last executing test programs:

21m51.210497709s ago: executing program 3 (id=20):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000540)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}], [{@obj_role={'obj_role', 0x3d, 'lowerdir'}}, {@measure}, {@context={'context', 0x3d, 'user_u'}}, {@fowner_eq}, {@appraise}, {@subj_user={'subj_user', 0x3d, '*[/\x87$*\x8a'}}, {@audit}, {@obj_type={'obj_type', 0x3d, 'workdir'}}]})

21m49.020021747s ago: executing program 3 (id=23):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0x3, 0x288501)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000140)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdff"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
landlock_create_ruleset(0x0, 0x0, 0x3)
lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x200808e4}, 0x8000)
syz_genetlink_get_family_id$batadv(&(0x7f0000000b80), 0xffffffffffffffff)

21m47.732903738s ago: executing program 3 (id=25):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=@ipv4_newaddr={0x68, 0x14, 0x10, 0x70bd27, 0x25dfdbfe, {0x2, 0x0, 0x8, 0xfe, r1}, [@IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_RT_PRIORITY={0x8, 0x9, 0xff}, @IFA_RT_PRIORITY={0x8, 0x9, 0x1000}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0x7, 0x1, 0x2}}, @IFA_LABEL={0x14, 0x3, 'bond_slave_0\x00'}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_TARGET_NETNSID={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004}, 0x20040840)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f00000000c0)={0x7ff, 0x7, 0x6, 0xa5e2}, 0x10)
getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000140))
r5 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0)

21m46.40224854s ago: executing program 3 (id=28):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_tracing={0x1a, 0x31, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}, @map_val={0x18, 0x3, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, @map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @generic={0x7, 0x8, 0xd, 0xa0, 0x524}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x5a, &(0x7f0000000200)=""/90, 0x41100, 0x20, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0xf, 0x8, 0x7fffffff}, 0x10, 0x26ac4, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff], 0x0, 0x10, 0xe}, 0x94)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000400))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000006c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)={0x1b8, r2, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0x62, 0xa8, @random="0d867a457dc6b30146f7af22ba6125119d34947ff6685539fff34ec7eaa717571b2904c71ba142e84ac0e1b5f8fd37afd99ebea4ecb6925406952d7161ac2a2924a3e683eb25ee22819605b501cb792917aee5995db5a673f53b60baba7c"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xfa, 0xa8, @random="1894f8dd3b4b8b034d4534ae2ef2e7a2fdd16eff6302cc2912ad9d63e1262d4cb801474f68d2458d456806b2e3209e74bad9d7417ece22405d284bc761d44dc431333aae9c1fbb95c64c4feb0d1aa5b9545297560234235ed4f52aee4f073afee014b5e58e65b29217b51bcbcbd8c8973e1a5f20f8f597a0f5b25eef474d0fc402d62140eee52c15ce1f52b3e1674ffe10c261f029991bda2c39bd000f5e32c6dcf51ed4d186b941687446491c943ab88de8b027ef4cef7feb12fac2124e2388dedab93b58fc20fba8a2c4c17225f8a236691ccc6b11b2da531020e6ea2c7b83fc042a9ec014695dcf87219ca54f58a39201c8df9baa"}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000740), r1)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r3, 0xa0a, 0x70bd26, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}}, 0x20000090)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f0000000840)='./file0\x00'}, 0x18)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000ac0)={&(0x7f00000008c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x157, 0x157, 0x6, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0xf, 0x2}, {0x5, 0x4}, {0x6, 0x4}, {0x10}, {0x10, 0x1}]}, @typedef={0x10, 0x0, 0x0, 0x8, 0x4}, @union={0x9, 0x8, 0x0, 0x5, 0x1, 0x4, [{0x5, 0x0, 0x1}, {0x4, 0x0, 0x29}, {0x7, 0x0, 0x7f}, {0x0, 0x1, 0x9}, {0xc, 0x3, 0x2}, {0xa, 0x3, 0x3}, {0x10, 0x1, 0x7}, {0x0, 0x3, 0x1}]}, @ptr={0x9}, @union={0x2, 0x5, 0x0, 0x5, 0x0, 0xfff, [{0x4, 0x3, 0x45}, {0x10, 0x2, 0xfc}, {0xa, 0x0, 0x7f}, {0xa, 0x3, 0x6}, {0x5, 0x5, 0x2}]}, @enum64={0xe, 0x3, 0x0, 0x13, 0x0, 0x0, [{0xd, 0x100, 0xfffffffe}, {0xa, 0xffff, 0x5da8}, {0x4, 0x6, 0x4}]}, @datasec={0xf, 0x2, 0x0, 0xf, 0x3, [{0x3, 0xfffffff4, 0x3ff}, {0x4, 0x9, 0xac}], "54b13a"}]}, {0x0, [0x61, 0x61, 0x61, 0x0]}}, &(0x7f0000000a40)=""/108, 0x176, 0x6c, 0x0, 0xab}, 0x28)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0x1000, '\x00', 0x0, r5, 0x0, 0x2}, 0x50)
ioctl$BTRFS_IOC_BALANCE_CTL(r6, 0x40049421, 0x2)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), r1)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x3c, r7, 0x800, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x2004c450)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x6, &(0x7f0000000d40)=0x80)
recvmsg(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000000d80)=@sco={0x1f, @none}, 0x80, &(0x7f0000002280)=[{&(0x7f0000000e00)=""/243, 0xf3}, {&(0x7f0000000f00)=""/124, 0x7c}, {&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f0000001f80)=""/74, 0x4a}, {&(0x7f0000002000)=""/134, 0x86}, {&(0x7f00000020c0)=""/12, 0xc}, {&(0x7f0000002100)=""/79, 0x4f}, {&(0x7f0000002180)=""/49, 0x31}, {&(0x7f00000021c0)=""/151, 0x97}], 0x9, &(0x7f0000002340)=""/4096, 0x1000}, 0x40002100)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000003440)={&(0x7f0000003380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000003400)={&(0x7f00000033c0)={0x30, 0x4, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x30}}, 0x4000)
r9 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000003480)='cgroup.threads\x00', 0x2, 0x0)
getpgid(0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000003640)={&(0x7f0000003500)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000003600)={&(0x7f0000003540)={0xa8, 0x0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x200}]}]}, @TIPC_NLA_NODE={0x1c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffc}]}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000094}, 0x4)
sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f0000003780)={&(0x7f0000003680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003740)={&(0x7f00000036c0)={0x74, r7, 0x400, 0x70bd2b, 0x8, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x4048000}, 0x28008000)
mount$overlay(0x0, &(0x7f00000037c0)='./file0\x00', &(0x7f0000003800), 0x9, &(0x7f0000003840)={[{@index_on}, {@xino_auto}, {@uuid_auto}, {@verity_off}, {@redirect_dir_follow}, {@verity_off}, {@redirect_dir_on}, {@xino_off}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'nl80211\x00'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@uid_gt={'uid>', 0xee01}}, {@subj_user={'subj_user', 0x3d, 'devlink\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0xa}}]})
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xf)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r10, 0x4068aea3, &(0x7f0000003a00)={0x79, 0x0, 0x29a})
r11 = socket$inet(0x2, 0x5, 0x9)
sendmsg$unix(r5, &(0x7f0000004000)={&(0x7f0000003a80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000003e00)=[{&(0x7f0000003b00)="a4377e2d4423f2b08236c8320d1342d683a234f3778a6aa1b896990262560c5d7e711aebd3", 0x25}, {&(0x7f0000003b40)="4ed1015ed8d8a9a8db25b03cc38b99ce74132bcb1cf895a8aa5efc9e84de92a28d73f35b1b7bd4db5ab5b06928ade6152d2f981988ed27a19e3fb4919f840788d8fa982650877d289ed4f4768727f9678d93453e590e2b28ed70d79374d5d8fdcac96c8778ad95d98703573c633f5b153291fba27be388a0e6ffb270fa26890137697cc20d8816b823389ff2de22d91569343dda1160ed0558e4d64b35cbedbd0af489317f8dba875a0e7399c28421a958803cf124056f7f434dc6b838f33a762915c3e92d11e47e5bc09c49f63fde627a96548011fbe61a93b80f277ca30fc577fcdf1fd6d6321f7e9147d2cd5e", 0xee}, {&(0x7f0000003c40)="694c5c1aa643c383b2f3eb80be9a73a591226f8b09a3fecbe4fb62950e19102c5b34977753de1cd98af1da4e0ea7ddb13560fdace45a5311ad52b7ce9fc23b411f667234cbd570ac00795e5eaefd400e631d54d88137bc44039eb0252ef13300edd7a022165bdc65ed97d663ab540b45778496de0b699a5b4dfd03000768fb07c36b2131f1c8f6eda79366c550da713a9d033d1ca2d7e9fa48942fac3ce975d400f6287493d895a810cf89e65262435e4957b377b37816d94c49d8a7d8bc07007e71d4021a405f1ab7729ef7e457b251d1b474497d4b71d8875bc717bf2dd9f0d1", 0xe1}, {&(0x7f0000003d40)="a61827ea15169ccd46a5128701bd6339042cfd042a839224cc1f0bcaf404f7f3f9e70bd02bdf0cba6fa383e3c3c058aa72d4a7435da566dc83c50111a38a2cd7101acac43c3ae1a0ed500d58b64f86c837afdff1b4a9131bb85f06a24fa1bbd21c0aff8a90da97dac04f45710a51738576a25912e1f4f0e9c950b6d6a7657fabe5deb62d5fef71dcc91c4004024bb079ccbf360215295b62fd79c91e7042a08e74b314f957ec82e293aaf66efb1f879c05cd22ab", 0xb4}], 0x4, &(0x7f0000003f40)=[@rights={{0x34, 0x1, 0x1, [r9, r10, r6, r11, 0xffffffffffffffff, r4, r4, r1, r4]}}, @rights={{0x38, 0x1, 0x1, [r1, r5, 0xffffffffffffffff, r5, r6, r1, r6, r8, r6, r6]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r10]}}, @rights={{0x30, 0x1, 0x1, [r0, r1, r5, r1, 0xffffffffffffffff, 0xffffffffffffffff, r8, 0xffffffffffffffff]}}], 0xb8, 0x20000800}, 0x40000d6)

21m45.187526491s ago: executing program 3 (id=31):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0x200000100000011, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="1400000025000100000000000000040006"], 0x14}], 0x1, 0x0, 0x0, 0x400048d0}, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x4, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x6c6c9c9e, 0x0)
read$msr(r2, &(0x7f000001b5c0)=""/102368, 0x18fe0)
socket$inet_tcp(0x2, 0x1, 0x0)
getpid()
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48, 0x83, 0x0, 0x80000001}, {0x6, 0x5, 0x0, 0xfffffc}]}, 0x10)
ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, &(0x7f00000000c0))
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, 0x0, 0x0)

21m34.774720776s ago: executing program 3 (id=40):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c9282, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000440)='block_bio_complete\x00', r2, 0x0, 0x1}, 0x18)
write$cgroup_int(r1, &(0x7f0000000040)=0x1c9, 0x12)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r4 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000f80), 0x400, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=bind:N-', @ANYRESOCT])
lseek(r0, 0xd0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r1, <r6=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x9, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xf628}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}]}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0xa, &(0x7f00000002c0)=""/10, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x6, 0x20000003}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xf, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000500)=[r1, 0xffffffffffffffff, r1, r1, r1, r1, r1, r1, r6, r6], &(0x7f0000000540)=[{0x2, 0x4, 0x8, 0xa}, {0x5, 0x2, 0x5, 0x5}, {0x2, 0x5, 0x6, 0x8}, {0x7, 0x1, 0xc, 0x5}, {0x0, 0x1, 0xfffffffd, 0xc}, {0x2, 0x4, 0x8, 0x5}, {0x1, 0x3, 0x3, 0x2}, {0x1, 0x5, 0x2, 0xb}, {0x3, 0x1, 0xf, 0x1}], 0x10, 0x1}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB="000002000000001800"/20, @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="020000000100"/28], 0x48)
r7 = gettid()
sigaltstack(&(0x7f00000000c0)={&(0x7f0000002400)=""/4095, 0x0, 0xfff}, 0x0)
rt_sigqueueinfo(r7, 0x21, &(0x7f0000000000))
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

21m19.416903221s ago: executing program 32 (id=40):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c9282, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000440)='block_bio_complete\x00', r2, 0x0, 0x1}, 0x18)
write$cgroup_int(r1, &(0x7f0000000040)=0x1c9, 0x12)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r4 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000f80), 0x400, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=bind:N-', @ANYRESOCT])
lseek(r0, 0xd0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r1, <r6=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x9, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xf628}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}]}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0xa, &(0x7f00000002c0)=""/10, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x6, 0x20000003}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xf, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000500)=[r1, 0xffffffffffffffff, r1, r1, r1, r1, r1, r1, r6, r6], &(0x7f0000000540)=[{0x2, 0x4, 0x8, 0xa}, {0x5, 0x2, 0x5, 0x5}, {0x2, 0x5, 0x6, 0x8}, {0x7, 0x1, 0xc, 0x5}, {0x0, 0x1, 0xfffffffd, 0xc}, {0x2, 0x4, 0x8, 0x5}, {0x1, 0x3, 0x3, 0x2}, {0x1, 0x5, 0x2, 0xb}, {0x3, 0x1, 0xf, 0x1}], 0x10, 0x1}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB="000002000000001800"/20, @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="020000000100"/28], 0x48)
r7 = gettid()
sigaltstack(&(0x7f00000000c0)={&(0x7f0000002400)=""/4095, 0x0, 0xfff}, 0x0)
rt_sigqueueinfo(r7, 0x21, &(0x7f0000000000))
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

20m47.950739816s ago: executing program 0 (id=104):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x40a5)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

20m46.618959577s ago: executing program 0 (id=105):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x0, 0x22020}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}, @IFLA_ADDRESS={0xa}]}, 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$PTP_SYS_OFFSET(r3, 0x43403d05, 0x0)
write$cgroup_freezer_state(r2, &(0x7f0000000340)='FREEZING\x00', 0x9)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
setfsuid(0xee00)

20m40.340127498s ago: executing program 0 (id=113):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

20m39.890736662s ago: executing program 0 (id=115):
r0 = socket(0x200000100000011, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="1400000025000100000000000000040006"], 0x14}], 0x1, 0x0, 0x0, 0x400048d0}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x4, 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x6c6c9c9e, 0x0)
read$msr(r3, &(0x7f000001b5c0)=""/102368, 0x18fe0)
socket$inet_tcp(0x2, 0x1, 0x0)
getpid()
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48, 0x83, 0x0, 0x80000001}, {0x6, 0x5, 0x0, 0xfffffc}]}, 0x10)
ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, &(0x7f00000000c0))
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, 0x0, 0x0)

20m37.082648704s ago: executing program 0 (id=119):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x40a5)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

20m33.093880255s ago: executing program 0 (id=125):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

20m17.798566752s ago: executing program 33 (id=125):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

19m28.342967502s ago: executing program 2 (id=213):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
fcntl$setstatus(r0, 0x4, 0x40800)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ftruncate(r1, 0x2000009)
sendfile(r0, r1, 0x0, 0x7ffff004)

19m28.010418425s ago: executing program 2 (id=214):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f00000000c0)={0x0, 0x5}, 0x8)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2)

