last executing test programs:

2m5.331426769s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m41.880278037s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m12.822938911s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

44.949462092s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

25.661373831s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

10.510259742s ago: executing program 1 (id=4088):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x11, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
read(r2, &(0x7f0000000040)=""/148, 0xffffff96)

10.25622514s ago: executing program 4 (id=4090):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x0, 0x18, 0x70, 0xfd}}]}}]}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$packet(0x11, 0x2, 0x300)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
open(&(0x7f0000000000)='./file1\x00', 0x10f0c2, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(0xffffffffffffffff, 0x5411)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect(0x3, 0xb12, &(0x7f0000000180)={{0x12, 0x1, 0x201, 0xe1, 0x41, 0xd4, 0xff, 0x403, 0xc7d0, 0x72b9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb00, 0x4, 0x9, 0x80, 0xc0, 0x5, [{{0x9, 0x4, 0xc9, 0x0, 0x2, 0x2e, 0x30, 0x53, 0x8, [@uac_control={{0xa, 0x24, 0x1, 0xb55, 0x20}}, @uac_as], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0xb, 0x8, 0x4}}, {{0x9, 0x5, 0xa, 0x1, 0x3ff, 0x4, 0x5, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x1, 0x1}]}}]}}, {{0x9, 0x4, 0xd2, 0x3, 0x10, 0xbd, 0x20, 0x5a, 0x3, [@generic={0x2f, 0x11, "8f77df9c0174b9ca15a9e5cf82b47eaa95d71f26d6e4528784d5b59b3e3fa80d8e72a7f3d0273af300b1810b94"}], [{{0x9, 0x5, 0x0, 0x0, 0x20, 0x2, 0xfe, 0x80}}, {{0x9, 0x5, 0x8, 0x0, 0x40, 0x7, 0xf, 0xe8}}, {{0x9, 0x5, 0x5, 0x10, 0x8, 0x16, 0x6, 0xc}}, {{0x9, 0x5, 0x3, 0x0, 0x200, 0x2, 0xf8, 0x4}}, {{0x9, 0x5, 0x5, 0x8, 0x10, 0x0, 0x5c, 0xe, [@generic={0x102, 0xa, "96747e32fb0b4366946e586c8cbf83a7a49f498f56a092b291e2213678b9b36db6bbb47874f37d4103e40108612e4572a3b9c5a53068cbc29eeae37c6359e18e2ac22260e9db187a82d77c6c4dbc9fed1af4c80428a68da8eb40db9b35ea987e5b1e41038ac16acec7c848062f433dc037de952b9e2b4b8e5c7efd9f3c4257fbc1d77c11cdeb45fda73b7b898a4604daa7370a3929bbc5ff6918040853faa764b3c3b8edecfdbeaf13cf36fd7cd0ff30e7e964848c1c8c90b7862f3bdf426fe9e2e3f0547b4240be482833f029839cf41837df465c4e62c35cb3d387e88230cb7b5b52fc02346bf8e33bfc98e1b5bda453ffcde5fa8968481b5cc890c6c4d5bf"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x20, 0x9, 0x3, 0x3}}, {{0x9, 0x5, 0xe, 0x4, 0x40, 0x0, 0x50, 0x3, [@generic={0x2f, 0xe, "263c55a3a1ca4ac067c196d34b8788d6957fc2812dbe5855cfdade6ae99fce1001ae2cba0bf132c0a6b1b07a0f"}]}}, {{0x9, 0x5, 0xa, 0x4, 0x0, 0xe, 0x8, 0x7f, [@generic={0x1e, 0x31, "b25b258bbabea4bce0f009ab7043a9feef242e29defaeb37986e882a"}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x7, 0x26, 0xd}}, {{0x9, 0x5, 0x2, 0x0, 0x40, 0x0, 0x3, 0x8}}, {{0x9, 0x5, 0x6, 0x0, 0x20, 0x10, 0x96, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x7}, @generic={0x79, 0x22, "641f18b33e34b54ba8bd6203e549099dd20d8a6c4b31d4c9bd85ef73bd14fac4b46de1c7907133de118a3d48419144403c7f56314460d2c9052fe069bf05bbd1a1c328159b16c4e28f5e860e89e95e67a141de4cee13683960641e31ca3efc6f1754b12641df740037236c4f03e6e8a52a22364f3d34ff"}]}}, {{0x9, 0x5, 0x7, 0x3, 0x200, 0x81, 0x8, 0x80}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x5, 0x12, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9}]}}, {{0x9, 0x5, 0x7, 0x19, 0x40, 0x1, 0x4, 0x40}}, {{0x9, 0x5, 0x9, 0x4, 0x3ff, 0x2, 0x4, 0x9a}}, {{0x9, 0x5, 0x5, 0x2, 0x20, 0xf, 0x42, 0x81, [@generic={0x3f, 0x9, "dbb7eeae215c0c32604f2211534082525aa1e6d07269f609c942d80a741bc837381988d55f0f675160bf0d76b2e6a53e520d24facdc40199fe9cc0803b"}]}}]}}, {{0x9, 0x4, 0x95, 0x5, 0x9, 0x74, 0x19, 0xf9, 0xbe, [@cdc_ecm={{0x6, 0x24, 0x6, 0x0, 0x0, '5'}, {0x5, 0x24, 0x0, 0x7fff}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x1, 0xfffe, 0x5a}, [@mbim={0xc, 0x24, 0x1b, 0x51, 0x1, 0x7, 0x2, 0x1, 0x4}, @mdlm_detail={0x2a, 0x24, 0x13, 0x1, "c72886b5f04dceefdca853760736d1e9656189b0d131af89faeb490223c0435ea7cbd52a64c6"}, @acm={0x4, 0x24, 0x2, 0x1}, @mbim={0xc, 0x24, 0x1b, 0x7f, 0x0, 0xf, 0x7, 0x9, 0x80}, @dmm={0x7, 0x24, 0x14, 0x6, 0x2}, @mbim_extended={0x8, 0x24, 0x1c, 0x7, 0x2, 0x6}]}, @cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "d7a14f7b3b93"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x1, 0x8000, 0x6}, {0x6, 0x24, 0x1a, 0xa, 0x12}, [@call_mgmt={0x5, 0x24, 0x1, 0x5d0381dcfd276aca, 0xf}, @acm={0x4}, @dmm={0x7, 0x24, 0x14, 0x8, 0x9}]}], [{{0x9, 0x5, 0x8d, 0x8, 0x10, 0x2, 0x1, 0x1, [@generic={0x8b, 0x3, "b9836867447891b6e4cf47aad71d7c155a31a48de5126c35a74ebad91bf12db1b018d436b3a9edb2c674987794ff0f6709a0f56cbda5014cc1abc4b7f5080809e376a5fa30d5196b0bfad2003fdea1b3008313ff70683aea84d7ccb63359a8d3c7b1195f0885c41f6fc3f754084bef1fb8be8e302609dbfeef5bf7fe1dfc8be0ec8a648baa3cfd7232"}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xc, 0x3, 0x6}}, {{0x9, 0x5, 0xa, 0x8, 0x0, 0x58, 0x4, 0xf}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0x7a, 0x5, 0xb, [@generic={0x87, 0x1, "ca4f7662dd86ac6bd7e69770240ae0890774865a7bd31ce8e392a4e9fc821a0aa65a9ccf8800cabdf3d98a4259c876abcaf176f145f9907c5ccf227f2c7152e6ab6ad168cff525f6b7d2f9716d93aed41b75a244531a26ada3d3d679d5460e033346770c824e8e27c61c5af609f74b0745e87b9265a1796e502d2d6b31d52d71109d3c5d9f"}, @generic={0xdb, 0x1, "a81a9aa7399f21dd21b00394857e8d27d8aeed3161b3dfa9c6edfaa4df56f3c03675109e8723042495f03088360109e4a5cfcfc58a47f9b5d9e37498a6acc41c93cdc400f72c38bd332749a390bdc3aeaa275f6872b606b306a141bf352d1a6a47689b1c962d09f1acb96b8ee14b45ed9491fee0e50c3174076854ecfa559be7726902e5a0eba9af36a31eb49692b37eeadf7cc9ef207e3aef2a42b33e8a18dd5762cf3184ed9c2d81e8a29a24d7583810ef17844f30468af8f4b8b4de616c237d705b4817327259309a30d73948e3f4ea67c10b52df2120b9"}]}}, {{0x9, 0x5, 0x0, 0x3, 0x200, 0x3a, 0x7, 0x5}}, {{0x9, 0x5, 0xc, 0x10, 0x8, 0x8, 0x5, 0x40}}, {{0x9, 0x5, 0x0, 0x1, 0x20, 0x81, 0x0, 0xf5, [@generic={0x43, 0x8, "540d09ba4a6213afe9338b475f57c523251892e46fba248dc57e17695b4e4bf4d4b4025e57ceae04d1022d22abbf92a61583660e4f8913702748a56a7306adb615"}, @generic={0xbf, 0x11, "92c6ddb3fc4d67b38f2ca667ab609849ec3027803d5e9570251a2ac6769b4ea340e19fc5a555cbd721e8cd2217ff17b6bd4406704b2243e4c63b1060d012fe6c01176c004b9842e0013aaabf7a10f8059c72176faa6ceed5746e3692ac5af43da18ef2558ffb6944f389faf9f84c038634fd0a22c1f88ad4f93acf341cfcbcccb91bc4a52a8b424bfd93057821baec5bb12914dceab6d2978a6c7cefb20252bf20c4934117fbb908e7b1f5b2ff8fc726c694115f7e5ff339f85278f63b"}]}}, {{0x9, 0x5, 0x7, 0x3, 0x40, 0xa, 0x8, 0xa2, [@generic={0xf6, 0x4, "e87624a2c2e56312377774f2cba60c789f80c81c2521ed3153aea96058d1dc6b7deb5285e554d0636e8af52ec12a6d8a7718e035778f23d39f6894c09390c0e544ec09bdcf8d8de0cc29a1f0e50016cddf109c33723e7ffa2b09abd0214b2551b639b7d4e3a6211c92451967c1ee11c19c330bace2e7da956929469c235008aa222857cd513e5e5610e74a1f7f55cd7d6e6c53cb13250de79626ceec29ce22e17afa097aeb7e8aff7ba6f5b0856ef926124d09b3a646ab38eb7aeb868b89625cc0dfa13a5996bf5b11d2bcfd1ed06a922841e59da844dbb9b5bb05d2565e14b121dcac6317b67c2fb977255573556f1ee2ed02d3"}, @generic={0x96, 0x31, "06fd7405f2fb0fbf450d2e7abc290a65fc35b1c25be25aa252fdd8708acf1743e7d02f61748d71d4aca1ca6f2758121df23c5a95818540608f9f9e32761e7328b9088ac5509b3ef9c75cffddf72c2e13d7fcec0f3138c1bdbf2de55b8ed1faa31d07acd65f86251f99808d080e9b31f4768bbf2bfe6c4f451afe1cf638dd91ab2d9fa10d0f03e69ad8894e86f6017333cd4bd046"}]}}, {{0x9, 0x5, 0x1, 0x4, 0x10, 0x1, 0x2, 0x7f}}]}}, {{0x9, 0x4, 0x61, 0x7, 0x7, 0xb6, 0xab, 0xa4, 0x6, [@uac_as, @cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "bf"}, {0x5, 0x24, 0x0, 0x1224}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x3, 0x4, 0x4}, {0x6, 0x24, 0x1a, 0xfff9, 0x5}, [@call_mgmt={0x5, 0x24, 0x1, 0x3, 0x9}]}], [{{0x9, 0x5, 0x8, 0x4, 0x200, 0x8, 0x28, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x40, 0x5, 0xc5e}, @generic={0x44, 0x2, "ba94e090753d6af82673e4d58656db84a323401dd303c3c64a2a7f4b5627a34b4186b2e1b6b8fc89c552f73c1751f23499eb618b802e0b53d69b291926f0385e2afb"}]}}, {{0x9, 0x5, 0xa, 0x10, 0x8, 0x0, 0x5, 0x5, [@generic={0xef, 0x3, "e5d9b40b78ca0110f2c8e76e4f8f81a3d8024d1a35217b065307e6385301248fb3598e9465e15c99fe3589d5fbd4a56c08f242fcd0b3269d2428e6653f2226c94d6b5f0de7b3d9df46120ed2743960c4f892779b3f5c00ed30ec1e0eb3390b08fa94229f09a2b392873001659405244d3cecaa518a6dcbdf1fa354517d7c14493952d0313b823f8c7357ca8322f210e88c997bae982f7d200ce90f9cb97fa2662dd73540b7e0f82e817c93caedea46ab97798cf4d9c7fc4fec0bf6d93ac9d6efc61fe778c257b281d4371ed8a9f357c55b606179b565ea00ba29d9541b1d9d9802b09e634ef4ce3496f0d0eba2"}, @generic={0x4d, 0x23, "a98e0637403bea0f6085f58996818061f701aec093ce514f32d70e7486e7c30e5e64d999404fdd70c2c34eefa84855d3ce9e638257dbd897de8c25afcecc60cdaa56107a465a7083d860d5"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0x0, 0xb4, 0x3}}, {{0x9, 0x5, 0x7, 0x5, 0x400, 0x23, 0xea, 0x7}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x8, 0x9, 0x3}}, {{0x9, 0x5, 0xf, 0x0, 0x20, 0x1, 0x1, 0x9, [@generic={0x58, 0xa, "31247384114e9710adb8a1146e68e47d5d31b86b7d53e38b827c3b17fc80388f63a4949ab94e918515c30be78524b929787157d60ea4ee66bf8097f783437324f5cf8de922f2a20ce94b4781d399d1532b9a99221e4e"}, @generic={0x22, 0x30, "b447bc8fd5f52f3e6731c987dd21bd7b664837a8d8de29da6be74e183c9bc850"}]}}, {{0x9, 0x5, 0x80, 0x8, 0x20, 0x1, 0x2, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x40, 0x1}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0xee, 0x6}]}}]}}]}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0xf, 0x9, 0xe, 0x8, 0x4}, 0x3c, &(0x7f0000000040)=ANY=[@ANYBLOB="050f3c00050b1001042800090506000507100200905b0b1410041ab06a2ff995f084d500d2b7fbc742d8200a1003000c008045010007100200110200"], 0x4, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x439}}, {0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x200a}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x410}}, {0xc2, &(0x7f0000000cc0)=@string={0xc2, 0x3, "8741a40adfa301297c1d8c3c288b625e0219be07829ee99da2c0692e1fd83d99e08e483874428b01733a16a44fcfbddc4665a000a3e9edf88316f2c9e2b81217874b71bc4c2c041d9752eed62d415d4ec5c5efcb753710e369708280b3c1d735dec2cca316edce92455b04499e4f2630dc1bf7ed9d1d6eca6d2ad99b4cfca73477760eed3ac1795f927a5730e1167701e3e83a347ede27ffce29427ebede5752b61d217048fe3c94e866ecd25a6c69319cc5d897de134eb58e6b4f0bde53c454"}}]})

9.022179326s ago: executing program 1 (id=4092):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a700000000000905", @ANYRES32], 0x0)
syz_open_procfs$userns(r1, &(0x7f0000000100))
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1b, &(0x7f0000000000)=0x100001, 0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000010a80)=@raw={'raw\x00', 0x8, 0x3, 0xa08, 0x100, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x970, 0xffffffff, 0xffffffff, 0x970, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @private, 0x0, 0x0, 'batadv0\x00', 'batadv_slave_0\x00', {}, {}, 0x21}, 0x6, 0xa0, 0x100, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[], [], 0x3d8}}]}, @common=@SET={0x60}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'veth0_virt_wifi\x00', 'bond_slave_0\x00'}, 0x0, 0x850, 0x870, 0x0, {}, [@common=@unspec=@u32={{0x7e0}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa68)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00\x00'], 0x50)
connect$inet6(r3, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmmsg(r3, &(0x7f0000006680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[{0x10, 0x108}, {0x10, 0x10d, 0xf6}], 0x20}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003f80)=[{0x10, 0x1, 0xe}], 0x10}}], 0x2, 0x8000)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff}, './file0\x00'})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000001c0)={r6, r5, 0xb39c5f88721c7ede, r0}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket(0x2, 0x800, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x839eef59733fa2ad, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readv(r7, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1)

7.695667638s ago: executing program 0 (id=4098):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_USERDATA={0xc, 0x3, "91abc12404cf3780"}]}], {0x14}}, 0x48}}, 0x0)

