last executing test programs:

3m38.394436629s ago: executing program 4 (id=17):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x79, 0x11, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
io_uring_setup(0x5f85, &(0x7f0000000180)={0x0, 0xe77c, 0x1000, 0x2, 0x292})
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = dup(r3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0x7, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}], [], 0x6b}})
r7 = syz_io_uring_setup(0x49f, &(0x7f0000001000)={0x0, 0x54ec, 0xea0, 0x2, 0x2c9, 0x0, r4}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='|'], 0x318}, 0x0, 0x850})
io_uring_enter(r7, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000200)={0x7fffffff, r7, 'id0\x00'})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x18, &(0x7f00000000c0)={0x40, 0xe, 0x97, {0x97, 0x11, "028cec8120321fa398493a6424e4da1e2e96cbce670c1ef9cb82e611929723aa613146a4e43b694373ff30fe6bc9b1db19fc9f22737f11c88a30cb92d944f910b46d6ca0ad888bf14b324294b0ad9d8070cc1687a4961c73a0a9dc37d8fb7ff96dcc06a41df0c90ef90d16da5f3da9fc236c72a70cdbad73598811f34402743cafa31ae1febe6158fca188d5a7a60897f01407058a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

3m35.023682529s ago: executing program 4 (id=24):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r1, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0], 0x0, 0x15, &(0x7f00000006c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0x99, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
fstat(r1, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc1103000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000000)=0x800, 0x4)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x6, 0x8012, r5, 0x0)

3m33.476110603s ago: executing program 4 (id=25):
openat$autofs(0xffffffffffffff9c, &(0x7f0000000540), 0x1ed01, 0x0) (async)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000540), 0x1ed01, 0x0)
r1 = accept$netrom(0xffffffffffffffff, &(0x7f0000000600)={{0x3, @netrom}, [@netrom, @bcast, @default, @remote, @null, @netrom, @default]}, &(0x7f0000000580)=0x48)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000680)={{0x1, 0x1, 0x18, <r2=>r1, {0x2, 0x2}}, './file0\x00'})
openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x100003, 0x1, 0x3, 0x8}}, 0x120) (async)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x100003, 0x1, 0x3, 0x8}}, 0x120)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004001}, 0x240d1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004001}, 0x240d1)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000006c0)=0x5, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
renameat(r4, &(0x7f0000000080)='./mnt\x00', r4, &(0x7f0000000100)='./mnt\x00')
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) (async)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/204, 0xcc}], 0x1}, 0x0) (async)
recvmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/204, 0xcc}], 0x1}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c03000017"], 0x34c}, 0x1, 0x0, 0x0, 0x404c831}, 0x44) (async)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c03000017"], 0x34c}, 0x1, 0x0, 0x0, 0x404c831}, 0x44)
sendmsg$rds(r5, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x80)
r7 = syz_open_dev$cec(0x0, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=r8, @ANYRES8=r7], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=r8, @ANYRES8=r7], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, 0x0)
r10 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r10, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r10, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000400)=""/51, 0x0})
socket$packet(0x11, 0xffffffffffffffff, 0x300) (async)
socket$packet(0x11, 0xffffffffffffffff, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r10, 0x4008af03, &(0x7f00000005c0))

3m29.17825256s ago: executing program 4 (id=38):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffed4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = getpid()
r3 = fcntl$getown(r1, 0x9)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x2, r4, 0x1, 0x0)
syz_clone3(&(0x7f0000000a00)={0x30000000, &(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000200), {0x20}, &(0x7f0000000900)=""/203, 0xcb, &(0x7f0000000380)=""/92, &(0x7f00000002c0)=[r2, r3, r4], 0x3}, 0x58)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010950204fc0600ff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5fdad88900a0000240012800b000100627269646765000014000280060009000180000005002d00010000000a000100aaaaaaaaaabb0000"], 0x50}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000000b80), 0x0, 0x8800)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r7, 0x604ab000)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000003000)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @usage, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000001300)={<r9=>r8, 0x9, 0x0, [0x10000, 0x200007, 0x1, 0x9, 0x9], [0x8000000000000000, 0x1, 0xffffffffffffffff, 0x40000005, 0xc, 0xfffffffffffffff8, 0x0, 0x7f, 0x0, 0xce, 0x91a, 0x3ff, 0x242, 0x3b, 0xe9, 0x9, 0xffffffffffffffff, 0x232, 0x2003, 0x1c00000, 0x5, 0xd1e, 0x8, 0x4, 0x4, 0x22, 0x404, 0xcc, 0x0, 0x8, 0x6, 0xfffffffffffffffd, 0x33, 0x1, 0xfffffffffffffff8, 0x9, 0x2000000002, 0xeb95, 0x1, 0x8, 0x8, 0x401, 0x27a, 0x4, 0x2, 0x81df244, 0x25bcdfd2, 0x6, 0x20000008a02, 0x2, 0x4, 0x3, 0x1, 0x0, 0x2, 0x90, 0xb3, 0x8, 0x8, 0x5, 0x1, 0x4, 0xa24, 0x0, 0xffffffffffffffff, 0xb, 0xdb7a, 0x7, 0x9, 0x3ff, 0x8, 0x80, 0xfff, 0x7fffffffffffffff, 0x2000000, 0x7, 0x18, 0x8, 0x7ff, 0x200, 0x9147, 0x10001, 0xff, 0x2, 0x20000b, 0x2000000000000004, 0x1000, 0xd429, 0x2, 0x3, 0xe58, 0x10000, 0x400000000001, 0x80, 0xffffffffffff8001, 0x6, 0x2, 0x5, 0x2421, 0xa, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x7, 0x0, 0x7, 0x3, 0x3, 0x3, 0x5, 0x20e, 0xfffffffffffffff9, 0x3, 0x8000, 0xff, 0x94, 0x4, 0x7, 0x8, 0xffffffff]})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000012c0)={0xc, 0x2, {0x10001, @struct={0x6, 0x9}, 0x0, 0x1, 0x1, 0x3, 0x732a, 0x101, 0xa0, @usage=0x5, 0x6, 0xffffffff, [0xcbf5, 0x9ccc, 0x3, 0x81, 0x7fff, 0x3]}, {0x4, @struct={0x8, 0x7}, r9, 0xac0, 0xb, 0x6, 0x2000000000, 0x3, 0x804, @struct={0x5, 0x6d9c}, 0x7, 0x3398, [0x1, 0x7f29, 0x6, 0x7fffffff, 0xa6, 0xf5]}, {0x0, @usage=0x10001, r8, 0x4, 0x9, 0x9059, 0x0, 0xfff, 0x6c, @usage=0x2, 0x100, 0x81, [0x8, 0x16, 0x8, 0x2, 0x8, 0x80000001]}, {0x6, 0x8000000000000000, 0x80}})
r10 = socket(0x1e, 0x4, 0x0)
bind$bt_hci(r10, &(0x7f00000001c0)={0x1f, 0x1}, 0x6)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xba, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect(0x5, 0x164, &(0x7f0000000180)=ANY=[@ANYBLOB="120100007af28810d30bf4055b000000000109025201010000000009044000000e0100008c2406"], 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r6, 0xc4009420, &(0x7f0000000c00)={0x15, 0x6, {0x101, @usage=0x1, 0x0, 0xfffffffffffffff9, 0xffffffffffffffff, 0xa, 0x2, 0x5, 0x400, @struct={0x0, 0x3}, 0x9aca, 0x1, [0xd5bb, 0x5d70, 0x93c, 0x4, 0x3, 0x7f]}, {0xb3, @struct={0x9e59, 0x80}, 0x0, 0x4, 0x9, 0x7, 0x0, 0x6, 0x8, @struct={0x6, 0x800}, 0x5, 0x80, [0xe, 0x9, 0x1, 0x7fffffffffffffff, 0x3, 0x8000000000000001]}, {0xfffffffffffffffc, @struct={0x2, 0xfffffff4}, r8, 0x100000000, 0xff1, 0x7fffffff, 0x7, 0x6, 0x0, @usage=0x3ff, 0x7, 0x9, [0x401, 0x8, 0x0, 0x9, 0x4, 0x177]}, {0x0, 0x2, 0x2}})

3m27.575174167s ago: executing program 4 (id=43):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e22, @private=0xa010102}}, 0xffffffff, 0x0, 0x0, 0x0, 0x371, 0x0, 0x3}, 0x9c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000100)=0x9c)
chdir(&(0x7f0000000000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
r1 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x54b0, 0x80, 0x3, 0x12e}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x81, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x1})
io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x0, 0x168, 0x9, 0x0, 0xb, 0x250, 0x250, 0x250, 0x250, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x108, 0x150, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x402, 0x1003ff, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r4}, 0x38)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f00000000c0)=0x94a, 0x4)
syz_emit_ethernet(0x76, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x40, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0x4, 0x0, 0x0, '\x00', {0xd, 0x6, "2318d3", 0xf4e, 0x0, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, [@fragment={0x3a, 0x0, 0xc, 0x0, 0x0, 0x1, 0x65}], "d2588e45cd1357bc"}}}}}}}, 0x0)
recvfrom(r5, 0x0, 0x0, 0x40002140, 0x0, 0x4d)
recvmsg(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r4, &(0x7f0000000340)="a9", &(0x7f0000000200)=""/31}, 0x20)

3m26.863262091s ago: executing program 4 (id=47):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000080)='illinois', 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="480000001000010025bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="76850400212104001400128009000100766574680002000000000280140003006272696467655f736c6176655f300000"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x20000040)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000084000000060a010400000000000000000100000008000b40000000005c000480340001800b000100657874686472000024000280080001400000000c08000340000000000800044000000022050002000700000024000180090001006d6173710000000014000280080002400000000f080003400000000b0900010073797a3000000000140000001100010000000000000000000700000a"], 0xf8}}, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x1, 0x6, 0x80000001})
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd1}}, 0x10)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r8, &(0x7f0000000ac0)={0x2020, 0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
write$FUSE_ATTR(r8, &(0x7f0000000240)={0x78, 0x0, r9, {0x2000000007, 0x0, 0x0, {0x1, 0x0, 0xd4, 0x7, 0x0, 0xa, 0x9, 0xfffffffe, 0x200, 0xa000, 0x0, r10, 0x0, 0x0, 0x4}}}, 0x78)
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f00000000c0)={0x2, r7, 0x2000000, 0x9, 0xa, 0x1ff, 0x1})
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="70000000030801080000000000000000070000080900010073797a3100000000060002400010000005000300010000002400048008000140000080000800014000000002080002400000000508000140800000000c0040000000030600024022f000000600024000f500000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x200000c4}, 0x8004)

3m11.561774894s ago: executing program 32 (id=47):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000080)='illinois', 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="480000001000010025bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="76850400212104001400128009000100766574680002000000000280140003006272696467655f736c6176655f300000"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x20000040)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000084000000060a010400000000000000000100000008000b40000000005c000480340001800b000100657874686472000024000280080001400000000c08000340000000000800044000000022050002000700000024000180090001006d6173710000000014000280080002400000000f080003400000000b0900010073797a3000000000140000001100010000000000000000000700000a"], 0xf8}}, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x1, 0x6, 0x80000001})
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd1}}, 0x10)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r8, &(0x7f0000000ac0)={0x2020, 0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
write$FUSE_ATTR(r8, &(0x7f0000000240)={0x78, 0x0, r9, {0x2000000007, 0x0, 0x0, {0x1, 0x0, 0xd4, 0x7, 0x0, 0xa, 0x9, 0xfffffffe, 0x200, 0xa000, 0x0, r10, 0x0, 0x0, 0x4}}}, 0x78)
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f00000000c0)={0x2, r7, 0x2000000, 0x9, 0xa, 0x1ff, 0x1})
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="70000000030801080000000000000000070000080900010073797a3100000000060002400010000005000300010000002400048008000140000080000800014000000002080002400000000508000140800000000c0040000000030600024022f000000600024000f500000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x200000c4}, 0x8004)

2m50.62678021s ago: executing program 1 (id=102):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000780)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DISCONNECT(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}]}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x40)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20111}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}]}}}]}, 0x44}, 0x1, 0xba01}, 0x8810)

2m49.199155516s ago: executing program 1 (id=105):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x2080000, &(0x7f0000000100)={[{@index_on}, {@metacopy_off}], [{@fsmagic}]})

2m46.654678856s ago: executing program 1 (id=109):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='nv', 0x2)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4c000000140001030000000000000000000600004e2300000000000000000000810000000000000001000000fdffffff00000100000000", @ANYRES32=0x0, @ANYBLOB="0000a37bc4d24bfedeff"], 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x40000)

2m45.667798368s ago: executing program 1 (id=111):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x70bd25, 0xfffffdf9, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4028000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "a4c3eabfbc4a051fc8f66eedf1c6676b4e9ac471123ee41b102a78284f881840", "c493c69907ac61ee57f3ff6656218f8c880cab0b7f5f977f29b54144914986b5", "7795433781033bb967429b7c68c2566066943f3a566d7fd05557583a535a3b9e", "cba936683f411a1265d9ffb369dbe16de72fd8ee91c60f531196c136add25f43", "3fda464b4ffcb83f5c89e20fe8814b4e26bb81519905d65c5a0ae43be09d9f7b", "9900255a099270427859ce54", 0x43dd5e67, 0x9, 0x4, 0x5, 0xfffffffe}})
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x800, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0xffff, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40090}, 0x40805)

2m43.299111007s ago: executing program 1 (id=116):
r0 = socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$vcsn(0x0, 0x1, 0x12000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2}, 0x94)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000d1d000100d0aa7a669773e49a07c3f900", @ANYRES16=r1, @ANYBLOB="000082000a000200aaaaaaaaaa0c00000600050001000000"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = getpgrp(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001380), r6)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_DEL_TX_TS(r6, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24058080}, 0x40400d0)
open(0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0xc}, 0x5}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

2m41.253977138s ago: executing program 1 (id=119):
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
fchmod(0xffffffffffffffff, 0x32)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x100, 0xd9}, 0x8)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x15555555, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x20000000)
ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f0000000380)={0x0, 0xd5, "7b0005143dc5397033fbb9bd9139a2c4522d593f365d0edd03cdd3dda7d9d868af45b6244ede7c290783b7e3efb33481a13da0565eb673c39038342203dc5d7bbdc28a2232a91200342257b764f6d35dd652c684b5acc9cabdcde33eb3b03f8b185a0f9a78641e3b797d89daa9b1006543440474cf31eda07fda13dafad0bacd7a686a95ea446bcad673043134afaf38bba4e401e4fa1a5053b9826bed3a141adb04c6882463079aba7a69ae62820f31c5430142e82bbc7204d5d63cf006af35834c132574b30653b8440ea4f26cbeb220e7101535"})
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000140)="00000000976670dfe4cee7cb43a4273af7a34880ae099c1ef21dec214cb87413", 0x20, 0xffffffffffffffff)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="4241537620274b4420436170747d7265272030303030303030303030060000003030303030300a4c494e45494e0a5048594e454f55540a00"/65], 0x41)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000000c0))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_io_uring_setup(0x107, &(0x7f0000000140)={0x0, 0x747f, 0x0, 0x4, 0xae}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r6, 0x3518, 0xaddf, 0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xe8}}, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)

2m24.162543556s ago: executing program 33 (id=119):
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
fchmod(0xffffffffffffffff, 0x32)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x100, 0xd9}, 0x8)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x15555555, 0xc, 0xfffffffffffffffd, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x20000000)
ioctl$FS_IOC_MEASURE_VERITY(r2, 0xc0046686, &(0x7f0000000380)={0x0, 0xd5, "7b0005143dc5397033fbb9bd9139a2c4522d593f365d0edd03cdd3dda7d9d868af45b6244ede7c290783b7e3efb33481a13da0565eb673c39038342203dc5d7bbdc28a2232a91200342257b764f6d35dd652c684b5acc9cabdcde33eb3b03f8b185a0f9a78641e3b797d89daa9b1006543440474cf31eda07fda13dafad0bacd7a686a95ea446bcad673043134afaf38bba4e401e4fa1a5053b9826bed3a141adb04c6882463079aba7a69ae62820f31c5430142e82bbc7204d5d63cf006af35834c132574b30653b8440ea4f26cbeb220e7101535"})
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000140)="00000000976670dfe4cee7cb43a4273af7a34880ae099c1ef21dec214cb87413", 0x20, 0xffffffffffffffff)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="4241537620274b4420436170747d7265272030303030303030303030060000003030303030300a4c494e45494e0a5048594e454f55540a00"/65], 0x41)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000000c0))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_io_uring_setup(0x107, &(0x7f0000000140)={0x0, 0x747f, 0x0, 0x4, 0xae}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r6, 0x3518, 0xaddf, 0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xe8}}, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)