19m26.914977791s ago: executing program 2 (id=215):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
unshare(0x2c020400)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100})
io_uring_enter(r2, 0x7277, 0x0, 0x0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f0000000100), &(0x7f0000000440)=@data_frame={@a_msdu=@type10={{0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x80}, @random="6f02a2204b12", @device_a, @initial, {0x0, 0x28}}, @a_msdu=[{@device_b, @device_b, 0xb5, "5a67440eff140108fe48562485fce5b2230cb60e8be8539702d47e1a8aaa6d514c52ca1ab46957fc60ecb1e8a48e65db307c236b3d792643b5fa31c2bea9fd03af32d79bc30ab1e2454ab037031b3f21e90b51bceeadebc28f32cb2861105fff943f238e815ffcea6ecab83b3a14928622171705cccd9e5019de745f8da30b97bd9c02eca80caf20eae1493dbad8a81e73cc4e65f242c92b8ec87c774b1d7d03640f860793a22dba2fa9350bf2e7d00c5a375fa4a7"}, {@device_a, @broadcast, 0x70, "9b958d11bd5edf0a14d02aec0540c590c73607c70f9ae3d1dd7988b06c91e92df20887f1059bfbae704029e5cb9456a42eca5b6795eb92f489a10d48bc1cac7ed0b6e8c8e2c5b97c55ac2189c4b893e4a1c9f85888336852ee509a54690a4d409513a3d06e58623ec60e1e40621d7f23"}, {@device_a, @broadcast, 0xeb, "12eb291faf1ace19aadf40ae198589e1898cdab0fa4dd22a109a87b01ec88369b241a69dc4d89fb78d4274768b8cc54b31e9597694bcd2d93ca68dcbb4b60886006ef0209f98d2ab9b9cb003bdcbd5a0298c31cdee55e41a66bac66a50fb7d2b891b1f712062c7cec7c4303cbfaf67d09acc7fbcf501c064e52ddb3b2a07a5fc755f11631c7e400641381a882d3a1600fd913a642fb5b5d1b63ca1c12fb081060847114cde064b1b33a223eb22c7f4ddf8eaecda502cb77961935695b8d53de0a4d93c38bbdc8f7169204d5d9ac2ba59b9786449756eb4ea660c3822ef72ceab6354d907924b0f7e047f63"}, {@broadcast, @device_b, 0xe88, "585cbc3f8abd49455f48ce90b624b1c0ff71248c81c65a82586f91855a9d0d76900328ad80e349bcd31a109501904900fe1f827c29f6e8429c39c41a86b59cd8daa8b6d69998fc8772776e3ea067027c0f69db1025a8565e2359d353380bd409f0cf0c874d99a74c30b1d1a6b09c0b677b28d060eb8928f9f880dabcf3bb352b13aa141274673fdaef89baa51d3baba2ed82f418f9039d3b66a590b5839fe47c7a2a750bf056c342cc9d2314a93f30fc5405ea94b0004ed3bc19c3a54afef4ebb56c0615ec61a6fb6f1251c53851cd92f5e308290fcde1d5534044b35f44cb5d0a49a1125658508292c6b4f1d708f03a306b95d6a8cdb0012f2d8b6e68a9327f504f4395479ada6c8b2e721391b43a878ae946e93292443a4afb437d01f64e978c94c8c9bb4c21c2184401860efcaa5532acafa67d37cc129e98d48cebaeb2d3c4b6b2661df3ee41cad0a21609d64ff041e4f5f76bac3cccf5cadaad04af8543df2de9ff4b5ced824f3644fc73e726a3239aae4c36671f312eba3dac56aaeade918cc257100952ac63abc28159b793d4e2a1ec888800f405262072131cb2f77e7b292982e4adb9a5c2671381d52338b62815c6250eae2198e3f62a54e297941517babfb1fe01fcccff4635e3176a60bcb97d303652ab100dcb09ded0812e538df7db10e3643ad486d1c9a056177cc20b644b81bc9b849367828f58ee5606bea50be6a73798d77e310738749cbb47af7d9a84f266806961ce4a84195feee2e1f100eb7c9c7fea68811befd480b6bdd3dd08f5b41527550edb1bd2bc66cf846b5f4099b9e8c96da99bbd02edae947df9c151c936163ac26e83d00d84ddc8e0f4a74cfd2480b4b5f29b15c45a90d2b67085b503b96ac5a5df45f1e0bb9f99805eb6a74b482e308024f24c3e503e3da0aae8fd1308ec4ef94befe527c54836f58f6e7d987786208488667d955e137a1e2e07e8573a4e2a3a0cddfe95bb4b8caa2c2886349d14bfb6fb524ab49cdaf1edff0f3de71bab3b27fbf44dda03289e4c967466ce8fa59d9286009785aefc0b2dd04010ebf309e701753a2c617e23f5fbf83c35d95772125ec66004a5a4022e870312abf67b5838e7ab3b4bcbddbe9bb03365e9a09adec82764d1e09b4952b1bb74d6d409148c6960bfbcc160a234c4821ade27a9080b6e77d8a0a2d0c3946fc0bf9bcbd67061b5796ed8c848705658c6fc4a10955e7db1142ffab24221159202677f9193e75712f8f03c9658425c86204dfc197dcc74b6e667f78af366ca9b44d6916257f1c665fc92c28b20cb3becef746f9fb07a25df3c3a16bf873dcf1f85e6d1537390e2335c517e30574263c200610e34d15685ab17bd5b1343912e33b24e4fc33480d47bdfe7290c8761f384dccb909c003f2bb58ed45ea00f5b5cdf32217815535617a59197ac200998cbae03ab4c6a3a6dd7b7a1a637a240e254472eb22052fcff662134f7a9562efa8699c29c1bcd6ba87a5a34b3aa8280aef429fb6cece319d6ec89d93530dbbf6cca8004496bb2e5ec78c63ee7908562b6bab0878d7e29a965a48f02de5b2ffbbe1a9b2d66cb82720d083933ab76103de52c9d074397ce02fcdfe613e37a7ecba20ff773f4686a0e3066417b7a0b2b6ad9f91959fe56f2ce92f3cac5c283c94659364f06a3162a1c3fbb330f974fc578cf5fb8e6b0c639d5c6b4e84ebf0a23446506af142d32ce78f3449825f866438ae7151932861711ee3c1b2a8a5dae3ccfe22aaf9268f59b0c63b1549fd133685dc59e942fc5c9a4a4ec8d24007dba86655791526fa09e118dda769c2df714417e1d13e9dd0a94a3a5899712c37ea5cc5d8b6fff73573855ef10be1c1d86415ef309ec7498d2d902e816e4a15529008485a84d40c06fd3ba72be747e0fd9ccb58abb77f850455a57a6efd3793b7913f20385acb5a9c3c358811c78035562e201d4fdeca19f4011c2fdcb46efe46ff641eefc80dcd06d2c3768e1c4064be4c416c71e53cb6c4ac9717e9a9ac700373b6bce9f9e7b34382600fbd9016aa36564538ddbc8f60ea26eec9a7df434a2e75f9836cf2725b530c15b985278c91749724d4459f8081793bec6b6cf063c88628fbf85e76e36672f9f94de62f2029282e7a1a39a7e6e8623cb4c8dd2c9ade6625d543498b28d089f64791fcaccca5f173d42c33577173840f411a16f0dd3edac276c84e1df144beb3f65fa2a34afcf1f92e85d8bbf224dc31a6dd6c38c9d044793c9bfe78dc83f296eda4114cb7276b4c90fe0e2887f62388427118a640515bcf9d64e556a7aa49db095c47ea67420731b53d558ccda67ca15bf57e73dacfbffb911fc5a97af3eba0e7c6a77257ba38ff177efe3267c49bd50460e546b9d3c7bbf8382929f5714d8fdae5ef761d8ae91bd9e21884f2509b361cf669f680349fe956012a876f65cd924e1faa2b628e018f89d7e626c2f694cfec35777398bad91c73def54516cfd80fdcdf61c1081b6938dfa987e01c834be226e27d22db8c4164c2efbd9e985129d4de88b4805d8453628d6249351983dced83940d4b21b8a693b81a8c9e58b446b0f6c05e60833cc54efb25399fb129a62fd2da11655bf0d7e5c62cb883b518b425e26d087182b6f38aff08f5e7cbd8d08ce13c6cf39ccf0303a2f677134f720004a1101872692fd2afe78f3623e47853840551e5c9069f3c54078df455740319f1f05cf16045b323d5dac1ae8ce308118bcf7934f197ba5a314761f3d23e6eb1d78c30582d27b760831493ffa8bf09d6f2fa39e31719c51c284c124cd3df9e9cd0be3ebdea3be652c00695eff4915366e9b22ad41929b97d759e699ff3f3d9d968467a51c7e857071a78f5c431fbdb7c6f27b6790e411b9f2fe5c9937f935005abe1d47283dd01d296ad909c4d0f728818ae766807da8c0a5cf5ea54bb906c9fe2a708cb89dca64fcb780dba0d2fd1e0332c53b0b2290955b13749ac1d062423af6db909418e841f51ffffc4af7c174578febf99a35fe8ecd8de38841ec855cf182edde939998e42d73fe65df886d371512ec810f5b143e2596835ad3778a33c49e3b80530c608985ae9e049f67a4034c0df5c95bb308a2c5061d94a8b00e5af0f2fe0b5fc290306fb3f458a8bd851f7044894d6988e83770de809faa752f8d4d04f32144a591106d165919f0a8a5c3fe8c63ca298b9ebd1e3efcc4f5ae87cf45eb0699d3bc352b894e49c9bf7c88fbeddc93bb10babb002ff52a22fb9b3496b4755072c86892a3769020e4e85c02e9622a25bdb02b86cfb3897c8280ba2dd04c63848a1ca85dc0b8424ec0127b2253c7c282e8c6434a5b2c3aa7d52d0ccf7e1bd028e24c8dd9232355acf39b8a042064a91eadbd4cddfe8d231bd9e5cf0a5ec23f1a34ff727a35b6a3b177dada2a53352bc2c190ae230120af1bc84a6acdd8468117d28a4327682dd8ea1d55e512ed30f13f52d51319dee5e87a263ff0f3e76273dd7de187234051b6957b10653e172804b9cd442bb2c06a9e1b668d9fde866982461174fb861336e8d2e2ddf2fa67cea22350b2ae985750e5f59e7031da45e3045c79cf84bddc1acb59e49325309f8b3c7f55b34e62d940ff6e87eda667a573b1e2168e8b31c332793524adeb38a3c5581382e365ba542737b4ee22e146cff5451504616e91b2d01ce87ccb95f19c6b6f10c61cb840351a9fdb4d005018b8d82e689e674bb3bc03bb96eaf4ebc396709738b9c65d46cc2280eee4edd18a5fdf81f046ea8e6a0768672ddfaadcf78be8aaa59ab1a7321f041549fd30e1a3297ea5b87b5f5a1320b9a08abb9b4788d00b0bbd22f51ad8837ca272acedb8274de30b81d46bbd540efee5e4c41e01654a764e6c77b2e016f1ce353fd76795c2309916e24c66dd10df346904faeffad6f3985604556d883aaca9b942a5596825bf060922765c13381e06eeea940614352752d8cdb82dd82683e237600195a18020928a48de17437fd18c3558164473c5d8eafdfe4c9f77c2a1a1b219df99dc7885a8b87958277575276a8151a596c8a5455c58103f8fff2bb0f0cce1dd2a536536877108e48352e4c98364699bc9884b06956cea7859224be3b12dde91852981780bc10a00215801bd5d4265d741efbaec89043fa072715e1d91e5e9ad99d7ad44ef6d34c2430f67eb6252d55b7853356beb008e7ebfaab6405a6075b7c86ac5a3a133ed09b0cf3dfcd829950e36f1d98cf602b93f2048bce23219bfca942860278a91826bea2c15cd947fad19b291e9f75c5cd873fb8adf308f4f314e64bcd31d74b0288e9895f1678494d6988b6c5555b0455bf88975f11d0680152a85f9fc989a3056af405018783978b37067d4b8a8254b578d09ca04e970a89be6b622fa2e5b300f7247258af88a7495f6d194444628cb082c07c0cdc60d601fc1d7710d8849b9d1dfc44cdb457c4ab174035af3f17306c7bb33e52b24c9f2eb5741312ebfb7778279038ae67e5de7518b7dbdcd46d01f43ee66dcad28f5123088b987bfaf319f08a00e04232e3a7961b5438b7319b30034517b8444818b3ea0d5ab910b0d9a549ff6ca7366bafcf04b6aa28c01363bd9ecb467f79b607cc70d82dfc051b90ee648a4cd8b4f254960f969a78cb449d12f2c33121c4c1ae2dd7cddfa56ba679d14d837cd0faa98d1190bcc96ed8dde2832d21ea971186e09f740c350b3b93961321ac6b6de84f003eb44332ceb4372e607a7088f5741e7ae78501a06290452be0798bd6a1aaa385374a38be18c15928460867cfb82d234b1cc19ef5ff7534a504b42653f3fdfd3b4f7f526d60c9860611772feb7ebd0be7ddc4b4715837b867bbbe4deffb2b6b85922082fcb060a18bdb6c321f0c62b883076c6eb67f54375ff4a786b63dc0318a946b8c7505ecc1c0842df98a039b414fa1c568c09a8c1fb8abce4b7a35f4ec8e6f4d9695ef697a17a85ccf819165718e7da82d09323040cf845d90e0d68b4f9a2e19e4e729aaddabd4d87bb152ba9e00a330d924154d1a3b606f26f437a08ae6cb839f5302fc1a6682b9397e2844f04f946d0d3375c912e12163c83ede76ef1979f0677b52a3faf3b1a723b0f72c0b709c2b5d95b8c12ce0368739235a524d6665b9202acef2061af967a9448494a398785c20748b5a98a42adef1f12edea57c88765a55bb44c0490ab44ccda315de653ca227b1fd2a43390b7c6b24fd0640a37304db31bce2ca0d1d248eea8039c2660f508be51c5356649cc290b477abeb5fcc5"}, {@device_a, @device_b, 0x42, "4fe288c677eddb1eddb7e1c6003b74626226257815459664458b11e10dd80d2e82eacc58f39480e5e1a19b1d3fd46b6f3fa33e24956cb136b38cebf09fdf00b72f2c"}, {@broadcast, @device_a, 0xb6, "1a0ec0e9091eb1ccf3f7db62236689b68604a6e9f998b87fff1df493558000e098c329c9a9e5826d6b162b22877159db793248f4aecaf4fb2e671e6e1589f843fd81d08122fed8fc538cc3745e0bc99ff5f19a68b6ee5b12787177f8e7bb1081ddd78738fb4f47e71cf158212be90fb140054ffff3fb27aaf3c0712e5b5e0e74090354e739d5d97b657ae8d4438253dc580cef402ee8666a5463848a995fa479313e16709524d3c8bfff4b04f952d4189db7252b42fd"}]}, 0x1204)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x14)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000480)={{0x4, 0x0, 0x4, 0x805}, 'syz0\x00', 0x31})
ioctl$UI_DEV_CREATE(r5, 0x5501)

19m22.38380061s ago: executing program 2 (id=221):
socket(0x10, 0x803, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32], 0x48)
syz_open_procfs(0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r4, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x34000}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000010700)=[{&(0x7f0000010140)="9b", 0x1}], 0x1}}], 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
fsopen(&(0x7f0000000480)='incremental-fs\x00', 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)={0xa4, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}]}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private0}]}]}, 0xa4}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="c00000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000020000000000000000000114000400fc00000000000000000000000000000108000740000000012c00068014000500fe800000000000000000000400000031140004"], 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x0)

19m16.68576747s ago: executing program 2 (id=227):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
fstatfs(0xffffffffffffffff, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f00000000c0)={0x0, 0x5}, 0x8)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2)

19m16.121380388s ago: executing program 2 (id=228):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x0, 0x22020}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}, @IFLA_ADDRESS={0xa}]}, 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000340)='FREEZING\x00', 0x9)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
setfsuid(0xee00)
setresuid(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')

19m1.037654448s ago: executing program 34 (id=228):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x0, 0x22020}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8}, @IFLA_ADDRESS={0xa}]}, 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x43403d05, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000340)='FREEZING\x00', 0x9)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
setfsuid(0xee00)
setresuid(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')

14m4.299641469s ago: executing program 4 (id=559):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
fcntl$lock(r1, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x8, 0x4006})
unshare(0x40400)
fcntl$lock(r1, 0x7, &(0x7f0000000280)={0x0, 0x1, 0x7, 0x10})
fcntl$lock(r1, 0x6, &(0x7f0000000140)={0x2, 0x2, 0x8, 0xf05})

14m3.068637103s ago: executing program 4 (id=560):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000009c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000000}], 0x1, 0x24000040)
recvmmsg(r1, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2120, 0x0)

14m2.216154849s ago: executing program 4 (id=564):
socket(0x10, 0x2, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000dc0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x107734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2d, 0x0, 0x0, 0x6}]}, 0xfffffffffffffeea)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0xfac7, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)

13m58.807394943s ago: executing program 4 (id=567):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)

13m57.18426192s ago: executing program 4 (id=568):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x30, r1, 0x1, 0xffffff84, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x30}}, 0x0)

13m57.045073276s ago: executing program 4 (id=569):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x14, r1, 0x301, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20008890}, 0x10)

13m41.805624312s ago: executing program 35 (id=569):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x14, r1, 0x301, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20008890}, 0x10)

