last executing test programs:

20m9.253297983s ago: executing program 3 (id=61):
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x1a1040, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
bind$ax25(r0, &(0x7f0000000380)={{0x3, @default, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000280)={0x1, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x1, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
pread64(r7, &(0x7f00000000c0)=""/30, 0x1e, 0x800000000004)
r8 = dup(r0)
getsockname$packet(r8, 0x0, &(0x7f0000000080))
getsockopt$inet_pktinfo(r8, 0x0, 0x8, &(0x7f00000000c0)={<r9=>0x0, @private}, &(0x7f0000000100)=0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x15, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="5cdbf1916575c0fff0ffffff", @ANYRES32=r8, @ANYBLOB="0000000000000000bf9d0600100000009a59f0ff01000000a715e0fffcffffff18400000f9ffffff0000000000000000"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x1, '\x00', r9, @sk_reuseport=0x27, r8, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8, 0x1, &(0x7f0000000140)=[r8, 0xffffffffffffffff], &(0x7f0000000180)=[{0x2, 0x5, 0xf, 0x9}], 0x10, 0xfffffffd}, 0x94)

20m7.995313937s ago: executing program 3 (id=64):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x103800)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0xeb86, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)

20m6.362181403s ago: executing program 3 (id=67):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000003000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40006}, 0x50)

20m5.913775071s ago: executing program 3 (id=70):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r3=>0x0}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x50)
r5 = socket(0x2c, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r6, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000140), &(0x7f0000000080)=@udp=r5}, 0x20)
close_range(r3, 0xffffffffffffffff, 0x0)

20m4.805423034s ago: executing program 3 (id=75):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0x24}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

20m4.025550756s ago: executing program 3 (id=78):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3ff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000002280)={0x9, 0x3, 0x1})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058560f, &(0x7f0000000a40)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68ab0498"}, 0x0, 0x1, {0x0}})
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
mkdir(&(0x7f00000002c0)='./file1\x00', 0x149)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'})
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
read$FUSE(r1, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101081, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x7}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x0, 0xfffffffc}, &(0x7f0000000440)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
syz_open_dev$sg(0x0, 0x0, 0x802)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5)

19m48.638949476s ago: executing program 32 (id=78):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3ff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000002280)={0x9, 0x3, 0x1})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058560f, &(0x7f0000000a40)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68ab0498"}, 0x0, 0x1, {0x0}})
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
mkdir(&(0x7f00000002c0)='./file1\x00', 0x149)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'})
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
read$FUSE(r1, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101081, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x7}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x0, 0xfffffffc}, &(0x7f0000000440)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
syz_open_dev$sg(0x0, 0x0, 0x802)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5)

30.371447636s ago: executing program 5 (id=2953):
r0 = syz_usb_connect(0x5, 0x11e, &(0x7f0000000a80)={{0x12, 0x1, 0x141, 0x77, 0x79, 0x2f, 0x20, 0x1a86, 0x7522, 0x6ae2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10c, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x23, 0x7, 0x2, 0x6a, 0x1e, 0x14, 0x0, [@generic={0xe1, 0xb, "ac76a046bca33c81a1be6e44c929d14bb252c8f7554573a8bf68ba1eee63f252abf226c17f6b7aac73367b7998a81ba3038c6fbe7a0d4fda0603492a9f14334d0a342bde2ea08867afbe7129871b534bb6a15e40e2896ddfce4c64405d0109bf25ee01749adebe08a88ffc284ff7ffaeba5afd8402731dfb9beb3cc0f7788026058193d208af150cb8105c239f837b264f473098accb83b2a7c74ae12636a9df86ab0690eff32c2f6d6f60a257250b9a66d97634580568325ce22114a7a64b17c262ee36ced4fbccd6b32e274ea882db0049de8f7684f2740249974f664fa0"}], [{{0x9, 0x5, 0x6, 0x2, 0x10, 0xd, 0x0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x4}]}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe7339a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = semget(0x1, 0x4, 0x39c)
semop(r1, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1)
semop(r1, &(0x7f0000000040)=[{0x1, 0xbbdd, 0x1000}], 0x1)
semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000140)=[0x6, 0x7fff])
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000540)=ANY=[@ANYBLOB="200b19"], 0x0, 0x0})
syz_usb_disconnect(r0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000400)={0x20, 0x3, 0xcb, {0xcb, 0xa, "86d2ed67a3bc8274564dffa5adf8a8194a63521affbefbd5c38fc5fbf012a69e68f1cea3c5e33fa4347a269dcb72d31eaf6a11be1cd7e1ad037d89b0bdebca072b139a37a8f90a6310863f52d5a2bae3fa284e1b839916e6355e7d7ca57e950749513a72de20fd70a33aa5f22791a0711459848c578de12f906c6cdcfe54130bdd5d29499079a5f9165b79bc3aa9d00bf6b205dcf5664fbf7e3e2546063a2f88a5a2615d0e8c4be057cb138547eac0732d0d43ccba33b03f5f8780a5add2540d09bc1d69c4a523f3f4"}}, &(0x7f0000000040)=ANY=[@ANYBLOB="00032600000026036e66043b5d412df83f8d9e468a97a559f64eb5fe08a64981cc0991c965a95c7e0f181b5a"]}, &(0x7f00000007c0)={0x44, &(0x7f0000000580)={0x0, 0x17, 0xa2, "a942ed7465008b539b258405999f0bbb5099143d053f0cbb2ccd166f04103e0805c556ab1b22c7250a374d3bad9651940e0a110f72597f29a30f18789cd103a24fe908d1cc65dad336d1abc2694d814517623db0bd888c2959db75b4c9f02290c6312e935104cc27f2edc8057ec3ed3c092972dfbdb8f14b354bbc8825b4612d9bb3bc44142daf8aaaab1b6462922c77e254b66b235864b646987b76124714a89012"}, &(0x7f0000000200)={0x0, 0xa, 0x1}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000340)=ANY=[@ANYBLOB="2081010e000020"], &(0x7f0000000500)={0x20, 0x82, 0x3, "4caf1a"}, &(0x7f0000000640)={0x20, 0x83, 0x2, "ba5d"}, &(0x7f0000000680)={0x20, 0x84, 0x3, "d268a6"}, &(0x7f00000006c0)={0x20, 0x85, 0x3, "37941e"}})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1e8301, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x100, 0x3, 0x41}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000083b1ff4ac1adec3516be20000020000000400000000000001", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
close(r5)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x11, 0x4, 0x4, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r5, &(0x7f0000006840), 0x0}, 0x20)
syz_io_uring_setup(0x2400, &(0x7f0000000240)={0x0, 0xbe44, 0x10000, 0xffffffff, 0x2be, 0x0, r2}, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x80010, r6, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x104, &(0x7f0000000700)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100})
io_uring_enter(r2, 0x7277, 0x0, 0x28, 0x0, 0x0)

26.130712271s ago: executing program 5 (id=2966):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="120000002004"], 0x20)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x4, 0x0, 0x0, 0xef5f, 0x0, 0x2, 0x6], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000182000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00003e1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000340)={[0x3ffffd, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x213f85fe, 0x101, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x5, 0x4, 0x100000000], 0x3000, 0x280384})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r5, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)

24.401644281s ago: executing program 5 (id=2971):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) (async, rerun: 64)
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x48}}, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x0)

24.135087352s ago: executing program 5 (id=2973):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8002, 0x0)
ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f00000005c0)={0x2, 0x0, [{0x10a, 0x0, 0x7ff}, {0xc0011031, 0x0, 0x800000008000}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r3, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000200)='./file0\x00')
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x44, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4, 0x5, 0x0, 0x0, [{0x8, 0x0, 0x0, 0x0, 0x123e}, {0x8, 0x5}, {0x8}]}}]}]}, 0x44}}, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r9, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x4014f964})
r10 = openat$cgroup_devices(r8, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r10, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:* wT'], 0x9)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00')
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000000408000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x18000000000002a0, 0x3b, 0x0, &(0x7f0000000280)="b9f088a85ed3c8fc478fb13c5452b69531176e8932cc334120dfe4304a7751b96531121c22a4ce08faad1aedf38727610c59204976ae7363d45368", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

23.099342602s ago: executing program 5 (id=2977):
r0 = socket$packet(0x11, 0xa, 0x300)
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x6) (rerun: 64)
r4 = io_uring_setup(0xfc6, &(0x7f00000002c0)={0x0, 0x9e6e, 0x4000, 0x0, 0x20000004}) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast1, 0x9}, 0x1c)
listen(r5, 0xfffffffc)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106) (async)
getsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
ioctl$sock_inet_SIOCDELRT(r6, 0x890c, 0x0) (async)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (async, rerun: 32)
socket$inet(0x2b, 0x801, 0x0) (async, rerun: 32)
close_range(r4, 0xffffffffffffffff, 0x0)

22.607431845s ago: executing program 5 (id=2980):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[<r1=>0x0], 0x1})
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x423300, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000002c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100), &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], 0x2, 0x400000000000000b, 0x4, 0x3}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r5, r3, r4, 0xa000000, 0x80000000, 0x80000001, 0x0, 0x2, 0x4000000, 0xd, 0x20000})

22.140063379s ago: executing program 33 (id=2980):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[<r1=>0x0], 0x1})
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x423300, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000002c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100), &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], 0x2, 0x400000000000000b, 0x4, 0x3}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r5, r3, r4, 0xa000000, 0x80000000, 0x80000001, 0x0, 0x2, 0x4000000, 0xd, 0x20000})

15.506996351s ago: executing program 0 (id=3000):
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4008840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x7, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='squashfs\x00', 0x208000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
sched_setaffinity(0x0, 0x0, 0x0)
r4 = timerfd_create(0x8, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
capset(&(0x7f0000000080)={0x20071026, r5}, &(0x7f0000001080)={0x200000, 0x9})
socket$inet_mptcp(0x2, 0x1, 0x106)
timerfd_settime(r4, 0x3, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
chdir(&(0x7f0000000100)='./cgroup\x00')
r6 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000))

12.232415798s ago: executing program 0 (id=3006):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f00000003c0)={0x18, r2, 0xfffffffffffffddf, 0x0, 0x0})
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYRES64=r2, @ANYBLOB="58886c78fc3c01a6b2fde583bd4219366ff8fa27f51a41503c27079c2b8cd1c6912f2f7eaabf5a3db04378f204557b7e69ba838f6afc72bec0940017e292db749c288bf4c23ef49a8f87e6d68bd1a20b1987a035dd63ebe41ff6c1732f52b32dfa42043cb3bbf86259fd9daaa7fe98431757cfeac648f3983a9a0b63c0ed6a77e88feef18cd09daf56d446353d4d8d65bc13357cbc204df6e53e5ddfa8b9c04816ca33", @ANYRES64=r2, @ANYRES8=r1, @ANYRES64=r0, @ANYRESDEC=r0], 0x44}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
socket(0x10, 0x803, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@newqdisc={0x94, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x64, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0xf14}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x73ce, 0xe}}, @TCA_NETEM_REORDER={0xc, 0x3, {0x0, 0x9}}, @TCA_NETEM_CORR={0x10, 0x1, {0x9, 0xa, 0x8}}, @TCA_NETEM_RATE={0x14, 0x6, {0x6bb, 0x9, 0x7, 0x4}}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendfile(r5, r4, &(0x7f00000000c0)=0x8b, 0x100000500)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xb, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x39, r4}, 0x94)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000002c0)={@private0, 0x72})
sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000000, 0x0, 0x0)
recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x48800)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
getpeername$netlink(r4, &(0x7f0000000280), &(0x7f0000000300)=0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()

11.222890934s ago: executing program 0 (id=3011):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@deltfilter={0x34, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r3, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x38}, 0x1, 0x300}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000640)=@pppol2tpv3in6={0x18, 0x7ffffffe, {0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4, 0x5, {0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0xffff}}}, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000020000000000000000000000003000001"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_setup(0xaaf, &(0x7f0000000200)={0x0, 0x64cc, 0x40, 0x2, 0x303}, &(0x7f0000000280)=<r7=>0x0, &(0x7f00000002c0))
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000000, 0x80010, 0xffffffffffffffff, 0x10000000)
r9 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r10 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x404000, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000003c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, r9, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00', r10, 0x1400, 0x1})
setsockopt$inet6_opts(r6, 0x29, 0x40, &(0x7f0000000180)=ANY=[], 0x68)
sendmsg$inet(r5, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f00000001c0)=ANY=[@ANYRESHEX=0x0], 0x40}, 0x4004814)

9.747454749s ago: executing program 0 (id=3013):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x173)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0xc0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0xc000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_ifreq(r2, 0x8943, &(0x7f00000034c0)={'netdevsim0\x00', @ifru_ivalue=0x400})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$unix(0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x3, [@bcast, @default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000000))
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(0xffffffffffffffff, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x421}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f00000004c0)=""/68, 0x44}, {&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000003c0)=""/100, 0x64}, {&(0x7f00000007c0)=""/210, 0xd2}, {&(0x7f0000000440)=""/67, 0x43}], 0xa}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
socket$packet(0x11, 0x7, 0x300)

9.560022099s ago: executing program 0 (id=3015):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x1e0000}, 0x18)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
getitimer(0x2, &(0x7f0000000880))
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x8000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f00002cb000/0x3000)=nil, 0x3000, 0x1, 0x110, r6, 0x80000000)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
prlimit64(0x0, 0xe, 0x0, 0x0)
userfaultfd(0x801)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000009c0)={&(0x7f00000008c0)={0x100, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0x86, 0xa8, @random="4d3c6d6a91bdb5826df6c7a3a31e5a6d4709fe32e83b8eaff99226275bb38bdc374b42bffbcabcfafd6f34a93606893031c332f86391ff424cd2ae4b6f4d39fbf6ee20675a763802039ad16470b07c9a7c345da12c9168f1bfe223c8e71f374109192975c2b19a9fe3d3ec64fbfa1f50f8783d25a77ec47032950cc9d11c7f9299fc"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0x24, 0xa8, @random="90dbdd2a79f2cc5ed6c4d0c25abb82f7a2ac3eae6798046630d139c04492bcc8"}]}, 0x100}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r7 = socket$caif_seqpacket(0x25, 0x5, 0x5)
sendmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000400)="c9ae85633eeeb0edd21d9b27d3409d46ebf71203ec01bb2428cef8b1572a31650936747ba48d2c785d5d8c75e6e68ed052385ef48529fff26a574af617bf5a90961b4d9c17e04892b6b8f2d4c48a3705e268fb1049dad630e6806cd9067554f82684e4492bd5c0c009c0426db694cd098863c3b9e6f8188257f4a472d075c8de84454c872defd10bcd941839278db45a7ff466fb4993ad3e3dcb585101f09d3dd3e02f1867a80ed077749fe115978ade2cebbacf1057eb3ce469368380556da5257cb7eb55abaed81c9f5456ea", 0xcd}, {&(0x7f0000000580)="ee7f9d1aa756c43ac750e672fd9c84cb65b1e4526dbb9b7d36e4caba5805b7d68f69aa4bc096ec2656ce8122c3261fe355063a00676f47e33780d2ca", 0x3c}, {&(0x7f0000000600)="1c1328e32e2b1e9d41747fb6f733664bcdb4d9699d9d5a9a4255233660f24a6abb1f9ba06a0d8cc9ee16036ba059cd7a67c401562b7cdaf2c2767cd6aa030aad4438801ce13e3ff3b9d4496df18a8898e270b9f36f0d0875135e86f8c49f81dc9187a29caa3cc445238068a9ffe75b9e9a050b5628fa2509dddcef1ee5ea7d9ebd344fc8ccf665261b7b21243b02f52a043e533473a0e24bd3ebfadde1fdfd54f16d4fc2619d9be5d4d12f10e3fe5cb17f7b74b96566203b6ab86ccd93ff71120b260ede2163a203ececf9202aa926764e2f", 0xd2}, {}, {&(0x7f0000000000)="85aee6c2ae476d1ace8b149180698bb86c6ac94324d01e7cedce", 0x1a}, {&(0x7f0000000700)="730391b9acec6c8a9f15be6b241ce8b81d7bd0c5550f1b0f9bb9424c738fe1873f5c4abafc604ab0a6d9e42dcec7cdc2c3653dda53cdb9f91f88866f8d3b42b614bf9ec4d9b503b9e7dfa5f9def2d1cb14d5d5b70c86e6d51184052d40aa17b67c28a72369ce0f0ef23d8b34d09491b55f457d42799b50fae53631e90f3a5e6390a9858432b930bd34908a11b6532ee3ed9a91c44e7edbc946aab64b45cef1f896e790ab662f8976bd0b784e21a3501454dfb831a2c5c9770f50db088b4d7714e90ff23daeb11d1cb4b1", 0xca}], 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="240000000000e8c20100000001000000", @ANYRES32=r4, @ANYRES32=r7, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], 0x28, 0x4005}, 0x84d)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
rt_sigqueueinfo(r0, 0x39, &(0x7f0000000380)={0x3, 0x10001, 0x8})

8.660964689s ago: executing program 0 (id=3017):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="1802000089f9ffff0000000000000000850000004100000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
listen(r2, 0x6)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r4, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r5, 0x0, 0x0)

7.739400602s ago: executing program 2 (id=3019):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000002540))
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@GFS2_LARGE_FH_SIZE={0x20, 0x8, {{0x9, 0x0, 0xfffffff9, 0x9}, {0x7fff, 0x7, 0x3, 0xd06a}}}, 0x0, 0x600)
sendmmsg(r3, 0x0, 0x0, 0x40840)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4010)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x52, &(0x7f0000000000)=0x5481, 0x4)
syz_emit_ethernet(0x82, &(0x7f0000000340)=ANY=[], 0x0)

7.738957562s ago: executing program 1 (id=3020):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)

7.594535731s ago: executing program 1 (id=3021):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b0ffffffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x702, 0xe, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0x3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @remote}, @TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0x7}]}}]}, 0x44}}, 0x24004000)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6e778b748e153741588e32458a1d65ce42724b1f5019ba6141e7534204b62964e5e00013ce37e3ea41ef3e342886417805d051a651f54df98901daac10d1e37eb3d38ac8f9fbf55a5b80dc56033452ba224fdfb61f34e559542634ec0cbe5447e4fe7468dd2a5581579701c50707b6ea4b536741448a07947b6aacd78563c0725610ace15d78f6c4e633ca91f5643915ace291b39950b47ae23c880860315baf1cc2b5020216e27a09ac2a4c9b587dec13d5f607bd95f82f1041cb1b157786af55bd1f456078654c16237023f7f30a2af3224a4f52349dabf6a9d537619c7ee7a0ff3a92168140de55189fa85bf475ec1487a7994434d501d3708a57cecb3853678797", @ANYRES16=r8, @ANYBLOB="010040000000000000000300000018000180040002800e0001006574683a766c616e30000000"], 0x2c}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031401002dbd7000000000030900020073797a30000200000800410073697700140033006c6f000000000000ffffffffffffffe16fed9d099f1d4a186affa6ee8d"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

6.786112969s ago: executing program 2 (id=3023):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @result={0x0, 0x1}}], 0x1c)
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r1, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x9, 0x4}, {}, {}, @result={0x1000000}}], 0x1c)

6.151563777s ago: executing program 4 (id=3025):
prlimit64(0x0, 0x8, &(0x7f0000000140)={0x3, 0x3e3}, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setuid(0xee00)
shmget$private(0x1ee000000000000, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil)

6.107775879s ago: executing program 2 (id=3026):
io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x0, 0x2}) (async)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000080)=0x1e) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x2086421, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async)
timerfd_create(0x6, 0x80000) (async)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000980)=ANY=[], 0x48}}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x20002060, 0x0) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000080)="5ec78db485c534bdf7a2172f3f1f30da", 0x10)

6.058905323s ago: executing program 4 (id=3027):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x8240, 0x0)
ioctl$FBIOGET_VSCREENINFO(r0, 0x4600, &(0x7f0000000000))
clock_getres(0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8)
close(r2)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x8800)
write$uinput_user_dev(r3, &(0x7f0000000580)={'syz0\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x9, 0x80000000, 0x5, 0x8, 0x0, 0x200006, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x4, 0xba55, 0x8da8, 0x2, 0x200, 0x3959, 0x8, 0xe, 0x3, 0x2, 0xde, 0x8, 0x9, 0x1, 0x1, 0x80000001, 0x2, 0xc, 0x1, 0x4, 0x0, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x0, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x6, 0x7fff, 0x72c, 0xc32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x9, 0x2, 0x8, 0x0, 0x1000001, 0xdc3, 0xfffffffd, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x8, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x1004, 0x7, 0x20000010, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x5, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x6, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x2, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2, 0x7, 0x4, 0xea, 0x7, 0x5, 0x6, 0xd9, 0x0, 0x8, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x3, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x4, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe48, 0x3, 0x3, 0x4, 0x103, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x800, 0xfffffffd, 0x7fff, 0x2, 0xfffffff8, 0x3, 0x9, 0x200, 0x7, 0x4ee1, 0xfffffffd, 0x7, 0xe, 0x2, 0xc, 0x2000b, 0x133, 0x6]}, 0x45c)
write(0xffffffffffffffff, 0x0, 0x0)
readv(r3, &(0x7f0000001900), 0x0)
open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x13)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
mmap(&(0x7f000004c000/0x1000)=nil, 0x1022, 0x1000001, 0x28011, r0, 0x300000)