10.08584227s ago: executing program 0 (id=289):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000240)=[{&(0x7f0000002740)="1e", 0xfdef}], 0x33)
syz_emit_ethernet(0x3e, &(0x7f0000000480)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x2b, 0x0, 0x0, 0x3, 0xfd, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @local}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610418000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48)

7.806116391s ago: executing program 0 (id=291):
socket$packet(0x11, 0xa, 0x300)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x49, &(0x7f0000000180)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x13, 0x11, 0x0, @private1, @mcast2, {[], {0xfffc, 0xe22, 0x30, 0x0, @opaque="c4e349a5c7407bebfbb0bc"}}}}}}, 0x0)

6.306352697s ago: executing program 3 (id=293):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES8=0x0], 0x50)
syz_emit_ethernet(0x42, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000078cc65ec84e181004a008847450000300067000001019078e00000020a0101020c0090780608000045cb007f0064000008110869ffffffffac1e000100281d15c31a9dd353303d4157e292e1ce1452d6482bb5585717cc62fa48a62d063d790892f8f6fd2377560202ca732c0454555cd989b90ee47db6d37aa347f67f5feb487a98771350b0bb6f63216b41cc50b3a3d47406b43d050051999f1e07eede19d3e60225b20b91fb830dc82b2cb46113796b1893"], 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), 0x0}, 0x20)

6.161716502s ago: executing program 0 (id=294):
r0 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000500)={'#! ', './file0', [{0x20, '-LtR'}, {0x20, '\xae\x00\xbf\xd3\xbay\xe2@\xbe\xc8\xa9\xf9&4\xf1\xaak\xa4\x06^\xb4\xa2\x99t\xa7\x9eHz%\x1b\x05\xba!\xc6\xdfY\xf0R\xe1\xac\x83\bJ\x1f.\xee#$\x98@)\xcb\xe4%\b\x9dQIg\x84\x03z\x9f\x10\xa8\x89\xc4\xfc\xc6\xcd\x1e\xd9\xaeV\xbc\xac\a\xce\xa7\xc3\xd3\xcbm\xb6l\bF\x13\xbe\x8e\xe2p\xfd\xc1#\xa8\xa5\xc0\x9f\x05\x1b\xae\x88\x10F\x88\x180q\x8c\"\x8b\x01@\x85W\xd8\xa8\xd5-\x92&\x83\xa4\xedDg\x1b\x87\x80\xa6\x96_\xc2HT\xfe\xe9\x80\x91'}]}, 0x9d)

6.030313034s ago: executing program 3 (id=295):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc4c85512, &(0x7f0000000b80)={{0x5, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x68, 0x3, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x4}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x4}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x9}}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}}, @NFT_MSG_DELCHAIN={0x78, 0x5, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_USERDATA={0x52, 0xc, "0cc9032fd69fae76e258b2169b1e420a168fc3db7acc72c8921fc270fe8929652ac9fbb499945324433d3d1b0a0060f02a27f02815847c3859f0f56ee1f9cccbbaae421d60ac42caa9be92a694f3"}]}, @NFT_MSG_DELCHAIN={0x80, 0x5, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xfffffffffffff801}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}]}, @NFT_MSG_DELTABLE={0x74, 0x2, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0x4b, 0x6, "fc6bd9ddd77f6b0174635a2cb8f0f88c14662a0894cf7d54a9ecfb2c207bd83fdeaab664bdf949bdeadc96b689048ed70039feda61e050d49f7d72639bb8f9c4edf29a408e562e"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0xa0, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_COUNTERS={0x34, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xf}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x100000000}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x100000000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x101}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xffffffffffffffff}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}]}, @NFT_MSG_DELTABLE={0x208, 0x2, 0xa, 0xda438a6dad6f9706, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0x20, 0x6, "9b94104cee975d56f2b91cd09458476f31f18ff5212d3ea136c57eb6"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0x102, 0x6, "f45655129dc4e21e3d30b5d54c60721c98c8cb4f7d966c5f4760140caf4318e06eb4ae23b826e2d08ace1ebb02b2c37384f9b03f228b679c80847e1d3bd29c8967255315f9f4d2709d7d43c2b25d0c2f1e802fcc5fbdf34a1ba0fc0d4c323f8af312f72fc23c116d8a7c6c6956d7cec665516fa2144916a9f6233990deec4e4a2c5039341a5eaac3f82d0f90518b1f96e30680d92d8c8b1db0c8e5f08733c9b496216f6a6bf565511bb9bce53d8bdb352368355636b16d06af30c2a0fe7c40f5e6846e69580e54b0f550cf586fd2b0bfc5e6e81bfe25039b6e6393072fe34175820f481e81c87fa592743b8cb371e5e3b034612ffd46e2303d00e0d947b1"}, @NFTA_TABLE_USERDATA={0xc2, 0x6, "aca678c039b7a98d21091c7e0d8ab426c9838789e38122762da71e6ff7fb5f565f678db625fe8f3df8034f336aa1f491e6a2be0bbcd7d05a0115ba3f5e083cb3a3c76fa74ad7565ed9c098f541022a9465f647d3f7a9fbb2abe920954989c49cdc129c3717cd1d8924711d35a977b5280cf9fb4a2033f56ee5afcfff632cd183651eb5266887d549d7b03b3dc791c88a489406fbd9b4eb89458c00845c259e9b304da4753df57977e02a7346e63568bb85c0a597e4e0f9a75656daa3885b"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x4d8}, 0x1, 0x0, 0x0, 0x10}, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
r9 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
fsmount(r9, 0x0, 0xf)
fsconfig$FSCONFIG_SET_FLAG(r9, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r9, 0x7, 0x0, 0x0, 0x0)
bind$inet(r8, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r8, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)

5.926195858s ago: executing program 2 (id=296):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=0x0], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x34)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x69)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f0000000000)=""/176)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000300)="99a6e6134e6b37ed5742949114eccd5823d87068298e474196f47e112901796b34393b1ee3c67ca20d1867579c3d930c4cf9685cde6fa3fe9148f65acb936433144d3de46d29d11c4205830c7955c09ae9a1edb432d80e25c6c1bb9933f4caf82a61951ee32e9da7fe6eb9fccf450c939b3c63fe67914e3d93e6d5f5105aa4158e5ad05a78f65d4c71cb15eca8af2cf32dfa0312292b17eb298a3b82ce0dabb1cfe8", &(0x7f0000000280)}}, &(0x7f0000000240))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001e00100000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000fcffffffb702000004000000b7030000000000de850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='rxrpc_rx_ack\x00', r5, 0x0, 0x4}, 0x18)
mkdir(0x0, 0x81)
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
r6 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r6, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[], [], 0x2f})
setsockopt(r0, 0x84, 0x83, 0x0, 0x0)

5.521174419s ago: executing program 0 (id=297):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000005c0))
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7abab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6005ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x1c00)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e20, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x7, 0x0, 0x3}}}}}}}, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val={0x0, 0x9100}, @void, @mpls={[{0x5}, {0x1, 0x0, 0x1}], @ipv4=@generic={{0x21, 0x4, 0x2, 0x3, 0xa4, 0x64, 0x0, 0xf1, 0x8, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @timestamp_addr={0x44, 0xc, 0xaa, 0x1, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}]}, @generic={0x88, 0x7, "2c2c0ba9c2"}, @lsrr={0x83, 0x13, 0x54, [@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @local]}, @timestamp={0x44, 0x18, 0xf9, 0x0, 0x1, [0x1, 0x800000, 0xaca, 0x9, 0x3]}, @rr={0x7, 0x3, 0x6e}, @timestamp_addr={0x44, 0x2c, 0x80, 0x1, 0x5, [{@loopback, 0x7}, {@dev={0xac, 0x14, 0x14, 0x1e}, 0x8}, {@empty, 0x80}, {@private=0xa010102, 0xf87}, {@private=0xa010101, 0x1c8}]}]}}, "ea73bc8971b388ced8ae85863fb0a9646bfec539c9c39b2b00159f50bd195a78"}}}, 0xb0)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r4)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x1c0, r5, 0x0, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "5221178bbe77c014a1127c060a33042df61b17b320"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x33}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc16f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffff7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd8b}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "d8f8d435c73647fe860095988c399925120afdc3449aad3599f6ab87da72a583"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x4}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xff9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x61}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8ab0bda9}]}]}, 0x1c0}}, 0x40004)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
bind$rds(r7, &(0x7f0000000080)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}})

3.936583504s ago: executing program 2 (id=298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

3.821621446s ago: executing program 3 (id=299):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f00000000c0)={0x9, <r2=>r0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r3 = msgget$private(0x0, 0x414)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x1})
write$6lowpan_enable(r2, &(0x7f0000000100)='1', 0x1)
msgsnd(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="030000000000000069c7ebf1b5a799543fde9072e1d5b321abf9b3056d9f9033a03d6ecefd209cb8182401114c3f81d4aa5207bcac2b18c475e6124e2f30c69b6f793a3087d4d0938b5f653d3879d769187bcf"], 0x0, 0xe800)

3.403822187s ago: executing program 2 (id=300):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000080)=0xcd, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x6f, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa230180c20000000800450000610000000000119078000000000000000000004e20004d9078040000000800000007000000000000619976f435146154d92432d8b2225dc095fb945eb8ceb4352c6b23cf3540475be62f8999cf5ba7ec7a139dfee8698d"], 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe19}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000018c0)=""/132, 0x84}], 0x1}, 0x10}], 0x1, 0x10000, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f00000000c0)={0x7, 'veth0\x00', {0x595d}, 0xe6d7})
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000040)=0x2000004, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

3.118626974s ago: executing program 3 (id=301):
openat$sysfs(0xffffffffffffff9c, 0x0, 0x1, 0x981fd82f67ed2adb)
fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x6, &(0x7f0000000100)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="12000000470000000400000002"], 0x50)
socketpair(0x1, 0x2, 0xfffffffc, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r3, &(0x7f00000003c0), &(0x7f0000000580)=@tcp=r4}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r3, &(0x7f0000000600), &(0x7f0000000a40)=@udp=r4, 0x2}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0x20000894)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
listen(r8, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0x8002)
r9 = syz_io_uring_setup(0x2a3d, &(0x7f0000000100)={0x0, 0x2005325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r9, 0x7a98, 0x0, 0x0, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sync_file_range(r1, 0x5, 0x6, 0x6)

1.99792106s ago: executing program 0 (id=302):
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0)

1.345325248s ago: executing program 3 (id=303):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) (async)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000013, 0x13, r2, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) (async)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0)

630.806575ms ago: executing program 2 (id=304):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
getuid()
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, r0}, 0x38)

391.383912ms ago: executing program 2 (id=305):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x16}, 0x2}, 0x1c, &(0x7f0000000680)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}], 0x1, 0x4000840)
shutdown(r0, 0x1)
setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0)="020000000d80ffff", 0x8)

301.00745ms ago: executing program 3 (id=306):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x500, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x41)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$PPPIOCGDEBUG(r2, 0x80047441, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d58c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb6220030100dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000066d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c9727ec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f0dafc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa1c22015e53fd8a46be933ab460d8629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8f12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d61800aaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e3c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c59869c9200a1306ffa5a71ca69e89a69fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0dc4b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec086174439af6ee6c7fdb2d19c9280fa9a02e8fa6a38acfff09050d912635fed175fd06f577d40000000000000000000000000000754bffd73c0888ba8834f20b3acea57b7817663e12c1a5503bc4c13af59bda21688d68698c53ce3aa767657774db09ece7ec888d3af290207d36fa433b35e17dc0f3dc728ea1c633a4ef9e7d9bf81b57492e0544800921d1b751c5fbc163"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, 0x55, 0x0, 0xffffffffffffffff, 0xfffffffffffffe24}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a820ff43052f002000636777fbac141443e000000d62079f4b4d2f87e56dca6aab845013f286dd1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0xfffffffffffffe97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x13, &(0x7f00000013c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYRES64=0x0], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kmem_cache_free\x00', r8}, 0x18)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000011c0)=ANY=[@ANYBLOB="10000000530400022bbd7000fcdbdf25f81002e6de8a933f2013db10264ad1d00ea9e43ee620248db8037ed93304ebb6894aee8a03d37aa4bc8f62637108acfb30892260bba096130f550163e985450ff70552d073e8a48ef2f068f051a71003e1ce6504844aab7d010000001fbca985307b5d8aa070651cb3adfb60c2be8e8a76f233f717675f1ff691fe2b489e9d84e96989da090813e097dcf044fc56b7e48d76ead3508fcba225640d17aa1ee3aa82ae9081f4c1665182148a03bb3584f7ea"], 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

180.267203ms ago: executing program 0 (id=307):
r0 = fsopen(0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000840)=""/189, 0xbd}], 0x1, 0xfffffffe, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
open_by_handle_at(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="280000004e0000000600000000000000ffffffffffffff7f00800000ec0000000000000003000000090000000000af1000006224ca9a224b788933fcfdb11aa0e04d85346b6fe652e3e227a1a6b2b1d714646fce1c07d8ce735109e70fab78d399b903631b053502b1dfdd29401b05a6fb4ead70a831cf1dae5cc1da517d22d1308a1e59ccbb07c6eafb70a63b75c6e8d29a11554009d9"], 0x2)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000b00), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000380)={0x1d, r6, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r5, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="1f", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=308):
socket$kcm(0x11, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6(0xa, 0x1, 0x8010000000000084)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r3, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20001000)
r4 = socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x20044080)

kernel console output (not intermixed with test programs):