6m26.362731143s ago: executing program 8 (id=582):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_tracing={0x1a, 0x31, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}, @map_val={0x18, 0x3, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, @map_val={0x18, 0x5, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @generic={0x7, 0x8, 0xd, 0xa0, 0x524}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x5a, &(0x7f0000000200)=""/90, 0x41100, 0x20, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0xf, 0x8, 0x7fffffff}, 0x10, 0x26ac4, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff], 0x0, 0x10, 0xe}, 0x94)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000400))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f00000006c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)={0x1a8, r2, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0x62, 0xa8, @random="0d867a457dc6b30146f7af22ba6125119d34947ff6685539fff34ec7eaa717571b2904c71ba142e84ac0e1b5f8fd37afd99ebea4ecb6925406952d7161ac2a2924a3e683eb25ee22819605b501cb792917aee5995db5a673f53b60baba7c"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xfa, 0xa8, @random="1894f8dd3b4b8b034d4534ae2ef2e7a2fdd16eff6302cc2912ad9d63e1262d4cb801474f68d2458d456806b2e3209e74bad9d7417ece22405d284bc761d44dc431333aae9c1fbb95c64c4feb0d1aa5b9545297560234235ed4f52aee4f073afee014b5e58e65b29217b51bcbcbd8c8973e1a5f20f8f597a0f5b25eef474d0fc402d62140eee52c15ce1f52b3e1674ffe10c261f029991bda2c39bd000f5e32c6dcf51ed4d186b941687446491c943ab88de8b027ef4cef7feb12fac2124e2388dedab93b58fc20fba8a2c4c17225f8a236691ccc6b11b2da531020e6ea2c7b83fc042a9ec014695dcf87219ca54f58a39201c8df9baa"}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000740), r1)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r3, 0xa0a, 0x70bd26, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}}, 0x20000090)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f0000000840)='./file0\x00'}, 0x18)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000ac0)={&(0x7f00000008c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x157, 0x157, 0x6, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0xf, 0x2}, {0x5, 0x4}, {0x6, 0x4}, {0x10}, {0x10, 0x1}]}, @typedef={0x10, 0x0, 0x0, 0x8, 0x4}, @union={0x9, 0x8, 0x0, 0x5, 0x1, 0x4, [{0x5, 0x0, 0x1}, {0x4, 0x0, 0x29}, {0x7, 0x0, 0x7f}, {0x0, 0x1, 0x9}, {0xc, 0x3, 0x2}, {0xa, 0x3, 0x3}, {0x10, 0x1, 0x7}, {0x0, 0x3, 0x1}]}, @ptr={0x9}, @union={0x2, 0x5, 0x0, 0x5, 0x0, 0xfff, [{0x4, 0x3, 0x45}, {0x10, 0x2, 0xfc}, {0xa, 0x0, 0x7f}, {0xa, 0x3, 0x6}, {0x5, 0x5, 0x2}]}, @enum64={0xe, 0x3, 0x0, 0x13, 0x0, 0x0, [{0xd, 0x100, 0xfffffffe}, {0xa, 0xffff, 0x5da8}, {0x4, 0x6, 0x4}]}, @datasec={0xf, 0x2, 0x0, 0xf, 0x3, [{0x3, 0xfffffff4, 0x3ff}, {0x4, 0x9, 0xac}], "54b13a"}]}, {0x0, [0x61, 0x61, 0x61, 0x0]}}, &(0x7f0000000a40)=""/108, 0x176, 0x6c, 0x0, 0xab}, 0x28)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0x1000, '\x00', 0x0, r5, 0x0, 0x2}, 0x50)
ioctl$BTRFS_IOC_BALANCE_CTL(r6, 0x40049421, 0x2)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), r1)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x44, r7, 0x800, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x2004c450)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x6, &(0x7f0000000d40)=0x80)
recvmsg(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000000d80)=@sco={0x1f, @none}, 0x80, &(0x7f0000002280)=[{&(0x7f0000000e00)=""/243, 0xf3}, {&(0x7f0000000f00)=""/124, 0x7c}, {&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f0000001f80)=""/74, 0x4a}, {&(0x7f0000002000)=""/134, 0x86}, {&(0x7f00000020c0)=""/12, 0xc}, {&(0x7f0000002100)=""/79, 0x4f}, {&(0x7f0000002180)=""/49, 0x31}, {&(0x7f00000021c0)=""/151, 0x97}], 0x9, &(0x7f0000002340)=""/4096, 0x1000}, 0x40002100)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000003440)={&(0x7f0000003380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000003400)={&(0x7f00000033c0)={0x30, 0x4, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x30}}, 0x4000)
r9 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000003480)='cgroup.threads\x00', 0x2, 0x0)
getpgid(0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000003640)={&(0x7f0000003500)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000003600)={&(0x7f0000003540)={0xa8, 0x0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x200}]}]}, @TIPC_NLA_NODE={0x1c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffc}]}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000094}, 0x4)
sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f0000003780)={&(0x7f0000003680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003740)={&(0x7f00000036c0)={0x74, r7, 0x400, 0x70bd2b, 0x8, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x4048000}, 0x28008000)
mount$overlay(0x0, &(0x7f00000037c0)='./file0\x00', &(0x7f0000003800), 0x9, &(0x7f0000003840)={[{@index_on}, {@xino_auto}, {@uuid_auto}, {@verity_off}, {@redirect_dir_follow}, {@verity_off}, {@redirect_dir_on}, {@xino_off}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'nl80211\x00'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@uid_gt={'uid>', 0xee01}}, {@subj_user={'subj_user', 0x3d, 'devlink\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0xa}}]})
r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xf)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r10, 0x4068aea3, &(0x7f0000003a00)={0x79, 0x0, 0x29a})
r11 = socket$inet(0x2, 0x5, 0x9)
sendmsg$unix(r5, &(0x7f0000004000)={&(0x7f0000003a80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000003e00)=[{&(0x7f0000003b00)="a4377e2d4423f2b08236c8320d1342d683a234f3778a6aa1b896990262560c5d7e711aebd3", 0x25}, {&(0x7f0000003b40)="4ed1015ed8d8a9a8db25b03cc38b99ce74132bcb1cf895a8aa5efc9e84de92a28d73f35b1b7bd4db5ab5b06928ade6152d2f981988ed27a19e3fb4919f840788d8fa982650877d289ed4f4768727f9678d93453e590e2b28ed70d79374d5d8fdcac96c8778ad95d98703573c633f5b153291fba27be388a0e6ffb270fa26890137697cc20d8816b823389ff2de22d91569343dda1160ed0558e4d64b35cbedbd0af489317f8dba875a0e7399c28421a958803cf124056f7f434dc6b838f33a762915c3e92d11e47e5bc09c49f63fde627a96548011fbe61a93b80f277ca30fc577fcdf1fd6d6321f7e9147d2cd5e", 0xee}, {&(0x7f0000003c40)="694c5c1aa643c383b2f3eb80be9a73a591226f8b09a3fecbe4fb62950e19102c5b34977753de1cd98af1da4e0ea7ddb13560fdace45a5311ad52b7ce9fc23b411f667234cbd570ac00795e5eaefd400e631d54d88137bc44039eb0252ef13300edd7a022165bdc65ed97d663ab540b45778496de0b699a5b4dfd03000768fb07c36b2131f1c8f6eda79366c550da713a9d033d1ca2d7e9fa48942fac3ce975d400f6287493d895a810cf89e65262435e4957b377b37816d94c49d8a7d8bc07007e71d4021a405f1ab7729ef7e457b251d1b474497d4b71d8875bc717bf2dd9f0d1", 0xe1}, {&(0x7f0000003d40)="a61827ea15169ccd46a5128701bd6339042cfd042a839224cc1f0bcaf404f7f3f9e70bd02bdf0cba6fa383e3c3c058aa72d4a7435da566dc83c50111a38a2cd7101acac43c3ae1a0ed500d58b64f86c837afdff1b4a9131bb85f06a24fa1bbd21c0aff8a90da97dac04f45710a51738576a25912e1f4f0e9c950b6d6a7657fabe5deb62d5fef71dcc91c4004024bb079ccbf360215295b62fd79c91e7042a08e74b314f957ec82e293aaf66efb1f879c05cd22ab", 0xb4}], 0x4, &(0x7f0000003f40)=[@rights={{0x34, 0x1, 0x1, [r9, r10, r6, r11, 0xffffffffffffffff, r4, r4, r1, r4]}}, @rights={{0x38, 0x1, 0x1, [r1, r5, 0xffffffffffffffff, r5, r6, r1, r6, r8, r6, r6]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r10]}}, @rights={{0x30, 0x1, 0x1, [r0, r1, r5, r1, 0xffffffffffffffff, 0xffffffffffffffff, r8, 0xffffffffffffffff]}}], 0xb8, 0x20000800}, 0x40000d6)

3.779904794s ago: executing program 1 (id=1134):
getpid()
syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/cgroup\x00')
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f02a, 0x17})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x8a, &(0x7f00000000c0), 0x4)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
syz_open_dev$sndctrl(0x0, 0x1, 0x88200)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "ffb00afe4e70"}}}}}}}, 0x0)

1.862370493s ago: executing program 1 (id=1135):
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018, <r3=>r1}, './file1\x00'})
mkdirat(r3, &(0x7f0000000080)='./file7\x00', 0x149)

1.742105489s ago: executing program 1 (id=1136):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11000300686173683a6e65742c6e657400000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x8045}, 0x0)

1.726439151s ago: executing program 1 (id=1137):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x28, 0x38, 0x1, 0x20, 0x0, {0xb}, [@typed={0x14, 0x1, 0x0, 0x0, @ipv6=@private2}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x40010)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x8, 0x0, 0x2}}}}}}, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})

496.718004ms ago: executing program 1 (id=1138):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

0s ago: executing program 1 (id=1139):
r0 = syz_io_uring_setup(0x5e00, &(0x7f0000000580)={0x0, 0xc6f3, 0x40, 0xffffffff, 0x1}, &(0x7f0000000800), &(0x7f0000000840))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x21, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(0xffffffffffffffff, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={r1, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000540)='/sys/kernel/debug/sync/info\x00'}, 0x30)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0x40345410, &(0x7f0000000080)={{0x3, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r4, 0x80e85411, 0xfffffffffffffffe)
connect$unix(r2, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c000280080003400000001608000140"], 0x110}}, 0x40040)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r6)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioprio_set$pid(0x0, r1, 0x4004)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r7, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r9, 0x4b3a, 0x1)
ioctl$TCXONC(r9, 0x4b3a, 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)

kernel console output (not intermixed with test programs):

