last executing test programs:

11.639826809s ago: executing program 0 (id=189):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000001040)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, r5, 0x1, 0x0, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x2c}, 0x7ffffffe, 0x0, 0x0, 0x48000}, 0x0)

11.257386183s ago: executing program 2 (id=190):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe800000008500000026000000b7000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc7a3fb4f1689dfd5b626174770e4dfd1c82a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec264e3d96ad19a0c99a234b4b71b0bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r4)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x3}, {}, {0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_ife={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x20000000, 0xea, 0x100004}, 0x1}}, @TCA_IFE_TYPE={0x6, 0x5, 0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

10.563486538s ago: executing program 0 (id=191):
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0xb19366062a5e1df1, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendto$inet6(r0, &(0x7f00000000c0)="bfa49d5e64adddc6c4d5a4152e15dbef46", 0x11, 0x20008080, &(0x7f0000000100)={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1}, 0x1c)
r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401)
ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x6, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[], 0x0, 0x34, 0x0, 0x2, 0x0, 0x0, @void, @value}, 0x28)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ipv6_route\x00')
preadv(r3, 0x0, 0x0, 0x10000000, 0x8)

10.503758832s ago: executing program 1 (id=192):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = getuid()
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000901, r1, &(0x7f0000000380))
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000480)={'syztnl1\x00', <r2=>0x0, 0x20, 0x40, 0xe, 0x5, {{0x14, 0x4, 0x0, 0x1, 0x50, 0x67, 0x0, 0x7, 0x0, 0x0, @remote, @remote, {[@timestamp_prespec={0x44, 0x3c, 0x33, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}, {@multicast2, 0x81}, {@local, 0x6}, {@multicast2, 0xa5}, {@rand_addr=0x64010102, 0x8}]}]}}}}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@deltclass={0x68, 0x29, 0x800, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xb, 0x3}, {0xfff2, 0xf}, {0xfff1, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x7, 0xee}}, @tclass_kind_options=@c_qfq={{0x8}, {0x34, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0x3}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x309d}, @TCA_QFQ_LMAX={0x8, 0x2, 0x30}, @TCA_QFQ_LMAX={0x8, 0x2, 0x6}, @TCA_QFQ_LMAX={0x8, 0x2, 0x2}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x3}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f00000001c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(r0, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000500)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
read(r5, &(0x7f0000000600)=""/206, 0xce)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000180)={0x30}, 0x30)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="f7ffffff00", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f5ffffffbf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

9.934636597s ago: executing program 3 (id=193):
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x882)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x54c83, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ustat(0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040))
socket$inet6_mptcp(0xa, 0x1, 0x106)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x8fff5], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)

9.669440041s ago: executing program 0 (id=195):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f0000000340)='./file0\x00', 0x0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="030626bd7000fedbdf250100000008000300", @ANYRES32=0x0, @ANYBLOB="0c0006400100000001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000001780), 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB, @ANYRESHEX=r5, @ANYBLOB=',sgq'])
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ptrace(0x10, r3)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r7, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c)
sendto$inet(r7, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010012000000000000000700000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000020080003400000000514000000110001"], 0x8c}}, 0x0)
socket$kcm(0x25, 0x1, 0x0)

8.750564144s ago: executing program 1 (id=196):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x48}}, 0x0)
recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/240, 0xf0}, {0x0}], 0x2}, 0x3}, {{&(0x7f0000000380)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000000540)=""/250, 0xfa}, {&(0x7f00000006c0)=""/221, 0xdd}, {&(0x7f00000007c0)=""/231, 0xe7}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/183, 0xb7}, {&(0x7f00000019c0)=""/132, 0x84}, {&(0x7f0000001a80)=""/126, 0x7e}, {&(0x7f0000000400)=""/49, 0x31}, {&(0x7f0000001b00)=""/38, 0x26}], 0x9, &(0x7f0000001c00)=""/77, 0x4d}, 0x275}, {{&(0x7f0000001c80)=@alg, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000001f80)=""/5, 0x5}, 0x1}, {{&(0x7f0000001fc0)=@generic, 0x80, &(0x7f0000002440)=[{&(0x7f0000002040)=""/166, 0xa6}, {&(0x7f0000002100)=""/25, 0x19}, {&(0x7f0000002140)=""/71, 0x47}, {&(0x7f00000021c0)=""/120, 0x78}, {&(0x7f0000002240)=""/202, 0xca}, {&(0x7f0000002340)=""/252, 0xfc}], 0x6, &(0x7f00000024c0)=""/144, 0x90}, 0x9}, {{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000002580)=""/131, 0x83}], 0x1, &(0x7f0000002680)=""/123, 0x7b}, 0x3bb}], 0x5, 0x2040, 0x0)

8.664120192s ago: executing program 2 (id=197):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb8}, [@ldst={0x4}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x9, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffff7, 0x10, &(0x7f0000000000), 0xfffffe51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0))
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ustat(0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty, 0x400000}, 0x1c)
listen(r3, 0xfffffffd)
accept(r3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2604002c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00'})
r6 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f0000000180)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000580)="28212e3b45477190eb3af0daabb3bb716d2cfe35d3d54bb621e4ba9cc873ec15cadaa47d9ba7b5187e1292cf7b8d6eaf487a61a12746c75a0fa2eea2dddd2ab15b86e88bbe816c3fbd42d0e3ee7cec1c301e532792634bb7a72db7f8f6e37b2c38d4f8d846a38267f9f7b65398383cc95656d487e3ed80b53afcf7ff0b01fff94026494b3fe35b0d074872a471a491264d0c10ebc8e8aa18265e47f8a6bd27cce27f8555c6679e9b6d5b3a694688c1d90cf0ffffffffffffff4a2c1a403d2a2aa8c27242633cbc14b1ee57f2628ea3b96ac717e7fa2940358a50468ba53e444fd8949153560fee159058c9b17ca3a8df688881cd04499bd16a65336e4d19fec8b68752464b11cb9b73ab0d7a84aa109392849ec8bb0c6ac88f6248d245a4eabfa830a4968e3e74e4f06d6f44e6f7bf8961609937f811bdbd45ee32898e2f0910ba46c93e53a1b86f4f1be8bc0385393200"/346, 0x15a}], 0x1}, 0x0)

8.081615794s ago: executing program 3 (id=198):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x34}, 0x10)

8.045050525s ago: executing program 1 (id=199):
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
read$nci(r1, &(0x7f00000001c0)=""/69, 0x45)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004)
write$nci(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r3], 0x4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="000323cd7000fbdbdf"], 0x20}, 0x1, 0x0, 0x0, 0x4000081}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000d00), r5)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r6, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010027bd7008000000250f0034ad080001"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xe0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="d8000000180081055bab0af6947695d8e8fc55a10a0015000600142603600e1208000f00fff0048ce96401a800080094814a3d0bfa2535055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300fc0d153019add3a7a66baca4c011846285944dec0a00500ea4ea1197ea54cb44a555c80f5ed461dc0190c0c2b4000000000007cc40c3266f68db2506a6cde3aa4aa330b4700cdaea99e38e247321fb936a0000000000000004c9fcb0a33898cc8bfe35d060c3cdb5d718c79f0c", 0x13d}], 0x1}, 0x4000000)

7.845494057s ago: executing program 3 (id=201):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
syz_emit_ethernet(0x19b, &(0x7f0000000280)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="b91c280825dc", @void, {@ipv6={0x86dd, @udp={0x8, 0x6, "56db49", 0x165, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @empty, {[@dstopts={0x0, 0x9, '\x00', [@calipso={0x7, 0x48, {0x2, 0x10, 0x2, 0x12b9, [0x2, 0x0, 0x1000, 0x1, 0x8000000000000001, 0x3, 0xfb, 0x2]}}, @enc_lim={0x4, 0x1, 0x5}]}, @srh={0x1b, 0x6, 0x4, 0x3, 0x7f, 0x50, 0x9, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}]}, @dstopts={0x89, 0xe, '\x00', [@enc_lim={0x4, 0x1, 0x7}, @jumbo={0xc2, 0x4, 0x400}, @calipso={0x7, 0x30, {0x3, 0xa, 0x7, 0x2c56, [0x100000000, 0x4d2c, 0x5e, 0xfffffffffffffff9, 0x40]}}, @ra={0x5, 0x2, 0x6}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x28, {0x2, 0x8, 0x4d, 0x0, [0x8001, 0x7, 0x13cc, 0x3c]}}, @enc_lim={0x4, 0x1, 0xee}]}, @hopopts={0x29, 0x0, '\x00', [@pad1]}, @fragment={0x84, 0x0, 0x0, 0x1, 0x0, 0x3, 0x64}, @fragment={0x80, 0x0, 0x4, 0x1, 0x0, 0x3, 0x67}], {0x4e21, 0x4e23, 0x35, 0x0, @opaque="1277c499f26213c4255164b23f4bccd0f929f72ebb07f4144efce3d460dae90926925622818e228f138880998d"}}}}}}, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x68, &(0x7f0000000000)=0x5, 0x4)
syz_open_dev$usbfs(0x0, 0x77, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
socket$kcm(0x29, 0x2, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000100)=0x1)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000040)={'wlan1\x00', @broadcast})
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff08000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r8, @ANYBLOB="0a0001"], 0x48}}, 0x0)

6.92651582s ago: executing program 2 (id=203):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r1], 0x4}}, 0x0)
sendfile(r4, r2, 0x0, 0x100000008) (fail_nth: 10)

5.207052127s ago: executing program 4 (id=204):
socket$kcm(0xa, 0x3, 0x87) (async)
r0 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0xb, @ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x1}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000000)="ffa8232e", 0x4}, {0x0}], 0x2, 0x0, 0xffffffffffffffd1}, 0x48810)

4.913478119s ago: executing program 1 (id=205):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
chdir(0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x348}, &(0x7f0000000480)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0), 0x8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/meminfo\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000000)=""/221, 0x34b}], 0x1, 0x1c0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000003300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002bbd7001000000000000000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8020}, 0x200000c0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r8 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r8, &(0x7f0000001940)=""/4086, 0xff6)

4.912940105s ago: executing program 2 (id=206):
timer_create(0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = dup2(r1, r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x0, 0x303, 0x0, 0x25dfdbfd, {0x3d}}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000100)=""/84, 0x54}, {0x0}], 0x2)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r6)
sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x2c, r8, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x12}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)

4.756186559s ago: executing program 3 (id=207):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x1, 0x2, &(0x7f0000000280)=ANY=[@ANYBLOB="911080ffffff000095"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x2000000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000440)=@o_path={0x0}, 0x18)
syz_io_uring_submit(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota')
chdir(&(0x7f0000000100)='./file1\x00')
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000580))
removexattr(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)=@random={'security.', 'tmpfs\x00'})
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