[   87.159797][    T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.51' (ED25519) to the list of known hosts.
[   91.782834][ T5826] cgroup: Unknown subsys name 'net'
[   92.020220][ T5826] cgroup: Unknown subsys name 'cpuset'
[   92.055387][ T5826] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   94.073999][ T5826] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   98.981686][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.992581][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.993548][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.010911][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.011762][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.099250][   T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   99.102785][   T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   99.121114][   T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   99.124163][   T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   99.142139][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   99.144060][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   99.152379][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   99.154893][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   99.158095][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   99.159170][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   99.219525][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   99.221216][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   99.231241][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   99.247406][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   99.248389][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   99.255515][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   99.257205][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   99.272476][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   99.273866][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   99.275273][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  100.182355][ T5842] chnl_net:caif_netlink_parms(): no params data found
[  100.369342][ T5847] chnl_net:caif_netlink_parms(): no params data found
[  100.530673][ T5848] chnl_net:caif_netlink_parms(): no params data found
[  100.541463][ T5845] chnl_net:caif_netlink_parms(): no params data found
[  100.766652][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  101.076066][ T5843] Bluetooth: hci0: command tx timeout
[  101.102913][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.103938][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.104294][ T5842] bridge_slave_0: entered allmulticast mode
[  101.107489][ T5842] bridge_slave_0: entered promiscuous mode
[  101.245012][ T5843] Bluetooth: hci1: command tx timeout
[  101.262393][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.262546][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.262682][ T5842] bridge_slave_1: entered allmulticast mode
[  101.264437][ T5842] bridge_slave_1: entered promiscuous mode
[  101.314831][ T5155] Bluetooth: hci2: command tx timeout
[  101.315024][ T5155] Bluetooth: hci3: command tx timeout
[  101.315254][ T5843] Bluetooth: hci4: command tx timeout
[  101.575555][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.575747][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.576067][ T5847] bridge_slave_0: entered allmulticast mode
[  101.577772][ T5847] bridge_slave_0: entered promiscuous mode
[  101.795911][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.796057][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.796180][ T5847] bridge_slave_1: entered allmulticast mode
[  101.797892][ T5847] bridge_slave_1: entered promiscuous mode
[  101.804348][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.078231][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.175859][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.175963][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.176083][ T5848] bridge_slave_0: entered allmulticast mode
[  102.177777][ T5848] bridge_slave_0: entered promiscuous mode
[  102.180386][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.180496][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.180618][ T5845] bridge_slave_0: entered allmulticast mode
[  102.182567][ T5845] bridge_slave_0: entered promiscuous mode
[  102.423527][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.423689][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.423891][ T5848] bridge_slave_1: entered allmulticast mode
[  102.447702][ T5848] bridge_slave_1: entered promiscuous mode
[  102.507401][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.507640][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.507879][ T5845] bridge_slave_1: entered allmulticast mode
[  102.511478][ T5845] bridge_slave_1: entered promiscuous mode
[  102.527530][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.645830][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.645989][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.646176][ T5846] bridge_slave_0: entered allmulticast mode
[  102.648399][ T5846] bridge_slave_0: entered promiscuous mode
[  102.800618][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.802606][ T5842] team0: Port device team_slave_0 added
[  102.803119][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.803310][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.803512][ T5846] bridge_slave_1: entered allmulticast mode
[  102.816418][ T5846] bridge_slave_1: entered promiscuous mode
[  103.129561][ T5842] team0: Port device team_slave_1 added
[  103.154887][ T5843] Bluetooth: hci0: command tx timeout
[  103.221331][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.292733][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.325063][ T5843] Bluetooth: hci1: command tx timeout
[  103.404974][ T5851] Bluetooth: hci3: command tx timeout
[  103.405013][ T5851] Bluetooth: hci2: command tx timeout
[  103.405235][ T5843] Bluetooth: hci4: command tx timeout
[  103.439149][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.441068][ T5847] team0: Port device team_slave_0 added
[  103.445500][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.511015][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.617382][ T5847] team0: Port device team_slave_1 added
[  103.997606][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.997620][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.997634][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.002751][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.246829][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.246847][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.246874][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.327928][ T5848] team0: Port device team_slave_0 added
[  104.419018][ T5845] team0: Port device team_slave_0 added
[  104.510185][ T5848] team0: Port device team_slave_1 added
[  104.512027][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.512041][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.512068][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.517470][ T5845] team0: Port device team_slave_1 added
[  104.523494][ T5846] team0: Port device team_slave_0 added
[  104.597270][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.597289][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.597317][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.689673][ T5846] team0: Port device team_slave_1 added
[  105.089594][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.089609][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.089624][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.188369][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.188388][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.188411][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.246896][ T5843] Bluetooth: hci0: command tx timeout
[  105.290176][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.290194][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.290217][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.342313][ T5842] hsr_slave_0: entered promiscuous mode
[  105.343368][ T5842] hsr_slave_1: entered promiscuous mode
[  105.353970][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.353985][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.354007][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.361725][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.361738][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.361760][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.395483][ T5843] Bluetooth: hci1: command tx timeout
[  105.474882][ T5843] Bluetooth: hci4: command tx timeout
[  105.474920][ T5843] Bluetooth: hci2: command tx timeout
[  105.474942][ T5843] Bluetooth: hci3: command tx timeout
[  105.545086][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.545105][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.545134][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.699472][ T5847] hsr_slave_0: entered promiscuous mode
[  105.700338][ T5847] hsr_slave_1: entered promiscuous mode
[  105.701076][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[  105.701145][ T5847] Cannot create hsr debugfs directory
[  106.147870][ T5848] hsr_slave_0: entered promiscuous mode
[  106.149535][ T5848] hsr_slave_1: entered promiscuous mode
[  106.150587][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[  106.150609][ T5848] Cannot create hsr debugfs directory
[  106.398971][ T5845] hsr_slave_0: entered promiscuous mode
[  106.400412][ T5845] hsr_slave_1: entered promiscuous mode
[  106.401076][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[  106.401101][ T5845] Cannot create hsr debugfs directory
[  106.535566][ T5846] hsr_slave_0: entered promiscuous mode
[  106.541160][ T5846] hsr_slave_1: entered promiscuous mode
[  106.541842][ T5846] debugfs: 'hsr0' already exists in 'hsr'
[  106.541867][ T5846] Cannot create hsr debugfs directory
[  107.314928][ T5155] Bluetooth: hci0: command tx timeout
[  107.475737][ T5155] Bluetooth: hci1: command tx timeout
[  107.555994][ T5155] Bluetooth: hci3: command tx timeout
[  107.556030][ T5155] Bluetooth: hci2: command tx timeout
[  107.556053][ T5155] Bluetooth: hci4: command tx timeout
[  108.240233][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.282972][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.311139][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.384362][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.564735][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  108.620235][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  108.664480][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  108.731254][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  108.908147][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  108.973303][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  109.022354][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  109.080610][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  109.268339][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  109.310831][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  109.377096][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  109.432615][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  109.489754][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.633289][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  109.673011][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  109.710428][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  109.752099][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[  109.765406][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  109.870077][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.870713][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.939890][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.940095][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.979099][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.155732][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[  110.221962][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.242296][ T3644] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.242554][ T3644] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.291878][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.292052][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.390337][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[  110.472482][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.474365][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.493616][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.559866][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.562111][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.709455][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  110.771964][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.774018][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.774162][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.852413][ T1360] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.852562][ T1360] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.959727][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[  111.014111][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.014365][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.068158][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.103590][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.104866][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.477748][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.576884][ T5842] veth0_vlan: entered promiscuous mode
[  111.672279][ T5842] veth1_vlan: entered promiscuous mode
[  111.837867][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.945622][ T5847] veth0_vlan: entered promiscuous mode
[  111.998720][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.027479][ T5842] veth0_macvtap: entered promiscuous mode
[  112.038105][ T5847] veth1_vlan: entered promiscuous mode
[  112.079459][ T5842] veth1_macvtap: entered promiscuous mode
[  112.187043][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.204037][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.245417][ T5848] veth0_vlan: entered promiscuous mode
[  112.251272][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.322098][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.331610][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.341298][ T5848] veth1_vlan: entered promiscuous mode
[  112.342985][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.368611][ T5847] veth0_macvtap: entered promiscuous mode
[  112.404977][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.442302][ T5846] veth0_vlan: entered promiscuous mode
[  112.517092][ T5847] veth1_macvtap: entered promiscuous mode
[  112.631155][ T5846] veth1_vlan: entered promiscuous mode
[  112.790361][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.884247][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.910674][ T5848] veth0_macvtap: entered promiscuous mode
[  112.939384][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.939407][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.989831][ T5848] veth1_macvtap: entered promiscuous mode
[  112.993823][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.001503][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.048867][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.071279][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.141842][ T5846] veth0_macvtap: entered promiscuous mode
[  113.233361][ T1181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.233383][ T1181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.253329][ T5846] veth1_macvtap: entered promiscuous mode
[  113.335857][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.414235][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.535114][   T68] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.546881][   T68] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.559865][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.588630][   T68] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.592609][ T5845] veth0_vlan: entered promiscuous mode
[  113.647535][   T68] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.683557][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.706102][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.706123][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.807153][ T5845] veth1_vlan: entered promiscuous mode
[  113.814872][ T1360] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.858231][   T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.946248][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.017415][   T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.124681][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.124702][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.483533][ T1360] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.483557][ T1360] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.587609][ T5845] veth0_macvtap: entered promiscuous mode
[  114.737267][ T5845] veth1_macvtap: entered promiscuous mode
[  114.759360][  T157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.759392][  T157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.891002][ T1181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.891025][ T1181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.966346][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.010182][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.011776][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.058895][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.140766][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.143527][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.143915][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.144233][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.138332][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.138354][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.591236][ T1360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.591258][ T1360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.230031][ T5996] FAULT_INJECTION: forcing a failure.
[  117.230031][ T5996] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  117.230069][ T5996] CPU: 0 UID: 0 PID: 5996 Comm: syz.1.9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  117.230093][ T5996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  117.230105][ T5996] Call Trace:
[  117.230113][ T5996]  <TASK>
[  117.230122][ T5996]  dump_stack_lvl+0x189/0x250
[  117.230157][ T5996]  ? __pfx____ratelimit+0x10/0x10
[  117.230189][ T5996]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.230219][ T5996]  ? __pfx__printk+0x10/0x10
[  117.230256][ T5996]  should_fail_ex+0x46c/0x600
[  117.230304][ T5996]  strncpy_from_user+0x36/0x290
[  117.230336][ T5996]  getname_flags+0xf3/0x540
[  117.230369][ T5996]  __se_sys_mq_unlink+0xe2/0x420
[  117.230395][ T5996]  ? __pfx___se_sys_mq_unlink+0x10/0x10
[  117.230425][ T5996]  ? do_syscall_64+0xbe/0x3b0
[  117.230450][ T5996]  do_syscall_64+0xfa/0x3b0