4.743975612s ago: executing program 4 (id=3029):
r0 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x3, 0x5, 0x1, 0x0, 0x2}) (async)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x7, @win={{0x10, 0xd1, 0x4, 0x81}, 0x0, 0x8001, 0x0, 0x7754, 0x0, 0x6}}) (async)
setuid(0xee01) (async)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0xa, 0x0, 0x300, 0x0, 0x10, 0x1, 0x2, 0xfffffffd, 0x4}}) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r4, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x850) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2c, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000854}, 0x0) (async)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc) (async)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0xa7, &(0x7f0000000080)={&(0x7f0000000780)={0x54, r6, 0x1, 0x14, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

4.387313585s ago: executing program 4 (id=3030):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000100)={0x36, 0x8001, 0xc445, 0x3, 0xfa, 0x4}, 0xc)
listen(r0, 0x80000000)
syz_usb_connect$cdc_ncm(0x0, 0x80, &(0x7f0000000b40)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x2, 0x1, 0x7, 0x80, 0xa, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x200, 0xc, 0x4, 0xe}, {0x6, 0x24, 0x1a, 0x0, 0x1}, [@country_functional={0x6, 0x24, 0x7, 0xff, 0x8}, @mbim={0xc, 0x24, 0x1b, 0xb, 0x7f, 0x0, 0x4, 0x6b78, 0x5}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0xe2, 0x9, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x75, 0x7, 0x80}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x65, 0xf, 0x8}}}}}}}]}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000003080104000000000000000000000000050003000600000024000480080004"], 0x40}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000580)={0x1, &(0x7f0000000200)=[{0x2f, 0xc, 0x0, 0x3}]}, 0xffffffffffffff94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

4.332559969s ago: executing program 6 (id=3031):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)

4.067558403s ago: executing program 6 (id=3032):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x1}) (fail_nth: 9)

3.60364693s ago: executing program 6 (id=3033):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000100)={0x50, 0x0, r6, {0x7, 0x1f, 0xd3, 0xffffffff81008020, 0x3, 0x200}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f000000c400)="e47c6c216d8aa37d2b4b4937cfe03e2410439a321b06378d3ea501c17dc8b903b8248840d09c10c6c253f5b6e1e937e281668664f6d7604b7802a480c65efe232149b9a1b5685da4b06f7300fa4ba8bf52b83ca92b9340c552063c5c54313b425aa83b0bb70cc61edfcd875385d3b4cdcabf7e5d7b6afe878fe33d5a2f54b21f9a99f5384099ae155074bcadc16fa61bbc92c54fd1e4e903ddd075b54e0fd0038f016509f8c271f61d87c793e3e12f2c2cc904b4eb10b03c7407dd50b83dc3a18daee83065d39185121ba9c6bdec2158faade8e7d558b99fd60434b1fcd74eaa24d75d6a591fd08c1d3219cbd7c59cafbbde4b5d5f059a12e9377ca96953a8605fd6445f30ceae48093052474f4f9f14c7cb9b5a255268a462738e7fc45805aa57f6b892e690bfc3750b23b13c1b6b499b19b6865baf9a95ae98bce137aa98e5d2ec0daa6795c027113bece2e8a33f02dea2501cd7a60378d8503c02afa003819a2caa68203620eb1b8b532a515e9c5d331d1e9c92d6af26d17d1c1e26ba196df0902f6d0ae5c607b53c9ada09aa4a9a99da592b737fa8d1795bc4e61b5bb00c67f4a84e97e6b7126e0cbdaa651430125c57f9de224bb18a96d78253be5daa1c1bbe8491769d39c5db252ded1bbfc27194eff67ff94997a93095cf9405a7d016c2376b911c619c1f5dc45e6c8a4ce168ad766d8ff8f382b24176a3f50b6ec4e50b0b4b95c9e1f00b8ab6676d8ba438a21483ef9cf9aed2a05cdd2305bf665dffeadf554ec2c57a89d343b4f05cc2b904562ddc629e509b52d9fb7adc22bb5377953033615617c8a0d88f93ff4936c07df225448e52747d47b4a5c781e4b8c5237f4bc4bda77a242fc321880ce3eec414c5355fc66e57c35e901c4dd0f20a615482bb5eef38a29c7279c633fe075d9c9bd377f425446a303e0a59bc613907cd6be3537c0f94d1245940ed5bbf31c41a03c5a39dd4e1d8ab0a19ab6911dca0578abb9763b0eae86a91571d2b0726722b74db9a1bfffb7424c8a9197f5d41cedf5c0b89273718a85fe81ded439104acc28da887863c7606657af0d279ac7c5b50716a1380665169eaa039080987d63a9af0ae10c036a57a1d651267061faa4e46c650fcb4556f8a34e4bb06a4e1f2e0be58add2c62ba67c64508e08f5b1c7ab6ddedbb49736826fdcb985f2c651a2be6b0f55e18d9367f029b2d85438fd53f1961f533685745c01bd867707ec16d084cd8cef1ba5e9100f1f86a252a14c65e8991b0a7ec745572e1a396ab4ce89ec5e54fd6e3841b99ed2384b0a35a86ba8a0436e87e1215bbb0492427af73ba404790aab0e336f53b69749fca97def0b5f3445b42f700cbe0a01c3c6966cd5bb6f79fe8aa7d934f5869a0e3b0e743c52c140e01b050a0725e4c27cda0444f488078b68783765b59ab6c079d843e2d35eecb4b82a8251d61e232e19d386ad7ddec0ac6eacc863f1a2b103f48077bb5cc7e58157b5af32a137d4df40f98a405422df6dbfdab5477bae9e0633647a8b9baa88c3f681901864e38c439cc114ec7580fea9131b554843902904211e2f28e8d2c066a3761aa076577458fbb3683fc2c4a18b93aaa343d27e232fa11a649b0dab7c2e83b76c446968ae8a99f3ca5743fe0f1eecef48e7e06695f380f434e591f14540d5e92da29a97d0677311da9e34f1a1691d3593cc6f74d0394b46e74278205dca9c89f6d2f117cedbc70d1e3289d3fa23480be98e377b15ce6054e3e33dc8c5d1ce804606c86c98230d8702427243b05edbb392f9304b9015008733c0a52e8fd4f74ccbb374496cda1abac59fa1052306b77ecd2025b7f6ce38327ff0bf5a7f183729442c13dc8b1b944b9ea3c3833a11f5334fca329cabf8a7e9120a9d96f0bec9cb64dc7e9456fdee5151be1c9f574b509f081655dbe9f2bd8c948e98f1db4e1a7d2ed5af95fa13a55a2639b0bf0d5a575287dbd71cd192be0e1b6f5f6c12e751e4a65799420957145d20097cff8b3b86308a336f10e413db27fbbf080ba97dfdc8a3e01d63d672ac05e6fb3733afb14f2acbbb350188f9194c66139b87e23788716c1941cc768dc0c34dd35848a42a568ba49cbc0226ee61695fbf7feebb933f5389b1d38ea93008cb08b16d2a261ace3cb988bf673fd16e18bdaaad1be4f4cc6394b454ec5022577b7e6f65aaa7998005803b072be1b5d7c437b5aa003968bbe6eedade30b9b995ce9f54ab2fd37da2de0278219a779957a3c0daf684c31a2cfb3e57f0175e28d3ab2e0693a4225937013019773555cfd63234251c08531075d3f0de35780902c6443a126c599e49fbe3e020786099ee941c1683009540640f06852812abfb128b494e6f913edad2c1072b220537483dbc8fe8bbb405c282bc1649ee16fc5480d5ef13704006b4bc985211e7704668f790db2ecfcef79953276aca4112aa5984ad818b28d73c1376e12cb43e9765fb17a7255e5a7fd57628e2c3d00e046b8dc0e12cc0a3be8e0da882873a6a18698229243db199a3b26afc03fcdf532090ceb3e249b6f19b4e8402296030042924259b683ebdf68fc274432377d87252d506a8c2f5f6c088a4248274a5752655f3ff1a0d79b2dd1d7100a2fee9e4cbe5babe852159e6321ea6e29fcebff46ea2802c5faf066cd334237919a503b5a562e3106f899cd1d62a400f0b8e43f316962b4641344534fa6dec71d5723f0ff4fd037c2e3932c0d9063ba636975fd1b8c5bea4a2fb9d53eb0682fca49e26e4a9b65b35378e0e4d055b0b501322c52d9ec900ee120d697dac611b55ce3ac628c07d6a5a0d52b714df8edb51f1a6ae45a25ee43c1792c8f1ea95ea24655a88844e81a1bc0f75c82edb5a0b10fd586cf6401ee87e68e8dcecc9ae670c0a71266858ceeedc2e2f0b38e8cd5363b926cfb71455a88ae7ff485c52797e860d73967971d09fb2e65fb612163f34edcbcfc813957579c3681122b575af443763d6fd5748b5fe2407e6162b1f07448bcfdfb871a432248b2d9dde04944e029aaf026274495bf2a283db2d76d17ddcbdfa1f263ebcd04398e733c1517bd764a9caf27d1dd14750e5dc10d49adf29416a14b475b8308f749dd4d1f90cb65dc956d331d6b6c1cf24e6774e29a4e79028dc34a5ce3f5bde0b2b0c69c3336a0daf1bc6e612a46216d303b456487cea05006550b11be7a0211658ee2a683a1574ce4061f72cd7574d5af6c860e03882296fbde66c85aa8a85c9de799f5d83e2e01c8ecd13a15b0c3c72695358fb4d2ccf6224a45d820dd89e36e66d0a5eda07df66a68b24f111cabfaf2d37698b70348f8df4673a28d511d6cbb7590bbe1192ebb55ccf8e9fd618000239a594d2c57304bcedbaeb116870b23728494497afced271408ecbbe0c923400d86e7654d09fe2d204c41032669d6d818e0bc298240693f21fe171f7989191d7eb5bdd2981da20fbe61d7067a372c5476bf255c2b1b8502ae369fd99409deb4dfabe2eb82c2b5c4068249325455942fb84967dbafdd90a094182375a73a13eee7ab5a83b9a5eaa1cbaa90ad9293b8e5c1437fa8b42e9d777d5d790c00fe4a39d449220ea4140511b04d8c1c9e59c15f1fcf265b4cc3e0526135b0c512e61e6bb016d87ec62deee312fb093413f250d2b8476bdd5a8ae4725305f6b85428a42f84438241f3d68e231584d3a69946faefcc6bfff5a75051fb3f34ff0be7656b293db2c2139996b9dfcb3b53b84e0f5007e6a2181819c73db10c65ee05369365e8e6557547d807c21362b675d83d3613abee8d7b7d3a74a1e69e0785a8aa4373d1f67edc2d5af633a81bdefa9858c0d0a553ffd7e929f301e575fbc1ac7af5871ea4e510980e2b8fcdbf9c2216f3d73c2777a989d324c7a2df7f06b87076ea04be57f5fc4f48c7bb5c80360a8761743e5d7d6ae76f9b671c253e7ac2727ab718b7339250b946b6c2a418c894d48f19f594071168c2da09f0aa7ef35ae778ab4c1fc684b1c0a9b5c66e15ab92a4bac0d6d12c76b31bb56708d09f716c237a456f810e0dbbf3ac0aeafad75e27a522563a19be66ea05f35b23723934f7a12c1e1c9a5c427a037dd9f75dc9960d49b48fc20910c7a8aa51c79882bcac75797911d676ad2c31dcead6cd6ffb424e1ee2b076c45fb6fb62f845fe3c8c24f596f4d921168f65162280736d713d11aa02f9b7b02f47972abd3679b1897504b8f809d8d1044fad4d04406a3ed0c124bcd8337628f993393e9b94eb42a3d6ac5802e0172749ae6f1ec6dd22f4d32bc009deea5dc22daf041f8e8fa206dd5a975584107a81bd033b3d8f8d4d66da8705713ca9a71b8f7668ee7bd4cbc960eaa89228de6dcec53ff9fcfb858fddf73cc825bf3d0cdaf4592e60619e3a666a86391149dedeafce8c76fa6cb19008d48b301efec7232b20d48da6701239725848406a28a36c901e62d0759e2a086cd3bfb54185fafd6d2c6972adc6d76e2c58838a5b103fd2fb821fe9467ed840aabb8db5d0897bc9e48ece09098c57df591065e20a923796e00b17d208ff39867913b15fdb9eddefc8fd828f5abd82e26e9cb62c1d917864e0fde219bac453f0598cc4d8bcf6f759e0c7b667c556cb8e1b4b46af29e37b996f0f5f0871169366feb56a5c84854903c315c729dc494b8f0982eaa178a4225e3fc89c7b216a74b34a12bc452fbe54f11fe5aceb1467729f32ecd658b1fc3230c5b07496f0ec97549988fd0ccf95f01a95467eb9cd21b3386f5d0de538ac9941cb22fa457da9395996e6a090c072be1d2c2d2963e695d3cdb5375f5da299b5efea5ec32546fd36d4ed8b10dd14f94298f0973fcb935f981aa2ebc71aacca31470d33b12b43478caddc41f4262f05d106a417f8c304fbd5d1214a2ce9e95acedb4ae29c89fca58742ca207e9d972ce871a09e71f1e80c4a5cf8a248b900f7acfa8a253ffc82d8977a303822b365d2113a6e01c59ab41c9bfc7316393a423618cdc08de3e834b02d88ee169d84ce1ca3e26dbec65a7b796c91a37ada6ff3796e6a1a427add5c6ccca900369484b4626bd27d776fc73867e4264ccf17653d298725f56f92e9ef64c1b16ff4018330e5625b3a58e9b32285d7ea086035451fbfbd275443a59d80aa44a80b8b1d07c412fa6b6f6a3709c3fd4b3036e17e0624d0ed4fca3f5856e363e33a984c4cc08a5c40c16f50b7a1a11bc8f035d833b2f5f357116e20813cc718df7611efb3fcc9e9d71c3b5662118ce181e308528b156ffdd480d5208ef33fb68bdeb5ac7a4be8b08dea0c2f60430a1eef099b0270d8c63a997890136ef7800204b730b8679a4f0be51a16e3a7ddb36a36b3c2c3b28dc3a5a51ccc7dfb0c098c5d46a7f0cc19b3cdfffd5c9e96fd649c8f769954089816f5a393fd7590df49a4ffd5b554daa5fed16937679cc1c59adf4f2b35b652b2162cd75cc06f811a9b9c583db30197d46c347377edabc75840bae2ecfca6a33b76ac7ec16a89616ac9c5fcd69f62ccb9da58b3703d1b6d81e6cc294e2ae63c85bbe6612a240be5687448b09552e326adb479c20d25771a7cce65f316276ea4febccc8d0671d3f7b89e3860527932d50358f61dfc57ecea5e5e7a514ec31fc4fc99632b924f25abdfcab63b18d9b8f34b882e1b00adfe9465990374411604fa1ce59e906848cf44a73030f3dc84bbef85c208d39a1fcfeef247282cb7a307c314548042e24dd80eeb2530081305c6f9d18394ac4924b540f007df6d7e80c4eab56482a94aefe9288392fbdf599707e19fc50f7754226f6778eb9401f887fe1deb9d9bcbe35c979954ae22597f636869c8843767355e85fa45273788cb43ec3bea0a74f243f5d1840c087e43c0f39a2b61481a9edc8030e3dcd42657905179c2b03348c2cdc2a7f8b9eea3652984cf7ae0f827c8eea183c32dc0586efd646a4863d74bafc76cb86109d18027531a28f1e5d42f27c76f6b871a4e762268c2be77f4b3061d62300d7a6af893126cd9d027890f83ce8b0c763f7fcd15f661fa57bf182c756de530065577d97c4e1c9d52d5847926600fc90070e5c3092129a4c87ee589292a31caa10ca61b269e4e9756f49cfe2b9c8e48afe99bccb723007580dc69df68158169b3b880a683be132afb10d375e26ca56a503c22a281f57a6c07e0a7ca6e8817679166f78af04b42a0ef886ce782a5e2c6f4755cbee4e62c4315e62d6e294423b34991f3c1847e20cc1ff5ffb80a725ee28ccef8a897e4ed24fc224266fbae8c5211102d81d40c1cf53c2fb1919c802a6a947d83992ddeaadfd771811dcf74894e32ae6eba1896220f0c4eb4985ab38d633410a1c4c47d2409bd54689252f09250c0c650e03b4cc1db9f68525d66864a8d9d8f512711e14d530665e37f70bdf286f1dea3b88dbb494520f56381fe82935c5a8313edcc92658b32419251063ce1d3b0c91f2e235baa5c79cbc7db9715722ea4ff5b106c65615e6c439df019cddba3f48fb441f7dffcb968dc6487ea78c37ffe2941841ad4c4282517f662065ab574bf077c53965e8a364b9db2b0adf8a7e74693ae1fb7a7fe4a7403eced2a74f3bad5efaa9cc6f7ebe33cf779c21a6278e9043999d33f030ef5b6d55a72514552480b1061f487e18bf5069bf741ee4fd0fbb999fbc183cc840b0317cd5d5d8fecc1f3f91bb5f2ad320339aff5c884f4c31f4877d59642e3ea0e3af659299aaea96ef7302910089560be252eac73213f80d334adaa8747cb9e3b9e4fab9b203448e276576e049c3b661ccdf75e0b386f6f865a1faf0c277b1fb39d84dcaf31b5ff4bbd6454a4052fac9e7d1825c178cdac4d6adb0785409c2e58d47e7ecdf909457f990fe7fe32c93f3185f55321cea4da51e3645cca3869ca44787108e9e5cfa8d9d575f2cdd2376226fdb9812cd20623b5e594ca7584cff342a52126dbdadfc348e3fcbec4bdf64f454f00f21889a8bd93a461ac51bfc76d7ccf96c6e1e79bdc2ca184d01d81422dfa068a4b4cef06bfa2742db2e3f9f25d93d5be6655d9f5b77252b124ec1cd67d73936fff40033056d13740b7f09c2ef057f9670e1f0cb8b81ca13c495a1463bff9f42aae53abe981263defd8b104e5ba6cd077859821bd8191e3622f7e8354b0ca6b5fe1481b5aaeed5009f08bd3370b4d8e5f152d8fc1ad9224c8d9b7a2497a2bf2421d2762bf29236c6f292911392969f2d5aa78b20b2e6d03cbcb32c21267bdc136dbe5444386e2fefa3709ef801c45a77964d3dfb13bcc20971cda7581aefb49dc03076c892c035cf963cf5047b2a468900a9769b3e9e47ef4c2edd13f2c7d1e7d0ccdf15d0e68484f0d1b3a1f54bb98dcf11be6655ca21358b39421bc80d649242eb15aab0bda45f318faf2557a5311fcfc51a7947b6ea9e071593274389931887f045e71dd0e1600c0ec940b20e177805d29b4f6fb2cc0d1ed7ef888122d4f6329188185a1bc563b0f785d135966df5ead0fa8fe219c46afe450a290dac0f8d7b973e802b94b3bef23b34b076fc3e228ad3ec7f81c92d67bbff339154a44ed74179a1252d0f619fa6f1cab8c47b5125b6ba7c60c2e1063857f21be81e75e889f58dbb832ee530abe43030e605e060d7cd1fc299d25fd4a6cfec335559cea3cf574ad333f3795ebdfa3344595353c70168b34cd6bd4d967a1ad78ef0cd63fbc9e51835505f154cf867a1389ff9800eb9d3af5d746dc9778304d4fe46940eaa0fbfecfb0b0b740167012fc0dfc00f957520e14810374e15048b0eb32547c781ca329ce67db5a61037466061925c6edca686449e411bac0fac4c57ed2e3507ff26998d6d2729a9f9e6d339d3655f4d1c4065500a46da24331365890ca8b1d6fe11aab8c0668a095b9f983de52f024a08f5f2d93799f851bfc60db3089b88af333e178a07f1ed953e38e6c5c12296d33abfb932442ca6f7222535473805b864befc0bf079147326c003c46841778eec7c61e378a9949d4c1c53a2cd657cf3ab955eeb4ed46c88a85f73af8d20a40a31b394213046ee0d15c5eb587458dcfb1278e9d3dedf3e68f313880dabea21866d9156717039e737305108ac94c25f1ad5937b7728f495e29db91bf3a3cc000bef85415cfde70fc7ce7d7234a987dace74ad55a597a9dad06c1dab4081132f4f8e508173a838241cfc955c652373535a2e55ad73655a6e27a031007e00f8e37aee94ce3857f3c3f24bde842015559c73c3e05e2b7afabb037f8365a314ae634de2f6ced6c431071c75a863b52c6528b996638fe537c05569d9b1ccd5d7f4baa99f283810b2da77a4b9a35d0fd64d42456aca6c50424a9e486b5bd31dba186e9c2559a8cc06805b2d3790be49ce914f249e79f8f821f8d428510b0e8ed67edb7831cd2032d8ce5636b5101b72e21e74485909f50ec35574fd6eb56bdd232c1d584c382ea4503fa2206f2b6b7b289408966ff786e42cf467cd68db3639dc7bc73f7bad609b39c2c6f5b743890827f825ceafbfdd8c2f31da88258b77a67802da2e95751609f16d662766e73783cf71e1924b57359aa9f9983a68f4fdfe9ec26cd468e7295dd0d9c7389f2335d47c478df124fe54bb3462ff37f3b2e0b3e0f415ac0838013f748b320918830e73563af62acead286abc42e6ad2daceec316bfc297963de9d48378dc017985fe24c20629c1a8c6c1c67eda03209da07696e33bac9061ab2fbc5b8825c27b7ec05d2962c9449b3603608c6c0b6589d729fc2ffe94992c936cd130baf125e81818c29672068bac6fe4aa39c9bcec75eef7e03405b5488318c32753f0fb6c2094eab21529e4811649431f1d65b2c8e173efd3bda023f513d1daff8dc092b4e9bb7e039e586e73d4d998af6fa54a6f552bf21628cb02578243e10dd31d3ef04e11e4ebfe55fdeda67e49f4e930d6593beff4e36df0f84e24a2c8a6d39130c88b71a092c0fddd4267e45e515166bc65f1ba16d8a07d527c76665a52a2432acdb466e6893bbbc3895a5ede98e84e5b9f27c4c49087858a847a5021d1a3e15ee3438a1211376a19f0ec43b04e2ff1a07c327903fe1ca680185677ff19ba41cd4eff21c08cec80af7070c0d6aab7168ba546e021d50b8db0ac3a690dc8929489810eed8c566158b72afdbc78a3918524cad7b5edf0b6511ca6b4e5809785b06d768fd2fdcd2e764a1f12f0690572f13867c8f4b1a5cb83c509dabf1549a07993ea58a0bdbe640cc4c16e0bc9fbf861e9e3bff84955817ad19f40f40b707ec6dcff80709ed5359c145c607751a462471bada6b9ee07181bad4a25d5229a348c504585a66a1d7876876745ab86f59b3a5e98a4c2aa7d0d883c58efc77f9814185b73a87bc23dd1c64b013b53f28a837dcc50582c0d5f8b15e958ff7068cf064e75c1865f4893026818d6dcb0eacaca3b1bc7d84188b1d4a33e82d715a18028f7293fa0684e8045aa97a416ab32337cb978c100dfd5a181012cb7a971004b35ea20a4285454781001b77f5963d4c90a7842b62dfcb1a31523ef4e67e690fc1c6e869e4fd5d9b0f6e013c56c76abfe7288d10a170669e108da06acca41adc48d98b4b4e58851db0894c8603fde20a2b5abdf1cc2829cecbcf9a6f054daddf9b5e987d2fcd8bbe0c788067d0f259f453a3ab251ed7751d2daeae49874239fa5955eb43b41916c0430fc9dc49369f540ffe65432b9757a28bd9b6c9b3820aa14b62def485322c549d67bfb11318877ef3e5e88b09e9b92eb09d31dce451c61c6a8c16d1a623d180cb4890390d7496551ffdca8b1b17b42b684fab73d79a557be5cfa04a73879d349aeb2e5a6663667f2e6e45c1bfab740eefd97270e0b70fdd577a7862d28e769105c448a8715870ae89990894869ece5dcfe9a8632d07b3577ab685c8541400ee80e2f14db921835c0eebceab91752d4f65676f86a3c6b8f66403fd6d02cd7925561b84a776da1eb64db193dfa95075e5d68b94103c94da6b2373f2ced0a4fd8fe447424a3accd7e6e7fdab35f87e9c87232e32eba6290bd24f6a7b14223eb447f49250af788dd291296cec57c30f3363787f5067784a9b395b992d1add27633df34825cdaa7021ba276a011ae419d7847c4a71b3c063df8f5b61a5e08213c71c7881e307e4597c1c30dc36e14d45144302862d32966fae399dd50222d581c99ba2c0b62fde8ff9af3f9bb93a869e3f6e0d1eb0ad56ee6cf7b0a42580596bdf411b449996361fefa805243f8df5a3546f426469d8af77e5610370f5210a7b280e744167162e3bb45ffb2c62f34c6c9f1e38b4cb2ebf133985db718fc8b2165d219a0ed1b0e166f9f0c1fb901d7af027813568e6ff4e96dec214efcbe664fea7f6e5f20389a669d17b02b79f55aeabbf2ee2133c28b8a3dc99add057802346099bf5246a89a310e8f2fadc7b2c8488dcc4d594fd2d43835a2b6aa4b83ab0581ce3ecc4f564556a54b694198af932f6e62f0d8da72b0b584fcd18bfd720d87fc7d3fcfcb242b61a5823230686b4c7f720f4cb26cb6a4a1e43c5722c2ffb0a54155752dc52767925b3ae2803282dca2d244575699a79b1d92145120e803e7cb2f2dcc5ccdfd3c5de5d50dd992f3f7a028a8fee5d217de80c3c4a242c05e5a1c7241fb7e2ad674d35dd056eddfc0038bea6804e1fb53ea073a79a2fab66e68ad9a13a09571f3192258257f421333f7426254d0b1c7fb267e134516b3a6e629be1813d458e115857bf35585b2d844285334c67d09e55209159b14c21987ff379bf9a3001e360f54a4bffdb757c8bf90550956f0354ab1e506c074cf6f8498dfa0dae22e05a4c73f7624997dd0e74618b363de37f70d531f93fc5882a86e86b9e3086da764fc7e1f7e34f37bac3f5df9f7506eb022fd8687bb1fca79dae1ab8f37c3f15871bc643e82cbf7d325e73e2fa3dc79dd6b333dac1045f1f47552e05452d6b178d9b2734e9e39358af1329744844376f1737709037956da8b27389b143312f0301c15505c754287d266b1d433ab61a3695d52533c6fb6f6aea6100d182025a5951044f93ceaa12e735d8d5fd74ca37be58ca04661fff1d330c29a18cab4377409194a2b5d257994975aab86415e050d3a1bf56b0d03d1048d9504e8ecdad31b0a947a4736c45b9bc78949bcc5008cdc2f4dd02200873d1db4cf5453e0f62823f7dd5058c755a6cd9488705b47e118ee39bd7498b0ac6346e8798f4e960232d23d5730a8b9bdaaad83fc9ec97174d5f68fda2788085d47ced0812441925a900fc1f6ca98b7954a4e77408daaf31c04104ba743919d732482a11fa89244b0721a462dc17993515cae328d24e610c3b4c68a534c6329d29b0ac08863401e41018345bd98a26ba9fc890bf493841a86425ea39dd2baf241b199a99465617a7500d7d02f85b9e598a99977e028ecb0eb647cfb2eb7df16cefef34f5b61742b067970d7b289dca446d5ffadc2b591b9f35c3559db3029ab20e91cd658b806a3b3a0008c64f16a3f6bd328f26d550874d642d7fd06e8644e713efe957ef7b26960142d72a140e94458adbc5fc8034b95424af8d4bed977d7da9abc813b6f991a60f5ed461bd3fa13a402e9f8c1bdb7a1cbc9b0db23aa3abe55d26cc60bfbd5", 0x2000, &(0x7f0000002bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)={0x20, 0x0, 0x9, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
dup3(r7, r5, 0x0)
r8 = syz_io_uring_setup(0x230, &(0x7f0000000080)={0x0, 0x20, 0x10100}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r8, 0x7a98, 0x0, 0x0, 0x0, 0xfffffffffffffc76)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0})
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r0, r1, 0x0)
r11 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000340)=0x3)
ioctl$KDDELIO(r11, 0x5433, 0xfffffffffffffff9)
socket$inet6(0xa, 0x3, 0xff)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)