4.755496012s ago: executing program 4 (id=208):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYRES64], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0xc, r1, 0x1, 0x7, 0x6, @local}, 0x14)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, 0x0, 0x0)
r4 = dup2(r3, r3)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r5 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0xff, 0x40002)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r7 = dup(r6)
bind$bt_l2cap(r7, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000740)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x130, 0x240, 0x0, 0xffffffff, 0xffffffff, 0x310, 0x310, 0x310, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x208, 0x101, 0x1, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x5, 0x3, [0x24, 0xe, 0x9, 0x2a, 0x2, 0x5, 0x1b, 0x40, 0x40, 0x1, 0x3b, 0xe, 0x31, 0x26, 0x24, 0x5], 0x2, 0xe, 0x80000000}}}, {{@ip={@local, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff, 0x0, 'ip6_vti0\x00', 'rose0\x00', {0xff}, {}, 0x33, 0x1}, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}, {{0x4, [0x2, 0x5, 0x4, 0x2, 0x7], 0x6, 0x1}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0xa, 0x5, 0x4, 0x4, 0x1, 0xaaa7218fd8887602], 0x6, 0x3}, {0xffffffffffffffff, [0x7, 0x4, 0x4, 0x4, 0x4, 0xc], 0x6, 0x6}}}}, {{@ip={@empty, @remote, 0xff, 0xffffff, 'batadv_slave_0\x00', 'syzkaller1\x00', {}, {}, 0x11, 0x3, 0xb}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @random="c3ba6cc9fb06", 0xfff9, 0xd, [0x2c, 0x9, 0x22, 0xa, 0x0, 0x31, 0xd, 0x16, 0x4e, 0x2d, 0x8, 0x7, 0x40, 0x36, 0x1d, 0x27], 0x1, 0x7, 0x9}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8)
listen(r6, 0x9)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f00000000c0)={0xb9, 0xd, 0x4, 0x0, 0x4})
ioctl$SNDRV_CTL_IOCTL_PVERSION(r5, 0x80045500, &(0x7f0000000140))
r10 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x1c1140, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r10, 0xc0040d1e, &(0x7f0000000040)=0x121)

3.898142488s ago: executing program 0 (id=209):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000500)=ANY=[], 0x48}}, 0x0)
recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/240, 0xf0}, {0x0}], 0x2}, 0x3}, {{&(0x7f0000000380)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000000540)=""/250, 0xfa}, {&(0x7f00000006c0)=""/221, 0xdd}, {&(0x7f00000007c0)=""/231, 0xe7}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/183, 0xb7}, {&(0x7f00000019c0)=""/132, 0x84}, {&(0x7f0000001a80)=""/126, 0x7e}, {&(0x7f0000000400)=""/49, 0x31}, {&(0x7f0000001b00)=""/38, 0x26}], 0x9, &(0x7f0000001c00)=""/77, 0x4d}, 0x275}, {{&(0x7f0000001c80)=@alg, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000001f80)=""/5, 0x5}, 0x1}, {{&(0x7f0000001fc0)=@generic, 0x80, &(0x7f0000002440)=[{&(0x7f0000002040)=""/166, 0xa6}, {&(0x7f0000002100)=""/25, 0x19}, {&(0x7f0000002140)=""/71, 0x47}, {&(0x7f00000021c0)=""/120, 0x78}, {&(0x7f0000002240)=""/202, 0xca}, {&(0x7f0000002340)=""/252, 0xfc}], 0x6, &(0x7f00000024c0)=""/144, 0x90}, 0x9}, {{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000002580)=""/131, 0x83}], 0x1, &(0x7f0000002680)=""/123, 0x7b}, 0x3bb}], 0x5, 0x2040, 0x0)

3.077156094s ago: executing program 1 (id=210):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xc}, {0xffff, 0xffff}, {0x0, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0x7, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x80000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@map=r4, 0x16, 0x1, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r5}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
close(r7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
pread64(r9, &(0x7f0000001200)=""/99, 0x63, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={0xe0, 0x30, 0x107, 0x70bd2a, 0x25dfdbfd, {0x3, 0x7c}, [@nested={0xbd, 0x136, 0x0, 0x1, [@generic="f3a830d6f6018390d28caad5a500fa272eccfdbc07fda8af7bd71e3980223dcadceacc2e52a844eb1b016ae40b90581b9ac8464bd6fda6a8efdfc2a84afc89f2d341c421570a4be93a6ff598910b0fd30685db50aa62722032a0f9b5ad3f2d179d185db74c751256852903a9f5bd3bd9f702950830d363686525ae305850de3cf5709f65ea5a7397b8393455ccf08f8ebfff70ffe6ebce43c134bd768b255f635a55368922e9ce943288a2cbdd6e72344c0dc79b10d0bc1f1b"]}, @nested={0xc, 0x1}]}, 0xe0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r11, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r8}, &(0x7f0000000900), &(0x7f0000000940)=r7}, 0x20)
r12 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r12, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r12, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63d, 0x1, 0x2, 0xd59f83, 0x19f2, 0x8, 0x19ef, 0x3, 0x6a, 0x4, 0x2800, 0x2, 0xba2, 0x2800, 0x38, {0x8, 0xffffffff}, 0xd1, 0xa}})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0x40a85323, &(0x7f0000000180)={{0x2, 0x9}, 'port1\x00', 0x40, 0x10008, 0x80000001, 0x2, 0x8, 0x40, 0xd4b4f72, 0x0, 0x4, 0x10})

3.074883187s ago: executing program 4 (id=211):
r0 = io_uring_setup(0x2471, &(0x7f0000000280)={0x0, 0x4170, 0x1000, 0x0, 0x2e6})
io_uring_setup(0x2a5a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = msgget$private(0x0, 0x123)
msgrcv(r2, 0x0, 0x0, 0x3, 0x3000)
msgsnd(r2, 0x0, 0x0, 0x800)
r3 = syz_open_dev$sg(0x0, 0x6, 0x41c005)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xb)
ioctl$SG_IO(r3, 0x2285, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000190100000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff070000000000000000"], 0xb8}}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000f40)=""/4083, 0x0, 0xfffffffffffffd72, 0x1, 0x1, 0x0, @void, @value}, 0x28)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r7, 0x34}, 0x10)
bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x1d, 0x0, @val=@netkit={@void, @value}}, 0x1c)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x3, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3502, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c00"], 0x1d8}}, 0x0)
socket(0xa, 0x3, 0x3a)

2.953100254s ago: executing program 2 (id=212):
timer_create(0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = dup2(r1, r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, 0x0, 0x0)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000100)=""/84, 0x54}, {0x0}], 0x2)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r6)
sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x2c, r8, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x12}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)

2.932426878s ago: executing program 3 (id=213):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb8}, [@ldst={0x4}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x9, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffff7, 0x10, &(0x7f0000000000), 0xfffffe51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0))
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ustat(0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty, 0x400000}, 0x1c)
listen(r3, 0xfffffffd)
accept(r3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2604002c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00'})
r6 = socket$kcm(0x1e, 0x1, 0x0)
sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f0000000180)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000580)="28212e3b45477190eb3af0daabb3bb716d2cfe35d3d54bb621e4ba9cc873ec15cadaa47d9ba7b5187e1292cf7b8d6eaf487a61a12746c75a0fa2eea2dddd2ab15b86e88bbe816c3fbd42d0e3ee7cec1c301e532792634bb7a72db7f8f6e37b2c38d4f8d846a38267f9f7b65398383cc95656d487e3ed80b53afcf7ff0b01fff94026494b3fe35b0d074872a471a491264d0c10ebc8e8aa18265e47f8a6bd27cce27f8555c6679e9b6d5b3a694688c1d90cf0ffffffffffffff4a2c1a403d2a2aa8c27242633cbc14b1ee57f2628ea3b96ac717e7fa2940358a50468ba53e444fd8949153560fee159058c9b17ca3a8df688881cd04499bd16a65336e4d19fec8b68752464b11cb9b73ab0d7a84aa109392849ec8bb0c6ac88f6248d245a4eabfa830a4968e3e74e4f06d6f44e6f7bf8961609937f811bdbd45ee32898e2f0910ba46c93e53a1b86f4f1be8bc0385393200"/346, 0x15a}], 0x1}, 0x0)

2.809514275s ago: executing program 0 (id=214):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r3 = syz_io_uring_setup(0x10d2, 0x0, &(0x7f0000000600)=<r4=>0x0, &(0x7f00000005c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_STATX={0x15, 0x29, 0x0, 0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000100)='./file0\x00', 0x40, 0x100})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x16)

1.615681083s ago: executing program 0 (id=215):
ioperm(0x0, 0x3, 0x2)
quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000300)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00')
read$FUSE(r3, &(0x7f0000000000)={0x2020}, 0x96)
close(r2)
read$FUSE(r3, &(0x7f0000002400)={0x2020}, 0x2020)
unshare(0x2a020400)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r4, &(0x7f0000001880)=[{&(0x7f00000018c0)=""/98, 0x62}], 0x1, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da00090589"], 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f00000020c0)="0f20d80f2059660f3882bf0000672e67660f3882300f01ee660ff898000066b8000001000f23d80f21f86635800000e00f23f80f01c9baf80c66b84bee5e8166efbafc0cecd3b7a700"}], 0x0, 0x0, 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x0, 0x0)
pread64(r6, &(0x7f0000000200)=""/174, 0xae, 0x3b11)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r7 = socket(0x26, 0x6, 0x0)
sendto(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000000)=0x930d, 0x4)
socket$can_raw(0x1d, 0x3, 0x1)
sendto$packet(r8, 0x0, 0x0, 0x40055, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x3, 0x6, @multicast}, 0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x5, 0x400, 0x8, @private2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x760, 0x8731, 0x3, 0x6}})
io_setup(0x6, &(0x7f0000001380))

1.343079695s ago: executing program 2 (id=216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x1, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x888)
sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0)
shutdown(0xffffffffffffffff, 0x1)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0xfffffffc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) (fail_nth: 2)

950.98879ms ago: executing program 1 (id=217):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40080)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8b20, &(0x7f0000000000)={'virt_wifi0\x00', @random="12526a8a2573"})
read$hiddev(r1, &(0x7f00000009c0)=""/4109, 0x100d)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0)
shutdown(r2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000980)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000d02000000000000"], 0x0, 0x3e, 0x0, 0x1, 0x1, 0x0, @void, @value}, 0x28)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x10, r3, 0x5447f000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x50}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x0, 0x6}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xc000)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
r9 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x48100, 0x0)
pread64(r9, &(0x7f0000000080)=""/31, 0x1f, 0x1)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
write(r7, &(0x7f0000000240)="94", 0x1)
tee(r6, r10, 0x8f5, 0x100000000000000)
write(r8, 0x0, 0x0)

820.967592ms ago: executing program 4 (id=218):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='rxrpc_abort\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r3 = socket$netlink(0x10, 0x3, 0x14)
r4 = socket$inet6(0xa, 0xa, 0x9)
copy_file_range(r4, &(0x7f0000000040)=0x80000000, 0xffffffffffffffff, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="38000000031404002dbd7000020000000900020073737a32000000000800410073697704140033007d9739495727440f4c17401370556e72"], 0x38}}, 0xeb7edaaa5f519a02)

820.142853ms ago: executing program 3 (id=219):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f0000000340)='./file0\x00', 0x0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="030626bd7000fedbdf250100000008000300", @ANYRES32=0x0, @ANYBLOB="0c0006400100000001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000001780), 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB, @ANYRESHEX=r5, @ANYBLOB=',sgq'])
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ptrace(0x10, r3)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r7, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c)
sendto$inet(r7, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010012000000000000000700000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000020080003400000000514000000110001"], 0x8c}}, 0x0)
socket$kcm(0x25, 0x1, 0x0)

272.689047ms ago: executing program 4 (id=220):
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x882)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x54c83, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ustat(0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040))
socket$inet6_mptcp(0xa, 0x1, 0x106)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x8fff5], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)