[  117.230468][ T5996]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.230497][ T5996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.230517][ T5996]  ? clear_bhb_loop+0x60/0xb0
[  117.230542][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.230558][ T5996] RIP: 0033:0x7f8f9631eec9
[  117.230577][ T5996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.230593][ T5996] RSP: 002b:00007f8f9453c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f1
[  117.230616][ T5996] RAX: ffffffffffffffda RBX: 00007f8f96576180 RCX: 00007f8f9631eec9
[  117.230630][ T5996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  117.230643][ T5996] RBP: 00007f8f9453c090 R08: 0000000000000000 R09: 0000000000000000
[  117.230656][ T5996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.230667][ T5996] R13: 00007f8f96576218 R14: 00007f8f96576180 R15: 00007fff989c6448
[  117.230701][ T5996]  </TASK>
[  117.415992][   T10] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[  117.712685][   T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  117.712714][   T10] usb 4-1: config 0 has no interface number 0
[  117.712771][   T10] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  117.712798][   T10] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  117.712845][   T10] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  117.712868][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.834863][   T10] usb 4-1: config 0 descriptor??
[  117.855455][ T5981] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  117.927198][   T10] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  118.293215][ T6001] FAULT_INJECTION: forcing a failure.
[  118.293215][ T6001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.293241][ T6001] CPU: 1 UID: 0 PID: 6001 Comm: syz.1.10 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  118.293256][ T6001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  118.293269][ T6001] Call Trace:
[  118.293275][ T6001]  <TASK>
[  118.293280][ T6001]  dump_stack_lvl+0x189/0x250
[  118.293301][ T6001]  ? __pfx____ratelimit+0x10/0x10
[  118.293319][ T6001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.293335][ T6001]  ? __pfx__printk+0x10/0x10
[  118.293348][ T6001]  ? __might_fault+0xb0/0x130
[  118.293371][ T6001]  should_fail_ex+0x46c/0x600
[  118.293399][ T6001]  _copy_from_user+0x2d/0xb0
[  118.293414][ T6001]  ipv6_flowlabel_opt+0x11e0/0x23e0
[  118.293439][ T6001]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  118.293461][ T6001]  ? __pfx___local_bh_enable+0x10/0x10
[  118.293482][ T6001]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.293508][ T6001]  ? lock_sock_nested+0x5f/0x130
[  118.293522][ T6001]  ? lock_sock_nested+0xdd/0x130
[  118.293537][ T6001]  do_ipv6_setsockopt+0xdb0/0x2eb0
[  118.293559][ T6001]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  118.293573][ T6001]  ? __lock_acquire+0xab9/0xd20
[  118.293593][ T6001]  ? do_raw_spin_lock+0x121/0x290
[  118.293612][ T6001]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  118.293630][ T6001]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.293652][ T6001]  ? __lock_acquire+0xab9/0xd20
[  118.293679][ T6001]  ? __fget_files+0x2a/0x420
[  118.293698][ T6001]  ipv6_setsockopt+0x59/0x170
[  118.293712][ T6001]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  118.293728][ T6001]  do_sock_setsockopt+0x179/0x1b0
[  118.293748][ T6001]  __x64_sys_setsockopt+0x145/0x1b0
[  118.293763][ T6001]  do_syscall_64+0xfa/0x3b0
[  118.293772][ T6001]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.293787][ T6001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.293798][ T6001]  ? clear_bhb_loop+0x60/0xb0
[  118.293812][ T6001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.293822][ T6001] RIP: 0033:0x7f8f9631eec9
[  118.293833][ T6001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.293842][ T6001] RSP: 002b:00007f8f9457e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  118.293855][ T6001] RAX: ffffffffffffffda RBX: 00007f8f96575fa0 RCX: 00007f8f9631eec9
[  118.293863][ T6001] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000003
[  118.293870][ T6001] RBP: 00007f8f9457e090 R08: 000000000000fe60 R09: 0000000000000000
[  118.293877][ T6001] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  118.293884][ T6001] R13: 00007f8f96576038 R14: 00007f8f96575fa0 R15: 00007fff989c6448
[  118.293903][ T6001]  </TASK>
[  119.504577][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.514595][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.524576][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.534580][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.544576][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.554574][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.564574][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.574577][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.583755][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  119.584579][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  120.969294][ T6017] syz.2.13 (6017) used greatest stack depth: 17976 bytes left
[  121.156380][ T5997] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  121.238924][   T49] usb 4-1: USB disconnect, device number 2
[  121.324734][ T5997] usb 2-1: device descriptor read/64, error -71
[  121.574908][ T5997] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  121.755356][ T5997] usb 2-1: device descriptor read/64, error -71
[  121.865238][ T5997] usb usb2-port1: attempt power cycle
[  121.885409][ T5927] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  122.231659][ T5997] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  122.246215][ T5997] usb 2-1: device descriptor read/8, error -71
[  122.736330][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.736436][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.736534][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  122.736755][ T5927] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[  122.736954][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.093951][ T5927] usb 5-1: config 0 descriptor??
[  123.783796][ T5927] dragonrise 0003:0079:0011.0001: invalid report_count -326368751
[  123.783824][ T5927] dragonrise 0003:0079:0011.0001: item 0 4 1 9 parsing failed
[  123.792030][ T5927] dragonrise 0003:0079:0011.0001: parse failed
[  123.792117][ T5927] dragonrise 0003:0079:0011.0001: probe with driver dragonrise failed with error -22
[  124.148833][ T5854] usb 5-1: USB disconnect, device number 2
[  124.326826][ T6045] netlink: 20 bytes leftover after parsing attributes in process `syz.3.19'.
[  124.570359][ T6049] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  124.744725][ T5997] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  124.768336][ T6052] netlink: 'syz.0.22': attribute type 12 has an invalid length.
[  124.768359][ T6052] netlink: 'syz.0.22': attribute type 29 has an invalid length.
[  124.768372][ T6052] netlink: 148 bytes leftover after parsing attributes in process `syz.0.22'.
[  124.768401][ T6052] netlink: 59 bytes leftover after parsing attributes in process `syz.0.22'.
[  124.768711][ T6052] Zero length message leads to an empty skb
[  124.894776][ T5997] usb 2-1: Using ep0 maxpacket: 32
[  124.914471][ T5997] usb 2-1: unable to get BOS descriptor or descriptor too short
[  124.926295][ T5997] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[  124.926325][ T5997] usb 2-1: config 0 has no interface number 0
[  124.926382][ T5997] usb 2-1: config 0 interface 143 altsetting 77 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  124.926410][ T5997] usb 2-1: config 0 interface 143 has no altsetting 0
[  124.970307][ T5997] usb 2-1: New USB device found, idVendor=13b1, idProduct=0041, bcdDevice=b0.69
[  124.970338][ T5997] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.970358][ T5997] usb 2-1: Product: syz
[  124.970372][ T5997] usb 2-1: Manufacturer: syz
[  124.970386][ T5997] usb 2-1: SerialNumber: syz
[  125.019046][ T5997] r8152-cfgselector 2-1: Unknown version 0x0000
[  125.019074][ T5997] r8152-cfgselector 2-1: config 0 descriptor??
[  125.041150][ T5997] r8152 2-1:0.143: Expected endpoints are not found
[  125.382992][ T6044] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'.
[  125.383018][ T6044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.21'.
[  126.057889][ T5997] r8152-cfgselector 2-1: USB disconnect, device number 6
[  126.555867][   T49] hid-generic 0000:100003:0001.0002: unknown main item tag 0x0
[  126.555911][   T49] hid-generic 0000:100003:0001.0002: unknown main item tag 0x0
[  126.636130][   T49] hid-generic 0000:100003:0001.0002: hidraw0: <UNKNOWN> HID v0.03 Device [syz0] on syz1
[  126.964941][ T6073] netlink: 36 bytes leftover after parsing attributes in process `syz.1.28'.
[  126.965210][ T6072] netlink: 36 bytes leftover after parsing attributes in process `syz.1.28'.
[  128.736064][ T6083] FAULT_INJECTION: forcing a failure.
[  128.736064][ T6083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.736102][ T6083] CPU: 1 UID: 0 PID: 6083 Comm: syz.1.31 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  128.736125][ T6083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  128.736136][ T6083] Call Trace:
[  128.736144][ T6083]  <TASK>
[  128.736154][ T6083]  dump_stack_lvl+0x189/0x250
[  128.736190][ T6083]  ? __pfx____ratelimit+0x10/0x10
[  128.736220][ T6083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.736249][ T6083]  ? __pfx__printk+0x10/0x10
[  128.736285][ T6083]  should_fail_ex+0x46c/0x600
[  128.736321][ T6083]  _copy_to_user+0x31/0xb0
[  128.736349][ T6083]  __se_sys_move_pages+0x159d/0x1880
[  128.736399][ T6083]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  128.736431][ T6083]  ? __pfx___se_sys_move_pages+0x10/0x10
[  128.736475][ T6083]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  128.736522][ T6083]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  128.736559][ T6083]  ? fput+0xa0/0xd0
[  128.736579][ T6083]  ? ksys_write+0x230/0x260
[  128.736607][ T6083]  ? __pfx_ksys_write+0x10/0x10
[  128.736638][ T6083]  ? __x64_sys_move_pages+0x21/0xf0
[  128.736673][ T6083]  do_syscall_64+0xfa/0x3b0
[  128.736691][ T6083]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.736720][ T6083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.736740][ T6083]  ? clear_bhb_loop+0x60/0xb0
[  128.736765][ T6083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.736785][ T6083] RIP: 0033:0x7f8f9631eec9
[  128.736803][ T6083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.736819][ T6083] RSP: 002b:00007f8f9455d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
[  128.736841][ T6083] RAX: ffffffffffffffda RBX: 00007f8f96576090 RCX: 00007f8f9631eec9
[  128.736856][ T6083] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 0000000000000000
[  128.736869][ T6083] RBP: 00007f8f9455d090 R08: 0000000000000000 R09: 0000000000000000
[  128.736881][ T6083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.736893][ T6083] R13: 00007f8f96576128 R14: 00007f8f96576090 R15: 00007fff989c6448
[  128.736926][ T6083]  </TASK>
[  129.534066][ T6087] program syz.2.33 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  129.711386][ T6091] warning: `syz.0.34' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  130.820115][ T6106] binder: 6105:6106 ioctl c0306201 0 returned -14
[  131.082435][  T992] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  131.267944][  T992] usb 5-1: Using ep0 maxpacket: 16
[  131.308546][  T992] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  131.308575][  T992] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.308594][  T992] usb 5-1: config 0 has no interface number 0
[  131.308647][  T992] usb 5-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  131.308671][  T992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.369239][  T992] usb 5-1: config 0 descriptor??
[  131.388059][  T992] usb 5-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  131.388082][  T992] usb 5-1: No valid video chain found.
[  131.523323][ T6119] 9pnet_fd: Insufficient options for proto=fd
[  131.617992][ T6005] usb 5-1: USB disconnect, device number 3
[  133.257318][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  133.257432][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  133.365769][ T6141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.47'.
[  133.382822][ T6141] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.584765][ T6005] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  133.854750][ T6005] usb 2-1: Using ep0 maxpacket: 16
[  133.901653][ T6142] CUSE: unknown device info ""
[  133.901755][ T6142] CUSE: zero length info key specified
[  135.668652][ T6005] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  135.668685][ T6005] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.668704][ T6005] usb 2-1: Product: syz
[  135.668718][ T6005] usb 2-1: Manufacturer: syz
[  135.668732][ T6005] usb 2-1: SerialNumber: syz
[  135.692474][ T6005] usb 2-1: config 0 descriptor??
[  135.697421][ T6005] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  136.488815][ T6005] ssu100 2-1:0.0: probe with driver ssu100 failed with error -110
[  136.574184][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.581847][  T992] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  136.830229][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.985276][  T992] usb 3-1: Using ep0 maxpacket: 32
[  137.116133][    C0] vkms_vblank_simulate: vblank timer overrun
[  137.193576][  T992] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  137.193606][  T992] usb 3-1: config 0 has no interface number 0
[  137.220455][  T992] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  137.220488][  T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.220508][  T992] usb 3-1: Product: syz
[  137.220522][  T992] usb 3-1: Manufacturer: syz
[  137.220536][  T992] usb 3-1: SerialNumber: syz
[  137.345444][  T992] usb 3-1: config 0 descriptor??
[  137.374338][  T992] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  137.786895][  T992] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  137.806531][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short
[  137.851752][  T992] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  138.117738][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  138.125316][ T5854] usb 3-1: USB disconnect, device number 2
[  138.202946][    C0] vkms_vblank_simulate: vblank timer overrun
[  138.673729][    C0] vkms_vblank_simulate: vblank timer overrun
[  138.949644][    C0] vkms_vblank_simulate: vblank timer overrun
[  139.098931][    C0] vkms_vblank_simulate: vblank timer overrun
[  139.275145][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.049139][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.148142][   T49] usb 2-1: USB disconnect, device number 7
[  140.594976][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.829241][    C0] vkms_vblank_simulate: vblank timer overrun
[  143.657592][ T5854] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  143.703776][ T5854] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  143.732835][ T5854] quatech2 3-1:0.51: device disconnected
[  145.027324][ T6194] Device name cannot be null; rc = [-22]
[  145.568196][ T6201] FAULT_INJECTION: forcing a failure.
[  145.568196][ T6201] name failslab, interval 1, probability 0, space 0, times 1
[  145.568234][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.3.61 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  145.568256][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  145.568267][ T6201] Call Trace:
[  145.568276][ T6201]  <TASK>
[  145.568293][ T6201]  dump_stack_lvl+0x189/0x250
[  145.568328][ T6201]  ? __pfx____ratelimit+0x10/0x10
[  145.568359][ T6201]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.568388][ T6201]  ? __pfx__printk+0x10/0x10
[  145.568418][ T6201]  ? __pfx___might_resched+0x10/0x10
[  145.568445][ T6201]  should_fail_ex+0x46c/0x600
[  145.568480][ T6201]  should_failslab+0xa8/0x100
[  145.568510][ T6201]  __kmalloc_noprof+0xcb/0x430
[  145.568535][ T6201]  ? sock_kmalloc+0xd6/0x160
[  145.568563][ T6201]  sock_kmalloc+0xd6/0x160
[  145.568587][ T6201]  skcipher_recvmsg+0x588/0x11e0
[  145.568618][ T6201]  ? kernel_text_address+0xa5/0xe0
[  145.568648][ T6201]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  145.568672][ T6201]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  145.568691][ T6201]  ? security_socket_recvmsg+0x7e/0x2e0
[  145.568714][ T6201]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  145.568734][ T6201]  sock_recvmsg+0x229/0x270
[  145.568766][ T6201]  sock_read_iter+0x23a/0x2f0
[  145.568788][ T6201]  ? stack_depot_save_flags+0x40/0x860
[  145.568819][ T6201]  ? __pfx_sock_read_iter+0x10/0x10
[  145.568861][ T6201]  ? rw_verify_area+0x2ac/0x4e0
[  145.568884][ T6201]  ? import_ubuf+0xfb/0x1d0
[  145.568912][ T6201]  aio_read+0x317/0x480
[  145.568939][ T6201]  ? __pfx_aio_read+0x10/0x10
[  145.568986][ T6201]  ? __might_fault+0xb0/0x130
[  145.569038][ T6201]  io_submit_one+0x768/0x1310
[  145.569076][ T6201]  ? __pfx_io_submit_one+0x10/0x10
[  145.569097][ T6201]  ? __might_fault+0xb0/0x130
[  145.569140][ T6201]  ? __might_fault+0xb0/0x130
[  145.569175][ T6201]  __se_sys_io_submit+0x185/0x2f0
[  145.569207][ T6201]  ? __pfx___se_sys_io_submit+0x10/0x10
[  145.569232][ T6201]  ? ksys_write+0x230/0x260
[  145.569271][ T6201]  ? do_syscall_64+0xbe/0x3b0
[  145.569307][ T6201]  do_syscall_64+0xfa/0x3b0
[  145.569324][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.569353][ T6201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.569373][ T6201]  ? clear_bhb_loop+0x60/0xb0
[  145.569398][ T6201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.569417][ T6201] RIP: 0033:0x7f4c33daeec9
[  145.569436][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.569453][ T6201] RSP: 002b:00007f4c32016038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  145.569475][ T6201] RAX: ffffffffffffffda RBX: 00007f4c34005fa0 RCX: 00007f4c33daeec9
[  145.569490][ T6201] RDX: 0000200000000580 RSI: 0000000000000001 RDI: 00007f4c33fde000
[  145.569503][ T6201] RBP: 00007f4c32016090 R08: 0000000000000000 R09: 0000000000000000
[  145.569515][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.569527][ T6201] R13: 00007f4c34006038 R14: 00007f4c34005fa0 R15: 00007ffeef269a58
[  145.569561][ T6201]  </TASK>
[  147.806782][  T992] delete_channel: no stack
[  147.938962][ T6207] tty tty2: ldisc open failed (-12), clearing slot 1
[  148.004640][  T992] IPVS: starting estimator thread 0...
[  148.139365][ T6212] IPVS: using max 6 ests per chain, 14400 per kthread
[  150.923460][ T6235] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  150.923475][ T6235] CUSE: zero length info key specified
[  151.261437][ T5155] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  151.287768][ T5155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  151.289828][ T5155] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  151.292389][ T5155] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  151.318291][ T5155] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  152.429156][ T6233] delete_channel: no stack