161] team0: Port device team_slave_0 added
[ 1192.694159][T11161] team0: Port device team_slave_1 added
[ 1193.291103][T11161] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1193.291120][T11161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1193.291144][T11161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1193.549988][T11161] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1193.550006][T11161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1193.550130][T11161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1194.401322][ T5843] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[ 1194.498702][T11161] hsr_slave_0: entered promiscuous mode
[ 1194.500207][T11161] hsr_slave_1: entered promiscuous mode
[ 1194.504593][T11161] debugfs: 'hsr0' already exists in 'hsr'
[ 1194.504625][T11161] Cannot create hsr debugfs directory
[ 1194.570072][ T5843] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1194.570111][ T5843] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1194.570220][ T5843] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1194.570247][ T5843] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1194.570270][ T5843] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1194.576774][ T5843] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1194.576811][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1194.576836][ T5843] usb 2-1: SerialNumber: syz
[ 1194.594347][T11064] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1194.790817][T11064] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1194.863233][T11064] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1196.379365][T11064] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1197.559481][ T5843] usb 2-1: USB disconnect, device number 28
[ 1197.700373][   T38] audit: type=1326 audit(1758896308.832:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727199][   T38] audit: type=1326 audit(1758896308.852:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727258][   T38] audit: type=1326 audit(1758896308.852:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727305][   T38] audit: type=1326 audit(1758896308.852:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727355][   T38] audit: type=1326 audit(1758896308.862:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727403][   T38] audit: type=1326 audit(1758896308.862:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727451][   T38] audit: type=1326 audit(1758896308.862:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727498][   T38] audit: type=1326 audit(1758896308.862:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727546][   T38] audit: type=1326 audit(1758896308.862:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1197.727593][   T38] audit: type=1326 audit(1758896308.862:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11233 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1198.122959][T11013] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1198.139726][   T70] bridge_slave_1: left allmulticast mode
[ 1198.139757][   T70] bridge_slave_1: left promiscuous mode
[ 1198.140005][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1198.212530][   T70] bridge_slave_0: left allmulticast mode
[ 1198.212566][   T70] bridge_slave_0: left promiscuous mode
[ 1198.212853][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1198.575794][   T70] bridge_slave_1: left allmulticast mode
[ 1198.575830][   T70] bridge_slave_1: left promiscuous mode
[ 1198.576101][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1199.637000][   T70] bridge_slave_0: left allmulticast mode
[ 1199.637035][   T70] bridge_slave_0: left promiscuous mode
[ 1199.637330][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1201.683668][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1201.761687][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1201.825379][   T70] bond0 (unregistering): Released all slaves
[ 1202.124400][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1202.202118][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1202.265098][   T70] bond0 (unregistering): Released all slaves
[ 1202.328990][T11244] netlink: 96 bytes leftover after parsing attributes in process `syz.1.996'.
[ 1202.625957][T11246] tmpfs: Bad value for 'mpol'
[ 1202.802834][T11030] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1203.068678][T11013] 8021q: adding VLAN 0 to HW filter on device team0
[ 1203.403928][ T8885] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1203.404094][ T8885] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1203.646603][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1203.647468][ T6034] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1203.674326][T11030] 8021q: adding VLAN 0 to HW filter on device team0
[ 1203.796389][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1203.805934][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1203.906341][ T6036] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1203.906518][ T6036] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1204.163092][T11064] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1204.864255][   T70] hsr_slave_0: left promiscuous mode
[ 1204.901037][   T70] hsr_slave_1: left promiscuous mode
[ 1204.902013][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1204.952809][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1205.126792][   T70] hsr_slave_0: left promiscuous mode
[ 1205.275610][   T70] hsr_slave_1: left promiscuous mode
[ 1205.481886][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1205.535380][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1205.634108][ T6540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1205.642937][ T6540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1205.644566][ T6540] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1205.647098][ T6540] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1205.648565][ T6540] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1206.567931][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1206.763377][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1207.761004][ T5844] Bluetooth: hci2: command tx timeout
[ 1208.262917][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1208.737095][ T6540] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1208.739889][ T6540] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1208.749306][ T6540] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1208.755186][ T6540] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1208.756308][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1208.760036][ T6540] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1209.841102][ T6540] Bluetooth: hci2: command tx timeout
[ 1210.967038][T11064] 8021q: adding VLAN 0 to HW filter on device team0
[ 1211.343756][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1211.351020][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1211.433950][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1211.440998][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1211.514138][T11161] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1211.602088][T11263] vxcan1 speed is unknown, defaulting to 1000
[ 1211.611270][T11161] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1211.671477][T11161] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1211.716279][ T6540] Bluetooth: hci5: command tx timeout
[ 1211.782879][T11161] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1211.785551][T11274] FAULT_INJECTION: forcing a failure.
[ 1211.785551][T11274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1211.785590][T11274] CPU: 0 UID: 0 PID: 11274 Comm: syz.1.1002 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1211.785614][T11274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1211.785628][T11274] Call Trace:
[ 1211.785636][T11274]  <TASK>
[ 1211.785646][T11274]  dump_stack_lvl+0x189/0x250
[ 1211.785683][T11274]  ? __pfx____ratelimit+0x10/0x10
[ 1211.785717][T11274]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1211.785748][T11274]  ? __pfx__printk+0x10/0x10
[ 1211.785773][T11274]  ? __might_fault+0xb0/0x130
[ 1211.785818][T11274]  should_fail_ex+0x46c/0x600
[ 1211.785866][T11274]  _copy_from_user+0x2d/0xb0
[ 1211.785896][T11274]  __sys_bpf+0x1ed/0x870
[ 1211.785927][T11274]  ? __pfx___sys_bpf+0x10/0x10
[ 1211.785969][T11274]  ? ksys_write+0x230/0x260
[ 1211.786001][T11274]  ? __pfx_ksys_write+0x10/0x10
[ 1211.786026][T11274]  ? rcu_is_watching+0x15/0xb0
[ 1211.786069][T11274]  __x64_sys_bpf+0x7c/0x90
[ 1211.786095][T11274]  do_syscall_64+0xfa/0x3b0
[ 1211.786116][T11274]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1211.786150][T11274]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1211.786172][T11274]  ? clear_bhb_loop+0x60/0xb0
[ 1211.786199][T11274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1211.786221][T11274] RIP: 0033:0x7f182006eec9
[ 1211.786241][T11274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1211.786261][T11274] RSP: 002b:00007f181e2ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1211.786285][T11274] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006eec9
[ 1211.786302][T11274] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000011
[ 1211.786316][T11274] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1211.786331][T11274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1211.786344][T11274] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1211.786379][T11274]  </TASK>
[ 1211.920906][ T6540] Bluetooth: hci2: command tx timeout
[ 1212.410058][T11251] vxcan1 speed is unknown, defaulting to 1000
[ 1213.192573][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1213.347950][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1213.943783][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1213.947460][ T6540] Bluetooth: hci5: command tx timeout
[ 1214.291008][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1214.291932][ T6540] Bluetooth: hci2: command tx timeout
[ 1214.392991][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1214.450005][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1214.601745][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1214.845551][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1215.100544][T11263] chnl_net:caif_netlink_parms(): no params data found
[ 1215.202932][T11161] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1216.011597][ T6540] Bluetooth: hci5: command tx timeout
[ 1216.121694][T11302] FAULT_INJECTION: forcing a failure.
[ 1216.121694][T11302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1216.121732][T11302] CPU: 0 UID: 0 PID: 11302 Comm: syz.1.1005 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1216.121759][T11302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1216.121772][T11302] Call Trace:
[ 1216.121781][T11302]  <TASK>
[ 1216.121791][T11302]  dump_stack_lvl+0x189/0x250
[ 1216.121829][T11302]  ? __pfx____ratelimit+0x10/0x10
[ 1216.121865][T11302]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1216.121897][T11302]  ? __pfx__printk+0x10/0x10
[ 1216.121922][T11302]  ? __might_fault+0xb0/0x130
[ 1216.121967][T11302]  should_fail_ex+0x46c/0x600
[ 1216.122004][T11302]  _copy_from_user+0x2d/0xb0
[ 1216.122034][T11302]  ___sys_sendmsg+0x158/0x2a0
[ 1216.122061][T11302]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1216.122125][T11302]  ? __fget_files+0x2a/0x420
[ 1216.122156][T11302]  ? __fget_files+0x3a6/0x420
[ 1216.122200][T11302]  __x64_sys_sendmsg+0x1a1/0x260
[ 1216.122226][T11302]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1216.122260][T11302]  ? __pfx_ksys_write+0x10/0x10
[ 1216.122286][T11302]  ? rcu_is_watching+0x15/0xb0
[ 1216.122326][T11302]  ? do_syscall_64+0xbe/0x3b0
[ 1216.122353][T11302]  do_syscall_64+0xfa/0x3b0
[ 1216.122372][T11302]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1216.122406][T11302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1216.122428][T11302]  ? clear_bhb_loop+0x60/0xb0
[ 1216.122455][T11302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1216.122476][T11302] RIP: 0033:0x7f182006eec9
[ 1216.122496][T11302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1216.122515][T11302] RSP: 002b:00007f181e2ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1216.122539][T11302] RAX: ffffffffffffffda RBX: 00007f18202c5fa0 RCX: 00007f182006eec9
[ 1216.122562][T11302] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[ 1216.122576][T11302] RBP: 00007f181e2ce090 R08: 0000000000000000 R09: 0000000000000000
[ 1216.122590][T11302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1216.122603][T11302] R13: 00007f18202c6038 R14: 00007f18202c5fa0 R15: 00007ffc4914d508
[ 1216.122638][T11302]  </TASK>
[ 1216.870260][T11161] 8021q: adding VLAN 0 to HW filter on device team0
[ 1216.986722][T11263] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1216.986874][T11263] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.987123][T11263] bridge_slave_0: entered allmulticast mode
[ 1216.990044][T11263] bridge_slave_0: entered promiscuous mode
[ 1217.104433][T11263] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1217.104582][T11263] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.104805][T11263] bridge_slave_1: entered allmulticast mode
[ 1217.111809][T11263] bridge_slave_1: entered promiscuous mode
[ 1217.271917][   T10] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1217.296447][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1217.309061][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1217.317878][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1217.329061][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1217.330564][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1217.454208][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1217.454270][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1217.454295][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1217.454319][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1217.454366][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1217.454411][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1217.466918][   T10] usb 2-1: config 0 descriptor??
[ 1217.556649][ T1014] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1217.556791][ T1014] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1217.604710][T11263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1217.628723][T11251] chnl_net:caif_netlink_parms(): no params data found
[ 1217.667246][T11263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1217.805427][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1217.805671][ T6034] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1218.028910][T11263] team0: Port device team_slave_0 added
[ 1218.081160][ T6540] Bluetooth: hci5: command tx timeout
[ 1218.106897][T11263] team0: Port device team_slave_1 added
[ 1218.215034][T11308] vxcan1 speed is unknown, defaulting to 1000
[ 1218.317542][ T8473] usb 2-1: USB disconnect, device number 29
[ 1219.707777][ T6540] Bluetooth: hci3: command tx timeout
[ 1221.098521][T11263] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1221.098541][T11263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1221.098571][T11263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1221.222301][T11263] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1221.222315][T11263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1221.222334][T11263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1221.223280][T11251] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1221.369702][T11251] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1221.369980][T11251] bridge_slave_0: entered allmulticast mode
[ 1221.373450][T11251] bridge_slave_0: entered promiscuous mode
[ 1221.761276][ T6540] Bluetooth: hci3: command tx timeout
[ 1222.197891][T11326] Bluetooth: MGMT ver 1.23
[ 1222.289162][   T38] kauditd_printk_skb: 3 callbacks suppressed
[ 1222.289189][   T38] audit: type=1326 audit(1758896333.422:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.289511][   T38] audit: type=1326 audit(1758896333.422:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.290369][   T38] audit: type=1326 audit(1758896333.422:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.290654][   T38] audit: type=1326 audit(1758896333.422:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.296533][   T38] audit: type=1326 audit(1758896333.432:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.331068][   T38] audit: type=1326 audit(1758896333.462:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.335054][   T38] audit: type=1326 audit(1758896333.472:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.418914][T11251] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1222.419114][T11251] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1222.419401][T11251] bridge_slave_1: entered allmulticast mode
[ 1222.435550][   T38] audit: type=1326 audit(1758896333.572:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.435621][   T38] audit: type=1326 audit(1758896333.572:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1222.437779][T11251] bridge_slave_1: entered promiscuous mode
[ 1222.440511][   T38] audit: type=1326 audit(1758896333.572:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11327 comm="syz.1.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f182006eec9 code=0x7ffc0000
[ 1223.095644][ T5915] kernel read not supported for file /audio1 (pid: 5915 comm: kworker/0:5)
[ 1223.118621][T11251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1223.280303][T11251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1224.567900][ T6540] Bluetooth: hci3: command tx timeout
[ 1225.870972][T11263] hsr_slave_0: entered promiscuous mode
[ 1225.872369][T11263] hsr_slave_1: entered promiscuous mode
[ 1226.641222][ T6540] Bluetooth: hci3: command tx timeout
[ 1227.066146][T11251] team0: Port device team_slave_0 added
[ 1227.187238][T11251] team0: Port device team_slave_1 added
[ 1227.602899][T11251] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1227.602917][T11251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1227.602940][T11251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1227.675985][T11251] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1227.676005][T11251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1227.676037][T11251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1227.761034][   T45] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1227.910967][   T45] usb 2-1: Using ep0 maxpacket: 8
[ 1227.913588][   T45] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[ 1227.913623][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1227.913651][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1227.916825][   T45] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[ 1227.916855][   T45] usb 2-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[ 1227.916877][   T45] usb 2-1: Product: syz
[ 1227.916893][   T45] usb 2-1: Manufacturer: syz
[ 1227.916908][   T45] usb 2-1: SerialNumber: syz
[ 1227.972845][   T45] usb 2-1: config 0 descriptor??
[ 1228.038501][   T45] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input22
[ 1228.536688][   T10] usb 2-1: USB disconnect, device number 30
[ 1228.789022][T11251] hsr_slave_0: entered promiscuous mode
[ 1228.790637][T11251] hsr_slave_1: entered promiscuous mode
[ 1228.812032][T11251] debugfs: 'hsr0' already exists in 'hsr'
[ 1228.812063][T11251] Cannot create hsr debugfs directory
[ 1229.016078][T11308] chnl_net:caif_netlink_parms(): no params data found
[ 1229.484930][T11361] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1231.314569][T11161] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1231.315151][T11308] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1231.315371][T11308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1231.315599][T11308] bridge_slave_0: entered allmulticast mode
[ 1231.331041][T11308] bridge_slave_0: entered promiscuous mode
[ 1231.380122][T11308] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1231.380278][T11308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1231.380488][T11308] bridge_slave_1: entered allmulticast mode
[ 1231.383949][T11308] bridge_slave_1: entered promiscuous mode
[ 1231.755997][T11308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1231.808608][T11308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1232.116464][T11308] team0: Port device team_slave_0 added
[ 1232.136515][T11308] team0: Port device team_slave_1 added
[ 1232.553119][T11384] FAULT_INJECTION: forcing a failure.
[ 1232.553119][T11384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.553157][T11384] CPU: 1 UID: 0 PID: 11384 Comm: syz.1.1021 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1232.553183][T11384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1232.553197][T11384] Call Trace:
[ 1232.553206][T11384]  <TASK>
[ 1232.553216][T11384]  dump_stack_lvl+0x189/0x250
[ 1232.553254][T11384]  ? __pfx____ratelimit+0x10/0x10
[ 1232.553289][T11384]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1232.553321][T11384]  ? __pfx__printk+0x10/0x10
[ 1232.553363][T11384]  should_fail_ex+0x46c/0x600
[ 1232.553403][T11384]  _copy_to_user+0x31/0xb0
[ 1232.553433][T11384]  simple_read_from_buffer+0xe1/0x170
[ 1232.553470][T11384]  proc_fail_nth_read+0x1b6/0x220
[ 1232.553496][T11384]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1232.553523][T11384]  ? rw_verify_area+0x2ac/0x4e0
[ 1232.553550][T11384]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1232.553575][T11384]  vfs_read+0x203/0xa30
[ 1232.553612][T11384]  ? __pfx_vfs_read+0x10/0x10
[ 1232.553635][T11384]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1232.553673][T11384]  ? mutex_lock_nested+0x154/0x1d0
[ 1232.553699][T11384]  ? fdget_pos+0x253/0x320
[ 1232.553741][T11384]  ksys_read+0x14b/0x260
[ 1232.553771][T11384]  ? __pfx_ksys_read+0x10/0x10
[ 1232.553796][T11384]  ? rcu_is_watching+0x15/0xb0
[ 1232.553843][T11384]  ? do_syscall_64+0xbe/0x3b0
[ 1232.553869][T11384]  do_syscall_64+0xfa/0x3b0
[ 1232.553889][T11384]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1232.553921][T11384]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.553944][T11384]  ? clear_bhb_loop+0x60/0xb0
[ 1232.553971][T11384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.553992][T11384] RIP: 0033:0x7f182006d8dc
[ 1232.554011][T11384] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1232.554029][T11384] RSP: 002b:00007f181e2ad030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1232.554052][T11384] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006d8dc
[ 1232.554067][T11384] RDX: 000000000000000f RSI: 00007f181e2ad0a0 RDI: 0000000000000004
[ 1232.554081][T11384] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1232.554095][T11384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1232.554108][T11384] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1232.554143][T11384]  </TASK>
[ 1232.833692][T11308] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1232.833711][T11308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1232.833754][T11308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1232.886754][T11308] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1232.886772][T11308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1232.886803][T11308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1232.955187][T11390] FAULT_INJECTION: forcing a failure.
[ 1232.955187][T11390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.955224][T11390] CPU: 1 UID: 0 PID: 11390 Comm: syz.1.1023 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1232.955248][T11390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1232.955261][T11390] Call Trace:
[ 1232.955269][T11390]  <TASK>
[ 1232.955279][T11390]  dump_stack_lvl+0x189/0x250
[ 1232.955315][T11390]  ? __pfx____ratelimit+0x10/0x10
[ 1232.955349][T11390]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1232.955381][T11390]  ? __pfx__printk+0x10/0x10
[ 1232.955405][T11390]  ? __might_fault+0xb0/0x130
[ 1232.955460][T11390]  should_fail_ex+0x46c/0x600
[ 1232.955498][T11390]  _copy_from_user+0x2d/0xb0
[ 1232.955527][T11390]  do_sock_getsockopt+0x17d/0x450
[ 1232.955553][T11390]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1232.955573][T11390]  ? do_syscall_64+0x40/0x3b0
[ 1232.955593][T11390]  ? __fget_files+0x3a6/0x420
[ 1232.955624][T11390]  ? __fget_files+0x2a/0x420
[ 1232.955664][T11390]  __x64_sys_getsockopt+0x1ab/0x250
[ 1232.955685][T11390]  ? do_syscall_64+0x40/0x3b0
[ 1232.955708][T11390]  ? do_syscall_64+0x40/0x3b0
[ 1232.955733][T11390]  do_syscall_64+0xfa/0x3b0