0s ago: executing program 4 (id=221):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
chdir(0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x348}, &(0x7f0000000480)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0), 0x8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/meminfo\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000000)=""/221, 0x34b}], 0x1, 0x1c0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000003300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002bbd7001000000000000000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8020}, 0x200000c0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r8 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r8, &(0x7f0000001940)=""/4086, 0xff6)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts.
[   79.750188][ T5807] cgroup: Unknown subsys name 'net'
[   79.926108][ T5807] cgroup: Unknown subsys name 'cpuset'
[   79.936186][ T5807] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   81.589057][ T5807] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.312597][ T5821] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.320893][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.328843][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.337769][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.345639][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.408153][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.416202][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.424372][ T5821] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.455213][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.473387][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.487780][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.521548][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.541565][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.554004][   T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   84.579984][ T5825] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.587194][   T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   84.595323][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.602787][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   84.610036][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.610464][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.618785][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   84.634137][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.634214][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   84.650656][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   84.651637][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   85.137475][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   85.334759][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   85.457538][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   85.572946][ T5824] chnl_net:caif_netlink_parms(): no params data found
[   85.596148][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   85.608791][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.616749][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.624615][ T5818] bridge_slave_0: entered allmulticast mode
[   85.632108][ T5818] bridge_slave_0: entered promiscuous mode
[   85.672739][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.679906][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.687299][ T5818] bridge_slave_1: entered allmulticast mode
[   85.695267][ T5818] bridge_slave_1: entered promiscuous mode
[   85.831134][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.838550][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.846630][ T5826] bridge_slave_0: entered allmulticast mode
[   85.854722][ T5826] bridge_slave_0: entered promiscuous mode
[   85.886843][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.894082][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.901706][ T5822] bridge_slave_0: entered allmulticast mode
[   85.909004][ T5822] bridge_slave_0: entered promiscuous mode
[   85.917451][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.925186][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.932699][ T5826] bridge_slave_1: entered allmulticast mode
[   85.939962][ T5826] bridge_slave_1: entered promiscuous mode
[   85.955969][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.970911][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.979063][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.986333][ T5822] bridge_slave_1: entered allmulticast mode
[   85.993628][ T5822] bridge_slave_1: entered promiscuous mode
[   86.053865][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.083325][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.159959][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.172956][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.182409][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.189674][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.198161][ T5830] bridge_slave_0: entered allmulticast mode
[   86.205553][ T5830] bridge_slave_0: entered promiscuous mode
[   86.216267][ T5818] team0: Port device team_slave_0 added
[   86.227086][ T5818] team0: Port device team_slave_1 added
[   86.233190][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.240333][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.247808][ T5824] bridge_slave_0: entered allmulticast mode
[   86.255735][ T5824] bridge_slave_0: entered promiscuous mode
[   86.278663][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.299246][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.306747][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.314178][ T5830] bridge_slave_1: entered allmulticast mode
[   86.321862][ T5830] bridge_slave_1: entered promiscuous mode
[   86.340871][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.348382][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.355905][ T5824] bridge_slave_1: entered allmulticast mode
[   86.363301][ T5824] bridge_slave_1: entered promiscuous mode
[   86.400769][ T5826] team0: Port device team_slave_0 added
[   86.412400][ T5821] Bluetooth: hci0: command tx timeout
[   86.483629][ T5822] team0: Port device team_slave_0 added
[   86.492156][ T5826] team0: Port device team_slave_1 added
[   86.500531][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.511167][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.518576][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.545635][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.559917][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.572952][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.584461][ T5822] team0: Port device team_slave_1 added
[   86.605916][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.629242][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.636435][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.662983][ T5821] Bluetooth: hci1: command tx timeout
[   86.668952][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.732053][   T55] Bluetooth: hci2: command tx timeout
[   86.732060][ T5832] Bluetooth: hci4: command tx timeout
[   86.743848][ T5821] Bluetooth: hci3: command tx timeout
[   86.760779][ T5830] team0: Port device team_slave_0 added
[   86.798507][ T5824] team0: Port device team_slave_0 added
[   86.825341][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.832633][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.858750][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.892605][ T5830] team0: Port device team_slave_1 added
[   86.903441][ T5824] team0: Port device team_slave_1 added
[   86.932233][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.939228][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.965665][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.978236][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.986550][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.012615][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.055668][ T5818] hsr_slave_0: entered promiscuous mode
[   87.062457][ T5818] hsr_slave_1: entered promiscuous mode
[   87.105523][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.112836][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.140483][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.152678][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.159671][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.187186][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.245955][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.253779][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.280073][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.310043][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.319940][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.346114][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.359004][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.366176][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.392528][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.443798][ T5826] hsr_slave_0: entered promiscuous mode
[   87.450346][ T5826] hsr_slave_1: entered promiscuous mode
[   87.456940][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.465302][ T5826] Cannot create hsr debugfs directory
[   87.585441][ T5830] hsr_slave_0: entered promiscuous mode
[   87.592924][ T5830] hsr_slave_1: entered promiscuous mode
[   87.599072][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.607016][ T5830] Cannot create hsr debugfs directory
[   87.619336][ T5822] hsr_slave_0: entered promiscuous mode
[   87.628541][ T5822] hsr_slave_1: entered promiscuous mode
[   87.635005][ T5822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.642987][ T5822] Cannot create hsr debugfs directory
[   87.717449][ T5824] hsr_slave_0: entered promiscuous mode
[   87.724095][ T5824] hsr_slave_1: entered promiscuous mode
[   87.730224][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.738923][ T5824] Cannot create hsr debugfs directory
[   88.287429][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.309518][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.329172][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.339779][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.384531][ T5826] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   88.417752][ T5826] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   88.428951][ T5826] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   88.441534][ T5826] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   88.498947][ T5821] Bluetooth: hci0: command tx timeout
[   88.513053][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   88.526255][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   88.541187][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   88.554427][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.663960][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.675250][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.706316][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.719408][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.731852][ T5821] Bluetooth: hci1: command tx timeout
[   88.811535][ T5821] Bluetooth: hci2: command tx timeout
[   88.817031][   T55] Bluetooth: hci3: command tx timeout
[   88.817076][ T5832] Bluetooth: hci4: command tx timeout
[   88.855033][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.869594][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.889493][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.903515][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.919035][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.945259][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   88.977423][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.984886][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.996551][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.003704][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.086236][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.168544][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   89.218849][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.246584][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.253881][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.310161][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.320734][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.327956][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.383679][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[   89.439205][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   89.453822][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.460944][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.490733][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.497920][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.531067][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.538264][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.575794][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.583052][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.640186][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.688439][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   89.726150][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.864574][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   89.925960][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.933199][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.004391][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.011640][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.033458][ T5818] veth0_vlan: entered promiscuous mode
[   90.080381][ T5818] veth1_vlan: entered promiscuous mode