[  154.171173][ T5843] Bluetooth: hci5: command tx timeout
[  154.246893][ T6238] chnl_net:caif_netlink_parms(): no params data found
[  154.758972][ T6258] FAULT_INJECTION: forcing a failure.
[  154.758972][ T6258] name failslab, interval 1, probability 0, space 0, times 0
[  154.759010][ T6258] CPU: 0 UID: 0 PID: 6258 Comm: syz.0.77 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  154.759033][ T6258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  154.759045][ T6258] Call Trace:
[  154.759053][ T6258]  <TASK>
[  154.759063][ T6258]  dump_stack_lvl+0x189/0x250
[  154.759098][ T6258]  ? __pfx____ratelimit+0x10/0x10
[  154.759140][ T6258]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.759169][ T6258]  ? __pfx__printk+0x10/0x10
[  154.759210][ T6258]  should_fail_ex+0x46c/0x600
[  154.759247][ T6258]  should_failslab+0xa8/0x100
[  154.759277][ T6258]  __kmalloc_noprof+0xcb/0x430
[  154.759303][ T6258]  ? ___neigh_create+0x722/0x2360
[  154.759332][ T6258]  ? ip6_finish_output2+0x710/0x1720
[  154.759358][ T6258]  ___neigh_create+0x722/0x2360
[  154.759396][ T6258]  ? __ipv6_neigh_lookup_noref+0x531/0x710
[  154.759426][ T6258]  ? dev_loopback_xmit+0x323/0x4e0
[  154.759457][ T6258]  ? ip6_finish_output2+0x710/0x1720
[  154.759480][ T6258]  ip6_finish_output2+0xb51/0x1720
[  154.759514][ T6258]  ? ip6_finish_output2+0x710/0x1720
[  154.759548][ T6258]  ? ip6_mtu+0x7d/0x3f0
[  154.759570][ T6258]  ? __pfx_ip6_finish_output2+0x10/0x10
[  154.759598][ T6258]  ? ip6_mtu+0x7d/0x3f0
[  154.759619][ T6258]  ? ip6_mtu+0x321/0x3f0
[  154.759644][ T6258]  ? ip6_finish_output+0x2ef/0x4e0
[  154.759673][ T6258]  ip6_mr_output+0x4e9/0x1100
[  154.759698][ T6258]  ? __lock_acquire+0xab9/0xd20
[  154.759731][ T6258]  ? ip6_mr_output+0x1ca/0x1100
[  154.759762][ T6258]  ? __pfx_ip6_mr_output+0x10/0x10
[  154.759796][ T6258]  ? __ip6_local_out+0x609/0x870
[  154.759831][ T6258]  ? __ip6_local_out+0x82c/0x870
[  154.759861][ T6258]  ? __ip6_local_out+0x609/0x870
[  154.759907][ T6258]  ? skb_dst+0x4f/0xd0
[  154.759937][ T6258]  ? dst_output+0x17b/0x1c0
[  154.759965][ T6258]  ? ip6_send_skb+0x10f/0x390
[  154.759993][ T6258]  ip6_send_skb+0x1d5/0x390
[  154.760023][ T6258]  udp_v6_send_skb+0xc17/0x1830
[  154.760072][ T6258]  udpv6_sendmsg+0x1baf/0x24b0
[  154.760116][ T6258]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  154.760144][ T6258]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  154.760179][ T6258]  ? smack_socket_sendmsg+0x1a7/0x520
[  154.760244][ T6258]  ? inet_send_prepare+0x5c/0x270
[  154.760273][ T6258]  ? inet6_sendmsg+0xe4/0x120
[  154.760296][ T6258]  __sock_sendmsg+0xe5/0x270
[  154.760326][ T6258]  ____sys_sendmsg+0x534/0x820
[  154.760355][ T6258]  ? __pfx_____sys_sendmsg+0x10/0x10
[  154.760388][ T6258]  ? import_iovec+0x74/0xa0
[  154.760419][ T6258]  ___sys_sendmsg+0x21f/0x2a0
[  154.760445][ T6258]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.760519][ T6258]  ? __fget_files+0x2a/0x420
[  154.760547][ T6258]  ? __fget_files+0x3a6/0x420
[  154.760589][ T6258]  __sys_sendmmsg+0x22d/0x430
[  154.760618][ T6258]  ? __pfx___sys_sendmmsg+0x10/0x10
[  154.760652][ T6258]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  154.760696][ T6258]  ? ksys_write+0x230/0x260
[  154.760725][ T6258]  ? __pfx_ksys_write+0x10/0x10
[  154.760747][ T6258]  ? rcu_is_watching+0x15/0xb0
[  154.760787][ T6258]  __x64_sys_sendmmsg+0xa0/0xc0
[  154.760811][ T6258]  do_syscall_64+0xfa/0x3b0
[  154.760829][ T6258]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.760857][ T6258]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.760877][ T6258]  ? clear_bhb_loop+0x60/0xb0
[  154.760903][ T6258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.760923][ T6258] RIP: 0033:0x7f7416eaeec9
[  154.760943][ T6258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.760960][ T6258] RSP: 002b:00007f741510e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  154.760982][ T6258] RAX: ffffffffffffffda RBX: 00007f7417105fa0 RCX: 00007f7416eaeec9
[  154.760997][ T6258] RDX: 0000000000000001 RSI: 0000200000000e00 RDI: 0000000000000003
[  154.761009][ T6258] RBP: 00007f741510e090 R08: 0000000000000000 R09: 0000000000000000
[  154.761022][ T6258] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  154.761034][ T6258] R13: 00007f7417106038 R14: 00007f7417105fa0 R15: 00007fffa3c8bd98
[  154.761067][ T6258]  </TASK>
[  156.194835][ T5843] Bluetooth: hci5: command tx timeout
[  159.566620][ T5843] Bluetooth: hci5: command tx timeout
[  161.873749][ T5843] Bluetooth: hci5: command tx timeout
[  162.724907][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  162.854742][    T9] usb 3-1: device descriptor read/64, error -71
[  162.988277][ T6303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'.
[  164.144862][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  165.295324][    T9] usb 3-1: device descriptor read/64, error -71
[  165.408865][    T9] usb usb3-port1: attempt power cycle
[  168.423471][ T6337] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  168.572628][ T5997] libceph: connect (1)[c::]:6789 error -101
[  168.591154][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  168.640238][ T5997] libceph: connect (1)[c::]:6789 error -101
[  168.640467][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  168.674689][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.674871][ T6238] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.675208][ T6238] bridge_slave_0: entered allmulticast mode
[  168.675349][ T6345] ceph: No mds server is up or the cluster is laggy
[  168.710819][ T6238] bridge_slave_0: entered promiscuous mode
[  169.024815][ T5997] libceph: connect (1)[c::]:6789 error -101
[  169.070708][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  170.302687][ T3591] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.502771][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.515087][ T6238] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.515336][ T6238] bridge_slave_1: entered allmulticast mode
[  170.545932][ T6238] bridge_slave_1: entered promiscuous mode
[  170.734757][ T6013] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  170.837354][ T6367] netlink: 20 bytes leftover after parsing attributes in process `syz.0.106'.
[  170.941117][ T6013] usb 3-1: Using ep0 maxpacket: 8
[  171.354489][ T6013] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  171.354640][ T6013] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF
[  171.354668][ T6013] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  171.378119][ T6013] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  171.378147][ T6013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.378164][ T6013] usb 3-1: Product: syz
[  171.378177][ T6013] usb 3-1: Manufacturer: syz
[  171.378189][ T6013] usb 3-1: SerialNumber: syz
[  171.663426][ T3591] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.221877][ T6238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.139996][ T3591] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.368239][ T6238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.683513][ T6013] cdc_ncm 3-1:1.0: bind() failure
[  174.752204][ T6013] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  174.752260][ T6013] cdc_ncm 3-1:1.1: bind() failure
[  174.837731][ T6013] usb 3-1: USB disconnect, device number 6
[  174.907470][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.110'.
[  176.231797][ T3591] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.323989][ T6238] team0: Port device team_slave_0 added
[  176.423843][ T6238] team0: Port device team_slave_1 added
[  180.496913][ T6413] syz.0.113 (6413) used greatest stack depth: 15920 bytes left
[  180.740639][ T6423] FAULT_INJECTION: forcing a failure.
[  180.740639][ T6423] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.740676][ T6423] CPU: 0 UID: 0 PID: 6423 Comm: syz.0.120 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  180.740699][ T6423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  180.740711][ T6423] Call Trace:
[  180.740719][ T6423]  <TASK>
[  180.740729][ T6423]  dump_stack_lvl+0x189/0x250
[  180.740764][ T6423]  ? __pfx____ratelimit+0x10/0x10
[  180.740796][ T6423]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.740825][ T6423]  ? __pfx__printk+0x10/0x10
[  180.740848][ T6423]  ? __might_fault+0xb0/0x130
[  180.740900][ T6423]  should_fail_ex+0x46c/0x600
[  180.740936][ T6423]  _copy_from_user+0x2d/0xb0
[  180.740963][ T6423]  generic_map_update_batch+0x51b/0x7f0
[  180.740998][ T6423]  ? __pfx_generic_map_update_batch+0x10/0x10
[  180.741018][ T6423]  ? __fget_files+0x2a/0x420
[  180.741055][ T6423]  ? __pfx_generic_map_update_batch+0x10/0x10
[  180.741072][ T6423]  bpf_map_do_batch+0x378/0x5f0
[  180.741104][ T6423]  __sys_bpf+0x6af/0x870
[  180.741130][ T6423]  ? __pfx___sys_bpf+0x10/0x10
[  180.741170][ T6423]  ? ksys_write+0x230/0x260
[  180.741198][ T6423]  ? __pfx_ksys_write+0x10/0x10
[  180.741220][ T6423]  ? rcu_is_watching+0x15/0xb0
[  180.741259][ T6423]  __x64_sys_bpf+0x7c/0x90
[  180.741283][ T6423]  do_syscall_64+0xfa/0x3b0
[  180.741300][ T6423]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.741329][ T6423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.741348][ T6423]  ? clear_bhb_loop+0x60/0xb0
[  180.741373][ T6423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.741392][ T6423] RIP: 0033:0x7f7416eaeec9
[  180.741419][ T6423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.741435][ T6423] RSP: 002b:00007f741510e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  180.741457][ T6423] RAX: ffffffffffffffda RBX: 00007f7417105fa0 RCX: 00007f7416eaeec9
[  180.741472][ T6423] RDX: 0000000000000038 RSI: 00002000000009c0 RDI: 000000000000001a
[  180.741484][ T6423] RBP: 00007f741510e090 R08: 0000000000000000 R09: 0000000000000000
[  180.741497][ T6423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.741508][ T6423] R13: 00007f7417106038 R14: 00007f7417105fa0 R15: 00007fffa3c8bd98
[  180.741541][ T6423]  </TASK>
[  181.281661][ T6424] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  181.282681][ T6424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.118'.
[  181.414699][   T37] audit: type=1326 audit(1758745041.052:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f204073eec9 code=0x7ffc0000
[  181.419211][   T37] audit: type=1326 audit(1758745041.052:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f204073d710 code=0x7ffc0000
[  181.484099][   T37] audit: type=1326 audit(1758745041.052:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.484158][   T37] audit: type=1326 audit(1758745041.102:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.809869][   T37] audit: type=1326 audit(1758745041.442:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.809926][   T37] audit: type=1326 audit(1758745041.442:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.809973][   T37] audit: type=1326 audit(1758745041.442:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.848138][   T37] audit: type=1326 audit(1758745041.482:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.868300][ T6238] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.868316][ T6238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.868338][ T6238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.888317][ T6238] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.888332][ T6238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.888354][ T6238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.904758][ T6013] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  181.905644][   T37] audit: type=1326 audit(1758745041.542:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  181.906294][   T37] audit: type=1326 audit(1758745041.542:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6434 comm="syz.2.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f204073eacb code=0x7ffc0000
[  182.054710][ T6013] usb 3-1: Using ep0 maxpacket: 16
[  182.355113][ T6013] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.355149][ T6013] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.355172][ T6013] usb 3-1: config 0 interface 0 has no altsetting 0
[  182.355209][ T6013] usb 3-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  182.355232][ T6013] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.373522][ T6013] usb 3-1: config 0 descriptor??
[  183.034158][ T6013] lenovo 0003:17EF:6009.0003: unknown main item tag 0x0
[  183.034200][ T6013] lenovo 0003:17EF:6009.0003: unknown main item tag 0x0
[  183.034225][ T6013] lenovo 0003:17EF:6009.0003: unknown main item tag 0x0
[  183.034249][ T6013] lenovo 0003:17EF:6009.0003: unknown main item tag 0x0
[  183.047338][ T6013] lenovo 0003:17EF:6009.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.2-1/input0
[  184.101310][ T6435] program syz.2.122 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  184.506183][ T6238] hsr_slave_0: entered promiscuous mode
[  184.507706][ T6238] hsr_slave_1: entered promiscuous mode
[  184.508784][ T6238] debugfs: 'hsr0' already exists in 'hsr'
[  184.508810][ T6238] Cannot create hsr debugfs directory
[  184.573123][ T6013] usb 3-1: USB disconnect, device number 7
[  184.741621][ T6445] fido_id[6445]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  185.493010][ T6459] FAULT_INJECTION: forcing a failure.
[  185.493010][ T6459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.493047][ T6459] CPU: 1 UID: 0 PID: 6459 Comm: syz.2.126 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  185.493070][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  185.493081][ T6459] Call Trace:
[  185.493089][ T6459]  <TASK>
[  185.493098][ T6459]  dump_stack_lvl+0x189/0x250
[  185.493133][ T6459]  ? __pfx____ratelimit+0x10/0x10
[  185.493164][ T6459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.493193][ T6459]  ? __pfx__printk+0x10/0x10
[  185.493217][ T6459]  ? __might_fault+0xb0/0x130
[  185.493260][ T6459]  should_fail_ex+0x46c/0x600
[  185.493296][ T6459]  _copy_from_user+0x2d/0xb0
[  185.493323][ T6459]  snd_seq_write+0x30b/0x820
[  185.493365][ T6459]  ? __pfx_snd_seq_write+0x10/0x10
[  185.493389][ T6459]  ? do_raw_spin_lock+0x121/0x290
[  185.493420][ T6459]  ? rw_verify_area+0x25b/0x4e0
[  185.493443][ T6459]  ? __lock_acquire+0xab9/0xd20
[  185.493467][ T6459]  ? __pfx_snd_seq_write+0x10/0x10
[  185.493496][ T6459]  vfs_write+0x287/0xb40
[  185.493532][ T6459]  ? __pfx_vfs_write+0x10/0x10
[  185.493560][ T6459]  ? __fget_files+0x2a/0x420
[  185.493599][ T6459]  ? __fget_files+0x2a/0x420
[  185.493627][ T6459]  ? __fget_files+0x3a6/0x420
[  185.493653][ T6459]  ? __fget_files+0x2a/0x420
[  185.493692][ T6459]  ksys_write+0x14b/0x260
[  185.493720][ T6459]  ? __pfx_ksys_write+0x10/0x10
[  185.493742][ T6459]  ? rcu_is_watching+0x15/0xb0
[  185.493779][ T6459]  ? do_syscall_64+0xbe/0x3b0
[  185.493803][ T6459]  do_syscall_64+0xfa/0x3b0
[  185.493821][ T6459]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.493849][ T6459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.493869][ T6459]  ? clear_bhb_loop+0x60/0xb0
[  185.493891][ T6459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.493910][ T6459] RIP: 0033:0x7f204073eec9
[  185.493929][ T6459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.493946][ T6459] RSP: 002b:00007f203e99e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  185.493968][ T6459] RAX: ffffffffffffffda RBX: 00007f2040995fa0 RCX: 00007f204073eec9
[  185.493982][ T6459] RDX: 00000000fffffee4 RSI: 00002000000000c0 RDI: 0000000000000003
[  185.493995][ T6459] RBP: 00007f203e99e090 R08: 0000000000000000 R09: 0000000000000000
[  185.494007][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.494019][ T6459] R13: 00007f2040996038 R14: 00007f2040995fa0 R15: 00007ffe2f3006b8
[  185.494054][ T6459]  </TASK>
[  185.875117][   T31] libceph: connect (1)[c::]:6789 error -101
[  185.875269][   T31] libceph: mon0 (1)[c::]:6789 connect error
[  186.117675][ T3591] bridge_slave_1: left allmulticast mode
[  186.120328][ T3591] bridge_slave_1: left promiscuous mode
[  186.125396][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.366043][ T5854] libceph: connect (1)[c::]:6789 error -101
[  186.366280][ T5854] libceph: mon0 (1)[c::]:6789 connect error
[  187.610834][ T5854] libceph: connect (1)[c::]:6789 error -101
[  187.611096][ T5854] libceph: mon0 (1)[c::]:6789 connect error
[  187.652956][ T3591] bridge_slave_0: left allmulticast mode
[  187.653226][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.895155][ T6462] ceph: No mds server is up or the cluster is laggy
[  191.867001][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.946358][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.991033][ T3591] bond0 (unregistering): Released all slaves
[  192.574316][ T6480] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  193.427814][ T5907] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  194.401468][ T5907] usb 1-1: Using ep0 maxpacket: 8
[  194.607843][ T5907] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  194.607865][ T5907] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  194.607879][ T5907] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  194.607892][ T5907] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  194.607918][ T5907] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  194.607930][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.875109][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  194.875994][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  195.766170][ T5907] usb 1-1: can't set config #16, error -71
[  195.823972][ T5907] usb 1-1: USB disconnect, device number 2
[  197.087185][ T6514] FAULT_INJECTION: forcing a failure.
[  197.087185][ T6514] name failslab, interval 1, probability 0, space 0, times 0
[  197.087222][ T6514] CPU: 1 UID: 0 PID: 6514 Comm: syz.3.139 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  197.087245][ T6514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  197.087256][ T6514] Call Trace:
[  197.087264][ T6514]  <TASK>
[  197.087273][ T6514]  dump_stack_lvl+0x189/0x250
[  197.087309][ T6514]  ? __pfx____ratelimit+0x10/0x10
[  197.087340][ T6514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.087369][ T6514]  ? __pfx__printk+0x10/0x10
[  197.087406][ T6514]  ? __pfx___might_resched+0x10/0x10
[  197.087429][ T6514]  ? fs_reclaim_acquire+0x7d/0x100
[  197.087455][ T6514]  should_fail_ex+0x46c/0x600
[  197.087488][ T6514]  ? skb_clone+0x212/0x3a0
[  197.087508][ T6514]  should_failslab+0xa8/0x100
[  197.087537][ T6514]  ? skb_clone+0x212/0x3a0
[  197.087556][ T6514]  kmem_cache_alloc_noprof+0x6e/0x310
[  197.087590][ T6514]  skb_clone+0x212/0x3a0
[  197.087608][ T6514]  ? nfnetlink_rcv+0x486/0x2530
[  197.087635][ T6514]  nfnetlink_rcv+0x4b4/0x2530
[  197.087663][ T6514]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  197.087695][ T6514]  ? __dev_queue_xmit+0x26f/0x3b70
[  197.087734][ T6514]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  197.087777][ T6514]  ? ref_tracker_free+0x61e/0x7c0
[  197.087808][ T6514]  ? __asan_memcpy+0x40/0x70
[  197.087828][ T6514]  ? __pfx_ref_tracker_free+0x10/0x10
[  197.087856][ T6514]  ? __skb_clone+0x63/0x7a0