3.101124305s ago: executing program 6 (id=3034):
ioprio_set$pid(0x2, 0x0, 0x6000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='mm_lru_activate\x00', r0}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000c40)="18", 0x1}], 0x1, 0x0, 0x0, 0x7400}, 0x4009044)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8918, &(0x7f0000000000)={r2})
ioprio_set$pid(0x2, 0x0, 0x6000) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='mm_lru_activate\x00', r0}, 0x10) (async)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socket$kcm(0xa, 0x2, 0x0) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000c40)="18", 0x1}], 0x1, 0x0, 0x0, 0x7400}, 0x4009044) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0}, 0x0) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8918, &(0x7f0000000000)={r2}) (async)

2.591555462s ago: executing program 6 (id=3035):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x30]}}}}]})
openat$dir(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x414301, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
recvmsg(r2, &(0x7f0000000000)={0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)

2.591196026s ago: executing program 2 (id=3036):
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000019436347bd16ad5df68867fbe5246145365869a7409418873e84b6"], 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_emit_ethernet(0x1e, &(0x7f0000000040)={@random="902deddf42cc", @local, @val={@val={0x88a8, 0x7, 0x1, 0x1}, {0x8100, 0x0, 0x0, 0x1}}, {@llc_tr={0x11, {@snap={0x1, 0x1, "b0", '1)\n', 0x8809}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r4, &(0x7f0000000400)=[{&(0x7f0000000040)=""/92, 0x5c}, {0x0}, {&(0x7f0000000380)=""/72, 0x48}], 0x3)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r7 = dup2(r6, r6)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x6, 0x87}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$sock(r8, 0x0, 0x20000880)

2.416041918s ago: executing program 1 (id=3037):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000357000/0x2000)=nil, 0x2000, 0x0, 0x38011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x1})

2.282663514s ago: executing program 1 (id=3038):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200), &(0x7f00000006c0)=@v2={0x2000000, [{0x4e, 0x6}, {0x5, 0x2}]}, 0x14, 0x0)
fchown(r5, 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r8, @ANYBLOB="0c009900f40000002e000000080026007f17000005001801250000000500190104000000877bc2e246daffcaafd8df63149405ef890700000055c0a5a8f86abe2983eea724fea3eceedc58f51ae50c5075c1692ff2abe5de44f4bdb0c98bd7e9e7e9a17d6f4c02a109d321de6eae11fde10b6010213c6df2c5ce76e00b5fc8186fa62dca9e90229b65e13ac973d2362cb06ee619bf64dfd61b06be9776e134ba3b580c08445aaa5fb2a8f9f954e2bc4915c76bf41515c04ab803a84383dbff5371adb554d953b993b790af9fe2c29be049840361d1b0fdc7e9cbe13411594c7c9f4865575040225c789d5210b02de7daf840e0e5e04fe6ef449886377e21a55b6307984e2661b562035f0a210f702b439c83acdbce21a79671eaa50002fe13eda52a3a26f2acb9d03b79abbfd91e35d53f19d0ef"], 0x40}}, 0x0)

1.991372869s ago: executing program 4 (id=3039):
r0 = socket$packet(0x11, 0x2, 0x300) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014001000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000900)=r2, 0x4) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x20, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0500000001000000ff0f000007"], 0x48) (async)
r6 = socket$igmp6(0xa, 0x3, 0x2) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000240)={'syztnl2\x00', <r7=>0x0, 0x2f, 0x8, 0x7, 0x9, 0x40, @dev={0xfe, 0x80, '\x00', 0x44}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x11, 0x200, 0x5}})
setsockopt$MRT6_DEL_MIF(r6, 0x29, 0xcb, &(0x7f00000002c0)={0xffffffffffffffff, 0x1, 0x9, r7, 0x32}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x47, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x4cf68d79c8eac253, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x13, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r8, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wg0\x00'}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

1.548133148s ago: executing program 6 (id=3040):
r0 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000080)={0x5, 0x2, 0x8, 0x5, 0x6, 0x5})
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/59, 0x232000, 0x1000}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xa, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="c29ee20e2143d7592ca8652883489044c3bc6c2df87caef6a28a6cfcb21424feefdbc20e40834de14d2e29f9c66750457e4840b145f8dc2179dc4e03f259e3e2f508056bedcad6b4aa4b9b9ad72d6dc8ce7705413a6a7e21086bf017119d553778a471857f1cb4db37b7cd40c52ac06432cb406ed5b8e9448e9b5dabb2695b0b638ba48de2b4715345965b1f1d398b5924766a5191a1b4a74ae5c6d60b362be26fa80dc86fd2c73a199ec0431e2203e894deb17f7a002e7e19cd73c05f57f5ee4ea9d18b2258dc8139843a1c46b91aa53e1820233061b632d6369e26820ce50eeac4ef84f3417a8ffa483123eac6bdc5a9d7d1f79dde00a12dadebd6f3a7"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x1)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x161642, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[])
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000ecdbdf25410000000e0001006e657464010100006d0000000f0002006e657464657673696d3000000d0087006c325f64726f705300000000"], 0x44}, 0x1, 0x0, 0x0, 0xc800}, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000), 0x4)

1.274520149s ago: executing program 1 (id=3041):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)

1.131424356s ago: executing program 4 (id=3042):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x200000000)
r1 = dup2(r0, r0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000300)=""/107, 0x0, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x5)
read$FUSE(r1, &(0x7f0000004d80)={0x2020}, 0x2020)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0208000002"], 0x10}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$vhost_msg_v2(r1, &(0x7f0000000480)={0x2, 0x0, {&(0x7f0000000280)=""/128, 0x80, 0x0, 0x3, 0x3}}, 0x48)
getdents64(r1, &(0x7f0000000380)=""/227, 0xe3)

420.313567ms ago: executing program 1 (id=3043):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r4, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x6a, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "1fa3883e21cd9fe5caae18544a9131d14c91cf0d35507989", "6e447a58f2e6a0893330bdb477ae5aa6740446707740eb6dcb6c5545363eff42"}}}}}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$RTC_UIE_OFF(r6, 0x7004)
epoll_wait(r3, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002)

292.245541ms ago: executing program 2 (id=3044):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000001f80)=""/4102, 0x1006)

0s ago: executing program 2 (id=3045):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x68}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x80)

kernel console output (not intermixed with test programs):