[   90.259980][ T5818] veth0_macvtap: entered promiscuous mode
[   90.290898][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.308542][ T5818] veth1_macvtap: entered promiscuous mode
[   90.354979][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.382831][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.448775][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.545047][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.565082][ T5818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.574319][ T5832] Bluetooth: hci0: command tx timeout
[   90.589678][ T5818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.599217][ T5818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.609568][ T5818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.701373][ T5830] veth0_vlan: entered promiscuous mode
[   90.781698][ T5824] veth0_vlan: entered promiscuous mode
[   90.799483][ T5830] veth1_vlan: entered promiscuous mode
[   90.820151][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.822106][ T5832] Bluetooth: hci1: command tx timeout
[   90.844671][ T5824] veth1_vlan: entered promiscuous mode
[   90.891485][ T5832] Bluetooth: hci4: command tx timeout
[   90.907672][ T5832] Bluetooth: hci3: command tx timeout
[   90.913546][   T55] Bluetooth: hci2: command tx timeout
[   90.974853][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.985671][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.008364][ T5830] veth0_macvtap: entered promiscuous mode
[   91.043865][ T5830] veth1_macvtap: entered promiscuous mode
[   91.086117][ T5822] veth0_vlan: entered promiscuous mode
[   91.097237][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.106856][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.118306][ T5824] veth0_macvtap: entered promiscuous mode
[   91.147938][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.159544][ T5824] veth1_macvtap: entered promiscuous mode
[   91.169668][ T5822] veth1_vlan: entered promiscuous mode
[   91.230849][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.234697][ T5818] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.305433][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.315574][ T5830] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.334824][ T5830] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.365800][ T5830] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.379687][ T5830] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.428196][ T5826] veth0_vlan: entered promiscuous mode
[   91.448791][ T5826] veth1_vlan: entered promiscuous mode
[   91.504733][ T5826] veth0_macvtap: entered promiscuous mode
[   91.581321][ T5826] veth1_macvtap: entered promiscuous mode
[   91.592624][ T5822] veth0_macvtap: entered promiscuous mode
[   91.604853][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.959578][ T3077] cfg80211: failed to load regulatory.db
[   92.223938][ T5824] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.271568][ T5824] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.280431][ T5824] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.294985][ T5824] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.319473][ T5822] veth1_macvtap: entered promiscuous mode
[   92.370092][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.416532][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.486183][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.500672][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.523665][ T5826] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.534622][ T5826] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.535399][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.544583][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.562392][ T5826] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.579710][ T5826] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.592906][ T5822] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.602059][ T5822] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.610788][ T5822] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.620225][ T5822] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.651428][ T5832] Bluetooth: hci0: command tx timeout
[   92.702229][ T3077] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   92.733412][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.749539][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.843362][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.876385][ T3077] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.890420][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.903586][ T5832] Bluetooth: hci1: command tx timeout
[   92.916963][ T3077] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.932145][ T3077] usb 1-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[   92.941977][ T3077] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.947751][ T1025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.966734][ T1025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.975175][ T5832] Bluetooth: hci3: command tx timeout
[   92.980650][ T5832] Bluetooth: hci2: command tx timeout
[   92.986312][   T55] Bluetooth: hci4: command tx timeout
[   92.989764][ T5871] kernel write not supported for file /3/attr/fscreate (pid: 5871 comm: kworker/0:5)
[   93.016431][ T3077] usb 1-1: config 0 descriptor??
[   93.086113][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.110822][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.135471][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.161562][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.220550][ T5886] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   93.260791][ T5886] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   93.313936][ T3077] waltop 0003:172F:0032.0002: hidraw1: USB HID v0.00 Device [HID 172f:0032] on usb-dummy_hcd.0-1/input0
[   93.371787][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.380569][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.470442][   T24] usb 1-1: USB disconnect, device number 2
[   93.557662][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.619121][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.760163][ T5925] fido_id[5925]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   93.905236][ T5933] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   94.438002][ T5943] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7'.
[   94.594914][   T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   94.611965][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.652633][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   94.781391][   T24] usb 3-1: Using ep0 maxpacket: 8
[   94.806835][   T24] usb 3-1: config 0 has an invalid interface number: 112 but max is 0
[   94.893813][   T24] usb 3-1: config 0 has no interface number 0
[   94.940678][   T24] usb 3-1: config 0 interface 112 altsetting 4 has an endpoint descriptor with address 0x18, changing to 0x8
[   94.974470][   T24] usb 3-1: config 0 interface 112 altsetting 4 endpoint 0x8 has an invalid bInterval 74, changing to 7
[   94.999979][   T24] usb 3-1: config 0 interface 112 has no altsetting 0
[   95.018502][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.119794][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   95.126405][   T24] usb 3-1: New USB device found, idVendor=0f11, idProduct=10a0, bcdDevice=94.0e
[   95.132006][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   95.161343][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.222451][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[   95.323986][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[   95.381824][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   95.464122][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.522761][   T24] usb 3-1: Product: syz
[   95.537206][   T24] usb 3-1: Manufacturer: syz
[   95.557506][   T24] usb 3-1: SerialNumber: syz
[   95.582244][   T24] usb 3-1: config 0 descriptor??
[   96.021919][   T47] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   96.135968][ T5962] capability: warning: `syz.3.13' uses 32-bit capabilities (legacy support in use)
[   96.246141][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   96.613623][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   96.642960][ T5960] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   96.904895][   T47] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[   96.916675][   T47] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[   96.926283][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.945625][   T47] usb 1-1: config 0 descriptor??
[   96.965007][   T47] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[   96.981573][   T47] dvb-usb: bulk message failed: -22 (3/0)
[   97.000046][   T47] dvb-usb: will use the device's hardware PID filter (table count: 16).
[   97.012638][   T47] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[   97.019829][   T47] usb 1-1: media controller created
[   97.028335][   T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   97.044520][   T47] dvb-usb: bulk message failed: -22 (6/0)
[   97.050896][   T47] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[   97.091891][   T47] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5
[   97.189770][ T5955] dvb-usb: bulk message failed: -22 (2/0)
[   97.198090][   T47] dvb-usb: schedule remote query interval to 150 msecs.
[   97.228691][   T47] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[   97.535205][ T3077] dvb-usb: bulk message failed: -22 (1/0)
[   97.541139][ T3077] dvb-usb: error while querying for an remote control event.
[   97.601170][   T47] usb 1-1: USB disconnect, device number 3
[   98.140066][   T47] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[   98.365831][   T24] ldusb 3-1:0.112: Interrupt in endpoint not found
[   98.405783][   T24] usb 3-1: USB disconnect, device number 2
[   99.176524][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22'.
[   99.193309][ T5987] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   99.229701][ T5987] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   99.234235][ T5985] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20'.
[   99.288477][ T5991] netlink: 'syz.2.20': attribute type 10 has an invalid length.
[   99.432605][ T5991] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   99.469034][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.496328][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.516537][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.556744][ T5992] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   99.588785][ T5996] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.629373][ T5992] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   99.827460][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.839281][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.845957][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.849365][ T5992] hsr0 speed is unknown, defaulting to 1000
[   99.892711][ T5992] hsr0 speed is unknown, defaulting to 1000
[  103.791529][   T10] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  104.254740][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  104.420299][   T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  104.455198][   T10] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  104.465130][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.511768][   T10] usb 1-1: config 0 descriptor??
[  104.562577][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  104.574336][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  104.611157][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  104.657867][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  104.701335][   T10] usb 1-1: media controller created
[  104.745911][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  104.759689][ T6029] dvb-usb: bulk message failed: -22 (2/0)
[  104.825893][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  104.845646][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  104.891520][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6
[  104.960237][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  104.981075][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  105.429293][  T978] dvb-usb: bulk message failed: -22 (1/0)
[  105.441380][  T978] dvb-usb: error while querying for an remote control event.
[  105.458959][   T10] usb 1-1: USB disconnect, device number 4
[  105.491317][ T5872] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  105.604483][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  105.691806][ T5872] usb 4-1: Using ep0 maxpacket: 32
[  105.734767][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  105.748737][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  105.758850][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  105.771198][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  105.784854][ T5872] usb 4-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  105.796267][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.830117][ T5872] usb 4-1: Product: syz
[  105.845362][ T5872] usb 4-1: Manufacturer: syz
[  105.872559][ T5872] usb 4-1: SerialNumber: syz
[  105.907741][ T5872] usb 4-1: config 0 descriptor??
[  105.960651][ T5872] cypress_m8 4-1:0.0: HID->COM RS232 Adapter converter detected
[  106.019605][ T5872] cyphidcom ttyUSB0: required endpoint is missing
[  106.091561][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  106.152596][ T5871] usb 4-1: USB disconnect, device number 2
[  106.196452][ T5871] cypress_m8 4-1:0.0: device disconnected
[  106.268153][   T10] usb 3-1: Using ep0 maxpacket: 32