7.589344994s ago: executing program 0 (id=4099):
socket$l2tp(0x2, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x10002)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f00000002c0)={0x27, 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, "b1e4edddf9011595fbb4f9f40484f7c9e49d752a8a85083a92395991877695bafa4adbe1d6ba280f949e742a7e21228db38674b29a9ec88a2b75fee3eb7b36", 0x1e}, 0x60)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000100), 0x6, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r3, 0x0, 0x7)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = msgget$private(0x0, 0x4e1)
msgsnd(r4, &(0x7f0000002500)=ANY=[@ANYBLOB="03"], 0x0, 0x0)
msgctl$IPC_STAT(r4, 0x2, &(0x7f00000003c0)=""/224)
r5 = socket(0x11, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @dev}, 0x14)
bind$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x9, 0x6, @dev}, 0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000004c0)=ANY=[], 0x28}}, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"0e00", 0x0, 0x6, 0x2, 0x0, 0x0, "f700", '\x00\x00\a\x00', "0300", "fcffffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0c436d743c97c443084000", "ff81000000008000"]})
ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000000)={0x7, 0x1, 0x5, 0x3ae9, 0xc7, 0x1, "02f8ffff070000fbb4883d45f400", 0xff, 0xae, 0x6, 0xb4, 0x2, 0x0, 0x60})

6.956769156s ago: executing program 4 (id=4100):
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x2}}, './file0\x00'})
mkdirat$cgroup(r1, &(0x7f0000000240)='syz0\x00', 0x1ff)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000200)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906c594125a10053c8e288ac4445ff0e999d423cc250e31e8650d248e49ba5fb3be8db01db38acf5a4455630ecb10f753530ada6598a1ff4805370a5cebf05e199368871b2751c242633419d13a6b05a390d21ab1d44be1254385b3d882c646f9762bf3480e05e98c9cc655adb7caa279e66709794e3b93cda0b9a14794e6d020cc68ea70e71a083e1a2b375591203ce218e8d244cf32f5dd7af0ee1ed032d3b59e4d57136639d68b7577553393a9", 0xf1}, {&(0x7f0000000000)="ef7791000dc7777cb951ca638ea0e1b5d280548c882aa59a68cd17c0e7f23d", 0x1f}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f00000001c0)=""/36, 0x24}, {&(0x7f00000003c0)=""/203, 0xcb}], 0x3}, 0xc3}], 0x1, 0x2003, 0x0)

6.243745125s ago: executing program 2 (id=4102):
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x17f)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0xba01, 0x0, 0x4044000}, 0x48004)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000900)='trans=tcp,')
mount$fuse(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRES8, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$9p_rdma(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x3b8c039, &(0x7f0000000440)=ANY=[])
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x20000)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0xb)
pipe(0x0)
iopl(0x3)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = mq_open(&(0x7f0000000580)='!\x7f\x00\xca\x00\x00\x00\f\x00vt\x00\x01E!\x05\x99\xb7|`', 0x6e93ebbbcc0884f2, 0x61, &(0x7f0000000480)={0x0, 0x2, 0x7})
mq_timedreceive(r3, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x100000000000000, 0x0)
listen(r0, 0xefffffff)

6.22273383s ago: executing program 0 (id=4103):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x4}, 0x8)
sendto$inet6(r1, &(0x7f0000000240)='\f', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0), 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180200000000200000000000000000008500000036000000950000000000000049db185086ea6334aa453ec969352991eb38f162575a68c0e574b1758d28a5aa8e86720031a818d25477fc738a2157e500171427cceeb8adc298f40b9affaa9ceb28e1ac72f4d412696ddf196f7380423f5d1cff072e84bf03770a9bf0bede62157b45b5a2ef59cea5048ffb"], &(0x7f00000000c0)='GPL\x00', 0x5, 0xc5, &(0x7f00000001c0)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000440)={r2, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x5e, &(0x7f0000000140)=ANY=[], 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCGSERIAL(r5, 0x541e, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/95})

5.766326383s ago: executing program 1 (id=4104):
accept$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, 0x0, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x5, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

5.765980621s ago: executing program 4 (id=4105):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r1=>0x0})
msgctl$IPC_RMID(0x0, 0x0)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000300)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc094}, 0x40080)
r2 = socket$rds(0x15, 0x5, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r5 = openat$cgroup_pressure(r3, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r4}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000340)={'some', 0x20, 0x4, 0x20, 0xffffa}, 0x2f)
close(r5)
sendmsg$rds(r2, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000040)=""/66, 0x42}, {&(0x7f00000000c0)=""/18, 0x12}], 0x2, &(0x7f00000004c0)=[@mask_fadd={0x58, 0x114, 0x8, {{0x5, 0x7ff}, &(0x7f0000000140)=0x9, &(0x7f00000001c0)=0x53, 0x32f80000000, 0x6, 0x4, 0x5, 0x48, 0x2}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000200)=""/152, 0x98}, &(0x7f00000002c0), 0x1c}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0x8}, &(0x7f0000000340)=0x5, &(0x7f0000000380)=0x5, 0xefacdc7, 0x9, 0x3, 0x7, 0xb, 0x81}}, @cswp={0x58, 0x114, 0x7, {{0x2, 0x6eb}, &(0x7f00000003c0)=0x3, &(0x7f0000000400)=0x6, 0x5, 0x4, 0x5, 0x100000001, 0x18, 0x5}}, @mask_fadd={0x58, 0x114, 0x8, {{0x8, 0x929}, &(0x7f0000000440)=0x9, &(0x7f0000000480)=0xfff, 0x8, 0xfffffffffffffff3, 0x6, 0xd6f8, 0x20, 0x80}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x5}], 0x1a8, 0x48094}, 0x90)

5.731023289s ago: executing program 0 (id=4106):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x3000)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
syz_io_uring_setup(0x499, &(0x7f00000004c0)={0x0, 0x3355, 0x8, 0xffffffff, 0x288}, &(0x7f0000000440)=<r1=>0x0, &(0x7f0000000480))
io_setup(0x8, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
r2 = landlock_create_ruleset(&(0x7f0000000000)={0x10}, 0x18, 0x0)
writev(r2, &(0x7f0000000080), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
clock_gettime(0x0, &(0x7f0000000280))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f00000000c0)=0x1c3, 0x12)

5.696417185s ago: executing program 2 (id=4107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
dup(0xffffffffffffffff)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/62, 0x3e}, {&(0x7f0000000340)=""/250, 0xfa}, {&(0x7f0000000280)}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000000500)=""/41, 0x29}, {&(0x7f0000000540)=""/247, 0xf7}, {&(0x7f0000000640)=""/137, 0x89}, {&(0x7f0000000700)=""/249, 0xf9}], 0x8, &(0x7f0000000c80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x509}, {&(0x7f0000000880)=""/53, 0x35}, &(0x7f0000000b40)=[{&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/77, 0x4d}, {&(0x7f0000000940)=""/213, 0xd5}, {&(0x7f0000000a40)=""/230, 0xe6}], 0x4, 0x70f28f9859800041, 0x8}}, @mask_cswp={0x58, 0x114, 0x9, {{0xa, 0x6211}, &(0x7f0000000b80)=0x2, &(0x7f0000000bc0)=0x5, 0x800, 0x7, 0x8, 0x2, 0xd, 0xd}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x5}, @fadd={0x58, 0x114, 0x6, {{}, &(0x7f0000000c00)=0x9, &(0x7f0000000c40)=0x7, 0x800, 0x4, 0xb, 0x7, 0x18, 0x3}}], 0x110, 0x20000000}, 0x40000) (async)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/62, 0x3e}, {&(0x7f0000000340)=""/250, 0xfa}, {&(0x7f0000000280)}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000000500)=""/41, 0x29}, {&(0x7f0000000540)=""/247, 0xf7}, {&(0x7f0000000640)=""/137, 0x89}, {&(0x7f0000000700)=""/249, 0xf9}], 0x8, &(0x7f0000000c80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x509}, {&(0x7f0000000880)=""/53, 0x35}, &(0x7f0000000b40)=[{&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/77, 0x4d}, {&(0x7f0000000940)=""/213, 0xd5}, {&(0x7f0000000a40)=""/230, 0xe6}], 0x4, 0x70f28f9859800041, 0x8}}, @mask_cswp={0x58, 0x114, 0x9, {{0xa, 0x6211}, &(0x7f0000000b80)=0x2, &(0x7f0000000bc0)=0x5, 0x800, 0x7, 0x8, 0x2, 0xd, 0xd}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x5}, @fadd={0x58, 0x114, 0x6, {{}, &(0x7f0000000c00)=0x9, &(0x7f0000000c40)=0x7, 0x800, 0x4, 0xb, 0x7, 0x18, 0x3}}], 0x110, 0x20000000}, 0x40000)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) (async)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x14) (async)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2004ccd4}, 0x0)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) (async)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) (async)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x200, 0x3f20}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @broadcast}]}}}, @IFLA_MASTER={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x40488c5}, 0x40000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f00)={{0x14}, [@NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x20}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc8}}, 0x0) (async)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f00)={{0x14}, [@NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x20}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc8}}, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

4.79287667s ago: executing program 2 (id=4108):
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e6400000000180002801400088008"], 0x48}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}, 0xf00}], 0x1, 0x0)

4.730836478s ago: executing program 1 (id=4109):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {<r1=>r0}}, '.\x00'})
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f00000000c0))
r2 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close_range(r3, r3, 0x2)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRES32=r4], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e", @ANYRESHEX=r2], 0xa0}}, 0x0)
r6 = syz_clone(0x30009100, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x80000001, 0x0)
ptrace$getregset(0x4205, r6, 0x1, &(0x7f0000000080)={&(0x7f0000019580)=""/120, 0x78})
r7 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000004b40), r8)
sendmsg$NET_DM_CMD_START(r8, &(0x7f0000004c00)={0x0, 0x0, &(0x7f0000004bc0)={&(0x7f0000004b80)={0x14, r9, 0x1, 0x70bd2c, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00', @link_local})
setsockopt$XDP_TX_RING(r2, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)

4.654732064s ago: executing program 4 (id=4110):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r1, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r0, r1, 0x0, 0x5, &(0x7f0000000280)='$\x8b{!\x00'}, 0x30)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000100), &(0x7f0000000180)=0xfffffffffffffefd)
syz_emit_ethernet(0x14e, &(0x7f0000000bc0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6000000001183a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa041400000000000001040000000007100000000102800100070000000000005aa6c5608a06000c2a2d7fbfa01387dd83b926068210b5565b0c0ab7d70a707c410d67fa958986f83ed986ef16e75b4604403840fd93d025a9c20400000028074800000003100e04000c0000000000000001000100000000009e89000000000000fffbffffffffffff00000020000000000800000000000000060000000000000000080000000000000109000000000000000000010000000000000000110201100000000000000000000000000000ffff000000006c000000000000002b260000000000000200907800000000605b29ab00001100fc010000000000000000000000000000fe8000000000000000000000000000aa2b0100000000000001063adee1999e721a029587e3c4827c86d8ec770269986426a53825e388b19e1b4fa0d74fe18394d46fed8b6331a4dae4b41fef351560e20d92e45e26c2050c158871d1a90ddf4a61227e01faacc856655b5283686241192cc5c3072c975e825abc93ddfb2e3e0c5694c4b7605980eb5ea3a0f39b9c807ca734d4a11056d9f88a16514292c6f3ce819f8c4654b55dac2eee818d5c1997bf004625747e67bfe3a91c0958d31e024bbe5e4d6b50996593c45a955a21b8cc10fd962432"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="380100001a00010000f70000fddbdf25fc02580000f4ffffffffffffff00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000000003300000000000000000000000000ffffe0000002fffffffffffffffffdffffffffffffff0000000000000000010400"/84], 0x138}}, 0x20000000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x4}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}]}}, 0x0, 0x5a, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)

4.58424723s ago: executing program 0 (id=4111):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x2)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000140097f87059ae08060c040002ff0f0200000000000001870182fa73a69d35a2cca84708f7abca1b4e7d06a6bd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000002300)=<r4=>0x0)
prlimit64(r4, 0x1, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), r6)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000000900)={0x0, 0x3c, &(0x7f00000008c0)={&(0x7f0000000840)={0x30, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xe6}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4010044)
sched_setscheduler(r5, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)

4.481494904s ago: executing program 2 (id=4112):
r0 = io_uring_setup(0x7884, &(0x7f0000000a40)={0x0, 0x0, 0x2, 0xfffffffe, 0x3bd})
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xce)
bind$vsock_stream(r1, &(0x7f0000009c80)={0x28, 0x0, 0x0, @hyper}, 0x10)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={r3, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_ethernet(0xe3, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800472100d50068000000219078ffffffffffffffff86060000000100004e224e2304b190782680a11f089bbbbe09c0f88fb4aa60c41f373d74847d0937036f631868a77b7d8e56879cd12a04ecbf1bec6bacae07d1f16a36c93e6243958acb2ec551bf1a36f5323c27bc6c079f7d22526d58b971367d88e1e55a0a26f6102ef5424e61dd9a9261864abe379649b1d4ec7f22b878cc1908ca8df634579aa672e56aa8999fba95ecffc06333ca2e5441bf129c89cfe85b2c4e50cfcfe8b245c0c8e4c33839137eae910d79a0e3571f6ccbf11adb9c885b"], 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, 0x0, 0x0, 0x1, 0x0, 0x0, {0x8001, 0x6, 0x0, 0x4, 0x0, 0x4, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x4040, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=@newtaction={0x60, 0x30, 0xb, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ct={0x48, 0x1, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x10, 0x401}, @TCA_CT_LABELS={0x14, 0x7, "5033a44a9bc53b0149979c0db12f7a74"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x240008c4}, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000280)={'sit0\x00', 0x0})
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r7 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r7, &(0x7f0000002700)=""/102392, 0x18ff8)
recvmmsg(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x2000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f00000001c0)=0x5)
ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000040)={0x0, r4, r5, 0x0, 0x3, 0xde000003, 0x80})
close_range(r0, 0xffffffffffffffff, 0x0)

3.523000088s ago: executing program 4 (id=4113):
accept$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, 0x0, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x5, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.140252365s ago: executing program 3 (id=3759):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, &(0x7f0000000140)={0x12, {{0x29, 0x0, 0x3e000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.608126203s ago: executing program 1 (id=4114):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
prctl$PR_SET_DUMPABLE(0x4, 0x2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x14110400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)

1.604940985s ago: executing program 2 (id=4115):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
prctl$PR_SET_DUMPABLE(0x4, 0x2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x14110400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)

1.601932894s ago: executing program 4 (id=4116):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = dup(0xffffffffffffffff)
io_setup(0x4, &(0x7f0000000040))
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
epoll_create(0x3)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_SEND={0x1a, 0x34, 0x0, r1, 0x0, &(0x7f0000000340)="21d35bbceacd268b28c94e88a087264c2aa64f8291f008022229318b59ba5330daea6ae66e4bb152dda164f34522205dbbd88d36fb72e890af25f2cd765725e47a831159d50aba1d128c3d77591f4b9958f2a823ecea8ada114a77bc5031328f8a89fa25ffdda00436d0f161ee2a8acaa89bfc57e8b779db2e72db2f14b835079c54242501fffdb9d5635c4c7dfbce", 0x8f, 0x40, 0x1})
r6 = socket(0x1e, 0x1, 0x0)
connect$tipc(r6, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
recvmmsg(r6, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/154, 0x9a}], 0x1}, 0xa46}], 0x1, 0x2102, 0x0)
write$binfmt_misc(r6, &(0x7f0000000340), 0x2000011a)
dup(0xffffffffffffffff)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, 0x0, 0x0)

1.491404217s ago: executing program 0 (id=4117):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r1, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r0, r1, 0x0, 0x5, &(0x7f0000000280)='$\x8b{!\x00'}, 0x30)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000100), &(0x7f0000000180)=0xfffffffffffffefd)
syz_emit_ethernet(0x14e, &(0x7f0000000bc0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6000000001183a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa041400000000000001040000000007100000000102800100070000000000005aa6c5608a06000c2a2d7fbfa01387dd83b926068210b5565b0c0ab7d70a707c410d67fa958986f83ed986ef16e75b4604403840fd93d025a9c20400000028074800000003100e04000c0000000000000001000100000000009e89000000000000fffbffffffffffff00000020000000000800000000000000060000000000000000080000000000000109000000000000000000010000000000000000110201100000000000000000000000000000ffff000000006c000000000000002b260000000000000200907800000000605b29ab00001100fc010000000000000000000000000000fe8000000000000000000000000000aa2b0100000000000001063adee1999e721a029587e3c4827c86d8ec770269986426a53825e388b19e1b4fa0d74fe18394d46fed8b6331a4dae4b41fef351560e20d92e45e26c2050c158871d1a90ddf4a61227e01faacc856655b5283686241192cc5c3072c975e825abc93ddfb2e3e0c5694c4b7605980eb5ea3a0f39b9c807ca734d4a11056d9f88a16514292c6f3ce819f8c4654b55dac2eee818d5c1997bf004625747e67bfe3a91c0958d31e024bbe5e4d6b50996593c45a955a21b8cc10fd962432"], 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x4}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}]}}, 0x0, 0x5a, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)