[ 1232.955752][T11390]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1232.955786][T11390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.955808][T11390]  ? clear_bhb_loop+0x60/0xb0
[ 1232.955836][T11390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.955858][T11390] RIP: 0033:0x7f182006eec9
[ 1232.955877][T11390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1232.955896][T11390] RSP: 002b:00007f181e2ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1232.955919][T11390] RAX: ffffffffffffffda RBX: 00007f18202c5fa0 RCX: 00007f182006eec9
[ 1232.955935][T11390] RDX: 0000000000000023 RSI: 0000000000000001 RDI: 0000000000000003
[ 1232.955948][T11390] RBP: 00007f181e2ce090 R08: 0000200000000000 R09: 0000000000000000
[ 1232.955968][T11390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1232.955981][T11390] R13: 00007f18202c6038 R14: 00007f18202c5fa0 R15: 00007ffc4914d508
[ 1232.956016][T11390]  </TASK>
[ 1233.971860][   T45] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1234.100977][   T45] usb 2-1: device descriptor read/64, error -71
[ 1234.194005][T11308] hsr_slave_0: entered promiscuous mode
[ 1234.196341][T11308] hsr_slave_1: entered promiscuous mode
[ 1234.197357][T11308] debugfs: 'hsr0' already exists in 'hsr'
[ 1234.197382][T11308] Cannot create hsr debugfs directory
[ 1234.341117][   T45] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1234.473125][   T45] usb 2-1: device descriptor read/64, error -71
[ 1234.581530][   T45] usb usb2-port1: attempt power cycle
[ 1234.942322][   T45] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1234.968445][   T45] usb 2-1: device descriptor read/8, error -71
[ 1235.103008][T11161] veth0_vlan: entered promiscuous mode
[ 1235.202961][   T45] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1235.224511][   T45] usb 2-1: device descriptor read/8, error -71
[ 1235.331236][   T45] usb usb2-port1: unable to enumerate USB device
[ 1235.461299][T11161] veth1_vlan: entered promiscuous mode
[ 1235.530417][   T70] bridge_slave_1: left allmulticast mode
[ 1235.530454][   T70] bridge_slave_1: left promiscuous mode
[ 1235.530894][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1235.600155][   T70] bridge_slave_0: left allmulticast mode
[ 1235.600181][   T70] bridge_slave_0: left promiscuous mode
[ 1235.600416][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1235.687649][   T70] bridge_slave_1: left allmulticast mode
[ 1235.687685][   T70] bridge_slave_1: left promiscuous mode
[ 1235.687965][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1235.742764][   T70] bridge_slave_0: left allmulticast mode
[ 1235.742800][   T70] bridge_slave_0: left promiscuous mode
[ 1235.743078][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1235.837268][   T70] bridge_slave_1: left allmulticast mode
[ 1235.837305][   T70] bridge_slave_1: left promiscuous mode
[ 1235.837576][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1235.892401][   T70] bridge_slave_0: left allmulticast mode
[ 1235.892437][   T70] bridge_slave_0: left promiscuous mode
[ 1235.892733][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.469360][T11396] afs: Unknown parameter 'dont_measure'
[ 1236.721273][ T5848] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[ 1236.873478][ T5848] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1236.873529][ T5848] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1236.873553][ T5848] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1236.873581][ T5848] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1236.873614][ T5848] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1236.873636][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1236.955152][ T5848] usb 2-1: config 0 descriptor??
[ 1238.076021][ T5848] usbhid 2-1:0.0: can't add hid device: -71
[ 1238.076161][ T5848] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1238.106338][ T5848] usb 2-1: USB disconnect, device number 35
[ 1239.041192][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1239.105624][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1239.135973][   T70] bond0 (unregistering): Released all slaves
[ 1239.543711][T11401] afs: Unknown parameter 'dont_measure'
[ 1239.841094][   T10] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[ 1240.000125][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1240.000178][   T10] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1240.000201][   T10] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1240.000230][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1240.000261][   T10] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1240.000284][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1240.097937][   T10] usb 2-1: config 0 descriptor??
[ 1240.237279][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1240.267519][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1240.279028][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1240.297901][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1240.317511][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1241.130529][T11401] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1026'.
[ 1241.187069][   T10] usbhid 2-1:0.0: can't add hid device: -71
[ 1241.187164][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1241.245983][   T10] usb 2-1: USB disconnect, device number 36
[ 1242.137751][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1242.472621][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1242.481197][ T6540] Bluetooth: hci4: command tx timeout
[ 1242.516124][   T70] bond0 (unregistering): Released all slaves
[ 1243.264552][T11419] FAULT_INJECTION: forcing a failure.
[ 1243.264552][T11419] name failslab, interval 1, probability 0, space 0, times 0
[ 1243.264591][T11419] CPU: 0 UID: 0 PID: 11419 Comm: syz.1.1031 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1243.264618][T11419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1243.264631][T11419] Call Trace:
[ 1243.264640][T11419]  <TASK>
[ 1243.264649][T11419]  dump_stack_lvl+0x189/0x250
[ 1243.264685][T11419]  ? __pfx____ratelimit+0x10/0x10
[ 1243.264721][T11419]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1243.264753][T11419]  ? __pfx__printk+0x10/0x10
[ 1243.264785][T11419]  ? __pfx___might_resched+0x10/0x10
[ 1243.264807][T11419]  ? fs_reclaim_acquire+0x7d/0x100
[ 1243.264833][T11419]  should_fail_ex+0x46c/0x600
[ 1243.264871][T11419]  should_failslab+0xa8/0x100
[ 1243.264903][T11419]  __kvmalloc_node_noprof+0x15a/0x550
[ 1243.264935][T11419]  ? traverse+0xd9/0x570
[ 1243.264975][T11419]  traverse+0xd9/0x570
[ 1243.265008][T11419]  ? seq_read_iter+0xb8/0xe10
[ 1243.265037][T11419]  seq_read_iter+0xcff/0xe10
[ 1243.265074][T11419]  ? __asan_memset+0x22/0x50
[ 1243.265105][T11419]  seq_read+0x36c/0x480
[ 1243.265133][T11419]  ? __lock_acquire+0xab9/0xd20
[ 1243.265173][T11419]  ? __pfx_seq_read+0x10/0x10
[ 1243.265204][T11419]  ? __import_iovec+0x5d4/0x7f0
[ 1243.265244][T11419]  ? __pfx_seq_read+0x10/0x10
[ 1243.265266][T11419]  proc_reg_read+0x1f3/0x2f0
[ 1243.265298][T11419]  vfs_readv+0x5b3/0x850
[ 1243.265332][T11419]  ? __pfx_proc_reg_read+0x10/0x10
[ 1243.265361][T11419]  ? __pfx_vfs_readv+0x10/0x10
[ 1243.265412][T11419]  ? __fget_files+0x2a/0x420
[ 1243.265449][T11419]  ? __fget_files+0x3a6/0x420
[ 1243.265479][T11419]  ? __fget_files+0x2a/0x420
[ 1243.265521][T11419]  __x64_sys_preadv+0x19a/0x2a0
[ 1243.265556][T11419]  ? __pfx___x64_sys_preadv+0x10/0x10
[ 1243.265583][T11419]  ? rcu_is_watching+0x15/0xb0
[ 1243.265623][T11419]  ? do_syscall_64+0xbe/0x3b0
[ 1243.265649][T11419]  do_syscall_64+0xfa/0x3b0
[ 1243.265668][T11419]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1243.265701][T11419]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1243.265723][T11419]  ? clear_bhb_loop+0x60/0xb0
[ 1243.265750][T11419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1243.265771][T11419] RIP: 0033:0x7f182006eec9
[ 1243.265790][T11419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1243.265809][T11419] RSP: 002b:00007f181e2ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1243.265833][T11419] RAX: ffffffffffffffda RBX: 00007f18202c5fa0 RCX: 00007f182006eec9
[ 1243.265849][T11419] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000003
[ 1243.265864][T11419] RBP: 00007f181e2ce090 R08: 0000000000000005 R09: 0000000000000000
[ 1243.265878][T11419] R10: 0000000000000091 R11: 0000000000000246 R12: 0000000000000001
[ 1243.265891][T11419] R13: 00007f18202c6038 R14: 00007f18202c5fa0 R15: 00007ffc4914d508
[ 1243.265927][T11419]  </TASK>
[ 1244.751768][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.751849][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1244.751968][ T6540] Bluetooth: hci4: command tx timeout
[ 1246.361198][T11430] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1034'.
[ 1246.845084][ T6540] Bluetooth: hci4: command tx timeout
[ 1248.478832][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1248.594254][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1248.605454][T11441] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1037'.
[ 1248.668372][   T70] bond0 (unregistering): Released all slaves
[ 1248.890888][ T6540] Bluetooth: hci4: command tx timeout
[ 1249.414495][T11402] vxcan1 speed is unknown, defaulting to 1000
[ 1251.442621][T11461] afs: Unknown parameter 'dont_measure'
[ 1251.720878][ T5908] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[ 1251.899665][ T5908] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1251.899718][ T5908] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1251.899743][ T5908] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1251.899771][ T5908] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1251.899807][ T5908] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1251.899832][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.978840][ T5908] usb 2-1: config 0 descriptor??
[ 1252.068656][   T70] hsr_slave_0: left promiscuous mode
[ 1252.112089][   T70] hsr_slave_1: left promiscuous mode
[ 1252.119476][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1252.152101][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1252.842680][   T70] hsr_slave_0: left promiscuous mode
[ 1252.861105][   T70] hsr_slave_1: left promiscuous mode
[ 1252.862125][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1252.913355][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1252.968052][T11461] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1040'.
[ 1252.989386][ T5908] usbhid 2-1:0.0: can't add hid device: -71
[ 1252.989486][ T5908] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1253.023126][ T5908] usb 2-1: USB disconnect, device number 37
[ 1253.101164][   T70] hsr_slave_0: left promiscuous mode
[ 1253.123206][   T70] hsr_slave_1: left promiscuous mode
[ 1253.125350][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1253.171979][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1255.480488][T11482] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1042'.
[ 1256.171770][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1256.436596][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1259.892203][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1260.153874][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1263.411789][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1263.571376][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1265.898320][T11402] chnl_net:caif_netlink_parms(): no params data found
[ 1265.969306][T11263] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1266.166164][T11263] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1266.294151][T11263] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1266.479720][T11263] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1267.043723][T11402] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1267.043948][T11402] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.044205][T11402] bridge_slave_0: entered allmulticast mode
[ 1267.051485][T11402] bridge_slave_0: entered promiscuous mode
[ 1267.078420][T11402] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1267.078588][T11402] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1267.078856][T11402] bridge_slave_1: entered allmulticast mode
[ 1267.104191][T11402] bridge_slave_1: entered promiscuous mode
[ 1267.408431][T11402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1267.488418][T11402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1268.774864][T11402] team0: Port device team_slave_0 added
[ 1269.064121][T11402] team0: Port device team_slave_1 added
[ 1269.509101][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1269.548783][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1269.552992][T11402] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1269.553011][T11402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1269.553633][T11402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1269.618999][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1269.638971][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1269.643251][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1269.644994][T11402] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1269.645011][T11402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1269.645044][T11402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1270.554987][T11402] hsr_slave_0: entered promiscuous mode
[ 1270.556396][T11402] hsr_slave_1: entered promiscuous mode
[ 1270.557388][T11402] debugfs: 'hsr0' already exists in 'hsr'
[ 1270.557414][T11402] Cannot create hsr debugfs directory
[ 1270.808331][T11504] vxcan1 speed is unknown, defaulting to 1000
[ 1271.762053][ T5844] Bluetooth: hci0: command tx timeout
[ 1271.872682][ T6540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1271.890279][ T6540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1271.904982][ T6540] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1271.921246][ T6540] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1271.922630][ T6540] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1273.280000][T11308] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1273.478790][T11308] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1273.732863][T11308] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1274.062344][ T6540] Bluetooth: hci0: command tx timeout
[ 1274.062414][ T6540] Bluetooth: hci2: command tx timeout
[ 1274.163596][T11308] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1274.541629][T11519] vxcan1 speed is unknown, defaulting to 1000
[ 1275.190859][   T45] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1275.346832][   T45] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1275.346865][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.346886][   T45] usb 2-1: Product: syz
[ 1275.346901][   T45] usb 2-1: Manufacturer: syz
[ 1275.346916][   T45] usb 2-1: SerialNumber: syz
[ 1275.393181][   T45] usb 2-1: config 0 descriptor??
[ 1275.407678][   T45] ch341 2-1:0.0: ch341-uart converter detected
[ 1275.892811][   T45] usb 2-1: failed to send control message: -71
[ 1275.892875][   T45] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1275.949240][   T45] usb 2-1: USB disconnect, device number 38
[ 1275.959484][   T45] ch341 2-1:0.0: device disconnected
[ 1276.081273][ T5844] Bluetooth: hci2: command tx timeout
[ 1276.081307][ T5844] Bluetooth: hci0: command tx timeout
[ 1278.161294][ T6540] Bluetooth: hci0: command tx timeout
[ 1278.161329][ T6540] Bluetooth: hci2: command tx timeout
[ 1278.316323][T11504] chnl_net:caif_netlink_parms(): no params data found
[ 1278.587368][T11573] FAULT_INJECTION: forcing a failure.
[ 1278.587368][T11573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1278.587406][T11573] CPU: 1 UID: 0 PID: 11573 Comm: syz.1.1051 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1278.587432][T11573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1278.587446][T11573] Call Trace:
[ 1278.587454][T11573]  <TASK>
[ 1278.587463][T11573]  dump_stack_lvl+0x189/0x250
[ 1278.587500][T11573]  ? __pfx____ratelimit+0x10/0x10
[ 1278.587535][T11573]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1278.587568][T11573]  ? __pfx__printk+0x10/0x10
[ 1278.587593][T11573]  ? __might_fault+0xb0/0x130
[ 1278.587647][T11573]  should_fail_ex+0x46c/0x600
[ 1278.587686][T11573]  _copy_from_user+0x2d/0xb0
[ 1278.587715][T11573]  ___sys_sendmsg+0x158/0x2a0
[ 1278.587741][T11573]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1278.587806][T11573]  ? __fget_files+0x2a/0x420
[ 1278.587837][T11573]  ? __fget_files+0x3a6/0x420
[ 1278.587881][T11573]  __x64_sys_sendmsg+0x1a1/0x260
[ 1278.587907][T11573]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1278.587941][T11573]  ? __pfx_ksys_write+0x10/0x10
[ 1278.587976][T11573]  ? do_syscall_64+0xbe/0x3b0
[ 1278.588002][T11573]  do_syscall_64+0xfa/0x3b0
[ 1278.588023][T11573]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1278.588057][T11573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.588079][T11573]  ? clear_bhb_loop+0x60/0xb0
[ 1278.588106][T11573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.588128][T11573] RIP: 0033:0x7f182006eec9
[ 1278.588147][T11573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1278.588167][T11573] RSP: 002b:00007f181e2ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1278.588190][T11573] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006eec9
[ 1278.588206][T11573] RDX: 0000000004008000 RSI: 0000200000000200 RDI: 0000000000000003
[ 1278.588221][T11573] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1278.588235][T11573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1278.588248][T11573] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1278.588284][T11573]  </TASK>
[ 1279.100640][ T6540] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1279.120086][ T6540] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1279.123421][ T6540] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1279.124963][ T6540] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1279.127076][ T6540] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1279.260934][ T5915] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[ 1279.413673][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1279.413713][ T5915] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1279.413741][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1279.413768][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1279.413792][ T5915] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1279.415929][ T5915] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1279.415958][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1279.415980][ T5915] usb 2-1: SerialNumber: syz
[ 1279.933040][T11583] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1052'.
[ 1280.269226][ T5844] Bluetooth: hci2: command tx timeout
[ 1281.201108][ T5844] Bluetooth: hci3: command tx timeout
[ 1282.209107][ T5915] usb 2-1: USB disconnect, device number 39
[ 1282.333547][T11504] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1282.333703][T11504] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1282.333962][T11504] bridge_slave_0: entered allmulticast mode
[ 1282.336888][T11504] bridge_slave_0: entered promiscuous mode
[ 1283.646685][ T5844] Bluetooth: hci3: command tx timeout
[ 1283.801157][T11504] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1283.801315][T11504] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1283.801946][T11504] bridge_slave_1: entered allmulticast mode
[ 1283.805062][T11504] bridge_slave_1: entered promiscuous mode
[ 1283.877141][T11519] chnl_net:caif_netlink_parms(): no params data found
[ 1283.893639][T11576] vxcan1 speed is unknown, defaulting to 1000
[ 1284.229970][T11590] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[ 1284.369597][T11592] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[ 1284.370204][T11592] overlayfs: overlapping lowerdir path
[ 1284.401856][T11402] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1284.527931][T11504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1284.659781][T11402] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1284.784469][T11504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1284.802132][T11402] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1284.930928][   T45] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1284.993714][T11402] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1285.108109][   T45] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1285.108144][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.108167][   T45] usb 2-1: Product: syz
[ 1285.108182][   T45] usb 2-1: Manufacturer: syz
[ 1285.108198][   T45] usb 2-1: SerialNumber: syz
[ 1285.119603][   T45] usb 2-1: config 0 descriptor??
[ 1285.136551][   T45] ch341 2-1:0.0: ch341-uart converter detected
[ 1285.537748][T11504] team0: Port device team_slave_0 added
[ 1285.680873][ T6540] Bluetooth: hci3: command tx timeout
[ 1285.736873][T11504] team0: Port device team_slave_1 added
[ 1286.404003][   T45] usb 2-1: failed to send control message: -110
[ 1286.404067][   T45] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1286.467184][T11519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1286.467560][T11519] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1286.467768][T11519] bridge_slave_0: entered allmulticast mode
[ 1286.477275][T11519] bridge_slave_0: entered promiscuous mode
[ 1286.588994][T11519] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1286.589149][T11519] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1286.589404][T11519] bridge_slave_1: entered allmulticast mode
[ 1286.600166][T11519] bridge_slave_1: entered promiscuous mode
[ 1286.604827][T11504] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1286.604846][T11504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1286.604880][T11504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1286.943636][T11504] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1286.943655][T11504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1286.943685][T11504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1287.243513][T11519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1287.288578][T11519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1287.687284][ T5987] usb 2-1: USB disconnect, device number 40
[ 1287.708023][ T5987] ch341 2-1:0.0: device disconnected
[ 1287.761282][ T6540] Bluetooth: hci3: command tx timeout
[ 1287.776376][T11519] team0: Port device team_slave_0 added
[ 1287.824809][T11504] hsr_slave_0: entered promiscuous mode
[ 1287.827825][T11504] hsr_slave_1: entered promiscuous mode
[ 1287.828863][T11504] debugfs: 'hsr0' already exists in 'hsr'
[ 1287.828891][T11504] Cannot create hsr debugfs directory
[ 1287.855251][T11519] team0: Port device team_slave_1 added
[ 1289.253628][T11611] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1058'.
[ 1289.253714][T11611] netlink: zone id is out of range
[ 1289.253723][T11611] netlink: zone id is out of range
[ 1289.253732][T11611] netlink: zone id is out of range
[ 1289.253740][T11611] netlink: zone id is out of range
[ 1289.253748][T11611] netlink: zone id is out of range
[ 1289.253757][T11611] netlink: zone id is out of range
[ 1289.253765][T11611] netlink: zone id is out of range
[ 1289.253774][T11611] netlink: zone id is out of range
[ 1289.253783][T11611] netlink: zone id is out of range
[ 1289.253791][T11611] netlink: zone id is out of range
[ 1289.456553][T11614] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1058'.
[ 1289.537531][T11519] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1289.537549][T11519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1289.537579][T11519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1289.666873][T11519] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1289.666901][T11519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1289.666931][T11519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1290.001295][T11619] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1059'.
[ 1290.257737][   T10] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[ 1290.306171][T11519] hsr_slave_0: entered promiscuous mode
[ 1290.307612][T11519] hsr_slave_1: entered promiscuous mode
[ 1290.308575][T11519] debugfs: 'hsr0' already exists in 'hsr'
[ 1290.308609][T11519] Cannot create hsr debugfs directory
[ 1290.319727][T11576] chnl_net:caif_netlink_parms(): no params data found
[ 1290.400905][   T70] bridge_slave_1: left allmulticast mode
[ 1290.400940][   T70] bridge_slave_1: left promiscuous mode