[  106.307775][   T10] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  106.326097][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.344629][   T10] usb 3-1: config 0 descriptor??
[  106.368069][   T10] gspca_main: sunplus-2.14.0 probing 041e:400b
[  106.693124][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.45'.
[  107.451935][   T24] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  107.643394][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.657730][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  107.673970][   T24] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  107.684549][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.814316][   T10] gspca_sunplus: reg_w_riv err -71
[  107.837732][ T6093] tmpfs: Bad value for 'mpol'
[  107.844802][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.53'.
[  107.908250][   T10] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  108.120726][   T10] usb 3-1: USB disconnect, device number 3
[  108.446595][   T24] usb 2-1: config 0 descriptor??
[  108.480615][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  108.513213][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  108.599781][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  108.669636][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  108.706643][ T6083] dvb-usb: bulk message failed: -22 (2/0)
[  108.725773][   T24] usb 2-1: media controller created
[  108.753868][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  108.825890][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  108.856412][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  109.181519][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7
[  109.642752][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  109.649769][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  109.664233][   T24] usb 2-1: USB disconnect, device number 2
[  109.706739][ T6109] netlink: 'syz.4.57': attribute type 18 has an invalid length.
[  109.869802][   T24] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  109.896711][ T6109] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  109.906222][ T6109] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  109.915373][ T6109] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  109.924743][ T6109] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.623104][ T6129] netlink: 452 bytes leftover after parsing attributes in process `syz.2.62'.
[  110.914545][ T6129] pim6reg: entered allmulticast mode
[  111.251424][   T30] audit: type=1326 audit(1747400155.551:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.307614][   T30] audit: type=1326 audit(1747400155.551:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.385162][   T30] audit: type=1326 audit(1747400155.551:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.504431][   T30] audit: type=1326 audit(1747400155.551:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.584481][   T30] audit: type=1326 audit(1747400155.551:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.625797][   T30] audit: type=1326 audit(1747400155.551:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.819717][ T6147] 9pnet_fd: Insufficient options for proto=fd
[  111.832765][   T30] audit: type=1326 audit(1747400155.551:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.854226][   T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  111.861820][   T47] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  111.879292][   T30] audit: type=1326 audit(1747400155.551:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  111.921763][ T6149] nftables ruleset with unbound set
[  112.018828][   T30] audit: type=1326 audit(1747400155.551:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  112.048013][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.050939][   T30] audit: type=1326 audit(1747400155.551:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93c58e969 code=0x7ffc0000
[  112.058684][   T47] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  112.174116][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.202487][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.215552][   T24] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  112.227609][   T47] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  112.245656][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.255454][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.276248][   T24] usb 2-1: config 0 descriptor??
[  112.283653][   T47] usb 3-1: config 0 descriptor??
[  112.316719][   T47] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  112.331357][   T47] dvb-usb: bulk message failed: -22 (3/0)
[  112.376483][   T47] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  112.401591][   T47] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  112.423109][   T47] usb 3-1: media controller created
[  112.433282][   T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  112.513482][ T6146] dvb-usb: bulk message failed: -22 (2/0)
[  112.531715][   T47] dvb-usb: bulk message failed: -22 (6/0)
[  112.564039][   T47] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  112.593967][   T47] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8
[  112.633885][   T47] dvb-usb: schedule remote query interval to 150 msecs.
[  112.651498][   T47] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  112.672919][   T47] usb 3-1: USB disconnect, device number 4
[  112.722428][   T47] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  113.218723][ T6156] =======================================================
[  113.218723][ T6156] WARNING: The mand mount option has been deprecated and
[  113.218723][ T6156]          and is ignored by this kernel. Remove the mand
[  113.218723][ T6156]          option from the mount to silence this warning.
[  113.218723][ T6156] =======================================================
[  113.266421][ T6156] overlayfs: overlapping lowerdir path
[  113.875229][ T6162] FAULT_INJECTION: forcing a failure.
[  113.875229][ T6162] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  113.888809][ T6162] CPU: 0 UID: 0 PID: 6162 Comm: syz.2.73 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  113.888839][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  113.888861][ T6162] Call Trace:
[  113.888875][ T6162]  <TASK>
[  113.888888][ T6162]  dump_stack_lvl+0x189/0x250
[  113.888930][ T6162]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.888959][ T6162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.889007][ T6162]  should_fail_ex+0x414/0x560
[  113.889036][ T6162]  _copy_to_user+0x31/0xb0
[  113.889069][ T6162]  __htab_map_lookup_and_delete_batch+0x103e/0x13a0
[  113.889136][ T6162]  ? __pfx___htab_map_lookup_and_delete_batch+0x10/0x10
[  113.889180][ T6162]  ? __pfx_htab_map_lookup_and_delete_batch+0x10/0x10
[  113.889219][ T6162]  bpf_map_do_batch+0x412/0x5f0
[  113.889254][ T6162]  __sys_bpf+0x666/0x860
[  113.889283][ T6162]  ? __pfx___sys_bpf+0x10/0x10
[  113.889323][ T6162]  ? ksys_write+0x1f0/0x250
[  113.889352][ T6162]  ? rcu_is_watching+0x15/0xb0
[  113.889396][ T6162]  __x64_sys_bpf+0x7c/0x90
[  113.889420][ T6162]  do_syscall_64+0xf6/0x210
[  113.889449][ T6162]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  113.889470][ T6162]  ? clear_bhb_loop+0x60/0xb0
[  113.889497][ T6162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.889518][ T6162] RIP: 0033:0x7f5c7d38e969
[  113.889547][ T6162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.889564][ T6162] RSP: 002b:00007f5c7b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  113.889594][ T6162] RAX: ffffffffffffffda RBX: 00007f5c7d5b6160 RCX: 00007f5c7d38e969
[  113.889610][ T6162] RDX: 0000000000000038 RSI: 0000200000000800 RDI: 0000000000000019
[  113.889623][ T6162] RBP: 00007f5c7b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  113.889636][ T6162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  113.889649][ T6162] R13: 0000000000000000 R14: 00007f5c7d5b6160 R15: 00007ffe63272728
[  113.889682][ T6162]  </TASK>
[  114.513086][ T6151] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  114.544342][ T6151] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  114.641572][ T6151] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  114.701476][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  114.707535][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  114.757619][   T24] usb 2-1: USB disconnect, device number 3
[  114.794813][ T6151] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  114.827959][ T6151] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  114.885107][ T6151] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  114.898248][ T6151] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  114.912717][ T6151] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  114.937548][ T6151] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  114.953634][ T6151] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  114.980219][ T6151] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  115.003352][ T6151] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  115.023969][ T6151] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  115.043307][ T6151] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  115.066910][ T6151] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  115.131600][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  115.225469][ T6174] 9pnet_fd: Insufficient options for proto=fd
[  116.822653][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  116.971488][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  116.978355][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  117.056767][ T6195] process 'syz.0.82' launched '/dev/fd/5' with NULL argv: empty string added
[  117.142433][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  117.670431][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  117.822329][ T6198] tipc: Enabling of bearer <et‚:g> rejected, media not registered
[  118.895620][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  119.051600][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  119.057718][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  119.092757][ T6204] sctp: failed to load transform for md5: -2
[  119.214134][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  119.779859][ T6224] FAULT_INJECTION: forcing a failure.
[  119.779859][ T6224] name failslab, interval 1, probability 0, space 0, times 0
[  119.782433][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  119.799373][ T6224] CPU: 0 UID: 0 PID: 6224 Comm: syz.0.89 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  119.799401][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.799413][ T6224] Call Trace:
[  119.799421][ T6224]  <TASK>
[  119.799430][ T6224]  dump_stack_lvl+0x189/0x250
[  119.799467][ T6224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.799497][ T6224]  ? __pfx__printk+0x10/0x10
[  119.799540][ T6224]  ? __pfx___might_resched+0x10/0x10
[  119.799580][ T6224]  should_fail_ex+0x414/0x560
[  119.799610][ T6224]  should_failslab+0xa8/0x100
[  119.799641][ T6224]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  119.799676][ T6224]  ? __alloc_skb+0x112/0x2d0
[  119.799722][ T6224]  __alloc_skb+0x112/0x2d0
[  119.799751][ T6224]  netlink_sendmsg+0x5c6/0xb30
[  119.799775][ T6224]  ? is_bpf_text_address+0x26/0x2b0
[  119.799814][ T6224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.799847][ T6224]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  119.799869][ T6224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.799899][ T6224]  __sock_sendmsg+0x219/0x270
[  119.799923][ T6224]  ____sys_sendmsg+0x505/0x830
[  119.799957][ T6224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  119.799995][ T6224]  ? import_iovec+0x74/0xa0
[  119.800028][ T6224]  ___sys_sendmsg+0x21f/0x2a0
[  119.800058][ T6224]  ? __pfx____sys_sendmsg+0x10/0x10
[  119.800124][ T6224]  ? __fget_files+0x2a/0x420
[  119.800142][ T6224]  ? __fget_files+0x3a0/0x420
[  119.800173][ T6224]  __x64_sys_sendmsg+0x19b/0x260
[  119.800204][ T6224]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  119.800250][ T6224]  ? do_syscall_64+0xba/0x210
[  119.800282][ T6224]  do_syscall_64+0xf6/0x210
[  119.800310][ T6224]  ? clear_bhb_loop+0x60/0xb0
[  119.800340][ T6224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.800361][ T6224] RIP: 0033:0x7fa64a78e969
[  119.800396][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.800414][ T6224] RSP: 002b:00007fa64b5de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.800438][ T6224] RAX: ffffffffffffffda RBX: 00007fa64a9b5fa0 RCX: 00007fa64a78e969
[  119.800454][ T6224] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000008
[  119.800468][ T6224] RBP: 00007fa64b5de090 R08: 0000000000000000 R09: 0000000000000000
[  119.800481][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.800495][ T6224] R13: 0000000000000000 R14: 00007fa64a9b5fa0 R15: 00007ffd51b03ae8
[  119.800528][ T6224]  </TASK>
[  120.755024][ T6233] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  120.775454][ T6233] warning: `syz.0.91' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  120.971347][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  121.141415][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  121.147823][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  121.293293][   T55] Bluetooth: hci4: command 0x0c1a tx timeout
[  121.689520][ T6232] netlink: 'syz.4.93': attribute type 1 has an invalid length.
[  121.724993][ T6232] netlink: 224 bytes leftover after parsing attributes in process `syz.4.93'.