34.050778ms ago: executing program 1 (id=4118):
accept$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, 0x0, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x6, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x0, 0x4000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

0s ago: executing program 2 (id=4119):
accept$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x6, 0x0, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0xa40, 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000300)={0x400, 0x5, [{0xffffffffffffffff, 0x0, 0x1000000000000, 0x1000000000000}, {0xffffffffffffffff, 0x0, 0x8000, 0x1000000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x4000, 0x8000}, {0xffffffffffffffff, 0x0, 0x1000000, 0x100000000}]})
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x6]}, 0x8, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000009000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getgroups(0x4, &(0x7f0000000400)=[0xee01, 0xee01, 0xee00, 0xee00])
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@delqdisc={0x24}, 0x24}}, 0x8800)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x2d7352ec7a99afa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4040004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

kernel console output (not intermixed with test programs):

=0x7fa69b38e929 code=0x7ffc0000
[ 1347.829731][  T871] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1347.871669][   T30] audit: type=1326 audit(2000000396.710:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20977 comm="syz.1.3849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa69b38e929 code=0x7ffc0000
[ 1347.872312][  T871] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1347.913074][  T871] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1347.922502][  T871] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1347.952684][  T871] usb 3-1: Manufacturer: syz
[ 1347.970466][  T871] usb 3-1: config 0 descriptor??
[ 1347.990142][T20995] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=20995 comm=syz.4.3851
[ 1348.065778][ T5898] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1348.387619][ T5898] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1348.401485][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1348.560576][ T5898] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1348.569791][ T5898] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1348.588073][  T871] rc_core: IR keymap rc-hauppauge not found
[ 1348.609696][  T871] Registered IR keymap rc-empty
[ 1348.629145][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1348.641569][ T5898] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1348.661736][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1348.671068][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1348.679538][ T5898] usb 2-1: Product: syz
[ 1348.699641][  T871] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1348.701035][ T5898] usb 2-1: Manufacturer: syz
[ 1348.753739][T21015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1348.762876][  T871] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input50
[ 1348.776726][T21015] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1348.803462][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1348.837903][ T5898] cdc_wdm 2-1:1.0: skipping garbage
[ 1348.843202][ T5898] cdc_wdm 2-1:1.0: skipping garbage
[ 1348.855311][ T5898] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1348.861997][ T5898] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1348.888079][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1348.936824][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1348.976207][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.009000][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.047963][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.085650][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.097850][T20989] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1349.118355][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.141338][    C0] wdm_int_callback: 11 callbacks suppressed
[ 1349.141377][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.153941][    C0] wdm_int_callback: 11 callbacks suppressed
[ 1349.153970][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.157672][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.160252][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.179676][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.187725][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.194372][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.201273][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.207913][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.216125][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.222770][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.226539][  T871] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1349.236067][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.236093][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.236285][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.255437][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.262989][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.269634][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.276355][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.282993][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.289380][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1349.296001][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1349.313509][ T5898] usb 2-1: USB disconnect, device number 66
[ 1349.313575][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1349.338066][  T871] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1349.373105][  T871] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1349.432457][  T871] usb 3-1: USB disconnect, device number 49
[ 1349.564382][ T6431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1349.591125][ T6431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1349.600119][T19234] Bluetooth: hci2: command tx timeout
[ 1349.624609][ T6431] bond0 (unregistering): Released all slaves
[ 1351.265718][ T5898] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[ 1351.485149][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1351.508104][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1351.677891][T19234] Bluetooth: hci2: command tx timeout
[ 1351.909155][ T5898] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1352.039445][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1352.091818][ T5898] usb 5-1: config 0 descriptor??
[ 1352.126298][ T5898] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1352.133004][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[ 1352.216321][ T5898] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1352.245264][ T5898] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1352.292428][ T5898] usb 5-1: media controller created
[ 1352.338057][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1352.385083][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[ 1352.515843][ T6431] hsr_slave_0: left promiscuous mode
[ 1352.758449][ T5898] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1352.765638][ T6431] hsr_slave_1: left promiscuous mode
[ 1352.766632][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1352.787519][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1352.806675][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1352.810800][ T5898] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input51
[ 1353.140990][ T5898] dvb-usb: schedule remote query interval to 150 msecs.
[ 1353.156656][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1353.185557][ T5898] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1353.226215][ T5898] usb 5-1: USB disconnect, device number 58
[ 1353.295833][ T6431] veth1_macvtap: left promiscuous mode
[ 1353.309381][ T6431] veth0_macvtap: left promiscuous mode
[ 1353.389095][ T5898] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1353.438712][ T6431] veth1_vlan: left promiscuous mode
[ 1353.444649][ T6431] veth0_vlan: left promiscuous mode
[ 1353.574685][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1353.574708][   T30] audit: type=1400 audit(2000000403.410:1283): avc:  denied  { ioctl } for  pid=21104 comm="syz.1.3867" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1353.862838][T19234] Bluetooth: hci2: command tx timeout
[ 1354.040283][ T6014] tipc: Subscription rejected, illegal request
[ 1354.435549][ T5898] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1354.587144][ T5898] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1354.599533][ T5898] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1354.649598][ T5898] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1354.677613][ T5898] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1354.732235][ T5898] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1354.751992][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1354.767005][ T5898] usb 5-1: Product: syz
[ 1354.771213][ T5898] usb 5-1: Manufacturer: syz
[ 1354.794594][ T5898] cdc_wdm 5-1:1.0: skipping garbage
[ 1354.834377][ T5898] cdc_wdm 5-1:1.0: skipping garbage
[ 1354.866759][ T5898] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 1354.883013][ T5898] cdc_wdm 5-1:1.0: Unknown control protocol
[ 1355.011154][T21115] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1355.063259][    C0] wdm_int_callback: 60 callbacks suppressed
[ 1355.063286][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.075787][    C0] wdm_int_callback: 60 callbacks suppressed
[ 1355.075805][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.088234][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.094828][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.101264][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.107876][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.114194][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.120782][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.127374][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.133950][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.140166][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.146737][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.153185][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.159753][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.166505][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.173091][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.179350][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.185916][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.192232][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1355.198839][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1355.225542][T17857] usb 5-1: USB disconnect, device number 59
[ 1355.225617][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1355.588402][ T6431] team0 (unregistering): Port device team_slave_1 removed
[ 1355.639054][ T6431] team0 (unregistering): Port device team_slave_0 removed
[ 1355.904887][T21134] FAULT_INJECTION: forcing a failure.
[ 1355.904887][T21134] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1355.918202][T21134] CPU: 0 UID: 0 PID: 21134 Comm: syz.0.3870 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1355.918230][T21134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1355.918244][T21134] Call Trace:
[ 1355.918258][T21134]  <TASK>
[ 1355.918268][T21134]  dump_stack_lvl+0x16c/0x1f0
[ 1355.918313][T21134]  should_fail_ex+0x512/0x640
[ 1355.918348][T21134]  _copy_to_user+0x32/0xd0
[ 1355.918380][T21134]  simple_read_from_buffer+0xcb/0x170
[ 1355.918412][T21134]  proc_fail_nth_read+0x197/0x270
[ 1355.918440][T21134]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1355.918464][T21134]  ? rw_verify_area+0xcf/0x680
[ 1355.918487][T21134]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1355.918515][T21134]  vfs_read+0x1e1/0xc60
[ 1355.918543][T21134]  ? __pfx___mutex_lock+0x10/0x10
[ 1355.918573][T21134]  ? __pfx_vfs_read+0x10/0x10
[ 1355.918603][T21134]  ? __fget_files+0x20e/0x3c0
[ 1355.918636][T21134]  ksys_read+0x12a/0x250
[ 1355.918658][T21134]  ? __pfx_ksys_read+0x10/0x10
[ 1355.918689][T21134]  do_syscall_64+0xcd/0x4c0
[ 1355.918720][T21134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1355.918742][T21134] RIP: 0033:0x7f145098d33c
[ 1355.918760][T21134] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1355.918778][T21134] RSP: 002b:00007f1451824030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1355.918799][T21134] RAX: ffffffffffffffda RBX: 00007f1450bb6160 RCX: 00007f145098d33c
[ 1355.918811][T21134] RDX: 000000000000000f RSI: 00007f14518240a0 RDI: 0000000000000008
[ 1355.918823][T21134] RBP: 00007f1451824090 R08: 0000000000000000 R09: 0000000000000000
[ 1355.918834][T21134] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1355.918846][T21134] R13: 0000000000000000 R14: 00007f1450bb6160 R15: 00007ffceb781bb8
[ 1355.918873][T21134]  </TASK>
[ 1356.598057][ T5898] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1356.758319][ T5898] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1356.778853][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1356.790762][ T5898] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1356.812942][ T5898] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1356.821316][ T5898] usb 1-1: Manufacturer: syz
[ 1356.831931][T20944] chnl_net:caif_netlink_parms(): no params data found
[ 1356.841444][ T5898] usb 1-1: config 0 descriptor??
[ 1356.977725][ T5898] rc_core: IR keymap rc-hauppauge not found
[ 1356.995555][ T5898] Registered IR keymap rc-empty
[ 1357.001553][ T5898] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 1357.043992][ T5898] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input52
[ 1357.498302][    C0] igorplugusb 1-1:0.0: receive overflow, at least 31 lost
[ 1357.642934][T20944] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1357.663775][T20944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1357.679622][T21160] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1357.693045][T20944] bridge_slave_0: entered allmulticast mode
[ 1357.757030][T21138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3872'.
[ 1357.891966][T20944] bridge_slave_0: entered promiscuous mode
[ 1357.901274][T20944] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1357.909443][T20944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1357.919728][T20944] bridge_slave_1: entered allmulticast mode
[ 1357.927878][T20944] bridge_slave_1: entered promiscuous mode
[ 1358.229453][T15524] usb 1-1: USB disconnect, device number 62
[ 1358.409741][T20944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1358.430733][T21176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3878'.
[ 1358.431859][T20944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1358.641285][T20944] team0: Port device team_slave_0 added
[ 1358.664593][T20944] team0: Port device team_slave_1 added
[ 1358.706939][T21182] syz.4.3879 (21182) used greatest stack depth: 19208 bytes left
[ 1358.888841][T21191] autofs4:pid:21191:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[ 1359.044091][T20944] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1359.056375][T20944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1359.228019][T20944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1359.322532][T20944] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1359.330053][T20944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1359.362593][T20944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1359.446526][T20944] hsr_slave_0: entered promiscuous mode
[ 1359.458496][T20944] hsr_slave_1: entered promiscuous mode
[ 1359.638187][T21203] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1362.345732][T17857] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1363.042628][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1363.185744][T17857] usb 1-1: Using ep0 maxpacket: 32
[ 1363.192855][T17857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1363.211624][T17857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1363.221639][T17857] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[ 1363.234987][T17857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1363.275676][T17857] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1363.301903][T17857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1363.320004][T21243] netlink: 'syz.4.3892': attribute type 10 has an invalid length.
[ 1363.327353][T17857] usb 1-1: Product: syz
[ 1363.328027][   T30] audit: type=1400 audit(2000000413.160:1284): avc:  denied  { bind } for  pid=21241 comm="syz.4.3892" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1363.338219][T17857] usb 1-1: Manufacturer: syz
[ 1363.375649][T21239] warn_alloc: 2 callbacks suppressed
[ 1363.375666][T21239] syz.2.3890: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1363.396197][T21239] CPU: 1 UID: 0 PID: 21239 Comm: syz.2.3890 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1363.396221][T21239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1363.396231][T21239] Call Trace:
[ 1363.396239][T21239]  <TASK>
[ 1363.396246][T21239]  dump_stack_lvl+0x16c/0x1f0
[ 1363.396284][T21239]  warn_alloc+0x248/0x3a0
[ 1363.396309][T21239]  ? __pfx_warn_alloc+0x10/0x10
[ 1363.396327][T21239]  ? __pfx_stack_trace_save+0x10/0x10
[ 1363.396349][T21239]  ? stack_depot_save_flags+0x28/0xa40
[ 1363.396372][T21239]  ? kasan_save_stack+0x42/0x60
[ 1363.396389][T21239]  ? kasan_save_stack+0x33/0x60
[ 1363.396407][T21239]  ? kasan_save_track+0x14/0x30
[ 1363.396422][T21239]  ? xskq_create+0x52/0x1d0
[ 1363.396439][T21239]  ? xsk_setsockopt+0x640/0x840
[ 1363.396451][T21239]  ? do_sock_setsockopt+0x224/0x470
[ 1363.396468][T21239]  ? xskq_create+0xfb/0x1d0
[ 1363.396483][T21239]  __vmalloc_node_range_noprof+0xff5/0x14b0
[ 1363.396503][T21239]  ? xskq_create+0xfb/0x1d0
[ 1363.396521][T21239]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1363.396539][T21239]  ? xskq_create+0xfb/0x1d0
[ 1363.396554][T21239]  vmalloc_user_noprof+0x9e/0xe0
[ 1363.396569][T21239]  ? xskq_create+0xfb/0x1d0
[ 1363.396584][T21239]  xskq_create+0xfb/0x1d0
[ 1363.396600][T21239]  xsk_setsockopt+0x640/0x840
[ 1363.396616][T21239]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1363.396629][T21239]  ? __lock_acquire+0x622/0x1c90
[ 1363.396652][T21239]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1363.396669][T21239]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1363.396684][T21239]  do_sock_setsockopt+0x224/0x470
[ 1363.396696][T21239]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1363.396717][T21239]  __sys_setsockopt+0x1a0/0x230
[ 1363.396737][T21239]  __x64_sys_setsockopt+0xbd/0x160
[ 1363.396752][T21239]  ? do_syscall_64+0x91/0x4c0
[ 1363.396771][T21239]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1363.396789][T21239]  do_syscall_64+0xcd/0x4c0
[ 1363.396808][T21239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.396826][T21239] RIP: 0033:0x7f796eb8e929
[ 1363.396839][T21239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1363.396854][T21239] RSP: 002b:00007f796f939038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1363.396868][T21239] RAX: ffffffffffffffda RBX: 00007f796edb6080 RCX: 00007f796eb8e929
[ 1363.396880][T21239] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1363.396889][T21239] RBP: 00007f796ec10b39 R08: 0000000000000004 R09: 0000000000000000