[ 1290.403259][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1290.403316][   T10] usb 2-1: device descriptor read/64, error -71
[ 1290.474747][   T70] bridge_slave_0: left allmulticast mode
[ 1290.474783][   T70] bridge_slave_0: left promiscuous mode
[ 1290.475077][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1290.536795][   T70] bridge_slave_1: left allmulticast mode
[ 1290.536832][   T70] bridge_slave_1: left promiscuous mode
[ 1290.537118][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1290.594268][   T70] bridge_slave_0: left allmulticast mode
[ 1290.594302][   T70] bridge_slave_0: left promiscuous mode
[ 1290.594580][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1290.651163][   T10] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[ 1290.659532][   T70] bridge_slave_1: left allmulticast mode
[ 1290.659568][   T70] bridge_slave_1: left promiscuous mode
[ 1290.659841][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1290.731622][   T70] bridge_slave_0: left allmulticast mode
[ 1290.731658][   T70] bridge_slave_0: left promiscuous mode
[ 1290.731929][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1290.790892][   T10] usb 2-1: device descriptor read/64, error -71
[ 1290.901474][   T10] usb usb2-port1: attempt power cycle
[ 1291.242456][   T10] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[ 1291.271076][   T10] usb 2-1: device descriptor read/8, error -71
[ 1291.301851][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1291.393055][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1291.455785][   T70] bond0 (unregistering): Released all slaves
[ 1291.511079][   T10] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[ 1291.537292][   T10] usb 2-1: device descriptor read/8, error -71
[ 1291.645355][   T10] usb usb2-port1: unable to enumerate USB device
[ 1291.983871][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1292.062007][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1292.125158][   T70] bond0 (unregistering): Released all slaves
[ 1295.548329][T11627] overlayfs: missing 'lowerdir'
[ 1295.803462][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1295.861737][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1295.913431][   T70] bond0 (unregistering): Released all slaves
[ 1297.501227][T11576] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1297.501542][T11576] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1297.501789][T11576] bridge_slave_0: entered allmulticast mode
[ 1297.504928][T11576] bridge_slave_0: entered promiscuous mode
[ 1297.754394][T11576] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1297.754550][T11576] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1297.754833][T11576] bridge_slave_1: entered allmulticast mode
[ 1297.792328][T11576] bridge_slave_1: entered promiscuous mode
[ 1297.904190][T11633] futex_wake_op: syz.1.1062 tries to shift op by -1; fix this program
[ 1299.565503][T11576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1299.711165][   T70] hsr_slave_0: left promiscuous mode
[ 1299.731048][   T70] hsr_slave_1: left promiscuous mode
[ 1299.732094][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1299.741412][T10027] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1299.782880][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1299.908354][T10027] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1299.908387][T10027] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1299.908408][T10027] usb 2-1: Product: syz
[ 1299.908424][T10027] usb 2-1: Manufacturer: syz
[ 1299.908439][T10027] usb 2-1: SerialNumber: syz
[ 1299.922720][T10027] usb 2-1: config 0 descriptor??
[ 1299.933455][T10027] ch341 2-1:0.0: ch341-uart converter detected
[ 1300.000963][   T70] hsr_slave_0: left promiscuous mode
[ 1300.023858][   T70] hsr_slave_1: left promiscuous mode
[ 1300.024804][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1300.062683][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1300.205857][   T70] hsr_slave_0: left promiscuous mode
[ 1300.221004][   T70] hsr_slave_1: left promiscuous mode
[ 1300.222656][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1300.272579][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1300.389759][   T70] veth1_vlan: left promiscuous mode
[ 1300.389995][   T70] veth0_vlan: left promiscuous mode
[ 1301.203458][T10027] usb 2-1: failed to send control message: -110
[ 1301.203521][T10027] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1301.971713][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1302.184127][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1302.200185][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1302.222972][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1302.224700][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1302.225949][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1302.226771][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1302.500559][ T5987] usb 2-1: USB disconnect, device number 45
[ 1302.513572][ T5987] ch341 2-1:0.0: device disconnected
[ 1303.010814][ T5987] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1303.161058][ T5987] usb 2-1: Using ep0 maxpacket: 16
[ 1303.169780][ T5987] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1303.173151][ T5987] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[ 1303.173182][ T5987] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 1303.173207][ T5987] usb 2-1: config 13 has no interface number 0
[ 1303.173263][ T5987] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16
[ 1303.173296][ T5987] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1303.173327][ T5987] usb 2-1: config 13 interface 50 has no altsetting 0
[ 1303.193505][ T5987] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[ 1303.193542][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.193565][ T5987] usb 2-1: Product: syz
[ 1303.193583][ T5987] usb 2-1: Manufacturer: syz
[ 1303.193601][ T5987] usb 2-1: SerialNumber: syz
[ 1303.223818][T11646] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1303.503535][T11645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1303.504269][T11645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1303.557108][ T5987] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1303.557168][ T5987] usb 2-1: MIDIStreaming interface descriptor not found
[ 1303.735168][ T5987] usb 2-1: USB disconnect, device number 46
[ 1304.024370][T11647] udevd[11647]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1304.321462][ T6540] Bluetooth: hci5: command tx timeout
[ 1304.363546][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1304.541927][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1305.521129][   T10] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[ 1305.609210][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.609296][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.691950][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1305.691990][   T10] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1305.692017][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1305.692044][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1305.692067][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1305.693640][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1305.693669][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1305.693690][   T10] usb 2-1: SerialNumber: syz
[ 1306.212665][T11654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1067'.
[ 1306.401041][ T6540] Bluetooth: hci5: command tx timeout
[ 1308.501302][ T6540] Bluetooth: hci5: command tx timeout
[ 1309.437257][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1309.726402][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1310.576396][ T6540] Bluetooth: hci5: command tx timeout
[ 1312.728068][T11576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1313.171146][T10027] usb 2-1: USB disconnect, device number 47
[ 1313.444641][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1069'.
[ 1313.444665][T11661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1069'.
[ 1313.444692][T11661] netlink: 'syz.1.1069': attribute type 12 has an invalid length.
[ 1313.444707][T11661] netlink: 'syz.1.1069': attribute type 11 has an invalid length.
[ 1313.568178][T11576] team0: Port device team_slave_0 added
[ 1313.800997][T10027] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1313.865279][T11576] team0: Port device team_slave_1 added
[ 1313.998261][T10027] usb 2-1: Using ep0 maxpacket: 8
[ 1313.999291][T10027] usb 2-1: too many configurations: 128, using maximum allowed: 8
[ 1314.019150][T10027] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[ 1314.019186][T10027] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 1314.019211][T10027] usb 2-1: Product: syz
[ 1314.019229][T10027] usb 2-1: Manufacturer: syz
[ 1314.038608][T10027] usb 2-1: config 0 descriptor??
[ 1314.110504][T10027] gspca_main: 2770:9120 too many config
[ 1314.250775][T10027] usb 2-1: USB disconnect, device number 48
[ 1314.540173][T11576] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1314.540193][T11576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1314.540223][T11576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1314.550831][T11642] vxcan1 speed is unknown, defaulting to 1000
[ 1314.585680][T11576] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1314.585702][T11576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1314.585735][T11576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1315.121214][T11576] hsr_slave_0: entered promiscuous mode
[ 1315.123965][T11576] hsr_slave_1: entered promiscuous mode
[ 1316.487299][ T8473] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1316.662671][ T8473] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1316.662705][ T8473] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1316.662726][ T8473] usb 2-1: Product: syz
[ 1316.662742][ T8473] usb 2-1: Manufacturer: syz
[ 1316.662757][ T8473] usb 2-1: SerialNumber: syz
[ 1316.685861][ T8473] usb 2-1: config 0 descriptor??
[ 1316.707319][ T8473] ch341 2-1:0.0: ch341-uart converter detected
[ 1317.058805][T11504] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1317.170856][T11504] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1317.259894][T11504] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1317.463932][T11504] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1317.712682][T11642] chnl_net:caif_netlink_parms(): no params data found
[ 1317.921181][ T8473] usb 2-1: failed to send control message: -110
[ 1317.921246][ T8473] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1318.154501][T11519] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1318.214492][T11519] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1318.795316][T11519] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1319.017130][T11519] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1319.203851][ T5987] usb 2-1: USB disconnect, device number 49
[ 1319.206460][ T5987] ch341 2-1:0.0: device disconnected
[ 1319.601061][T11642] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1319.601295][T11642] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1319.601717][T11642] bridge_slave_0: entered allmulticast mode
[ 1319.606601][T11642] bridge_slave_0: entered promiscuous mode
[ 1319.766057][T11687] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[ 1321.112727][T11642] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1321.112891][T11642] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1321.113140][T11642] bridge_slave_1: entered allmulticast mode
[ 1321.117375][T11642] bridge_slave_1: entered promiscuous mode
[ 1321.636582][T11700] afs: Unknown parameter 'dont_measure'
[ 1321.878163][T11642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1321.883110][   T10] usb 2-1: new full-speed USB device number 50 using dummy_hcd
[ 1322.034769][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1322.034848][   T10] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1322.034873][   T10] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1322.034967][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1322.035005][   T10] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1322.035031][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1322.109035][   T10] usb 2-1: config 0 descriptor??
[ 1322.152262][T11642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1323.307327][T11700] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1075'.
[ 1323.326271][   T10] hid-alps 0003:044E:120C.0008: ignoring exceeding usage max
[ 1323.328033][   T10] hid-alps 0003:044E:120C.0008: unbalanced collection at end of report description
[ 1323.328915][   T10] hid-alps 0003:044E:120C.0008: parse failed
[ 1323.329025][   T10] hid-alps 0003:044E:120C.0008: probe with driver hid-alps failed with error -22
[ 1323.536504][ T5908] usb 2-1: USB disconnect, device number 50
[ 1323.604416][T11642] team0: Port device team_slave_0 added
[ 1323.878872][T11642] team0: Port device team_slave_1 added
[ 1324.213421][T11642] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1324.213440][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1324.213470][T11642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1324.291429][T11642] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1324.291448][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1324.291483][T11642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1325.378783][T11642] hsr_slave_0: entered promiscuous mode
[ 1325.398728][T11642] hsr_slave_1: entered promiscuous mode
[ 1325.399725][T11642] debugfs: 'hsr0' already exists in 'hsr'
[ 1325.421810][T11642] Cannot create hsr debugfs directory
[ 1325.611333][T11576] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1326.041888][T11576] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1326.319423][T11576] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1326.535836][T11576] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1326.892656][   T70] bridge_slave_1: left allmulticast mode
[ 1326.892682][   T70] bridge_slave_1: left promiscuous mode
[ 1326.892875][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1326.963895][   T70] bridge_slave_0: left allmulticast mode
[ 1326.963932][   T70] bridge_slave_0: left promiscuous mode
[ 1326.964226][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1327.064928][   T70] bridge_slave_1: left allmulticast mode
[ 1327.064966][   T70] bridge_slave_1: left promiscuous mode
[ 1327.065236][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1327.124174][   T70] bridge_slave_0: left allmulticast mode
[ 1327.124211][   T70] bridge_slave_0: left promiscuous mode
[ 1327.124488][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1328.980579][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1329.063393][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1329.125022][   T70] bond0 (unregistering): Released all slaves
[ 1329.284221][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1329.551657][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1329.634565][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1329.695000][   T70] bond0 (unregistering): Released all slaves
[ 1329.937362][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1330.520961][T11519] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1330.790480][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1331.449318][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1332.269992][T11576] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1332.352575][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1332.371478][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1332.380590][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1332.383832][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1332.385895][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1332.947918][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1332.956961][   T70] hsr_slave_0: left promiscuous mode
[ 1332.971293][   T70] hsr_slave_1: left promiscuous mode
[ 1332.972041][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1333.026393][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1333.162544][   T70] hsr_slave_0: left promiscuous mode
[ 1333.181136][   T70] hsr_slave_1: left promiscuous mode
[ 1333.184457][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1333.222033][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1334.201120][ T8473] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1334.242792][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1334.246592][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1334.250318][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1334.296098][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1334.317284][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1334.371643][ T8473] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1334.371692][ T8473] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1334.371713][ T8473] usb 2-1: Product: syz
[ 1334.371728][ T8473] usb 2-1: Manufacturer: syz
[ 1334.371744][ T8473] usb 2-1: SerialNumber: syz
[ 1334.376033][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1334.379805][ T8473] usb 2-1: config 0 descriptor??
[ 1334.386072][ T8473] ch341 2-1:0.0: ch341-uart converter detected
[ 1334.481002][ T6540] Bluetooth: hci4: command tx timeout
[ 1334.622308][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1334.923719][ T8473] usb 2-1: failed to send control message: -71
[ 1334.923782][ T8473] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1334.951941][ T8473] usb 2-1: USB disconnect, device number 51
[ 1334.954097][ T8473] ch341 2-1:0.0: device disconnected
[ 1336.322015][ T5844] Bluetooth: hci0: command tx timeout
[ 1336.384134][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1336.541924][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1336.560836][ T6540] Bluetooth: hci4: command tx timeout
[ 1337.016475][T11737] afs: Unknown parameter 'dont_measure'
[ 1337.289036][   T10] usb 2-1: new full-speed USB device number 52 using dummy_hcd
[ 1337.436620][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1337.436684][   T10] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1337.436708][   T10] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1337.436738][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1337.436774][   T10] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1337.436798][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1337.445714][   T10] usb 2-1: config 0 descriptor??
[ 1338.405998][ T6540] Bluetooth: hci0: command tx timeout
[ 1338.650760][ T6540] Bluetooth: hci4: command tx timeout
[ 1338.869774][   T10] hid-alps 0003:044E:120C.0009: ignoring exceeding usage max
[ 1338.889834][   T10] hid-alps 0003:044E:120C.0009: unbalanced collection at end of report description
[ 1338.910538][   T10] hid-alps 0003:044E:120C.0009: parse failed
[ 1338.911757][   T10] hid-alps 0003:044E:120C.0009: probe with driver hid-alps failed with error -22
[ 1338.958282][T11576] 8021q: adding VLAN 0 to HW filter on device team0
[ 1339.026260][T11724] vxcan1 speed is unknown, defaulting to 1000
[ 1339.061647][ T5908] usb 2-1: USB disconnect, device number 52
[ 1339.071551][ T6034] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1339.071728][ T6034] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1339.878829][T11642] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1339.952907][T11642] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1340.024434][T11642] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1340.077206][T11642] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1340.480896][ T6540] Bluetooth: hci0: command tx timeout
[ 1340.481202][T11733] vxcan1 speed is unknown, defaulting to 1000
[ 1340.720870][ T6540] Bluetooth: hci4: command tx timeout
[ 1341.859113][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1342.024682][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1342.027493][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1342.029456][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1342.030306][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1342.561673][ T6540] Bluetooth: hci0: command tx timeout
[ 1344.121134][T11724] chnl_net:caif_netlink_parms(): no params data found
[ 1344.420992][ T6540] Bluetooth: hci2: command tx timeout
[ 1344.480990][T11755] vxcan1 speed is unknown, defaulting to 1000
[ 1344.560584][T11642] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1346.546359][ T6540] Bluetooth: hci2: command tx timeout
[ 1348.561146][ T6540] Bluetooth: hci2: command tx timeout
[ 1349.345802][T11724] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1349.346284][T11724] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1349.346538][T11724] bridge_slave_0: entered allmulticast mode
[ 1349.349866][T11724] bridge_slave_0: entered promiscuous mode
[ 1349.488207][T11724] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1349.488369][T11724] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1349.488576][T11724] bridge_slave_1: entered allmulticast mode
[ 1349.513105][T11724] bridge_slave_1: entered promiscuous mode
[ 1349.823887][T11642] 8021q: adding VLAN 0 to HW filter on device team0
[ 1350.230948][ T5915] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1350.393722][T11724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1350.397579][ T5915] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1350.397612][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1350.397634][ T5915] usb 2-1: Product: syz
[ 1350.397650][ T5915] usb 2-1: Manufacturer: syz
[ 1350.397666][ T5915] usb 2-1: SerialNumber: syz
[ 1350.446936][ T5915] usb 2-1: config 0 descriptor??
[ 1350.464098][ T5915] ch341 2-1:0.0: ch341-uart converter detected
[ 1350.465905][T11733] chnl_net:caif_netlink_parms(): no params data found
[ 1350.499783][T11724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1350.563492][ T6191] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1350.563740][ T6191] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1350.640999][ T6540] Bluetooth: hci2: command tx timeout
[ 1350.946328][ T5915] usb 2-1: failed to send control message: -71
[ 1350.946390][ T5915] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1350.961567][ T5915] usb 2-1: USB disconnect, device number 53
[ 1350.973045][ T5915] ch341 2-1:0.0: device disconnected
[ 1351.533903][T11724] team0: Port device team_slave_0 added
[ 1351.560042][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1351.560206][ T6191] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1351.595408][T11724] team0: Port device team_slave_1 added
[ 1351.952275][T11724] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1351.952293][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1351.952322][T11724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1352.043463][T11724] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1352.043481][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1352.043511][T11724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1352.070949][T11733] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1352.088024][T11733] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1352.088302][T11733] bridge_slave_0: entered allmulticast mode
[ 1352.122046][T11733] bridge_slave_0: entered promiscuous mode
[ 1352.239160][T11733] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1352.239310][T11733] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1352.239530][T11733] bridge_slave_1: entered allmulticast mode
[ 1352.245829][T11733] bridge_slave_1: entered promiscuous mode
[ 1352.634057][T11733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1352.804530][T11733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1352.831239][T11724] hsr_slave_0: entered promiscuous mode
[ 1352.832870][T11724] hsr_slave_1: entered promiscuous mode
[ 1352.844923][T11724] debugfs: 'hsr0' already exists in 'hsr'
[ 1352.844953][T11724] Cannot create hsr debugfs directory
[ 1353.287728][T11733] team0: Port device team_slave_0 added
[ 1353.377786][T11755] chnl_net:caif_netlink_parms(): no params data found
[ 1353.406566][T11733] team0: Port device team_slave_1 added
[ 1353.923745][T11801] afs: Unknown parameter 'dont_measure'
[ 1354.181927][T10027] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[ 1354.343577][T10027] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1354.343634][T10027] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1354.343660][T10027] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1354.343690][T10027] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1354.343726][T10027] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1354.343751][T10027] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1354.349984][T10027] usb 2-1: config 0 descriptor??