[  121.775107][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.95'.
[  124.021157][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  124.040471][ T6272] FAULT_INJECTION: forcing a failure.
[  124.040471][ T6272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.197579][   T10] usb 2-1: Using ep0 maxpacket: 16
[  124.824179][   T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  124.833473][ T6272] CPU: 0 UID: 0 PID: 6272 Comm: syz.0.103 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  124.833494][ T6272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.833503][ T6272] Call Trace:
[  124.833510][ T6272]  <TASK>
[  124.833517][ T6272]  dump_stack_lvl+0x189/0x250
[  124.833541][ T6272]  ? __lock_acquire+0xaac/0xd20
[  124.833564][ T6272]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.833584][ T6272]  ? __pfx__printk+0x10/0x10
[  124.833608][ T6272]  ? __might_fault+0xb0/0x130
[  124.833641][ T6272]  should_fail_ex+0x414/0x560
[  124.833661][ T6272]  _copy_from_user+0x2d/0xb0
[  124.833684][ T6272]  sk_getsockopt+0x197/0x2160
[  124.833709][ T6272]  ? __pfx_sk_getsockopt+0x10/0x10
[  124.833728][ T6272]  ? do_syscall_64+0x40/0x210
[  124.833758][ T6272]  ? __lock_acquire+0xaac/0xd20
[  124.833785][ T6272]  ? __might_fault+0xb0/0x130
[  124.833823][ T6272]  do_sock_getsockopt+0x275/0x650
[  124.833843][ T6272]  ? do_syscall_64+0x40/0x210
[  124.833865][ T6272]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  124.833892][ T6272]  ? do_syscall_64+0x40/0x210
[  124.833911][ T6272]  ? __fget_files+0x2a/0x420
[  124.833925][ T6272]  ? __fget_files+0x3a0/0x420
[  124.833938][ T6272]  ? __fget_files+0x2a/0x420
[  124.833957][ T6272]  __x64_sys_getsockopt+0x1a5/0x250
[  124.833977][ T6272]  ? do_syscall_64+0x40/0x210
[  124.833998][ T6272]  ? do_syscall_64+0x40/0x210
[  124.834032][ T6272]  do_syscall_64+0xf6/0x210
[  124.834051][ T6272]  ? clear_bhb_loop+0x60/0xb0
[  124.834070][ T6272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.834084][ T6272] RIP: 0033:0x7fa64a78e969
[  124.834097][ T6272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.834109][ T6272] RSP: 002b:00007fa64b5de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  124.834125][ T6272] RAX: ffffffffffffffda RBX: 00007fa64a9b5fa0 RCX: 00007fa64a78e969
[  124.834135][ T6272] RDX: 000000000000004a RSI: 0000000000000001 RDI: 0000000000000003
[  124.834144][ T6272] RBP: 00007fa64b5de090 R08: 00002000000001c0 R09: 0000000000000000
[  124.834153][ T6272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.834161][ T6272] R13: 0000000000000000 R14: 00007fa64a9b5fa0 R15: 00007ffd51b03ae8
[  124.834182][ T6272]  </TASK>
[  125.066730][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.222918][   T10] usb 2-1: config 0 descriptor??
[  125.233157][   T10] gspca_main: sonixj-2.14.0 probing 0471:0327
[  125.324906][ T6281] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  125.480123][ T6281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.105'.
[  126.313368][ T6290] netdevsim netdevsim4: Direct firmware load for .
[  126.313368][ T6290]  failed with error -2
[  126.325555][ T6290] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  126.325555][ T6290] 
[  126.847146][   T55] Bluetooth: hci0: unexpected event for opcode 0x0c7b
[  127.205055][ T6301] NILFS (nullb0): couldn't find nilfs on the device
[  127.882006][   T10] gspca_sonixj: reg_w1 err -110
[  127.902040][   T10] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[  129.244731][ T5862] usb 2-1: USB disconnect, device number 4
[  130.805143][ T6329] FAULT_INJECTION: forcing a failure.
[  130.805143][ T6329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.868804][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.0.117 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  130.868835][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  130.868848][ T6329] Call Trace:
[  130.868856][ T6329]  <TASK>
[  130.868865][ T6329]  dump_stack_lvl+0x189/0x250
[  130.868898][ T6329]  ? __lock_acquire+0xaac/0xd20
[  130.868930][ T6329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.868958][ T6329]  ? __pfx__printk+0x10/0x10
[  130.868990][ T6329]  ? __might_fault+0xb0/0x130
[  130.869035][ T6329]  should_fail_ex+0x414/0x560
[  130.869062][ T6329]  _copy_from_user+0x2d/0xb0
[  130.869093][ T6329]  ___sys_sendmsg+0x158/0x2a0
[  130.869144][ T6329]  ? __pfx____sys_sendmsg+0x10/0x10
[  130.869213][ T6329]  ? __fget_files+0x2a/0x420
[  130.869232][ T6329]  ? __fget_files+0x3a0/0x420
[  130.869264][ T6329]  __x64_sys_sendmsg+0x19b/0x260
[  130.869297][ T6329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  130.869345][ T6329]  ? do_syscall_64+0xba/0x210
[  130.869388][ T6329]  do_syscall_64+0xf6/0x210
[  130.869417][ T6329]  ? clear_bhb_loop+0x60/0xb0
[  130.869444][ T6329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.869465][ T6329] RIP: 0033:0x7fa64a78e969
[  130.869483][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.869501][ T6329] RSP: 002b:00007fa64b5de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.869524][ T6329] RAX: ffffffffffffffda RBX: 00007fa64a9b5fa0 RCX: 00007fa64a78e969
[  130.869540][ T6329] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 0000000000000003
[  130.869553][ T6329] RBP: 00007fa64b5de090 R08: 0000000000000000 R09: 0000000000000000
[  130.869566][ T6329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.869578][ T6329] R13: 0000000000000000 R14: 00007fa64a9b5fa0 R15: 00007ffd51b03ae8
[  130.869610][ T6329]  </TASK>
[  131.830251][ T6335] lo speed is unknown, defaulting to 1000
[  131.952078][ T6335] lo speed is unknown, defaulting to 1000
[  132.205471][ T6335] lo speed is unknown, defaulting to 1000
[  132.252341][ T6335] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  132.313256][ T6335] lo speed is unknown, defaulting to 1000
[  132.484071][ T6335] lo speed is unknown, defaulting to 1000
[  132.502812][ T6335] lo speed is unknown, defaulting to 1000
[  132.510537][ T6335] lo speed is unknown, defaulting to 1000
[  132.540807][ T6335] lo speed is unknown, defaulting to 1000
[  132.862462][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  134.072192][ T6353] FAULT_INJECTION: forcing a failure.
[  134.072192][ T6353] name failslab, interval 1, probability 0, space 0, times 0
[  134.209038][ T6353] CPU: 1 UID: 0 PID: 6353 Comm: syz.3.125 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  134.209075][ T6353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.209088][ T6353] Call Trace:
[  134.209096][ T6353]  <TASK>
[  134.209104][ T6353]  dump_stack_lvl+0x189/0x250
[  134.209141][ T6353]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.209171][ T6353]  ? __pfx__printk+0x10/0x10
[  134.209210][ T6353]  ? __pfx___might_resched+0x10/0x10
[  134.209242][ T6353]  ? fs_reclaim_acquire+0x7d/0x100
[  134.209271][ T6353]  should_fail_ex+0x414/0x560
[  134.209298][ T6353]  should_failslab+0xa8/0x100
[  134.209321][ T6353]  kmem_cache_alloc_noprof+0x73/0x3c0
[  134.209352][ T6353]  ? __kernfs_new_node+0xd7/0x7f0
[  134.209380][ T6353]  __kernfs_new_node+0xd7/0x7f0
[  134.209405][ T6353]  ? __lock_acquire+0xaac/0xd20
[  134.209440][ T6353]  ? __pfx___kernfs_new_node+0x10/0x10
[  134.209464][ T6353]  ? kernfs_root+0x1c/0x230
[  134.209493][ T6353]  ? kernfs_root+0x1c/0x230
[  134.209513][ T6353]  ? kernfs_root+0x1c/0x230
[  134.209531][ T6353]  ? kernfs_root+0x1c/0x230
[  134.209558][ T6353]  kernfs_new_node+0x102/0x210
[  134.209587][ T6353]  kernfs_create_dir_ns+0x44/0x130
[  134.209615][ T6353]  sysfs_create_dir_ns+0x123/0x280
[  134.209639][ T6353]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  134.209662][ T6353]  ? do_raw_spin_unlock+0x122/0x240
[  134.209691][ T6353]  kobject_add_internal+0x59f/0xb40
[  134.209732][ T6353]  kobject_add+0x155/0x220
[  134.209767][ T6353]  ? __pfx_kobject_add+0x10/0x10
[  134.209802][ T6353]  ? get_device_parent+0x366/0x3a0
[  134.209832][ T6353]  device_add+0x408/0xb50
[  134.209856][ T6353]  ? device_initialize+0x24b/0x440
[  134.209884][ T6353]  wakeup_source_sysfs_add+0x1af/0x280
[  134.209915][ T6353]  wakeup_source_register+0x175/0x250
[  134.209942][ T6353]  ep_insert+0xef6/0x1a00
[  134.209990][ T6353]  ? __pfx_ep_insert+0x10/0x10
[  134.210045][ T6353]  do_epoll_ctl+0x80e/0xe80
[  134.210092][ T6353]  __x64_sys_epoll_ctl+0x163/0x1a0
[  134.210125][ T6353]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  134.210167][ T6353]  do_syscall_64+0xf6/0x210
[  134.210195][ T6353]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  134.210216][ T6353]  ? clear_bhb_loop+0x60/0xb0
[  134.210242][ T6353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.210262][ T6353] RIP: 0033:0x7fa69078e969
[  134.210280][ T6353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.210297][ T6353] RSP: 002b:00007fa691525038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  134.210319][ T6353] RAX: ffffffffffffffda RBX: 00007fa6909b5fa0 RCX: 00007fa69078e969
[  134.210334][ T6353] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[  134.210346][ T6353] RBP: 00007fa691525090 R08: 0000000000000000 R09: 0000000000000000
[  134.210358][ T6353] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000002
[  134.210370][ T6353] R13: 0000000000000000 R14: 00007fa6909b5fa0 R15: 00007fff54585788
[  134.210403][ T6353]  </TASK>
[  134.531433][ T6353] kobject: kobject_add_internal failed for wakeup12 (error: -12 parent: wakeup)
[  135.497439][ T6358] capability: warning: `syz.0.126' uses deprecated v2 capabilities in a way that may be insecure
[  135.526253][ T6358] program syz.0.126 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  136.511813][ T5871] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  137.482605][ T6377] 8021q: adding VLAN 0 to HW filter on device bond1
[  138.193012][ T6393] netlink: 'syz.0.135': attribute type 15 has an invalid length.
[  138.200963][ T6393] netlink: 723 bytes leftover after parsing attributes in process `syz.0.135'.
[  138.248455][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'.
[  147.061330][   T59] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  147.391506][   T59] usb 2-1: Using ep0 maxpacket: 8
[  147.428909][   T59] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  148.199296][   T59] usb 2-1: config 0 has no interface number 0
[  148.269349][   T59] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  148.364303][   T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.452113][   T59] usb 2-1: Product: syz
[  148.456344][   T59] usb 2-1: Manufacturer: syz
[  148.516610][   T59] usb 2-1: SerialNumber: syz
[  148.567181][   T59] usb 2-1: config 0 descriptor??
[  148.805740][ T6436] netlink: 52 bytes leftover after parsing attributes in process `syz.1.147'.
[  148.925236][ T6436] netlink: 21 bytes leftover after parsing attributes in process `syz.1.147'.
[  149.574323][ T6436] netlink: 21 bytes leftover after parsing attributes in process `syz.1.147'.
[  149.581491][ T6461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.704193][ T6461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.855491][   T59] usb 2-1: Found UVC 0.04 device syz (046d:08c3)
[  149.864672][   T59] uvcvideo 2-1:0.31: Entity type for entity Output 6 was not initialized!
[  149.880096][   T59] usb 2-1: Failed to create links for entity 5
[  149.889402][   T59] usb 2-1: Failed to register entities (-22).
[  150.951568][   T59] usb 2-1: USB disconnect, device number 5
[  151.013700][ T6474] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  153.334100][ T6496] Illegal XDP return value 4294967274 on prog  (id 55) dev N/A, expect packet loss!
[  153.911069][ T6469] netlink: 'syz.3.158': attribute type 15 has an invalid length.
[  153.918901][ T6469] netlink: 723 bytes leftover after parsing attributes in process `syz.3.158'.
[  153.929558][ T6469] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'.
[  154.771926][ T6510] FAULT_INJECTION: forcing a failure.
[  154.771926][ T6510] name failslab, interval 1, probability 0, space 0, times 0
[  154.784625][ T6510] CPU: 1 UID: 0 PID: 6510 Comm: syz.2.167 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  154.784668][ T6510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.784682][ T6510] Call Trace:
[  154.784691][ T6510]  <TASK>
[  154.784700][ T6510]  dump_stack_lvl+0x189/0x250
[  154.784737][ T6510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.784766][ T6510]  ? __pfx__printk+0x10/0x10
[  154.784802][ T6510]  ? __pfx___might_resched+0x10/0x10
[  154.784834][ T6510]  ? fs_reclaim_acquire+0x7d/0x100
[  154.784863][ T6510]  should_fail_ex+0x414/0x560
[  154.784891][ T6510]  should_failslab+0xa8/0x100
[  154.784914][ T6510]  kmem_cache_alloc_noprof+0x73/0x3c0
[  154.784945][ T6510]  ? vm_area_alloc+0x24/0x140
[  154.784980][ T6510]  vm_area_alloc+0x24/0x140
[  154.785012][ T6510]  alloc_bprm+0x49a/0xbc0
[  154.785052][ T6510]  do_execveat_common+0x1b3/0x6a0
[  154.785100][ T6510]  __x64_sys_execveat+0xc4/0xe0
[  154.785133][ T6510]  do_syscall_64+0xf6/0x210
[  154.785163][ T6510]  ? clear_bhb_loop+0x60/0xb0
[  154.785189][ T6510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.785210][ T6510] RIP: 0033:0x7f5c7d38e969
[  154.785229][ T6510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.785246][ T6510] RSP: 002b:00007f5c7b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  154.785268][ T6510] RAX: ffffffffffffffda RBX: 00007f5c7d5b6160 RCX: 00007f5c7d38e969
[  154.785283][ T6510] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  154.785296][ T6510] RBP: 00007f5c7b1f6090 R08: 0000000000001000 R09: 0000000000000000
[  154.785310][ T6510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.785322][ T6510] R13: 0000000000000000 R14: 00007f5c7d5b6160 R15: 00007ffe63272728