[ 1363.396899][T21239] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1363.396908][T21239] R13: 0000000000000000 R14: 00007f796edb6080 R15: 00007ffec0a25328
[ 1363.396925][T21239]  </TASK>
[ 1363.396932][T21239] Mem-Info:
[ 1363.662281][T21239] active_anon:30265 inactive_anon:0 isolated_anon:0
[ 1363.662281][T21239]  active_file:15886 inactive_file:41104 isolated_file:0
[ 1363.662281][T21239]  unevictable:768 dirty:354 writeback:0
[ 1363.662281][T21239]  slab_reclaimable:7557 slab_unreclaimable:99522
[ 1363.662281][T21239]  mapped:31506 shmem:22090 pagetables:1265
[ 1363.662281][T21239]  sec_pagetables:0 bounce:0
[ 1363.662281][T21239]  kernel_misc_reclaimable:0
[ 1363.662281][T21239]  free:1278642 free_pcp:13371 free_cma:0
[ 1363.707775][T21239] Node 0 active_anon:121060kB inactive_anon:0kB active_file:63544kB inactive_file:164216kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126024kB dirty:1416kB writeback:0kB shmem:86824kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12340kB pagetables:4904kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1363.741368][T21239] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1363.773166][T21239] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1363.802073][T21239] lowmem_reserve[]: 0 2481 2482 2482 2482
[ 1363.807842][T21239] Node 0 DMA32 free:1184980kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:121024kB inactive_anon:0kB active_file:63544kB inactive_file:162904kB unevictable:1536kB writepending:1416kB present:3129332kB managed:2540652kB mlocked:0kB bounce:0kB free_pcp:48468kB local_pcp:20384kB free_cma:0kB
[ 1363.840346][T21239] lowmem_reserve[]: 0 0 1 1 1
[ 1363.845457][T21239] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[ 1363.874648][T21239] lowmem_reserve[]: 0 0 0 0 0
[ 1363.879349][T21239] Node 1 Normal free:3914212kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4992kB local_pcp:0kB free_cma:0kB
[ 1363.910212][T21239] lowmem_reserve[]: 0 0 0 0 0
[ 1363.914902][T21239] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1363.927514][T21239] Node 0 DMA32: 2099*4kB (ME) 324*8kB (ME) 430*16kB (UME) 327*32kB (UME) 1239*64kB (UME) 563*128kB (UME) 541*256kB (UME) 293*512kB (UME) 166*1024kB (UME) 31*2048kB (UM) 118*4096kB (M) = 1185004kB
[ 1363.946747][T21239] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1363.958836][T21239] Node 1 Normal: 221*4kB (UME) 46*8kB (UME) 52*16kB (UME) 256*32kB (UME) 113*64kB (UME) 29*128kB (UME) 7*256kB (UME) 4*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 948*4096kB (M) = 3914212kB
[ 1363.977291][T21239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1363.986833][T21239] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1363.996114][T21239] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1364.005640][T21239] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1364.014895][T21239] 79078 total pagecache pages
[ 1364.019567][T21239] 0 pages in swap cache
[ 1364.023691][T21239] Free swap  = 124996kB
[ 1364.027826][T21239] Total swap = 124996kB
[ 1364.031951][T21239] 2097051 pages RAM
[ 1364.035749][T21239] 0 pages HighMem/MovableOnly
[ 1364.040398][T21239] 429910 pages reserved
[ 1364.044533][T21239] 0 pages cma reserved
[ 1364.055753][T21243] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3892'.
[ 1364.104724][T17857] usb 1-1: SerialNumber: syz
[ 1364.114669][T17857] usb 1-1: config 0 descriptor??
[ 1364.154337][T17857] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input53
[ 1364.175718][ T5175] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1364.256775][T17857] usb 1-1: USB disconnect, device number 63
[ 1364.364817][T21243] team0: Port device geneve0 added
[ 1364.370607][T20254] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1364.645883][T20254] usb 5-1: Using ep0 maxpacket: 16
[ 1364.704769][T20254] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1364.763284][T20254] usb 5-1: config 8 has an invalid interface number: 132 but max is 0
[ 1364.859613][T20254] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1364.970310][T20254] usb 5-1: config 8 has no interface number 0
[ 1364.991530][T17115] tipc: Subscription rejected, illegal request
[ 1364.994489][T20944] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1365.012087][T20254] usb 5-1: config 8 interface 132 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1365.029071][T20254] usb 5-1: config 8 interface 132 has no altsetting 0
[ 1365.038731][T20254] usb 5-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8f.8b
[ 1365.054888][T20944] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1365.063140][T20254] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1365.083030][T20944] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1365.094174][T20254] usb 5-1: Product: syz
[ 1365.098584][T20254] usb 5-1: Manufacturer: syz
[ 1365.104051][T20254] usb 5-1: SerialNumber: syz
[ 1365.113395][T20944] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1366.575835][T21276] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1366.662836][T20254] usb-storage 5-1:8.132: USB Mass Storage device detected
[ 1366.746588][T20254] usb-storage 5-1:8.132: Quirks match for vid 07cf pid 1001: a
[ 1366.844126][T20944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1366.871447][T20944] 8021q: adding VLAN 0 to HW filter on device team0
[ 1366.930522][T21285] FAULT_INJECTION: forcing a failure.
[ 1366.930522][T21285] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1366.944037][T21285] CPU: 0 UID: 0 PID: 21285 Comm: syz.4.3897 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1366.944065][T21285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1366.944078][T21285] Call Trace:
[ 1366.944085][T21285]  <TASK>
[ 1366.944093][T21285]  dump_stack_lvl+0x16c/0x1f0
[ 1366.944135][T21285]  should_fail_ex+0x512/0x640
[ 1366.944169][T21285]  _copy_from_user+0x2e/0xd0
[ 1366.944198][T21285]  copy_msghdr_from_user+0x98/0x160
[ 1366.944232][T21285]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1366.944257][T21285]  ? trace_sched_exit_tp+0xde/0x130
[ 1366.944298][T21285]  ___sys_sendmsg+0xfe/0x1d0
[ 1366.944326][T21285]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1366.944384][T21285]  __sys_sendmsg+0x16d/0x220
[ 1366.944410][T21285]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1366.944453][T21285]  do_syscall_64+0xcd/0x4c0
[ 1366.944490][T21285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.944511][T21285] RIP: 0033:0x7fa85c18e929
[ 1366.944527][T21285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1366.944546][T21285] RSP: 002b:00007fa85d047038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1366.944565][T21285] RAX: ffffffffffffffda RBX: 00007fa85c3b6080 RCX: 00007fa85c18e929
[ 1366.944577][T21285] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[ 1366.944588][T21285] RBP: 00007fa85d047090 R08: 0000000000000000 R09: 0000000000000000
[ 1366.944600][T21285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1366.944611][T21285] R13: 0000000000000000 R14: 00007fa85c3b6080 R15: 00007ffccdfe2ad8
[ 1366.944635][T21285]  </TASK>
[ 1367.304271][ T6431] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1367.311525][ T6431] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1367.703007][T20254] usb 5-1: USB disconnect, device number 60
[ 1367.740143][ T6431] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1367.747525][ T6431] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1367.799391][T20944] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1368.583885][T21301] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1368.871605][    T9] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1368.977799][T21309] netlink: 'syz.2.3904': attribute type 14 has an invalid length.
[ 1369.065709][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 1369.089577][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1369.109634][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1369.129860][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1369.155202][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1369.193357][    T9] usb 5-1: config 0 descriptor??
[ 1369.214650][    T9] hub 5-1:0.0: USB hub found
[ 1369.236580][T20944] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1369.336209][T20944] veth0_vlan: entered promiscuous mode
[ 1369.375293][T20944] veth1_vlan: entered promiscuous mode
[ 1369.893662][    T9] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1369.918660][T20944] veth0_macvtap: entered promiscuous mode
[ 1369.933928][T20944] veth1_macvtap: entered promiscuous mode
[ 1369.945959][T17857] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1369.979047][T20944] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1370.019923][T20944] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1370.058614][T20944] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1370.071458][T20944] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1370.082479][T20944] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1370.093712][   T30] audit: type=1400 audit(2000000419.940:1285): avc:  denied  { setopt } for  pid=21335 comm="syz.0.3908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1370.094001][T20944] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1370.123245][T17857] usb 2-1: Using ep0 maxpacket: 16
[ 1370.124561][   T30] audit: type=1400 audit(2000000419.970:1286): avc:  denied  { read } for  pid=21335 comm="syz.0.3908" path="socket:[88745]" dev="sockfs" ino=88745 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1370.133713][T17857] usb 2-1: no configurations
[ 1370.182127][T17857] usb 2-1: can't read configurations, error -22
[ 1370.335687][T17857] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1370.428730][ T6431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1370.435498][ T6014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1370.437947][ T6431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1370.458398][ T6014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1370.485788][T17857] usb 2-1: Using ep0 maxpacket: 16
[ 1370.494614][T17857] usb 2-1: no configurations
[ 1370.571736][T21347] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3901'.
[ 1370.587118][T21347] new mount options do not match the existing superblock, will be ignored
[ 1370.606713][T21347] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[ 1370.618505][   T30] audit: type=1400 audit(2000000420.440:1287): avc:  denied  { remount } for  pid=21298 comm="syz.4.3901" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 1370.981256][T21346] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3910'.
[ 1370.996465][T17857] usb 2-1: can't read configurations, error -22
[ 1371.004327][T17857] usb usb2-port1: attempt power cycle
[ 1371.345742][T17857] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1371.366564][T17857] usb 2-1: Using ep0 maxpacket: 16
[ 1371.372340][T17857] usb 2-1: no configurations
[ 1371.378144][T17857] usb 2-1: can't read configurations, error -22
[ 1371.506843][T17857] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1371.609886][T17857] usb 2-1: Using ep0 maxpacket: 16
[ 1371.639121][T17857] usb 2-1: no configurations
[ 1371.662062][T17857] usb 2-1: can't read configurations, error -22
[ 1371.713084][T17857] usb usb2-port1: unable to enumerate USB device
[ 1372.026401][    T9] usbhid 5-1:0.0: can't add hid device: -71
[ 1372.032500][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1372.230487][    T9] usb 5-1: USB disconnect, device number 61
[ 1372.706120][ T6431] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1372.808613][ T6431] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1372.890714][T21371] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[ 1373.098494][ T6431] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1373.183665][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1373.197667][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1373.269041][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1373.359456][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1373.361539][ T6431] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1373.398977][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1373.707953][T21383] lo speed is unknown, defaulting to 1000
[ 1374.092774][T21399] syz.1.3925: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1374.108064][T21399] CPU: 0 UID: 0 PID: 21399 Comm: syz.1.3925 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1374.108094][T21399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1374.108105][T21399] Call Trace:
[ 1374.108111][T21399]  <TASK>
[ 1374.108119][T21399]  dump_stack_lvl+0x16c/0x1f0
[ 1374.108150][T21399]  warn_alloc+0x248/0x3a0
[ 1374.108177][T21399]  ? __pfx_warn_alloc+0x10/0x10
[ 1374.108195][T21399]  ? __pfx_stack_trace_save+0x10/0x10
[ 1374.108216][T21399]  ? stack_depot_save_flags+0x28/0xa40
[ 1374.108238][T21399]  ? kasan_save_stack+0x42/0x60
[ 1374.108256][T21399]  ? kasan_save_stack+0x33/0x60
[ 1374.108271][T21399]  ? kasan_save_track+0x14/0x30
[ 1374.108286][T21399]  ? xskq_create+0x52/0x1d0
[ 1374.108302][T21399]  ? xsk_setsockopt+0x640/0x840
[ 1374.108314][T21399]  ? do_sock_setsockopt+0x224/0x470
[ 1374.108330][T21399]  ? xskq_create+0xfb/0x1d0
[ 1374.108345][T21399]  __vmalloc_node_range_noprof+0xff5/0x14b0
[ 1374.108365][T21399]  ? xskq_create+0xfb/0x1d0
[ 1374.108383][T21399]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1374.108401][T21399]  ? xskq_create+0xfb/0x1d0
[ 1374.108416][T21399]  vmalloc_user_noprof+0x9e/0xe0
[ 1374.108428][T21399]  ? xskq_create+0xfb/0x1d0
[ 1374.108444][T21399]  xskq_create+0xfb/0x1d0
[ 1374.108461][T21399]  xsk_setsockopt+0x640/0x840
[ 1374.108477][T21399]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1374.108496][T21399]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1374.108514][T21399]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1374.108528][T21399]  do_sock_setsockopt+0x224/0x470
[ 1374.108540][T21399]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1374.108561][T21399]  __sys_setsockopt+0x1a0/0x230
[ 1374.108581][T21399]  __x64_sys_setsockopt+0xbd/0x160
[ 1374.108597][T21399]  ? do_syscall_64+0x91/0x4c0
[ 1374.108616][T21399]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1374.108636][T21399]  do_syscall_64+0xcd/0x4c0
[ 1374.108656][T21399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1374.108676][T21399] RIP: 0033:0x7fa69b38e929
[ 1374.108691][T21399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1374.108705][T21399] RSP: 002b:00007fa69c18f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1374.108720][T21399] RAX: ffffffffffffffda RBX: 00007fa69b5b6080 RCX: 00007fa69b38e929
[ 1374.108730][T21399] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1374.108739][T21399] RBP: 00007fa69b410b39 R08: 0000000000000004 R09: 0000000000000000
[ 1374.108748][T21399] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1374.108756][T21399] R13: 0000000000000000 R14: 00007fa69b5b6080 R15: 00007ffe664c6bf8
[ 1374.108774][T21399]  </TASK>
[ 1374.108799][T21399] Mem-Info:
[ 1374.370986][T21399] active_anon:15287 inactive_anon:0 isolated_anon:0
[ 1374.370986][T21399]  active_file:15886 inactive_file:41112 isolated_file:0
[ 1374.370986][T21399]  unevictable:768 dirty:132 writeback:0
[ 1374.370986][T21399]  slab_reclaimable:7545 slab_unreclaimable:100326
[ 1374.370986][T21399]  mapped:31546 shmem:7105 pagetables:1294
[ 1374.370986][T21399]  sec_pagetables:0 bounce:0
[ 1374.370986][T21399]  kernel_misc_reclaimable:0
[ 1374.370986][T21399]  free:1292458 free_pcp:14072 free_cma:0
[ 1374.435814][T21399] Node 0 active_anon:61148kB inactive_anon:0kB active_file:63544kB inactive_file:164248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126184kB dirty:524kB writeback:0kB shmem:26884kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12716kB pagetables:5020kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1374.469952][T21399] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1374.505660][T21399] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1374.825901][T21399] lowmem_reserve[]: 0 2481 2482 2482 2482
[ 1374.837333][ T6431] bridge_slave_1: left allmulticast mode
[ 1374.843004][ T6431] bridge_slave_1: left promiscuous mode
[ 1374.851606][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1374.870591][ T6431] bridge_slave_0: left allmulticast mode
[ 1374.875451][T21399] Node 0 DMA32 free:1240624kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61212kB inactive_anon:0kB active_file:63544kB inactive_file:162936kB unevictable:1536kB writepending:520kB present:3129332kB managed:2540652kB mlocked:0kB bounce:0kB free_pcp:50732kB local_pcp:24108kB free_cma:0kB
[ 1374.876926][ T6431] bridge_slave_0: left promiscuous mode
[ 1374.916390][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1374.958576][T21399] lowmem_reserve[]: 0 0 1 1 1
[ 1375.007953][   T30] audit: type=1400 audit(2000000424.830:1288): avc:  denied  { shutdown } for  pid=21402 comm="syz.2.3924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1375.029776][T21399] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[ 1375.071066][T21399] lowmem_reserve[]: 0 0 0 0 0
[ 1375.079560][T21399] Node 1 Normal free:3914212kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4992kB local_pcp:0kB free_cma:0kB
[ 1375.116113][T21399] lowmem_reserve[]: 0 0 0 0 0
[ 1375.120873][T21399] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1375.138042][T21399] Node 0 DMA32: 1398*4kB (UME) 1065*8kB (UME) 1173*16kB (UME) 1717*32kB (UME) 1243*64kB (UME) 557*128kB (UME) 539*256kB (UME) 287*512kB (UME) 164*1024kB (UME) 28*2048kB (UM) 120*4096kB (M) = 1240400kB
[ 1375.161068][T21399] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1375.189803][T21399] Node 1 Normal: 221*4kB (UME) 46*8kB (UME) 52*16kB (UME) 256*32kB (UME) 113*64kB (UME) 29*128kB (UME) 7*256kB (UME) 4*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 948*4096kB (M) = 3914212kB
[ 1375.426667][T21399] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1375.587941][ T5832] Bluetooth: hci2: command tx timeout
[ 1375.914317][T21399] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1375.937704][T21399] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1375.984731][T21399] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1376.005459][T21399] 66970 total pagecache pages
[ 1376.011784][T21399] 0 pages in swap cache
[ 1376.052943][T21399] Free swap  = 124996kB
[ 1376.070485][T21399] Total swap = 124996kB
[ 1376.074816][T21399] 2097051 pages RAM
[ 1376.185612][T21399] 0 pages HighMem/MovableOnly
[ 1376.190321][T21399] 429910 pages reserved
[ 1376.200040][T21399] 0 pages cma reserved
[ 1376.236068][   T30] audit: type=1400 audit(2000000426.080:1289): avc:  denied  { bind } for  pid=21420 comm="syz.2.3929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1376.325583][   T30] audit: type=1400 audit(2000000426.160:1290): avc:  denied  { nlmsg_read } for  pid=21424 comm="syz.1.3931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1376.402111][ T6431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1376.419697][ T6431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1376.434395][ T6431] bond0 (unregistering): Released all slaves
[ 1376.510568][T20254] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1376.544000][    T9] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1376.685697][T20254] usb 3-1: Using ep0 maxpacket: 16