[ 1354.422253][T11733] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1354.422271][T11733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1354.422299][T11733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1354.514072][T11733] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1354.514091][T11733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1354.514122][T11733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1355.542348][T11801] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1090'.
[ 1355.595345][T10027] hid-alps 0003:044E:120C.000A: ignoring exceeding usage max
[ 1355.597316][T10027] hid-alps 0003:044E:120C.000A: unbalanced collection at end of report description
[ 1355.598185][T10027] hid-alps 0003:044E:120C.000A: parse failed
[ 1355.598297][T10027] hid-alps 0003:044E:120C.000A: probe with driver hid-alps failed with error -22
[ 1355.761639][   T10] usb 2-1: USB disconnect, device number 54
[ 1356.649576][T11755] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1356.649732][T11755] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1356.669659][T11755] bridge_slave_0: entered allmulticast mode
[ 1356.714838][T11755] bridge_slave_0: entered promiscuous mode
[ 1357.247851][T11733] hsr_slave_0: entered promiscuous mode
[ 1357.298710][T11733] hsr_slave_1: entered promiscuous mode
[ 1357.330148][T11733] debugfs: 'hsr0' already exists in 'hsr'
[ 1357.347242][T11733] Cannot create hsr debugfs directory
[ 1357.377170][T11755] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1357.377782][T11755] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1357.378612][T11755] bridge_slave_1: entered allmulticast mode
[ 1357.469341][T11755] bridge_slave_1: entered promiscuous mode
[ 1357.847384][T11818] FAULT_INJECTION: forcing a failure.
[ 1357.847384][T11818] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1357.847423][T11818] CPU: 1 UID: 0 PID: 11818 Comm: syz.1.1092 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1357.847449][T11818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1357.847464][T11818] Call Trace:
[ 1357.847472][T11818]  <TASK>
[ 1357.847481][T11818]  dump_stack_lvl+0x189/0x250
[ 1357.847522][T11818]  ? __pfx____ratelimit+0x10/0x10
[ 1357.847569][T11818]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1357.847601][T11818]  ? __pfx__printk+0x10/0x10
[ 1357.847625][T11818]  ? __might_fault+0xb0/0x130
[ 1357.847671][T11818]  should_fail_ex+0x46c/0x600
[ 1357.847708][T11818]  _copy_from_user+0x2d/0xb0
[ 1357.847738][T11818]  eventfd_write+0xe0/0x5d0
[ 1357.847771][T11818]  ? __pfx_eventfd_write+0x10/0x10
[ 1357.847795][T11818]  ? __import_iovec+0x5d4/0x7f0
[ 1357.847827][T11818]  ? __lock_acquire+0xab9/0xd20
[ 1357.847862][T11818]  ? rw_verify_area+0x25b/0x4e0
[ 1357.847900][T11818]  vfs_writev+0x4bf/0x970
[ 1357.847923][T11818]  ? __pfx_eventfd_write+0x10/0x10
[ 1357.847953][T11818]  ? __pfx_vfs_writev+0x10/0x10
[ 1357.847990][T11818]  ? __fget_files+0x2a/0x420
[ 1357.848027][T11818]  ? __fget_files+0x3a6/0x420
[ 1357.848057][T11818]  ? __fget_files+0x2a/0x420
[ 1357.848098][T11818]  do_writev+0x153/0x2d0
[ 1357.848121][T11818]  ? __pfx_do_writev+0x10/0x10
[ 1357.848148][T11818]  ? do_syscall_64+0xbe/0x3b0
[ 1357.848173][T11818]  do_syscall_64+0xfa/0x3b0
[ 1357.848193][T11818]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1357.848225][T11818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1357.848248][T11818]  ? clear_bhb_loop+0x60/0xb0
[ 1357.848274][T11818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1357.848296][T11818] RIP: 0033:0x7f182006eec9
[ 1357.848315][T11818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1357.848334][T11818] RSP: 002b:00007f181e2ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1357.848357][T11818] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006eec9
[ 1357.848374][T11818] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003
[ 1357.848388][T11818] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1357.848401][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1357.848414][T11818] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1357.848449][T11818]  </TASK>
[ 1358.171886][T11755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1358.229778][T11755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1361.251398][T11755] team0: Port device team_slave_0 added
[ 1361.474657][T11755] team0: Port device team_slave_1 added
[ 1361.490840][ T8473] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1361.659405][ T8473] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1361.659440][ T8473] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1361.659462][ T8473] usb 2-1: Product: syz
[ 1361.659477][ T8473] usb 2-1: Manufacturer: syz
[ 1361.659493][ T8473] usb 2-1: SerialNumber: syz
[ 1361.698871][ T8473] usb 2-1: config 0 descriptor??
[ 1361.722132][ T8473] ch341 2-1:0.0: ch341-uart converter detected
[ 1362.215039][ T8473] usb 2-1: failed to send control message: -71
[ 1362.215102][ T8473] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1362.255276][ T8473] usb 2-1: USB disconnect, device number 55
[ 1362.258194][ T8473] ch341 2-1:0.0: device disconnected
[ 1362.293515][T11755] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1362.293535][T11755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1362.293565][T11755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1362.482230][T11755] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1362.482250][T11755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1362.482281][T11755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1363.101155][   T70] bridge_slave_1: left allmulticast mode
[ 1363.101193][   T70] bridge_slave_1: left promiscuous mode
[ 1363.101503][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1363.172861][   T70] bridge_slave_0: left allmulticast mode
[ 1363.172897][   T70] bridge_slave_0: left promiscuous mode
[ 1363.173214][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1363.285885][   T70] bridge_slave_1: left allmulticast mode
[ 1363.285922][   T70] bridge_slave_1: left promiscuous mode
[ 1363.286197][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1363.401715][   T70] bridge_slave_0: left allmulticast mode
[ 1363.401754][   T70] bridge_slave_0: left promiscuous mode
[ 1363.402030][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1363.493472][   T70] bridge_slave_1: left allmulticast mode
[ 1363.493509][   T70] bridge_slave_1: left promiscuous mode
[ 1363.493784][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1363.574039][   T70] bridge_slave_0: left allmulticast mode
[ 1363.574075][   T70] bridge_slave_0: left promiscuous mode
[ 1363.574413][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1363.806505][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1363.832402][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1363.834787][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1363.836652][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1363.837919][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1364.370043][T11838] syz.1.1097 (11838): /proc/11836/oom_adj is deprecated, please use /proc/11836/oom_score_adj instead.
[ 1365.236681][T11840] afs: Unknown parameter 'dont_measure'
[ 1365.491061][ T5915] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[ 1365.653065][ T5915] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1365.653115][ T5915] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1365.653140][ T5915] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1365.653168][ T5915] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1365.653201][ T5915] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1365.653224][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.723857][ T5915] usb 2-1: config 0 descriptor??
[ 1365.925350][ T5844] Bluetooth: hci3: command tx timeout
[ 1366.692739][T11841] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1098'.
[ 1366.703920][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1366.761502][ T5915] hid-alps 0003:044E:120C.000B: ignoring exceeding usage max
[ 1366.763283][ T5915] hid-alps 0003:044E:120C.000B: unbalanced collection at end of report description
[ 1366.764164][ T5915] hid-alps 0003:044E:120C.000B: parse failed
[ 1366.764293][ T5915] hid-alps 0003:044E:120C.000B: probe with driver hid-alps failed with error -22
[ 1366.831700][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1366.905654][   T70] bond0 (unregistering): Released all slaves
[ 1366.963075][ T5848] usb 2-1: USB disconnect, device number 56
[ 1367.053028][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[ 1367.053113][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1367.638606][T11844] fuse: Bad value for 'user_id'
[ 1367.638626][T11844] fuse: Bad value for 'user_id'
[ 1368.010915][ T5844] Bluetooth: hci3: command tx timeout
[ 1369.695449][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1369.771987][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1369.837527][   T70] bond0 (unregistering): Released all slaves
[ 1370.084454][ T5844] Bluetooth: hci3: command tx timeout
[ 1370.691955][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1370.802059][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1370.885806][   T70] bond0 (unregistering): Released all slaves
[ 1370.975352][T11755] hsr_slave_0: entered promiscuous mode
[ 1370.976941][T11755] hsr_slave_1: entered promiscuous mode
[ 1370.980908][T11755] debugfs: 'hsr0' already exists in 'hsr'
[ 1370.980935][T11755] Cannot create hsr debugfs directory
[ 1372.165201][ T5844] Bluetooth: hci3: command tx timeout
[ 1374.886237][T11833] vxcan1 speed is unknown, defaulting to 1000
[ 1374.980848][ T5915] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1375.172783][ T5915] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1375.172812][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1375.172831][ T5915] usb 2-1: Product: syz
[ 1375.172845][ T5915] usb 2-1: Manufacturer: syz
[ 1375.172859][ T5915] usb 2-1: SerialNumber: syz
[ 1375.217606][ T5915] usb 2-1: config 0 descriptor??
[ 1375.253879][ T5915] ch341 2-1:0.0: ch341-uart converter detected
[ 1375.886096][T11724] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1375.996891][T11724] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1376.133250][T11724] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1376.296039][T11724] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1376.322876][ T5915] usb 2-1: failed to receive control message: -110
[ 1376.322939][ T5915] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1377.478726][T11733] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1377.537744][T11733] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1377.745576][ T5908] usb 2-1: USB disconnect, device number 57
[ 1377.777302][ T5908] ch341 2-1:0.0: device disconnected
[ 1377.850795][   T70] hsr_slave_0: left promiscuous mode
[ 1377.871561][T11910] afs: Unknown parameter 'dont_measure'
[ 1377.914407][   T70] hsr_slave_1: left promiscuous mode
[ 1377.915390][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1377.972017][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1378.181653][   T70] hsr_slave_0: left promiscuous mode
[ 1378.220937][   T70] hsr_slave_1: left promiscuous mode
[ 1378.222166][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1378.240962][ T5908] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[ 1378.291686][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1378.413004][ T5908] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1378.413074][ T5908] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1378.413101][ T5908] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1378.413132][ T5908] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1378.413168][ T5908] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1378.413192][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1378.481046][ T5908] usb 2-1: config 0 descriptor??
[ 1378.580994][   T70] hsr_slave_0: left promiscuous mode
[ 1378.622343][   T70] hsr_slave_1: left promiscuous mode
[ 1378.623315][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1378.662042][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1379.756203][T11910] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1105'.
[ 1379.792379][ T5908] hid-alps 0003:044E:120C.000C: ignoring exceeding usage max
[ 1379.794113][ T5908] hid-alps 0003:044E:120C.000C: unbalanced collection at end of report description
[ 1379.795003][ T5908] hid-alps 0003:044E:120C.000C: parse failed
[ 1379.795113][ T5908] hid-alps 0003:044E:120C.000C: probe with driver hid-alps failed with error -22
[ 1379.991732][ T5848] usb 2-1: USB disconnect, device number 58
[ 1381.174639][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1381.401680][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1384.541743][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1384.781999][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1386.396516][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1386.572947][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1387.630896][T11733] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1387.700560][T11733] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1389.445179][T11833] chnl_net:caif_netlink_parms(): no params data found
[ 1389.710878][T11990] FAULT_INJECTION: forcing a failure.
[ 1389.710878][T11990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1389.710915][T11990] CPU: 1 UID: 0 PID: 11990 Comm: syz.1.1110 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1389.710941][T11990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1389.710955][T11990] Call Trace:
[ 1389.710964][T11990]  <TASK>
[ 1389.710974][T11990]  dump_stack_lvl+0x189/0x250
[ 1389.711013][T11990]  ? __pfx____ratelimit+0x10/0x10
[ 1389.711056][T11990]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1389.711090][T11990]  ? __pfx__printk+0x10/0x10
[ 1389.711132][T11990]  should_fail_ex+0x46c/0x600
[ 1389.711171][T11990]  _copy_to_user+0x31/0xb0
[ 1389.711202][T11990]  simple_read_from_buffer+0xe1/0x170
[ 1389.711239][T11990]  proc_fail_nth_read+0x1b6/0x220
[ 1389.711266][T11990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1389.711292][T11990]  ? rw_verify_area+0x2ac/0x4e0
[ 1389.711325][T11990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1389.711350][T11990]  vfs_read+0x203/0xa30
[ 1389.711387][T11990]  ? __pfx_vfs_read+0x10/0x10
[ 1389.711410][T11990]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1389.711449][T11990]  ? mutex_lock_nested+0x154/0x1d0
[ 1389.711473][T11990]  ? fdget_pos+0x253/0x320
[ 1389.711510][T11990]  ksys_read+0x14b/0x260
[ 1389.711532][T11990]  ? __pfx_ksys_read+0x10/0x10
[ 1389.711550][T11990]  ? rcu_is_watching+0x15/0xb0
[ 1389.711580][T11990]  ? do_syscall_64+0xbe/0x3b0
[ 1389.711600][T11990]  do_syscall_64+0xfa/0x3b0
[ 1389.711615][T11990]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1389.711640][T11990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1389.711657][T11990]  ? clear_bhb_loop+0x60/0xb0
[ 1389.711682][T11990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1389.711703][T11990] RIP: 0033:0x7f182006d8dc
[ 1389.711722][T11990] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1389.711740][T11990] RSP: 002b:00007f181e2ad030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1389.711763][T11990] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006d8dc
[ 1389.711780][T11990] RDX: 000000000000000f RSI: 00007f181e2ad0a0 RDI: 0000000000000005
[ 1389.711794][T11990] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1389.711807][T11990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1389.711819][T11990] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1389.711854][T11990]  </TASK>
[ 1389.826585][T11992] afs: Unknown parameter 'dont_measure'
[ 1390.103189][   T45] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[ 1390.275597][   T45] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1390.275652][   T45] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1390.275676][   T45] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1390.275714][   T45] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1390.275750][   T45] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1390.275774][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1390.348498][   T45] usb 2-1: config 0 descriptor??
[ 1391.006666][T11997] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1111'.
[ 1391.224633][   T45] hid-alps 0003:044E:120C.000D: ignoring exceeding usage max
[ 1391.226453][   T45] hid-alps 0003:044E:120C.000D: unbalanced collection at end of report description
[ 1391.257720][   T45] hid-alps 0003:044E:120C.000D: parse failed
[ 1391.257837][   T45] hid-alps 0003:044E:120C.000D: probe with driver hid-alps failed with error -22
[ 1391.370413][   T45] usb 2-1: USB disconnect, device number 59
[ 1391.427715][T11833] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1391.427880][T11833] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1391.428142][T11833] bridge_slave_0: entered allmulticast mode
[ 1391.435784][T11833] bridge_slave_0: entered promiscuous mode
[ 1391.544421][T11833] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1391.544573][T11833] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1391.544843][T11833] bridge_slave_1: entered allmulticast mode
[ 1391.553621][T11833] bridge_slave_1: entered promiscuous mode
[ 1392.014619][T11833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1392.038600][T11833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1392.060557][T11755] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1392.205864][T11755] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1392.715252][T11755] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1392.772354][T11833] team0: Port device team_slave_0 added
[ 1392.877410][T11833] team0: Port device team_slave_1 added
[ 1392.884695][T11755] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1393.170914][T11833] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1393.170932][T11833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1393.171082][T11833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1393.178585][T11833] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1393.178614][T11833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1393.178644][T11833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1393.610912][ T5915] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1393.675176][T11733] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1393.702008][T11833] hsr_slave_0: entered promiscuous mode
[ 1393.703506][T11833] hsr_slave_1: entered promiscuous mode
[ 1393.788926][ T5915] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1393.788961][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1393.788983][ T5915] usb 2-1: Product: syz
[ 1393.788999][ T5915] usb 2-1: Manufacturer: syz
[ 1393.789015][ T5915] usb 2-1: SerialNumber: syz
[ 1393.817644][ T5915] usb 2-1: config 0 descriptor??
[ 1393.848775][ T5915] ch341 2-1:0.0: ch341-uart converter detected
[ 1393.959649][ T6540] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1393.988193][ T6540] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1393.989669][ T6540] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1394.001151][ T6540] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1394.012942][ T6540] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1394.894167][ T5915] usb 2-1: failed to receive control message: -110
[ 1394.894229][ T5915] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 1395.041896][T12008] vxcan1 speed is unknown, defaulting to 1000
[ 1396.080906][ T6540] Bluetooth: hci4: command tx timeout
[ 1396.396382][ T5908] usb 2-1: USB disconnect, device number 60
[ 1396.398923][ T5908] ch341 2-1:0.0: device disconnected
[ 1396.931279][T12015] tmpfs: Bad value for 'mpol'
[ 1397.407373][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1397.445170][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1397.455405][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1397.467737][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1397.471279][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1399.060773][ T5844] Bluetooth: hci4: command tx timeout
[ 1399.520904][ T6540] Bluetooth: hci0: command tx timeout
[ 1399.624620][T12016] vxcan1 speed is unknown, defaulting to 1000
[ 1400.021552][T11755] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1400.759133][   T70] bridge_slave_1: left allmulticast mode
[ 1400.759229][   T70] bridge_slave_1: left promiscuous mode
[ 1400.759561][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1400.832589][   T70] bridge_slave_0: left allmulticast mode
[ 1400.832626][   T70] bridge_slave_0: left promiscuous mode
[ 1400.832925][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1400.906925][   T70] bridge_slave_1: left allmulticast mode
[ 1400.906964][   T70] bridge_slave_1: left promiscuous mode
[ 1400.907228][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1400.972512][   T70] bridge_slave_0: left allmulticast mode
[ 1400.972548][   T70] bridge_slave_0: left promiscuous mode
[ 1400.972976][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1401.121152][ T6540] Bluetooth: hci4: command tx timeout
[ 1401.601235][ T5844] Bluetooth: hci0: command tx timeout
[ 1402.052207][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1402.141705][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1402.205106][   T70] bond0 (unregistering): Released all slaves
[ 1403.200734][ T6540] Bluetooth: hci4: command tx timeout
[ 1403.485552][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1403.488123][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1403.496030][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1403.497459][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1403.498405][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1403.680974][ T6540] Bluetooth: hci0: command tx timeout
[ 1404.251699][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1404.311724][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1404.345769][   T70] bond0 (unregistering): Released all slaves
[ 1404.562706][T12008] chnl_net:caif_netlink_parms(): no params data found
[ 1405.091661][T12034] FAULT_INJECTION: forcing a failure.
[ 1405.091661][T12034] name failslab, interval 1, probability 0, space 0, times 0
[ 1405.091700][T12034] CPU: 0 UID: 0 PID: 12034 Comm: syz.1.1116 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1405.091726][T12034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1405.091741][T12034] Call Trace:
[ 1405.091749][T12034]  <TASK>
[ 1405.091758][T12034]  dump_stack_lvl+0x189/0x250
[ 1405.091797][T12034]  ? __pfx____ratelimit+0x10/0x10
[ 1405.091833][T12034]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1405.091866][T12034]  ? __pfx__printk+0x10/0x10
[ 1405.091897][T12034]  ? __pfx___might_resched+0x10/0x10
[ 1405.091922][T12034]  ? fs_reclaim_acquire+0x7d/0x100
[ 1405.091948][T12034]  should_fail_ex+0x46c/0x600
[ 1405.091986][T12034]  should_failslab+0xa8/0x100
[ 1405.092018][T12034]  __kmalloc_noprof+0xcb/0x430
[ 1405.092046][T12034]  ? fuse_dev_do_write+0x1ac6/0x4f20
[ 1405.092076][T12034]  fuse_dev_do_write+0x1ac6/0x4f20
[ 1405.092117][T12034]  ? is_bpf_text_address+0x26/0x2b0
[ 1405.092157][T12034]  ? __pfx_fuse_dev_do_write+0x10/0x10
[ 1405.092183][T12034]  ? __lock_acquire+0xab9/0xd20
[ 1405.092223][T12034]  ? __might_fault+0xb0/0x130
[ 1405.092258][T12034]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1405.092300][T12034]  ? __lock_acquire+0xab9/0xd20
[ 1405.092350][T12034]  fuse_dev_write+0x148/0x1e0
[ 1405.092371][T12034]  ? __pfx_fuse_dev_write+0x10/0x10
[ 1405.092415][T12034]  vfs_write+0x5d2/0xb40
[ 1405.092447][T12034]  ? __pfx_fuse_dev_write+0x10/0x10
[ 1405.092469][T12034]  ? __pfx_vfs_write+0x10/0x10
[ 1405.092508][T12034]  ? __fget_files+0x2a/0x420
[ 1405.092549][T12034]  ksys_write+0x14b/0x260
[ 1405.092579][T12034]  ? __pfx_ksys_write+0x10/0x10
[ 1405.092604][T12034]  ? rcu_is_watching+0x15/0xb0
[ 1405.092650][T12034]  ? do_syscall_64+0xbe/0x3b0
[ 1405.092676][T12034]  do_syscall_64+0xfa/0x3b0
[ 1405.092695][T12034]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1405.092726][T12034]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1405.092748][T12034]  ? clear_bhb_loop+0x60/0xb0