[  154.785353][ T6510]  </TASK>
[  155.404007][ T6512] FAULT_INJECTION: forcing a failure.
[  155.404007][ T6512] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  155.417441][ T6512] CPU: 1 UID: 0 PID: 6512 Comm: syz.4.170 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  155.417470][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.417483][ T6512] Call Trace:
[  155.417491][ T6512]  <TASK>
[  155.417499][ T6512]  dump_stack_lvl+0x189/0x250
[  155.417536][ T6512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.417566][ T6512]  ? __pfx__printk+0x10/0x10
[  155.417601][ T6512]  ? fs_reclaim_acquire+0x7d/0x100
[  155.417634][ T6512]  should_fail_ex+0x414/0x560
[  155.417680][ T6512]  prepare_alloc_pages+0x213/0x610
[  155.417714][ T6512]  __alloc_frozen_pages_noprof+0x123/0x370
[  155.417745][ T6512]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  155.417790][ T6512]  alloc_pages_bulk_noprof+0x560/0x710
[  155.417818][ T6512]  ? rcu_is_watching+0x15/0xb0
[  155.417851][ T6512]  ? trace_kmalloc+0x1f/0xd0
[  155.417881][ T6512]  ? __kmalloc_noprof+0x29b/0x4f0
[  155.417912][ T6512]  ? copy_splice_read+0x143/0x9b0
[  155.417949][ T6512]  copy_splice_read+0x173/0x9b0
[  155.417978][ T6512]  ? trace_irq_disable+0x37/0x110
[  155.418005][ T6512]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  155.418040][ T6512]  ? __pfx_copy_splice_read+0x10/0x10
[  155.418069][ T6512]  ? irqentry_exit+0x74/0x90
[  155.418095][ T6512]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.418125][ T6512]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  155.418154][ T6512]  ? splice_direct_to_actor+0x4b0/0xcc0
[  155.418193][ T6512]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  155.418215][ T6512]  splice_direct_to_actor+0x4d0/0xcc0
[  155.418269][ T6512]  ? __pfx_direct_splice_actor+0x10/0x10
[  155.418302][ T6512]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  155.418341][ T6512]  ? __fget_files+0x2a/0x420
[  155.418361][ T6512]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  155.418396][ T6512]  do_splice_direct+0x181/0x270
[  155.418432][ T6512]  ? __pfx_do_splice_direct+0x10/0x10
[  155.418466][ T6512]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  155.418489][ T6512]  ? bpf_lsm_file_permission+0x9/0x20
[  155.418516][ T6512]  ? security_file_permission+0x75/0x290
[  155.418544][ T6512]  ? rw_verify_area+0x258/0x650
[  155.418578][ T6512]  do_sendfile+0x4da/0x7d0
[  155.418601][ T6512]  ? __pfx_vfs_write+0x10/0x10
[  155.418638][ T6512]  ? __pfx_do_sendfile+0x10/0x10
[  155.418676][ T6512]  __se_sys_sendfile64+0x13e/0x190
[  155.418701][ T6512]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  155.418728][ T6512]  ? do_syscall_64+0xba/0x210
[  155.418761][ T6512]  do_syscall_64+0xf6/0x210
[  155.418790][ T6512]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  155.418812][ T6512]  ? clear_bhb_loop+0x60/0xb0
[  155.418839][ T6512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.418860][ T6512] RIP: 0033:0x7f211b98e969
[  155.418879][ T6512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.418897][ T6512] RSP: 002b:00007f211c7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  155.418919][ T6512] RAX: ffffffffffffffda RBX: 00007f211bbb6160 RCX: 00007f211b98e969
[  155.418935][ T6512] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
[  155.418947][ T6512] RBP: 00007f211c7de090 R08: 0000000000000000 R09: 0000000000000000
[  155.418960][ T6512] R10: 000080001d00c0d1 R11: 0000000000000246 R12: 0000000000000001
[  155.418973][ T6512] R13: 0000000000000000 R14: 00007f211bbb6160 R15: 00007fff9bdce738
[  155.419006][ T6512]  </TASK>
[  156.405556][  T978] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[  156.540238][ T6518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  156.722898][  T978] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.751298][  T978] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  156.797441][  T978] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  156.859266][  T978] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  156.908069][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.955912][ T6509] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  156.993479][  T978] hub 4-1:1.0: bad descriptor, ignoring hub
[  157.026425][  T978] hub 4-1:1.0: probe with driver hub failed with error -5
[  157.066048][  T978] cdc_wdm 4-1:1.0: skipping garbage
[  157.101784][  T978] cdc_wdm 4-1:1.0: skipping garbage
[  157.145752][  T978] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  157.154812][  T978] cdc_wdm 4-1:1.0: Unknown control protocol
[  157.785605][ T6534] evm: overlay not supported
[  158.253858][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.260757][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.267972][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.274640][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.281285][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.287914][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.294261][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.300879][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.312199][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.318833][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.325528][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.332151][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.338582][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.345215][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.361812][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.368442][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.374826][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.381439][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.387706][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  158.394322][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  158.730696][ T6536] 9pnet_fd: Insufficient options for proto=fd
[  159.981822][ T5862] usb 4-1: USB disconnect, device number 3
[  160.778727][ T6548] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  161.301686][  T978] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  161.591426][  T978] usb 1-1: Using ep0 maxpacket: 8
[  161.608029][  T978] usb 1-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01
[  161.631708][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.639773][  T978] usb 1-1: Product: syz
[  161.681320][  T978] usb 1-1: Manufacturer: syz
[  161.686191][  T978] usb 1-1: SerialNumber: syz
[  161.697078][  T978] usb 1-1: config 0 descriptor??
[  161.713236][  T978] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[  161.926593][  T978] usb 1-1: USB disconnect, device number 5
[  163.743298][ T6576] ipvlan2: entered promiscuous mode
[  163.973294][ T6578] netlink: 20 bytes leftover after parsing attributes in process `syz.0.187'.
[  164.801299][ T6580] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  169.663175][ T6628] FAULT_INJECTION: forcing a failure.
[  169.663175][ T6628] name failslab, interval 1, probability 0, space 0, times 0
[  169.773089][ T6631] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  170.554360][ T6628] CPU: 0 UID: 0 PID: 6628 Comm: syz.2.203 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  170.554393][ T6628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.554406][ T6628] Call Trace:
[  170.554415][ T6628]  <TASK>
[  170.554425][ T6628]  dump_stack_lvl+0x189/0x250
[  170.554464][ T6628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.554495][ T6628]  ? __pfx__printk+0x10/0x10
[  170.554530][ T6628]  ? __mutex_trylock_common+0x153/0x260
[  170.554558][ T6628]  ? ref_tracker_alloc+0x318/0x460
[  170.554596][ T6628]  should_fail_ex+0x414/0x560
[  170.554625][ T6628]  should_failslab+0xa8/0x100
[  170.554649][ T6628]  kmem_cache_alloc_noprof+0x73/0x3c0
[  170.554682][ T6628]  ? skb_clone+0x212/0x3a0
[  170.554720][ T6628]  skb_clone+0x212/0x3a0
[  170.554756][ T6628]  __netlink_deliver_tap+0x404/0x850
[  170.554798][ T6628]  ? netlink_deliver_tap+0x2e/0x1b0
[  170.554827][ T6628]  netlink_deliver_tap+0x19c/0x1b0
[  170.554854][ T6628]  __netlink_sendskb+0x47/0x90
[  170.554878][ T6628]  netlink_dump+0xa5c/0xe70
[  170.554917][ T6628]  ? __pfx_netlink_dump+0x10/0x10
[  170.554963][ T6628]  ? __asan_memset+0x22/0x50
[  170.554990][ T6628]  ? genl_start+0x499/0x6c0
[  170.555032][ T6628]  __netlink_dump_start+0x5cb/0x7e0
[  170.555067][ T6628]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  170.555105][ T6628]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  170.555146][ T6628]  ? rcu_is_watching+0x15/0xb0
[  170.555177][ T6628]  ? __pfx_genl_start+0x10/0x10
[  170.555206][ T6628]  ? __pfx_genl_dumpit+0x10/0x10
[  170.555234][ T6628]  ? __pfx_genl_done+0x10/0x10
[  170.555271][ T6628]  ? bpf_lsm_capable+0x9/0x20
[  170.555300][ T6628]  ? security_capable+0x7e/0x2e0
[  170.555338][ T6628]  genl_rcv_msg+0x5da/0x790
[  170.555378][ T6628]  ? __pfx_genl_rcv_msg+0x10/0x10
[  170.555413][ T6628]  ? __pfx_batadv_gw_dump+0x10/0x10
[  170.555441][ T6628]  ? ref_tracker_free+0x63a/0x7d0
[  170.555463][ T6628]  ? __copy_skb_header+0xa7/0x550
[  170.555506][ T6628]  netlink_rcv_skb+0x219/0x490
[  170.555532][ T6628]  ? __pfx_genl_rcv_msg+0x10/0x10
[  170.555566][ T6628]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  170.555627][ T6628]  ? down_read+0x1ad/0x2e0
[  170.555662][ T6628]  genl_rcv+0x28/0x40
[  170.555691][ T6628]  netlink_unicast+0x75b/0x8d0
[  170.555728][ T6628]  netlink_sendmsg+0x805/0xb30
[  170.555766][ T6628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.555803][ T6628]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  170.555826][ T6628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.555855][ T6628]  __sock_sendmsg+0x219/0x270
[  170.555882][ T6628]  sock_sendmsg+0x158/0x230
[  170.555907][ T6628]  ? __pfx_sock_sendmsg+0x10/0x10
[  170.555945][ T6628]  ? __asan_memset+0x22/0x50
[  170.555973][ T6628]  ? iov_iter_bvec+0xb8/0x180
[  170.556006][ T6628]  splice_to_socket+0x8ff/0xf10
[  170.556066][ T6628]  ? __pfx_splice_to_socket+0x10/0x10
[  170.556096][ T6628]  ? current_time+0x222/0x370
[  170.556152][ T6628]  ? touch_atime+0xf1/0x6d0
[  170.556203][ T6628]  ? __pfx_splice_to_socket+0x10/0x10
[  170.556237][ T6628]  direct_splice_actor+0xfe/0x160
[  170.556275][ T6628]  splice_direct_to_actor+0x5a8/0xcc0
[  170.556332][ T6628]  ? __pfx_direct_splice_actor+0x10/0x10
[  170.556365][ T6628]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  170.556411][ T6628]  do_splice_direct+0x181/0x270
[  170.556448][ T6628]  ? __pfx_do_splice_direct+0x10/0x10
[  170.556482][ T6628]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  170.556506][ T6628]  ? bpf_lsm_file_permission+0x9/0x20
[  170.556531][ T6628]  ? security_file_permission+0x75/0x290
[  170.556559][ T6628]  ? rw_verify_area+0x258/0x650
[  170.556599][ T6628]  do_sendfile+0x4da/0x7d0
[  170.556622][ T6628]  ? __pfx_vfs_write+0x10/0x10
[  170.556661][ T6628]  ? __pfx_do_sendfile+0x10/0x10
[  170.556684][ T6628]  ? __fget_files+0x3a0/0x420
[  170.556718][ T6628]  __se_sys_sendfile64+0x13e/0x190
[  170.556740][ T6628]  ? rcu_is_watching+0x15/0xb0
[  170.556773][ T6628]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  170.556801][ T6628]  ? do_syscall_64+0xba/0x210
[  170.556836][ T6628]  do_syscall_64+0xf6/0x210
[  170.556866][ T6628]  ? clear_bhb_loop+0x60/0xb0
[  170.556894][ T6628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.556915][ T6628] RIP: 0033:0x7f5c7d38e969
[  170.556934][ T6628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.556952][ T6628] RSP: 002b:00007f5c7e143038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  170.556974][ T6628] RAX: ffffffffffffffda RBX: 00007f5c7d5b5fa0 RCX: 00007f5c7d38e969
[  170.556990][ T6628] RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000d
[  170.557003][ T6628] RBP: 00007f5c7e143090 R08: 0000000000000000 R09: 0000000000000000
[  170.557016][ T6628] R10: 0000000100000008 R11: 0000000000000246 R12: 0000000000000002
[  170.557029][ T6628] R13: 0000000000000000 R14: 00007f5c7d5b5fa0 R15: 00007ffe63272728
[  170.557064][ T6628]  </TASK>
[  173.446234][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.210'.
[  174.746687][ T6658] netlink: 452 bytes leftover after parsing attributes in process `syz.4.211'.
[  175.435449][ T6679] FAULT_INJECTION: forcing a failure.
[  175.435449][ T6679] name failslab, interval 1, probability 0, space 0, times 0
[  175.525797][ T6679] CPU: 0 UID: 0 PID: 6679 Comm: syz.2.216 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  175.525826][ T6679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.525838][ T6679] Call Trace:
[  175.525845][ T6679]  <TASK>
[  175.525854][ T6679]  dump_stack_lvl+0x189/0x250
[  175.525892][ T6679]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.525919][ T6679]  ? __pfx__printk+0x10/0x10
[  175.525957][ T6679]  ? __pfx___might_resched+0x10/0x10
[  175.525994][ T6679]  should_fail_ex+0x414/0x560
[  175.526021][ T6679]  should_failslab+0xa8/0x100
[  175.526042][ T6679]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  175.526075][ T6679]  ? __alloc_skb+0x112/0x2d0
[  175.526105][ T6679]  __alloc_skb+0x112/0x2d0
[  175.526135][ T6679]  netlink_sendmsg+0x5c6/0xb30
[  175.526158][ T6679]  ? is_bpf_text_address+0x26/0x2b0
[  175.526197][ T6679]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.526231][ T6679]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  175.526253][ T6679]  ? __pfx_netlink_sendmsg+0x10/0x10
[  175.526278][ T6679]  __sock_sendmsg+0x219/0x270
[  175.526303][ T6679]  ____sys_sendmsg+0x505/0x830