[ 1376.735511][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 1376.853194][T20254] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8
[ 1376.865283][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1376.873803][T20254] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1376.955450][T21439] siw: device registration error -23
[ 1377.047250][T21440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3933'.
[ 1377.342727][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1377.424885][T20254] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1377.433154][T20254] usb 3-1: Product: syz
[ 1377.437548][T20254] usb 3-1: Manufacturer: syz
[ 1377.442373][T20254] usb 3-1: SerialNumber: syz
[ 1377.528450][T20254] usb 3-1: config 0 descriptor??
[ 1377.554284][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[ 1377.624672][T20254] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1377.639405][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1377.652003][T20254] usb 3-1: Detected FT232R
[ 1377.673692][    T9] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1377.692719][ T5832] Bluetooth: hci2: command tx timeout
[ 1377.713934][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1377.792987][T20254] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1377.807804][T20254] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1377.817857][T20254] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[ 1377.821517][T21383] chnl_net:caif_netlink_parms(): no params data found
[ 1377.827970][T20254] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1377.839456][    T9] usb 5-1: Product: syz
[ 1377.849988][    T9] usb 5-1: Manufacturer: syz
[ 1377.861159][    T9] usb 5-1: SerialNumber: syz
[ 1377.894425][    T9] usb 5-1: config 0 descriptor??
[ 1377.927672][    T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input54
[ 1377.953140][ T5175] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1378.060244][T20254] usb 3-1: USB disconnect, device number 50
[ 1378.076302][T20254] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1378.086748][T20254] ftdi_sio 3-1:0.0: device disconnected
[ 1378.115976][T21423] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1378.187624][T21457] siw: device registration error -23
[ 1378.288375][T21458] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3934'.
[ 1378.377747][ T5175] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1378.559812][    T9] usb 5-1: USB disconnect, device number 62
[ 1378.559934][    C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -19
[ 1378.824519][   T30] audit: type=1400 audit(2000000428.660:1291): avc:  denied  { bind } for  pid=21464 comm="syz.2.3936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1378.881160][T21465] fuse: Bad value for 'fd'
[ 1379.077350][   T30] audit: type=1400 audit(2000000428.910:1292): avc:  denied  { create } for  pid=21464 comm="syz.2.3936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1379.297283][   T30] audit: type=1400 audit(2000000429.000:1293): avc:  denied  { listen } for  pid=21464 comm="syz.2.3936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1379.762643][ T5832] Bluetooth: hci2: command tx timeout
[ 1379.779613][   T30] audit: type=1400 audit(2000000429.590:1294): avc:  denied  { read } for  pid=21478 comm="syz.4.3938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1379.807624][ T6431] hsr_slave_0: left promiscuous mode
[ 1379.827212][ T6431] hsr_slave_1: left promiscuous mode
[ 1379.834028][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1379.905000][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1380.260343][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1380.283203][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1380.355564][    T9] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1380.465575][ T6431] veth1_macvtap: left promiscuous mode
[ 1380.471144][ T6431] veth0_macvtap: left promiscuous mode
[ 1380.487906][ T6431] veth1_vlan: left promiscuous mode
[ 1380.581490][ T6431] veth0_vlan: left promiscuous mode
[ 1380.741585][    T9] usb 2-1: Using ep0 maxpacket: 32
[ 1380.758528][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1380.792197][    T9] usb 2-1: config 0 has no interface number 0
[ 1380.821157][    T9] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1380.840357][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.872087][    T9] usb 2-1: Product: syz
[ 1380.890068][    T9] usb 2-1: Manufacturer: syz
[ 1380.904033][    T9] usb 2-1: SerialNumber: syz
[ 1380.937309][    T9] usb 2-1: config 0 descriptor??
[ 1380.958264][    T9] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1380.991031][    T9] usb 2-1: selecting invalid altsetting 1
[ 1381.013977][    T9] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1381.053530][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1381.089666][    T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1381.124933][    T9] usb 2-1: media controller created
[ 1381.195042][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1381.313283][    T9] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[ 1381.371175][    T9] zl10353_read_register: readreg error (reg=127, ret==-32)
[ 1381.721244][T21505] siw: device registration error -23
[ 1381.804435][T21506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3944'.
[ 1381.835568][ T5832] Bluetooth: hci2: command tx timeout
[ 1383.225035][ T6431] team0 (unregistering): Port device team_slave_1 removed
[ 1383.284354][ T6431] team0 (unregistering): Port device team_slave_0 removed
[ 1383.284631][T21518] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=21518 comm=syz.2.3946
[ 1383.867263][T21489] vlan2: entered promiscuous mode
[ 1383.873500][T21489] vlan2: entered allmulticast mode
[ 1383.879417][T21489] hsr_slave_1: entered allmulticast mode
[ 1383.995144][    T9] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1384.086064][    T9] usb 2-1: USB disconnect, device number 71
[ 1384.126147][T21383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1384.178064][T21383] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1384.198009][T21383] bridge_slave_0: entered allmulticast mode
[ 1384.768828][T21383] bridge_slave_0: entered promiscuous mode
[ 1387.131000][   T30] audit: type=1326 audit(2000000434.860:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1387.243395][   T30] audit: type=1326 audit(2000000434.860:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1387.600049][   T30] audit: type=1326 audit(2000000434.860:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1387.966169][   T30] audit: type=1326 audit(2000000434.870:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1387.989916][T21383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1387.997105][T21383] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1388.020080][T21383] bridge_slave_1: entered allmulticast mode
[ 1388.035634][T21383] bridge_slave_1: entered promiscuous mode
[ 1388.058437][   T30] audit: type=1326 audit(2000000434.870:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1388.094381][   T30] audit: type=1326 audit(2000000434.870:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1388.129539][   T30] audit: type=1326 audit(2000000434.870:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1388.432342][T21554] Can't find a SQUASHFS superblock on nullb0
[ 1388.969184][   T30] audit: type=1326 audit(2000000434.870:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1388.974414][T21555] hub 6-0:1.0: USB hub found
[ 1389.002077][T21555] hub 6-0:1.0: 1 port detected
[ 1389.212326][T21383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1389.265912][T21383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1389.281207][   T30] audit: type=1326 audit(2000000434.870:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1389.308602][   T30] audit: type=1326 audit(2000000434.870:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21524 comm="syz.0.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1389.491195][T21383] team0: Port device team_slave_0 added
[ 1389.544040][T21383] team0: Port device team_slave_1 added
[ 1389.683063][T21569] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1389.683325][T21383] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1389.703915][T21383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1389.730377][T20254] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1389.740645][T21383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1389.760060][ T6001] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1389.773524][T21383] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1389.788382][T21383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1389.822676][T21383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1389.886596][T20254] usb 1-1: Using ep0 maxpacket: 8
[ 1389.899113][T21383] hsr_slave_0: entered promiscuous mode
[ 1389.902656][T20254] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1389.906379][T21383] hsr_slave_1: entered promiscuous mode
[ 1389.919513][ T6001] usb 3-1: Using ep0 maxpacket: 8
[ 1389.922590][T20254] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1389.926544][ T6001] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 1389.947886][T20254] usb 1-1: Product: syz
[ 1389.960834][T20254] usb 1-1: Manufacturer: syz
[ 1389.970887][T20254] usb 1-1: SerialNumber: syz
[ 1390.003074][ T6001] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1390.007111][T20254] usb 1-1: config 0 descriptor??
[ 1390.041572][T20254] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1390.045414][ T6001] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1390.063782][T21585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21585 comm=syz.1.3959
[ 1390.083833][ T6001] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[ 1390.100194][T21585] Can't find a SQUASHFS superblock on nullb0
[ 1390.111478][ T6001] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1390.130424][T21585] fuse: Invalid rootmode
[ 1390.135847][ T6001] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1390.137233][T21585] netlink: 'syz.1.3959': attribute type 1 has an invalid length.
[ 1390.156124][ T6001] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1390.173022][ T6001] usb 3-1: config 0 descriptor??
[ 1390.179056][T21559] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1390.390406][T21557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1390.411954][T21557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1390.507158][  T871] usb 3-1: USB disconnect, device number 51
[ 1390.518484][ T5832] Bluetooth: hci4: Opcode 0x0c03 failed: -71
[ 1391.653435][T15524] usb 1-1: USB disconnect, device number 64
[ 1391.662132][T21618] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=21618 comm=syz.4.3963
[ 1391.740601][T21613] dvmrp0: entered allmulticast mode
[ 1392.106063][T21622] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1392.113423][T21622] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1392.120524][T21622] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1392.127586][T21622] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1392.133868][T21622] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1392.151258][T21622] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1392.564291][T21631] fuse: Bad value for 'fd'
[ 1392.649473][T21383] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1393.030862][T21383] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1393.067726][T21383] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1393.151551][T21383] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1393.526056][ T6001] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1393.697242][ T6001] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 65, changing to 10
[ 1393.715057][T21383] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1393.755831][ T6001] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17407, setting to 1024
[ 1393.767256][ T6001] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1393.782697][ T6001] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1393.785941][T21383] 8021q: adding VLAN 0 to HW filter on device team0
[ 1393.812254][ T6001] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1393.852187][T19376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1393.859438][T19376] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1393.870725][ T6001] usb 1-1: config 0 descriptor??
[ 1393.886478][T21594] dvmrp0: left allmulticast mode
[ 1393.978018][T17115] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1393.985210][T17115] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1394.158281][ T5832] Bluetooth: hci1: command 0x0406 tx timeout
[ 1394.164421][T20534] Bluetooth: hci0: command 0x0406 tx timeout
[ 1394.171080][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1394.177853][T19234] Bluetooth: hci3: command 0x0405 tx timeout
[ 1394.299948][ T6001] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[ 1394.347716][ T6001] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[ 1394.676348][T21671] input: syz1 as /devices/virtual/input/input56
[ 1394.774067][ T6001] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1394.849458][ T6001] usb 1-1: USB disconnect, device number 65
[ 1395.007845][T21675] fido_id[21675]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[ 1395.042932][T21383] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1395.405122][T21383] veth0_vlan: entered promiscuous mode
[ 1395.454806][T21383] veth1_vlan: entered promiscuous mode
[ 1396.236265][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1396.482574][T21700] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=21700 comm=syz.0.3976
[ 1396.675586][T21383] veth0_macvtap: entered promiscuous mode
[ 1396.729968][T21383] veth1_macvtap: entered promiscuous mode
[ 1396.800527][T21383] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1396.829850][T21383] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1396.884720][T21383] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.956522][T21383] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.967989][T21383] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1396.978027][T21383] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1397.094842][T21716] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3980'.
[ 1398.103444][T21707] syz_tun: entered allmulticast mode
[ 1398.111087][T21706] syz_tun: left allmulticast mode
[ 1398.326660][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1398.679201][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1398.704699][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1399.327543][T21728] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1399.370549][T15522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1399.378457][T21728] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1399.378617][T21728] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1399.378780][T21728] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1399.402134][T15522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1399.749242][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 1399.749260][   T30] audit: type=1400 audit(2000000449.590:1366): avc:  denied  { watch } for  pid=21746 comm="syz.2.3986" path="/191/file0" dev="tmpfs" ino=1028 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1399.841149][   T30] audit: type=1400 audit(2000000449.620:1367): avc:  denied  { watch_sb } for  pid=21746 comm="syz.2.3986" path="/191/file0" dev="tmpfs" ino=1028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1399.890476][T21749] syz.0.3987 (21749): drop_caches: 2
[ 1400.139047][ T6431] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1400.185794][T20254] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1400.333941][ T6431] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1400.348069][T20254] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1400.359277][T20254] usb 1-1: New USB device found, idVendor=046d, idProduct=c287, bcdDevice= 0.00
[ 1400.371978][T20254] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1400.387177][T20254] usb 1-1: config 0 descriptor??
[ 1400.450612][ T6431] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1400.544305][ T6431] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1400.971775][T20254] logitech 0003:046D:C287.0011: hidraw0: USB HID v0.00 Device [HID 046d:c287] on usb-dummy_hcd.0-1/input0
[ 1401.004521][ T6431] bridge_slave_1: left allmulticast mode
[ 1401.036501][T20534] Bluetooth: hci0: command 0x0406 tx timeout
[ 1401.521694][ T5832] Bluetooth: hci1: command 0x0406 tx timeout
[ 1401.528361][T20534] Bluetooth: hci3: command 0x0405 tx timeout
[ 1401.549244][ T6431] bridge_slave_1: left promiscuous mode
[ 1401.578809][T20254] logitech 0003:046D:C287.0011: no inputs found
[ 1401.753497][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1401.794501][T21758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1401.858497][T21758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1401.881233][ T6431] bridge_slave_0: left allmulticast mode
[ 1401.935932][ T6431] bridge_slave_0: left promiscuous mode
[ 1401.943075][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1402.035636][   T30] audit: type=1400 audit(2000000451.870:1368): avc:  denied  { lock } for  pid=21797 comm="syz.4.3993" path="socket:[91106]" dev="sockfs" ino=91106 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1402.598913][   T30] audit: type=1400 audit(2000000452.430:1369): avc:  denied  { execute } for  pid=21804 comm="syz.2.3995" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1402.621795][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1402.625153][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1402.627279][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1402.630820][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1402.641654][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1402.676260][ T6001] usb 5-1: new low-speed USB device number 63 using dummy_hcd
[ 1402.826374][ T6001] usb 5-1: too many configurations: 18, using maximum allowed: 8
[ 1402.837991][ T6001] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1402.847373][ T6001] usb 5-1: can't read configurations, error -61
[ 1402.935547][ T6431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1402.947432][ T6431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1402.958327][ T6431] bond0 (unregistering): Released all slaves
[ 1402.981373][   T30] audit: type=1400 audit(2000000452.820:1370): avc:  denied  { relabelfrom } for  pid=21747 comm="syz.0.3987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1403.018213][ T6001] usb 5-1: new low-speed USB device number 64 using dummy_hcd
[ 1403.050714][   T30] audit: type=1400 audit(2000000452.820:1371): avc:  denied  { relabelto } for  pid=21747 comm="syz.0.3987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1403.060157][T15524] usb 1-1: USB disconnect, device number 66
[ 1403.127628][T21810] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1403.147084][T21810] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1403.226596][T21810] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1403.259733][T21806] lo speed is unknown, defaulting to 1000
[ 1403.286942][T21810] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1403.327094][T21810] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1403.418058][T21810] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1403.544518][ T6001] usb 5-1: too many configurations: 18, using maximum allowed: 8
