb 1-1: reset high-speed USB device number 55 using dummy_hcd
[  688.623678][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  688.733702][T13153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  688.809006][   T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  688.826376][   T24] usb 6-1: config 0 has no interface number 0
[  689.176376][   T24] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  689.207680][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.219453][   T24] usb 6-1: Product: syz
[  689.226585][   T24] usb 6-1: Manufacturer: syz
[  689.231441][   T24] usb 6-1: SerialNumber: syz
[  689.363151][   T24] usb 6-1: config 0 descriptor??
[  689.412703][ T5936] usb 1-1: failed to restore interface 98 altsetting 4 (error=-71)
[  689.539302][ T5936] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[  689.733159][ T5936] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  689.807980][T10027] usb 1-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  689.832108][   T24] dvb_usb_ec168 6-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  689.854705][ T5936] usb 1-1: USB disconnect, device number 55
[  689.862459][T10027] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  689.886224][   T24] usb 6-1: USB disconnect, device number 5
[  689.917010][T10027] ------------[ cut here ]------------
[  689.923553][T10027] WARNING: CPU: 1 PID: 10027 at fs/kernfs/dir.c:537 kernfs_get+0x72/0x90
[  689.932614][T10027] Modules linked in:
[  689.937179][T10027] CPU: 1 UID: 0 PID: 10027 Comm: kworker/1:5 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  689.949650][T10027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  689.960011][T10027] Workqueue: events request_firmware_work_func
[  689.966192][T10027] RIP: 0010:kernfs_get+0x72/0x90
[  689.971372][T10027] Code: e8 73 f2 64 ff 48 89 df be 04 00 00 00 e8 b6 4d c6 ff f0 ff 03 eb 05 e8 5c f2 64 ff 5b 5d e9 45 57 07 09 cc e8 4f f2 64 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 b5
[  689.991347][T10027] RSP: 0018:ffffc9000429f5e0 EFLAGS: 00010293
[  689.997497][T10027] RAX: ffffffff825b5b21 RBX: ffff88805ec3b960 RCX: ffff888026e29e00
[  690.005504][T10027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  690.013975][T10027] RBP: 0000000000000000 R08: ffff88805ec3b963 R09: 1ffff1100bd8772c
[  690.021952][T10027] R10: dffffc0000000000 R11: ffffed100bd8772d R12: ffff8880799b6128
[  690.030278][T10027] R13: 1ffff1100f336c26 R14: ffff8880799b6130 R15: 1ffff1100f336c25
[  690.038444][T10027] FS:  0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  690.047520][T10027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  690.054161][T10027] CR2: 00007fef286e56c0 CR3: 000000000df38000 CR4: 00000000003526f0
[  690.062191][T10027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  690.070236][T10027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  690.078285][T10027] Call Trace:
[  690.081585][T10027]  <TASK>
[  690.084542][T10027]  kobject_add_internal+0x632/0xb40
[  690.089864][T10027]  kobject_add+0x155/0x220
[  690.094382][T10027]  ? __pfx_kobject_add+0x10/0x10
[  690.099437][T10027]  ? kobject_init+0x83/0x1e0
[  690.104064][T10027]  get_device_parent+0x316/0x3a0
[  690.109056][T10027]  device_add+0x2e1/0xb50
[  690.113480][T10027]  firmware_fallback_sysfs+0x2e4/0x9b0
[  690.119647][T10027]  _request_firmware+0xf83/0x15b0
[  690.125314][T10027]  ? __pfx__request_firmware+0x10/0x10
[  690.130827][T10027]  ? process_scheduled_works+0x9ef/0x17b0
[  690.137084][T10027]  request_firmware_work_func+0xaf/0x1c0
[  690.142794][T10027]  ? process_scheduled_works+0x9ef/0x17b0
[  690.148546][T10027]  process_scheduled_works+0xade/0x17b0
[  690.154180][T10027]  ? __pfx_process_scheduled_works+0x10/0x10
[  690.160202][T10027]  worker_thread+0x8a0/0xda0
[  690.164879][T10027]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  690.171241][T10027]  ? __kthread_parkme+0x7b/0x200
[  690.176248][T10027]  kthread+0x70e/0x8a0
[  690.180342][T10027]  ? __pfx_worker_thread+0x10/0x10
[  690.185504][T10027]  ? __pfx_kthread+0x10/0x10
[  690.190112][T10027]  ? _raw_spin_unlock_irq+0x23/0x50
[  690.195383][T10027]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.200600][T10027]  ? __pfx_kthread+0x10/0x10