[  175.526346][ T6679]  ? __pfx_____sys_sendmsg+0x10/0x10
[  175.526385][ T6679]  ? import_iovec+0x74/0xa0
[  175.526418][ T6679]  ___sys_sendmsg+0x21f/0x2a0
[  175.526450][ T6679]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.526515][ T6679]  ? __fget_files+0x2a/0x420
[  175.526534][ T6679]  ? __fget_files+0x3a0/0x420
[  175.526565][ T6679]  __x64_sys_sendmsg+0x19b/0x260
[  175.526598][ T6679]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  175.526645][ T6679]  ? do_syscall_64+0xba/0x210
[  175.526677][ T6679]  do_syscall_64+0xf6/0x210
[  175.526706][ T6679]  ? clear_bhb_loop+0x60/0xb0
[  175.526731][ T6679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.526752][ T6679] RIP: 0033:0x7f5c7d38e969
[  175.526770][ T6679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.526787][ T6679] RSP: 002b:00007f5c7e122038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.526808][ T6679] RAX: ffffffffffffffda RBX: 00007f5c7d5b6080 RCX: 00007f5c7d38e969
[  175.526823][ T6679] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 0000000000000008
[  175.526836][ T6679] RBP: 00007f5c7e122090 R08: 0000000000000000 R09: 0000000000000000
[  175.526849][ T6679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.526861][ T6679] R13: 0000000000000001 R14: 00007f5c7d5b6080 R15: 00007ffe63272728
[  175.526891][ T6679]  </TASK>
[  175.805247][ T6682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.217'.
[  175.835624][ T6677] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.844559][ T6677] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.921439][ T5870] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  176.044618][ T6677] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  176.062312][ T6677] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  176.094271][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  176.104573][ T5870] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  176.135013][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 101, changing to 10
[  176.163179][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 25969, setting to 1024
[  176.184045][ T5870] usb 1-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  176.193488][ T5870] usb 1-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  176.266542][ T5870] usb 1-1: Manufacturer: syz
[  176.289915][ T5870] usb 1-1: config 0 descriptor??
[  176.296367][ T6683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  176.328869][ T5870] smsusb:smsusb_probe: board id=9, interface number 0
[  176.342714][ T6677] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  176.379473][ T5870] smsusb:siano_media_device_register: media controller created
[  176.389465][ T6677] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  176.450947][ T5870] ------------[ cut here ]------------
[  176.456542][ T5870] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[  176.486328][ T6677] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  176.537949][ T5870] WARNING: CPU: 1 PID: 5870 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc37/0x1870
[  176.547684][ T5870] Modules linked in:
[  176.551856][ T5870] CPU: 1 UID: 0 PID: 5870 Comm: kworker/1:4 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  176.565031][ T5870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  176.575383][ T5870] Workqueue: usb_hub_wq hub_event
[  176.580471][ T5870] RIP: 0010:usb_submit_urb+0xc37/0x1870
[  176.586118][ T5870] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 73 08 00 00 45 8b 04 24 48 c7 c7 00 9a 11 8c 4c 89 f6 4c 89 fa e8 4a 2b 76 fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 90 ca bb 8e e8 10
[  176.605876][ T5870] RSP: 0000:ffffc90004b1eb70 EFLAGS: 00010246
[  176.612034][ T5870] RAX: 9318ddef1d8e3700 RBX: ffff888145b00100 RCX: 0000000000100000
[  176.620037][ T5870] RDX: ffffc90019adc000 RSI: 00000000000308ff RDI: 0000000000030900
[  176.628103][ T5870] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  176.637521][ T5870] R10: dffffc0000000000 R11: fffffbfff1bba944 R12: ffffffff8c1197ec
[  176.646652][ T5870] R13: dffffc0000000000 R14: ffffffff8c1202e0 R15: ffff8880347d7e40
[  176.654819][ T5870] FS:  0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000
[  176.663834][ T5870] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  176.670451][ T5870] CR2: 000000110c3aa216 CR3: 0000000021f12000 CR4: 00000000003526f0
[  176.678483][ T5870] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  176.686636][ T5870] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  176.694715][ T5870] Call Trace:
[  176.698038][ T5870]  <TASK>
[  176.701013][ T5870]  smsusb_start_streaming+0x22/0x340
[  176.706387][ T5870]  smsusb_probe+0x18f6/0x2060
[  176.711119][ T5870]  ? __pfx_smsusb_probe+0x10/0x10
[  176.716199][ T5870]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  176.721894][ T5870]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  176.727820][ T5870]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  176.735582][ T5870]  ? __pm_runtime_set_status+0x785/0xa50
[  176.742330][ T5870]  usb_probe_interface+0x641/0xbc0
[  176.747491][ T5870]  ? __pfx_usb_probe_interface+0x10/0x10
[  176.753295][ T5870]  really_probe+0x26a/0x9a0
[  176.757851][ T5870]  __driver_probe_device+0x18c/0x2f0
[  176.763223][ T5870]  driver_probe_device+0x4f/0x430
[  176.768292][ T5870]  __device_attach_driver+0x2ce/0x530
[  176.773757][ T5870]  bus_for_each_drv+0x251/0x2e0
[  176.778736][ T5870]  ? __pfx___device_attach_driver+0x10/0x10
[  176.784733][ T5870]  ? __pfx_bus_for_each_drv+0x10/0x10
[  176.790156][ T5870]  __device_attach+0x2b8/0x400
[  176.795006][ T5870]  ? __pfx___device_attach+0x10/0x10
[  176.800338][ T5870]  ? do_raw_spin_unlock+0x122/0x240
[  176.805624][ T5870]  bus_probe_device+0x185/0x260
[  176.810516][ T5870]  device_add+0x7b6/0xb50
[  176.814990][ T5870]  usb_set_configuration+0x1a87/0x20e0
[  176.820531][ T5870]  usb_generic_driver_probe+0x8d/0x150
[  176.826080][ T5870]  usb_probe_device+0x1c4/0x390
[  176.830987][ T5870]  ? __pfx_usb_probe_device+0x10/0x10
[  176.837696][ T5870]  really_probe+0x26a/0x9a0
[  176.843370][ T5870]  __driver_probe_device+0x18c/0x2f0
[  176.848707][ T5870]  driver_probe_device+0x4f/0x430
[  176.853811][ T5870]  __device_attach_driver+0x2ce/0x530
[  176.859240][ T5870]  bus_for_each_drv+0x251/0x2e0
[  176.864173][ T5870]  ? __pfx___device_attach_driver+0x10/0x10
[  176.870115][ T5870]  ? __pfx_bus_for_each_drv+0x10/0x10
[  176.875573][ T5870]  __device_attach+0x2b8/0x400
[  176.880376][ T5870]  ? __pfx___device_attach+0x10/0x10
[  176.885742][ T5870]  ? do_raw_spin_unlock+0x122/0x240
[  176.890984][ T5870]  bus_probe_device+0x185/0x260
[  176.896336][ T5870]  device_add+0x7b6/0xb50
[  176.900744][ T5870]  usb_new_device+0xa39/0x16c0
[  176.905618][ T5870]  ? __pfx_usb_new_device+0x10/0x10
[  176.910858][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  176.916248][ T5870]  ? lockdep_hardirqs_on+0x9c/0x150
[  176.921530][ T5870]  hub_event+0x2941/0x4a00
[  176.926053][ T5870]  ? __pfx_hub_event+0x10/0x10
[  176.930866][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  176.938079][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  176.944446][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  176.950222][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  176.956026][ T5870]  process_scheduled_works+0xadb/0x17a0
[  176.961736][ T5870]  ? __pfx_process_scheduled_works+0x10/0x10
[  176.967781][ T5870]  worker_thread+0x8a0/0xda0
[  176.972472][ T5870]  kthread+0x70e/0x8a0
[  176.976580][ T5870]  ? __pfx_worker_thread+0x10/0x10
[  176.981763][ T5870]  ? __pfx_kthread+0x10/0x10
[  176.986386][ T5870]  ? __pfx_kthread+0x10/0x10
[  176.991004][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  176.996265][ T5870]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.001586][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.006218][ T5870]  ret_from_fork+0x4b/0x80
[  177.010657][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.015310][ T5870]  ret_from_fork_asm+0x1a/0x30
[  177.020137][ T5870]  </TASK>
[  177.023325][ T5870] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  177.030627][ T5870] CPU: 1 UID: 0 PID: 5870 Comm: kworker/1:4 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[  177.042723][ T5870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  177.052813][ T5870] Workqueue: usb_hub_wq hub_event
[  177.057920][ T5870] Call Trace:
[  177.061226][ T5870]  <TASK>
[  177.064175][ T5870]  dump_stack_lvl+0x99/0x250
[  177.068824][ T5870]  ? __asan_memcpy+0x40/0x70
[  177.073451][ T5870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.078683][ T5870]  ? __pfx__printk+0x10/0x10
[  177.083331][ T5870]  panic+0x2db/0x790
[  177.087266][ T5870]  ? __pfx_panic+0x10/0x10
[  177.091728][ T5870]  ? ret_from_fork_asm+0x1a/0x30
[  177.096727][ T5870]  __warn+0x31b/0x4b0
[  177.100746][ T5870]  ? usb_submit_urb+0xc37/0x1870
[  177.105719][ T5870]  ? usb_submit_urb+0xc37/0x1870
[  177.110689][ T5870]  report_bug+0x2be/0x4f0
[  177.115059][ T5870]  ? usb_submit_urb+0xc37/0x1870
[  177.120029][ T5870]  ? usb_submit_urb+0xc37/0x1870
[  177.124994][ T5870]  ? usb_submit_urb+0xc39/0x1870
[  177.129959][ T5870]  handle_bug+0x84/0x160
[  177.134239][ T5870]  exc_invalid_op+0x1a/0x50
[  177.138780][ T5870]  asm_exc_invalid_op+0x1a/0x20
[  177.143657][ T5870] RIP: 0010:usb_submit_urb+0xc37/0x1870
[  177.149278][ T5870] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 73 08 00 00 45 8b 04 24 48 c7 c7 00 9a 11 8c 4c 89 f6 4c 89 fa e8 4a 2b 76 fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 90 ca bb 8e e8 10
[  177.168917][ T5870] RSP: 0000:ffffc90004b1eb70 EFLAGS: 00010246
[  177.175028][ T5870] RAX: 9318ddef1d8e3700 RBX: ffff888145b00100 RCX: 0000000000100000
[  177.183022][ T5870] RDX: ffffc90019adc000 RSI: 00000000000308ff RDI: 0000000000030900
[  177.191013][ T5870] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  177.199009][ T5870] R10: dffffc0000000000 R11: fffffbfff1bba944 R12: ffffffff8c1197ec
[  177.207019][ T5870] R13: dffffc0000000000 R14: ffffffff8c1202e0 R15: ffff8880347d7e40
[  177.215061][ T5870]  smsusb_start_streaming+0x22/0x340
[  177.220384][ T5870]  smsusb_probe+0x18f6/0x2060
[  177.225101][ T5870]  ? __pfx_smsusb_probe+0x10/0x10
[  177.230158][ T5870]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  177.235751][ T5870]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  177.241673][ T5870]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  177.248042][ T5870]  ? __pm_runtime_set_status+0x785/0xa50
[  177.253729][ T5870]  usb_probe_interface+0x641/0xbc0
[  177.258889][ T5870]  ? __pfx_usb_probe_interface+0x10/0x10
[  177.264559][ T5870]  really_probe+0x26a/0x9a0
[  177.269115][ T5870]  __driver_probe_device+0x18c/0x2f0
[  177.274444][ T5870]  driver_probe_device+0x4f/0x430
[  177.279506][ T5870]  __device_attach_driver+0x2ce/0x530
[  177.284922][ T5870]  bus_for_each_drv+0x251/0x2e0
[  177.289801][ T5870]  ? __pfx___device_attach_driver+0x10/0x10
[  177.295732][ T5870]  ? __pfx_bus_for_each_drv+0x10/0x10
[  177.301152][ T5870]  __device_attach+0x2b8/0x400
[  177.305959][ T5870]  ? __pfx___device_attach+0x10/0x10
[  177.311287][ T5870]  ? do_raw_spin_unlock+0x122/0x240
[  177.316522][ T5870]  bus_probe_device+0x185/0x260
[  177.321408][ T5870]  device_add+0x7b6/0xb50
[  177.325772][ T5870]  usb_set_configuration+0x1a87/0x20e0
[  177.331305][ T5870]  usb_generic_driver_probe+0x8d/0x150
[  177.336815][ T5870]  usb_probe_device+0x1c4/0x390
[  177.341726][ T5870]  ? __pfx_usb_probe_device+0x10/0x10
[  177.347138][ T5870]  really_probe+0x26a/0x9a0
[  177.351689][ T5870]  __driver_probe_device+0x18c/0x2f0
[  177.357015][ T5870]  driver_probe_device+0x4f/0x430
[  177.362089][ T5870]  __device_attach_driver+0x2ce/0x530
[  177.367496][ T5870]  bus_for_each_drv+0x251/0x2e0
[  177.372370][ T5870]  ? __pfx___device_attach_driver+0x10/0x10
[  177.378293][ T5870]  ? __pfx_bus_for_each_drv+0x10/0x10
[  177.383701][ T5870]  __device_attach+0x2b8/0x400
[  177.388503][ T5870]  ? __pfx___device_attach+0x10/0x10
[  177.393846][ T5870]  ? do_raw_spin_unlock+0x122/0x240
[  177.399096][ T5870]  bus_probe_device+0x185/0x260
[  177.403982][ T5870]  device_add+0x7b6/0xb50
[  177.408349][ T5870]  usb_new_device+0xa39/0x16c0
[  177.413168][ T5870]  ? __pfx_usb_new_device+0x10/0x10
[  177.418408][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.423638][ T5870]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.428877][ T5870]  hub_event+0x2941/0x4a00
[  177.433400][ T5870]  ? __pfx_hub_event+0x10/0x10
[  177.438213][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  177.443983][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.449213][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  177.454975][ T5870]  ? process_scheduled_works+0x9ec/0x17a0
[  177.460740][ T5870]  process_scheduled_works+0xadb/0x17a0
[  177.466361][ T5870]  ? __pfx_process_scheduled_works+0x10/0x10
[  177.472398][ T5870]  worker_thread+0x8a0/0xda0
[  177.477063][ T5870]  kthread+0x70e/0x8a0
[  177.481166][ T5870]  ? __pfx_worker_thread+0x10/0x10
[  177.486310][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.490933][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.495555][ T5870]  ? _raw_spin_unlock_irq+0x23/0x50
[  177.500790][ T5870]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.506023][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.510642][ T5870]  ret_from_fork+0x4b/0x80
[  177.515086][ T5870]  ? __pfx_kthread+0x10/0x10
[  177.519711][ T5870]  ret_from_fork_asm+0x1a/0x30
[  177.524548][ T5870]  </TASK>
[  177.527920][ T5870] Kernel Offset: disabled
[  177.532255][ T5870] Rebooting in 86400 seconds..