[ 1403.586662][ T6001] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1403.594254][ T6001] usb 5-1: can't read configurations, error -61
[ 1403.630026][ T6001] usb usb5-port1: attempt power cycle
[ 1404.078489][ T6001] usb 5-1: new low-speed USB device number 65 using dummy_hcd
[ 1404.328720][ T6001] usb 5-1: too many configurations: 18, using maximum allowed: 8
[ 1404.373986][ T6001] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1404.390326][T21833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3999'.
[ 1404.406153][T21833] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[ 1404.425596][ T6001] usb 5-1: can't read configurations, error -61
[ 1404.663860][ T6001] usb 5-1: new low-speed USB device number 66 using dummy_hcd
[ 1404.866880][ T6001] usb 5-1: too many configurations: 18, using maximum allowed: 8
[ 1404.876750][   T30] audit: type=1400 audit(2000000454.650:1372): avc:  denied  { name_bind } for  pid=21842 comm="syz.0.4001" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[ 1404.892369][ T6001] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1404.912901][ T6431] hsr_slave_0: left promiscuous mode
[ 1404.926054][ T6001] usb 5-1: can't read configurations, error -61
[ 1404.932461][ T6431] hsr_slave_1: left promiscuous mode
[ 1404.948362][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1404.964784][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1404.982887][ T6001] usb usb5-port1: unable to enumerate USB device
[ 1404.983261][ T6431] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1405.105853][ T6431] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1405.206082][ T5832] Bluetooth: hci3: command 0x0405 tx timeout
[ 1405.206426][T20534] Bluetooth: hci1: command 0x0406 tx timeout
[ 1405.206463][T19234] Bluetooth: hci0: command 0x0406 tx timeout
[ 1405.230509][ T6431] veth1_macvtap: left promiscuous mode
[ 1405.236178][ T6431] veth0_macvtap: left promiscuous mode
[ 1405.244635][ T6431] veth1_vlan: left promiscuous mode
[ 1405.250193][ T6431] veth0_vlan: left promiscuous mode
[ 1405.388420][T19234] Bluetooth: hci2: command 0x041b tx timeout
[ 1406.006162][T17857] usb 2-1: new full-speed USB device number 72 using dummy_hcd
[ 1406.178140][T17857] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1406.195462][T17857] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1406.215014][T17857] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1406.234132][T17857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1406.264766][T17857] usb 2-1: config 0 descriptor??
[ 1406.287573][T17857] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1406.305776][T17857] dvb-usb: bulk message failed: -22 (3/0)
[ 1406.327970][T17857] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1406.341745][T17857] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1406.351220][T17857] usb 2-1: media controller created
[ 1406.370133][T17857] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1406.422388][T17857] dvb-usb: bulk message failed: -22 (6/0)
[ 1406.436012][T17857] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1406.454305][T17857] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input58
[ 1406.477751][T17857] dvb-usb: schedule remote query interval to 150 msecs.
[ 1406.494185][T21862] FAULT_INJECTION: forcing a failure.
[ 1406.494185][T21862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1406.520921][T17857] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1406.536917][T21862] CPU: 1 UID: 0 PID: 21862 Comm: syz.1.4006 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1406.536946][T21862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1406.536958][T21862] Call Trace:
[ 1406.536965][T21862]  <TASK>
[ 1406.536973][T21862]  dump_stack_lvl+0x16c/0x1f0
[ 1406.537015][T21862]  should_fail_ex+0x512/0x640
[ 1406.537049][T21862]  _copy_to_user+0x32/0xd0
[ 1406.537079][T21862]  simple_read_from_buffer+0xcb/0x170
[ 1406.537109][T21862]  proc_fail_nth_read+0x197/0x270
[ 1406.537135][T21862]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1406.537159][T21862]  ? rw_verify_area+0xcf/0x680
[ 1406.537180][T21862]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1406.537202][T21862]  vfs_read+0x1e1/0xc60
[ 1406.537228][T21862]  ? __pfx___mutex_lock+0x10/0x10
[ 1406.537259][T21862]  ? __pfx_vfs_read+0x10/0x10
[ 1406.537287][T21862]  ? __fget_files+0x20e/0x3c0
[ 1406.537319][T21862]  ksys_read+0x12a/0x250
[ 1406.537340][T21862]  ? __pfx_ksys_read+0x10/0x10
[ 1406.537363][T21862]  ? fput+0x70/0xf0
[ 1406.537384][T21862]  do_syscall_64+0xcd/0x4c0
[ 1406.537415][T21862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.537436][T21862] RIP: 0033:0x7fa69b38d33c
[ 1406.537452][T21862] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1406.537471][T21862] RSP: 002b:00007fa69c1b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1406.537490][T21862] RAX: ffffffffffffffda RBX: 00007fa69b5b5fa0 RCX: 00007fa69b38d33c
[ 1406.537503][T21862] RDX: 000000000000000f RSI: 00007fa69c1b00a0 RDI: 0000000000000005
[ 1406.537514][T21862] RBP: 00007fa69c1b0090 R08: 0000000000000000 R09: 0000000000000000
[ 1406.537524][T21862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1406.537535][T21862] R13: 0000000000000000 R14: 00007fa69b5b5fa0 R15: 00007ffe664c6bf8
[ 1406.537565][T21862]  </TASK>
[ 1406.678790][T17857] dvb-usb: bulk message failed: -22 (1/0)
[ 1406.696225][T15524] usb 2-1: USB disconnect, device number 72
[ 1406.777417][T17857] dvb-usb: error while querying for an remote control event.
[ 1406.814505][T15524] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1407.009883][ T6431] team0 (unregistering): Port device team_slave_1 removed
[ 1407.110409][ T6431] team0 (unregistering): Port device team_slave_0 removed
[ 1407.456310][T19234] Bluetooth: hci2: command 0x041b tx timeout
[ 1408.024771][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.024771][T21890] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[ 1408.040363][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.040363][T21890] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[ 1408.059353][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[ 1408.069536][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.069536][T21890] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[ 1408.107561][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[ 1408.121622][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.121622][T21890] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[ 1408.139206][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.139206][T21890] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[ 1408.175828][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[ 1408.200072][   T30] audit: type=1400 audit(2000000458.050:1373): avc:  denied  { ioctl } for  pid=21888 comm="syz.1.4012" path="socket:[92074]" dev="sockfs" ino=92074 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1408.236187][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.236187][T21890] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[ 1408.249652][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[ 1408.266022][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.266022][T21890] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[ 1408.282970][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.282970][T21890] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[ 1408.297094][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[ 1408.306961][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.306961][T21890] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[ 1408.320395][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[ 1408.337153][T21890] syz.1.4012: attempt to access beyond end of device
[ 1408.337153][T21890] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1408.360221][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[ 1408.372808][T21890] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[ 1408.384939][T21890] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[ 1408.509393][T21887] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1408.528585][T21887] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1408.631501][T21889] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1408.638779][T21889] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1408.662016][T21889] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1408.669260][T21889] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1408.711197][T21889] gretap1: left allmulticast mode
[ 1408.738079][T21806] chnl_net:caif_netlink_parms(): no params data found
[ 1408.913273][T21902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21902 comm=syz.1.4015
[ 1408.977479][T21902] fuse: Bad value for 'rootmode'
[ 1409.012757][T21902] netlink: 'syz.1.4015': attribute type 1 has an invalid length.
[ 1409.440700][T21902] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1409.441011][T21806] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1409.508397][T21806] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1409.520575][T19234] Bluetooth: hci2: command 0x041b tx timeout
[ 1409.553477][T21806] bridge_slave_0: entered allmulticast mode
[ 1409.618957][T21806] bridge_slave_0: entered promiscuous mode
[ 1409.672210][T21806] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1409.684743][T21806] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1409.695061][T21806] bridge_slave_1: entered allmulticast mode
[ 1409.705710][T21806] bridge_slave_1: entered promiscuous mode
[ 1409.779474][T21930] fuse: Bad value for 'fd'
[ 1410.570464][T21806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1410.599632][T21806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1410.913256][T21806] team0: Port device team_slave_0 added
[ 1410.961326][T21806] team0: Port device team_slave_1 added
[ 1411.278016][T21960] debugfs: Bad value for 'mode'
[ 1411.664581][   T30] audit: type=1400 audit(2000000461.110:1374): avc:  denied  { mount } for  pid=21949 comm="syz.4.4024" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1411.719189][T19234] Bluetooth: hci2: command 0x041b tx timeout
[ 1411.860661][T21806] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1411.871217][T21806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1411.948862][T21806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1411.984316][   T30] audit: type=1400 audit(2000000461.120:1375): avc:  denied  { remount } for  pid=21949 comm="syz.4.4024" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1412.020220][   T30] audit: type=1400 audit(2000000461.750:1376): avc:  denied  { setattr } for  pid=21945 comm="syz.0.4023" name="RAW" dev="sockfs" ino=92587 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1412.035472][T21806] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1412.078039][   T30] audit: type=1400 audit(2000000461.820:1377): avc:  denied  { unmount } for  pid=18720 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1412.110460][T21806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1412.111487][T21965] FAULT_INJECTION: forcing a failure.
[ 1412.111487][T21965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1412.161467][T21965] CPU: 0 UID: 0 PID: 21965 Comm: syz.4.4027 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1412.161491][T21965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1412.161502][T21965] Call Trace:
[ 1412.161509][T21965]  <TASK>
[ 1412.161516][T21965]  dump_stack_lvl+0x16c/0x1f0
[ 1412.161560][T21965]  should_fail_ex+0x512/0x640
[ 1412.161590][T21965]  _copy_from_user+0x2e/0xd0
[ 1412.161615][T21965]  copy_msghdr_from_user+0x98/0x160
[ 1412.161654][T21965]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1412.161692][T21965]  ___sys_sendmsg+0xfe/0x1d0
[ 1412.161716][T21965]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1412.161737][T21965]  ? __lock_acquire+0x622/0x1c90
[ 1412.161791][T21965]  __sys_sendmsg+0x16d/0x220
[ 1412.161815][T21965]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1412.161849][T21965]  do_syscall_64+0xcd/0x4c0
[ 1412.161875][T21965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1412.161893][T21965] RIP: 0033:0x7fa85c18e929
[ 1412.161907][T21965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1412.161924][T21965] RSP: 002b:00007fa85d068038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1412.161941][T21965] RAX: ffffffffffffffda RBX: 00007fa85c3b5fa0 RCX: 00007fa85c18e929
[ 1412.161952][T21965] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[ 1412.161962][T21965] RBP: 00007fa85d068090 R08: 0000000000000000 R09: 0000000000000000
[ 1412.161973][T21965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1412.161983][T21965] R13: 0000000000000000 R14: 00007fa85c3b5fa0 R15: 00007ffccdfe2ad8
[ 1412.162006][T21965]  </TASK>
[ 1412.195519][T21806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1412.404112][T21972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21972 comm=syz.1.4028
[ 1412.437042][T21972] fuse: Unknown parameter 'use00000000000000000000'
[ 1412.775048][T21972] netlink: 'syz.1.4028': attribute type 1 has an invalid length.
[ 1412.810957][T21806] hsr_slave_0: entered promiscuous mode
[ 1412.848379][T21806] hsr_slave_1: entered promiscuous mode
[ 1412.926682][T21972] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1413.395652][  T871] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1413.578061][  T871] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1413.610870][  T871] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1413.641854][  T871] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1413.666154][  T871] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1413.685206][  T871] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1413.698372][  T871] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1413.714298][  T871] usb 2-1: Product: syz
[ 1413.718973][  T871] usb 2-1: Manufacturer: syz
[ 1413.743039][  T871] cdc_wdm 2-1:1.0: skipping garbage
[ 1413.760622][ T5832] Bluetooth: hci2: command 0x041b tx timeout
[ 1413.766801][ T5929] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1413.775174][  T871] cdc_wdm 2-1:1.0: skipping garbage
[ 1413.794939][  T871] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1413.816604][  T871] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1413.832557][T22002] Cannot find add_set index 0 as target
[ 1413.868215][T22002] Cannot find add_set index 0 as target
[ 1413.874149][T22002] Cannot find add_set index 0 as target
[ 1413.880012][T22002] Cannot find add_set index 0 as target
[ 1413.887057][T22002] Cannot find add_set index 0 as target
[ 1413.887170][T22002] Cannot find add_set index 0 as target
[ 1413.887680][T22002] Cannot find add_set index 0 as target
[ 1413.887785][T22002] Cannot find add_set index 0 as target
[ 1413.887961][T22002] Cannot find add_set index 0 as target
[ 1413.888057][T22002] Cannot find add_set index 0 as target
[ 1413.927857][ T5929] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[ 1413.927895][ T5929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1413.927934][ T5929] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[ 1413.930313][ T5929] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[ 1413.930348][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1413.930369][ T5929] usb 3-1: Product: syz
[ 1413.930386][ T5929] usb 3-1: Manufacturer: syz
[ 1413.930402][ T5929] usb 3-1: SerialNumber: syz
[ 1413.947650][ T5929] usb 3-1: config 0 descriptor??
[ 1413.950074][ T5929] usb-storage 3-1:0.0: USB Mass Storage device detected
[ 1413.955761][ T5929] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[ 1413.973864][T21988] fuse: Bad value for 'fd'
[ 1413.987285][    C1] wdm_int_callback: 59 callbacks suppressed
[ 1413.987313][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.987334][    C1] wdm_int_callback: 59 callbacks suppressed
[ 1413.987348][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.987577][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.987594][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.987782][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.987798][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.987996][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.988011][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.988185][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.988196][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.988362][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.988379][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.988465][  T871] usb 2-1: USB disconnect, device number 73
[ 1413.988552][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1413.988562][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1413.988570][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1414.165165][T17857] usb 3-1: USB disconnect, device number 52
[ 1414.239184][T21806] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1414.423795][T21806] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1414.444512][T21806] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1414.456811][T21806] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1414.956916][T21806] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1415.017407][T21806] 8021q: adding VLAN 0 to HW filter on device team0
[ 1415.073814][T17115] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1415.081018][T17115] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1415.091725][T22034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4037'.
[ 1415.122829][T17115] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1415.129990][T17115] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1415.168154][T22034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4037'.
[ 1415.214808][T22034] team0: entered promiscuous mode
[ 1415.257758][T22034] team_slave_0: entered promiscuous mode
[ 1415.285001][T22034] team_slave_1: entered promiscuous mode
[ 1415.337996][T22034] bond0: entered promiscuous mode
[ 1415.343493][T22034] bond_slave_1: entered promiscuous mode
[ 1415.353976][T22034] mac80211_hwsim hwsim18 wlan1: entered promiscuous mode
[ 1415.433444][   T30] audit: type=1400 audit(2000000465.270:1378): avc:  denied  { listen } for  pid=22039 comm="syz.1.4039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1415.458482][T22034] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1415.558349][T22042] pim6reg: entered allmulticast mode
[ 1415.835827][ T5832] Bluetooth: hci2: command 0x041b tx timeout
[ 1416.217618][T22066] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22066 comm=syz.4.4042
[ 1416.241228][T22055] netlink: 76 bytes leftover after parsing attributes in process `syz.1.4040'.
[ 1416.258547][T22063] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=22063 comm=syz.2.4041
[ 1416.293453][T22066] fuse: Unknown parameter 'use00000000000000000000'
[ 1416.297576][T21806] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1416.310854][T22066] netlink: 'syz.4.4042': attribute type 1 has an invalid length.
[ 1416.491089][T21806] veth0_vlan: entered promiscuous mode
[ 1416.506230][T21806] veth1_vlan: entered promiscuous mode
[ 1416.651600][T21806] veth0_macvtap: entered promiscuous mode
[ 1416.691413][T21806] veth1_macvtap: entered promiscuous mode