0x10/0x10
[ 1146.574938][T15530]  ? __lock_acquire+0xab9/0xd20
[ 1146.574958][T15530]  ? ref_tracker_alloc+0x318/0x460
[ 1146.574973][T15530]  ? __lock_acquire+0xab9/0xd20
[ 1146.574989][T15530]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1146.575011][T15530]  ? tun_get+0x1c/0x2f0
[ 1146.575035][T15530]  ? tun_get+0x1c/0x2f0
[ 1146.575054][T15530]  ? tun_get+0x1c/0x2f0
[ 1146.575084][T15530]  tun_chr_write_iter+0x113/0x200
[ 1146.575115][T15530]  vfs_write+0x54b/0xa90
[ 1146.575143][T15530]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1146.575180][T15530]  ? __pfx_vfs_write+0x10/0x10
[ 1146.575215][T15530]  ? __fget_files+0x2a/0x420
[ 1146.575251][T15530]  ksys_write+0x145/0x250
[ 1146.575286][T15530]  ? __pfx_ksys_write+0x10/0x10
[ 1146.575298][T15530]  ? rcu_is_watching+0x15/0xb0
[ 1146.575317][T15530]  ? do_syscall_64+0xbe/0x3b0
[ 1146.575336][T15530]  do_syscall_64+0xfa/0x3b0
[ 1146.575350][T15530]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1146.575365][T15530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1146.575379][T15530]  ? clear_bhb_loop+0x60/0xb0
[ 1146.575396][T15530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1146.575409][T15530] RIP: 0033:0x7f070538ebe9
[ 1146.575424][T15530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1146.575436][T15530] RSP: 002b:00007f0706271038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1146.575452][T15530] RAX: ffffffffffffffda RBX: 00007f07055b5fa0 RCX: 00007f070538ebe9
[ 1146.575462][T15530] RDX: 000000000000007a RSI: 00002000000001c0 RDI: 0000000000000003
[ 1146.575471][T15530] RBP: 00007f0706271090 R08: 0000000000000000 R09: 0000000000000000
[ 1146.575480][T15530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1146.575488][T15530] R13: 00007f07055b6038 R14: 00007f07055b5fa0 R15: 00007ffdaf267ed8
[ 1146.575511][T15530]  </TASK>
[ 1147.540995][T15539] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2516'.
[ 1147.550534][T15539] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[ 1147.903403][T15551] syz.5.2517 (15551): drop_caches: 2
[ 1148.010653][T13362] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1148.749333][T13362] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1148.767990][T13362] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1148.932411][T13362] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1148.994013][T13362] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1149.005578][T13362] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1149.019142][T13362] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1149.204551][T13362] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1149.240579][T13362] usb 5-1: Product: syz
[ 1149.246473][T13362] usb 5-1: Manufacturer: syz
[ 1149.261365][T13362] cdc_wdm 5-1:1.0: skipping garbage
[ 1149.269390][T13362] cdc_wdm 5-1:1.0: skipping garbage
[ 1149.282487][T13362] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 1149.292897][T13362] cdc_wdm 5-1:1.0: Unknown control protocol
[ 1149.645069][T14486] usb 5-1: USB disconnect, device number 37
[ 1150.376706][T15576] fuse: Unknown parameter ''
[ 1150.864606][T15580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2527'.
[ 1150.929397][T15583] FAULT_INJECTION: forcing a failure.
[ 1150.929397][T15583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1150.961633][T15583] CPU: 1 UID: 0 PID: 15583 Comm: syz.5.2529 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1150.961657][T15583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1150.961669][T15583] Call Trace:
[ 1150.961676][T15583]  <TASK>
[ 1150.961685][T15583]  dump_stack_lvl+0x189/0x250
[ 1150.961710][T15583]  ? __pfx____ratelimit+0x10/0x10
[ 1150.961730][T15583]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1150.961751][T15583]  ? __pfx__printk+0x10/0x10
[ 1150.961776][T15583]  ? __might_fault+0xb0/0x130
[ 1150.961805][T15583]  should_fail_ex+0x414/0x560
[ 1150.961830][T15583]  _copy_from_iter+0x1db/0x16f0
[ 1150.961858][T15583]  ? rcu_is_watching+0x15/0xb0
[ 1150.961880][T15583]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1150.961902][T15583]  ? __pfx__copy_from_iter+0x10/0x10
[ 1150.961927][T15583]  ? __build_skb_around+0x257/0x3e0
[ 1150.961959][T15583]  ? netlink_sendmsg+0x642/0xb30
[ 1150.961984][T15583]  ? skb_put+0x11b/0x210
[ 1150.962041][T15583]  netlink_sendmsg+0x6b2/0xb30
[ 1150.962079][T15583]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1150.962116][T15583]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1150.962136][T15583]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1150.962166][T15583]  __sock_sendmsg+0x21c/0x270
[ 1150.962192][T15583]  ____sys_sendmsg+0x505/0x830
[ 1150.962229][T15583]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1150.962280][T15583]  ? import_iovec+0x74/0xa0
[ 1150.962311][T15583]  ___sys_sendmsg+0x21f/0x2a0
[ 1150.962342][T15583]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1150.962408][T15583]  ? __fget_files+0x2a/0x420
[ 1150.962428][T15583]  ? __fget_files+0x3a0/0x420
[ 1150.962459][T15583]  __x64_sys_sendmsg+0x19b/0x260
[ 1150.962491][T15583]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1150.962530][T15583]  ? __pfx_ksys_write+0x10/0x10
[ 1150.962545][T15583]  ? rcu_is_watching+0x15/0xb0
[ 1150.962571][T15583]  ? do_syscall_64+0xbe/0x3b0
[ 1150.962596][T15583]  do_syscall_64+0xfa/0x3b0
[ 1150.962615][T15583]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.962635][T15583]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.962654][T15583]  ? clear_bhb_loop+0x60/0xb0
[ 1150.962677][T15583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.962695][T15583] RIP: 0033:0x7f11a6f8ebe9
[ 1150.962711][T15583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1150.962728][T15583] RSP: 002b:00007f11a7d15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1150.962748][T15583] RAX: ffffffffffffffda RBX: 00007f11a71b5fa0 RCX: 00007f11a6f8ebe9
[ 1150.962761][T15583] RDX: 0000000000004810 RSI: 0000200000000480 RDI: 0000000000000003
[ 1150.962773][T15583] RBP: 00007f11a7d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1150.962785][T15583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1150.962796][T15583] R13: 00007f11a71b6038 R14: 00007f11a71b5fa0 R15: 00007ffc3f199848
[ 1150.962827][T15583]  </TASK>
[ 1151.706865][T15593] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1152.343108][    T9] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1152.460897][T15597] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1152.539175][    T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1152.547840][    T9] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1152.568860][T13362] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1152.597013][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1152.628885][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1152.697997][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1152.743185][    T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1152.762988][T13362] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1152.776809][    T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1152.777976][T13362] usb 2-1: config 0 has no interface number 0
[ 1152.815381][    T9] usb 6-1: Product: syz
[ 1152.838424][    T9] usb 6-1: Manufacturer: syz
[ 1152.854769][T13362] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1152.884121][    T9] cdc_wdm 6-1:1.0: skipping garbage
[ 1152.895130][T13362] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1153.025892][    T9] cdc_wdm 6-1:1.0: skipping garbage
[ 1153.044269][    T9] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1153.063828][    T9] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1153.084417][T15588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1153.148402][T15588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1153.158019][T13362] usb 2-1: Product: syz
[ 1153.162205][T13362] usb 2-1: Manufacturer: syz
[ 1153.166813][T13362] usb 2-1: SerialNumber: syz
[ 1153.188160][T15612] syz.0.2537 (15612): drop_caches: 2
[ 1153.926657][T15588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1153.958638][T13362] usb 2-1: config 0 descriptor??
[ 1153.987713][T15588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1154.022403][ T5827] usb 6-1: USB disconnect, device number 36
[ 1154.199660][T13362] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1154.277098][T13362] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1154.318643][T13362] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1154.348019][T13362] usb 2-1: media controller created
[ 1154.412487][T13362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1154.491038][T13362] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[ 1154.599509][T13362] usb 2-1: USB disconnect, device number 37
[ 1155.699076][T15631] FAULT_INJECTION: forcing a failure.
[ 1155.699076][T15631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1155.794043][T15631] CPU: 1 UID: 0 PID: 15631 Comm: syz.1.2544 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1155.794074][T15631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1155.794087][T15631] Call Trace:
[ 1155.794097][T15631]  <TASK>
[ 1155.794106][T15631]  dump_stack_lvl+0x189/0x250
[ 1155.794138][T15631]  ? __pfx____ratelimit+0x10/0x10
[ 1155.794162][T15631]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1155.794187][T15631]  ? __pfx__printk+0x10/0x10
[ 1155.794216][T15631]  ? __might_fault+0xb0/0x130
[ 1155.794251][T15631]  should_fail_ex+0x414/0x560
[ 1155.794281][T15631]  _copy_from_iter+0x1db/0x16f0
[ 1155.794314][T15631]  ? rcu_is_watching+0x15/0xb0
[ 1155.794340][T15631]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1155.794365][T15631]  ? __pfx__copy_from_iter+0x10/0x10
[ 1155.794395][T15631]  ? __build_skb_around+0x257/0x3e0
[ 1155.794431][T15631]  ? netlink_sendmsg+0x642/0xb30
[ 1155.794461][T15631]  ? skb_put+0x11b/0x210
[ 1155.794497][T15631]  netlink_sendmsg+0x6b2/0xb30
[ 1155.794539][T15631]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1155.794589][T15631]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1155.794612][T15631]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1155.794644][T15631]  __sock_sendmsg+0x21c/0x270
[ 1155.794675][T15631]  ____sys_sendmsg+0x505/0x830
[ 1155.794715][T15631]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1155.794761][T15631]  ? import_iovec+0x74/0xa0
[ 1155.794796][T15631]  ___sys_sendmsg+0x21f/0x2a0
[ 1155.794837][T15631]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1155.794914][T15631]  ? __fget_files+0x2a/0x420
[ 1155.794938][T15631]  ? __fget_files+0x3a0/0x420
[ 1155.794975][T15631]  __x64_sys_sendmsg+0x19b/0x260
[ 1155.795013][T15631]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1155.795059][T15631]  ? __pfx_ksys_write+0x10/0x10
[ 1155.795077][T15631]  ? rcu_is_watching+0x15/0xb0
[ 1155.795107][T15631]  ? do_syscall_64+0xbe/0x3b0
[ 1155.795137][T15631]  do_syscall_64+0xfa/0x3b0
[ 1155.795175][T15631]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1155.795197][T15631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.795229][T15631]  ? clear_bhb_loop+0x60/0xb0
[ 1155.795253][T15631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.795271][T15631] RIP: 0033:0x7f744bb8ebe9
[ 1155.795287][T15631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1155.795303][T15631] RSP: 002b:00007f744c93b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1155.795323][T15631] RAX: ffffffffffffffda RBX: 00007f744bdb5fa0 RCX: 00007f744bb8ebe9
[ 1155.795337][T15631] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1155.795350][T15631] RBP: 00007f744c93b090 R08: 0000000000000000 R09: 0000000000000000
[ 1155.795361][T15631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1155.795372][T15631] R13: 00007f744bdb6038 R14: 00007f744bdb5fa0 R15: 00007fff0d6fda18
[ 1155.795401][T15631]  </TASK>
[ 1156.157195][T15632] tipc: Started in network mode
[ 1156.246832][T15632] tipc: Node identity 080211000001, cluster identity 4711
[ 1156.255483][T15632] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1156.297076][T15632] mac80211_hwsim hwsim13 syzkaller0: entered promiscuous mode
[ 1156.304616][T15632] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode
[ 1156.313886][T15632] tipc: Resetting bearer <eth:syzkaller0>
[ 1156.364200][T15638] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1156.705389][T15645] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2549'.
[ 1157.010214][T13362] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1157.118098][ T5827] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1157.255850][T13362] usb 2-1: Using ep0 maxpacket: 32
[ 1157.348650][ T5977] tipc: Node number set to 134418688
[ 1157.356443][T13362] usb 2-1: config 1 interface 0 altsetting 65 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1157.408000][ T5827] usb 6-1: Using ep0 maxpacket: 16
[ 1157.422193][ T5827] usb 6-1: config 0 has an invalid interface number: 79 but max is 0
[ 1157.434932][T13362] usb 2-1: config 1 interface 0 altsetting 65 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1157.467448][ T5827] usb 6-1: config 0 has no interface number 0
[ 1157.506072][ T5827] usb 6-1: New USB device found, idVendor=10fd, idProduct=0513, bcdDevice=b6.d6
[ 1157.522943][T13362] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1157.551885][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1157.566673][T13362] usb 2-1: New USB device found, idVendor=056a, idProduct=0314, bcdDevice= 0.40
[ 1157.579485][ T5827] usb 6-1: Product: syz
[ 1157.583742][T13362] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1157.593940][ T5827] usb 6-1: Manufacturer: syz
[ 1157.598921][ T5827] usb 6-1: SerialNumber: syz
[ 1157.605052][T13362] usb 2-1: Product: 瀑벣�픗䌺抽ᎃ�䅹뻜樂Ⲉ舳闗羖ሟ걮⇣ᱦᗊ怊箲쒵鬀唧覌뜌蒨⿽
[ 1157.605052][T13362] �侩겾�媵�慌볳诩�㇭쮮㠀룖渤렙�緖曬仆풗怯�縌唥䬭㬳뻨䎵䕶뜷뚋燄췭빔꪿猌㑛鯠⹚炇�귂Ḷ黫붢⹨
[ 1157.636697][ T5827] usb 6-1: config 0 descriptor??
[ 1157.678078][T13362] usb 2-1: Manufacturer: á ‰
[ 1157.996260][T13362] usbhid 2-1:1.0: can't add hid device: -71
[ 1158.027797][T13362] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[ 1158.057032][T13362] usb 2-1: USB disconnect, device number 38
[ 1159.724647][    T9] usb 6-1: USB disconnect, device number 37
[ 1160.085487][T15687] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[ 1161.206552][T15694] FAULT_INJECTION: forcing a failure.
[ 1161.206552][T15694] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.767337][T15694] CPU: 0 UID: 0 PID: 15694 Comm: syz.0.2561 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1161.767365][T15694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1161.767374][T15694] Call Trace:
[ 1161.767380][T15694]  <TASK>
[ 1161.767385][T15694]  dump_stack_lvl+0x189/0x250
[ 1161.767405][T15694]  ? __pfx____ratelimit+0x10/0x10
[ 1161.767420][T15694]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1161.767435][T15694]  ? __pfx__printk+0x10/0x10
[ 1161.767460][T15694]  should_fail_ex+0x414/0x560
[ 1161.767477][T15694]  _copy_to_user+0x31/0xb0
[ 1161.767498][T15694]  simple_read_from_buffer+0xe1/0x170
[ 1161.767515][T15694]  proc_fail_nth_read+0x1df/0x250
[ 1161.767534][T15694]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1161.767552][T15694]  ? rw_verify_area+0x258/0x650
[ 1161.767572][T15694]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1161.767589][T15694]  vfs_read+0x200/0x980
[ 1161.767613][T15694]  ? __pfx___mutex_lock+0x10/0x10
[ 1161.767629][T15694]  ? __pfx_vfs_read+0x10/0x10
[ 1161.767650][T15694]  ? __fget_files+0x2a/0x420
[ 1161.767668][T15694]  ? __fget_files+0x3a0/0x420
[ 1161.767682][T15694]  ? __fget_files+0x2a/0x420
[ 1161.767702][T15694]  ksys_read+0x145/0x250
[ 1161.767716][T15694]  ? __pfx_ksys_read+0x10/0x10
[ 1161.767731][T15694]  ? do_syscall_64+0xbe/0x3b0
[ 1161.767754][T15694]  do_syscall_64+0xfa/0x3b0
[ 1161.767767][T15694]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1161.767781][T15694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.767794][T15694]  ? clear_bhb_loop+0x60/0xb0
[ 1161.767811][T15694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.767823][T15694] RIP: 0033:0x7f070538d5fc
[ 1161.767835][T15694] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1161.767847][T15694] RSP: 002b:00007f070624f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1161.767861][T15694] RAX: ffffffffffffffda RBX: 00007f07055b6090 RCX: 00007f070538d5fc
[ 1161.767871][T15694] RDX: 000000000000000f RSI: 00007f070624f0a0 RDI: 000000000000000a
[ 1161.767879][T15694] RBP: 00007f070624f090 R08: 0000000000000000 R09: 0000000000000000
[ 1161.767887][T15694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1161.767902][T15694] R13: 00007f07055b6128 R14: 00007f07055b6090 R15: 00007ffdaf267ed8
[ 1161.767931][T15694]  </TASK>
[ 1165.118147][T13362] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1165.598146][ T5827] usb 6-1: new full-speed USB device number 38 using dummy_hcd
[ 1165.944310][T13362] usb 5-1: config 0 has an invalid interface number: 224 but max is 0
[ 1165.953827][T13362] usb 5-1: config 0 has no interface number 0
[ 1165.965064][T13362] usb 5-1: config 0 interface 224 has no altsetting 0
[ 1165.981519][T13362] usb 5-1: New USB device found, idVendor=04ad, idProduct=0302, bcdDevice=83.b7
[ 1165.996109][T13362] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.009055][T13362] usb 5-1: Product: syz
[ 1166.015677][T13362] usb 5-1: Manufacturer: syz
[ 1166.095888][T13362] usb 5-1: SerialNumber: syz
[ 1166.105386][T13362] usb 5-1: config 0 descriptor??
[ 1166.178614][ T5827] usb 6-1: config 9 has an invalid interface number: 88 but max is 1
[ 1166.186763][ T5827] usb 6-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[ 1166.220089][ T5840] Bluetooth: hci5: command 0x0406 tx timeout
[ 1166.276657][ T5827] usb 6-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[ 1166.345599][T15730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.354053][ T5827] usb 6-1: config 9 has no interface number 1
[ 1166.360607][T15730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1166.368470][ T5827] usb 6-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1166.379325][ T5827] usb 6-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1166.390202][ T5827] usb 6-1: config 9 interface 88 altsetting 9 has an endpoint descriptor with address 0xA4, changing to 0x84
[ 1166.401881][ T5827] usb 6-1: config 9 interface 88 has no altsetting 0
[ 1166.557358][ T5827] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=50.80
[ 1166.580256][T15730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.611261][T15730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1166.618097][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.641966][T15730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.674340][ T5827] usb 6-1: Product: syz
[ 1166.679545][T15730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1166.694172][ T5827] usb 6-1: Manufacturer: syz
[ 1166.713432][ T5827] usb 6-1: SerialNumber: syz
[ 1167.408028][ T5840] Bluetooth: hci4: command 0x1003 tx timeout
[ 1167.408044][T15065] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1168.267399][T15730] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1169.149753][T13362] usb 5-1: USB disconnect, device number 38
[ 1169.293365][T15773] syzkaller1: entered promiscuous mode
[ 1169.299704][T15773] syzkaller1: entered allmulticast mode
[ 1169.955150][ T5827] qmi_wwan 6-1:9.88: skipping garbage
[ 1169.968254][ T5827] qmi_wwan 6-1:9.88: probe with driver qmi_wwan failed with error -22
[ 1170.123136][ T5827] usb 6-1: Could not set interface, error -71
[ 1170.133588][ T5827] usb 6-1: USB disconnect, device number 38
[ 1170.285447][T15783] overlayfs: missing 'workdir'
[ 1174.058392][T15811] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2591'.
[ 1174.607549][T15813] FAULT_INJECTION: forcing a failure.
[ 1174.607549][T15813] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1174.621052][T15813] CPU: 0 UID: 0 PID: 15813 Comm: syz.4.2592 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1174.621076][T15813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1174.621089][T15813] Call Trace:
[ 1174.621096][T15813]  <TASK>
[ 1174.621105][T15813]  dump_stack_lvl+0x189/0x250
[ 1174.621131][T15813]  ? __pfx____ratelimit+0x10/0x10
[ 1174.621153][T15813]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1174.621175][T15813]  ? __pfx__printk+0x10/0x10
[ 1174.621202][T15813]  ? fs_reclaim_acquire+0x7d/0x100
[ 1174.621234][T15813]  should_fail_ex+0x414/0x560
[ 1174.621259][T15813]  prepare_alloc_pages+0x213/0x610
[ 1174.621291][T15813]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1174.621321][T15813]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1174.621363][T15813]  alloc_pages_bulk_noprof+0x560/0x710
[ 1174.621388][T15813]  ? rcu_is_watching+0x15/0xb0
[ 1174.621410][T15813]  ? trace_kmalloc+0x1f/0xd0
[ 1174.621425][T15813]  ? __kmalloc_noprof+0x29b/0x4f0
[ 1174.621443][T15813]  ? copy_splice_read+0x143/0x9b0
[ 1174.621467][T15813]  copy_splice_read+0x173/0x9b0
[ 1174.621499][T15813]  ? __pfx_copy_splice_read+0x10/0x10
[ 1174.621516][T15813]  ? look_up_lock_class+0x74/0x170
[ 1174.621539][T15813]  ? register_lock_class+0x51/0x320
[ 1174.621573][T15813]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[ 1174.621599][T15813]  ? alloc_pipe_info+0x374/0x4d0
[ 1174.621620][T15813]  ? __pfx_shmem_file_splice_read+0x10/0x10
[ 1174.621639][T15813]  splice_direct_to_actor+0x4d0/0xcc0
[ 1174.621679][T15813]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1174.621699][T15813]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1174.621730][T15813]  do_splice_direct+0x181/0x270
[ 1174.621753][T15813]  ? __pfx_do_splice_direct+0x10/0x10
[ 1174.621774][T15813]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1174.621803][T15813]  ? bpf_lsm_file_permission+0x9/0x20
[ 1174.621824][T15813]  ? security_file_permission+0x75/0x290
[ 1174.621847][T15813]  ? rw_verify_area+0x258/0x650
[ 1174.621880][T15813]  do_sendfile+0x4da/0x7e0
[ 1174.621903][T15813]  ? __pfx_vfs_write+0x10/0x10
[ 1174.621927][T15813]  ? __pfx_do_sendfile+0x10/0x10
[ 1174.621950][T15813]  ? __fget_files+0x3a0/0x420
[ 1174.621981][T15813]  __se_sys_sendfile64+0x13e/0x190
[ 1174.622006][T15813]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1174.622027][T15813]  ? rcu_is_watching+0x15/0xb0
[ 1174.622052][T15813]  ? do_syscall_64+0xbe/0x3b0
[ 1174.622077][T15813]  do_syscall_64+0xfa/0x3b0
[ 1174.622096][T15813]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1174.622115][T15813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.622134][T15813]  ? clear_bhb_loop+0x60/0xb0
[ 1174.622157][T15813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.622176][T15813] RIP: 0033:0x7fc65c78ebe9
[ 1174.622192][T15813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1174.622210][T15813] RSP: 002b:00007fc65d5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1174.622230][T15813] RAX: ffffffffffffffda RBX: 00007fc65c9b5fa0 RCX: 00007fc65c78ebe9
[ 1174.622244][T15813] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009
[ 1174.622256][T15813] RBP: 00007fc65d5d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1174.622268][T15813] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001
[ 1174.622280][T15813] R13: 00007fc65c9b6038 R14: 00007fc65c9b5fa0 R15: 00007ffe910b4b18
[ 1174.622310][T15813]  </TASK>
[ 1175.181534][T15823] loop3: detected capacity change from 0 to 1
[ 1175.236574][T15823] Dev loop3: unable to read RDB block 1
[ 1175.246212][T15823]  loop3: unable to read partition table
[ 1175.253097][T15823] loop3: partition table beyond EOD, truncated
[ 1175.338578][T15823] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1175.462140][T15827] 9pnet_fd: Insufficient options for proto=fd
[ 1176.378864][T15815] 9pnet: Found fid 0 not clunked
[ 1176.396557][T15840] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2599'.
[ 1178.528518][T15873] FAULT_INJECTION: forcing a failure.
[ 1178.528518][T15873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1178.541927][T15873] CPU: 0 UID: 0 PID: 15873 Comm: syz.1.2608 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1178.541952][T15873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1178.541965][T15873] Call Trace:
[ 1178.541971][T15873]  <TASK>
[ 1178.541978][T15873]  dump_stack_lvl+0x189/0x250
[ 1178.541996][T15873]  ? __pfx____ratelimit+0x10/0x10
[ 1178.542011][T15873]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1178.542026][T15873]  ? __pfx__printk+0x10/0x10
[ 1178.542043][T15873]  ? __might_fault+0xb0/0x130
[ 1178.542063][T15873]  should_fail_ex+0x414/0x560
[ 1178.542080][T15873]  _copy_from_iter+0x1db/0x16f0
[ 1178.542105][T15873]  ? __pfx__copy_from_iter+0x10/0x10
[ 1178.542122][T15873]  ? __build_skb_around+0x257/0x3e0
[ 1178.542144][T15873]  ? netlink_sendmsg+0x642/0xb30
[ 1178.542163][T15873]  ? skb_put+0x11b/0x210
[ 1178.542183][T15873]  netlink_sendmsg+0x6b2/0xb30
[ 1178.542208][T15873]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1178.542232][T15873]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1178.542245][T15873]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1178.542263][T15873]  __sock_sendmsg+0x21c/0x270
[ 1178.542281][T15873]  ____sys_sendmsg+0x505/0x830
[ 1178.542305][T15873]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1178.542331][T15873]  ? import_iovec+0x74/0xa0
[ 1178.542351][T15873]  ___sys_sendmsg+0x21f/0x2a0
[ 1178.542373][T15873]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1178.542422][T15873]  ? __fget_files+0x2a/0x420
[ 1178.542437][T15873]  ? __fget_files+0x3a0/0x420
[ 1178.542458][T15873]  __x64_sys_sendmsg+0x19b/0x260
[ 1178.542481][T15873]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1178.542508][T15873]  ? __pfx_ksys_write+0x10/0x10
[ 1178.542519][T15873]  ? rcu_is_watching+0x15/0xb0
[ 1178.542537][T15873]  ? do_syscall_64+0xbe/0x3b0
[ 1178.542554][T15873]  do_syscall_64+0xfa/0x3b0
[ 1178.542569][T15873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.542582][T15873]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1178.542595][T15873]  ? clear_bhb_loop+0x60/0xb0
[ 1178.542611][T15873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.542624][T15873] RIP: 0033:0x7f744bb8ebe9
[ 1178.542635][T15873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1178.542647][T15873] RSP: 002b:00007f744c91a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1178.542661][T15873] RAX: ffffffffffffffda RBX: 00007f744bdb6090 RCX: 00007f744bb8ebe9
[ 1178.542671][T15873] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 1178.542679][T15873] RBP: 00007f744c91a090 R08: 0000000000000000 R09: 0000000000000000
[ 1178.542687][T15873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1178.542695][T15873] R13: 00007f744bdb6128 R14: 00007f744bdb6090 R15: 00007fff0d6fda18
[ 1178.542715][T15873]  </TASK>
[ 1179.528043][T14486] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1179.925581][T15886] input: syz0 as /devices/virtual/input/input36
[ 1180.000429][T14486] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1180.028031][T14486] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1180.060313][T14486] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1180.084537][T14486] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.092697][T14486] usb 5-1: Product: syz
[ 1180.096906][T14486] usb 5-1: Manufacturer: syz
[ 1180.101551][T14486] usb 5-1: SerialNumber: syz
[ 1180.122553][T14486] cdc_mbim 5-1:1.0: skipping garbage
[ 1181.503834][T15878] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1182.225649][T15878] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1182.263295][T14486] cdc_mbim 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[ 1182.282223][T14486] cdc_mbim 5-1:1.0: setting rx_max = 2048
[ 1182.543167][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.550072][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1182.570574][T14486] cdc_mbim 5-1:1.0: setting tx_max = 184
[ 1182.609678][T14486] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[ 1182.790896][T14486] wwan wwan0: port wwan0mbim0 attached
[ 1182.860242][T14486] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, ae:79:03:67:1c:31
[ 1183.041594][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[ 1183.048540][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[ 1183.054822][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[ 1183.066325][T14486] usb 5-1: USB disconnect, device number 39
[ 1183.077214][T14486] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[ 1183.116203][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1183.126936][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1183.134873][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1183.143254][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1183.151060][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1183.494161][T14486] wwan wwan0: port wwan0mbim0 disconnected
[ 1183.856863][T15919] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2619'.
[ 1184.223958][T15909] chnl_net:caif_netlink_parms(): no params data found
[ 1184.284126][T15926] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1185.271333][T15065] Bluetooth: hci3: command tx timeout
[ 1185.339918][T15909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1185.340295][T15934] vivid-008: disconnect
[ 1185.422371][T15946] overlayfs: missing 'workdir'
[ 1185.522759][T15909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1185.725457][T15909] bridge_slave_0: entered allmulticast mode
[ 1185.919151][T15909] bridge_slave_0: entered promiscuous mode
[ 1185.987415][T15909] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1186.031947][T15909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.039804][T15909] bridge_slave_1: entered allmulticast mode
[ 1186.047529][T15909] bridge_slave_1: entered promiscuous mode
[ 1186.155186][T15932] vivid-008: reconnect
[ 1186.302516][T15909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1186.404898][T15909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1187.329915][T15065] Bluetooth: hci3: command tx timeout
[ 1187.351655][T15968] FAULT_INJECTION: forcing a failure.
[ 1187.351655][T15968] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1187.386563][T15968] CPU: 1 UID: 0 PID: 15968 Comm: syz.4.2625 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1187.386592][T15968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1187.386613][T15968] Call Trace:
[ 1187.386622][T15968]  <TASK>
[ 1187.386632][T15968]  dump_stack_lvl+0x189/0x250
[ 1187.386663][T15968]  ? __pfx____ratelimit+0x10/0x10
[ 1187.386688][T15968]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1187.386714][T15968]  ? __pfx__printk+0x10/0x10
[ 1187.386743][T15968]  ? __might_fault+0xb0/0x130
[ 1187.386778][T15968]  should_fail_ex+0x414/0x560
[ 1187.386807][T15968]  _copy_from_iter+0x1db/0x16f0
[ 1187.386840][T15968]  ? rcu_is_watching+0x15/0xb0
[ 1187.386866][T15968]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1187.386891][T15968]  ? __pfx__copy_from_iter+0x10/0x10
[ 1187.386921][T15968]  ? __build_skb_around+0x257/0x3e0
[ 1187.386958][T15968]  ? netlink_sendmsg+0x642/0xb30
[ 1187.386988][T15968]  ? skb_put+0x11b/0x210
[ 1187.387023][T15968]  netlink_sendmsg+0x6b2/0xb30
[ 1187.387066][T15968]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1187.387108][T15968]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1187.387130][T15968]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1187.387163][T15968]  __sock_sendmsg+0x21c/0x270
[ 1187.387199][T15968]  ____sys_sendmsg+0x52d/0x830
[ 1187.387244][T15968]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1187.387289][T15968]  ? import_iovec+0x74/0xa0
[ 1187.387324][T15968]  ___sys_sendmsg+0x21f/0x2a0
[ 1187.387361][T15968]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1187.387437][T15968]  ? __fget_files+0x2a/0x420
[ 1187.387461][T15968]  ? __fget_files+0x3a0/0x420
[ 1187.387498][T15968]  __sys_sendmmsg+0x227/0x430
[ 1187.387539][T15968]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1187.387580][T15968]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1187.387652][T15968]  ? ksys_write+0x22a/0x250
[ 1187.387674][T15968]  ? __pfx_ksys_write+0x10/0x10
[ 1187.387690][T15968]  ? rcu_is_watching+0x15/0xb0
[ 1187.387718][T15968]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1187.387752][T15968]  do_syscall_64+0xfa/0x3b0
[ 1187.387773][T15968]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1187.387794][T15968]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.387814][T15968]  ? clear_bhb_loop+0x60/0xb0
[ 1187.387838][T15968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.387858][T15968] RIP: 0033:0x7fc65c78ebe9
[ 1187.387875][T15968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.387896][T15968] RSP: 002b:00007fc65d5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1187.387918][T15968] RAX: ffffffffffffffda RBX: 00007fc65c9b5fa0 RCX: 00007fc65c78ebe9
[ 1187.387932][T15968] RDX: 0492492492492627 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1187.387946][T15968] RBP: 00007fc65d5d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.387958][T15968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1187.387970][T15968] R13: 00007fc65c9b6038 R14: 00007fc65c9b5fa0 R15: 00007ffe910b4b18
[ 1187.388003][T15968]  </TASK>
[ 1187.678419][T15909] team0: Port device team_slave_0 added
[ 1187.687276][T15909] team0: Port device team_slave_1 added
[ 1188.186582][T15972] syz.0.2626 (15972): drop_caches: 2
[ 1188.214767][T15909] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1188.238238][T15909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1188.445870][T15909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1188.626300][T15909] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1188.647935][T15909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1188.736916][T15909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1189.024142][T16001] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1189.550169][T15065] Bluetooth: hci3: command tx timeout
[ 1189.672524][T16000] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[ 1189.702667][T15997] [U] J"—e:ÀÆ"