[  197.087881][ T6514]  ? __skb_clone+0x483/0x7a0
[  197.087908][ T6514]  ? skb_clone+0x246/0x3a0
[  197.087932][ T6514]  ? __netlink_deliver_tap+0x807/0x850
[  197.087960][ T6514]  ? netlink_deliver_tap+0x2e/0x1b0
[  197.088009][ T6514]  netlink_unicast+0x843/0xa10
[  197.088044][ T6514]  ? __pfx_netlink_unicast+0x10/0x10
[  197.088072][ T6514]  ? netlink_sendmsg+0x642/0xb30
[  197.088097][ T6514]  ? skb_put+0x11b/0x210
[  197.088131][ T6514]  netlink_sendmsg+0x805/0xb30
[  197.088170][ T6514]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.088208][ T6514]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  197.088228][ T6514]  ? __pfx_netlink_sendmsg+0x10/0x10
[  197.088255][ T6514]  __sock_sendmsg+0x21c/0x270
[  197.088282][ T6514]  ____sys_sendmsg+0x508/0x820
[  197.088309][ T6514]  ? __pfx_____sys_sendmsg+0x10/0x10
[  197.088339][ T6514]  ? import_iovec+0x74/0xa0
[  197.088392][ T6514]  ___sys_sendmsg+0x21f/0x2a0
[  197.088416][ T6514]  ? __pfx____sys_sendmsg+0x10/0x10
[  197.088477][ T6514]  ? __fget_files+0x2a/0x420
[  197.088504][ T6514]  ? __fget_files+0x3a6/0x420
[  197.088543][ T6514]  __x64_sys_sendmsg+0x1a1/0x260
[  197.088567][ T6514]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  197.088598][ T6514]  ? __pfx_ksys_write+0x10/0x10
[  197.088620][ T6514]  ? rcu_is_watching+0x15/0xb0
[  197.088655][ T6514]  ? do_syscall_64+0xbe/0x3b0
[  197.088678][ T6514]  do_syscall_64+0xfa/0x3b0
[  197.088695][ T6514]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.088725][ T6514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.088744][ T6514]  ? clear_bhb_loop+0x60/0xb0
[  197.088769][ T6514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.088787][ T6514] RIP: 0033:0x7f4c33daeec9
[  197.088805][ T6514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.088822][ T6514] RSP: 002b:00007f4c32016038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  197.088844][ T6514] RAX: ffffffffffffffda RBX: 00007f4c34005fa0 RCX: 00007f4c33daeec9
[  197.088854][ T6514] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  197.088866][ T6514] RBP: 00007f4c32016090 R08: 0000000000000000 R09: 0000000000000000
[  197.088878][ T6514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.088889][ T6514] R13: 00007f4c34006038 R14: 00007f4c34005fa0 R15: 00007ffeef269a58
[  197.088921][ T6514]  </TASK>
[  197.616081][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  197.639843][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  197.643635][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  197.659824][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  197.662348][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  199.093200][ T6527] netlink: 'syz.3.141': attribute type 64 has an invalid length.
[  199.093225][ T6527] netlink: 32 bytes leftover after parsing attributes in process `syz.3.141'.
[  200.283829][ T6532] capability: warning: `syz.3.141' uses 32-bit capabilities (legacy support in use)
[  200.445351][ T5155] Bluetooth: hci1: command tx timeout
[  201.190168][ T5997] libceph: connect (1)[c::]:6789 error -101
[  201.190427][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  201.191344][ T5997] libceph: connect (1)[c::]:6789 error -101
[  201.191569][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  201.191661][ T6537] ceph: No mds server is up or the cluster is laggy
[  201.444990][ T5997] libceph: connect (1)[c::]:6789 error -101
[  201.445139][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  202.514831][ T5155] Bluetooth: hci1: command tx timeout
[  202.641421][ T6545] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  203.114454][ T6556] netlink: 24 bytes leftover after parsing attributes in process `syz.3.146'.
[  203.251589][ T6559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'.
[  203.557319][ T3591] hsr_slave_0: left promiscuous mode
[  203.611065][ T3591] hsr_slave_1: left promiscuous mode
[  203.612395][ T3591] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.612463][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.712532][ T3591] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.712559][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.934045][ T3591] veth1_macvtap: left promiscuous mode
[  203.935420][ T3591] veth0_macvtap: left promiscuous mode
[  203.950642][ T3591] veth1_vlan: left promiscuous mode
[  203.950957][ T3591] veth0_vlan: left promiscuous mode
[  204.598102][ T5155] Bluetooth: hci1: command tx timeout
[  206.675032][ T5155] Bluetooth: hci1: command tx timeout
[  207.184724][ T5914] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  207.337801][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  207.337838][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.337877][ T5914] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  207.337901][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.350382][ T5914] usb 3-1: config 0 descriptor??
[  207.387722][ T5914] hub 3-1:0.0: USB hub found
[  207.568948][ T5914] hub 3-1:0.0: 2 ports detected
[  208.040099][ T5155] Bluetooth: hci3: unexpected cc 0x0809 length: 31 > 4
[  208.954371][ T5914] usb 3-1: USB disconnect, device number 8
[  210.135813][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  210.650340][ T3591] team0 (unregistering): Port device team_slave_0 removed
[  210.992603][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  211.021064][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  211.030139][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  211.088699][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  211.089523][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  213.174874][ T5155] Bluetooth: hci6: command tx timeout
[  215.234715][ T5155] Bluetooth: hci6: command tx timeout
[  216.873452][ T6604] sit0: entered promiscuous mode
[  216.880121][ T6604] netlink: 'syz.0.156': attribute type 1 has an invalid length.
[  216.880138][ T6604] netlink: 1 bytes leftover after parsing attributes in process `syz.0.156'.
[  217.282859][ T6603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.155'.
[  217.424650][ T5155] Bluetooth: hci6: command tx timeout
[  219.525465][ T5155] Bluetooth: hci6: command tx timeout
[  221.513403][ T6598] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  222.194055][ T6626] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  222.542321][ T6632] overlay: Unknown parameter 'mask'
[  223.234770][ T5851] Bluetooth: hci3: command 0x0406 tx timeout
[  223.234990][ T5851] Bluetooth: hci2: command 0x0406 tx timeout
[  223.235014][ T5851] Bluetooth: hci4: command 0x0406 tx timeout
[  223.978713][ T6518] chnl_net:caif_netlink_parms(): no params data found
[  226.303100][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'.
[  230.655798][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.172'.
[  231.385814][ T6518] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.385998][ T6518] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.386253][ T6518] bridge_slave_0: entered allmulticast mode
[  231.434876][ T6518] bridge_slave_0: entered promiscuous mode
[  231.665174][ T6594] chnl_net:caif_netlink_parms(): no params data found
[  231.764166][ T6518] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.774307][ T6518] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.791894][ T6518] bridge_slave_1: entered allmulticast mode
[  231.808817][ T6518] bridge_slave_1: entered promiscuous mode
[  242.146776][ T6518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.456198][ T6518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.690685][ T6732] binder: 6729:6732 ioctl 40046205 0 returned -22
[  246.441952][ T5155] Bluetooth: hci6: command 0x0405 tx timeout
[  246.835362][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.186'.
[  250.642974][ T6518] team0: Port device team_slave_0 added
[  251.055659][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.055934][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  251.056573][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.056813][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  251.315071][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.315258][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  251.351955][ T6518] team0: Port device team_slave_1 added
[  251.455180][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.505271][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  251.845629][ T6775] ceph: No mds server is up or the cluster is laggy
[  251.851678][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.851941][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  251.852429][ T5914] libceph: connect (1)[c::]:6789 error -101
[  251.852648][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  252.371222][ T5997] libceph: connect (1)[c::]:6789 error -101
[  252.371477][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  252.617100][ T6594] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.617267][ T6594] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.617701][ T6594] bridge_slave_0: entered allmulticast mode
[  252.675235][ T6594] bridge_slave_0: entered promiscuous mode
[  252.916927][ T6777] ceph: No mds server is up or the cluster is laggy
[  253.032404][ T6594] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.032573][ T6594] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.032841][ T6594] bridge_slave_1: entered allmulticast mode
[  253.059489][ T6594] bridge_slave_1: entered promiscuous mode
[  253.064045][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.064061][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.064088][ T6518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.471445][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.471463][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.471492][ T6518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.640482][   T37] kauditd_printk_skb: 87 callbacks suppressed
[  253.640502][   T37] audit: type=1326 audit(1758745113.282:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.2.193" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f204073eec9 code=0x0
[  253.931469][ T6594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.954921][ T5931] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  254.174107][ T6594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  254.192209][ T5931] usb 1-1: Using ep0 maxpacket: 8
[  254.212759][ T5931] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  254.212797][ T5931] usb 1-1: config 179 has no interface number 0
[  254.212854][ T5931] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  254.212881][ T5931] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  254.212909][ T5931] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  254.212935][ T5931] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  254.212961][ T5931] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  254.213006][ T5931] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  254.213027][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.235754][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.196'.
[  254.340802][ T6787] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  254.560236][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.196'.
[  254.772530][ T6013] usb 1-1: USB disconnect, device number 3
[  254.773001][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  254.773344][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  256.151764][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  256.151849][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  257.070184][ T6808] binder: 6806:6808 ioctl 40046205 0 returned -22
[  257.656341][ T6518] hsr_slave_0: entered promiscuous mode
[  257.662377][ T6518] hsr_slave_1: entered promiscuous mode
[  257.695090][ T6518] debugfs: 'hsr0' already exists in 'hsr'
[  257.695124][ T6518] Cannot create hsr debugfs directory
[  257.935689][ T6594] team0: Port device team_slave_0 added
[  258.174625][ T6594] team0: Port device team_slave_1 added
[  258.386369][ T5155] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  258.415749][ T5155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  258.418555][ T5155] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  258.443527][ T5155] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  258.447931][ T5155] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  259.148031][ T3591] bridge_slave_1: left allmulticast mode
[  259.148068][ T3591] bridge_slave_1: left promiscuous mode
[  259.149056][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.917100][ T5155] Bluetooth: hci5: command tx timeout
[  261.023736][ T3591] bridge_slave_0: left allmulticast mode
[  261.023773][ T3591] bridge_slave_0: left promiscuous mode
[  261.024086][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.269560][   T37] audit: type=1326 audit(1758745120.852:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6828 comm="syz.2.202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f204073eec9 code=0x0
[  261.408519][ T5931] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  261.590807][ T5931] usb 1-1: Using ep0 maxpacket: 32
[  261.594104][ T5931] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  261.594138][ T5931] usb 1-1: config 0 has no interface number 0
[  261.599815][ T5931] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  261.599842][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.599858][ T5931] usb 1-1: Product: syz
[  261.599870][ T5931] usb 1-1: Manufacturer: syz
[  261.599883][ T5931] usb 1-1: SerialNumber: syz
[  262.071357][ T6838] binder: 6836:6838 ioctl 40046205 0 returned -22
[  262.425098][ T5931] usb 1-1: config 0 descriptor??
[  262.543798][ T5931] usb 1-1: can't set config #0, error -71
[  262.558635][ T5931] usb 1-1: USB disconnect, device number 4
[  263.096203][ T5852] Bluetooth: hci5: command tx timeout
[  264.454832][   T49] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  264.604714][   T49] usb 1-1: Using ep0 maxpacket: 32
[  264.611400][   T49] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  264.611432][   T49] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.611452][   T49] usb 1-1: Product: syz
[  264.611466][   T49] usb 1-1: Manufacturer: syz
[  264.611480][   T49] usb 1-1: SerialNumber: syz
[  264.662345][   T49] usb 1-1: config 0 descriptor??
[  265.043770][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.154910][ T5852] Bluetooth: hci5: command tx timeout
[  265.312494][   T49] airspy 1-1:0.0: Board ID: 00
[  265.312510][   T49] airspy 1-1:0.0: Firmware version: ��V�%z˃(̪
���������
ZtB�/�|.��&
���+��!��Ue���2�z��)�.~�0�%p��<��B�Kw�[d���{Pnh
[  265.702401][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.851001][ T3591] bond0 (unregistering): Released all slaves
[  266.016842][ T6594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.016862][ T6594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.016888][ T6594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.583079][ T6861] FAULT_INJECTION: forcing a failure.
[  266.583079][ T6861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.583175][ T6861] CPU: 0 UID: 0 PID: 6861 Comm: syz.3.210 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  266.583199][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  266.583210][ T6861] Call Trace:
[  266.583217][ T6861]  <TASK>
[  266.583226][ T6861]  dump_stack_lvl+0x189/0x250
[  266.583269][ T6861]  ? __pfx____ratelimit+0x10/0x10
[  266.583300][ T6861]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.583329][ T6861]  ? __pfx__printk+0x10/0x10
[  266.583352][ T6861]  ? __might_fault+0xb0/0x130
[  266.583394][ T6861]  should_fail_ex+0x46c/0x600
[  266.583435][ T6861]  _copy_from_user+0x2d/0xb0
[  266.583461][ T6861]  memdup_user_nul+0x66/0x110
[  266.583488][ T6861]  nvmf_dev_write+0x109/0x2990
[  266.583516][ T6861]  ? is_bpf_text_address+0x26/0x2b0
[  266.583558][ T6861]  ? __lock_acquire+0xab9/0xd20
[  266.583612][ T6861]  ? __might_fault+0xb0/0x130
[  266.583715][ T6861]  ? _parse_integer_limit+0x1ae/0x1f0
[  266.583746][ T6861]  ? __pfx_nvmf_dev_write+0x10/0x10
[  266.583779][ T6861]  ? __lock_acquire+0xab9/0xd20
[  266.583816][ T6861]  ? get_pid_task+0x20/0x1f0
[  266.583849][ T6861]  ? __lock_acquire+0xab9/0xd20
[  266.583880][ T6861]  ? do_raw_spin_lock+0x121/0x290
[  266.583910][ T6861]  ? rw_verify_area+0x25b/0x4e0
[  266.583931][ T6861]  ? __lock_acquire+0xab9/0xd20
[  266.583953][ T6861]  ? __pfx_nvmf_dev_write+0x10/0x10
[  266.583982][ T6861]  vfs_write+0x287/0xb40
[  266.584025][ T6861]  ? __pfx_vfs_write+0x10/0x10
[  266.584051][ T6861]  ? __fget_files+0x2a/0x420
[  266.584083][ T6861]  ? __fget_files+0x2a/0x420
[  266.584105][ T6861]  ? __fget_files+0x3a6/0x420
[  266.584128][ T6861]  ? __fget_files+0x2a/0x420
[  266.584165][ T6861]  ksys_write+0x14b/0x260
[  266.584193][ T6861]  ? __pfx_ksys_write+0x10/0x10
[  266.584215][ T6861]  ? rcu_is_watching+0x15/0xb0
[  266.584249][ T6861]  ? do_syscall_64+0xbe/0x3b0
[  266.584274][ T6861]  do_syscall_64+0xfa/0x3b0
[  266.584292][ T6861]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.584321][ T6861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.584340][ T6861]  ? clear_bhb_loop+0x60/0xb0
[  266.584363][ T6861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.584382][ T6861] RIP: 0033:0x7f4c33daeec9
[  266.584402][ T6861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.584417][ T6861] RSP: 002b:00007f4c32016038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  266.584439][ T6861] RAX: ffffffffffffffda RBX: 00007f4c34005fa0 RCX: 00007f4c33daeec9
[  266.584454][ T6861] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000000000000003
[  266.584471][ T6861] RBP: 00007f4c32016090 R08: 0000000000000000 R09: 0000000000000000
[  266.584483][ T6861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.584494][ T6861] R13: 00007f4c34006038 R14: 00007f4c34005fa0 R15: 00007ffeef269a58
[  266.584525][ T6861]  </TASK>
[  266.924332][   T49] airspy 1-1:0.0: Registered as swradio24
[  266.924349][   T49] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  267.183275][ T6594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  267.183294][ T6594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  267.183322][ T6594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  267.234731][ T5852] Bluetooth: hci5: command tx timeout
[  267.966699][ T3591] hsr_slave_0: left promiscuous mode
[  268.020391][ T6872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'.
[  268.826275][ T3591] hsr_slave_1: left promiscuous mode
[  268.855729][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_0
[  268.937576][   T49] usb 1-1: USB disconnect, device number 5
[  268.945619][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_1
[  271.706671][ T6893] FAULT_INJECTION: forcing a failure.
[  271.706671][ T6893] name failslab, interval 1, probability 0, space 0, times 0
[  271.706763][ T6893] CPU: 1 UID: 0 PID: 6893 Comm: syz.3.220 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  271.706787][ T6893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  271.706798][ T6893] Call Trace:
[  271.706807][ T6893]  <TASK>
[  271.706816][ T6893]  dump_stack_lvl+0x189/0x250
[  271.706852][ T6893]  ? __pfx____ratelimit+0x10/0x10