[ 1416.719028][T21806] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1416.749780][T21806] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1416.784715][T21806] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.811252][T21806] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.830536][T21806] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1416.849549][T21806] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.156458][ T6014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1417.198839][ T6014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1417.320306][T22092] FAULT_INJECTION: forcing a failure.
[ 1417.320306][T22092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1417.365977][ T6431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1417.389039][ T6431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1417.437916][T22092] CPU: 0 UID: 0 PID: 22092 Comm: syz.1.4047 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1417.437952][T22092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1417.437965][T22092] Call Trace:
[ 1417.437973][T22092]  <TASK>
[ 1417.437981][T22092]  dump_stack_lvl+0x16c/0x1f0
[ 1417.438021][T22092]  should_fail_ex+0x512/0x640
[ 1417.438055][T22092]  _copy_from_iter+0x29f/0x16f0
[ 1417.438085][T22092]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1417.438117][T22092]  ? __pfx__copy_from_iter+0x10/0x10
[ 1417.438144][T22092]  ? skb_put+0x12e/0x1b0
[ 1417.438171][T22092]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1417.438204][T22092]  netlink_sendmsg+0x829/0xdd0
[ 1417.438238][T22092]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1417.438268][T22092]  ____sys_sendmsg+0xa98/0xc70
[ 1417.438293][T22092]  ? copy_msghdr_from_user+0x10a/0x160
[ 1417.438319][T22092]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1417.438345][T22092]  ? irqentry_exit+0x3b/0x90
[ 1417.438370][T22092]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1417.438399][T22092]  ___sys_sendmsg+0x134/0x1d0
[ 1417.438426][T22092]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1417.438449][T22092]  ? __lock_acquire+0x622/0x1c90
[ 1417.438508][T22092]  __sys_sendmsg+0x16d/0x220
[ 1417.438536][T22092]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1417.438577][T22092]  do_syscall_64+0xcd/0x4c0
[ 1417.438609][T22092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1417.438629][T22092] RIP: 0033:0x7fa69b38e929
[ 1417.438647][T22092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1417.438665][T22092] RSP: 002b:00007fa69c18f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1417.438686][T22092] RAX: ffffffffffffffda RBX: 00007fa69b5b6080 RCX: 00007fa69b38e929
[ 1417.438698][T22092] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000006
[ 1417.438709][T22092] RBP: 00007fa69c18f090 R08: 0000000000000000 R09: 0000000000000000
[ 1417.438720][T22092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1417.438731][T22092] R13: 0000000000000000 R14: 00007fa69b5b6080 R15: 00007ffe664c6bf8
[ 1417.438754][T22092]  </TASK>
[ 1417.651954][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1417.847277][ T5929] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1418.016139][ T5929] usb 3-1: Using ep0 maxpacket: 16
[ 1418.030802][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1418.051370][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1418.122578][ T5929] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00
[ 1418.175013][ T5929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1418.329614][ T5929] usb 3-1: config 0 descriptor??
[ 1418.813878][ T5929] saitek 0003:06A3:0CCB.0012: unknown main item tag 0x0
[ 1418.978850][   T30] audit: type=1400 audit(2000000468.670:1379): avc:  denied  { read } for  pid=22116 comm="syz.4.4051" dev="sockfs" ino=93717 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1418.981813][ T5929] saitek 0003:06A3:0CCB.0012: hidraw0: USB HID v0.00 Device [HID 06a3:0ccb] on usb-dummy_hcd.2-1/input0
[ 1419.009162][T22119] block device autoloading is deprecated and will be removed.
[ 1419.126073][T22087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1419.251741][T22087] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1419.588195][   T30] audit: type=1400 audit(2000000469.430:1380): avc:  denied  { unmount } for  pid=18720 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1419.652502][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1419.938742][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.012444][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.095750][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.236906][   T12] bridge_slave_1: left allmulticast mode
[ 1420.243216][   T12] bridge_slave_1: left promiscuous mode
[ 1420.249482][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1420.273805][   T12] bridge_slave_0: left allmulticast mode
[ 1420.298118][   T12] bridge_slave_0: left promiscuous mode
[ 1420.326683][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1420.356251][T22144] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22144 comm=syz.1.4054
[ 1420.396461][T22147] fuse: Bad value for 'fd'
[ 1420.411265][T22151] fuse: Unknown parameter 'use00000000000000000000'
[ 1420.432014][T22144] netlink: 'syz.1.4054': attribute type 1 has an invalid length.
[ 1420.923144][ T5929] usb 3-1: USB disconnect, device number 53
[ 1421.484873][T19234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1421.497061][T19234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1421.508024][T19234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1421.523553][T19234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1421.531379][T19234] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1422.119679][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1422.134044][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1422.148565][   T12] bond0 (unregistering): Released all slaves
[ 1422.165197][T22144] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1422.311904][T22176] lo speed is unknown, defaulting to 1000
[ 1422.772691][T22193] warn_alloc: 2 callbacks suppressed
[ 1422.772725][T22193] syz.1.4063: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1422.793842][T22193] CPU: 0 UID: 0 PID: 22193 Comm: syz.1.4063 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1422.793874][T22193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1422.793889][T22193] Call Trace:
[ 1422.793899][T22193]  <TASK>
[ 1422.793909][T22193]  dump_stack_lvl+0x16c/0x1f0
[ 1422.793955][T22193]  warn_alloc+0x248/0x3a0
[ 1422.793987][T22193]  ? __pfx_warn_alloc+0x10/0x10
[ 1422.794012][T22193]  ? stack_depot_save_flags+0x28/0xa40
[ 1422.794043][T22193]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1422.794076][T22193]  ? kasan_save_stack+0x42/0x60
[ 1422.794100][T22193]  ? kasan_save_stack+0x33/0x60
[ 1422.794121][T22193]  ? kasan_save_track+0x14/0x30
[ 1422.794144][T22193]  ? xskq_create+0x52/0x1d0
[ 1422.794168][T22193]  ? xsk_setsockopt+0x640/0x840
[ 1422.794189][T22193]  ? do_sock_setsockopt+0x224/0x470
[ 1422.794213][T22193]  ? xskq_create+0xfb/0x1d0
[ 1422.794238][T22193]  __vmalloc_node_range_noprof+0xff5/0x14b0
[ 1422.794276][T22193]  ? xskq_create+0xfb/0x1d0
[ 1422.794308][T22193]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1422.794340][T22193]  ? xskq_create+0xfb/0x1d0
[ 1422.794369][T22193]  vmalloc_user_noprof+0x9e/0xe0
[ 1422.794392][T22193]  ? xskq_create+0xfb/0x1d0
[ 1422.794421][T22193]  xskq_create+0xfb/0x1d0
[ 1422.794447][T22193]  xsk_setsockopt+0x640/0x840
[ 1422.794472][T22193]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1422.794494][T22193]  ? __lock_acquire+0x622/0x1c90
[ 1422.794530][T22193]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1422.794561][T22193]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1422.794586][T22193]  do_sock_setsockopt+0x224/0x470
[ 1422.794606][T22193]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1422.794641][T22193]  __sys_setsockopt+0x1a0/0x230
[ 1422.794672][T22193]  __x64_sys_setsockopt+0xbd/0x160
[ 1422.794697][T22193]  ? do_syscall_64+0x91/0x4c0
[ 1422.794725][T22193]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1422.794753][T22193]  do_syscall_64+0xcd/0x4c0
[ 1422.794783][T22193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1422.794802][T22193] RIP: 0033:0x7fa69b38e929
[ 1422.794821][T22193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1422.794841][T22193] RSP: 002b:00007fa69c18f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1422.794863][T22193] RAX: ffffffffffffffda RBX: 00007fa69b5b6080 RCX: 00007fa69b38e929
[ 1422.794877][T22193] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1422.794890][T22193] RBP: 00007fa69b410b39 R08: 0000000000000004 R09: 0000000000000000
[ 1422.794901][T22193] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1422.794913][T22193] R13: 0000000000000000 R14: 00007fa69b5b6080 R15: 00007ffe664c6bf8
[ 1422.794937][T22193]  </TASK>
[ 1422.795026][T22193] Mem-Info:
[ 1423.071230][T22193] active_anon:18955 inactive_anon:0 isolated_anon:0
[ 1423.071230][T22193]  active_file:15886 inactive_file:41136 isolated_file:0
[ 1423.071230][T22193]  unevictable:768 dirty:489 writeback:0
[ 1423.071230][T22193]  slab_reclaimable:7623 slab_unreclaimable:100807
[ 1423.071230][T22193]  mapped:33597 shmem:10863 pagetables:1291
[ 1423.071230][T22193]  sec_pagetables:3 bounce:0
[ 1423.071230][T22193]  kernel_misc_reclaimable:0
[ 1423.071230][T22193]  free:1290992 free_pcp:9633 free_cma:0
[ 1423.117317][T22193] Node 0 active_anon:75820kB inactive_anon:0kB active_file:63544kB inactive_file:164344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134388kB dirty:1952kB writeback:0kB shmem:41916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12752kB pagetables:5008kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB
[ 1423.153152][T22193] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1423.184932][T22193] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1423.214270][T22193] lowmem_reserve[]: 0 2481 2482 2482 2482
[ 1423.220283][T22193] Node 0 DMA32 free:1233576kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:75784kB inactive_anon:0kB active_file:63544kB inactive_file:163032kB unevictable:1536kB writepending:1948kB present:3129332kB managed:2540652kB mlocked:0kB bounce:0kB free_pcp:34284kB local_pcp:24448kB free_cma:0kB
[ 1423.255573][T22193] lowmem_reserve[]: 0 0 1 1 1
[ 1423.260555][T22193] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[ 1423.290142][T22193] lowmem_reserve[]: 0 0 0 0 0
[ 1423.295095][T22193] Node 1 Normal free:3915016kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4224kB local_pcp:4224kB free_cma:0kB
[ 1423.326426][T22193] lowmem_reserve[]: 0 0 0 0 0
[ 1423.331382][T22193] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1423.345722][T22193] Node 0 DMA32: 548*4kB (UME) 649*8kB (UME) 1503*16kB (UME) 1573*32kB (UME) 1191*64kB (UME) 559*128kB (UME) 528*256kB (UME) 283*512kB (UME) 159*1024kB (UME) 26*2048kB (UM) 124*4096kB (M) = 1233576kB
[ 1423.366037][T22193] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1423.394809][T22193] Node 1 Normal: 222*4kB (UME) 46*8kB (UME) 52*16kB (UME) 261*32kB (UME) 117*64kB (UME) 30*128kB (UME) 8*256kB (UME) 4*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 948*4096kB (M) = 3915016kB
[ 1423.420577][T22193] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1423.432629][T22193] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1423.443301][T22193] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1423.453788][T22193] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1423.463366][T22193] 67481 total pagecache pages
[ 1423.468231][T22193] 0 pages in swap cache
[ 1423.472477][T22193] Free swap  = 124996kB
[ 1423.476917][T22193] Total swap = 124996kB
[ 1423.481361][T22193] 2097051 pages RAM
[ 1423.489267][T22193] 0 pages HighMem/MovableOnly
[ 1423.494368][T22193] 429910 pages reserved
[ 1423.503603][T22193] 0 pages cma reserved
[ 1423.595593][T19234] Bluetooth: hci2: command tx timeout
[ 1424.377067][   T12] hsr_slave_0: left promiscuous mode
[ 1424.391260][   T12] hsr_slave_1: left promiscuous mode
[ 1424.479602][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1424.495059][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1424.517986][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1424.550958][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1424.563859][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1424.780140][   T12] veth1_macvtap: left promiscuous mode
[ 1424.786001][   T12] veth0_macvtap: left promiscuous mode
[ 1424.859204][T22219] netlink: 'syz.2.4066': attribute type 1 has an invalid length.
[ 1425.323676][   T12] veth1_vlan: left promiscuous mode
[ 1425.330283][   T12] veth0_vlan: left promiscuous mode
[ 1425.680549][T19234] Bluetooth: hci2: command tx timeout
[ 1426.145996][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1426.232753][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1426.644489][T22176] chnl_net:caif_netlink_parms(): no params data found
[ 1426.739527][T22226] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1426.747510][T22226] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1426.755231][T22226] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1426.761935][T22226] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1426.777666][T22226] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1426.792738][T22226] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1426.859470][T22233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4069'.
[ 1426.916480][T22233] dlm: plock device version mismatch: kernel (1.2.0), user (4787969.68162565.3711971713)
[ 1427.351907][T22176] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1427.389246][T22176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1427.429646][T22176] bridge_slave_0: entered allmulticast mode
[ 1427.450954][T22176] bridge_slave_0: entered promiscuous mode
[ 1427.462563][T22176] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1427.489850][T22176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1427.513214][T22176] bridge_slave_1: entered allmulticast mode
[ 1427.524113][T22176] bridge_slave_1: entered promiscuous mode
[ 1427.674172][T22176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1427.708346][T17857] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1427.720226][T22176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1427.990858][T17115] Bluetooth: Error in BCSP hdr checksum
[ 1428.066643][T17857] usb 5-1: Using ep0 maxpacket: 32
[ 1428.093551][T17857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1428.116988][T17857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1428.146591][T17857] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[ 1428.177924][T17857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1428.240335][T19376] Bluetooth: Error in BCSP hdr checksum
[ 1428.246942][T17857] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1428.273701][T17857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1428.288253][T17857] usb 5-1: Product: syz
[ 1428.292560][T17857] usb 5-1: Manufacturer: syz
[ 1428.292566][T22176] team0: Port device team_slave_0 added
[ 1428.297650][T17857] usb 5-1: SerialNumber: syz
[ 1428.314892][T17857] usb 5-1: config 0 descriptor??
[ 1428.329863][T22176] team0: Port device team_slave_1 added
[ 1428.478132][T17857] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input59
[ 1428.490145][ T5175] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1428.501537][T19376] Bluetooth: Error in BCSP hdr checksum
[ 1428.529474][ T5175] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1428.605874][ T5175] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1428.689003][T22252] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1428.711818][T22176] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1428.728632][T16063] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1428.729279][T22176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1428.745491][T17857] usb 5-1: USB disconnect, device number 67
[ 1428.764670][    C0] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -19
[ 1428.788453][T19376] Bluetooth: Error in BCSP hdr checksum
[ 1428.809030][T19234] Bluetooth: hci0: command 0x0406 tx timeout
[ 1428.815102][T19234] Bluetooth: hci2: command 0x0419 tx timeout
[ 1428.821643][T19234] Bluetooth: hci3: command 0x0405 tx timeout
[ 1428.827924][T19234] Bluetooth: hci1: command 0x0406 tx timeout
[ 1428.887266][T22176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1428.930169][T22176] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1428.970341][T22176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1429.034550][T22176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1429.122624][T22176] hsr_slave_0: entered promiscuous mode
[ 1429.133247][T22176] hsr_slave_1: entered promiscuous mode
[ 1429.241975][T22271] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22271 comm=syz.2.4077
[ 1429.545673][T22277] netlink: 'syz.2.4077': attribute type 1 has an invalid length.
[ 1429.756197][T20534] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1430.677270][T22287] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4080'.
[ 1431.037255][ T5832] Bluetooth: hci2: command 0x0419 tx timeout
[ 1432.120826][   T30] audit: type=1326 audit(2000000481.910:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22288 comm="syz.4.4082" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa85c18e929 code=0x7fc00000
[ 1432.928404][T22305] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4083'.
[ 1433.205431][ T5832] Bluetooth: hci2: command 0x0419 tx timeout
[ 1433.696243][T22311] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1433.716792][T22311] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1433.740459][T22311] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1433.842122][T22311] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1434.695618][   T30] audit: type=1326 audit(2000000484.510:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22319 comm="syz.0.4087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f145098e929 code=0x7fc00000
[ 1435.269573][   T30] audit: type=1400 audit(2000000485.070:1383): avc:  denied  { ioctl } for  pid=22332 comm="syz.0.4091" path="socket:[94988]" dev="sockfs" ino=94988 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1435.307934][T22176] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1435.325615][    T9] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1435.535588][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 1435.544946][    T9] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[ 1435.585977][T22176] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1435.600560][    T9] usb 5-1: config 0 has no interface number 0
[ 1435.647144][    T9] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1435.701528][T22176] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1435.715010][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.762848][    T9] usb 5-1: Product: syz
[ 1435.765498][ T5832] Bluetooth: hci3: command 0x0405 tx timeout
[ 1435.773367][T20534] Bluetooth: hci1: command 0x0406 tx timeout
[ 1435.776275][T22176] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1435.779454][T19234] Bluetooth: hci0: command 0x0406 tx timeout
[ 1435.798443][    T9] usb 5-1: Manufacturer: syz
[ 1435.803147][    T9] usb 5-1: SerialNumber: syz
[ 1435.866909][    T9] usb 5-1: config 0 descriptor??
[ 1435.884937][    T9] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1435.915661][T19234] Bluetooth: hci2: command 0x0419 tx timeout