[ 1189.791747][T16005] FAULT_INJECTION: forcing a failure.
[ 1189.791747][T16005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.833214][T16005] CPU: 0 UID: 0 PID: 16005 Comm: syz.4.2634 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1189.833239][T16005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1189.833251][T16005] Call Trace:
[ 1189.833259][T16005]  <TASK>
[ 1189.833267][T16005]  dump_stack_lvl+0x189/0x250
[ 1189.833294][T16005]  ? __pfx____ratelimit+0x10/0x10
[ 1189.833314][T16005]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1189.833343][T16005]  ? __pfx__printk+0x10/0x10
[ 1189.833387][T16005]  ? __might_fault+0xb0/0x130
[ 1189.833418][T16005]  should_fail_ex+0x414/0x560
[ 1189.833444][T16005]  strncpy_from_user+0x36/0x290
[ 1189.833480][T16005]  getname_flags+0xf3/0x540
[ 1189.833509][T16005]  __x64_sys_link+0x5d/0x90
[ 1189.833532][T16005]  do_syscall_64+0xfa/0x3b0
[ 1189.833553][T16005]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1189.833574][T16005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.833594][T16005]  ? clear_bhb_loop+0x60/0xb0
[ 1189.833618][T16005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.833637][T16005] RIP: 0033:0x7fc65c78ebe9
[ 1189.833653][T16005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1189.833682][T16005] RSP: 002b:00007fc65d5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[ 1189.833702][T16005] RAX: ffffffffffffffda RBX: 00007fc65c9b5fa0 RCX: 00007fc65c78ebe9
[ 1189.833715][T16005] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000000
[ 1189.833744][T16005] RBP: 00007fc65d5d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.833756][T16005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.833780][T16005] R13: 00007fc65c9b6038 R14: 00007fc65c9b5fa0 R15: 00007ffe910b4b18
[ 1189.833810][T16005]  </TASK>
[ 1190.518627][T16010] overlayfs: missing 'workdir'
[ 1191.203930][T15909] hsr_slave_0: entered promiscuous mode
[ 1191.218392][T15909] hsr_slave_1: entered promiscuous mode
[ 1191.228386][T15909] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1191.246471][T15909] Cannot create hsr debugfs directory
[ 1191.628212][T15065] Bluetooth: hci3: command tx timeout
[ 1191.819113][T16023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2635'.
[ 1192.186973][T16020] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2636'.
[ 1192.436546][T16020] syz.5.2636 (16020): drop_caches: 2
[ 1192.836949][T15909] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1192.862710][T15909] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1193.024192][T16035] comedi comedi3: comedi_config --init_data is deprecated
[ 1193.132876][T15909] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1193.218067][T15909] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1193.342318][T16044] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1193.361037][T15909] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1193.402268][T15909] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1193.526158][T15909] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1193.552070][T15909] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1193.934112][T16052] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1194.471174][T15909] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1194.517654][T15909] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1194.758570][T15909] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1194.789093][T15909] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1195.107115][T16066] overlayfs: missing 'workdir'
[ 1195.826124][T15909] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1196.091880][T15909] 8021q: adding VLAN 0 to HW filter on device team0
[ 1196.130110][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1196.137281][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1196.547870][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1196.555118][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1198.333988][T15909] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1198.764333][T16100] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1199.739541][T15909] veth0_vlan: entered promiscuous mode
[ 1199.759081][T15909] veth1_vlan: entered promiscuous mode
[ 1199.855656][T15909] veth0_macvtap: entered promiscuous mode
[ 1199.912259][T15909] veth1_macvtap: entered promiscuous mode
[ 1200.144981][T15909] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1200.176777][T15909] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1200.187720][T15909] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1200.197444][T15909] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1200.206611][T15909] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1200.216760][T15909] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1200.279794][ T5827] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1200.418942][T13922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1200.445781][T13922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1200.505104][ T5827] usb 6-1: Using ep0 maxpacket: 8
[ 1200.546575][ T8312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1200.555890][ T5827] usb 6-1: config 0 has an invalid interface number: 37 but max is 0
[ 1200.600616][ T5827] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1200.627713][ T8312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1200.652117][ T5827] usb 6-1: config 0 has no interface number 0
[ 1200.663891][ T5827] usb 6-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3
[ 1200.680651][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.714678][ T5827] usb 6-1: Product: syz
[ 1200.727690][ T5827] usb 6-1: Manufacturer: syz
[ 1200.742709][ T5827] usb 6-1: SerialNumber: syz
[ 1200.773069][ T5827] usb 6-1: config 0 descriptor??
[ 1200.791094][ T5827] usb 6-1: bad CDC descriptors
[ 1201.069865][T16125] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1203.246351][T14486] usb 6-1: USB disconnect, device number 39
[ 1204.341885][T16142] FAULT_INJECTION: forcing a failure.
[ 1204.341885][T16142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1204.354979][T16142] CPU: 0 UID: 0 PID: 16142 Comm: syz.5.2663 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1204.354999][T16142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1204.355009][T16142] Call Trace:
[ 1204.355016][T16142]  <TASK>
[ 1204.355023][T16142]  dump_stack_lvl+0x189/0x250
[ 1204.355045][T16142]  ? __pfx____ratelimit+0x10/0x10
[ 1204.355062][T16142]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1204.355079][T16142]  ? __pfx__printk+0x10/0x10
[ 1204.355100][T16142]  ? __might_fault+0xb0/0x130
[ 1204.355124][T16142]  should_fail_ex+0x414/0x560
[ 1204.355144][T16142]  _copy_from_user+0x2d/0xb0
[ 1204.355167][T16142]  ___sys_sendmsg+0x158/0x2a0
[ 1204.355194][T16142]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1204.355247][T16142]  ? __fget_files+0x2a/0x420
[ 1204.355276][T16142]  ? __fget_files+0x3a0/0x420
[ 1204.355301][T16142]  __x64_sys_sendmsg+0x19b/0x260
[ 1204.355338][T16142]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1204.355367][T16142]  ? __pfx_ksys_write+0x10/0x10
[ 1204.355384][T16142]  ? do_syscall_64+0xbe/0x3b0
[ 1204.355402][T16142]  do_syscall_64+0xfa/0x3b0
[ 1204.355417][T16142]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1204.355431][T16142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.355444][T16142]  ? clear_bhb_loop+0x60/0xb0
[ 1204.355461][T16142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.355475][T16142] RIP: 0033:0x7f11a6f8ebe9
[ 1204.355487][T16142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1204.355499][T16142] RSP: 002b:00007f11a7d15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1204.355515][T16142] RAX: ffffffffffffffda RBX: 00007f11a71b5fa0 RCX: 00007f11a6f8ebe9
[ 1204.355525][T16142] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008
[ 1204.355534][T16142] RBP: 00007f11a7d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1204.355542][T16142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1204.355550][T16142] R13: 00007f11a71b6038 R14: 00007f11a71b5fa0 R15: 00007ffc3f199848
[ 1204.355573][T16142]  </TASK>
[ 1206.021644][T16165] 9pnet_fd: Insufficient options for proto=fd
[ 1206.274685][T16171] tipc: Started in network mode
[ 1206.283493][T16171] tipc: Node identity ac14140f, cluster identity 4711
[ 1206.302058][T16171] tipc: New replicast peer: 255.255.255.255
[ 1206.342922][T16171] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1206.382736][T16172] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2670'.
[ 1206.428312][T16172] tipc: Disabling bearer <udp:syz2>
[ 1206.666044][T16180] netlink: 'syz.5.2672': attribute type 1 has an invalid length.
[ 1206.798946][T16183] netlink: 'syz.1.2674': attribute type 10 has an invalid length.
[ 1206.967971][T16183] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2674'.
[ 1207.059772][T16180] bond1: (slave gretap1): making interface the new active one
[ 1207.098989][T16180] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1207.119452][T16183] dummy0: entered promiscuous mode
[ 1207.126288][T16183] bridge0: port 3(dummy0) entered blocking state
[ 1207.139407][T16183] bridge0: port 3(dummy0) entered disabled state
[ 1207.160656][T16183] dummy0: entered allmulticast mode
[ 1207.425864][T15065] Bluetooth: hci3: command 0x0405 tx timeout
[ 1210.596290][T16201] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[ 1210.969335][T16208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2678'.
[ 1211.755128][T16222] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2682'.
[ 1211.786364][T16223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2679'.
[ 1212.781802][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.802567][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.814806][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.823403][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.843785][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.878058][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1212.893702][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1213.693991][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1213.701933][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1213.709744][T16231] netlink: 'syz.5.2684': attribute type 4 has an invalid length.
[ 1214.014299][T16248] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2689'.
[ 1214.745561][T16260] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2691'.
[ 1215.459571][T16264] overlay: ./bus is not a directory
[ 1215.744224][T16274] syz.4.2697 (16274): drop_caches: 2
[ 1215.816855][T16278] syz.0.2696 (16278): drop_caches: 2
[ 1218.822672][T16302] FAULT_INJECTION: forcing a failure.
[ 1218.822672][T16302] name failslab, interval 1, probability 0, space 0, times 0
[ 1218.835457][T16302] CPU: 0 UID: 0 PID: 16302 Comm: syz.5.2705 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1218.835481][T16302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1218.835493][T16302] Call Trace:
[ 1218.835500][T16302]  <TASK>
[ 1218.835508][T16302]  dump_stack_lvl+0x189/0x250
[ 1218.835534][T16302]  ? __pfx____ratelimit+0x10/0x10
[ 1218.835555][T16302]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1218.835582][T16302]  ? __pfx__printk+0x10/0x10
[ 1218.835611][T16302]  ? lock_acquire+0x175/0x360
[ 1218.835628][T16302]  ? __pfx___might_resched+0x10/0x10
[ 1218.835653][T16302]  should_fail_ex+0x414/0x560
[ 1218.835677][T16302]  ? traverse+0xd9/0x570
[ 1218.835702][T16302]  should_failslab+0xa8/0x100
[ 1218.835725][T16302]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1218.835746][T16302]  ? traverse+0xd9/0x570
[ 1218.835777][T16302]  traverse+0xd9/0x570
[ 1218.835806][T16302]  ? irqentry_exit+0x74/0x90
[ 1218.835835][T16302]  seq_read_iter+0xcfe/0xe10
[ 1218.835865][T16302]  ? seq_read+0x11/0x3d0
[ 1218.835897][T16302]  ? __asan_memset+0x22/0x50
[ 1218.835930][T16302]  seq_read+0x2e2/0x3d0
[ 1218.835966][T16302]  ? __pfx_seq_read+0x10/0x10
[ 1218.836006][T16302]  ? rw_verify_area+0x258/0x650
[ 1218.836032][T16302]  ? rcu_read_unlock_special+0x3fe/0x4c0
[ 1218.836059][T16302]  ? __pfx_seq_read+0x10/0x10
[ 1218.836088][T16302]  vfs_read+0x200/0x980
[ 1218.836115][T16302]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1218.836150][T16302]  ? __pfx_vfs_read+0x10/0x10
[ 1218.836183][T16302]  ? __rcu_read_unlock+0x84/0xe0
[ 1218.836209][T16302]  ? __fget_files+0x2a/0x420
[ 1218.836229][T16302]  ? __fget_files+0x3a0/0x420
[ 1218.836250][T16302]  ? __fget_files+0x2a/0x420
[ 1218.836280][T16302]  __x64_sys_pread64+0x193/0x220
[ 1218.836302][T16302]  ? __pfx___x64_sys_pread64+0x10/0x10
[ 1218.836327][T16302]  ? do_syscall_64+0xbe/0x3b0
[ 1218.836352][T16302]  do_syscall_64+0xfa/0x3b0
[ 1218.836374][T16302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1218.836392][T16302]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1218.836410][T16302]  ? clear_bhb_loop+0x60/0xb0
[ 1218.836433][T16302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1218.836451][T16302] RIP: 0033:0x7f11a6f8ebe9
[ 1218.836467][T16302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1218.836483][T16302] RSP: 002b:00007f11a51d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[ 1218.836503][T16302] RAX: ffffffffffffffda RBX: 00007f11a71b6180 RCX: 00007f11a6f8ebe9
[ 1218.836516][T16302] RDX: 0000000000018fd3 RSI: 0000200000019180 RDI: 0000000000000008
[ 1218.836528][T16302] RBP: 00007f11a51d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1218.836539][T16302] R10: 0000000000000c2a R11: 0000000000000246 R12: 0000000000000001
[ 1218.836550][T16302] R13: 00007f11a71b6218 R14: 00007f11a71b6180 R15: 00007ffc3f199848
[ 1218.836587][T16302]  </TASK>
[ 1220.542033][T16318] fuse: Bad value for 'rootmode'
[ 1221.529219][T16330] input: syz0 as /devices/virtual/input/input37
[ 1223.227978][ T5977] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1223.333404][T16351] syz.2.2717 (16351): drop_caches: 2
[ 1223.452258][ T5977] usb 5-1: config 0 has an invalid interface number: 59 but max is 0
[ 1223.501739][ T5977] usb 5-1: config 0 has no interface number 0
[ 1223.523194][ T5977] usb 5-1: config 0 interface 59 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1223.562219][ T5977] usb 5-1: config 0 interface 59 altsetting 0 has an endpoint descriptor with address 0x54, changing to 0x4
[ 1223.590081][ T5977] usb 5-1: config 0 interface 59 altsetting 0 endpoint 0x4 has an invalid bInterval 44, changing to 7
[ 1223.650933][ T5977] usb 5-1: config 0 interface 59 altsetting 0 endpoint 0x4 has invalid maxpacket 50877, setting to 1024
[ 1223.684882][ T5977] usb 5-1: config 0 interface 59 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1223.715145][ T5977] usb 5-1: New USB device found, idVendor=093a, idProduct=010f, bcdDevice=c6.63
[ 1223.725775][ T5977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1223.741993][ T5977] usb 5-1: config 0 descriptor??
[ 1223.972457][ T5977] usb 5-1: string descriptor 0 read error: -71
[ 1224.004739][ T5977] gspca_main: mr97310a-2.14.0 probing 093a:010f
[ 1224.039708][ T5977] gspca_mr97310a: reg write [21] error -22
[ 1224.099616][ T5977] mr97310a 5-1:0.59: probe with driver mr97310a failed with error -22
[ 1224.176102][ T5977] usb 5-1: USB disconnect, device number 40
[ 1224.523890][T16362] FAULT_INJECTION: forcing a failure.
[ 1224.523890][T16362] name failslab, interval 1, probability 0, space 0, times 0
[ 1224.648097][T16362] CPU: 1 UID: 0 PID: 16362 Comm: syz.1.2722 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1224.648124][T16362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1224.648136][T16362] Call Trace:
[ 1224.648144][T16362]  <TASK>
[ 1224.648152][T16362]  dump_stack_lvl+0x189/0x250
[ 1224.648178][T16362]  ? __pfx____ratelimit+0x10/0x10
[ 1224.648199][T16362]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1224.648219][T16362]  ? __pfx__printk+0x10/0x10
[ 1224.648250][T16362]  ? ref_tracker_alloc+0x318/0x460
[ 1224.648275][T16362]  should_fail_ex+0x414/0x560
[ 1224.648299][T16362]  should_failslab+0xa8/0x100
[ 1224.648322][T16362]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1224.648340][T16362]  ? skb_clone+0x212/0x3a0
[ 1224.648364][T16362]  skb_clone+0x212/0x3a0
[ 1224.648386][T16362]  __netlink_deliver_tap+0x404/0x850
[ 1224.648425][T16362]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1224.648453][T16362]  netlink_deliver_tap+0x19c/0x1b0
[ 1224.648481][T16362]  netlink_unicast+0x730/0x8e0
[ 1224.648516][T16362]  netlink_sendmsg+0x805/0xb30
[ 1224.648552][T16362]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1224.648587][T16362]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1224.648606][T16362]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1224.648633][T16362]  __sock_sendmsg+0x21c/0x270
[ 1224.648658][T16362]  ____sys_sendmsg+0x52d/0x830
[ 1224.648693][T16362]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1224.648732][T16362]  ? import_iovec+0x74/0xa0
[ 1224.648762][T16362]  ___sys_sendmsg+0x21f/0x2a0
[ 1224.648801][T16362]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1224.648867][T16362]  ? __fget_files+0x2a/0x420
[ 1224.648888][T16362]  ? __fget_files+0x3a0/0x420
[ 1224.648920][T16362]  __sys_sendmmsg+0x227/0x430
[ 1224.648955][T16362]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1224.648982][T16362]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1224.649030][T16362]  ? ksys_write+0x22a/0x250
[ 1224.649051][T16362]  ? __pfx_ksys_write+0x10/0x10
[ 1224.649066][T16362]  ? rcu_is_watching+0x15/0xb0
[ 1224.649093][T16362]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1224.649128][T16362]  do_syscall_64+0xfa/0x3b0
[ 1224.649149][T16362]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1224.649168][T16362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1224.649187][T16362]  ? clear_bhb_loop+0x60/0xb0
[ 1224.649210][T16362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1224.649228][T16362] RIP: 0033:0x7f744bb8ebe9
[ 1224.649244][T16362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1224.649261][T16362] RSP: 002b:00007f744c93b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1224.649281][T16362] RAX: ffffffffffffffda RBX: 00007f744bdb5fa0 RCX: 00007f744bb8ebe9
[ 1224.649295][T16362] RDX: 0492492492492627 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1224.649308][T16362] RBP: 00007f744c93b090 R08: 0000000000000000 R09: 0000000000000000
[ 1224.649319][T16362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1224.649330][T16362] R13: 00007f744bdb6038 R14: 00007f744bdb5fa0 R15: 00007fff0d6fda18
[ 1224.649361][T16362]  </TASK>
[ 1225.660413][T16372] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1225.678303][ T5977] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1225.682769][T16372] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[ 1225.693662][T16372] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode
[ 1225.713975][T16372] syzkaller0: mtu less than device minimum
[ 1225.871427][ T5977] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1225.883731][ T5977] usb 6-1: config 1 has an invalid interface number: 88 but max is 1
[ 1225.907180][ T5977] usb 6-1: config 1 has no interface number 1
[ 1225.924856][ T5977] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1226.063292][T16383] binder: 16373:16383 unknown command 0
[ 1226.069206][T16383] binder: 16373:16383 ioctl c0306201 2000000001c0 returned -22
[ 1226.570592][ T5977] usb 6-1: too many endpoints for config 1 interface 88 altsetting 255: 255, using maximum allowed: 30
[ 1226.581762][ T5977] usb 6-1: config 1 interface 88 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1226.598048][ T5977] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1226.604686][ T5977] usb 6-1: config 1 interface 88 has no altsetting 0
[ 1226.627203][ T5977] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[ 1226.636894][T13362] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1226.685482][ T5901] tipc: Node number set to 2886997007
[ 1226.716525][ T5977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1226.746626][ T5977] usb 6-1: Product: syz
[ 1226.760562][ T5977] usb 6-1: Manufacturer: syz
[ 1226.765488][ T5977] usb 6-1: SerialNumber: syz
[ 1226.958031][T13362] usb 5-1: Using ep0 maxpacket: 16
[ 1226.973626][T13362] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1226.994921][T13362] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1227.005938][T16364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1227.020062][T16364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1227.028056][T13362] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1227.041224][T13362] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1227.098671][T16387] openvswitch: netlink: Missing key (keys=40, expected=2000)
[ 1227.580139][ T5977] smsusb:smsusb_probe: board id=8, interface number 0
[ 1227.593288][T13362] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.695836][ T5977] smsusb:smsusb_probe: board id=8, interface number 88
[ 1227.707173][T13362] usb 5-1: config 0 descriptor??
[ 1227.714531][ T5977] usb 6-1: USB disconnect, device number 40
[ 1228.340068][T16400] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2733'.
[ 1229.759326][T13362] usbhid 5-1:0.0: can't add hid device: -71
[ 1229.767682][T13362] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1229.815840][T13362] usb 5-1: USB disconnect, device number 41
[ 1229.980461][T16421] syz.2.2738 (16421): drop_caches: 2
[ 1233.586849][T16463] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2750'.
[ 1234.513485][T16472] FAULT_INJECTION: forcing a failure.
[ 1234.513485][T16472] name failslab, interval 1, probability 0, space 0, times 0
[ 1234.533732][T16472] CPU: 0 UID: 0 PID: 16472 Comm: syz.1.2753 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1234.533760][T16472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1234.533773][T16472] Call Trace:
[ 1234.533782][T16472]  <TASK>
[ 1234.533791][T16472]  dump_stack_lvl+0x189/0x250