[  271.706885][ T6893]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.706914][ T6893]  ? __pfx__printk+0x10/0x10
[  271.706942][ T6893]  ? __pfx___might_resched+0x10/0x10
[  271.706962][ T6893]  ? fs_reclaim_acquire+0x7d/0x100
[  271.706986][ T6893]  should_fail_ex+0x46c/0x600
[  271.707022][ T6893]  should_failslab+0xa8/0x100
[  271.707052][ T6893]  __kvmalloc_node_noprof+0x15a/0x550
[  271.707080][ T6893]  ? vmemdup_user+0x26/0xd0
[  271.707109][ T6893]  vmemdup_user+0x26/0xd0
[  271.707128][ T6893]  map_lookup_elem+0x23d/0x630
[  271.707148][ T6893]  ? bpf_lsm_bpf+0x9/0x20
[  271.707170][ T6893]  __sys_bpf+0x470/0x870
[  271.707190][ T6893]  ? __pfx___sys_bpf+0x10/0x10
[  271.707227][ T6893]  ? rcu_is_watching+0x15/0xb0
[  271.707254][ T6893]  __x64_sys_bpf+0x7c/0x90
[  271.707272][ T6893]  do_syscall_64+0xfa/0x3b0
[  271.707285][ T6893]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.707306][ T6893]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.707320][ T6893]  ? clear_bhb_loop+0x60/0xb0
[  271.707338][ T6893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.707352][ T6893] RIP: 0033:0x7f4c33daeec9
[  271.707366][ T6893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.707378][ T6893] RSP: 002b:00007f4c32016038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  271.707396][ T6893] RAX: ffffffffffffffda RBX: 00007f4c34005fa0 RCX: 00007f4c33daeec9
[  271.707407][ T6893] RDX: 0000000000000020 RSI: 00002000000001c0 RDI: 0000000000000001
[  271.707416][ T6893] RBP: 00007f4c32016090 R08: 0000000000000000 R09: 0000000000000000
[  271.707425][ T6893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.707434][ T6893] R13: 00007f4c34006038 R14: 00007f4c34005fa0 R15: 00007ffeef269a58
[  271.707480][ T6893]  </TASK>
[  273.125016][ T6013] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  273.277916][ T6013] usb 3-1: config index 0 descriptor too short (expected 12580, got 36)
[  273.277937][ T6013] usb 3-1: config 52 has too many interfaces: 56, using maximum allowed: 32
[  273.277948][ T6013] usb 3-1: config 52 has an invalid descriptor of length 52, skipping remainder of the config
[  273.277958][ T6013] usb 3-1: config 52 has 0 interfaces, different from the descriptor's value: 56
[  273.342422][ T6013] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  273.342443][ T6013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.342454][ T6013] usb 3-1: Product: syz
[  273.342462][ T6013] usb 3-1: Manufacturer: syz
[  273.342473][ T6013] usb 3-1: SerialNumber: syz
[  273.610727][ T6900] FAULT_INJECTION: forcing a failure.
[  273.610727][ T6900] name failslab, interval 1, probability 0, space 0, times 0
[  273.610758][ T6900] CPU: 0 UID: 0 PID: 6900 Comm: syz.2.222 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  273.610772][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  273.610778][ T6900] Call Trace:
[  273.610783][ T6900]  <TASK>
[  273.610792][ T6900]  dump_stack_lvl+0x189/0x250
[  273.610813][ T6900]  ? __pfx____ratelimit+0x10/0x10
[  273.610831][ T6900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.610847][ T6900]  ? __pfx__printk+0x10/0x10
[  273.610863][ T6900]  ? __pfx___might_resched+0x10/0x10
[  273.610876][ T6900]  ? fs_reclaim_acquire+0x7d/0x100
[  273.610889][ T6900]  should_fail_ex+0x46c/0x600
[  273.610909][ T6900]  should_failslab+0xa8/0x100
[  273.610925][ T6900]  __kmalloc_cache_noprof+0x6e/0x320
[  273.610940][ T6900]  ? rtnl_newlink+0xed/0x1c70
[  273.610961][ T6900]  rtnl_newlink+0xed/0x1c70
[  273.610977][ T6900]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  273.610997][ T6900]  ? __lock_acquire+0xab9/0xd20
[  273.611014][ T6900]  ? __pfx_rtnl_newlink+0x10/0x10
[  273.611027][ T6900]  ? migrate_enable+0x29c/0x3c0
[  273.611041][ T6900]  ? reacquire_held_locks+0x127/0x1d0
[  273.611058][ T6900]  ? __pfx_migrate_enable+0x10/0x10
[  273.611071][ T6900]  ? __pfx_migrate_enable+0x10/0x10
[  273.611093][ T6900]  ? __local_bh_enable+0x23f/0x3d0
[  273.611105][ T6900]  ? reacquire_held_locks+0x127/0x1d0
[  273.611122][ T6900]  ? __pfx___local_bh_enable+0x10/0x10
[  273.611141][ T6900]  ? __local_bh_enable_ip+0x1b2/0x270
[  273.611154][ T6900]  ? lockdep_hardirqs_on+0x9c/0x150
[  273.611172][ T6900]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  273.611185][ T6900]  ? dev_hard_start_xmit+0x7f5/0x870
[  273.611197][ T6900]  ? __dev_queue_xmit+0x26f/0x3b70
[  273.611213][ T6900]  ? __dev_queue_xmit+0x26f/0x3b70
[  273.611224][ T6900]  ? __dev_queue_xmit+0x26f/0x3b70
[  273.611237][ T6900]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  273.611252][ T6900]  ? __lock_acquire+0xab9/0xd20
[  273.611281][ T6900]  ? __pfx_rtnl_newlink+0x10/0x10
[  273.611304][ T6900]  rtnetlink_rcv_msg+0x7cf/0xb70
[  273.611322][ T6900]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  273.611336][ T6900]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  273.611349][ T6900]  ? ref_tracker_free+0x61e/0x7c0
[  273.611366][ T6900]  ? __asan_memcpy+0x40/0x70
[  273.611377][ T6900]  ? __pfx_ref_tracker_free+0x10/0x10
[  273.611392][ T6900]  ? __skb_clone+0x63/0x7a0
[  273.611409][ T6900]  netlink_rcv_skb+0x205/0x470
[  273.611426][ T6900]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  273.611442][ T6900]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  273.611464][ T6900]  ? netlink_deliver_tap+0x2e/0x1b0
[  273.611484][ T6900]  netlink_unicast+0x843/0xa10
[  273.611506][ T6900]  ? __pfx_netlink_unicast+0x10/0x10
[  273.611521][ T6900]  ? netlink_sendmsg+0x642/0xb30
[  273.611534][ T6900]  ? skb_put+0x11b/0x210
[  273.611553][ T6900]  netlink_sendmsg+0x805/0xb30
[  273.611574][ T6900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.611594][ T6900]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  273.611605][ T6900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.611621][ T6900]  __sock_sendmsg+0x21c/0x270
[  273.611637][ T6900]  ____sys_sendmsg+0x508/0x820
[  273.611652][ T6900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.611669][ T6900]  ? import_iovec+0x74/0xa0
[  273.611686][ T6900]  ___sys_sendmsg+0x21f/0x2a0
[  273.611698][ T6900]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.611732][ T6900]  ? __fget_files+0x2a/0x420
[  273.611752][ T6900]  ? __fget_files+0x3a6/0x420
[  273.611774][ T6900]  __x64_sys_sendmsg+0x1a1/0x260
[  273.611787][ T6900]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  273.611804][ T6900]  ? __pfx_ksys_write+0x10/0x10
[  273.611817][ T6900]  ? rcu_is_watching+0x15/0xb0
[  273.611837][ T6900]  ? do_syscall_64+0xbe/0x3b0
[  273.611850][ T6900]  do_syscall_64+0xfa/0x3b0
[  273.611861][ T6900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.611871][ T6900]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  273.611882][ T6900]  ? clear_bhb_loop+0x60/0xb0
[  273.611895][ T6900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.611905][ T6900] RIP: 0033:0x7f204073eec9
[  273.611917][ T6900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.611926][ T6900] RSP: 002b:00007f203e99e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  273.611940][ T6900] RAX: ffffffffffffffda RBX: 00007f2040995fa0 RCX: 00007f204073eec9
[  273.611948][ T6900] RDX: 0000000000004054 RSI: 00002000000002c0 RDI: 0000000000000004
[  273.611955][ T6900] RBP: 00007f203e99e090 R08: 0000000000000000 R09: 0000000000000000
[  273.611962][ T6900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.611969][ T6900] R13: 00007f2040996038 R14: 00007f2040995fa0 R15: 00007ffe2f3006b8
[  273.611987][ T6900]  </TASK>
[  274.048094][ T6013] usb 3-1: USB disconnect, device number 9
[  274.294680][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  274.523515][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  274.544027][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  274.553467][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  274.563211][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  274.563843][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  274.765622][ T3591] team0 (unregistering): Port device team_slave_0 removed
[  276.674909][ T5155] Bluetooth: hci1: command tx timeout
[  279.313092][ T5155] Bluetooth: hci1: command tx timeout
[  281.292904][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.314643][ T5155] Bluetooth: hci1: command tx timeout
[  281.412097][ T6936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.232'.
[  282.035845][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.660495][ T6013] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  282.900431][    C1] vkms_vblank_simulate: vblank timer overrun
[  283.184287][    C1] vkms_vblank_simulate: vblank timer overrun
[  283.394636][ T5155] Bluetooth: hci1: command tx timeout
[  287.750573][ T6013] usb 4-1: unable to read config index 0 descriptor/start: -71
[  287.750618][ T6013] usb 4-1: can't read configurations, error -71
[  291.793828][ T6992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.241'.
[  293.988181][ T6816] chnl_net:caif_netlink_parms(): no params data found
[  294.136041][    T9] libceph: connect (1)[c::]:6789 error -101
[  294.136423][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  294.341511][ T7002] ceph: No mds server is up or the cluster is laggy
[  294.395435][ T6013] libceph: connect (1)[c::]:6789 error -101
[  294.399433][ T6013] libceph: mon0 (1)[c::]:6789 connect error
[  295.927056][ T6013] libceph: connect (1)[c::]:6789 error -101
[  295.927312][ T6013] libceph: mon0 (1)[c::]:6789 connect error
[  296.428127][ T3591] bridge_slave_1: left allmulticast mode
[  296.428167][ T3591] bridge_slave_1: left promiscuous mode
[  296.428525][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.576190][ T3591] bridge_slave_0: left allmulticast mode
[  296.576234][ T3591] bridge_slave_0: left promiscuous mode
[  296.576539][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.915384][ T3591] bridge_slave_1: left allmulticast mode
[  296.915409][ T3591] bridge_slave_1: left promiscuous mode
[  296.915605][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.037673][ T3591] bridge_slave_0: left allmulticast mode
[  297.037711][ T3591] bridge_slave_0: left promiscuous mode
[  297.059759][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.235330][ T7020] sctp: [Deprecated]: syz.2.248 (pid 7020) Use of int in max_burst socket option.
[  297.235330][ T7020] Use struct sctp_assoc_value instead
[  297.241879][ T7020] FAULT_INJECTION: forcing a failure.
[  297.241879][ T7020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.241902][ T7020] CPU: 1 UID: 0 PID: 7020 Comm: syz.2.248 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  297.241915][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  297.241922][ T7020] Call Trace:
[  297.241927][ T7020]  <TASK>
[  297.241932][ T7020]  dump_stack_lvl+0x189/0x250
[  297.241953][ T7020]  ? __pfx____ratelimit+0x10/0x10
[  297.241970][ T7020]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.241986][ T7020]  ? __pfx__printk+0x10/0x10
[  297.241998][ T7020]  ? __might_fault+0xb0/0x130
[  297.242022][ T7020]  should_fail_ex+0x46c/0x600
[  297.242042][ T7020]  _copy_from_user+0x2d/0xb0
[  297.242056][ T7020]  kstrtouint_from_user+0xc4/0x170
[  297.242070][ T7020]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  297.242092][ T7020]  proc_fail_nth_write+0x88/0x200
[  297.242104][ T7020]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  297.242119][ T7020]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  297.242132][ T7020]  vfs_write+0x287/0xb40
[  297.242152][ T7020]  ? __pfx_vfs_write+0x10/0x10
[  297.242163][ T7020]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  297.242183][ T7020]  ? mutex_lock_nested+0x154/0x1d0
[  297.242195][ T7020]  ? fdget_pos+0x253/0x320
[  297.242220][ T7020]  ksys_write+0x14b/0x260
[  297.242238][ T7020]  ? __fget_files+0x3a6/0x420
[  297.242254][ T7020]  ? __pfx_ksys_write+0x10/0x10
[  297.242271][ T7020]  ? do_syscall_64+0xbe/0x3b0
[  297.242285][ T7020]  do_syscall_64+0xfa/0x3b0
[  297.242294][ T7020]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.242310][ T7020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.242321][ T7020]  ? clear_bhb_loop+0x60/0xb0
[  297.242334][ T7020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.242344][ T7020] RIP: 0033:0x7f204073d97f
[  297.242355][ T7020] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  297.242364][ T7020] RSP: 002b:00007f203e99e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  297.242385][ T7020] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f204073d97f
[  297.242393][ T7020] RDX: 0000000000000001 RSI: 00007f203e99e0a0 RDI: 0000000000000008
[  297.242400][ T7020] RBP: 00007f203e99e090 R08: 0000000000000000 R09: 0000000000000000
[  297.242407][ T7020] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  297.242413][ T7020] R13: 00007f2040996038 R14: 00007f2040995fa0 R15: 00007ffe2f3006b8
[  297.242432][ T7020]  </TASK>
[  298.632683][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  298.846599][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.035075][ T3591] bond0 (unregistering): Released all slaves
[  299.505413][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.565594][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.937534][ T3591] bond0 (unregistering): Released all slaves
[  301.231230][ T6906] chnl_net:caif_netlink_parms(): no params data found
[  302.453156][   T37] audit: type=1326 audit(1758745162.082:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7044 comm="syz.2.255" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f204073eec9 code=0x0
[  302.589245][ T7052] FAULT_INJECTION: forcing a failure.
[  302.589245][ T7052] name failslab, interval 1, probability 0, space 0, times 0
[  302.589282][ T7052] CPU: 1 UID: 0 PID: 7052 Comm: syz.2.255 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  302.589304][ T7052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  302.589315][ T7052] Call Trace:
[  302.589323][ T7052]  <TASK>
[  302.589330][ T7052]  dump_stack_lvl+0x189/0x250
[  302.589363][ T7052]  ? __pfx____ratelimit+0x10/0x10
[  302.589390][ T7052]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.589416][ T7052]  ? __pfx__printk+0x10/0x10
[  302.589438][ T7052]  ? __lock_acquire+0xab9/0xd20
[  302.589473][ T7052]  should_fail_ex+0x46c/0x600
[  302.589503][ T7052]  ? skb_clone+0x212/0x3a0
[  302.589521][ T7052]  should_failslab+0xa8/0x100
[  302.589549][ T7052]  ? skb_clone+0x212/0x3a0
[  302.589566][ T7052]  kmem_cache_alloc_noprof+0x6e/0x310
[  302.589600][ T7052]  skb_clone+0x212/0x3a0
[  302.589623][ T7052]  __netlink_deliver_tap+0x404/0x850
[  302.589665][ T7052]  ? netlink_deliver_tap+0x2e/0x1b0
[  302.589694][ T7052]  netlink_deliver_tap+0x19c/0x1b0
[  302.589721][ T7052]  netlink_unicast+0x811/0xa10
[  302.589756][ T7052]  ? __pfx_netlink_unicast+0x10/0x10
[  302.589782][ T7052]  ? netlink_sendmsg+0x642/0xb30
[  302.589805][ T7052]  ? skb_put+0x11b/0x210
[  302.589839][ T7052]  netlink_sendmsg+0x805/0xb30
[  302.589877][ T7052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.589914][ T7052]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  302.589933][ T7052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.589959][ T7052]  __sock_sendmsg+0x21c/0x270
[  302.589989][ T7052]  ____sys_sendmsg+0x508/0x820
[  302.590015][ T7052]  ? __pfx_____sys_sendmsg+0x10/0x10
[  302.590047][ T7052]  ? import_iovec+0x74/0xa0
[  302.590073][ T7052]  ___sys_sendmsg+0x21f/0x2a0
[  302.590094][ T7052]  ? __pfx____sys_sendmsg+0x10/0x10
[  302.590155][ T7052]  ? __fget_files+0x2a/0x420
[  302.590193][ T7052]  ? __fget_files+0x3a6/0x420
[  302.590231][ T7052]  __x64_sys_sendmsg+0x1a1/0x260
[  302.590254][ T7052]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  302.590285][ T7052]  ? __pfx_ksys_write+0x10/0x10
[  302.590305][ T7052]  ? rcu_is_watching+0x15/0xb0
[  302.590341][ T7052]  ? do_syscall_64+0xbe/0x3b0
[  302.590364][ T7052]  do_syscall_64+0xfa/0x3b0
[  302.590380][ T7052]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.590408][ T7052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.590427][ T7052]  ? clear_bhb_loop+0x60/0xb0
[  302.590451][ T7052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.590469][ T7052] RIP: 0033:0x7f204073eec9
[  302.590486][ T7052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.590502][ T7052] RSP: 002b:00007f203e97d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.590524][ T7052] RAX: ffffffffffffffda RBX: 00007f2040996090 RCX: 00007f204073eec9
[  302.590538][ T7052] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000010
[  302.590550][ T7052] RBP: 00007f203e97d090 R08: 0000000000000000 R09: 0000000000000000
[  302.590562][ T7052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.590574][ T7052] R13: 00007f2040996128 R14: 00007f2040996090 R15: 00007ffe2f3006b8
[  302.590604][ T7052]  </TASK>
[  303.682882][ T7054] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  305.380200][ T6816] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.380381][ T6816] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.380644][ T6816] bridge_slave_0: entered allmulticast mode
[  305.383918][ T6816] bridge_slave_0: entered promiscuous mode
[  305.567718][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.765876][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_1
[  307.054730][ T3591] hsr_slave_0: left promiscuous mode
[  307.661701][ T3591] hsr_slave_1: left promiscuous mode
[  307.662384][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_0
[  307.685717][ T3591] batman_adv: batadv0: Removing interface: batadv_slave_1
[  307.995631][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  308.132121][ T3591] team0 (unregistering): Port device team_slave_0 removed
[  308.905758][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  309.115289][ T3591] team0 (unregistering): Port device team_slave_0 removed
[  309.884626][ T5822] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  310.040678][ T6816] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.040865][ T6816] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.041122][ T6816] bridge_slave_1: entered allmulticast mode
[  310.145098][ T6816] bridge_slave_1: entered promiscuous mode
[  310.234890][ T5822] usb 1-1: Using ep0 maxpacket: 32
[  310.246415][ T5822] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  310.246447][ T5822] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.246467][ T5822] usb 1-1: Product: syz
[  310.246479][ T5822] usb 1-1: Manufacturer: syz
[  310.246491][ T5822] usb 1-1: SerialNumber: syz
[  310.427421][ T5822] usb 1-1: config 0 descriptor??
[  312.691129][ T6906] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.691513][ T6906] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.705727][ T6906] bridge_slave_0: entered allmulticast mode
[  312.800344][ T6906] bridge_slave_0: entered promiscuous mode
[  312.844774][ T5822] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  312.987473][ T6816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  313.244757][ T6906] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.244940][ T6906] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.245202][ T6906] bridge_slave_1: entered allmulticast mode