[ 1436.033322][T22176] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1436.076138][T22176] 8021q: adding VLAN 0 to HW filter on device team0
[ 1436.121474][T11313] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1436.128685][T11313] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1436.151532][T22338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1436.162616][ T6431] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1436.169792][ T6431] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1436.184041][T22338] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1436.205902][T17857] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 1436.269172][T22356] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27669 sclass=netlink_xfrm_socket pid=22356 comm=syz.0.4093
[ 1436.294030][    T9] usb 5-1: qt2_setup_urbs - submit read urb failed -8
[ 1436.305833][    T9] quatech2 5-1:0.51: probe with driver quatech2 failed with error -8
[ 1436.370514][T17857] usb 2-1: Using ep0 maxpacket: 32
[ 1436.391953][T17857] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1436.404941][T17857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1436.430106][T17857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1436.444614][T17857] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1436.463116][T17857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1436.481764][T17857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1436.500370][T17857] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1436.510509][T17857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1436.527907][T17857] usb 2-1: Product: syz
[ 1436.537745][T17857] usb 2-1: Manufacturer: syz
[ 1436.551629][T17857] usb 2-1: SerialNumber: syz
[ 1436.563430][T22357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1436.589894][T17857] usb 2-1: config 0 descriptor??
[ 1436.602380][T22357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1436.672795][T17857] usb 5-1: USB disconnect, device number 68
[ 1436.761365][T22176] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1436.810306][T22176] veth0_vlan: entered promiscuous mode
[ 1436.823986][T22176] veth1_vlan: entered promiscuous mode
[ 1437.209945][T22176] veth0_macvtap: entered promiscuous mode
[ 1437.229775][T22176] veth1_macvtap: entered promiscuous mode
[ 1437.333257][T22176] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1437.378069][T22176] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1437.421791][T22176] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.519749][T22381] input: syz0 as /devices/virtual/input/input62
[ 1437.547683][T22176] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.793897][T22176] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1437.924870][T22176] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1438.163261][T17115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1438.171287][T17115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1438.191400][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1438.213188][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1438.446423][T22386] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1438.454728][T22386] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1438.474765][T22386] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1438.746610][T22392] fuse: Bad value for 'fd'
[ 1439.107364][ T5898] usb 2-1: USB disconnect, device number 74
[ 1440.278743][T22416] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[ 1440.307527][T22416] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[ 1440.373278][T22420] warn_alloc: 1 callbacks suppressed
[ 1440.373293][T22420] syz.1.4109: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[ 1440.397260][T19234] Bluetooth: hci0: command 0x0406 tx timeout
[ 1440.427640][T22420] ,cpuset=/,mems_allowed=0-1
[ 1440.523230][T19234] Bluetooth: hci3: command 0x0405 tx timeout
[ 1440.524024][T20534] Bluetooth: hci1: command 0x0406 tx timeout
[ 1440.556472][T22420] CPU: 0 UID: 0 PID: 22420 Comm: syz.1.4109 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1440.556498][T22420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1440.556507][T22420] Call Trace:
[ 1440.556514][T22420]  <TASK>
[ 1440.556521][T22420]  dump_stack_lvl+0x16c/0x1f0
[ 1440.556552][T22420]  warn_alloc+0x248/0x3a0
[ 1440.556574][T22420]  ? __pfx_warn_alloc+0x10/0x10
[ 1440.556590][T22420]  ? __pfx_stack_trace_save+0x10/0x10
[ 1440.556609][T22420]  ? stack_depot_save_flags+0x28/0xa40
[ 1440.556631][T22420]  ? kasan_save_stack+0x42/0x60
[ 1440.556649][T22420]  ? kasan_save_stack+0x33/0x60
[ 1440.556662][T22420]  ? kasan_save_track+0x14/0x30
[ 1440.556676][T22420]  ? xskq_create+0x52/0x1d0
[ 1440.556692][T22420]  ? xsk_setsockopt+0x640/0x840
[ 1440.556705][T22420]  ? do_sock_setsockopt+0x224/0x470
[ 1440.556721][T22420]  ? xskq_create+0xfb/0x1d0
[ 1440.556736][T22420]  __vmalloc_node_range_noprof+0xff5/0x14b0
[ 1440.556756][T22420]  ? xskq_create+0xfb/0x1d0
[ 1440.556774][T22420]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1440.556792][T22420]  ? xskq_create+0xfb/0x1d0
[ 1440.556806][T22420]  vmalloc_user_noprof+0x9e/0xe0
[ 1440.556819][T22420]  ? xskq_create+0xfb/0x1d0
[ 1440.556835][T22420]  xskq_create+0xfb/0x1d0
[ 1440.556853][T22420]  xsk_setsockopt+0x640/0x840
[ 1440.556869][T22420]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1440.556883][T22420]  ? __lock_acquire+0x622/0x1c90
[ 1440.556906][T22420]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1440.556923][T22420]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1440.556938][T22420]  do_sock_setsockopt+0x224/0x470
[ 1440.556950][T22420]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1440.556970][T22420]  __sys_setsockopt+0x1a0/0x230
[ 1440.556990][T22420]  __x64_sys_setsockopt+0xbd/0x160
[ 1440.557006][T22420]  ? do_syscall_64+0x91/0x4c0
[ 1440.557023][T22420]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1440.557041][T22420]  do_syscall_64+0xcd/0x4c0
[ 1440.557060][T22420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.557073][T22420] RIP: 0033:0x7fa69b38e929
[ 1440.557085][T22420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1440.557099][T22420] RSP: 002b:00007fa69c18f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1440.557112][T22420] RAX: ffffffffffffffda RBX: 00007fa69b5b6080 RCX: 00007fa69b38e929
[ 1440.557122][T22420] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1440.557130][T22420] RBP: 00007fa69b410b39 R08: 0000000000000004 R09: 0000000000000000
[ 1440.557137][T22420] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1440.557144][T22420] R13: 0000000000000001 R14: 00007fa69b5b6080 R15: 00007ffe664c6bf8
[ 1440.557159][T22420]  </TASK>
[ 1440.557164][T22420] Mem-Info:
[ 1440.915090][T22424] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4110'.
[ 1441.371094][T22420] active_anon:15289 inactive_anon:0 isolated_anon:0
[ 1441.371094][T22420]  active_file:15885 inactive_file:41144 isolated_file:0
[ 1441.371094][T22420]  unevictable:768 dirty:277 writeback:0
[ 1441.371094][T22420]  slab_reclaimable:7527 slab_unreclaimable:100113
[ 1441.371094][T22420]  mapped:31393 shmem:7989 pagetables:1167
[ 1441.371094][T22420]  sec_pagetables:0 bounce:0
[ 1441.371094][T22420]  kernel_misc_reclaimable:0
[ 1441.371094][T22420]  free:1291678 free_pcp:14106 free_cma:0
[ 1441.506136][ T5929] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1441.718694][ T5929] usb 1-1: config 0 has an invalid interface number: 98 but max is 0
[ 1441.791287][ T5929] usb 1-1: config 0 has no interface number 0
[ 1441.803185][ T5929] usb 1-1: config 0 interface 98 has no altsetting 0
[ 1441.845923][ T5929] usb 1-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[ 1441.870893][ T5929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1441.917504][T22420] Node 0 active_anon:60552kB inactive_anon:0kB active_file:63540kB inactive_file:164376kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108884kB dirty:1112kB writeback:0kB shmem:30408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12540kB pagetables:4364kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1441.927343][ T5929] usb 1-1: Product: syz
[ 1442.167594][T22426] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1442.172411][ T5929] usb 1-1: Manufacturer: syz
[ 1442.173747][T22426] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1442.199035][ T5929] usb 1-1: SerialNumber: syz
[ 1442.219897][ T5929] usb 1-1: config 0 descriptor??
[ 1442.235806][T22420] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1442.256362][T22426] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1442.285480][T22420] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1442.314930][T22420] lowmem_reserve[]: 0 2481 2482 2482 2482
[ 1442.321769][T22420] Node 0 DMA32 free:1250300kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60248kB inactive_anon:0kB active_file:63540kB inactive_file:163064kB unevictable:1536kB writepending:1112kB present:3129332kB managed:2540652kB mlocked:0kB bounce:0kB free_pcp:51920kB local_pcp:32928kB free_cma:0kB
[ 1442.354838][T22420] lowmem_reserve[]: 0 0 1 1 1
[ 1442.359830][T22420] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[ 1442.389992][T22420] lowmem_reserve[]: 0 0 0 0 0
[ 1442.394703][T22420] Node 1 Normal free:3915272kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:3968kB local_pcp:0kB free_cma:0kB
[ 1442.454466][T22420] lowmem_reserve[]: 0 0 0 0 0
[ 1442.459815][T22420] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1442.494754][T22420] Node 0 DMA32: 3642*4kB (UME) 2671*8kB (UME) 2138*16kB (UME) 1601*32kB (UME) 1190*64kB (UME) 560*128kB (UME) 527*256kB (UME) 284*512kB (UME) 160*1024kB (UME) 22*2048kB (UM) 124*4096kB (M) = 1266336kB
[ 1442.558135][T22420] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1442.618707][T22420] Node 1 Normal: 222*4kB (UME) 46*8kB (UME) 52*16kB (UME) 263*32kB (UME) 116*64kB (UME) 30*128kB (UME) 9*256kB (UME) 4*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 948*4096kB (M) = 3915272kB
[ 1442.648459][T17115] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1442.677744][T22420] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1442.702444][T22420] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1442.713477][T22420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1442.749813][T22420] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1442.769578][T22420] 65014 total pagecache pages
[ 1442.782007][T22420] 0 pages in swap cache
[ 1442.786905][T22420] Free swap  = 124996kB
[ 1442.794433][T22420] Total swap = 124996kB
[ 1442.802731][T22420] 2097051 pages RAM
[ 1442.806869][T22420] 0 pages HighMem/MovableOnly
[ 1442.811555][T22420] 429910 pages reserved
[ 1442.819161][T22420] 0 pages cma reserved
[ 1442.837334][T17115] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1442.848703][ T5929] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[ 1442.948178][T17115] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1442.996784][T17115] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1443.093846][T17115] bridge_slave_1: left allmulticast mode
[ 1443.099654][T17115] bridge_slave_1: left promiscuous mode
[ 1443.106219][T17115] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.115142][T17115] bridge_slave_0: left allmulticast mode
[ 1443.124994][T17115] bridge_slave_0: left promiscuous mode
[ 1443.130890][T17115] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1443.669245][T20534] Bluetooth: hci0: command 0x0406 tx timeout
[ 1443.877379][ T5929] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 1444.091679][ T5929] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[ 1444.103040][T20254] usb 1-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[ 1444.120441][T20254] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[ 1444.133649][ T5929] usb 1-1: USB disconnect, device number 67
[ 1444.154677][   T30] audit: type=1400 audit(2000000493.950:1384): avc:  denied  { firmware_load } for  pid=20254 comm="kworker/1:4" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1444.902491][T20534] Bluetooth: hci1: command 0x0406 tx timeout
[ 1444.925733][T19234] Bluetooth: hci3: command 0x0405 tx timeout
[ 1444.942401][T20254] ------------[ cut here ]------------
[ 1444.949669][T20254] WARNING: CPU: 1 PID: 20254 at fs/kernfs/dir.c:537 kernfs_get.part.0+0x6e/0x80
[ 1444.959482][T20254] Modules linked in:
[ 1444.964179][T20254] CPU: 1 UID: 0 PID: 20254 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1444.974634][T20254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1444.984838][T20254] Workqueue: events request_firmware_work_func
[ 1444.991090][T20254] RIP: 0010:kernfs_get.part.0+0x6e/0x80
[ 1444.996707][T20254] Code: 78 c9 5a ff 85 ed 74 1c e8 2f ce 5a ff be 04 00 00 00 48 89 df e8 f2 93 c1 ff f0 ff 03 5b 5d e9 48 54 21 09 e8 13 ce 5a ff 90 <0f> 0b 90 eb d9 48 89 df e8 d5 8b c1 ff eb c0 0f 1f 00 90 90 90 90
[ 1445.016642][T20254] RSP: 0018:ffffc900119af790 EFLAGS: 00010293
[ 1445.022745][T20254] RAX: 0000000000000000 RBX: ffff8880344ad1e0 RCX: ffffffff82614e78
[ 1445.030744][T20254] RDX: ffff888020fd4880 RSI: ffffffff82614e9d RDI: 0000000000000005
[ 1445.039136][T20254] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 1445.047286][T20254] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807c3470b0
[ 1445.055626][T20254] R13: ffff888055fb6930 R14: 0000000000000000 R15: ffff888055fb6928
[ 1445.063614][T20254] FS:  0000000000000000(0000) GS:ffff888124854000(0000) knlGS:0000000000000000
[ 1445.072943][T20254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1445.079603][T20254] CR2: 000000110c3d5a86 CR3: 00000000790a0000 CR4: 00000000003526f0
[ 1445.087615][T20254] Call Trace:
[ 1445.090872][T20254]  <TASK>
[ 1445.093780][T20254]  kernfs_get+0x1f/0x30
[ 1445.097982][T20254]  kobject_add_internal+0x353/0x9b0
[ 1445.103195][T20254]  kobject_add+0x16e/0x240
[ 1445.107673][T20254]  ? __pfx_kobject_add+0x10/0x10
[ 1445.112617][T20254]  get_device_parent+0x399/0x4e0
[ 1445.117660][T20254]  device_add+0x1ad/0x1a70
[ 1445.122079][T20254]  ? __pfx_device_add+0x10/0x10
[ 1445.126964][T20254]  ? __init_waitqueue_head+0xca/0x150
[ 1445.132359][T20254]  firmware_fallback_sysfs+0x2ec/0xbe0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1445.136628][   T30] audit: type=1400 audit(2000000494.970:1385): avc:  denied  { write } for  pid=5807 comm="syz-executor" path="pipe:[4282]" dev="pipefs" ino=4282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1445.137878][T20254]  _request_firmware+0xfe9/0x1470
[ 1445.166629][T20254]  ? __pfx__request_firmware+0x10/0x10
[ 1445.172112][T20254]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1445.177950][T20254]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1445.183564][T20254]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1445.189366][T20254]  request_firmware_work_func+0xea/0x250
[ 1445.194980][T20254]  ? __pfx_request_firmware_work_func+0x10/0x10
[ 1445.201270][T20254]  ? rcu_is_watching+0x12/0xc0
[ 1445.206031][T20254]  process_one_work+0x9cf/0x1b70
[ 1445.210950][T20254]  ? __pfx_process_one_work+0x10/0x10
[ 1445.216313][T20254]  ? assign_work+0x1a0/0x250
[ 1445.220892][T20254]  worker_thread+0x6c8/0xf10
[ 1445.225605][T20254]  ? __kthread_parkme+0x19e/0x250
[ 1445.230614][T20254]  ? __pfx_worker_thread+0x10/0x10
[ 1445.235812][T20254]  kthread+0x3c5/0x780
[ 1445.239857][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.244423][T20254]  ? rcu_is_watching+0x12/0xc0
[ 1445.249270][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.254026][T20254]  ret_from_fork+0x5d4/0x6f0
[ 1445.258816][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.264183][T20254]  ret_from_fork_asm+0x1a/0x30
[ 1445.268977][T20254]  </TASK>
[ 1445.272062][T20254] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1445.279321][T20254] CPU: 1 UID: 0 PID: 20254 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1445.289707][T20254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1445.299745][T20254] Workqueue: events request_firmware_work_func
[ 1445.305974][T20254] Call Trace:
[ 1445.309230][T20254]  <TASK>
[ 1445.312150][T20254]  dump_stack_lvl+0x3d/0x1f0
[ 1445.316728][T20254]  panic+0x71c/0x800
[ 1445.320607][T20254]  ? __pfx_panic+0x10/0x10
[ 1445.325000][T20254]  ? show_trace_log_lvl+0x29b/0x3e0
[ 1445.330183][T20254]  ? check_panic_on_warn+0x1f/0xb0
[ 1445.335286][T20254]  ? kernfs_get.part.0+0x6e/0x80
[ 1445.340207][T20254]  check_panic_on_warn+0xab/0xb0
[ 1445.345136][T20254]  __warn+0xf6/0x3c0
[ 1445.349010][T20254]  ? kernfs_get.part.0+0x6e/0x80
[ 1445.353952][T20254]  report_bug+0x3c3/0x580
[ 1445.358267][T20254]  ? kernfs_get.part.0+0x6e/0x80
[ 1445.363186][T20254]  handle_bug+0x184/0x210
[ 1445.367505][T20254]  exc_invalid_op+0x17/0x50
[ 1445.371984][T20254]  asm_exc_invalid_op+0x1a/0x20
[ 1445.376823][T20254] RIP: 0010:kernfs_get.part.0+0x6e/0x80
[ 1445.382348][T20254] Code: 78 c9 5a ff 85 ed 74 1c e8 2f ce 5a ff be 04 00 00 00 48 89 df e8 f2 93 c1 ff f0 ff 03 5b 5d e9 48 54 21 09 e8 13 ce 5a ff 90 <0f> 0b 90 eb d9 48 89 df e8 d5 8b c1 ff eb c0 0f 1f 00 90 90 90 90
[ 1445.401929][T20254] RSP: 0018:ffffc900119af790 EFLAGS: 00010293
[ 1445.407969][T20254] RAX: 0000000000000000 RBX: ffff8880344ad1e0 RCX: ffffffff82614e78
[ 1445.415914][T20254] RDX: ffff888020fd4880 RSI: ffffffff82614e9d RDI: 0000000000000005
[ 1445.423856][T20254] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 1445.431797][T20254] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807c3470b0
[ 1445.439752][T20254] R13: ffff888055fb6930 R14: 0000000000000000 R15: ffff888055fb6928
[ 1445.447704][T20254]  ? kernfs_get.part.0+0x48/0x80
[ 1445.452633][T20254]  ? kernfs_get.part.0+0x6d/0x80
[ 1445.457562][T20254]  kernfs_get+0x1f/0x30
[ 1445.461720][T20254]  kobject_add_internal+0x353/0x9b0
[ 1445.466901][T20254]  kobject_add+0x16e/0x240
[ 1445.471299][T20254]  ? __pfx_kobject_add+0x10/0x10
[ 1445.476219][T20254]  get_device_parent+0x399/0x4e0
[ 1445.481145][T20254]  device_add+0x1ad/0x1a70
[ 1445.485545][T20254]  ? __pfx_device_add+0x10/0x10
[ 1445.490367][T20254]  ? __init_waitqueue_head+0xca/0x150
[ 1445.495727][T20254]  firmware_fallback_sysfs+0x2ec/0xbe0
[ 1445.501169][T20254]  _request_firmware+0xfe9/0x1470
[ 1445.506176][T20254]  ? __pfx__request_firmware+0x10/0x10
[ 1445.511618][T20254]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1445.517492][T20254]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1445.523100][T20254]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1445.528892][T20254]  request_firmware_work_func+0xea/0x250
[ 1445.534499][T20254]  ? __pfx_request_firmware_work_func+0x10/0x10
[ 1445.540719][T20254]  ? rcu_is_watching+0x12/0xc0
[ 1445.545463][T20254]  process_one_work+0x9cf/0x1b70
[ 1445.550380][T20254]  ? __pfx_process_one_work+0x10/0x10
[ 1445.555729][T20254]  ? assign_work+0x1a0/0x250
[ 1445.560318][T20254]  worker_thread+0x6c8/0xf10
[ 1445.564903][T20254]  ? __kthread_parkme+0x19e/0x250
[ 1445.569907][T20254]  ? __pfx_worker_thread+0x10/0x10
[ 1445.574991][T20254]  kthread+0x3c5/0x780
[ 1445.579035][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.583601][T20254]  ? rcu_is_watching+0x12/0xc0
[ 1445.588359][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.592922][T20254]  ret_from_fork+0x5d4/0x6f0
[ 1445.597501][T20254]  ? __pfx_kthread+0x10/0x10
[ 1445.602063][T20254]  ret_from_fork_asm+0x1a/0x30
[ 1445.606811][T20254]  </TASK>
[ 1445.610017][T20254] Kernel Offset: disabled
[ 1445.614322][T20254] Rebooting in 86400 seconds..