[ 1234.533821][T16472]  ? __pfx____ratelimit+0x10/0x10
[ 1234.533853][T16472]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1234.533878][T16472]  ? __pfx__printk+0x10/0x10
[ 1234.533908][T16472]  ? __pfx___might_resched+0x10/0x10
[ 1234.533932][T16472]  ? fs_reclaim_acquire+0x7d/0x100
[ 1234.533964][T16472]  should_fail_ex+0x414/0x560
[ 1234.533992][T16472]  should_failslab+0xa8/0x100
[ 1234.534018][T16472]  __kmalloc_noprof+0xcb/0x4f0
[ 1234.534037][T16472]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1234.534075][T16472]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1234.534108][T16472]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1234.534142][T16472]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1234.534174][T16472]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1234.534202][T16472]  ? rcu_is_watching+0x15/0xb0
[ 1234.534226][T16472]  ? cap_capable+0x11f/0x460
[ 1234.534249][T16472]  ? safesetid_security_capable+0xa9/0x1a0
[ 1234.534275][T16472]  ? bpf_lsm_capable+0x9/0x20
[ 1234.534303][T16472]  ? security_capable+0x7e/0x2e0
[ 1234.534338][T16472]  genl_rcv_msg+0x60e/0x790
[ 1234.534370][T16472]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1234.534391][T16472]  ? ref_tracker_free+0x63a/0x7d0
[ 1234.534413][T16472]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1234.534433][T16472]  ? __pfx_nl80211_start_ap+0x10/0x10
[ 1234.534454][T16472]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1234.534476][T16472]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1234.534513][T16472]  netlink_rcv_skb+0x205/0x470
[ 1234.534545][T16472]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1234.534571][T16472]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1234.534620][T16472]  ? down_read+0x1ad/0x2e0
[ 1234.534650][T16472]  genl_rcv+0x28/0x40
[ 1234.534669][T16472]  netlink_unicast+0x75c/0x8e0
[ 1234.534709][T16472]  netlink_sendmsg+0x805/0xb30
[ 1234.534749][T16472]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1234.534788][T16472]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1234.534807][T16472]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1234.534843][T16472]  __sock_sendmsg+0x21c/0x270
[ 1234.534874][T16472]  ____sys_sendmsg+0x505/0x830
[ 1234.534912][T16472]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1234.534955][T16472]  ? import_iovec+0x74/0xa0
[ 1234.534988][T16472]  ___sys_sendmsg+0x21f/0x2a0
[ 1234.535024][T16472]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1234.535099][T16472]  ? __fget_files+0x2a/0x420
[ 1234.535124][T16472]  ? __fget_files+0x3a0/0x420
[ 1234.535160][T16472]  __x64_sys_sendmsg+0x19b/0x260
[ 1234.535197][T16472]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1234.535243][T16472]  ? __pfx_ksys_write+0x10/0x10
[ 1234.535261][T16472]  ? rcu_is_watching+0x15/0xb0
[ 1234.535301][T16472]  ? do_syscall_64+0xbe/0x3b0
[ 1234.535342][T16472]  do_syscall_64+0xfa/0x3b0
[ 1234.535362][T16472]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1234.535383][T16472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1234.535420][T16472]  ? clear_bhb_loop+0x60/0xb0
[ 1234.535446][T16472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1234.535476][T16472] RIP: 0033:0x7f744bb8ebe9
[ 1234.535495][T16472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1234.535508][T16472] RSP: 002b:00007f744c93b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1234.535524][T16472] RAX: ffffffffffffffda RBX: 00007f744bdb5fa0 RCX: 00007f744bb8ebe9
[ 1234.535536][T16472] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[ 1234.535545][T16472] RBP: 00007f744c93b090 R08: 0000000000000000 R09: 0000000000000000
[ 1234.535554][T16472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1234.535563][T16472] R13: 00007f744bdb6038 R14: 00007f744bdb5fa0 R15: 00007fff0d6fda18
[ 1234.535587][T16472]  </TASK>
[ 1235.878784][T16489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2755'.
[ 1236.680918][T16498] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2758'.
[ 1237.048070][ T5901] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1237.525139][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1237.552490][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1237.564995][ T5901] usb 6-1: New USB device found, idVendor=05a4, idProduct=2000, bcdDevice= 0.00
[ 1237.577700][ T5901] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.601672][ T5901] usb 6-1: config 0 descriptor??
[ 1237.645354][ T5901] hub 6-1:0.0: USB hub found
[ 1238.198856][T16517] FAULT_INJECTION: forcing a failure.
[ 1238.198856][T16517] name failslab, interval 1, probability 0, space 0, times 0
[ 1238.211709][T16517] CPU: 0 UID: 0 PID: 16517 Comm: syz.1.2763 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1238.211726][T16517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1238.211734][T16517] Call Trace:
[ 1238.211739][T16517]  <TASK>
[ 1238.211744][T16517]  dump_stack_lvl+0x189/0x250
[ 1238.211767][T16517]  ? __pfx____ratelimit+0x10/0x10
[ 1238.211781][T16517]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1238.211796][T16517]  ? __pfx__printk+0x10/0x10
[ 1238.211820][T16517]  ? __pfx___might_resched+0x10/0x10
[ 1238.211838][T16517]  should_fail_ex+0x414/0x560
[ 1238.211855][T16517]  should_failslab+0xa8/0x100
[ 1238.211871][T16517]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1238.211884][T16517]  ? __alloc_skb+0x112/0x2d0
[ 1238.211906][T16517]  __alloc_skb+0x112/0x2d0
[ 1238.211926][T16517]  netlink_sendmsg+0x5c6/0xb30
[ 1238.211952][T16517]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1238.211976][T16517]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1238.211989][T16517]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1238.212008][T16517]  __sock_sendmsg+0x21c/0x270
[ 1238.212026][T16517]  ____sys_sendmsg+0x505/0x830
[ 1238.212049][T16517]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1238.212076][T16517]  ? import_iovec+0x74/0xa0
[ 1238.212097][T16517]  ___sys_sendmsg+0x21f/0x2a0
[ 1238.212119][T16517]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1238.212163][T16517]  ? __fget_files+0x2a/0x420
[ 1238.212177][T16517]  ? __fget_files+0x3a0/0x420
[ 1238.212198][T16517]  __x64_sys_sendmsg+0x19b/0x260
[ 1238.212220][T16517]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1238.212247][T16517]  ? __pfx_ksys_write+0x10/0x10
[ 1238.212257][T16517]  ? rcu_is_watching+0x15/0xb0
[ 1238.212275][T16517]  ? do_syscall_64+0xbe/0x3b0
[ 1238.212293][T16517]  do_syscall_64+0xfa/0x3b0
[ 1238.212306][T16517]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1238.212320][T16517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1238.212333][T16517]  ? clear_bhb_loop+0x60/0xb0
[ 1238.212348][T16517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1238.212361][T16517] RIP: 0033:0x7f744bb8ebe9
[ 1238.212372][T16517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1238.212384][T16517] RSP: 002b:00007f744c93b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1238.212397][T16517] RAX: ffffffffffffffda RBX: 00007f744bdb5fa0 RCX: 00007f744bb8ebe9
[ 1238.212407][T16517] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008
[ 1238.212415][T16517] RBP: 00007f744c93b090 R08: 0000000000000000 R09: 0000000000000000
[ 1238.212423][T16517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1238.212431][T16517] R13: 00007f744bdb6038 R14: 00007f744bdb5fa0 R15: 00007fff0d6fda18
[ 1238.212451][T16517]  </TASK>
[ 1238.833590][T16525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2764'.
[ 1239.109617][T16527] hub 8-0:1.0: USB hub found
[ 1239.116509][T16527] hub 8-0:1.0: 1 port detected
[ 1240.071503][T16514] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2762'.
[ 1240.083390][ T5901] hub 6-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1240.196548][ T5901] usb 6-1: USB disconnect, device number 41
[ 1240.277798][T16531] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1240.427383][T16531] smc: net device bond0 applied user defined pnetid SYZ2
[ 1240.443294][T16531] smc: net device bond0 erased user defined pnetid SYZ2
[ 1243.978884][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1243.985296][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1244.038352][T16578] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2779'.
[ 1245.073526][T16584] (syz.1.2780,16584,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1245.082563][T16584] (syz.1.2780,16584,1):ocfs2_fill_super:1177 ERROR: status = -22
[ 1245.749490][T16589] FAULT_INJECTION: forcing a failure.
[ 1245.749490][T16589] name failslab, interval 1, probability 0, space 0, times 0
[ 1245.895529][T16589] CPU: 0 UID: 0 PID: 16589 Comm: syz.0.2782 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1245.895555][T16589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1245.895567][T16589] Call Trace:
[ 1245.895574][T16589]  <TASK>
[ 1245.895582][T16589]  dump_stack_lvl+0x189/0x250
[ 1245.895608][T16589]  ? __pfx____ratelimit+0x10/0x10
[ 1245.895629][T16589]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1245.895650][T16589]  ? __pfx__printk+0x10/0x10
[ 1245.895680][T16589]  ? __pfx___might_resched+0x10/0x10
[ 1245.895701][T16589]  ? fs_reclaim_acquire+0x7d/0x100
[ 1245.895729][T16589]  should_fail_ex+0x414/0x560
[ 1245.895755][T16589]  should_failslab+0xa8/0x100
[ 1245.895784][T16589]  __kmalloc_noprof+0xcb/0x4f0
[ 1245.895801][T16589]  ? kfree+0x4d/0x440
[ 1245.895826][T16589]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1245.895855][T16589]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1245.895881][T16589]  ? tomoyo_domain+0xda/0x130
[ 1245.895911][T16589]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1245.895931][T16589]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1245.895954][T16589]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1245.895991][T16589]  ? __lock_acquire+0xab9/0xd20
[ 1245.896028][T16589]  ? __fget_files+0x2a/0x420
[ 1245.896053][T16589]  ? __fget_files+0x2a/0x420
[ 1245.896072][T16589]  ? __fget_files+0x3a0/0x420
[ 1245.896092][T16589]  ? __fget_files+0x2a/0x420
[ 1245.896117][T16589]  security_file_ioctl+0xcb/0x2d0
[ 1245.896141][T16589]  __se_sys_ioctl+0x47/0x170
[ 1245.896172][T16589]  do_syscall_64+0xfa/0x3b0
[ 1245.896193][T16589]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1245.896213][T16589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.896232][T16589]  ? clear_bhb_loop+0x60/0xb0
[ 1245.896255][T16589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.896272][T16589] RIP: 0033:0x7f070538ebe9
[ 1245.896289][T16589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1245.896305][T16589] RSP: 002b:00007f0706250038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1245.896325][T16589] RAX: ffffffffffffffda RBX: 00007f07055b6090 RCX: 00007f070538ebe9
[ 1245.896339][T16589] RDX: 0000200000000000 RSI: 00000000c0386106 RDI: 0000000000000009
[ 1245.896351][T16589] RBP: 00007f0706250090 R08: 0000000000000000 R09: 0000000000000000
[ 1245.896362][T16589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1245.896373][T16589] R13: 00007f07055b6128 R14: 00007f07055b6090 R15: 00007ffdaf267ed8
[ 1245.896404][T16589]  </TASK>
[ 1246.172347][T16589] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1246.495486][T16604] validate_nla: 43 callbacks suppressed
[ 1246.495526][T16604] netlink: 'syz.1.2785': attribute type 3 has an invalid length.
[ 1246.509066][T16604] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2785'.
[ 1249.882656][T16635] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input38
[ 1251.056003][T16659] 9pnet_fd: Insufficient options for proto=fd
[ 1252.464688][T16678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2805'.
[ 1252.928460][ T5901] usb 5-1: new full-speed USB device number 42 using dummy_hcd
[ 1253.140319][ T5901] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1253.181373][ T5901] usb 5-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1253.276913][ T5901] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1253.294496][ T5901] usb 5-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00
[ 1253.307942][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1253.455561][ T5901] usb 5-1: config 0 descriptor??
[ 1253.686629][T16680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1253.773033][T16680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1253.801697][T16680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1253.845800][T16680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1253.878489][T16693] FAULT_INJECTION: forcing a failure.
[ 1253.878489][T16693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1253.911918][T16680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1253.921287][T16691] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2799'.
[ 1253.930733][T16693] CPU: 1 UID: 0 PID: 16693 Comm: syz.5.2809 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1253.930757][T16693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1253.930769][T16693] Call Trace:
[ 1253.930777][T16693]  <TASK>
[ 1253.930785][T16693]  dump_stack_lvl+0x189/0x250
[ 1253.930811][T16693]  ? __pfx____ratelimit+0x10/0x10
[ 1253.930832][T16693]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1253.930852][T16693]  ? __pfx__printk+0x10/0x10
[ 1253.930877][T16693]  ? __might_fault+0xb0/0x130
[ 1253.930907][T16693]  should_fail_ex+0x414/0x560
[ 1253.930931][T16693]  _copy_from_iter+0x575/0x16f0
[ 1253.930967][T16693]  ? __pfx__copy_from_iter+0x10/0x10
[ 1253.930990][T16693]  ? smk_ipv4_check+0x555/0x680
[ 1253.931035][T16693]  ? smk_ipv4_check+0xe2/0x680
[ 1253.931068][T16693]  ping_v4_sendmsg+0x225/0x1740
[ 1253.931090][T16693]  ? __lock_acquire+0xab9/0xd20
[ 1253.931121][T16693]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[ 1253.931166][T16693]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1253.931186][T16693]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.931209][T16693]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1253.931236][T16693]  ? inet_sendmsg+0x14f/0x370
[ 1253.931258][T16693]  ? inet_sendmsg+0x2f4/0x370
[ 1253.931283][T16693]  __sock_sendmsg+0x19c/0x270
[ 1253.931309][T16693]  ____sys_sendmsg+0x505/0x830
[ 1253.931344][T16693]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1253.931381][T16693]  ? import_iovec+0x74/0xa0
[ 1253.931410][T16693]  ___sys_sendmsg+0x21f/0x2a0
[ 1253.931441][T16693]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1253.931505][T16693]  ? __fget_files+0x2a/0x420
[ 1253.931525][T16693]  ? __fget_files+0x3a0/0x420
[ 1253.931556][T16693]  __x64_sys_sendmsg+0x19b/0x260
[ 1253.931588][T16693]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1253.931627][T16693]  ? __pfx_ksys_write+0x10/0x10
[ 1253.931642][T16693]  ? rcu_is_watching+0x15/0xb0
[ 1253.931671][T16693]  ? do_syscall_64+0xbe/0x3b0
[ 1253.931695][T16693]  do_syscall_64+0xfa/0x3b0
[ 1253.931714][T16693]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.931733][T16693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1253.931753][T16693]  ? clear_bhb_loop+0x60/0xb0
[ 1253.931776][T16693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1253.931793][T16693] RIP: 0033:0x7f11a6f8ebe9
[ 1253.931810][T16693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1253.931827][T16693] RSP: 002b:00007f11a7d15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1253.931846][T16693] RAX: ffffffffffffffda RBX: 00007f11a71b5fa0 RCX: 00007f11a6f8ebe9
[ 1253.931860][T16693] RDX: 0000000004004814 RSI: 0000200000000600 RDI: 0000000000000003
[ 1253.931873][T16693] RBP: 00007f11a7d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1253.931890][T16693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1253.931901][T16693] R13: 00007f11a71b6038 R14: 00007f11a71b5fa0 R15: 00007ffc3f199848
[ 1253.931931][T16693]  </TASK>
[ 1253.935796][T16680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1254.259903][T16680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1254.272876][T16680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1254.319177][T16680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1254.390277][T16680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1254.649560][ T5901] usbhid 5-1:0.0: can't add hid device: -71
[ 1254.713869][ T5901] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1254.751165][ T5901] usb 5-1: USB disconnect, device number 42
[ 1254.976548][T16713] FAULT_INJECTION: forcing a failure.
[ 1254.976548][T16713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1254.989802][T16713] CPU: 1 UID: 0 PID: 16713 Comm: syz.2.2813 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1254.989827][T16713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1254.989838][T16713] Call Trace:
[ 1254.989847][T16713]  <TASK>
[ 1254.989855][T16713]  dump_stack_lvl+0x189/0x250
[ 1254.989881][T16713]  ? __pfx____ratelimit+0x10/0x10
[ 1254.989901][T16713]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1254.989923][T16713]  ? __pfx__printk+0x10/0x10
[ 1254.989947][T16713]  ? __might_fault+0xb0/0x130
[ 1254.989977][T16713]  should_fail_ex+0x414/0x560
[ 1254.990002][T16713]  _copy_from_user+0x2d/0xb0
[ 1254.990030][T16713]  generic_map_update_batch+0x51b/0x7f0
[ 1254.990066][T16713]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1254.990090][T16713]  ? __fget_files+0x2a/0x420
[ 1254.990117][T16713]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1254.990140][T16713]  bpf_map_do_batch+0x36c/0x5f0
[ 1254.990177][T16713]  __sys_bpf+0x384/0x860
[ 1254.990207][T16713]  ? __pfx___sys_bpf+0x10/0x10
[ 1254.990247][T16713]  ? ksys_write+0x22a/0x250
[ 1254.990268][T16713]  ? __pfx_ksys_write+0x10/0x10
[ 1254.990283][T16713]  ? rcu_is_watching+0x15/0xb0
[ 1254.990311][T16713]  __x64_sys_bpf+0x7c/0x90
[ 1254.990337][T16713]  do_syscall_64+0xfa/0x3b0
[ 1254.990358][T16713]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1254.990377][T16713]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1254.990396][T16713]  ? clear_bhb_loop+0x60/0xb0
[ 1254.990420][T16713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1254.990439][T16713] RIP: 0033:0x7f6a3398ebe9
[ 1254.990455][T16713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1254.990471][T16713] RSP: 002b:00007f6a34725038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1254.990491][T16713] RAX: ffffffffffffffda RBX: 00007f6a33bb6180 RCX: 00007f6a3398ebe9
[ 1254.990505][T16713] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[ 1254.990517][T16713] RBP: 00007f6a34725090 R08: 0000000000000000 R09: 0000000000000000
[ 1254.990528][T16713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1254.990539][T16713] R13: 00007f6a33bb6218 R14: 00007f6a33bb6180 R15: 00007ffe54372f08
[ 1254.990569][T16713]  </TASK>
[ 1256.239846][T16721] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1257.698717][T16732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2818'.
[ 1258.570313][T16738] xt_hashlimit: max too large, truncated to 1048576
[ 1258.877952][   T30] kauditd_printk_skb: 49 callbacks suppressed
[ 1258.877970][   T30] audit: type=1800 audit(1755376128.574:111): pid=16747 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2822" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0
[ 1259.614193][T16754] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1259.844705][T16760] tipc: Resetting bearer <eth:syzkaller0>
[ 1260.295687][T16772] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1261.099517][T16778] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2829'.
[ 1261.198025][T16778] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2829'.
[ 1261.414580][T16780] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2829'.
[ 1261.424309][T16780] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[ 1263.101514][T16794] block nbd5: shutting down sockets
[ 1263.288599][T16808] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2837'.
[ 1265.337482][    T9] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1265.388275][T16826] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2842'.
[ 1265.538296][    T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1265.557158][    T9] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1265.580725][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1265.591007][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1265.638956][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1265.682124][    T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1265.693673][    T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1265.707622][T16834] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1265.742708][    T9] usb 6-1: Product: syz
[ 1265.778345][    T9] usb 6-1: Manufacturer: syz
[ 1265.813901][    T9] cdc_wdm 6-1:1.0: skipping garbage
[ 1265.838435][    T9] cdc_wdm 6-1:1.0: skipping garbage
[ 1265.852171][    T9] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1265.859976][    T9] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1266.028013][    T9] usb 6-1: USB disconnect, device number 42
[ 1266.940629][   T30] audit: type=1800 audit(1755376136.634:112): pid=16859 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2849" name="SYSV00000000" dev="tmpfs" ino=14 res=0 errno=0
[ 1267.614127][T16871] SET target dimension over the limit!
[ 1268.728203][T13362] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1268.956772][T13362] usb 5-1: config 0 has an invalid interface number: 117 but max is 0
[ 1269.002529][T16894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2858'.
[ 1269.008545][T13362] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1269.078068][T13362] usb 5-1: config 0 has no interface number 0
[ 1269.112224][T13362] usb 5-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1269.311902][T13362] usb 5-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1269.354846][T13362] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 1269.383025][T13362] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1269.405163][T13362] usb 5-1: Product: syz
[ 1269.454046][T13362] usb 5-1: Manufacturer: syz
[ 1269.472646][T13362] usb 5-1: SerialNumber: syz