[  313.255278][ T6906] bridge_slave_1: entered promiscuous mode
[  313.287894][ T6816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  313.428717][ T5822] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71
[  313.562176][ T5822] usb 1-1: USB disconnect, device number 6
[  315.611547][ T6906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.641152][ T6816] team0: Port device team_slave_0 added
[  315.794212][ T6906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.866736][ T6816] team0: Port device team_slave_1 added
[  317.546687][   T49] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  317.575621][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  317.575709][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  317.804738][   T49] usb 4-1: config 0 has an invalid interface number: 102 but max is 0
[  317.804769][   T49] usb 4-1: config 0 has no interface number 0
[  317.804828][   T49] usb 4-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5
[  317.804849][   T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.907570][   T49] usb 4-1: config 0 descriptor??
[  319.409150][ T6906] team0: Port device team_slave_0 added
[  319.412988][ T6906] team0: Port device team_slave_1 added
[  321.404084][ T6906] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.404103][ T6906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.404148][ T6906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.671296][ T6906] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.671313][ T6906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.671337][ T6906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.769653][ T5852] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  321.780445][ T5852] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  321.791739][ T5852] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  321.801353][ T5852] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  321.810700][ T5852] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  323.156227][   T49] asix 4-1:0.102 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  323.156629][   T49] asix 4-1:0.102: probe with driver asix failed with error -110
[  323.906699][   T31] usb 4-1: USB disconnect, device number 5
[  324.037443][ T5155] Bluetooth: hci6: command tx timeout
[  326.217150][ T5155] Bluetooth: hci6: command tx timeout
[  328.274807][ T5155] Bluetooth: hci6: command tx timeout
[  328.368329][ T6906] hsr_slave_0: entered promiscuous mode
[  328.395314][ T6906] hsr_slave_1: entered promiscuous mode
[  328.402708][ T6906] debugfs: 'hsr0' already exists in 'hsr'
[  328.402741][ T6906] Cannot create hsr debugfs directory
[  330.355461][ T5155] Bluetooth: hci6: command tx timeout
[  331.810150][ T7225] FAULT_INJECTION: forcing a failure.
[  331.810150][ T7225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.810220][ T7225] CPU: 0 UID: 0 PID: 7225 Comm: syz.3.290 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  331.810245][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  331.810256][ T7225] Call Trace:
[  331.810265][ T7225]  <TASK>
[  331.810273][ T7225]  dump_stack_lvl+0x189/0x250
[  331.810309][ T7225]  ? __pfx____ratelimit+0x10/0x10
[  331.810341][ T7225]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.810370][ T7225]  ? __pfx__printk+0x10/0x10
[  331.810411][ T7225]  should_fail_ex+0x46c/0x600
[  331.810449][ T7225]  _copy_to_user+0x31/0xb0
[  331.810479][ T7225]  simple_read_from_buffer+0xe1/0x170
[  331.810514][ T7225]  proc_fail_nth_read+0x1b6/0x220
[  331.810540][ T7225]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.810566][ T7225]  ? rw_verify_area+0x2ac/0x4e0
[  331.810590][ T7225]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.810614][ T7225]  vfs_read+0x206/0xa30
[  331.810650][ T7225]  ? __pfx_vfs_read+0x10/0x10
[  331.810672][ T7225]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  331.810709][ T7225]  ? mutex_lock_nested+0x154/0x1d0
[  331.810733][ T7225]  ? fdget_pos+0x253/0x320
[  331.810773][ T7225]  ksys_read+0x14b/0x260
[  331.810797][ T7225]  ? security_file_ioctl+0x107/0x2d0
[  331.810825][ T7225]  ? __pfx_ksys_read+0x10/0x10
[  331.810857][ T7225]  ? do_syscall_64+0xbe/0x3b0
[  331.810881][ T7225]  do_syscall_64+0xfa/0x3b0
[  331.810899][ T7225]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.810929][ T7225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.810949][ T7225]  ? clear_bhb_loop+0x60/0xb0
[  331.810975][ T7225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.810994][ T7225] RIP: 0033:0x7f4c33dad8dc
[  331.811013][ T7225] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  331.811029][ T7225] RSP: 002b:00007f4c32016030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  331.811052][ T7225] RAX: ffffffffffffffda RBX: 00007f4c34005fa0 RCX: 00007f4c33dad8dc
[  331.811067][ T7225] RDX: 000000000000000f RSI: 00007f4c320160a0 RDI: 0000000000000004
[  331.811079][ T7225] RBP: 00007f4c32016090 R08: 0000000000000000 R09: 0000000000000000
[  331.811092][ T7225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.811103][ T7225] R13: 00007f4c34006038 R14: 00007f4c34005fa0 R15: 00007ffeef269a58
[  331.811147][ T7225]  </TASK>
[  333.057038][ T7229] tls_set_device_offload: netdev not found
[  336.709073][ T3591] bridge_slave_1: left allmulticast mode
[  336.709099][ T3591] bridge_slave_1: left promiscuous mode
[  336.709262][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.772176][ T7250] loop2: detected capacity change from 0 to 7
[  336.887606][ T7250] Dev loop2: unable to read RDB block 7
[  336.887663][ T7250]  loop2: unable to read partition table
[  336.887927][ T7250] loop2: partition table beyond EOD, truncated
[  336.889867][ T7250] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  337.007909][ T3591] bridge_slave_0: left allmulticast mode
[  337.007943][ T3591] bridge_slave_0: left promiscuous mode
[  337.008276][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.407061][ T5852] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  337.424923][ T5852] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  337.426610][ T7260] process 'syz.3.301' launched './file0' with NULL argv: empty string added
[  337.444119][ T5852] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  337.454927][ T5852] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  337.458132][ T5852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  338.386883][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.646653][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.834896][ T3591] bond0 (unregistering): Released all slaves
[  339.638551][ T5155] Bluetooth: hci5: command tx timeout
[  340.336291][ T3591] team0 (unregistering): Port device team_slave_1 removed
[  341.715045][ T5155] Bluetooth: hci5: command tx timeout
[  344.467531][   T38] INFO: task syz.1.119:6421 blocked for more than 148 seconds.
[  344.467557][   T38]       Not tainted syzkaller #0
[  344.467567][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  344.467576][   T38] task:syz.1.119       state:D stack:28328 pid:6421  tgid:6415  ppid:5847   task_flags:0x400040 flags:0x00004004
[  344.467640][   T38] Call Trace:
[  344.467648][   T38]  <TASK>
[  344.467663][   T38]  __schedule+0x16f3/0x4c20
[  344.467728][   T38]  ? __pfx___schedule+0x10/0x10
[  344.467754][   T38]  ? rcu_read_unlock_special+0x35b/0x470
[  344.467785][   T38]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  344.467810][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.467862][   T38]  rt_mutex_schedule+0x77/0xf0
[  344.467883][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  344.467937][   T38]  ? rt_mutex_slowlock_block+0x351/0x6d0
[  344.467968][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  344.467997][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  344.468024][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  344.468081][   T38]  ? blk_trace_remove+0x20/0x40
[  344.468106][   T38]  mutex_lock_nested+0x16a/0x1d0
[  344.468129][   T38]  ? __lock_acquire+0xab9/0xd20
[  344.468162][   T38]  blk_trace_remove+0x20/0x40
[  344.468188][   T38]  sg_ioctl+0x47e/0x21f0
[  344.468226][   T38]  ? __pfx_sg_ioctl+0x10/0x10
[  344.468264][   T38]  ? __fget_files+0x2a/0x420
[  344.468293][   T38]  ? __fget_files+0x3a6/0x420
[  344.468320][   T38]  ? __fget_files+0x2a/0x420
[  344.468353][   T38]  ? bpf_lsm_file_ioctl+0x9/0x20
[  344.468376][   T38]  ? __pfx_sg_ioctl+0x10/0x10
[  344.468402][   T38]  __se_sys_ioctl+0xff/0x170
[  344.468429][   T38]  do_syscall_64+0xfa/0x3b0
[  344.468446][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.468475][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.468506][   T38]  ? clear_bhb_loop+0x60/0xb0
[  344.468540][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.468566][   T38] RIP: 0033:0x7f8f9631eec9
[  344.468592][   T38] RSP: 002b:00007f8f93cf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  344.468614][   T38] RAX: ffffffffffffffda RBX: 00007f8f96576360 RCX: 00007f8f9631eec9
[  344.468629][   T38] RDX: 0000000020000000 RSI: 0000000000001276 RDI: 0000000000000007
[  344.468643][   T38] RBP: 00007f8f963a1f91 R08: 0000000000000000 R09: 0000000000000000
[  344.468656][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  344.468669][   T38] R13: 00007f8f965763f8 R14: 00007f8f96576360 R15: 00007fff989c6448
[  344.468704][   T38]  </TASK>
[  344.468730][   T38] 
[  344.468730][   T38] Showing all locks held in the system:
[  344.468742][   T38] 1 lock held by khungtaskd/38:
[  344.468753][   T38]  #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  344.468825][   T38] 4 locks held by kworker/u8:11/3591:
[  344.468838][   T38] 2 locks held by crond/5579:
[  344.468849][   T38] 2 locks held by getty/5592:
[  344.468860][   T38]  #0: ffff88823bf720a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  344.468918][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410
[  344.468984][   T38] 3 locks held by syz.1.119/6419:
[  344.468995][   T38] 1 lock held by syz.1.119/6421:
[  344.469006][   T38]  #0: ffff888143b329d8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40
[  344.469058][   T38] 5 locks held by udevd/6945:
[  344.469068][   T38]  #0: ffff888045dff588 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x19f/0x3d0
[  344.469115][   T38]  #1: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: ___pte_offset_map+0x29/0x200
[  344.469167][   T38]  #2: ffff88803bf5fa18 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x13e/0x210
[  344.469226][   T38]  #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  344.469276][   T38]  #4: ffff8880b8933490 ((lock)#2){+.+.}-{3:3}, at: __folio_batch_add_and_move+0xf3/0x4b0
[  344.469341][   T38] 1 lock held by udevd/6951:
[  344.469354][   T38] 3 locks held by kworker/u8:44/7156:
[  344.469365][   T38] 3 locks held by kworker/1:8/7168:
[  344.469376][   T38] 1 lock held by syz-executor/7180:
[  344.469386][   T38]  #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  344.469439][   T38] 2 locks held by syz-executor/7261:
[  344.469450][   T38]  #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  344.469503][   T38]  #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  344.469558][   T38] 1 lock held by syz.3.306/7280:
[  344.469568][   T38]  #0: ffff88803630f2d0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x214/0x4d0
[  344.469620][   T38] 3 locks held by syz.3.306/7284:
[  344.469631][   T38] 2 locks held by syz.0.307/7283:
[  344.469643][   T38]  #0: ffff888032d318d0 (&mm->mmap_lock){++++}-{4:4}, at: __mm_populate+0x16f/0x380
[  344.469692][   T38]  #1: ffff8880b8933490 ((lock)#2){+.+.}-{3:3}, at: __folio_batch_add_and_move+0xf3/0x4b0
[  344.469753][   T38] 5 locks held by syz.2.308/7285:
[  344.469764][   T38]  #0: ffff8880353266c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x19f/0x3d0
[  344.469810][   T38]  #1: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: ___pte_offset_map+0x29/0x200
[  344.469862][   T38]  #2: ffff88803c422298 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x13e/0x210
[  344.469920][   T38]  #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  344.469977][   T38]  #4: ffff8880b8933490 ((lock)#2){+.+.}-{3:3}, at: __folio_batch_add_and_move+0xf3/0x4b0
[  344.470038][   T38] 
[  344.470043][   T38] =============================================
[  344.470043][   T38] 
[  344.470052][   T38] NMI backtrace for cpu 1
[  344.470067][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.470089][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  344.470100][   T38] Call Trace:
[  344.470108][   T38]  <TASK>
[  344.470116][   T38]  dump_stack_lvl+0x189/0x250
[  344.470150][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.470179][   T38]  ? __pfx__printk+0x10/0x10
[  344.470216][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  344.470246][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  344.470275][   T38]  ? __pfx__printk+0x10/0x10
[  344.470302][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  344.470330][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  344.470361][   T38]  watchdog+0xf93/0xfe0
[  344.470391][   T38]  ? watchdog+0x1de/0xfe0
[  344.470423][   T38]  kthread+0x70e/0x8a0
[  344.470455][   T38]  ? __pfx_watchdog+0x10/0x10
[  344.470480][   T38]  ? __pfx_kthread+0x10/0x10
[  344.470515][   T38]  ? __pfx_kthread+0x10/0x10
[  344.470545][   T38]  ret_from_fork+0x436/0x7d0
[  344.470574][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  344.470606][   T38]  ? __switch_to_asm+0x39/0x70
[  344.470623][   T38]  ? __switch_to_asm+0x33/0x70
[  344.470640][   T38]  ? __pfx_kthread+0x10/0x10
[  344.470671][   T38]  ret_from_fork_asm+0x1a/0x30
[  344.470707][   T38]  </TASK>
[  344.470714][   T38] Sending NMI from CPU 1 to CPUs 0:
[  344.470743][    C0] NMI backtrace for cpu 0
[  344.470757][    C0] CPU: 0 UID: 0 PID: 7156 Comm: kworker/u8:44 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.470775][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  344.470785][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  344.470809][    C0] RIP: 0010:unwind_next_frame+0x63a/0x2390
[  344.470833][    C0] Code: 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 eb ed aa 00 48 8b 3b 48 85 ff 0f 84 5b 10 00 00 48 83 c7 10 e9 73 01 00 00 <83> fb 04 0f 84 7b 01 00 00 83 fb 05 0f 85 36 0c 00 00 48 8b 44 24
[  344.470845][    C0] RSP: 0018:ffffc90004257198 EFLAGS: 00000202
[  344.470859][    C0] RAX: ffffc900042572fd RBX: 0000000000000005 RCX: ffffffff8f304994
[  344.470870][    C0] RDX: ffffffff8fa68e98 RSI: ffffffff8fa68e9c RDI: ffffffff8b621620
[  344.470881][    C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffffff8172c165
[  344.470892][    C0] R10: ffffc900042572c8 R11: fffff5200084ae65 R12: ffffffff8fa68e9d
[  344.470903][    C0] R13: ffffc90004257318 R14: ffffc900042572c8 R15: ffffc90004257300
[  344.470914][    C0] FS:  0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000
[  344.470927][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  344.470939][    C0] CR2: 00007fbb15e6287f CR3: 00000001c2fe2000 CR4: 00000000003526f0
[  344.470955][    C0] Call Trace:
[  344.470961][    C0]  <TASK>
[  344.470971][    C0]  ? unwind_next_frame+0xa5/0x2390
[  344.470992][    C0]  ? __unwind_start+0xf8/0x760
[  344.471016][    C0]  __unwind_start+0x5b9/0x760
[  344.471038][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  344.471056][    C0]  arch_stack_walk+0xe4/0x150
[  344.471080][    C0]  ? __unwind_start+0xf8/0x760
[  344.471102][    C0]  stack_trace_save+0x9c/0xe0
[  344.471118][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  344.471138][    C0]  ? __lock_acquire+0xab9/0xd20
[  344.471158][    C0]  kasan_save_track+0x3e/0x80
[  344.471201][    C0]  kasan_save_free_info+0x46/0x50
[  344.471216][    C0]  __kasan_slab_free+0x5b/0x80
[  344.471233][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x11ef/0x2ae0
[  344.471252][    C0]  kfree+0x195/0x550
[  344.471273][    C0]  ieee80211_ibss_rx_queued_mgmt+0x11ef/0x2ae0
[  344.471300][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  344.471322][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xf93/0x2ae0
[  344.471341][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  344.471359][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  344.471385][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  344.471410][    C0]  ? __lock_acquire+0xab9/0xd20
[  344.471430][    C0]  ? rt_mutex_slowunlock+0x493/0x8a0
[  344.471451][    C0]  ? migrate_enable+0x29c/0x3c0
[  344.471469][    C0]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  344.471497][    C0]  ieee80211_iface_work+0x85f/0x12d0
[  344.471523][    C0]  cfg80211_wiphy_work+0x2bb/0x470
[  344.471544][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  344.471564][    C0]  process_scheduled_works+0xade/0x17b0
[  344.471595][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  344.471622][    C0]  worker_thread+0x8a0/0xda0
[  344.471642][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  344.471668][    C0]  ? __kthread_parkme+0x7b/0x200
[  344.471704][    C0]  kthread+0x70e/0x8a0
[  344.471727][    C0]  ? __pfx_worker_thread+0x10/0x10
[  344.471746][    C0]  ? __pfx_kthread+0x10/0x10
[  344.471770][    C0]  ? __pfx_kthread+0x10/0x10
[  344.471792][    C0]  ret_from_fork+0x436/0x7d0
[  344.471812][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  344.471833][    C0]  ? __switch_to_asm+0x39/0x70
[  344.471847][    C0]  ? __switch_to_asm+0x33/0x70
[  344.471861][    C0]  ? __pfx_kthread+0x10/0x10
[  344.471883][    C0]  ret_from_fork_asm+0x1a/0x30
[  344.471905][    C0]  </TASK>
[  344.472740][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  344.472754][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.472775][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  344.472786][   T38] Call Trace:
[  344.472794][   T38]  <TASK>
[  344.472802][   T38]  dump_stack_lvl+0x99/0x250
[  344.472832][   T38]  ? __asan_memcpy+0x40/0x70
[  344.472854][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.472882][   T38]  ? __pfx__printk+0x10/0x10
[  344.472919][   T38]  vpanic+0x281/0x750
[  344.472968][   T38]  ? __pfx_vpanic+0x10/0x10
[  344.472994][   T38]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  344.473015][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.473055][   T38]  panic+0xb9/0xc0
[  344.473090][   T38]  ? __pfx_panic+0x10/0x10
[  344.473123][   T38]  ? irq_work_queue+0xc3/0x140
[  344.473153][   T38]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[  344.473183][   T38]  watchdog+0xfd2/0xfe0
[  344.473214][   T38]  ? watchdog+0x1de/0xfe0
[  344.473250][   T38]  kthread+0x70e/0x8a0
[  344.473283][   T38]  ? __pfx_watchdog+0x10/0x10
[  344.473307][   T38]  ? __pfx_kthread+0x10/0x10
[  344.473342][   T38]  ? __pfx_kthread+0x10/0x10
[  344.473371][   T38]  ret_from_fork+0x436/0x7d0
[  344.473407][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  344.473438][   T38]  ? __switch_to_asm+0x39/0x70
[  344.473455][   T38]  ? __switch_to_asm+0x33/0x70
[  344.473470][   T38]  ? __pfx_kthread+0x10/0x10
[  344.473500][   T38]  ret_from_fork_asm+0x1a/0x30
[  344.473543][   T38]  </TASK>
[  344.473904][   T38] Kernel Offset: disabled