[ 1405.092773][T12034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1405.092793][T12034] RIP: 0033:0x7f182006eec9
[ 1405.092812][T12034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1405.092830][T12034] RSP: 002b:00007f181e2ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1405.092854][T12034] RAX: ffffffffffffffda RBX: 00007f18202c6090 RCX: 00007f182006eec9
[ 1405.092871][T12034] RDX: 000000000000002a RSI: 0000200000000080 RDI: 0000000000000003
[ 1405.092886][T12034] RBP: 00007f181e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1405.092899][T12034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1405.092912][T12034] R13: 00007f18202c6128 R14: 00007f18202c6090 R15: 00007ffc4914d508
[ 1405.092947][T12034]  </TASK>
[ 1405.523764][T11833] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1405.616206][ T6540] Bluetooth: hci5: command tx timeout
[ 1405.736355][T12029] vxcan1 speed is unknown, defaulting to 1000
[ 1405.761251][ T6540] Bluetooth: hci0: command tx timeout
[ 1407.283845][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1407.584825][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1407.656472][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1408.591062][ T6540] Bluetooth: hci5: command tx timeout
[ 1408.593775][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1408.641484][T11833] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1408.736012][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1408.767267][T12008] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1408.767444][T12008] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1408.767663][T12008] bridge_slave_0: entered allmulticast mode
[ 1408.795179][T12008] bridge_slave_0: entered promiscuous mode
[ 1408.814541][T11833] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1408.858652][T12008] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1408.858880][T12008] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1408.859088][T12008] bridge_slave_1: entered allmulticast mode
[ 1408.888379][T12008] bridge_slave_1: entered promiscuous mode
[ 1409.131989][T11833] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1409.790896][   T70] hsr_slave_0: left promiscuous mode
[ 1409.851156][   T70] hsr_slave_1: left promiscuous mode
[ 1409.852163][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1409.902801][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1410.060970][   T70] hsr_slave_0: left promiscuous mode
[ 1410.063696][T12058] 9pnet_fd: Insufficient options for proto=fd
[ 1410.130876][   T70] hsr_slave_1: left promiscuous mode
[ 1410.132709][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1410.162454][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1410.650910][ T6540] Bluetooth: hci5: command tx timeout
[ 1411.711784][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1412.769471][ T6540] Bluetooth: hci5: command tx timeout
[ 1413.071570][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1415.321597][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1415.601893][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1418.636242][T12008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1418.687284][T12008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1418.999794][T12008] team0: Port device team_slave_0 added
[ 1419.314532][T12008] team0: Port device team_slave_1 added
[ 1419.320380][T12016] chnl_net:caif_netlink_parms(): no params data found
[ 1420.665328][T12084] genirq: Flags mismatch irq 4. 00202000 (pcl818) vs. 00202080 (ttyS0)
[ 1420.708129][T12008] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1420.708149][T12008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1420.708180][T12008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1420.869636][T12008] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1420.869656][T12008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1420.869686][T12008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1422.103019][T12008] hsr_slave_0: entered promiscuous mode
[ 1422.104446][T12008] hsr_slave_1: entered promiscuous mode
[ 1422.105420][T12008] debugfs: 'hsr0' already exists in 'hsr'
[ 1422.105447][T12008] Cannot create hsr debugfs directory
[ 1422.111515][T12016] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1422.111680][T12016] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1422.111912][T12016] bridge_slave_0: entered allmulticast mode
[ 1422.114971][T12016] bridge_slave_0: entered promiscuous mode
[ 1422.213581][T12016] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1422.213738][T12016] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.213976][T12016] bridge_slave_1: entered allmulticast mode
[ 1422.216856][T12016] bridge_slave_1: entered promiscuous mode
[ 1425.444651][T12016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1425.584596][T12016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1425.649013][T12029] chnl_net:caif_netlink_parms(): no params data found
[ 1426.185348][T12016] team0: Port device team_slave_0 added
[ 1426.261719][T12016] team0: Port device team_slave_1 added
[ 1426.462644][T12107] tmpfs: Bad value for 'mpol'
[ 1426.680371][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1426.703771][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1426.707322][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1426.709305][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1426.710037][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1427.559569][T12016] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1427.559589][T12016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1427.559616][T12016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1427.659206][T12016] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1427.659227][T12016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1427.659257][T12016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1428.143534][T12029] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1428.143768][T12029] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1428.143993][T12029] bridge_slave_0: entered allmulticast mode
[ 1428.153612][ T8473] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[ 1428.186821][T12029] bridge_slave_0: entered promiscuous mode
[ 1428.315020][T12029] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1428.315168][T12029] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1428.315770][T12029] bridge_slave_1: entered allmulticast mode
[ 1428.318753][T12029] bridge_slave_1: entered promiscuous mode
[ 1428.373444][ T8473] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1428.373482][ T8473] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1428.373508][ T8473] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1428.373535][ T8473] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1428.373558][ T8473] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1428.375102][ T8473] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1428.375131][ T8473] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1428.375152][ T8473] usb 2-1: SerialNumber: syz
[ 1428.487829][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[ 1428.487910][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1428.645068][T12110] vxcan1 speed is unknown, defaulting to 1000
[ 1428.800780][ T5844] Bluetooth: hci2: command tx timeout
[ 1429.088359][T12117] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1130'.
[ 1429.806640][T12016] hsr_slave_0: entered promiscuous mode
[ 1429.878405][T12016] hsr_slave_1: entered promiscuous mode
[ 1429.926903][T12016] debugfs: 'hsr0' already exists in 'hsr'
[ 1429.926982][T12016] Cannot create hsr debugfs directory
[ 1430.881151][ T5844] Bluetooth: hci2: command tx timeout
[ 1431.143266][ T8473] usb 2-1: USB disconnect, device number 61
[ 1431.279302][T12029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1431.792038][T12029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1432.873518][T12029] team0: Port device team_slave_0 added
[ 1432.965424][ T5844] Bluetooth: hci2: command tx timeout
[ 1433.208342][T12029] team0: Port device team_slave_1 added
[ 1433.510127][T12132] 9pnet_fd: Insufficient options for proto=fd
[ 1435.040839][ T5844] Bluetooth: hci2: command tx timeout
[ 1435.349029][T12029] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1435.349049][T12029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1435.349080][T12029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1435.457202][T12029] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1435.457221][T12029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1435.457253][T12029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1436.303987][T12029] hsr_slave_0: entered promiscuous mode
[ 1436.317379][T12029] hsr_slave_1: entered promiscuous mode
[ 1436.318356][T12029] debugfs: 'hsr0' already exists in 'hsr'
[ 1436.318383][T12029] Cannot create hsr debugfs directory
[ 1436.591379][T12008] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1437.726690][T12008] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1438.382831][T12008] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1438.620981][T12008] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1438.786339][T12157] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1139'.
[ 1438.904840][T12157] 
[ 1438.904855][T12157] ======================================================
[ 1438.904864][T12157] WARNING: possible circular locking dependency detected
[ 1438.904880][T12157] syzkaller #0 Not tainted
[ 1438.904891][T12157] ------------------------------------------------------
[ 1438.904900][T12157] syz.1.1139/12157 is trying to acquire lock:
[ 1438.904913][T12157] ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[ 1438.904976][T12157] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1438.904976][T12157] but task is already holding lock:
[ 1438.904983][T12157] ffff88814239a3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[ 1438.905037][T12157] 
[ 1438.905037][T12157] which lock already depends on the new lock.
[ 1438.905037][T12157] 
[ 1438.905045][T12157] 
[ 1438.905045][T12157] the existing dependency chain (in reverse order) is:
[ 1438.905054][T12157] 
[ 1438.905054][T12157] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}:
[ 1438.905083][T12157]        lock_acquire+0x120/0x360
[ 1438.905110][T12157]        rt_spin_lock+0x88/0x2c0
[ 1438.905134][T12157]        drm_crtc_vblank_on_config+0x2cd/0x860
[ 1438.905161][T12157]        drm_crtc_vblank_on+0x88/0xc0
[ 1438.905187][T12157]        drm_atomic_helper_commit_modeset_enables+0x602/0xe10
[ 1438.905215][T12157]        vkms_atomic_commit_tail+0x69/0x210
[ 1438.905240][T12157]        commit_tail+0x284/0x3a0
[ 1438.905267][T12157]        drm_atomic_helper_commit+0xa6b/0xb10
[ 1438.905293][T12157]        drm_atomic_commit+0x262/0x2c0
[ 1438.905315][T12157]        drm_client_modeset_commit_atomic+0x620/0x760
[ 1438.905336][T12157]        drm_client_modeset_commit_locked+0xce/0x4d0
[ 1438.905357][T12157]        drm_client_modeset_commit+0x4a/0x70
[ 1438.905379][T12157]        __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[ 1438.905406][T12157]        drm_fb_helper_set_par+0xaf/0x100
[ 1438.905431][T12157]        fbcon_init+0x1258/0x2370
[ 1438.905462][T12157]        visual_init+0x2ef/0x650
[ 1438.905490][T12157]        do_bind_con_driver+0x890/0xf70
[ 1438.905519][T12157]        do_take_over_console+0x899/0xa10
[ 1438.905551][T12157]        do_fbcon_takeover+0x118/0x200
[ 1438.905581][T12157]        fbcon_fb_registered+0x35e/0x610
[ 1438.905610][T12157]        register_framebuffer+0x70f/0x890
[ 1438.905628][T12157]        __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0
[ 1438.905657][T12157]        drm_fbdev_client_hotplug+0x16f/0x230
[ 1438.905686][T12157]        drm_client_register+0x16f/0x210
[ 1438.905747][T12157]        drm_fbdev_client_setup+0x19f/0x3f0
[ 1438.905775][T12157]        drm_client_setup+0x10a/0x230
[ 1438.905802][T12157]        vkms_init+0x3e0/0x4b0
[ 1438.905826][T12157]        do_one_initcall+0x233/0x820
[ 1438.905844][T12157]        do_initcall_level+0x104/0x190
[ 1438.905872][T12157]        do_initcalls+0x59/0xa0
[ 1438.905900][T12157]        kernel_init_freeable+0x334/0x4b0
[ 1438.905930][T12157]        kernel_init+0x1d/0x1d0
[ 1438.905952][T12157]        ret_from_fork+0x436/0x7d0
[ 1438.905977][T12157]        ret_from_fork_asm+0x1a/0x30
[ 1438.905997][T12157] 
[ 1438.905997][T12157] -> #3 (&dev->vbl_lock){+.+.}-{3:3}:
[ 1438.906025][T12157]        lock_acquire+0x120/0x360
[ 1438.906050][T12157]        rt_spin_lock+0x88/0x2c0
[ 1438.906074][T12157]        vblank_disable_fn+0x72/0x190
[ 1438.906098][T12157]        call_timer_fn+0x17e/0x5f0
[ 1438.906124][T12157]        __run_timer_base+0x648/0x970
[ 1438.906146][T12157]        run_timer_softirq+0xb7/0x180
[ 1438.906170][T12157]        handle_softirqs+0x22f/0x710
[ 1438.906195][T12157]        run_ktimerd+0xcf/0x190
[ 1438.906222][T12157]        smpboot_thread_fn+0x53f/0xa60
[ 1438.906247][T12157]        kthread+0x70e/0x8a0
[ 1438.906276][T12157]        ret_from_fork+0x436/0x7d0
[ 1438.906300][T12157]        ret_from_fork_asm+0x1a/0x30
[ 1438.906320][T12157] 
[ 1438.906320][T12157] -> #2 ((&vblank->disable_timer)){+...}-{0:0}:
[ 1438.906348][T12157]        lock_acquire+0x120/0x360
[ 1438.906372][T12157]        call_timer_fn+0xdb/0x5f0
[ 1438.906397][T12157]        __run_timer_base+0x648/0x970
[ 1438.906420][T12157]        run_timer_softirq+0xb7/0x180
[ 1438.906443][T12157]        handle_softirqs+0x22f/0x710
[ 1438.906468][T12157]        run_ktimerd+0xcf/0x190
[ 1438.906496][T12157]        smpboot_thread_fn+0x53f/0xa60
[ 1438.906521][T12157]        kthread+0x70e/0x8a0
[ 1438.906551][T12157]        ret_from_fork+0x436/0x7d0
[ 1438.906575][T12157]        ret_from_fork_asm+0x1a/0x30
[ 1438.906595][T12157] 
[ 1438.906595][T12157] -> #1 (&base->expiry_lock){+...}-{3:3}:
[ 1438.906623][T12157]        lock_acquire+0x120/0x360
[ 1438.906650][T12157]        rt_spin_lock+0x88/0x2c0
[ 1438.906673][T12157]        __run_timer_base+0x114/0x970
[ 1438.906703][T12157]        run_timer_softirq+0x67/0x180
[ 1438.906727][T12157]        handle_softirqs+0x22f/0x710
[ 1438.906752][T12157]        run_ktimerd+0xcf/0x190
[ 1438.906780][T12157]        smpboot_thread_fn+0x53f/0xa60
[ 1438.906805][T12157]        kthread+0x70e/0x8a0
[ 1438.906837][T12157]        ret_from_fork+0x436/0x7d0
[ 1438.906862][T12157]        ret_from_fork_asm+0x1a/0x30
[ 1438.906882][T12157] 
[ 1438.906882][T12157] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}:
[ 1438.906911][T12157]        validate_chain+0xb9b/0x2140
[ 1438.906942][T12157]        __lock_acquire+0xab9/0xd20
[ 1438.906967][T12157]        reacquire_held_locks+0x127/0x1d0
[ 1438.907000][T12157]        lock_release+0x1b4/0x3e0
[ 1438.907025][T12157]        __local_bh_enable_ip+0x10c/0x270
[ 1438.907050][T12157]        hrtimer_cancel+0x39/0x60
[ 1438.907078][T12157]        drm_vblank_disable_and_save+0x1bf/0x380
[ 1438.907102][T12157]        drm_crtc_vblank_off+0x22e/0x820
[ 1438.907128][T12157]        drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[ 1438.907157][T12157]        vkms_atomic_commit_tail+0x51/0x210
[ 1438.907182][T12157]        commit_tail+0x284/0x3a0
[ 1438.907207][T12157]        drm_atomic_helper_commit+0xa6b/0xb10
[ 1438.907233][T12157]        drm_atomic_commit+0x262/0x2c0
[ 1438.907257][T12157]        drm_atomic_helper_set_config+0xe2/0x160
[ 1438.907285][T12157]        drm_mode_setcrtc+0x9a7/0x1c50
[ 1438.907304][T12157]        drm_ioctl_kernel+0x2cf/0x3a0
[ 1438.907333][T12157]        drm_ioctl+0x685/0xb20
[ 1438.907363][T12157]        __se_sys_ioctl+0xfc/0x170
[ 1438.907385][T12157]        do_syscall_64+0xfa/0x3b0
[ 1438.907403][T12157]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.907423][T12157] 
[ 1438.907423][T12157] other info that might help us debug this:
[ 1438.907423][T12157] 
[ 1438.907430][T12157] Chain exists of:
[ 1438.907430][T12157]   (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock
[ 1438.907430][T12157] 
[ 1438.907464][T12157]  Possible unsafe locking scenario:
[ 1438.907464][T12157] 
[ 1438.907471][T12157]        CPU0                    CPU1
[ 1438.907478][T12157]        ----                    ----
[ 1438.907485][T12157]   lock(&dev->vblank_time_lock);
[ 1438.907499][T12157]                                lock(&dev->vbl_lock);
[ 1438.907514][T12157]                                lock(&dev->vblank_time_lock);
[ 1438.907530][T12157]   lock((softirq_ctrl.lock));
[ 1438.907544][T12157] 
[ 1438.907544][T12157]  *** DEADLOCK ***
[ 1438.907544][T12157] 
[ 1438.907550][T12157] 8 locks held by syz.1.1139/12157:
[ 1438.907562][T12157]  #0: ffffc90004667b20 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_setcrtc+0x555/0x1c50
[ 1438.907611][T12157]  #1: ffffc90004667b48 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_mode_setcrtc+0x555/0x1c50
[ 1438.907659][T12157]  #2: ffff88814239a4b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820
[ 1438.907722][T12157]  #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[ 1438.907775][T12157]  #4: ffff88814239a420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820
[ 1438.907830][T12157]  #5: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[ 1438.907885][T12157]  #6: ffff88814239a3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[ 1438.907940][T12157]  #7: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[ 1438.907995][T12157] 
[ 1438.907995][T12157] stack backtrace:
[ 1438.908008][T12157] CPU: 1 UID: 0 PID: 12157 Comm: syz.1.1139 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1438.908033][T12157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1438.908049][T12157] Call Trace:
[ 1438.908059][T12157]  <TASK>
[ 1438.908070][T12157]  dump_stack_lvl+0x189/0x250
[ 1438.908105][T12157]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1438.908138][T12157]  ? __pfx__printk+0x10/0x10
[ 1438.908163][T12157]  ? print_lock_name+0xde/0x100
[ 1438.908188][T12157]  print_circular_bug+0x2ee/0x310
[ 1438.908212][T12157]  check_noncircular+0x134/0x160
[ 1438.908251][T12157]  validate_chain+0xb9b/0x2140
[ 1438.908286][T12157]  ? __lock_acquire+0xab9/0xd20
[ 1438.908319][T12157]  ? do_raw_spin_lock+0x121/0x290
[ 1438.908349][T12157]  __lock_acquire+0xab9/0xd20
[ 1438.908382][T12157]  reacquire_held_locks+0x127/0x1d0
[ 1438.908415][T12157]  ? __local_bh_disable_ip+0x264/0x400
[ 1438.908445][T12157]  lock_release+0x1b4/0x3e0
[ 1438.908475][T12157]  ? __local_bh_enable_ip+0x100/0x270
[ 1438.908505][T12157]  __local_bh_enable_ip+0x10c/0x270
[ 1438.908533][T12157]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1438.908563][T12157]  ? rt_spin_unlock+0x65/0x80
[ 1438.908592][T12157]  ? hrtimer_cancel_wait_running+0xe5/0x180
[ 1438.908626][T12157]  ? hrtimer_cancel_wait_running+0x142/0x180
[ 1438.908660][T12157]  ? __pfx_vkms_disable_vblank+0x10/0x10
[ 1438.908690][T12157]  hrtimer_cancel+0x39/0x60
[ 1438.908730][T12157]  drm_vblank_disable_and_save+0x1bf/0x380
[ 1438.908760][T12157]  drm_crtc_vblank_off+0x22e/0x820
[ 1438.908793][T12157]  ? drm_atomic_bridge_chain_disable+0x157/0x180
[ 1438.908829][T12157]  ? __pfx_vkms_crtc_atomic_disable+0x10/0x10
[ 1438.908865][T12157]  drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[ 1438.908903][T12157]  vkms_atomic_commit_tail+0x51/0x210
[ 1438.908931][T12157]  ? read_tsc+0x9/0x20
[ 1438.908956][T12157]  ? __pfx_vkms_atomic_commit_tail+0x10/0x10
[ 1438.908985][T12157]  commit_tail+0x284/0x3a0
[ 1438.909019][T12157]  drm_atomic_helper_commit+0xa6b/0xb10
[ 1438.909051][T12157]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[ 1438.909082][T12157]  drm_atomic_commit+0x262/0x2c0
[ 1438.909110][T12157]  ? __pfx_drm_atomic_commit+0x10/0x10
[ 1438.909134][T12157]  ? __pfx___drm_printfn_info+0x10/0x10
[ 1438.909172][T12157]  ? drm_atomic_state_init+0x231/0x310
[ 1438.909198][T12157]  drm_atomic_helper_set_config+0xe2/0x160
[ 1438.909232][T12157]  drm_mode_setcrtc+0x9a7/0x1c50
[ 1438.909269][T12157]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1438.909308][T12157]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1438.909347][T12157]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1438.909382][T12157]  ? rt_spin_unlock+0x65/0x80
[ 1438.909412][T12157]  ? drm_is_current_master+0x1a2/0x210
[ 1438.909443][T12157]  drm_ioctl_kernel+0x2cf/0x3a0
[ 1438.909478][T12157]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1438.909499][T12157]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 1438.909538][T12157]  drm_ioctl+0x685/0xb20
[ 1438.909569][T12157]  ? smk_tskacc+0x2fc/0x370
[ 1438.909605][T12157]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[ 1438.909628][T12157]  ? __pfx_drm_ioctl+0x10/0x10
[ 1438.909669][T12157]  ? __fget_files+0x2a/0x420
[ 1438.909708][T12157]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1438.909734][T12157]  ? __pfx_drm_ioctl+0x10/0x10
[ 1438.909768][T12157]  __se_sys_ioctl+0xfc/0x170
[ 1438.909794][T12157]  do_syscall_64+0xfa/0x3b0
[ 1438.909816][T12157]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1438.909848][T12157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.909872][T12157]  ? clear_bhb_loop+0x60/0xb0
[ 1438.909896][T12157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.909917][T12157] RIP: 0033:0x7f182006eec9
[ 1438.909938][T12157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1438.909958][T12157] RSP: 002b:00007f181e2ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1438.909981][T12157] RAX: ffffffffffffffda RBX: 00007f18202c5fa0 RCX: 00007f182006eec9
[ 1438.909998][T12157] RDX: 0000200000000740 RSI: 00000000c06864a2 RDI: 0000000000000008
[ 1438.910014][T12157] RBP: 00007f18200f1f91 R08: 0000000000000000 R09: 0000000000000000
[ 1438.910028][T12157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1438.910043][T12157] R13: 00007f18202c6038 R14: 00007f18202c5fa0 R15: 00007ffc4914d508
[ 1438.910071][T12157]  </TASK>
[ 1440.583829][T12008] kthread_run failed with err -4
[ 1441.325712][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1443.307187][   T70] bridge_slave_1: left allmulticast mode
[ 1443.307217][   T70] bridge_slave_1: left promiscuous mode
[ 1443.307395][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.391481][   T70] bridge_slave_0: left allmulticast mode
[ 1443.391512][   T70] bridge_slave_0: left promiscuous mode
[ 1443.391692][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1443.504674][   T70] bridge_slave_1: left allmulticast mode
[ 1443.504703][   T70] bridge_slave_1: left promiscuous mode
[ 1443.504877][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.591495][   T70] bridge_slave_0: left allmulticast mode
[ 1443.591524][   T70] bridge_slave_0: left promiscuous mode
[ 1443.591696][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1443.674630][   T70] bridge_slave_1: left allmulticast mode
[ 1443.674660][   T70] bridge_slave_1: left promiscuous mode
[ 1443.674831][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.731570][   T70] bridge_slave_0: left allmulticast mode
[ 1443.731601][   T70] bridge_slave_0: left promiscuous mode
[ 1443.731780][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1444.211500][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1444.333134][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1444.402549][   T70] bond0 (unregistering): Released all slaves
[ 1445.472422][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1445.551298][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1445.612030][   T70] bond0 (unregistering): Released all slaves
[ 1446.601380][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1446.703558][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1446.762467][   T70] bond0 (unregistering): Released all slaves
[ 1447.770707][   T70] hsr_slave_0: left promiscuous mode
[ 1447.803439][   T70] hsr_slave_1: left promiscuous mode
[ 1447.804077][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1447.851305][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1448.022143][   T70] hsr_slave_0: left promiscuous mode
[ 1448.041109][   T70] hsr_slave_1: left promiscuous mode
[ 1448.042634][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1448.101545][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1448.241002][   T70] hsr_slave_0: left promiscuous mode
[ 1448.260788][   T70] hsr_slave_1: left promiscuous mode
[ 1448.261436][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1448.311936][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1448.861967][   T70] team0 (unregistering): Port device team_slave_1 removed