[ 1269.499489][T13362] usb 5-1: config 0 descriptor??
[ 1271.431185][T13362] usb 5-1: USB disconnect, device number 43
[ 1271.484886][   T30] audit: type=1800 audit(1755376140.544:113): pid=16914 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2863" name="SYSV00000000" dev="tmpfs" ino=13 res=0 errno=0
[ 1271.923134][T16919] FAULT_INJECTION: forcing a failure.
[ 1271.923134][T16919] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1271.936673][T16919] CPU: 0 UID: 0 PID: 16919 Comm: syz.5.2866 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1271.936690][T16919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1271.936699][T16919] Call Trace:
[ 1271.936704][T16919]  <TASK>
[ 1271.936710][T16919]  dump_stack_lvl+0x189/0x250
[ 1271.936730][T16919]  ? __pfx____ratelimit+0x10/0x10
[ 1271.936745][T16919]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1271.936761][T16919]  ? __pfx__printk+0x10/0x10
[ 1271.936780][T16919]  ? __might_fault+0xb0/0x130
[ 1271.936802][T16919]  should_fail_ex+0x414/0x560
[ 1271.936819][T16919]  _copy_from_iter+0x1db/0x16f0
[ 1271.936846][T16919]  ? __pfx__copy_from_iter+0x10/0x10
[ 1271.936863][T16919]  ? file_tty_write+0x2a8/0x990
[ 1271.936882][T16919]  ? file_tty_write+0x2e8/0x990
[ 1271.936899][T16919]  ? rcu_is_watching+0x15/0xb0
[ 1271.936915][T16919]  ? kfree+0x4d/0x440
[ 1271.936940][T16919]  file_tty_write+0x486/0x990
[ 1271.936965][T16919]  do_iter_readv_writev+0x56b/0x7f0
[ 1271.936982][T16919]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1271.937000][T16919]  ? bpf_lsm_file_permission+0x9/0x20
[ 1271.937016][T16919]  ? security_file_permission+0x75/0x290
[ 1271.937033][T16919]  ? rw_verify_area+0x258/0x650
[ 1271.937057][T16919]  vfs_writev+0x31a/0x960
[ 1271.937077][T16919]  ? __lock_acquire+0xab9/0xd20
[ 1271.937092][T16919]  ? __pfx_vfs_writev+0x10/0x10
[ 1271.937119][T16919]  ? __fget_files+0x2a/0x420
[ 1271.937138][T16919]  ? __fget_files+0x3a0/0x420
[ 1271.937153][T16919]  ? __fget_files+0x2a/0x420
[ 1271.937174][T16919]  do_writev+0x14d/0x2d0
[ 1271.937193][T16919]  ? __pfx_do_writev+0x10/0x10
[ 1271.937208][T16919]  ? rcu_is_watching+0x15/0xb0
[ 1271.937226][T16919]  ? do_syscall_64+0xbe/0x3b0
[ 1271.937245][T16919]  do_syscall_64+0xfa/0x3b0
[ 1271.937259][T16919]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1271.937274][T16919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1271.937287][T16919]  ? clear_bhb_loop+0x60/0xb0
[ 1271.937311][T16919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1271.937324][T16919] RIP: 0033:0x7f11a6f8ebe9
[ 1271.937336][T16919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1271.937349][T16919] RSP: 002b:00007f11a7d15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1271.937363][T16919] RAX: ffffffffffffffda RBX: 00007f11a71b5fa0 RCX: 00007f11a6f8ebe9
[ 1271.937373][T16919] RDX: 0000000000000001 RSI: 0000200000000340 RDI: 0000000000000004
[ 1271.937382][T16919] RBP: 00007f11a7d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1271.937391][T16919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1271.937399][T16919] R13: 00007f11a71b6038 R14: 00007f11a71b5fa0 R15: 00007ffc3f199848
[ 1271.937421][T16919]  </TASK>
[ 1272.982606][T16934] syz.5.2869 (16934): drop_caches: 2
[ 1273.549313][T16937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2873'.
[ 1274.760398][T15065] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1274.777763][T15065] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1274.786004][T15065] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1274.797094][T15065] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1274.804879][T15065] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1274.944593][T13922] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.045099][T13922] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.394214][T13922] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.668512][T16966] netlink: 'syz.4.2881': attribute type 3 has an invalid length.
[ 1276.676286][T16966] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2881'.
[ 1276.899566][T13922] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.928534][ T5840] Bluetooth: hci0: command tx timeout
[ 1277.136542][T16976] FAULT_INJECTION: forcing a failure.
[ 1277.136542][T16976] name failslab, interval 1, probability 0, space 0, times 0
[ 1277.191235][T16976] CPU: 0 UID: 0 PID: 16976 Comm: syz.0.2884 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1277.191260][T16976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1277.191272][T16976] Call Trace:
[ 1277.191279][T16976]  <TASK>
[ 1277.191287][T16976]  dump_stack_lvl+0x189/0x250
[ 1277.191313][T16976]  ? __pfx____ratelimit+0x10/0x10
[ 1277.191333][T16976]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1277.191354][T16976]  ? __pfx__printk+0x10/0x10
[ 1277.191385][T16976]  ? ref_tracker_alloc+0x318/0x460
[ 1277.191410][T16976]  should_fail_ex+0x414/0x560
[ 1277.191434][T16976]  should_failslab+0xa8/0x100
[ 1277.191456][T16976]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1277.191474][T16976]  ? skb_clone+0x212/0x3a0
[ 1277.191497][T16976]  skb_clone+0x212/0x3a0
[ 1277.191518][T16976]  __netlink_deliver_tap+0x404/0x850
[ 1277.191557][T16976]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1277.191584][T16976]  netlink_deliver_tap+0x19c/0x1b0
[ 1277.191611][T16976]  netlink_unicast+0x730/0x8e0
[ 1277.191645][T16976]  netlink_sendmsg+0x805/0xb30
[ 1277.191680][T16976]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1277.191713][T16976]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1277.191732][T16976]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1277.191758][T16976]  __sock_sendmsg+0x21c/0x270
[ 1277.191783][T16976]  sock_sendmsg+0x158/0x230
[ 1277.191815][T16976]  ? __pfx_sock_sendmsg+0x10/0x10
[ 1277.191850][T16976]  ? __asan_memset+0x22/0x50
[ 1277.191876][T16976]  ? iov_iter_bvec+0xb8/0x180
[ 1277.191903][T16976]  splice_to_socket+0x8ff/0xf10
[ 1277.191944][T16976]  ? __pfx_splice_to_socket+0x10/0x10
[ 1277.192003][T16976]  ? register_lock_class+0x51/0x320
[ 1277.192043][T16976]  ? __pfx_splice_to_socket+0x10/0x10
[ 1277.192063][T16976]  direct_splice_actor+0x101/0x160
[ 1277.192087][T16976]  splice_direct_to_actor+0x5a5/0xcc0
[ 1277.192126][T16976]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1277.192145][T16976]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1277.192176][T16976]  do_splice_direct+0x181/0x270
[ 1277.192199][T16976]  ? __pfx_do_splice_direct+0x10/0x10
[ 1277.192219][T16976]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1277.192242][T16976]  ? bpf_lsm_file_permission+0x9/0x20
[ 1277.192263][T16976]  ? security_file_permission+0x75/0x290
[ 1277.192286][T16976]  ? rw_verify_area+0x258/0x650
[ 1277.192318][T16976]  do_sendfile+0x4da/0x7e0
[ 1277.192341][T16976]  ? __pfx_vfs_write+0x10/0x10
[ 1277.192364][T16976]  ? __pfx_do_sendfile+0x10/0x10
[ 1277.192387][T16976]  ? __fget_files+0x3a0/0x420
[ 1277.192418][T16976]  __se_sys_sendfile64+0x13e/0x190
[ 1277.192443][T16976]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1277.192463][T16976]  ? rcu_is_watching+0x15/0xb0
[ 1277.192488][T16976]  ? do_syscall_64+0xbe/0x3b0
[ 1277.192513][T16976]  do_syscall_64+0xfa/0x3b0
[ 1277.192533][T16976]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1277.192552][T16976]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1277.192570][T16976]  ? clear_bhb_loop+0x60/0xb0
[ 1277.192592][T16976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1277.192611][T16976] RIP: 0033:0x7f070538ebe9
[ 1277.192627][T16976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1277.192643][T16976] RSP: 002b:00007f0706271038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1277.192662][T16976] RAX: ffffffffffffffda RBX: 00007f07055b5fa0 RCX: 00007f070538ebe9
[ 1277.192676][T16976] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009
[ 1277.192687][T16976] RBP: 00007f0706271090 R08: 0000000000000000 R09: 0000000000000000
[ 1277.192699][T16976] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001
[ 1277.192710][T16976] R13: 00007f07055b6038 R14: 00007f07055b5fa0 R15: 00007ffdaf267ed8
[ 1277.192741][T16976]  </TASK>
[ 1277.560907][T13922] dummy0: left allmulticast mode
[ 1277.566218][T13922] bridge0: port 3(dummy0) entered disabled state
[ 1277.591015][T13922] bridge_slave_1: left allmulticast mode
[ 1277.604521][T13922] bridge_slave_1: left promiscuous mode
[ 1277.624894][T16980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2885'.
[ 1277.646286][T13922] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1277.914404][T13922] bridge_slave_0: left allmulticast mode
[ 1277.941670][T13922] bridge_slave_0: left promiscuous mode
[ 1277.979459][T13922] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1279.088189][   T30] audit: type=1800 audit(1755376148.664:114): pid=16992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2888" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0
[ 1279.126693][ T5840] Bluetooth: hci0: command tx timeout
[ 1279.403554][T13922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1279.424214][T13922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1279.441387][T13922] bond0 (unregistering): Released all slaves
[ 1279.745037][T16950] chnl_net:caif_netlink_parms(): no params data found
[ 1281.168043][ T5840] Bluetooth: hci0: command tx timeout
[ 1281.182682][T16950] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1281.208073][T16950] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1281.226006][T16950] bridge_slave_0: entered allmulticast mode
[ 1281.248955][T16950] bridge_slave_0: entered promiscuous mode
[ 1281.283636][T16950] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1281.308093][T16950] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1281.319580][T16950] bridge_slave_1: entered allmulticast mode
[ 1281.337494][T16950] bridge_slave_1: entered promiscuous mode
[ 1282.203740][T16950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1282.250252][T17037] netlink: 'syz.4.2894': attribute type 21 has an invalid length.
[ 1282.258162][T17037] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2894'.
[ 1282.324796][T16950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1282.467343][T17040] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1282.496213][T17040] netlink: 'syz.2.2897': attribute type 38 has an invalid length.
[ 1282.661817][T13922] hsr_slave_0: left promiscuous mode
[ 1282.669224][T13922] hsr_slave_1: left promiscuous mode
[ 1282.675389][T13922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1282.696373][T13922] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1282.718952][T13922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1282.730746][T13922] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1282.906162][T13922] veth1_macvtap: left promiscuous mode
[ 1282.919773][T13922] veth0_macvtap: left promiscuous mode
[ 1282.926037][T13922] veth1_vlan: left promiscuous mode
[ 1282.935596][T13922] veth0_vlan: left promiscuous mode
[ 1283.341174][T17053] netlink: 'syz.0.2898': attribute type 3 has an invalid length.
[ 1283.349173][T17053] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2898'.
[ 1283.583912][ T5840] Bluetooth: hci0: command tx timeout
[ 1283.594467][   T30] audit: type=1800 audit(1755376153.264:115): pid=17055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2899" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0
[ 1284.466303][T13922] team0 (unregistering): Port device team_slave_1 removed
[ 1284.506564][T13922] team0 (unregistering): Port device team_slave_0 removed
[ 1284.949488][T16950] team0: Port device team_slave_0 added
[ 1285.040445][T16950] team0: Port device team_slave_1 added
[ 1285.184456][T16950] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1285.192511][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1285.225124][T16950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1285.249721][T16950] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1285.256989][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1285.391359][T16950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1286.338588][T17079] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1286.400840][T16950] hsr_slave_0: entered promiscuous mode
[ 1286.426767][T16950] hsr_slave_1: entered promiscuous mode
[ 1288.620823][T16950] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1288.953406][T16950] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1288.965476][T16950] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1288.981868][T16950] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1289.937060][T16950] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1289.993799][T16950] 8021q: adding VLAN 0 to HW filter on device team0
[ 1290.015038][ T8312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1290.022208][ T8312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1290.061636][   T33] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1290.068816][   T33] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1290.128050][T14486] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1290.363500][T14486] usb 5-1: Using ep0 maxpacket: 8
[ 1290.431299][T14486] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1290.466976][T14486] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1290.506366][T14486] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1290.545340][T14486] usb 5-1: config 0 descriptor??
[ 1290.594207][T14486] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1291.534543][T16950] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1291.770445][T16950] veth0_vlan: entered promiscuous mode
[ 1291.791365][T16950] veth1_vlan: entered promiscuous mode
[ 1291.913092][T16950] veth0_macvtap: entered promiscuous mode
[ 1291.934830][T16950] veth1_macvtap: entered promiscuous mode
[ 1292.026565][T16950] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1292.090755][T16950] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1292.543418][T16950] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.041780][T14486] gspca_vc032x: reg_w err -71
[ 1293.052056][T14486] vc032x 5-1:0.0: probe with driver vc032x failed with error -71
[ 1293.078409][T16950] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.087243][T16950] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.097684][T16950] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.121038][T14486] usb 5-1: USB disconnect, device number 44
[ 1294.027156][    T9] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[ 1294.192943][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1294.236665][    T9] usb 3-1: not running at top speed; connect to a high speed hub
[ 1294.288322][    T9] usb 3-1: config 3 has an invalid interface number: 153 but max is 0
[ 1294.296710][ T8293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1294.326962][ T8293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1294.338026][    T9] usb 3-1: config 3 has no interface number 0
[ 1294.370525][    T9] usb 3-1: config 3 interface 153 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1294.397343][    T9] usb 3-1: config 3 interface 153 has no altsetting 0
[ 1294.441404][    T9] usb 3-1: New USB device found, idVendor=0711, idProduct=0920, bcdDevice=d5.b6
[ 1294.472084][ T8293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1294.548078][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1294.558007][ T8293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1294.565367][    T9] usb 3-1: Product: syz
[ 1294.571488][    T9] usb 3-1: Manufacturer: syz
[ 1294.576197][    T9] usb 3-1: SerialNumber: syz
[ 1294.606577][T17163] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1296.249714][    T9] sisusb 3-1:3.153: Invalid USB2VGA device
[ 1296.255622][    T9] sisusb 3-1:3.153: probe with driver sisusb failed with error -22
[ 1296.717490][    T9] usb 3-1: USB disconnect, device number 12
[ 1300.479619][T13727] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[ 1301.278063][T13727] usb 3-1: device descriptor read/64, error -71
[ 1302.314616][T13727] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[ 1302.477911][T13727] usb 3-1: device descriptor read/64, error -71
[ 1302.619776][T13727] usb usb3-port1: attempt power cycle
[ 1303.784945][T13727] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[ 1304.058431][T13727] usb 3-1: device not accepting address 15, error -71
[ 1304.176412][T17275] overlay: ./file1 is not a directory
[ 1304.187991][ T5827] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1304.288404][T17281] FAULT_INJECTION: forcing a failure.
[ 1304.288404][T17281] name failslab, interval 1, probability 0, space 0, times 0
[ 1304.341060][T17281] CPU: 1 UID: 0 PID: 17281 Comm: syz.2.2942 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1304.341084][T17281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1304.341095][T17281] Call Trace:
[ 1304.341103][T17281]  <TASK>
[ 1304.341111][T17281]  dump_stack_lvl+0x189/0x250
[ 1304.341136][T17281]  ? __pfx____ratelimit+0x10/0x10
[ 1304.341156][T17281]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1304.341177][T17281]  ? __pfx__printk+0x10/0x10
[ 1304.341223][T17281]  should_fail_ex+0x414/0x560
[ 1304.341249][T17281]  should_failslab+0xa8/0x100
[ 1304.341272][T17281]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1304.341290][T17281]  ? skb_clone+0x212/0x3a0
[ 1304.341314][T17281]  skb_clone+0x212/0x3a0
[ 1304.341335][T17281]  __netlink_deliver_tap+0x404/0x850
[ 1304.341374][T17281]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1304.341402][T17281]  netlink_deliver_tap+0x19c/0x1b0
[ 1304.341430][T17281]  netlink_sendskb+0x68/0x140
[ 1304.341455][T17281]  netlink_rcv_skb+0x28c/0x470
[ 1304.341482][T17281]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1304.341510][T17281]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1304.341550][T17281]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1304.341575][T17281]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1304.341607][T17281]  netlink_unicast+0x75c/0x8e0
[ 1304.341641][T17281]  netlink_sendmsg+0x805/0xb30
[ 1304.341678][T17281]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1304.341713][T17281]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1304.341732][T17281]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1304.341761][T17281]  __sock_sendmsg+0x21c/0x270
[ 1304.341786][T17281]  ____sys_sendmsg+0x52d/0x830
[ 1304.341822][T17281]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1304.341860][T17281]  ? import_iovec+0x74/0xa0
[ 1304.341890][T17281]  ___sys_sendmsg+0x21f/0x2a0
[ 1304.341922][T17281]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1304.341988][T17281]  ? __fget_files+0x2a/0x420
[ 1304.342008][T17281]  ? __fget_files+0x3a0/0x420
[ 1304.342041][T17281]  __sys_sendmmsg+0x227/0x430
[ 1304.342075][T17281]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1304.342102][T17281]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1304.342151][T17281]  ? ksys_write+0x22a/0x250
[ 1304.342172][T17281]  ? __pfx_ksys_write+0x10/0x10
[ 1304.342188][T17281]  ? rcu_is_watching+0x15/0xb0
[ 1304.342221][T17281]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1304.342252][T17281]  do_syscall_64+0xfa/0x3b0
[ 1304.342272][T17281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1304.342291][T17281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1304.342310][T17281]  ? clear_bhb_loop+0x60/0xb0
[ 1304.342332][T17281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1304.342350][T17281] RIP: 0033:0x7f6a3398ebe9
[ 1304.342367][T17281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1304.342383][T17281] RSP: 002b:00007f6a34767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1304.342403][T17281] RAX: ffffffffffffffda RBX: 00007f6a33bb5fa0 RCX: 00007f6a3398ebe9
[ 1304.342417][T17281] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[ 1304.342430][T17281] RBP: 00007f6a34767090 R08: 0000000000000000 R09: 0000000000000000
[ 1304.342442][T17281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1304.342453][T17281] R13: 00007f6a33bb6038 R14: 00007f6a33bb5fa0 R15: 00007ffe54372f08
[ 1304.342483][T17281]  </TASK>
[ 1304.724055][ T5827] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1304.732808][ T5827] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1304.743163][ T5827] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1304.795561][ T5827] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1304.806630][ T5827] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1304.827022][ T5827] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1304.836434][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1304.860715][ T5827] usb 6-1: Product: syz
[ 1304.864910][ T5827] usb 6-1: Manufacturer: syz
[ 1305.097489][T17293] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1305.364891][T17296] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[ 1305.502354][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.516618][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.539561][ T5827] cdc_wdm 6-1:1.0: skipping garbage
[ 1305.551484][ T5827] cdc_wdm 6-1:1.0: skipping garbage
[ 1305.595307][ T5827] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1305.611121][ T5827] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1306.630550][T17271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1306.688914][T17271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1306.757645][T13727] usb 6-1: USB disconnect, device number 43
[ 1306.997053][T17169] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[ 1307.224478][T17169] usb 3-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[ 1307.261523][T17169] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1307.290931][T17169] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[ 1307.322333][T17169] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1307.348066][T17169] usb 3-1: SerialNumber: syz
[ 1307.379857][T17169] usb 3-1: 0:2 : does not exist
[ 1307.391408][T17169] usb 3-1: unit 48 not found!