[  690.205213][T10027]  ret_from_fork+0x3fc/0x770
[  690.209868][T10027]  ? __pfx_ret_from_fork+0x10/0x10
[  690.215007][T10027]  ? __switch_to_asm+0x39/0x70
[  690.220165][T10027]  ? __switch_to_asm+0x33/0x70
[  690.224944][T10027]  ? __pfx_kthread+0x10/0x10
[  690.230287][T10027]  ret_from_fork_asm+0x1a/0x30
[  690.235089][T10027]  </TASK>
[  690.238633][T10027] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  690.245930][T10027] CPU: 1 UID: 0 PID: 10027 Comm: kworker/1:5 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  690.258094][T10027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.268177][T10027] Workqueue: events request_firmware_work_func
[  690.274368][T10027] Call Trace:
[  690.277659][T10027]  <TASK>
[  690.280600][T10027]  dump_stack_lvl+0x99/0x250
[  690.285219][T10027]  ? __asan_memcpy+0x40/0x70
[  690.289829][T10027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  690.295068][T10027]  ? __pfx__printk+0x10/0x10
[  690.299678][T10027]  panic+0x2db/0x790
[  690.303588][T10027]  ? __pfx_panic+0x10/0x10
[  690.308010][T10027]  ? show_trace_log_lvl+0x4fb/0x550
[  690.313222][T10027]  ? ret_from_fork_asm+0x1a/0x30
[  690.318169][T10027]  __warn+0x31b/0x4b0
[  690.322146][T10027]  ? kernfs_get+0x72/0x90
[  690.326476][T10027]  ? kernfs_get+0x72/0x90
[  690.330803][T10027]  report_bug+0x2be/0x4f0
[  690.335131][T10027]  ? kernfs_get+0x72/0x90
[  690.339459][T10027]  ? kernfs_get+0x72/0x90
[  690.343785][T10027]  ? kernfs_get+0x74/0x90
[  690.348113][T10027]  handle_bug+0x84/0x160
[  690.352356][T10027]  exc_invalid_op+0x1a/0x50
[  690.356916][T10027]  asm_exc_invalid_op+0x1a/0x20
[  690.361803][T10027] RIP: 0010:kernfs_get+0x72/0x90
[  690.366755][T10027] Code: e8 73 f2 64 ff 48 89 df be 04 00 00 00 e8 b6 4d c6 ff f0 ff 03 eb 05 e8 5c f2 64 ff 5b 5d e9 45 57 07 09 cc e8 4f f2 64 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 b5
[  690.386362][T10027] RSP: 0018:ffffc9000429f5e0 EFLAGS: 00010293
[  690.392432][T10027] RAX: ffffffff825b5b21 RBX: ffff88805ec3b960 RCX: ffff888026e29e00
[  690.400400][T10027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  690.408363][T10027] RBP: 0000000000000000 R08: ffff88805ec3b963 R09: 1ffff1100bd8772c
[  690.416329][T10027] R10: dffffc0000000000 R11: ffffed100bd8772d R12: ffff8880799b6128
[  690.424299][T10027] R13: 1ffff1100f336c26 R14: ffff8880799b6130 R15: 1ffff1100f336c25
[  690.432274][T10027]  ? kernfs_get+0x71/0x90
[  690.436611][T10027]  kobject_add_internal+0x632/0xb40
[  690.441820][T10027]  kobject_add+0x155/0x220
[  690.446241][T10027]  ? __pfx_kobject_add+0x10/0x10
[  690.451186][T10027]  ? kobject_init+0x83/0x1e0
[  690.455790][T10027]  get_device_parent+0x316/0x3a0
[  690.460736][T10027]  device_add+0x2e1/0xb50
[  690.465074][T10027]  firmware_fallback_sysfs+0x2e4/0x9b0
[  690.470542][T10027]  _request_firmware+0xf83/0x15b0
[  690.475582][T10027]  ? __pfx__request_firmware+0x10/0x10
[  690.481042][T10027]  ? process_scheduled_works+0x9ef/0x17b0
[  690.486784][T10027]  request_firmware_work_func+0xaf/0x1c0
[  690.492447][T10027]  ? process_scheduled_works+0x9ef/0x17b0
[  690.498176][T10027]  process_scheduled_works+0xade/0x17b0
[  690.503749][T10027]  ? __pfx_process_scheduled_works+0x10/0x10
[  690.509747][T10027]  worker_thread+0x8a0/0xda0
[  690.514340][T10027]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  690.520671][T10027]  ? __kthread_parkme+0x7b/0x200
[  690.525615][T10027]  kthread+0x70e/0x8a0
[  690.529681][T10027]  ? __pfx_worker_thread+0x10/0x10
[  690.534789][T10027]  ? __pfx_kthread+0x10/0x10
[  690.539377][T10027]  ? _raw_spin_unlock_irq+0x23/0x50
[  690.544571][T10027]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.549767][T10027]  ? __pfx_kthread+0x10/0x10
[  690.554354][T10027]  ret_from_fork+0x3fc/0x770
[  690.558951][T10027]  ? __pfx_ret_from_fork+0x10/0x10
[  690.564067][T10027]  ? __switch_to_asm+0x39/0x70
[  690.568824][T10027]  ? __switch_to_asm+0x33/0x70
[  690.573582][T10027]  ? __pfx_kthread+0x10/0x10
[  690.578170][T10027]  ret_from_fork_asm+0x1a/0x30
[  690.582941][T10027]  </TASK>
[  690.586240][T10027] Kernel Offset: disabled
[  690.590562][T10027] Rebooting in 86400 seconds..