[ 1307.637942][T17309] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1307.663491][ T5827] usb 3-1: USB disconnect, device number 17
[ 1307.827926][T17169] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1308.068688][T17169] usb 6-1: Using ep0 maxpacket: 32
[ 1308.184761][T17169] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[ 1308.290319][T17169] usb 6-1: config 0 has no interface number 0
[ 1308.367932][T17169] usb 6-1: config 0 interface 35 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 16
[ 1308.378761][T17169] usb 6-1: config 0 interface 35 has no altsetting 0
[ 1308.420785][T17169] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=6a.e2
[ 1308.430053][T17169] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1308.448017][T17169] usb 6-1: Product: syz
[ 1308.478062][T17169] usb 6-1: Manufacturer: syz
[ 1308.523055][T17169] usb 6-1: SerialNumber: syz
[ 1308.544207][T17169] usb 6-1: config 0 descriptor??
[ 1308.572359][T17326] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1308.618669][T17169] ch341 6-1:0.35: ch341-uart converter detected
[ 1308.744555][T17338] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2957'.
[ 1308.756169][T17340] Bluetooth: MGMT ver 1.23
[ 1308.763183][T17340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2956'.
[ 1308.843295][T17169] usb 6-1: failed to receive control message: -32
[ 1308.870272][T17169] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -32
[ 1309.967616][T17338] binder: 17337:17338 ioctl c0306201 200000000240 returned -14
[ 1310.798136][T17169] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1310.882773][T17366] overlayfs: failed to resolve './file0': -2
[ 1310.980474][T17169] usb 2-1: Using ep0 maxpacket: 32
[ 1311.021566][T17169] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1311.053735][T17169] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.096446][T17169] usb 2-1: config 0 descriptor??
[ 1311.239896][T17169] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1311.453503][T17169] gspca_sunplus: reg_w_riv err -71
[ 1311.461243][T17169] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[ 1311.488761][T17169] usb 2-1: USB disconnect, device number 39
[ 1311.598646][T13727] usb 6-1: USB disconnect, device number 44
[ 1311.619952][T13727] ch341 6-1:0.35: device disconnected
[ 1312.810335][T17387] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2968'.
[ 1312.820251][T17387] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[ 1313.537967][T13727] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1313.811339][T13727] usb 2-1: Using ep0 maxpacket: 16
[ 1313.836532][T13727] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[ 1313.993555][T13727] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1314.597947][T13727] usb 2-1: config 0 has no interface number 0
[ 1314.646513][T13727] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[ 1314.670682][T13727] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1314.696817][T13727] usb 2-1: Product: syz
[ 1314.703410][T13727] usb 2-1: Manufacturer: syz
[ 1314.712137][T13727] usb 2-1: SerialNumber: syz
[ 1314.722419][T13727] usb 2-1: config 0 descriptor??
[ 1315.057050][ T5977] usb 2-1: USB disconnect, device number 40
[ 1316.146481][T17439] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1316.153158][T17439] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1316.200663][T17439] vhci_hcd vhci_hcd.0: Device attached
[ 1316.209659][T17442] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2983'.
[ 1316.221365][T17440] vhci_hcd: connection closed
[ 1316.232618][ T8312] vhci_hcd: stop threads
[ 1316.246931][ T8312] vhci_hcd: release socket
[ 1316.361308][ T8312] vhci_hcd: disconnect device
[ 1316.378069][T13362] vhci_hcd: vhci_device speed not set
[ 1317.468881][T15065] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1317.477591][T15065] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1317.485962][T15065] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1317.493789][T15065] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1317.502117][T15065] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1317.720093][T17459] overlayfs: failed to resolve './file0': -2
[ 1318.596447][T17453] chnl_net:caif_netlink_parms(): no params data found
[ 1319.628149][ T5840] Bluetooth: hci4: command tx timeout
[ 1320.625709][T17453] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1320.636269][T17453] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1320.651141][T17453] bridge_slave_0: entered allmulticast mode
[ 1320.662437][T17453] bridge_slave_0: entered promiscuous mode
[ 1320.675046][T17453] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1320.715956][T17453] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1320.734306][T17453] bridge_slave_1: entered allmulticast mode
[ 1320.744551][T17453] bridge_slave_1: entered promiscuous mode
[ 1321.648403][ T5840] Bluetooth: hci4: command tx timeout
[ 1321.697619][T17453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1321.709664][T17453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1321.803730][T17495] tipc: Started in network mode
[ 1321.826120][T17495] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1321.898543][T17495] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1321.941520][T17495] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1322.543547][T17453] team0: Port device team_slave_0 added
[ 1322.576110][T17453] team0: Port device team_slave_1 added
[ 1322.988923][T13362] tipc: Node number set to 1
[ 1323.070750][T17453] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1323.077736][T17453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1323.731309][ T5840] Bluetooth: hci4: command tx timeout
[ 1323.900005][T17453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1323.936942][T17453] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1323.951304][T17453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1323.977810][T17453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1324.304139][T17453] hsr_slave_0: entered promiscuous mode
[ 1324.320452][T17453] hsr_slave_1: entered promiscuous mode
[ 1324.328388][T17453] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1324.335972][T17453] Cannot create hsr debugfs directory
[ 1324.880083][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3003'.
[ 1325.521309][T17534] overlayfs: failed to resolve './file0': -2
[ 1325.811301][ T5840] Bluetooth: hci4: command tx timeout
[ 1325.845194][T17453] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1326.006213][T17453] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1326.044441][T17453] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1326.217945][ T5827] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1326.240004][T17453] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1326.358048][ T5827] usb 2-1: device descriptor read/64, error -71
[ 1326.445942][T17453] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1326.536717][T17453] 8021q: adding VLAN 0 to HW filter on device team0
[ 1326.598168][ T5827] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1326.693468][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1326.700709][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1326.780749][T17564] CIFS mount error: No usable UNC path provided in device string!
[ 1326.780749][T17564] 
[ 1326.791223][T17564] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1327.755649][ T5827] usb 2-1: device descriptor read/64, error -71
[ 1327.904226][T13922] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1327.911430][T13922] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1327.920397][ T5827] usb usb2-port1: attempt power cycle
[ 1327.966794][T17453] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1327.991282][T17453] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1328.118154][T13727] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1328.268361][ T5827] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1328.291726][T13727] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1328.299321][ T5827] usb 2-1: device descriptor read/8, error -71
[ 1328.300528][T13727] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1328.321976][T13727] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1328.326344][T17453] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1328.936639][T13727] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1328.948065][T13727] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1328.967362][T13727] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1328.976706][T13727] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1329.010746][ T5827] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1329.055071][ T5827] usb 2-1: device descriptor read/8, error -71
[ 1329.118073][T13727] usb 3-1: Product: syz
[ 1329.127930][T13727] usb 3-1: Manufacturer: syz
[ 1329.185980][ T5827] usb usb2-port1: unable to enumerate USB device
[ 1329.211104][T13727] cdc_wdm 3-1:1.0: skipping garbage
[ 1329.216355][T13727] cdc_wdm 3-1:1.0: skipping garbage
[ 1329.225699][T17584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3016'.
[ 1329.255521][T17584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3016'.
[ 1329.260460][T13727] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1329.283872][T13727] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1329.444218][T13727] usb 3-1: USB disconnect, device number 18
[ 1329.607279][T17453] veth0_vlan: entered promiscuous mode
[ 1329.624175][T17453] veth1_vlan: entered promiscuous mode
[ 1329.668510][T17453] veth0_macvtap: entered promiscuous mode
[ 1329.680178][T17453] veth1_macvtap: entered promiscuous mode
[ 1329.700775][T17453] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1329.725125][T17453] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1329.746393][T17453] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.760016][T17453] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.769210][T17453] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.778226][T17453] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.880310][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1329.900509][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1329.947637][T13922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1329.962117][T13922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1331.730814][   T30] audit: type=1326 audit(1755376206.448:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1331.791019][   T30] audit: type=1326 audit(1755376206.448:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1332.768108][   T30] audit: type=1326 audit(1755376206.448:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1332.848971][   T30] audit: type=1326 audit(1755376206.448:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1332.971947][   T30] audit: type=1326 audit(1755376206.448:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.097905][   T30] audit: type=1326 audit(1755376206.448:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.177979][   T30] audit: type=1326 audit(1755376206.448:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.293259][   T30] audit: type=1326 audit(1755376206.448:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.317379][T17614] lo speed is unknown, defaulting to 1000
[ 1333.391251][T17614] lo speed is unknown, defaulting to 1000
[ 1333.417122][   T30] audit: type=1326 audit(1755376206.448:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.448251][T17614] lo speed is unknown, defaulting to 1000
[ 1333.511780][T17614] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1333.530655][   T30] audit: type=1326 audit(1755376206.448:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17624 comm="syz.2.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3398ebe9 code=0x7ffc0000
[ 1333.586292][T17614] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1333.767503][T17648] FAULT_INJECTION: forcing a failure.
[ 1333.767503][T17648] name failslab, interval 1, probability 0, space 0, times 0
[ 1333.768172][    T9] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1333.857208][T17648] CPU: 1 UID: 0 PID: 17648 Comm: syz.6.3032 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1333.857233][T17648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1333.857245][T17648] Call Trace:
[ 1333.857252][T17648]  <TASK>
[ 1333.857260][T17648]  dump_stack_lvl+0x189/0x250
[ 1333.857286][T17648]  ? __pfx____ratelimit+0x10/0x10
[ 1333.857307][T17648]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1333.857327][T17648]  ? __pfx__printk+0x10/0x10
[ 1333.857354][T17648]  ? __pfx___might_resched+0x10/0x10
[ 1333.857375][T17648]  ? fs_reclaim_acquire+0x7d/0x100
[ 1333.857402][T17648]  should_fail_ex+0x414/0x560
[ 1333.857434][T17648]  should_failslab+0xa8/0x100
[ 1333.857457][T17648]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1333.857475][T17648]  ? fwnode_create_software_node+0xeb/0x1f0
[ 1333.857507][T17648]  fwnode_create_software_node+0xeb/0x1f0
[ 1333.857536][T17648]  device_create_managed_software_node+0xdd/0x1f0
[ 1333.857562][T17648]  ? iommufd_test+0x2b8b/0x5170
[ 1333.857582][T17648]  iommufd_test+0x2f78/0x5170
[ 1333.857611][T17648]  ? __pfx_iommufd_test+0x10/0x10
[ 1333.857632][T17648]  ? __lock_acquire+0xab9/0xd20
[ 1333.857661][T17648]  ? __might_fault+0xb0/0x130
[ 1333.857700][T17648]  iommufd_fops_ioctl+0x446/0x520
[ 1333.857728][T17648]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1333.857762][T17648]  ? __fget_files+0x3a0/0x420
[ 1333.857782][T17648]  ? __fget_files+0x2a/0x420
[ 1333.857804][T17648]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1333.857830][T17648]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1333.857855][T17648]  __se_sys_ioctl+0xfc/0x170
[ 1333.857884][T17648]  do_syscall_64+0xfa/0x3b0
[ 1333.857905][T17648]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1333.857924][T17648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1333.857943][T17648]  ? clear_bhb_loop+0x60/0xb0
[ 1333.857965][T17648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1333.857982][T17648] RIP: 0033:0x7f8f0bb8ebe9
[ 1333.857997][T17648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1333.858013][T17648] RSP: 002b:00007f8f0c9e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1333.858032][T17648] RAX: ffffffffffffffda RBX: 00007f8f0bdb5fa0 RCX: 00007f8f0bb8ebe9
[ 1333.858046][T17648] RDX: 0000200000000140 RSI: 0000000000003ba0 RDI: 0000000000000003
[ 1333.858058][T17648] RBP: 00007f8f0c9e1090 R08: 0000000000000000 R09: 0000000000000000
[ 1333.858070][T17648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1333.858080][T17648] R13: 00007f8f0bdb6038 R14: 00007f8f0bdb5fa0 R15: 00007fff526e1e88
[ 1333.858110][T17648]  </TASK>
[ 1333.977959][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 1333.990264][T17614] lo speed is unknown, defaulting to 1000
[ 1334.034973][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 226, changing to 11
[ 1334.090430][T17648] iommufd_mock iommufd_mock0: add pasid-num-bits property failed, rc: -12
[ 1334.191464][T15065] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1334.209041][    T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1334.219162][    T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1334.230797][T15065] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1334.239077][    T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1334.249885][T15065] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1334.260109][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1334.270115][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1334.278689][T15065] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1334.286204][    T9] usb 5-1: Product: syz
[ 1334.293416][T15065] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1334.304476][T17614] lo speed is unknown, defaulting to 1000
[ 1334.314891][    T9] usb 5-1: Manufacturer: syz
[ 1334.319642][    T9] usb 5-1: SerialNumber: syz
[ 1334.388360][T17614] lo speed is unknown, defaulting to 1000
[ 1334.460703][T13917] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1334.495091][T17614] lo speed is unknown, defaulting to 1000
[ 1334.517711][T17649] lo speed is unknown, defaulting to 1000
[ 1334.534740][T17614] lo speed is unknown, defaulting to 1000
[ 1334.591850][T17644] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3030'.
[ 1335.046115][T13917] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1335.072686][T17614] lo speed is unknown, defaulting to 1000
[ 1335.088067][    T9] cdc_ncm 5-1:1.0: bind() failure
[ 1335.092342][T17614] lo speed is unknown, defaulting to 1000
[ 1335.129137][    T9] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1335.145613][    T9] cdc_ncm 5-1:1.1: bind() failure
[ 1335.199896][    T9] usb 5-1: USB disconnect, device number 45
[ 1335.321254][T13917] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1335.398935][T17663] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1335.552567][T13917] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1336.368351][ T5840] Bluetooth: hci1: command tx timeout
[ 1336.648912][T17649] chnl_net:caif_netlink_parms(): no params data found
[ 1336.721481][T13917] bridge_slave_1: left allmulticast mode
[ 1336.796281][T13917] bridge_slave_1: left promiscuous mode
[ 1337.275849][T13917] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1337.489423][T13917] bridge_slave_0: left allmulticast mode
[ 1337.495175][T13917] bridge_slave_0: left promiscuous mode
[ 1337.540903][T13917] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1338.518011][ T5840] Bluetooth: hci1: command tx timeout
[ 1338.671546][ T5827] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004b: 0000 [#1] SMP KASAN PTI
[ 1338.683481][ T5827] KASAN: null-ptr-deref in range [0x0000000000000258-0x000000000000025f]
[ 1338.691891][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: kworker/1:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1338.701860][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1338.711916][ T5827] Workqueue: events l2cap_info_timeout
[ 1338.717417][ T5827] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1338.723338][ T5827] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 c0 6b 49 09 cc 66 66 66 66 66 66 2e
[ 1338.742959][ T5827] RSP: 0018:ffffc90003fcf7a8 EFLAGS: 00010206
[ 1338.749029][ T5827] RAX: dffffc0000000000 RBX: ffffffff8945c0e8 RCX: 863e979eb93f5100
[ 1338.757002][ T5827] RDX: 0000000000000000 RSI: ffffffff8945c0e8 RDI: 000000000000004b
[ 1338.764980][ T5827] RBP: ffffffff8a71b575 R08: 0000000000000001 R09: 0000000000000000
[ 1338.772966][ T5827] R10: dffffc0000000000 R11: ffffffff8a71b530 R12: 0000000000000000
[ 1338.780935][ T5827] R13: 0000000000000258 R14: 0000000000000258 R15: 0000000000000001
[ 1338.788908][ T5827] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1338.797835][ T5827] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1338.804426][ T5827] CR2: 00002000000aa030 CR3: 00000000607ca000 CR4: 00000000003526f0
[ 1338.812412][ T5827] Call Trace:
[ 1338.815687][ T5827]  <TASK>
[ 1338.818614][ T5827]  __kasan_check_byte+0x12/0x40
[ 1338.823467][ T5827]  lock_acquire+0x8d/0x360
[ 1338.827881][ T5827]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1338.833092][ T5827]  ? __cancel_work+0x254/0x2e0
[ 1338.837867][ T5827]  lock_sock_nested+0x48/0x100
[ 1338.842640][ T5827]  ? l2cap_sock_ready_cb+0x45/0x140
[ 1338.847854][ T5827]  l2cap_sock_ready_cb+0x45/0x140
[ 1338.852895][ T5827]  l2cap_conn_start+0x76a/0xe50
[ 1338.857749][ T5827]  ? __pfx_l2cap_conn_start+0x10/0x10
[ 1338.863124][ T5827]  ? l2cap_info_timeout+0x60/0xa0
[ 1338.868159][ T5827]  ? __lock_acquire+0xab9/0xd20
[ 1338.873032][ T5827]  ? __pfx___mutex_lock+0x10/0x10
[ 1338.878082][ T5827]  ? process_scheduled_works+0x9ef/0x17b0
[ 1338.883806][ T5827]  l2cap_info_timeout+0x68/0xa0
[ 1338.888660][ T5827]  ? process_scheduled_works+0x9ef/0x17b0
[ 1338.894382][ T5827]  process_scheduled_works+0xade/0x17b0
[ 1338.899949][ T5827]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1338.905933][ T5827]  worker_thread+0x8a0/0xda0
[ 1338.910534][ T5827]  kthread+0x70e/0x8a0
[ 1338.914624][ T5827]  ? __pfx_worker_thread+0x10/0x10
[ 1338.919759][ T5827]  ? __pfx_kthread+0x10/0x10
[ 1338.924364][ T5827]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1338.929572][ T5827]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1338.934777][ T5827]  ? __pfx_kthread+0x10/0x10
[ 1338.939378][ T5827]  ret_from_fork+0x3fc/0x770
[ 1338.943968][ T5827]  ? __pfx_ret_from_fork+0x10/0x10
[ 1338.949089][ T5827]  ? __switch_to_asm+0x39/0x70
[ 1338.953854][ T5827]  ? __switch_to_asm+0x33/0x70
[ 1338.958617][ T5827]  ? __pfx_kthread+0x10/0x10
[ 1338.963255][ T5827]  ret_from_fork_asm+0x1a/0x30
[ 1338.968040][ T5827]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1338.971090][ T5827] Modules linked in:
[ 1338.976373][ T5827] ---[ end trace 0000000000000000 ]---
[ 1339.234587][ T5827] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1339.306678][ T5827] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 c0 6b 49 09 cc 66 66 66 66 66 66 2e
[ 1339.334290][ T5827] RSP: 0018:ffffc90003fcf7a8 EFLAGS: 00010206
[ 1339.343443][ T5827] RAX: dffffc0000000000 RBX: ffffffff8945c0e8 RCX: 863e979eb93f5100
[ 1339.353583][ T5827] RDX: 0000000000000000 RSI: ffffffff8945c0e8 RDI: 000000000000004b
[ 1339.361775][ T5827] RBP: ffffffff8a71b575 R08: 0000000000000001 R09: 0000000000000000
[ 1339.372133][ T5827] R10: dffffc0000000000 R11: ffffffff8a71b530 R12: 0000000000000000
[ 1339.382612][ T5827] R13: 0000000000000258 R14: 0000000000000258 R15: 0000000000000001
[ 1339.420731][ T5827] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1339.439941][ T5827] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1339.446555][ T5827] CR2: 000020000016b030 CR3: 000000007dae4000 CR4: 00000000003526f0
[ 1339.502126][ T5827] Kernel panic - not syncing: Fatal exception
[ 1339.508577][ T5827] Kernel Offset: disabled
[ 1339.512906][ T5827] Rebooting in 86400 seconds..